Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Microsoft Makes Wind ...

 Cybersecurity News

Microsoft is making changes to its planned Windows Recall feature in response to growing criticism over the lack of privacy and cybersecurity controls of the AI screen recording feature. The Recall concerns began with the work of security researcher Kevin Beaumont, first reported by The Cyber Express, and grew to   show more ...

include tools and demonstrations of how easy it would be to hack Recall’s corresponding database of screenshotted user activity. Recall, planned for Copilot+ PCs starting June 18, would have taken frequent screenshots of user activity with inadequate security controls and would have been turned on by default, raising concerns about the ability of hackers, domestic abusers and other malicious actors to access a trove of personal and financial data with ease. Microsoft Announces Windows Recall Opt-in, Authentication, Encryption In a blog post today, Pavan Davuluri, Microsoft’s Corporate Vice President of Windows + Devices, said the company has heard those concerns. “Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards,” Davuluri wrote. “With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.” The first change is to update the set-up experience of Copilot+ PCs “to give people a clearer choice to opt-in to saving snapshots using Recall,” Davuluri wrote. “If you don’t proactively choose to turn it on, it will be off by default.” He provided a screenshot of what that opt-in screen will look like: [caption id="attachment_75793" align="alignnone" width="750"] Windows Recall opt-in screen (source: Microsoft)[/caption] Enrollment in Windows Hello authentication will be required to enable Recall, he said, and “proof of presence is also required to view your timeline and search in Recall.” Davuluri said Microsoft is also “adding additional layers of data protection including ‘just in time’ decryption protected by Windows Hello Enhanced Sign-in Security (ESS) so Recall snapshots will only be decrypted and accessible when the user authenticates. In addition, we encrypted the search index database.” “This gives an additional layer of protection to Recall data in addition to other default enabled Window Security features like SmartScreen and Defender which use advanced AI techniques to help prevent malware from accessing data like Recall,” he added. Beaumont Skeptical of Planned Recall Changes In a Mastodon post, Beaumont said he’ll be skeptical of Microsoft’s planned changes until he sees the shipped product and can test it out. “Obviously, I recommend you do not enable Recall, and you tell your family not to enable it too,” Beaumont said. “It’s still labelled Preview, and I’ll believe it is encrypted when I see it. There are obviously serious governance and security failures at Microsoft around how this played out that need to be investigated, and suggests they are not serious about AI safety.”

image for Guardian Analytics a ...

 Firewall Daily

Guardian Analytics Inc. and Webster Bank N.A. have agreed to pay over $1.4 million to resolve claims stemming from a data breach in 2022. The Guardian Analytics and Webster Bank data breach compromised the personal information of approximately 192,000 individuals, leading to allegations of inadequate protection of   show more ...

sensitive customer data. The settlement, which received final approval in federal court, addresses grievances brought forward in a consolidated class action lawsuit. Plaintiffs contended that both Guardian Analytics, a provider of data analytics services to financial institutions, and Webster Bank, failed to implement sufficient measures to safeguard sensitive customer information, including names, Social Security numbers, and financial account details. Going Back to Guardian Analytics and Webster Bank Data Breach During the Guardian Analytics data breach, unauthorized individuals gained access to Guardian's network systems between November 27, 2022, and January 26, 2023, obtaining the personally identifiable information (PII) of plaintiffs and class members. This data breach left affected individuals vulnerable to identity theft and other forms of fraud. The plaintiffs alleged that the defendants, Guardian Analytics and Webster Bank, breached their duty to implement and maintain adequate security measures, thereby allowing the breach to occur. As a result, plaintiffs and class members suffered various damages, including a significant risk of identity theft, loss of confidentiality of their PII, and financial losses due to inadequate data security measures. The $1.4 Million Data Breach Lawsuit The Guardian Analytics and Webster Bank data breach settlement agreement includes provisions to reimburse affected individuals for monetary losses, covering up to $5,000 for direct financial losses and up to $250 for ordinary losses. Additionally, the agreement compensates for four hours of lost time incurred by plaintiffs dealing with the aftermath of the breach. Individual plaintiffs, including Mark S. Holden, Richard Andisio, Edward Marshall, Ann Marie Marshall, Arthur Christiani, Johnielle Dwyer, Pawel Krzykowski, and Mariola Krzynowek, represented the class action lawsuit. Each plaintiff cited damages suffered as a result of the breach, ranging from financial losses to significant time spent rectifying the situation and monitoring accounts for fraudulent activity. The settlement serves as a reminder of the importance of robust data security measures in an era where cyber threats are increasingly prevalent. Both Guardian Analytics and Webster Bank have emphasized their commitment to enhancing security protocols to prevent similar incidents in the future. The legal proceedings shed light on the grave consequences of data breaches, including prolonged periods of identity theft resolution and financial instability for affected individuals. As technology continues to evolve, businesses must prioritize cybersecurity to protect customer data and maintain trust in an increasingly digital world.

image for University of Arkans ...

 Cybersecurity News

The University of Arkansas is spearheading a new collaborative effort with researchers and industry partners to address the rising risks and challenges associated with the deployment of solar systems. Historically, little attention has been paid to the risks within solar systems, as they weren't commonly deployed   show more ...

