Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for NCSWIC Launches Vide ...

 Firewall Daily

The National Council of Statewide Interoperability Coordinators (NCSWIC) attempts to shed light on the significant duties and routine tasks performed by Statewide Interoperability Coordinators (SWICs). This new NCSWIC Video Series is crucial for highlighting the importance of interoperability and emergency   show more ...

communications in a variety of public safety circumstances. In the first episode of the NCSWIC Video Series, "What is a SWIC," members of NCSWIC talk about the vital role that SWICs play in supporting emergency response and interoperability efforts. They highlight the crucial role that SWICs play in assisting both federal and state authorities, bridging the gap between technology and policy to ensure effective communication during emergencies. NCSWIC Video Series Highlights Inner Workings of Interoperability https://www.youtube.com/watch?v=jQO89TxRDz0 The second video, "What are Emergency Communications?" goes into great detail about the subtleties of emergency communication systems. It highlights how important they are to first responders and why protecting the nation depends on them. The third and last video, "What is Interoperability," clarifies the difficulties associated with interacting across various systems and emphasizes the importance of teamwork regardless of the agency, level of government, or risk. The national growth of public safety communications is central to NCSWIC's purpose. NCSWIC works to improve interoperability and advance long-term emergency communications projects by encouraging coordination amongst SWICs. The Daily Operations of SWIC and NCSWIC SWICs, in their capacity, oversee the daily operations of their state's interoperability efforts. They coordinate projects, maintain governance structures, and spearhead the implementation of Statewide Communication Interoperability Plans (SCIP). To support public safety communications, SWICs also take part in outreach, program administration, grant coordination, and policy creation. To execute statewide interoperability programs in line with federal goals, state SWICs work with a range of stakeholders and governmental organizations. They promote cooperation throughout the emergency communications landscape, assist strategic planning, and guarantee transparency through consistent communication. As members of NCSWIC, SWICs at the national level promote interoperable communications and best practices. Serving as intermediaries between the federal government, business community, and state authorities, they plan funding campaigns and disseminate success stories to encourage the development of interoperable solutions. Through the NCSWIC Video Series, the council hopes to raise awareness of the vital role SWICs play in guaranteeing effective emergency communications. The goal of NCSWIC is to strengthen and secure the nation's public safety infrastructure by fostering cooperation and best practices.

image for Cybersecurity’s Bi ...

 Cybersecurity News

The wait is finally over! The Cyber Express is thrilled to announce the much-anticipated return of World CyberCon, India Edition. The 4th Edition of this prestigious event is set to take place on September 27, 2024, in Mumbai. This gathering will be held under the compelling theme “Strengthening India’s Digital   show more ...

Frontier: Preparing for Future Challenges.” This is not just a conference; it is also an award ceremony and exposition, offering a comprehensive platform for recognition, networking, and showcasing the latest innovations.  World CyberCon promises to bring together cybersecurity professionals from all corners of India to confront and navigate the rapidly evolving landscape of cybersecurity threats and innovations.  A Booming Cybersecurity Market  India's cybersecurity market is witnessing unprecedented growth, projected to surge from USD 4,044.6 million in 2024 to USD 17,746.5 million by 2033, at a compound annual growth rate (CAGR) of 15.61%.  This rapid expansion is driven by increasing digitalization and the proliferation of internet-connected devices, which broaden the attack surface and escalate the need for robust cybersecurity solutions.  The market encompasses various services, including network and endpoint security, security analytics, threat intelligence, and cloud security. The exponential growth highlights the critical importance of fortifying India's digital infrastructure against evolving cyber threats.   The World CyberCon Highlights  The World CyberCon 2024 promises to deliver a comprehensive agenda, featuring key discussions and presentations on crucial topics. Attendees will delve into strategies for cyber resilience, exploring how organizations can build and maintain robust defenses against an ever-changing threat landscape.  Knowledge Sharing Sessions: Gain insights from industry leaders and experts through in-depth discussions and presentations.  Networking Sessions: Connect with peers, potential clients, and industry leaders in dynamic networking environments.  Keynote Sessions by Government: Hear from prominent government officials on national cybersecurity priorities and initiatives.  Award Presentation: Celebrate outstanding contributions to the field of cybersecurity with an exclusive award ceremony.  150+ Attendees: Engage with over 150 cybersecurity professionals and decision-makers from across India.  Exhibition Zone: Explore the latest innovations in cybersecurity technology and solutions in our extensive exhibition area.  Business Prospects: Discover new opportunities for growth and collaboration within the cybersecurity industry.  Post Event Highlights Episode on a TV News Channel: Extend the reach and impact of the event's key messages through exclusive post-event highlights featured on a TV news channel.  Media Presence: Benefit from extensive media coverage, enhancing the visibility and impact of the event.  Stand Up Comedy: Enjoy entertainment and a light-hearted break with a stand-up comedy performance.  Networking and Learning Opportunities  Attendees can look forward to a variety of enriching experiences designed to foster knowledge sharing and collaboration. The event will feature exclusive networking opportunities, allowing participants to connect with industry leaders, peers, and potential clients in a dynamic and engaging environment.  Keynote speeches by prominent government officials will provide valuable insights into national cybersecurity priorities and initiatives, while award presentations will recognize outstanding contributions to the field.  The exhibition zone will showcase the latest innovations in cybersecurity technology and solutions, providing attendees with a firsthand look at cutting-edge tools and services. Business prospect discussions will explore new opportunities for growth and collaboration within the cybersecurity industry. Post-event highlights will be featured on a TV news channel, extending the reach and impact of the event's key messages.  Who Should Attend?  World CyberCon is designed for top-level executives and professionals who play a critical role in shaping and implementing cybersecurity strategies. This includes Chief Information Security Officers (CISOs), Chief Information Officers (CIOs), Chief Technology Officers (CTOs), and other senior leaders such as SVPs, VPs, and GMs in cybersecurity.  Data Protection Officers (DPOs), directors, and heads of cybersecurity, IT, and governance will also find the event highly relevant. Additionally, legal experts and cybercrime officers are encouraged to attend to gain insights into the latest legal and regulatory developments impacting cybersecurity.  Partnership Opportunities  Partnering with World CyberCon offers significant benefits, including enhanced visibility and brand exposure. Your brand will be prominently featured throughout the event, providing exposure to a targeted audience of cybersecurity professionals and decision-makers.  Exclusive networking sessions offer the chance to connect with industry leaders, potential clients, and partners, fostering valuable relationships and business opportunities.  Showcasing your thought leadership by participating in panel discussions or exclusive presentations can elevate your brand’s reputation and influence within the industry. The event also offers robust lead generation opportunities, with access to an event app for one-on-one meetings with registered attendees. Exhibiting at World CyberCon allows you to demonstrate your products and services to a captive audience, further enhancing your market presence.  What Sets Us Apart?  World CyberCon stands out as a premier event organized by a globally recognized cybersecurity news media company. We boast a strong global presence with over 30k registered users receiving our weekly newsletter and 100k+ monthly website visitors.   Attendees can discover Pan India opportunities and engage with leading expert speakers under one roof. Our event offers exclusive content and insights, making it an unparalleled platform for learning, networking, and growth in the cybersecurity industry.  Join Us  For more information and to register, please visit World CyberCon 2024 Website. Don’t miss this opportunity to be part of India’s premier cybersecurity event, where you can shape the future of cybersecurity, gain valuable insights, and connect with industry leaders.  Contact Information:  Priti Chaubey  Communications Manager  priti.c@thecyberexpress.com  Ashish Jaiswal  Conference Manager  ashish.j@thecyberexpress.com  +91 814 888 2990  Anees Shaik  Sponsorship Sales Manager  anees.shaik@thecyberexpress.com  +91 636 127 6754  About The Cyber Express  The Cyber Express is a leading cybersecurity news media company that provides critical and timely information on cyber threats, vulnerabilities, data breaches, and cyber defense. Our seasoned journalists and researchers deliver in-depth analysis and commentary, organizing conferences, webinars, and business events to share industry best practices and insights.  The objective of The Cyber Express is to give readers a thorough understanding of the current state of cybersecurity and the challenges and opportunities that lie ahead. Whether you are a cybersecurity professional, a business leader, or simply someone interested in staying informed about the latest developments in this crucial field, our publication can provide valuable insights and information.  For more information, visit The Cyber Express. 

image for Over 8,000 Students ...

 Cybersecurity News

VIT Bhopal University, a leading academic institution in India, has allegedly been hit by a significant data breach, raising concerns among 8,000+ students and faculty alike. The alleged VIT Bhopal Data Breach was first reported on June 10, 2024, on the notorious data hacking website BreachForums.The Threat Actor (TA)   show more ...

has claimed to have leaked valuable data, raising concerns about the security of sensitive student and faculty information. VIT Bhopal Data Breach Decoded VIT Bhopal was established in 2017 and is a deemed university located on the outskirts of Bhopal, the capital city of the state of Madhya Pradesh. The institution is authorized by the University Grants Commission (UGC), which is a statutory organization of the Government of India for the maintenance of standards of teaching, examination, and research in university education. VIT Bhopal ranks among the top universities in India. As per the National Institutional Ranking Framework (NIRF) Ranking, it stands in 65th position amongst all the universities in India. It offers specialized programs across various disciplines, including engineering, technology, management, and architecture. Streams like mechanical engineering, computer science and engineering, artificial intelligence and robotics are particularly popular among students pursuing higher education here. [caption id="attachment_76218" align="alignnone" width="792"] Source: FalconFeedsio on X[/caption] According to a post on BreachForums, the threat actor has shared screenshots of the hack and claims to possess the following information:. ID: Unique Identification number assigned to each student and faculty member of the university Username: Login credentials of all the stakeholders used to access university portals, maintain and share records, post newsletters, and research materials confined to the institution. Full name: First and last name of the students and faculty of VIT Bhopal. Email: This contains email addresses of stakeholders, which is the official mode of communication for announcements, course materials and student-faculty interactions. Password: If this data is compromised, it poses significant risk as it could grant unauthorized access to personal accounts and university resources. User Activation Key: This could be a unique code required for initial account activation or password resets. VIT Bhopal Data Breach Leaves Students Anxious The news of the alleged data breach has understandably caused anxiety among the current batch of students. They are worried over the threat of stolen passwords, emails, and information, including research material, being used for malicious purposes. The students are worried of being vulnerable to targeted phishing attacks, where hackers use stolen email addresses to send data that appears to be from legitimate sources, such as the university administration. These emails might trick students into revealing their personal data or clicking on malicious links that could infect their devices with malware. The university has yet to react to the alleged data breach. There is no clarity yet on the extent of the breach, the extent of the information compromised, or the steps taken by the university to address the situation. The article will be updated once there is any public information shared by the university. While the university investigates the situation, students and staff can take a few healthy steps to protect themselves. This includes being wary of phishing attempts by hackers, monitoring suspicious links, and keeping an eye out for any unusual activity on their accounts, such as unauthorized login attempts or changes to their profile information. They can also enhance their security measures by enabling Two-Factor Authentication (2FA) and change their passwords regularly. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Snowflake Breach Vic ...

 Cybersecurity News

Data breaches affecting customers of the cloud storage provider Snowflake have hit about 165 organizations so far, according to a Google Mandiant report published today. While initial claims linked the Snowflake breach to the cloud provider’s own environment, Mandiant said its investigation backs up Snowflake’s   show more ...

assertion that the breaches came from compromised customer credentials, many of which did not have multi-factor authentication enabled. Some of the high-profile organizations hit in the attack have included Ticketmaster, Advance Auto Parts, Santander, and more. Snowflake Breach Discovered in April Mandiant is attributing the breach to UNC5537, “a financially motivated threat actor suspected to have stolen a significant volume of records from Snowflake customer environments. UNC5537 is systematically compromising Snowflake customer instances using stolen customer credentials, advertising victim data for sale on cybercrime forums, and attempting to extort many of the victims.” The threat group is based in North America, with an additional member in Turkey, Mandiant said. “Mandiant's investigation has not found any evidence to suggest that unauthorized access to Snowflake customer accounts stemmed from a breach of Snowflake's enterprise environment,” Mandiant researchers wrote. “Instead, every incident Mandiant responded to associated with this campaign was traced back to compromised customer credentials.” Mandiant first saw evidence of the Snowflake data breach campaign in April, when the company “received threat intelligence on database records that were subsequently determined to have originated from a victim’s Snowflake instance.” In the subsequent investigation, Mandiant found that the organization’s Snowflake instance had been compromised by a threat actor using credentials previously stolen with infostealer malware. “The threat actor used these stolen credentials to access the customer’s Snowflake instance and ultimately exfiltrate valuable data,” Mandiant said. At the time of the compromise, the account did not have multi-factor authentication (MFA) enabled. Hackers Used Credentials from Infostealer Campaigns Mandiant said its investigations so far into hacked Snowflake customers found that UNC5537 was able to obtain access via stolen customer credentials that were “primarily obtained from multiple infostealer malware campaigns that infected non-Snowflake owned systems.” Some of those infostealer infections date back as far as 2020, using infostealer malware variants such as VIDAR, RISEPRO, REDLINE, RACOON STEALER, LUMMA and METASTEALER. Initial access to Snowflake customer instances often occurred via the native web-based UI (SnowFlake UI AKA SnowSight) or command-line interface (CLI) tool (SnowSQL) running on Windows Server 2022. Mandiant identified additional access leveraging an attacker-named utility, “rapeflake,” which Mandiant is tracking as FROSTBITE. [caption id="attachment_76343" align="alignnone" width="750"] Snowflake breach attack path (source: Mandiant)[/caption] In addition to a lack of MFA, Mandiant said some affected accounts had not updated credentials since they had been stolen, even after significant time had elapsed. The affected Snowflake instances also did not use network allow lists to only allow access from trusted locations. A list of suspect IP addresses can be found on VirusTotal, and Snowflake has also published detailed security information, including indicators of compromise (IoCs).

image for Dark Web Actor Claim ...

 Firewall Daily

A dark web actor named "komarod” is claiming credit for a June 8 Shadow PC data breach, allegedly stealing data from the UK-based cloud service provider. The Shadow PC cybersecurity incident has raised concerns about the security of Shadow's systems and the safety of user data. The leaked database shared on   show more ...

an English-language cybercrime forum called Leakbase contains a staggering 545,014 records. These records encompass a range of data fields such as ID, email, first name, last name, user creation date, and billing address, all encapsulated in a JSON format. Understanding the Shadow PC Data Breach Claims [caption id="attachment_76271" align="alignnone" width="988"] Source: Dark Web[/caption] Shadow.tech, a cloud computing service developed by the French company Blade, has been at the forefront of innovative cloud technology, offering users the capability to run video games and other Windows software applications remotely on Windows 10 servers. This service, acquired by OVHcloud founder Octave Klaba in 2021, has garnered significant attention in the IT & ITES industry. The impact of the Shadow PC data breach extends to both Shadow.tech and its parent company, Blade. With the leak affecting users primarily in the United Kingdom and across Europe, concerns about the safety of personally identifiable information (PII) have heightened. While the cyberattack has yet to be officially confirmed by Shadow.tech or Blade, the threat actor's post on the cybercrime forum indicates a breach in the system's security defenses. The lack of an official statement or response from the organization has left the claims regarding the Shadow data breach unverified. Previous Shadow.tech Cybersecurity Incidents Interestingly, despite the Shadow PC data leak, the website remains operational, showing no immediate signs of a cyberattack. This suggests that the hacker group may have targeted the backend of the website, focusing on data extraction rather than launching a front-end assault such as a DDoS attack or website defacement. However, this is not the first time Shadow.tech has faced cybersecurity challenges. In a previous incident in 2023, the company experienced a similar breach where customer data was compromised due to a social engineering attack against one of its employees. Over half a million customers were potentially impacted by the breach, raising concerns about the security measures in place at Shadow. CEO Eric Sele, while acknowledging that breach, refrained from disclosing the exact number of individuals affected. Despite claims from the threat actor regarding the sale of stolen data on a cybercrime forum, the company remained tight-lipped about the specifics of the breach and its implications for customers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Alleged RCE Vulnerab ...

 Firewall Daily

A threat actor known as spr1ngtr4p has purportedly advertised a Remote Code Execution (RCE) vulnerability affecting a subdomain of Italy's Ministry of Defence website. This RCE vulnerability was posted on June 7, 2024, on a Russian-language cybercrime forum called XSS and sheds light on the malicious intent of the   show more ...

threat actor.  RCE vulnerabilities, such as the one claimed by spr1ngtr4p, pose significant risks as they allow malicious actors to execute code remotely on targeted systems. The implications of such an exploit can be severe, ranging from the deployment of malware to the complete compromise of affected machines. The RCE Vulnerability and Possible Cyberattack on the Italian Ministry of Defence [caption id="attachment_76184" align="alignnone" width="1240"] Source: Dark Web[/caption] The affected organization, as claimed by the threat actor, is the Ministry of Defence of Italy, Ministero Difesa, highlighting the gravity of the situation. The website in question, difesa.it, falls under the purview of this governmental body, making it a matter of national security concern. With Italy being the impacted country, the ramifications extend to the wider European and UK regions, emphasizing the potential for geopolitical implications. The post by the threat actor, shared on the cybercrime forum, offers insights into the nature of the RCE vulnerability. However, it lacks substantial evidence to validate the claims made. The absence of proof raises doubts about the credibility of the assertions and necessitates a thorough investigation into the matter. No Confirmation of Intrusion Efforts to ascertain the authenticity of the alleged cyberattack on the Italian Ministry have been initiated, with inquiries directed towards the Ministry of Defence of Italy. As of the time of this report, official confirmation or denial from the ministry is pending, leaving the status of the Italian Ministry of Defence cyberattack unresolved. Despite the alarming nature of the disclosure, there are indications that the Ministry of Defence website remains operational and unaffected by any apparent cyber intrusion. This suggests that either the threat actor has refrained from exploiting the vulnerability or that the website's security measures have effectively thwarted any attempted attacks. Nevertheless, the potential threat posed by the RCE vulnerability cannot be understated, warranting proactive measures to mitigate risks and fortify cyber defenses. Organizations, especially those in the government and law enforcement sectors, must remain vigilant and employ robust security protocols to safeguard against emerging cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NHS Makes Urgent Req ...

 Cybersecurity News

NHS Blood and Transplant (NHSBT) is urgently appealing for O blood-type donors across England after a ransomware attack affected several major London hospitals. The cyberattack caused significant disruption on the hospitals' ability to match patients' blood types, leading to an increased demand for O-positive   show more ...

and O-negative blood donations, which are safe for all patients. The public health institution is asking donors of these blood types to book appointments at any of the 25 NHS blood donor centers in England in order to boost limited stocks and ensure the availability of essential blood supplies to patients. NHS Blood and Transplant's Urgent Appeal for Blood Donations The recent cyberattack on the pathology firm Synnovis, believed to have been orchestrated by the Russian cybercriminal group Qilin, caused significant disruption to several London hospitals. As a result, affected hospitals have been unable to match patients' blood at the usual rates, leading to the declaration of a critical incident and the cancellation of scheduled blood transfusions. Gail Miflin, chief medical officer at NHS Blood and Transplant, emphasized the importance of O blood-type donations during this critical time. She called on existing O blood donors to book urgent appointments and encouraged potential new donors to find out their blood type and contribute to solving the shortage. During NHS National Blood Week, it was revealed that hospitals require three blood donations every minute. With around 13,000 appointments available nationwide this week, and 3,400 specifically in London, there are many opportunity for donors to come forward and contribute to blood availability. Stephen Powis, the medical director for NHS England, praised the resilience of NHS staff amid the cyberattack and urged eligible donors to come forward to one of the 13,000 available appointments in NHS blood donor centers across the country. To learn more and find details on how to donate, interested individuals are encouraged to search 'GiveBlood' online and on social media or visit Blood.co.uk. [caption id="attachment_76310" align="alignnone" width="2562"] Source: www.blood.co.uk[/caption] Impact of the Cyberattack on London Hospitals Several prominent London hospitals, including the King's College Hospital, Guy's and St Thomas', the Royal Brompton, and the Evelina London Children's Hospital, declared a critical incident following the cyberattack on the pathology firm Synnovis, which provides blood-testing facilities to these hospitals and several others in southeast London. The attack forced hospital staff to cancel health procedures such as cancer surgeries and transplants due to the unavailability of blood transfusion services after facing severe disruption. In a statement on its official website, an NHS London spokesperson stressed the importance of pathology services to health treatment procedures: “NHS staff are working around the clock to minimise the significant disruption to patient care following the ransomware cyber-attack and we are sorry to all those who have been impacted. Pathology services are integral to a wide range of treatments and we know that a number of operations and appointments have been cancelled due to this attack. We are still working with hospitals and local GP services to fully assess the disruption, and ensure the data is accurate. In the meantime our advice to patients remains, if you have not been contacted please do continue to attend your appointments.” A senior NHS manager disclosed to the Health Service Journal (HSJ) that the incident was “everyone’s worst nightmare.” As blood has a limited shelf life of 35 days, it is critical that these hospital stocks are continually replenished. More units of O-negative and O-positive blood will be required over the coming weeks to accommodate an anticipated increase in surgeries and procedures due to earlier delays. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Microsoft and Google ...

 Cybersecurity News

Microsoft and Google have announced plans to offer free or highly discounted cybersecurity services to rural hospitals across the United States. These initiatives come as the U.S. healthcare sector faces a surge in ransomware attacks that more than doubled last year, posing a serious threat to patient care and   show more ...

hospital operations. The program - developed in collaboration with the White House, the American Hospital Association, and the National Rural Health Association - aims to make rural hospitals less defenseless by providing them with free security updates, security assessments, and training for hospital staff. Microsoft and Google Cybersecurity Plans for Rural Hospitals Microsoft has launched a full-fledged cybersecurity program to meet the needs of rural hospitals, which are often more vulnerable to cyberattacks due to more limited IT security resources, staff and training than their urban peers. The program will deliver free and low-cost technology services, including: Nonprofit pricing and discounts of up to 75% on Microsoft's security products for independent Critical Access Hospitals and Rural Emergency Hospitals. Larger rural hospitals already equipped with eligible Microsoft solutions will receive free advanced security suites for free. Free Windows 10 security updates for participating rural hospitals for at least one year. Cybersecurity assessments and training are being made free to hospital employees to help them better manage system security. Justin Spelhaug, corporate vice president of Microsoft Philanthropies, said in a statement, “Healthcare should be available no matter where you call home, and the rise in cyberattacks threatens the viability of rural hospitals and impact communities across the U.S. “Microsoft is committed to delivering vital technology security and support at a time when these rural hospitals need them most.” Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technologies, said in a statement: “Cyber-attacks against the U.S. healthcare systems rose 130% in 2023, forcing hospitals to cancel procedures and impacting Americans’ access to critical care. Rural hospitals are particularly hard hit as they are often the sole source of care for the communities they serve and lack trained cyber staff and modern cyber defenses. President Biden is committed to every American having access to the care they need, and effective cybersecurity is a part of that. So, we’re excited to work with Microsoft to launch cybersecurity programs that will provide training, advice and technology to help America’s rural hospitals be safe online.” Alongside Microsoft's efforts, Google also announced that it will provide free cybersecurity advice to rural hospitals and non-profit organizations while also launching a pilot program to match its cybersecurity services with the specific needs of rural healthcare facilities. Plans Are Part of Broader National Effort Rural hospitals remain one of the most common targets for cyberattacks, according to data from the National Rural Health Association. Rural hospitals in the U.S. serve over 60 million people living in rural areas, who sometimes have to travel considerable distance for care even without the inconvenience of a cyberattack. Neuberger stated, “We’re in new territory as we see ... this wave of attacks against hospitals.” Rick Pollack, president of the American Hospital Association, said, “Rural hospitals are often the primary source of healthcare in their communities, so keeping them open and safe from cyberattacks is critical. We appreciate Microsoft stepping forward to offer its expertise and resources to help secure part of America’s healthcare safety net.” The plans are a part of a broader effort by the United States government to direct private partners and tech giants such as Microsoft and Google to use their expertise to plug significant gaps in the defense of the healthcare sector. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for IIT Kanpur, CSJMU La ...

 Cybersecurity News

The Indian Institute of Technology (IIT) Kanpur’s C3iHub has launched the ‘Cyber Security Vocational Program’ in collaboration with Chhatrapati Shahu Ji Maharaj University (CSJMU) Kanpur and the Chhatrapati Shahu Ji Maharaj Innovation Foundation (CSJMIF). This cyber security program was formalized with the   show more ...

signing of a Memorandum of Understanding (MoU). "This MoU signifies CSJMU's commitment to providing our students with industry-relevant education. The cyber security program will equip them with the knowledge and expertise to tackle upcoming challenges in this critical domain," said Prof. Vinay Pathak, Vice Chancellor of CSJMU. IIT Kanpur’s C3iHub Cyber Security Program Overview This six-month program is designed to equip students with the necessary skills and knowledge to excel in the cybersecurity field. The program covers a range of topics including system security, malware analysis, network security, cryptography, and IoT security. Conducted entirely online, the course offers both fundamental knowledge and hands-on experience. Speaking about the program, Prof. Manindra Agrawal, Director of IIT Kanpur, said, "The Cyber Security Vocational Programme will help students develop a comprehensive understanding of cybersecurity, expanding their knowledge to an advanced level, and making them future-ready. By combining C3iHub's expertise with the resources of CSJMU and CSJMIF, we hope to provide a strong platform for students to acquire practical knowledge and essential skills in today's digital age." Customized Hands-On Training A key feature of the training is the provision of customized labs at each student's desk through the Cyber Range, offering hands-on experience and industry-relevant knowledge. This practical approach aims to prepare students for successful careers in this domain. C3iHub, a Technology Innovation Hub (TIH) at IIT Kanpur funded by the Department of Science and Technology, Government of India, under the National Mission on Interdisciplinary Cyber-Physical Systems, will play a pivotal role in the program. It will provide a virtual lab for course practicals, technical help desk support for students, certification of participation/completion, and final assessment results for all students. “This program aims to provide general awareness to students and also empower them with the necessary skills to navigate the digital landscape safely and securely,” said Dr. Tanima Hajra, COO and Interim CEO C3iHub. C3iHub addresses the cybersecurity of cyber-physical systems comprehensively. It detects security vulnerabilities in critical systems, develops tools to address these vulnerabilities, nucleates startups, partners with industries to commercialize security tools, and provides training to the next generation of security researchers. CSJMU will facilitate the smooth execution of the cyber security course, while CSJMIF will provide the platform to run the program. The initiative aims to enroll up to 50,000 students, marking a significant step towards fostering security expertise in India. With an ambitious target of enrolling up to 50,000 students, this program is poised to make a substantial impact on fostering expertise in India, addressing the growing demand for skilled professionals in this critical field.

image for When two-factor auth ...

 Threats

Two-factor authentication (2FA) with the use of one-time passwords (OTPs) is now often seen as a cure-all against phishing, social engineering, account theft, and other cyber-maladies. By requesting an OTP at login, the service in question provides an additional protective layer of user verification. The code can be   show more ...

generated in a special app directly on the users device, although, sadly, few people bother to install and configure an authenticator app. Therefore, sites usually send a verification code in the form of a text, email, push notification, IM message, or even voice call. Valid for a limited time, this code enhances security significantly. But a magic bullet it aint: even with 2FA, personal accounts remain vulnerable to OTP bots — automated software that tricks users into revealing their OTPs through social engineering. To find out what role these bots play in phishing and how they work, read on… How OTP bots work Controlled either through a control panel in a web browser or through Telegram, these bots impersonate legitimate organizations such as banks to trick the victim into disclosing a sent OTP. Heres how it unfolds: Having obtained the victims login credentials — including password (see below for this is done) — the scammer logs into the victims account and is asked to enter an OTP. The victim receives the OTP on their phone. The OTP bot calls the victim and, using a pre-recorded social engineering script, asks them to enter the received code. The unsuspecting victim keys in the code right there on their phone during the call. The code is relayed to the attackers Telegram bot. The scammer gains access to the victims account. The key function of the OTP bot is to call the victim, and the success of the scam hinges on how persuasive the bot is: OTPs have a short lifespan, so the chances of obtaining a valid code during a phone call are much higher than any other way. Thats why OTP bots offer numerous options for fine-tuning the call parameters. This OTP bot boasts over a dozen features: ready-made and customized scripts in multiple languages, 12 operation modes, and even 24/7 tech support OTP bots are a business, so to get started, scammers buy a subscription in crypto costing the equivalent of up to $420 per week. They then feed the bot with the victims name, number, and banking details, and select the organization they want to impersonate. The user-friendly bot menu is accessible even to scammers with no programming skills For plausibility, the scammers can activate the spoofing function by specifying the phone number that the call appears to come from, which is displayed on the victims phone. They can also customize the language, and even the voice of the bot. All voices are AI-generated, so, for example, the OTP bot can speak English with an Indian accent, or Castilian Spanish. If a call gets forwarded to voicemail, the bot knows to hang up. And to make sure everything is configured correctly, the fraudsters can check the OTP bot settings by making a call to their own test number before commencing an attack. The victim needs to believe that the call is legitimate, so, before dialing the number, some OTP bots can send a text message warning about the upcoming call. This lulls the targets vigilance since at first glance theres nothing suspicious: you get a text notification from the bank about an upcoming call, and a few minutes later they do call — so it cant possibly be a scam. But it is. During a call, some bots may request not only an OTP, but other data as well, such as bank card number and expiry date, security code or PIN, date of birth, document details, and so on. For a deeper dive into the inner workings of OTP bots, check out our report on Securelist. Not by bot alone While OTP bots are effective tools for bypassing 2FA, theyre utterly useless without the victims personal data. To gain account access, attackers need at least the victims login, phone number and password. But the more information they have on the target (full name, date of birth, address, email, bank card details), the better (for them). This data can be obtained in several ways: On the dark web. Hackers regularly put up databases for sale on the dark web, allowing scammers to buy login credentials — including passwords, bank card numbers, and other data. They may not be very fresh, but most users, alas, dont change their passwords for years, and other details stay relevant for even longer. Incidentally, Kaspersky Premium promptly notifies you of any data breaches involving your phone number or email address, while Kaspersky Password Manager reports password compromise incidents. From open-source intelligence. Sometimes databases get leaked to the public on the normal web, but due to media coverage they quickly grow outdated. For example, the standard practice of a company on discovering a customer data breach is to reset the passwords for all leaked accounts and prompt users to create a new password at the next login. Through a phishing attack. This method has an undeniable advantage over others — the victims data is guaranteed to be up-to-date because phishing can take place in real time. Phishing kits (phishkits) are tools that allow scammers to automatically create convincing fake websites to harvest personal data. They save time and let cybercriminals collect all the user information they need in a single attack (in which case OTP bots are just one part of a phishing attack). For example, a multi-stage phishing attack might go like this: the victim receives a message supposedly from a bank, store, or other organization, urging them to update their personal account data. Attached to this message is a phishing link. The expectation is that upon landing on a site thats almost identical to the original, the victim will enter — and the phishers will steal — their login credentials. And the attackers will use these straight away to log in to the victims real account. If the account is 2FA-protected, the scammers issue a command to the phishing kit control panel to display an OTP entry page on the phishing site. When the victim enters the code, the phishers get full access to the real account, allowing them, for example, to drain bank accounts. But it doesnt end there. Scammers take the opportunity to extract as much personal information as possible, pressuring the user to confirm their credentials as a mandatory requirement. Through the control panel, the attackers can request email address, bank card number, and other sensitive data in real time. This information can be used to attack other accounts of the victim. For example, they could attempt to access the victims mailbox with the phished password — after all, people often reuse the same password for many if not all their accounts! Once they get access to email, the attackers can really go to town: for example, change the mailbox password and after a brief analysis of mailbox content request a password reset for all other accounts linked to this address. Options for requesting additional data in the phishing kit control panel How to keep your accounts safe Always use Kaspersky Premium to automatically scan for data leaks affecting your accounts that are linked to email addresses and phone numbers — both yours and your familys. If a breach is detected, follow the apps advice for mitigation (at the very least, change your password right away). If you suddenly receive an OTP, be wary. Someone might be trying to hack you. For details on what to do in this case, see our instructions. Create strong and unique passwords for all your accounts with Kaspersky Password Manager. Scammers cant attack you with OTP bots unless they know your password, so generate complex passwords and store them securely. If you receive a message with a link to enter personal data or an OTP, double-check the URL. A favorite trick of scammers is to direct you to a phishing site by substituting a couple of characters in the address bar. Always take a moment to verify that youre on a legitimate site before entering any sensitive data. By the way, our protection blocks all phishing redirection attempts. Never share your OTPs with anyone or enter them on your phone keypad during a call. Remember that legitimate employees of banks, stores, or services, or even law enforcement officers will never ask for your OTP. Stay ahead of the game. Subscribe to our blog to make your life in cyberspace more secure.

image for A Look at the Riskie ...

 Feed

VoIP gear, hypervisors, medical equipment, building automation, printers, and more pose broad risk to organizations, with many facing danger from a combo of IT, IoT, and OT all at once. This listicle breaks it down.

 Feed

Google's American Fuzzy Lop is a brute-force fuzzer coupled with an exceedingly simple but rock-solid instrumentation-guided genetic algorithm. afl++ is a superior fork to Google's afl. It has more speed, more and better mutations, more and better instrumentation, custom module support, etc.

 Feed

Ubuntu Security Notice 6821-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6820-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6819-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. Chenyuan Yang discovered that the RDS Protocol   show more ...

implementation in the Linux kernel contained an out-of-bounds read vulnerability. An attacker could use this to possibly cause a denial of service.

 Feed

Ubuntu Security Notice 6818-1 - Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service. It was discovered that the Intel Data Streaming and Intel   show more ...

Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6817-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom   show more ...

FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6816-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Zheng Wang discovered that the Broadcom   show more ...

FullMAC WLAN driver in the Linux kernel contained a race condition during device removal, leading to a use- after-free vulnerability. A physically proximate attacker could possibly use this to cause a denial of service.

 Feed

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and vaccine development, and the aviation sector, expanding beyond their initial focus of government

 Feed

Staying Sharp: Cybersecurity CPEs Explained Perhaps even more so than in other professional domains, cybersecurity professionals constantly face new threats. To ensure you stay on top of your game, many certification programs require earning Continuing Professional Education (CPE) credits. CPEs are essentially units of measurement used to quantify the time and effort professionals spend on

 Feed

Microsoft is warning about the potential abuse of Azure Service Tags by malicious actors to forge requests from a trusted service and get around firewall rules, thereby allowing them to gain unauthorized access to cloud resources. "This case does highlight an inherent risk in using service tags as a single mechanism for vetting incoming network traffic," the Microsoft Security Response Center (

 Feed

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People’s Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs," Google Threat Analysis Group (TAG) researcher Billy Leonard said in the company's quarterly bulletin

 Feed

Cybersecurity researchers have spotted a phishing attack distributing the More_eggs malware by masquerading it as a resume, a technique originally detected more than two years ago. The attack, which was unsuccessful, targeted an unnamed company in the industrial services industry in May 2024, Canadian cybersecurity firm eSentire disclosed last week. "Specifically, the targeted individual was a

2024-06
Aggregator history
Monday, June 10
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust