By Srinivas Shekar, CEO and Co-Founder, Pantherun Technologies In the first quarter of 2024, the global threat landscape continued to present significant challenges across various sectors. According to an insight report by Accenture & World Economic Forum, professional services remained the primary target for show more ...
cyberattacks, accounting for 24% of cases; the manufacturing sector followed, with 13% of incidents, while financial services and healthcare sectors also faced substantial threats, with 9% and 8% of cases respectively. These statistics underscore the escalating complexity and frequency of cyberattacks, highlighting the urgent need for advanced cybersecurity measures. Traditional threat detection methods are increasingly inadequate, prompting a shift towards innovative solutions such as artificial intelligence (AI) to enhance threat detection, response, and data protection in real time. Understanding AI and Cybersecurity Anomalies Artificial intelligence has emerged as a powerful tool in cybersecurity, primarily due to its ability to identify and respond to anomalies. Research by Capgemini reveals that 69% of organizations believe AI is essential for detecting and responding to cybersecurity threats. AI-driven systems analyze data in real time, flagging unusual activities that might go unnoticed by conventional methods. This capability is vital as the volume of cyber threats continues to grow, with an estimated 15.4 million data records being compromised worldwide in the third quarter of 2022 alone. At its core, AI involves the use of algorithms and machine learning to analyze vast amounts of data and identify patterns. In the context of cybersecurity, AI can distinguish between normal and abnormal behavior within a network. These abnormalities, often referred to as anomalies, are critical in identifying potential security risks. For instance, AI can detect unusual login attempts, unexpected data transfers, or irregular user behaviors that might indicate a breach. The ability to spot these anomalies is crucial because many cyberattacks involve subtle and sophisticated methods that traditional security systems might miss. By continuously monitoring network activity and learning from each interaction, AI can provide a dynamic and proactive defense against threats, safeguarding both encrypted and unencrypted data. Using AI to Enhance Threat Detection Traditional threat detection methods rely heavily on predefined rules and signatures of known threats. While effective to some extent, these methods are often reactive, meaning they can only identify threats that have been previously encountered and documented. AI, on the other hand, enhances threat detection by leveraging its pattern recognition capabilities to identify anomalies more quickly and accurately. For example, AI can analyze network traffic in real time, learning what constitutes normal behavior and flagging anything that deviates from this baseline. This allows for the detection of zero-day attacks much faster than conventional methods. By doing so, AI reduces the time it takes to identify and respond to potential threats, significantly enhancing the overall security posture of an organization. AI-Powered Response Mechanisms Once a threat is detected, the speed and efficiency of the response are critical in minimizing damage. AI plays a pivotal role in automating response mechanisms, ensuring quicker and more effective actions are taken when a threat is recognized. Automated responses can include isolating affected systems, alerting security teams, and initiating countermeasures to neutralize the threat. Moreover, AI can assist in managing encryption keys and applying real-time data protection strategies. By incorporating AI and machine learning, encryption techniques become more adaptive and resilient, making it harder for attackers to decrypt sensitive information. These automated, AI-driven responses help contain threats swiftly, reducing the impact of security breaches. AI in Encryption and Data Protection The role of AI in encryption and data protection is particularly significant. AI can enhance encryption techniques by optimizing key generation and management processes. Traditional encryption methods often rely on static keys, which can be vulnerable to attacks if not managed properly. AI introduces dynamic key generation, creating unique and complex keys for each session, making it exponentially harder for attackers to crack. Additionally, AI can continuously monitor encrypted data for signs of tampering or unauthorized access. This proactive approach ensures data integrity and confidentiality, providing an extra layer of security that evolves alongside emerging threats. By leveraging AI in encryption, organizations can better protect their sensitive information and maintain trust with their customers and stakeholders. Understanding Challenges and Opportunities for the Future Despite its potential, integrating AI with cybersecurity is not without challenges. Privacy concerns, false positives, and ethical dilemmas are significant hurdles that need to be addressed. For instance, the vast amount of data required for AI to function effectively raises questions about user privacy and data protection. Additionally, AI systems can sometimes generate false positives, leading to unnecessary alerts and potentially desensitizing security teams to real threats. However, the opportunities for AI in cybersecurity are vast. As AI technology continues to evolve and the ability to reduce Its need to have large volumes of data for decision-making Improves, it will become even more adept at identifying and mitigating threats. Future advancements may include more sophisticated AI models capable of predicting attacks before they occur, and enhanced collaboration between AI systems and human security experts, while also accelerating it in silicon for faster response. The integration of AI into cybersecurity represents a monumental shift in how we approach threat detection and response. By leveraging AI's capabilities, organizations can enhance their defenses against increasingly sophisticated cyber threats, ensuring the safety and integrity of their data in the digital age. As we continue to navigate the complexities of cybersecurity, the role of AI will undoubtedly become even more crucial, paving the way for a more secure and resilient digital future. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
In the field of business operations in the META region, operational technology (OT) acts as a backbone, facilitating system maintenance, control, and optimization. From factories to energy projects, OT systems play an important role in increasing efficiency, ensuring safety, and maintaining reliability. However, with show more ...
the increasing interconnectivity between OT and the Internet of Things (IoT), as well as the growing threat landscape, securing operational technology environments has never been more crucial. Understanding Operational Technology OT encompasses the hardware and software utilized to monitor and control physical devices and processes within industrial operations, including sectors such as manufacturing, energy, transportation, and utilities. It comprises of two main categories: Internet of Things (IoT) devices, which introduce networking capabilities to traditional OT systems, and Industrial Control Systems (ICS) - specialized systems dedicated to monitoring and controlling industrial processes. Key functions of OT include: Driving innovation, improving productivity, ensuring safety, reliability, and maintaining critical infrastructure. Enhancing efficiency by automating and optimizing processes, minimizing downtime, reducing waste, and maximizing output. Ensuring safety by monitoring environmental conditions, detecting abnormalities, and triggering automated responses to prevent accidents. Providing reliable performance in harsh environments to prevent financial losses and risks to public safety. Maintaining product quality and consistency by monitoring and adjusting production processes. Enabling data-driven decision-making by generating insights into operations. Managing critical infrastructure such as energy grids, water treatment plants, and transportation networks. Differentiating OT from IT While Operational Technology shares similarities with Information Technology (IT), it differs in several key aspects. IT focuses on managing digital information within organizations and OT controls highly technical specialist systems crucial for ensuring the smooth operation of critical processes. These systems include Supervisory Control and Data Acquisition (SCADA) systems, Programmable Logic Controllers (PLCs), sensors, and actuators, among others. OT is not just limited to manufacturing but can also be found in warehouses and in daily outdoor areas such as parking lots and highways. Some examples of OT include ATMs and other kiosks, connected buses, trains, and service fleets, weather stations, and even electric vehicles charging systems. The key difference between IT and OT is that IT is centered on an organization's front-end informational activities, while OT is focused on their back-end production. The merging of OT with IT, known as IT/OT convergence, aims at enhancing efficiency, safety, and security in industrial operations, yet also introduces challenges regarding cybersecurity as OT systems become more interconnected with IT networks. IoT and OT Cybersecurity Forecast for META in 2024 Cybersecurity stands as a paramount concern for executives across various OT sectors in the META region. As the region witnesses a surge in cyber threats, organizations are increasingly investing in cybersecurity services and solutions to safeguard critical infrastructure and sensitive data. Modernization and optimization top the cyber-investment priorities for 2024, according to Pwc Digital Trust Insights 2024-Middle East Findings Report. More than half (53%) of chose optimization of existing technologies and investments in order to identify those with the highest potential to create value, while 43% selected technology modernization, including cyber infrastructure. The year 2024 is poised to bring new challenges and advancements in IoT and OT security, which could possibly shape the cybersecurity landscape in the META region. Geopolitical Threats and APT Activity With geopolitical tensions shaping the cybersecurity landscape, the META region is anticipated to witness heightened levels of Advanced Persistent Threat (APT) activity. Critical infrastructure, including shipping, power, and communications, will remain prime targets for cyber adversaries seeking to disrupt operations and undermine stability. Escalating Costs of Cyber Attacks The cost of cyberattacks is expected to escalate further in 2024, driven by an increase in ransom demands. Recent years have seen a significant rise in ransomware attacks globally, with cybercriminals targeting sectors such as healthcare and manufacturing. As ransom demands soar, organizations in the META region must bolster their cybersecurity defenses to mitigate financial and operational risks. Heightened Threats to IoT and OT Deployments Cyber threats targeting IoT and OT deployments are poised to intensify, posing significant risks to critical infrastructure and industrial systems. Health and safety departments, Industrial Control Systems (ICS), and IoT networks will remain prime targets for cyber adversaries, necessitating proactive cybersecurity measures to mitigate potential threats. Focus on Network and Device Vulnerabilities Cybercriminals will continue to exploit network and device vulnerabilities, highlighting the importance of robust patching and vulnerability scanning practices. Government infrastructures, finance, and retail sectors are particularly vulnerable to phishing attacks, underscoring the need for enhanced cybersecurity measures and employee awareness training. Lookout for AI With AI coming to the fore and large language models helping cybercriminals from drafting phishing mails to making AI-based robo-calling the surge of AI needs to be kept an eye on and better regulations will be the need of the hour. On the defense front, many vendors are also pushing the limits of GenAI, testing what’s possible. It could be some time before we see broad-scale use of defenceGPTs. In the meantime, here are the three most promising areas for using GenAI in cyber defence: Threat detection and analysis; cyber risk and incident reporting; and adaptive controls that are tailored for organizations threat profile, technologies and business objectives. Emphasis on Supply Chain Security In 2024, supply chain vetting and internal security methods will become mainstream, as organizations strive to fortify their defenses against supply chain attacks. With compliance orders shifting from voluntary to mandatory, enterprises will be required to align with cybersecurity standards such as IEC 62443 to mitigate supply chain risks effectively. Rise of Cyber Threat Intelligence The year 2024 is poised to witness a surge in cyber threat intelligence investments, as organizations seek to enhance their threat detection and response capabilities. With C-level management increasingly involved in cybersecurity decision-making, enterprises will prioritize cyber threat intelligence feeds to bolster their security posture and safeguard critical infrastructure. Expansion of Attack Surfaces As digital transformation accelerates across sectors, the OT attack surface is expected to expand, providing cyber adversaries with new opportunities to exploit vulnerabilities. Industries such as manufacturing and healthcare must exercise caution and diligence in navigating the complexities of digital transformation to mitigate emerging cyber threats effectively. Structuring a Secure OT Network Despite its critical importance, OT faces significant vulnerabilities, particularly concerning cybersecurity. As OT systems become increasingly interconnected with IT networks and the IoT, they become more exposed to cyber threats. Moreover, the inability to shut down OT systems for maintenance or upgrades poses challenges in implementing security measures effectively. With the steady adoption of IoT and personal connected devices, an increase of over 4-fold in IoT malware attacks year-over-year has been reported in the Middle East region alone. This highlights persistence and ability of the cybercriminals to adapt to evolving conditions in launching IoT malware attacks. They are targeting legacy vulnerabilities, with 34 of the 39 most popular IoT exploits specifically directed at vulnerabilities that have existed for over three years. The biggest receiver of these attacks has been manufacturing, followed by oil & gas, power grids and maritime. Securing Operational Technology with a 4-Phase Approach To address these challenges, organizations must adopt a proactive approach to building secure OT environments. This involves implementing comprehensive security measures and adhering to industry best practices. A four-phase approach can guide organizations in building a secure OT network: Assess: Conduct an assessment to evaluate the current OT environment against industry standards and identify risks and vulnerabilities. Design: Develop a comprehensive design considering elements such as network segmentation, vendor security, and defense-in-depth strategies. Implement: Implement changes into the OT network while ensuring interoperability and compatibility with existing systems. Monitor and Respond: Establish mechanisms for detection and response to security incidents, enabling a dedicated security team to contain and eradicate threats effectively. In addition to the four-phase approach, organizations can implement other security best practices, including access control, patch management, incident response planning, physical security measures, employee training, and vendor security assessments. By adopting a holistic approach to OT security and implementing robust security measures, organizations can mitigate cyber threats, protect critical infrastructure, and maintain the integrity and reliability of their operational systems. In an era of evolving cyber threats, securing Operational Technology is paramount to safeguarding industrial operations and ensuring the resilience of modern societies.
By Maryam Eissa Alhammadi, Head of Cyber Security Operation Center, Ministry of Interior "Cyberattacks are not new in Geo- Politics, but their frequency is rising.” Critical infrastructure has become a weapon of war and the consequences are fundamental and extreme. Understanding the Landscape of Geopolitical show more ...
Cybersecurity In today's interconnected world, nations are facing increasing challenges in the realm of cybersecurity. The digitization of critical infrastructure and government operations has made countries more vulnerable to cyberattacks. As a result, geopolitical cybersecurity tensions between nations have been on the rise. In the ever-evolving arena of international relations, the role of cyberspace has become increasingly prominent. Geopolitical cybersecurity tension refers to the ongoing struggle between nations to secure their digital assets and infrastructure while simultaneously leveraging these assets for strategic advantage. The Rise of Cyber Warfare As countries become more interconnected through the internet, the potential for cyberattacks has grown significantly. From disrupting critical infrastructure to stealing sensitive information, cyber warfare has the power to inflict serious harm on a nation's security and stability. The Stakes at Play In today's world, the lines between physical and digital warfare are becoming blurred. As countries invest in building strong cyber capabilities, the potential for conflict in cyberspace continues to rise. The consequences of a successful cyberattack can be catastrophic, with the potential to disrupt entire economies and societies. Geopolitical factors play a crucial role in shaping cybersecurity tensions between nations. Issues such as territorial disputes, ideological differences, and economic competition can all fuel cyber conflicts. Understanding the geopolitical dynamics at play is essential for navigating the complex world of cybersecurity. The Impact of Geopolitical Cybersecurity Tensions Geopolitical cybersecurity tensions have far-reaching consequences, affecting not only government agencies but also businesses and individuals. Cyber attacks have the potential to disrupt essential services, compromise sensitive data, and even destabilize entire economies. As nations engage in cyber warfare, the stakes are higher than ever before. Strategies for Mitigating Geopolitical Cybersecurity Tensions To navigate the complex landscape of geopolitical cybersecurity tensions, nations must prioritize collaboration and information sharing. By working together to address common threats and vulnerabilities, countries can strengthen their defenses against cyber attacks. Additionally, investing in robust cybersecurity measures and staying vigilant against emerging threats are critical steps in safeguarding national interests. The Role of International Cooperation in Cybersecurity International cooperation plays a crucial role in mitigating geopolitical cybersecurity tensions. Through partnerships and agreements, countries can enhance their cyber capabilities and respond more effectively to cyber threats. By fostering a culture of transparency and trust, nations can lay the groundwork for a more secure and stable digital environment. Economic Impact of Cyberattacks In the face of escalating cyber threats, nations must adopt a proactive approach to cybersecurity. Investing in robust defense mechanisms, promoting international cooperation, and fostering a culture of cyber resilience are key steps towards addressing geopolitical cybersecurity tension. Rising cybersecurity geopolitical tensions between countries is a major issue in today’s world. As countries become more connected and more reliant on digital infrastructure, the likelihood of cyberattacks and cyberespionage between countries increases. These tensions can arise from a variety of factors, such as political disputes, economic competition, military conflicts and intelligence operations. Nations are increasingly leveraging cyber capabilities to gain competitive advantage, disrupt or destabilize adversaries, and gather intelligence. Over time, state-sponsored cyberattacks have become increasingly sophisticated and effective. Examples include the Stuxnet attack on Iran's nuclear program, the NotPetya attack attributed to Russia, and the SolarWinds supply chain attack believed to have been orchestrated by Russian state actors. These incidents highlight the potential for cyber operations to have profound impacts on national security and the global economy. Rising tensions between nations could lead to an escalation in cyber activity, including attacks on critical infrastructure, government networks, military systems, and private sector organizations. Such activity may result in data breaches, service disruptions, intellectual property theft, and threats to national security. Efforts continue to reduce these tensions and establish norms of behavior in cyberspace. Various international organizations such as the United Nations are working to develop frameworks and protocols to govern the behavior of states in cyberspace. However, progress has been slow and confidence-building measures remain a challenge. To address these tensions, organizations and governments must prioritize cyber defense and resilience. This includes robust cybersecurity measures, threat intelligence sharing, incident response capabilities and international cooperation. Public-private partnerships are also critical to address the evolving cyber threat landscape and build resilience against nation-state cyber threats In conclusion, navigating the increasing geopolitical cyber security tensions between nations requires a proactive and collaborative approach. By understanding the impact of cyber attacks, implementing effective strategies for cyber defense, and fostering international cooperation, countries can strengthen their resilience in the face of evolving threats. In the digital battlefield of the 21st century, vigilance and cooperation are key to safeguarding national security and stability. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
By Anoop Kumar, Head of Information Security Governance Risk & Compliance at Gulf News We are becoming ever more dependent on technology and digitization. As data increases in importance and volume, data protection and privacy are essential to safeguard the integrity of the systems we all use and depend on. Hence, show more ...
our Resilience in terms of People, Process, and Technology is very vital. Actors with ill intent never rest and are constantly evolving, so consumers, firms, and governments will need to keep investing time, energy, and money to stay ahead of the game. Cybersecurity goals represent a powerful megatrend over the coming decades in both relevance and growth. The Problem Most of the organizations are firefighting with: Too many incidents and faults Uncontrolled budget Uncontrolled projects Operational surprises and unexpected downtime Lack of compliance Uncontrolled removable media use Abused identity privileges Too long, too expensive Audits and unacceptable audit results Lot of rework Lack of ownership and accountabilities Poor customer service, both internal and external Expensive incident response activities Firefighting IT No transparency and visibility We must consider a program to reduce operational complexities and surprises to concrete business sustainability and cyber resilience. The Program Cybersecurity GRC by design: Educate boardroom, a top-down approach and enable from the bottom up. The frequency and negative impact of cybersecurity incidents on organizations continue to rise, undermining the confidence of the board and executives in their cybersecurity strategies. Security GRC by design is increasingly being adopted to enable stakeholders to draw a straight line between cybersecurity investment and the delivered Protection and improved Compliance levels it generates. We must consider Cybersecurity GRC by design to create a defensible cybersecurity investment strategy, reflecting agreed protection levels with powerful properties, and in simple language that is explainable to non-IT executives. This provides a credible and defensible expression of risk appetite that supports direct investment to change protection levels. Also results in Reduced operation Costs, Risk, and improved Performance. Here the relationship among CXOs is key to converting the challenges to opportunities. Example: CIO-CFO always has communication gaps and disagreements in terms of ROI. The Process to be Agreed Up On A well-defined process with adequate guidelines can create wonders in operations. Hence, draft a step-by-step process of activities with defined roles and responsibilities. Slowly define and agree on KPIs, but let all stakeholders embrace the process first. A collectively agreed process execution results in improved confidence among all signing authorities. How can we define this from the concept stage to the delivery stage with successful operational handover with desired compliance to both internal and external standards expectations? Let us define them: Define and Agree a Pipeline With Required Controls People's Area of Concern In order to define and agree a collective Cybersecurity GRC by design model, we must identify stakeholders from different organizational units to work together for a common goal (a cross-functional team of HR, Finance, Legal, IT, GRC, etc…). Educate them with a collectively agreed process with defined KPIs. This is achieved through a business process walkthrough to identify which people are involved and what data is being operated (input and output). Technology Consider a social-technical environment: Where everyone’s culture and practices are embraced and aligned for better outcomes. Agree on a paced layered technical architecture for agility. Key Considerations While Selecting Technology Solutions Generative AI: a double-sided sword we need to operate by adequate Governance Cybersecurity leaders need to prepare for the swift evolution of GenAI, as large language model (LLM) applications like ChatGPT and Gemini are only the start of its disruption. Simultaneously, those are overwhelming with promises of productivity increases, skills gap reductions, and other new benefits for cybersecurity. Is that wise to use GenAI through proactive collaboration with business stakeholders to support the foundations for the ethical, safe, and secure use of this disruptive technology? There’s solid long-term hope for the technology, but right now we’re more likely to experience prompt fatigue than two-digit productivity growth. Things will improve, so encourage experiments and manage expectations, especially outside of the security team by providing a non-production environment like technical labs. Embrace innovations. Manage Third-Party Cybersecurity Risk: The inevitability of third parties experiencing cybersecurity incidents is pressuring security leaders to focus more on resilience-oriented investments and move away from front loaded due diligence activities. We must consider enhancing the risk management (continuous) of third-party services and establish mutually beneficial relationships with important external partners, to ensure their most valuable assets are continuously safeguarded and start by strengthening contingency plans for third-party engagements that pose the highest cybersecurity risk by creating third- party-specific incident playbooks, conduct tabletop exercises and define a clear off-boarding strategy involving timely revocation of access and destruction of data. Continuously assess both internal and external attack surfaces: Continuous threat exposure management (CTEM) is a pragmatic and systemic approach we must practice to continually evaluate the accessibility, exposure and exploitability of digital and physical assets. Aligning assessment and remediation scopes with threat vectors or business projects rather than an infrastructure component, highlights vulnerabilities and unpatchable threats to reduce breaches. Security leaders must continuously monitor hybrid digital environments to enable early identification and optimal prioritization of vulnerabilities to help maintain a hardened organizational attack surface. Manage and Govern Identities: We are forced to move to an identity-first approach to security, the focus shifts from network security and other traditional controls to IAM, making it critical to cybersecurity and business outcomes. Hence, the increased role of IAM in security programs, and practices must evolve to focus more on fundamental hygiene and hardening of systems to improve resilience. We must focus on strengthening and leveraging our identity fabric and leverage identity threat detection and response to ensure IAM capabilities are best positioned to support the breadth of the overall security program Conclusion This program intends to create a social-technical collectively accepted approach to reduce operational cost, complexities, and risk and improve operational performance and compliance. Here every stakeholder has a role to play with adequate responsibility. A well-understood process with a cross-functional team equipped with the right technology can make wonders. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.
A new cryptojacking attack campaign dubbed "Commando Cat" has been observed exploiting exposed Docker remote API servers to deploy cryptocurrency miners. Attack operations leverage legitimate Docker images from the open-source Commando project. Commando is a tool designed for on-demand docker image creation, show more ...
aiding SysOps and DevOps professionals to quickly create them for operations. Commando Cat Initial Access and Attack Sequence The Commando Cat campaign identified by researchers from Trend Micro has been active since early 2024. The attack begins with a probe to the Docker Remote API server. If the server responds positively, the attackers create a container using the "cmd.cat/chattr" image. Once a suitable target is located, the attacker deploys a docker image named cmd.cat/chattr, which appears harmless at first glance but serves as a stepping stone for the subsequent stages of the attack. The "cmd.cat/chattr" image allows the attackers to employ techniques like chroot and volume binding to escape the docker container and bind the host system's root directory to the container's own /hs directory, thereby gaining unrestricted access to the host file system. The attackers also bind the Docker socket to the container, allowing them to manipulate Docker as if they were on the host machine itself. If the "cmd.cat/chattr" image isn't found, the attackers pull it from the cmd.cat repository. Once the image is in place, they create a Docker container, executing a base64-encoded script that downloads and executes a malicious binary from their command-and-control (C&C) server. The researchers identified the downloaded binary file as ZiggyStarTux, an open-source IRC botnet based on the Kaiten malware. Commando Cat Detection and Mitigation While the researchers noted that the campaign's C&C server was down during analysis, they noted several technical specifics from attack operations. Researchers have advised that potential misuse of DropBear SSH on TCP port 3022, along with use of the 1219 port for its C&C server, can help detect the presence of the malware. Unauthorized IRC communications along with these specific User-Agent strings are other indicators: HackZilla/1.67 [en] (X11; U; Linux 2.2.16-3 x64) Mozilla/4.75 [en] (X11; U; Linux 2.2.16-3 i686) To prevent such attacks, organizations should adhere to Docker security best practices, including: Properly configuring Docker containers and APIs. Utilizing only official or certified Docker images. Running containers with non-root privileges. Limiting container access to trusted sources. Regularly performing security audits and scanning for suspicious docker containers. Additionally the researchers have shared a more detailed list of indicators of compromise (IOCs) to help detect infections. The Commando Cat attack campaign underscores the risks associated with exposed Docker Remote API servers and the potential exploitation of open-source projects by threat actors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.
Details have emerged about a new critical security flaw impacting PHP that could be exploited to achieve remote code execution under certain circumstances. The vulnerability, tracked as CVE-2024-4577, has been described as a CGI argument injection vulnerability affecting all versions of PHP installed on the Windows operating system. According to DEVCORE security researcher, the shortcoming makes
Microsoft on Friday said it will disable its much-criticized artificial intelligence (AI)-powered Recall feature by default and make it an opt-in. Recall, currently in preview and coming exclusively to Copilot+ PCs on June 18, 2024, functions as an "explorable visual timeline" by capturing screenshots of what appears on users' screens every five seconds, which are subsequently analyzed and