and most solar inverters were not connected to wider networks. However, the potential risks grow as more solar panels are installed and inverters become more advanced. Solar inverters act as the bridging interface between solar panels and the grid, with newer models allowing for monitoring and control. Solar inverters that are not updated or secure enough could potentially be intercepted and manipulated by attackers, allowing them to embed malicious code that could spread into the larger power system. University of Arkansas Solar Inverter Cybersecurity Initiative The new project led by the University of Arkansas is funded by the U.S. Department of Energy's Solar Energy Technologies Office (SETO) and aims to strengthen the cybersecurity measures of solar inverters. Solar inverters are used to convert direct current (DC) generated from solar panels into alternating current (AC) that can be used in households and within the energy grid. This effort involves collaboration among multiple universities, laboratories, and industry partners to develop custom-designed controls infused with multiple layers of cybersecurity protocols. [caption id="attachment_75768" align="alignnone" width="800"] Source: news.uark.edu[/caption] Researchers from these groups dismantled conventional commercial solar inverters, stripping away existing controls and technology. They then integrated work from different partners while implementing custom-designed controls designed with multiple additional layers of cybersecurity protocols. The University of Arkansas group then took to solar farms in order to subject these modified inverters to real-world conditions to test them and demonstrate the practicality of their cybersecurity measures. The collaborative partners for this project include the University of Georgia, Texas A&M Kingsville, University of Illinois Chicago, Argonne National Laboratory, National Renewable Energy Laboratory, General Electric Research, Ozarks Electric, and Today's Power Inc. The collaborative efforts from these groups is a further step to fortifying not only the cybersecurity resilience of solar inverters but also to secure the broader landscape of renewable energy technologies. Securing Renewable Energy and Electric Grids As electric grids become increasingly digitized and connected, securing these grids becomes a top priority for the U.S. Department of Energy (DOE). The department has stated that while some cyberattacks target information technology (IT) systems, attacks on operating technology (OT) devices such as solar photovoltaic inverters could have potential physical impact, such as loss of power and creation of fires. The department cited an incident in March 2019 in which hackers managed to breach through a utility’s web portal firewall. The attack caused random interruptions to the visibility of segments of the grid from its operators for a period of 10 hours. The DOE's Solar Energy Technologies Office (SETO) is working to ensure that the electric grid is secure and capable of integrating more solar power systems and other distributed energy resources. The agency developed a roadmap for Photovoltaic Cybersecurity, supports ongoing efforts in Distributed Energy Resources (DER) cybersecurity standards, and participates in the Office of Energy Efficiency and Renewable Energy's Cybersecurity Multiyear Program Plan, along with the Department of Energy's broader cybersecurity research activities. The Solar Energy Technologies Office has recommended the use of dynamic survival strategy based on defense-in-depth measures that functional as additional layers of security to secure individual components as well as entire systems. These layers include installing anti-virus software on DER systems (solar inverters and battery controllers) and maintaining virus protection and detection mechanisms on the firewalls and servers integrating these individual systems to the broader system of grid operation. The Office admits that implementation of this strategy into DER technologies can be complex, with different owners, operators, and systems typically involved, but maintains the strategy's importance in reducing potential cyberattacks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Vermin Hackers Resur ...

 Cybersecurity News

Ukrainian cyber defenders uncovered the resurgence of Vermin hackers after a two-year hiatus. The hacker group is targeting the country’s defense forces with spear-phishing emails that infect their systems with SPECTR malware, which acts as a remote access trojan (RAT). The Computer Emergency Response Team of   show more ...

Ukraine (CERT-UA) in collaboration with the Cybersecurity Center of the Armed Forces of Ukraine detected and investigated a spear-phishing campaign targeting the Ukrainian Defense Forces. The campaign was orchestrated by the Vermin hacker group, which CERT-UA tracks as UAC-0020. This cyber campaign, marking the return of the Vermin group after a prolonged absence, has been named “SickSync” for easier identification and reference. Ukraine attributes the Vermin hackers to the law enforcement agencies in the occupied Luhansk region. CERT-UA has earlier claimed that the server equipment of the Vermin group has been hosted at the technical site of a Luhansk cloud hosting provider vServerCo (AS58271) for many years. Palo Alto’s Unit 42 had tracked a similar campaign of the Vermin hackers in 2018 targeting Ukrainians with phishing lures related to the Ukrainian Ministry of Defense. Vermin Hackers’ Latest Campaign Details The latest attack that involves the use of SPECTR malware marks Vermin's first significant activity since March 2022. SPECTR, a malware known since at least 2018, was used extensively in the current campaign aimed at the Ukrainian defense forces. The attackers leveraged the legitimate Syncthing software’s synchronization functionality to download stolen documents, files, passwords and other sensitive information from compromised computers. Syncthing supports peer-to-peer connections, meaning it can sync files between devices on a local network or between remote devices over the Internet. It is a free and open-source synchronization application that supports Windows, macOS, Linux, Android, Solaris, Darwin and BSD operating systems. The Vermin hackers exploited this legitimate software for data exfiltration, the CERT-UA said. Ukrainian cyber defenders last month reported that Russian hackers were employing a similar tactic of using legitimate remote monitoring software to spy on Ukraine and and its allies. Vermin Attack Vectors The attack was initiated via a spear-phishing email containing a password-protected archive file named “turrel.fop.vovchok.rar.” This archive contained a RarSFX archive “turrel.fop.ovchok.sfx.rar.scr” with the following contents: pdf: a decoy file. exe: an EXE installer created using InnoSetup (a free installer for Windows programs), containing both legitimate Syncthing components and SPECTR malware files. The “sync.exe” file was modified to change directory names, scheduled tasks, and disable user notifications, embedding the SPECTR malware within the SyncThing environment. bat: a BAT file for initial execution. RarSFX is a temporary installation files folder created by Bitdefender. It is used as Self Extracting Archives unpack site. SPECTR Malware Components SPECTR malware is loaded with the capabilities of a RAT and consists of the following modules: SpecMon: Calls “PluginLoader.dll” to execute DLL files containing the "IPlugin" class. Screengrabber: Takes screenshots every 10 seconds if certain program windows are detected (e.g., Word, Excel, Signal, WhatsApp). FileGrabber: Uses “robocopy.exe” to copy files with specific extensions (e.g., .pdf, .docx, .jpg) from user directories to %APPDATA%syncSlave_Sync. Usb: Copies files from USB media with certain extensions using “robocopy.exe.” Social: Steals authentication data from messengers like Telegram, Signal, and Skype. Browsers: Steals browser data including authentication and session data from Firefox, Edge, Chrome and other Chromium-based browsers. All this stolen information is stored in “%APPDATA%syncSlave_Sync” location and transferred to the attacker’s computer using Syncthing's synchronization functionality. [caption id="attachment_75531" align="alignnone" width="1024"] Example of an email and the contents of a malicious installer of Vermin hackers (Source: CERT-UA)[/caption] Network IoCs and Preventive Measures To identify potential misuse of Syncthing, the CERT-UA recommended monitoring interactions with the Syncthing infrastructure, specifically “*.syncthing.net” domains. Users are also requested to implement the following preventive measures for enhanced protection against Vermin hackers: Email Security: Implement robust email filtering and phishing protection to prevent malicious attachments from reaching end users. Endpoint Protection: Utilize advanced endpoint detection and response (EDR) solutions to detect and block malware execution. Network Monitoring: Monitor network traffic for unusual peer-to-peer connections, particularly involving Syncthing infrastructure. User Awareness: Conduct regular cybersecurity training for employees to recognize and report phishing attempts.

image for UAE Ministry of Educ ...

 Firewall Daily

On June 6, 2024, a cyberattack on UAE Ministry of Education's website was claimed by a dark web actor. The threat actor, called DarkStormTeam, is a hacktivist group that supports Palestine and is infamous for carrying out similar attacks. As per the threat actor's post, the UAE Ministry of Education website   show more ...

allegedly targeted in a Distributed Denial of Service (DDoS) attack. The UAE Ministry of Education cyberattack, which lasted for approximately three hours on their official website, allegedly caused disruptions in online services. The DarkStormTeam published a message outlining their plan to target important government services and Emirati infrastructure. This is because UAE's allegedly support Israel, in the ongoing cyberware. The cyberattack on the Ministry of Education's website is believed to be part of their bigger campaign against groups affiliated with countries that support Israel. The Cyber Express has reached out to the UAE Ministry of Education in an attempt to obtain more information about the cyberattack. However, at the time of writing this news report, no official response was received, leaving the claims unverified. Understanding UAE Ministry of Education Cyberattack The UAE Ministry of Education is a crucial federal government organization that oversees all matters pertaining to education within the country. The Ministry is crucial to the growth and management of the UAE's educational system. It was established in accordance with Sheikh Zayed's Federal Law No. of 1972. This is not an isolated incident; DarkStormTeam has been aggressively launching cyberattacks against a various governmental and commercial sector institutions worldwide. In March 2024, the group turned its attention to organizations, focusing on the US, Brazil, Denmark, Egypt, France, Israel, and the United Arab Emirates, among other countries. Although their precise intentions are still unknown, they might be anything from anti-Israel bigotry to political grievances. The Rise of DarkStormTeam Hacker Group It's worth noting that DarkStormTeam's activities often include promoting hacking services for hire, suggesting potential financial motivations alongside their ideological objectives. This blend of ideological and potentially profit-driven motives adds complexity to their operations and highlights the challenges in addressing cyber threats posed by hacktivist groups. This is an ongoing story and The Cyber Express will be closely monitoring the situation. TCE will update this post once it receive more information on the alleged UAE Ministry of Education cyberattack or any official confirmation from the ministry. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Patch Now! Center fo ...

 Firewall Daily

On March 20, 2024, Progress Software disclosed three vulnerabilities in its Telerik Report Server products. The vulnerabilities were identified as CVE-2024-1800, CVE-2024-1801, and CVE-2024-1856. Another Progress Telerik Report Server vulnerability (CVE-2024-4358), disclosed on May 31, 2024, could potentially allow   show more ...

attackers to execute code on systems that have the affected Progress Telerik software versions installed. The Center for Cybersecurity Belgium issued a recent security advisory urging customers to patch these vulnerabilities. Progress Telerik Vulnerabilities Overview The CCB detailed all four vulnerabilities, associated risks and working exploits, and provided links that contain additional details about each vulnerability. Insecure Deserialization Vulnerabilities The first two vulnerabilities (CVE-2024-1801 and CVE-2024-1856) are insecure deserialization vulnerabilities in Progress Telerik Reporting. Attackers could exploit these vulnerabilities to run arbitrary code. An attacker with local access could potentially exploit CVE-2024-1801, while CVE-2024-1856 may be exploited remotely if specific web application misconfigurations are in place. Remote Code Execution Vulnerability The third vulnerability (CVE-2024-1800) is an insecure deserialization vulnerability in the Progress Telerik Report Server. Successfully exploitation of the vulnerability could allow for remote execution of arbitrary code on affected systems. Progress Telerik Report Server versions prior to 2024 Q1 (10.0.24.130) are vulnerable to this issue. Authentication Bypass Vulnerability An additional vulnerability, CVE-2024-4358, that was disclosed later affects the Telerik Report Server. This is an authentication bypass vulnerability that could allow an unauthenticated attacker to gain access to restricted functionality within the Progress Telerik Report Server. The issue affects Progress Telerik Report Server versions up to 2024 Q1 (10.0.24.305). Recommended Actions for Telerik Vulnerabilities The Centre for Cybersecurity Belgium strongly recommends applying, after thorough testing, the latest available software updates of Progress Telerik on vulnerable devices. Progress Telerik has explicitly stated that the only way to remediate the earlier three reported vulnerabilities was by updating to the latest available version (10.1.24.514). For the authentication bypass vulnerability (CVE-2024-4358), Progress Telerik has published a temporary mitigation. This mitigation involves applying a URL Rewrite rule in IIS to deny access to the vulnerable "startup/register" path. The Centre for Cybersecurity Belgium urges organizations to bolster their monitoring and detection capabilities to be alert for any malicious activities associated with these vulnerabilities. Organizations are further advised to check the list of users within the Progress Telerik Report Server to ensure that there is no addition of unauthorized accounts while responding quickly to detected intrusions. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Akira Ransomware Gro ...

 Cybersecurity News

The Akira ransomware group claims on its dark web leak site to have compromised data from Panasonic Australia. Shortly after that announcement, Singapore authorities issued an advisory advising affected companies to not heed the ransomware group's demands, in response to local law firm Shook Lin & Bok   show more ...

confirming that it had been struck by the group. Panasonic Australia is a regional subsidiary of Panasonic Holdings Corporation headquartered in Japan. It manufactures electronic equipment and devices such as cameras, home equipment, sound equipment, personal care devices, power tools, and air conditioning. The Akira ransomware group has previously targeted several high-profile organizations while netting millions in ransom payments from affected victims. Akira Ransomware Group Attack on Panasonic Australia The ransomware group alleged that it had exfiltrated sensitive project information and business agreements from the electronics manufacturer Panasonic Australia. No sample documents were posted to verify the authenticity of the breach claims. The potential impact of the breach on Panasonic Australia is unknown but could present a serious liability for the confidentiality of the company's stolen documents. Cyber Security Agency of Singapore Issues Advisory Singapore's Cyber Security Agency (CSA) along with the country's Personal Data Protection Commission (PDPC) issued an advisory to organizations instructing them to report Akira ransomware attacks to respective authorities rather than paying ransom demands. The advisory was released shortly after an Akira ransomware group attack on the Shook Lin & Bok law firm. While the firm still continued to operate as normal, it had reportedly paid a ransom of US$1.4 million in Bitcoin to the group. The Akira ransomware group had demanded a ransom of US$2 million from the law firm earlier, which was then negotiated down after a week, according to the SuspectFile article. The Cyber Security Agency of Singapore (CSA) stated that it was aware of the incident and offered assistance to the law firm. However, it cautioned against similar payments from other affected victims. "Paying the ransom does not guarantee that the data will be decrypted or that threat actors will not publish your data," the agency stated. "Furthermore, threat actors may see your organisation as a soft target and strike again in the future. This may also encourage them to continue their criminal activities and target more victims." The Singaporean authorities offered a number of recommendations to organizations: Enforce strong password policies with at least 12 characters, using a mix of upper and lower case letters, numbers, and special characters. Implement multi-factor authentication for all internet-facing services, such as VPNs and critical system accounts. Use reputable antivirus or anti-malware software to detect ransomware through real-time monitoring of system processes, network traffic, and file activity. Configure the software to block suspicious files, prevent unauthorized remote connections, and restrict access to sensitive files. Periodically scan systems and networks for vulnerabilities and apply the latest security patches promptly, especially for critical functions. Migrate from unsupported applications to newer alternatives. Segregate networks to control traffic flow between sub-networks to limit ransomware spread. Monitor logs for suspicious activities and carry out remediation measures as needed. Conduct routine backups following the 3-2-1 rule: keep three copies of backups, store them in two different media formats, and store one set off-site. Conduct incident response exercises and develop business continuity plans to improve readiness for ransomware attacks. Retain only essential data and minimize the collection of personal data to reduce the impact of data breaches. "Organisations should periodically scan their systems and networks for vulnerabilities and regularly update all operating systems, applications, and software by applying the latest security patches promptly, especially for functions critical to the business," the police, CSA and PDPC said in a joint statement. The criminal group had previously also come under the attention of various other governments and security agencies, with the FBI and CISA releasing a joint cybersecurity advisory as part of the #StopRansomware effort. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Massive Data Breach ...

 Cybersecurity News

A massive data breach has allegedly been reported in the Indian state of Tamil Nadu, where apparently data of over 600,000 migrant employees has been leaked on dark web. A thread actor, who identified himself as Pills, claimed to have allegedly leaked the data. In a post on June 4, 2024, on the popular hacking site   show more ...

BreachForums, the threat actor claimed to be selling the complete database of migrant workers in Tamil Nadu. Why Migrant Workers Flock to Tamil Nadu for Employment? Tamil Nadu is one of the most industrialized states in India and is the country’s major hub for automobile manufacturing, textiles, agritech, and electronics parts and equipment. Owing to huge demand for workers in these sectors, which offer better salaries and continuous employment, laborers from other states tend to migrate to Tamil Nadu. Though the exact number of migrant workers currently working in the State is unknown, the number of workers registered on the Labor Department’s portal as of March 2023 is 600,000. Portal to Track Migrant Workers in Tamil Nadu Allegedly Hacked To keep track of the influx of migrant workers into the state and to ensure that they are provided with proper facilities, the Tamil Nadu Government launched a portal, http://labour.tn.gov.in/ism, in June 2023. Local entrepreneurs who employed these workers in shops, commercial establishments, hotels, restaurants, agriculture, schools, colleges, local bodies, and motor establishments were asked to create a login ID, submit details like a registration certificate, license number issued by the Labor Department, and fill in details about the migrant workers, such as their name, mobile number, date of birth, bank account details, address, and educational qualifications. [caption id="attachment_75460" align="alignnone" width="1920"] Source: Tamil Nadu Labor Department Website[/caption] Additionally, migrant workers in the construction sector were asked to furnish their employment certificate, age proof (to ensure no minors below the age of 18 were employed),  bank passbook, and documents for legal heir or nominee as a legal heir were to be submitted so that the kin of workers would be eligible for a claim of INR (Indian Rupees) 500,000 in case of death to the worker. Additionally, the workers were eligible for insurance coverage of up to INR 200,000. Decoding Tamil Nadu Migrant Workers Data Breach Thread Actor Pills on BreachForums has allegedly carried out a data breach on the above portal, which, at the time of writing this article, continues to remain inactive. According to the information posted by the threat actor, Pills is selling the full database of laborers, that includes a list of registered users and applications. The price quoted by the TA for selling the database is, however, not clear. A closer inspection on the sample data shared by the threat actor revealed that there are 2,356,430 rows of applications, 101,446 rows of contractors and 66,917 rows of registered users. The Tamil Nadu government officials are yet to react to this alleged data breach. The article would be updated based on further input. This is not the first time that a key website of the Tamil Nadu Government has been breached. In May 2024, miscreants hacked the Facial Recognition Software (FRS) portal of Tamil Nadu police.  The portal contained more than 60 lakh records of individuals, including pictures, names, FIR numbers, and details of police officers. It was being used by more than 46,000 people in the department across the state to identify and track suspects, missing people, and others through facial recognition. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for A Breach in Trust: H ...

 Firewall Daily

A threat actor has come forward, asserting responsibility for a significant breach in the security infrastructure of HopSkipDrive, a well-known rideshare service connecting families with reliable drivers. This HopSkipDrive data breach, allegedly occurring in June 2023, has led to the unauthorized access of sensitive   show more ...

data belonging to the company's drivers. According to the claims made by the hackers, HopSkipDrive's network and cloud infrastructure fell victim to this breach, resulting in the exposure of detailed personal information stored within its database. This compromised data reportedly includes a trove of 60,000 folders, each containing comprehensive details about individual users, ranging from driving licenses and insurance documents to vehicle inspection records and more. Decoding the HopSkipDrive Data Breach Claims The threat actor has purportedly made public a staggering 500GB of sensitive information, encompassing various personal identifiers such as first and last names, email addresses, Social Security Numbers (SSNs), home addresses, zip codes, and even countries of residence.  Additionally, the leaked data from this data leak HopSkipDriveallegedly includes source code snippets, including private admin panel information, alongside driving licenses, insurance particulars, vehicle inspection records, selfie photographs, and even criminal records. In a dark web post, the threat actor claimed responsibility, stating, "We disclose all HopSkipDrive data publicly. Indeed, in June 2023, we compromised the company's network and cloud infrastructure of HopSkipDrive." The HopSkipDrive data leak post further details the nature of the compromised data, providing evidence of the breach's magnitude and the extent of information exposed. HopSkipDrive Data Leak Investigation Efforts to verify these claims have been met with silence from HopSkipDrive, as the organization has yet to issue an official statement or response regarding the alleged data breach. Despite this lack of confirmation, the severity of the situation cannot be overstated, with the potential implications for affected drivers and their privacy remaining a cause for concern. Interestingly, despite the reported breach, the HopSkipDrive website appears to be operational, showing no immediate signs of an attack. This suggests that the threat actor may have gained access to the data without launching a visible front-end assault, such as a Distributed Denial of Service (DDoS) attack or website defacement. As the investigation into the HopSkipDrive data breach continues, the priority lies in addressing the security vulnerabilities that allowed such unauthorized access to occur. Additionally, affected individuals must remain vigilant and take necessary precautions to safeguard their personal information against potential misuse or exploitation in the aftermath of this breach. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged HopSkipDrive data leak or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for First Priority Resto ...

 Cybersecurity News

First Priority Restoration (FPR), a prominent company in the disaster restoration industry, has reportedly been targeted by a ransomware attack claimed by the Cactus Ransomware group. Headquartered in Odessa, Florida, First Priority Restoration has been a leader in disaster restoration for decades. The company   show more ...

provides comprehensive restoration services following natural and man-made disasters, ensuring swift recovery and mitigation of damage for affected properties. While the ransomware group has not disclosed the specific details of the compromised data, the alleged cyberattack on First Priority Restoration could have significant implications for the company and its clients if proven true. [caption id="attachment_75588" align="aligncenter" width="1024"] Source: X[/caption] What Will be The Implication of the FPR Cyberattack Ransomware attacks typically involve the encryption of critical data, rendering it inaccessible to the affected organization. The cybercriminals then demand a ransom, usually in a cryptocurrency, in exchange for the decryption key. Failure to pay the ransom often leads to the publication or destruction of the stolen data. In this case, the ransomware attack on FPR could lead to substantial operational disruptions, financial losses, reputational damage, and potential legal and regulatory repercussions. Critical data may become inaccessible, hindering the company's ability to provide timely disaster restoration services. Additionally, the exposure of sensitive client information could result in identity theft and fraud. However, upon accessing the official website, no signs of foul play were detected, and the website was fully functional. To verify the claim further, The Cyber Express Team (TCE) reached out to FPR officials. However, as of this writing, no response or statement has been received, leaving the Cactus Ransomware claim about the FPR cyberattack unverified. Cactus Ransomware Previous Cyberattacks Claims The Cactus Ransomware group is a notorious cybercriminal organization known for its complex and targeted ransomware campaigns. Previously, the group claimed responsibility for the cyberattack on Petersen Health Care, which compromised the company’s digital infrastructure and exposed sensitive information. Petersen Health Care subsequently filed for bankruptcy, burdened by a staggering $295 million in debt. Another example is the Schneider Electric data breach, where the Cactus group claimed to have stolen 1.5 TB of personal documents, confidential agreements, and non-disclosure agreements. Ransomware attacks have become increasingly predominant, with cybercriminals continuously evolving their tactics to exploit vulnerabilities in organizations. In the first quarter of 2024 alone, 1,075 ransomware victims were posted on leak sites, despite the disruption of major ransomware groups like LockBit and ALPHV/BlackCat, which accounted for 22% and 8% of the activity, respectively. As cybercriminals continue to refine their tactics, organizations must remain vigilant and proactive in safeguarding their data and operations. For First Priority Restoration, TCE is closely monitoring the situation and will provide updates as soon as a response is received regarding the alleged FPR cyberattack. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Three U.K. Nationals ...

 Cybersecurity News

The U.S. Attorney today announced charges against three UK nationals for their involvement in the “Evolved Apes” NFT fraud scheme. The United States Attorney for the Southern District of New York Damian Williams and James Smith, the Assistant Director of the New York Field Office of the FBI, announced the   show more ...

unsealing of an indictment charging three UK nationals: Mohamed-Amin Atcha, Mohamed Rilazh Waleedh, and Daood Hassan, with conspiracy to commit wire fraud and money laundering. “Evolved Apes” Rug Pull Scam The charges are in connection to their scheme of defrauding victims through the sale of non-fungible tokens (NFTs) from the “Evolved Apes” collection. According to the indictment, Atcha, Waleedh, and Hassan orchestrated a “rug pull” scam in the fall of 2021. In crypto vocabulary a rug pull is a type of exit scam in which developers first raise money from investors through the sale of tokens or NFTs and then abruptly shut down the project vanishing away with the raised funds. Evolved Apes was a collection of 10,000 unique NFTs. They advertised the NFT project in a way where the funds raised would be used to develop a related video game that would in turn increase the NFTs' value. The promised video game never materialized as the anonymous developer "Evil Ape" vanished a week after its launch, siphoning 798 ether [approximately $3 million at today's market price and $2.7 million at the time] from the project's funds. The trio then laundered the misappropriated funds through multiple cryptocurrency transactions to their personal accounts, the indictment said. “As alleged, the defendants ran a scam to drive up the price of digital artwork through false promises about developing a video game. They allegedly took investor funds, never developed the game, and pocketed the proceeds. Digital art may be new, but old rules still apply: making false promises for money is illegal.” - Williams Williams said thousands of people were tricked into believing in their false promises and thus bought these NFTs. But "NFT fraud is no game, and those responsible will be held accountable,” he stated. FBI Assistant Director James Smith called out the trio for "ghosting customers" and perpetrating the NFT scam "out of a selfish desire for a quick profit.” "[This] not only reflects poor business integrity, it also violates the implicit trust buyers place in sellers when purchasing a product, no matter if that product is in a store or stored on a blockchain." - Smith Atcha, Waleedh, and Hassan, all aged 23, are charged conspiracy to commit wire fraud and money laundering, both of which carries a maximum sentence of 20 years in prison. The actual sentences will be determined by a judge based on the U.S. Sentencing Guidelines and other statutory factors. Rug Pulls and their Murky History Rug pulls and cryptocurrency scams have reportedly cost people $27 billion till date. Total number of such incidents stands at 861 with the largest rug pull so far being that of OneCoin which was costed $4 billion in stolen funds. OneCoin, at its peak, was thought to have more than 3 million active members from across the globe. To date it is believed to be the most “successful” crypto scam as search continues for its perpetrator the “Cryptoqueen” Ruja Ignatova. She was added to the FBI’s ‘Ten Most Wanted Fugitive List’ in July 2022 - where she remains today. The Missing Cryptoqueen was reported dead in unconfirmed reports but an investigation from the BBC team, whose results were published last week, said the investigating team received details on Ignatova’s various sightings and whereabout tip-offs even after her alleged murder took place. She allegedly has links with the Bulgarian underworld, whom she also entrusts with keeping her physically safe.

image for Researchers Urge Imm ...

 Firewall Daily

The CyRC Vulnerability Advisory has reported a critical security flaw in EmailGPT, an AI-powered email writing assistant and Google Chrome extension that streamlines your email correspondence using advanced AI technology. This EmailGPT vulnerability (CVE-2024-5184), known as prompt injection, enables malicious actors   show more ...

to manipulate the service, potentially leading to the compromise of sensitive data. The core of this vulnerability in EmailGPT is the exploitation of API service, which allows malicious users to inject direct prompts, thereby gaining control over the service's logic.  Understanding the New EmailGPT Vulnerability (CVE-2024-5184) [caption id="attachment_75572" align="alignnone" width="1920"] Source: GitHub[/caption] By coercing the AI service, attackers can force the leakage of standard system prompts or execute unauthorized prompts, paving the way for various forms of exploitation. The implications of this EmailGPT vulnerability are profound.  By submitting a malicious prompt, individuals with access to the service can extract sensitive information, initiate spam campaigns using compromised accounts, or fabricate misleading email content, contributing to disinformation campaigns. Beyond data breaches, exploiting this vulnerability could result in denial-of-service attacks and direct financial losses through repeated requests to the AI provider's API. “When engaging with EmailGPT by submitting a malicious prompt that requests harmful information, the system will respond by providing the requested data. This vulnerability can be exploited by any individual with access to the service”, reads the CyRC Vulnerability Advisory. CyRC Advises Users to Remove EmailGPT With a CVSS score of 6.5 (Medium), the severity of this vulnerability highlights the urgency of remedial action. Despite the efforts of CyRC to engage with EmailGPT developers through responsible disclosure practices, no response has been received within the stipulated 90-day timeline. Consequently, the “CyRC recommends removing the applications from networks immediately”. As users navigate this security challenge, staying informed about updates and patches will be paramount to ensuring continued secure service use. Given the evolving landscape of AI technology, maintaining vigilance and implementing robust security practices are imperative to thwart potential threats. The EmailGPT vulnerability, CVE-2024-5184, serves as a stark reminder of the critical importance of prioritizing security in AI-powered tools. By heeding the recommendations of the CyRC and taking proactive measures to mitigate risks, users can safeguard their data and uphold the integrity of their digital communication systems.

image for Blockchain Tech Firm ...

 Cybersecurity News

A threat actor (TA) has posted databases belonging to two prominent companies utilizing blockchain technology, The DFINITY Foundation and Cryptonary, on the Russian-language forum Exploit. The databases, if genuine, contain sensitive information of hundreds of thousands of users, allegedly exposing them to significant   show more ...

security risks. The threat actor's post on Exploit detailed the alleged data breaches at DFINITY and Cryptonary. Details of Alleged Data Breaches at DFINITY and Cryptonary For The DFINITY Foundation, the threat actor claimed to have over 246,000 user records with information fields including: Email Address First Name Last Name Birthday Member Rating Opt-in Time and IP Confirm Time and IP Latitude and Longitude Timezone, GMT offset, DST offset Country Code, Region Last Changed Date Leid, EUID Notes For Cryptonary, the post advertised 103,000 user records containing: Email First Name Last Name Organization Title Phone Number Address City, State/Region, Country, Zip Code Historic Number of Orders Average Order Value User Topics The prices quoted for these datasets were $9,500 for DFINITY's data and $3,500 for Cryptonary's data. The DFINITY Foundation is a Swiss-based not-for-profit organization known for its innovative approach to blockchain technology. It operates a web-speed, internet-scale public platform that enables smart contracts to serve interactive web content directly into browsers. This platform supports the development of decentralized applications (dapps), decentralized finance (DeFi) projects, open internet services, and enterprise systems capable of operating at hyper-scale. On the other hand, Cryptonary is a leading platform in the crypto tools and research space. It provides essential insights and analysis to help users navigate the complexities of the cryptocurrency market and capitalize on emerging opportunities. When The Cyber Express Team accessed the official website of The DFINITY Foundation, they found a message warning visitors about phishing scams on third-party job boards. The message read: “Recently, we've seen a marked increase in phishing scams on third-party job boards — where an individual impersonating a DFINITY team member persuades job-seekers to send confidential information and/or payment. As good practice, please continue to be vigilant regarding fraudulent messages or fake accounts impersonating DFINITY employees. If you need to confirm the legitimacy of a position, please reach out to recruiting@dfinity.org.” [caption id="attachment_75612" align="aligncenter" width="1024"] Source: Offical Website of The DFINITY Foundation[/caption] While this message serves as a caution regarding phishing scams, it is unclear whether it hints at a broader security issue or is merely a general warning. The DFINITY website and the Cryptonary website both appeared fully functional with no evident signs of compromise. The Cyber Express Team reached out to the officials of both companies for verification of the breach claims. However, as of the time of writing, no official response had been received, leaving the authenticity of the threat actor's claims unverified. Now whether this message is a hint that they are being attacked by a criminal or it's just a caution message, we can come to the conclusion they release any official statement regarding the same. Implication of Cyberattack on Blockchain Technology However, if the claims of the data breaches are proven true, the implications could be far-reaching for both The DFINITY Foundation and Cryptonary. The exposure of sensitive user data could lead to: Identity Theft and Fraud: Users whose personal information has been compromised could become victims of identity theft and fraud, leading to financial and personal repercussions. Reputational Damage: Both companies could suffer significant reputational harm. Trust is a critical component in the blockchain and cryptocurrency sectors, and a data breach could erode user confidence in their platforms. Legal and Regulatory Consequences: Depending on the jurisdictions affected, both companies might face legal actions and regulatory fines for failing to protect user data adequately. Operational Disruptions: Addressing the breach and enhancing security measures could divert resources and attention from other business operations, impacting overall performance and growth. While the claims remain unverified, the potential consequences highlight the importance of vigilance and proactive security strategies. The Cyber Express Team will continue to monitor the situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Corse GSM Data Breac ...

 Cybersecurity News

A major French telecommunications company, Corse GSM, has allegedly been hit by a massive data breach. It could have a potential impact on millions of its customers. The Corse GSM data breach claims was made by a threat actor, using the alias "ssh_xyz," on popular data hack site BreachForums. In the post, the   show more ...

threat actor claimed to have stolen a massive amount of data containing information on 200,000 users of the telecom company. The hacker claimed that the data was exfiltrated between May 3 and May 25, 2024. To support these claims, the TA included a sample of the data in JSON format, a common method for storing and transmitting data between servers and web applications. Exploring the Corse GSM Data Breach The threat actor provided a detailed sample dataset that provided a look into the kind of information that may have been compromised in the breach. The leaked data consists of: User Identification: This covers fields like ID and possibly other unique markers used by Corse GSM for tracking purposes. Personal Details: The breach reportedly involves customer information such as name, last name and phone number. Contact Info: It is said that hackers have also accessed customer email addresses. This raises concerns about targeted phishing attempts. Subscription Information: This may encompass subscription plans, internet packages, and other services subscribed to by customers of Corse GSM. Financial Information: The TA had shared details about the presence of fields like BIC (Business Identifier Code), IBAN (International Bank Account Number), and KYC (Know Your Customer) data. If the above information is true, then it could possibly leverage the risk of financial fraud or identity theft. Blacklist Status: If this data field is included in the leak, it might expose details of a customer who could be blacklisted by Corse GSM for reasons like missed payments or service violations. Corse GSM Hacker Claims Possession of Financial Details of Customers If the sample above seems like a precarious scenario for the privacy of customers, the hacker further alleged that the entire leaked database contains a much broader range of information, including: National Identity Card (CNI) Details: CNI or France’s National Identity Card details allegedly leaked by the threat actor could put citizens at huge security risk. The CNI contains fingerprint details, which is a major security breach if the corresponding data is compromised. SEPA Information: Single Euro Payments Area or SEPA data could include bank account details critical for financial transactions. The threat actor is seeking substantial sums for the database on the dark web, suggesting that the hacker believes the information holds significant value for malicious actors. Corse GSM Yet to React to Data Breach Claims Corse GSM has not reacted or issued any official statement regarding the alleged data breach. This article will be updated once the company responds to the allegations and takes action to prevent crucial data from being misused. Meanwhile, customers can take preventive steps like changing passwords and login credentials of accounts linked to Corse GSM. They should also be wary and not fall victim to phishing attempts. Fraudsters could use the leaked email addresses to send fraudulent links. They should also monitor their bank accounts linked to the subscription of Corse GSM mobile plans. They should also relay information of any suspicious activity to law enforcement authorities. The potential data breach at Corse GSM highlights the ever-present threat of cyberattacks and the importance of robust data security practices. Telecommunications companies handle a vast amount of sensitive customer information, making them prime targets for hackers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Security and privacy ...

 Privacy

Despite being owned by Meta — a company frequently criticized for privacy issues — WhatsApp remains the most popular instant messenger in the world. Surprisingly, its also one of the most secure. In this post, we discuss why this is the case, and explain how you can further fortify your WhatsApp conversations with   show more ...

the right privacy and security settings, as well as protect your smartphone with our security solutions. WhatsApp end-to-end encryption: always on The most important thing to know about WhatsApps security is that all communications are securely protected with end-to-end encryption. Its powered by the Signal Protocol, developed by the creators of the independent privacy-focused Signal messenger. This is an open protocol, so anyone (with the necessary know-how, of course) can scrutinize its source code for bugs and backdoors. What this means for you is that all text and voice messages (be they in one-on-one or group chats), along with images, videos, documents, and calls, are encrypted on the senders device and only decrypted on the recipients device. This ensures that even WhatsApp itself has no technical ability to snoop on your conversations. This also creates an impenetrable barrier for cybercriminals attempting to intercept messages, whether in transit or by compromising WhatsApps servers. The use of end-to-end encryption for all messages sets WhatsApp apart from Telegram. While Telegram touts its security features, end-to-end encryption isnt on the default. Its relegated to so-called secret chats, which must be specially created — and which, unfortunately, almost no one ever uses for various reasons. How to make communication on WhatsApp even safer So, weve covered what makes WhatsApp secure at the base level. Now, lets explore how you can bolster your defenses against surveillance, unauthorized access to your messages, and other threats to your privacy and security. This involves a bit of fine-tuning within WhatsApps settings. Lets get started… How to protect WhatsApp from being hijacked The first thing you should do is to fortify your WhatsApp account against hijacking. WhatsApp accounts are tethered to phone numbers. Therefore, if someone takes control of your number, they can also access your WhatsApp account. This could happen intentionally through a SIM swapping attack, or through an unfortunate consequence of number recycling: if you dont pay your phone bill on time, the operator could disconnect your number and reassign it to another subscriber. To protect against this threat, enable two-factor authentication for WhatsApp. Navigate to Settings -> Account -> Two-step verification and set a PIN code to confirm account logins. In addition, you can link an email address to your account. This provides a lifeline if you lose access to your phone number. You can enable this in Settings -> Account -> Email address. Beyond PIN codes, WhatsApp offers an alternative option for confirming account login: so-called passkeys. Weve dedicated a separate post to discussing what these are and how they work. To enable this option, go to Settings -> Account -> Passkeys. I also recommend making it a habit to audit the list of devices logged into your WhatsApp account. You can find this list in Settings -> Linked devices. If you spot any suspicious entries, play it safe and log out of that session by selecting the device and tapping Log out. How to protect your WhatsApp chats from prying eyes The next step is to ensure that your conversations remain private — even if your phone falls into the wrong hands. To do this, first and foremost, enable the screen lock in your phones settings. Dont forget to disable message previews in WhatsApp push notifications on the lock screen, so no one can read your secrets without unlocking your smartphone — this is done in the Notifications section of your smartphone settings. Its also a good idea to enable WhatsApps own app lock, in case you forget to lock your device. To do this, head to Settings -> Privacy, scroll down almost to the bottom, and locate App lock. I recommend choosing After 1 minute — this strikes a good balance between security and convenience. This way, if you switch from WhatsApp to another app, youll have one minute to return to your messages, after which youll need to unlock WhatsApp using your chosen method. However, keep in mind that if you leave your smartphone unattended with an open chat and the screen on, WhatsApp wont automatically lock until the screen times out. Another way to keep your confidential information away from prying eyes is to lock chats. Such chats disappear from your main chat list and reside in a separate folder. To hide a chat, tap the contacts profile picture, scroll down, and tap Lock chat. Situations may arise where you need to quickly get rid of locked chats and their contents. WhatsApp makes this easy to do with a single button: go to Settings -> Privacy -> Chat lock and tap Unlock and clear locked chats. To further protect your WhatsApp chats, you can use disappearing messages. There are two ways to use this function. First, you can set a timer for a specific chat. To do this, tap the contacts profile picture, scroll down to Disappearing messages, and select the desired duration. The second way is to set a default timer for all new chats. To do this, go to Settings -> Privacy -> Default message timer and set the interval after which messages will disappear. Additionally, WhatsApp lets you send photos, videos, and voice messages for one-time viewing (no more). This is easy to do: select the item you want to send, and before hitting send, tap the icon with the number one in the caption field. How to disable blue ticks in WhatsApp If you prefer to keep your message-reading habits under wraps, you can disable read receipts. To do this, go to Settings -> Privacy, scroll down, and toggle off the switch next to Read receipts. Bear in mind that this is a two-way street: if you disable read receipts, you too will stop seeing blue ticks in chats. Its also important to know that this feature doesnt apply to group chats, where people will still see read receipts.  Other privacy settings in WhatsApp The Settings -> Privacy section in WhatsApp holds a few more settings worth paying attention to. These determine who can access specific information about you. While there are no hard and fast rules — it all boils down to your personal circumstances and preferences — heres what I consider a balanced approach: Last seen & online -> Nobody. Profile photo -> Everyone. About -> Everyone. Groups -> My contacts. Status -> My contacts. Calls -> Silence unknown callers. If you use WhatsApps live location sharing feature, its a good idea to regularly review the list of chats where your location is visible. To do this, go to Settings -> Privacy -> Live location. Also, keep in mind that, by default, WhatsApp calls establish a direct connection between participants without involving WhatsApp servers. This helps achieve maximum sound quality, but also means that, in theory, your IP address can be traced. If this concerns you, navigate to Settings -> Privacy -> Advanced and toggle on Protect IP address in calls. How to verify the authenticity of someone on WhatsApp WhatsApp provides a way to confirm that you really are talking to the right person and that no one is eavesdropping on your conversation. Each chat has a unique security code, and you can check it with your chat partner verbally during a call or through a different communication channel. If the codes match, youre all good. To locate this code, tap your contacts profile picture in the chat, scroll down, and tap Encryption. Additionally, you can set up security notifications, which alert you whenever a security code in one of your chats changes. These notifications are disabled by default but can be activated in Settings -> Account -> Security notifications. How to create a secure backup of your WhatsApp chats or migrate chats to a new device WhatsApp allows you to back up your chats, and the backup is stored not on WhatsApps own servers, but in the Apple or Google cloud. To protect this backup against leaks, you can also use end-to-end encryption. To create a backup, go to Settings -> Chats -> Chat backup. Note here that encryption is off by default. To enable it, select End-to-end encrypted backup. The Settings -> Chats section also allows you to transfer your WhatsApp chats to another device without relying on Apple or Google cloud services. From an iPhone, you can transfer your chats to another iOS device or an Android device by selecting Transfer chats to iPhone or Move chats to Android, respectively. On Android, you can only transfer to another Android device — select Transfer chats. Dont forget to protect your devices using WhatsApp Remember that all your efforts to protect your WhatsApp chats could be completely wasted if someone gains access to one of your devices where the messenger is installed. This could be either physical access or remote access through spyware. Therefore, ensuring the security of these devices is a top priority: Enable screen lock and set a secure unlock method. Disable lock screen notifications. Use a reliable security solution on all your devices. And to set up privacy and security not only in WhatsApp, but also on social networks, and in online services and applications, use our free Privacy Checker service. Select the platform, application, and security level youre interested in, and get step-by-step, detailed recommendations.

 Feed

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals   show more ...

to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

 Feed

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

 Feed

Ubuntu Security Notice 6815-1 - Xiantong Hou discovered that AOM did not properly handle certain malformed media files. If an application using AOM opened a specially crafted file, a remote attacker could cause a denial of service, or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2024-3708-03 - Red Hat build of Apache Camel 3.20.6 for Spring Boot release and security update is now available. Issues addressed include denial of service and server-side request forgery vulnerabilities.

 Feed

The threat actor known as Commando Cat has been linked to an ongoing cryptojacking attack campaign that leverages poorly secured Docker instances to deploy cryptocurrency miners for financial gain. "The attackers used the cmd.cat/chattr docker image container that retrieves the payload from their own command-and-control (C&C) infrastructure," Trend Micro researchers Sunil Bharti and Shubham

 Feed

The U.S. Federal Bureau of Investigation (FBI) has disclosed that it's in possession of more than 7,000 decryption keys associated with the LockBit ransomware operation to help victims get their data back at no cost. "We are reaching out to known LockBit victims and encouraging anyone who suspects they were a victim to visit our Internet Crime Complaint Center at ic3.gov," FBI Cyber Division

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has warned of cyber attacks targeting defense forces in the country with a malware called SPECTR as part of an espionage campaign dubbed SickSync. The agency attributed the attacks to a threat actor it tracks under the moniker UAC-0020, which is also called Vermin and is assessed to be associated with security agencies of the Luhansk

 Feed

Traditional SCAs Are Broken: Did You Know You Are Missing Critical Pieces? Application Security professionals face enormous challenges securing their software supply chains, racing against time to beat the attacker to the mark.  Software Composition Analysis (SCA) tools have become a basic instrument in the application security arsenal in the last 7 years. Although essential, many platforms

 Feed

Google is urging third-party Android app developers to incorporate generative artificial intelligence (GenAI) features in a responsible manner. The new guidance from the search and advertising giant is an effort to combat problematic content, including sexual content and hate speech, created through such tools. To that end, apps that generate content using AI must ensure they don't create

 Feed

2023 was a year of unprecedented cyberattacks. Ransomware crippled businesses, DDoS attacks disrupted critical services, and data breaches exposed millions of sensitive records. The cost of these attacks? Astronomical. The damage to reputations? Irreparable. But here's the shocking truth: many of these attacks could have been prevented with basic cyber hygiene. Are you ready to transform your

 Feed

Cybersecurity researchers have disclosed that the LightSpy spyware allegedly targeting Apple iOS users is in fact a previously undocumented macOS variant of the implant. The findings come from both Huntress Labs and ThreatFabric, which separately analyzed the artifacts associated with the cross-platform malware framework that likely possesses capabilities to infect Android, iOS, Windows, macOS,

 Data loss

A 16-year-old youth has been arrested in France on suspicion of having run a malware-for-rent business. The unnamed Frenchman, who goes by online handles including "ChatNoir" and "Casquette", is said to be a key member of the Epsilon hacking group, which has in the recent past stolen millions of records from hackd firms. Read more in my article on the Hot for Security blog.

2024-06
Aggregator history
Friday, June 07
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust