Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cybersecurity Alert: ...

 Firewall Daily

The Handala hacker group has claimed responsibility for breaching Zerto, an Israeli firm specializing in critical cybersecurity services. The Zerto cyberattack reportedly yielded a substantial 51 terabytes of data, potentially exposing sensitive information integral to Zerto's operations. Zerto is renowned for its   show more ...

pivotal role in disaster recovery synchronization and site recovery, providing essential services utilized by numerous global enterprises. The cyberattack on Zerto by Handala, a group sympathetic to Palestinian causes and named after a symbol of Palestinian resilience, highlights the increasing intersection of geopolitical tensions and cybersecurity threats. Handala Hacker Group Claims Responsibility for Zerto Cyberattack [caption id="attachment_78661" align="alignnone" width="1280"] Source: X[/caption] According to the threat actor's post, Handala hacker group claims that they have targeted Zerto and also shared multiple screenshots on dashboards associated with the cybersecurity company. The group, previously claimed cyberattack on Israel’s radars and allegedly took down Iron Dome missile defense systems. The Handala hacker group draws its inspiration from the iconic figure created by Palestinian cartoonist Naji al-Ali. The character, depicted as a ten-year-old with hands clasped behind his back, symbolizes defiance against imposed solutions and solidarity with the marginalized Palestinian population. Since al-Ali's tragic assassination in 1987, Handala has remained a potent symbol of Palestinian identity, prominently displayed across the West Bank, Gaza, and Palestinian refugee camps. The cyberattack on Zerto marks another chapter in Handala's campaign, aligning their actions with broader movements supporting Palestinian rights globally. The group's activities have resonated within these movements, akin to its adoption by the Boycott, Divestment, and Sanctions movement and the Iranian Green Movement. Despite the bold claims by the Handala hacker group, official confirmation from Israeli authorities regarding the extent and impact of the cyberattack is pending. However, security experts within Israel have expressed concerns over the plausibility of Iranian involvement in cyber operations targeting critical Israeli infrastructure. The Implication of Cyberattack on Zerto The Cyber Express reached out to Handala for further insights into their motives and objectives behind the Zerto cyberattack. As of the latest update, no formal response has been received, leaving the claims and motivations of the attack unverified. The incident highlights the ongoing cybersecurity challenges faced by firms operating in sensitive sectors, exacerbated by geopolitical tensions and sophisticated cyber threats. The implications of the Zerto breach are profound, highlighting vulnerabilities in cybersecurity defenses and the need for robust measures to protect critical infrastructure. As stakeholders await further developments, The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged Zerto cyberattack or any official confirmation from the organization.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for From Childhood Chall ...

 Firewall Daily

Yana Li, Director of IT & Platform Security at WebBeds, embodies resilience, determination, and a passion for cybersecurity that has propelled her from a challenging childhood to a leadership role in one of the most critical sectors of IT. Recently honored for her contributions at the World CyberCon Meta Edition,   show more ...

Yana's path to cybersecurity wasn't straightforward. In a candid interview with The Cyber Express (TCE), Yana reflects on her journey, the challenges she faced, and her unwavering commitment to empowering women in cybersecurity. Early Challenges and Discovering Passion Yana's childhood was marked by financial hardship and the absence of familial support. Emerging from a modest upbringing in Russia, she navigated childhood challenges with an independent spirit and unwavering resolve. Opportunities are to be seized," Yana reflects, recalling how she secured a full scholarship for Computer Science and Engineering studies in the United States, setting the stage for her remarkable journey through the realms of IT and cybersecurity. Her career trajectory initially flourished in technical support and project management, roles that equipped her with a profound understanding of IT infrastructures. However, it was a pivotal security project that ignited Yana's passion for cybersecurity. "It's not merely a project," she realized; "it opens doors to a whole new world." This revelation spurred her to further her education, including a transformative semester at Harvard focused on cybersecurity, where she engaged with industry leaders and broadened her expertise significantly. Yana Li Breaking Barriers in a Male-Dominated Field Entering the IT field in 2013, particularly in Russia, Yana confronted a stark reality of gender disparity. The industry was predominantly male, and discouragement was a constant companion. "They tried to tell you that you don't have it," Yana recalls, referring to the discouragement she faced early in her career. Despite these obstacles, Yana persevered, buoyed by a growing network of supportive communities and initiatives aimed at empowering women in cybersecurity. "There's so much support now," she emphasizes, citing numerous organizations and communities dedicated to mentoring and guiding aspiring female professionals. Championing Diversity and Mentorship Reflecting on her journey, Yana is keenly aware of the importance of mentorship and advocacy. As an ambassador for Google's Women Techmakers initiative, she actively champions diversity and inclusivity in tech fields. "I want to be the person I needed when I was younger," she affirms, emphasizing the need for aspiring professionals to believe in their capabilities and seek out mentors who can offer guidance and support. Her message resonates deeply: "If your dreams don't scare you, they're not big enough." Yana emphasizes the importance of seeking mentorship, leveraging community resources, and believing in the limitless potential within oneself. In addressing the persistent gender gap in cybersecurity, Yana stresses the abundance of resources available today. From women-focused cybersecurity councils to mentorship programs offered by tech giants like Amazon, Google, and Microsoft, opportunities for growth and support abound. "Don't be shy," she encourages, urging women to leverage these resources and reach out for assistance when needed. "We've all been there," she reassures, highlighting the collective experience and solidarity within the community. "Just ask for help and believe that anything is possible." Advice for Aspiring Women in Cybersecurity Looking ahead, Yana remains optimistic about the future of cybersecurity and the role women will play in shaping its landscape. With increasing awareness and concerted efforts to foster diversity, she believes the field is ripe for innovation and transformation. "Anything in this world is possible," she asserts, a testament to her own journey and the limitless potential she sees in aspiring cybersecurity professionals. In conclusion, Yana Li's story is not just one of personal triumph but a testament to the transformative power of passion and perseverance in cybersecurity. As women continue to carve out their place in this critical field, Yana stands as a role model, advocating for inclusivity, empowerment, and excellence. Her journey reminds us that with dedication and support, barriers can be overcome, and dreams can be realized. For those embarking on similar paths, Yana's story offers guidance, encouragement, and a steadfast belief in the limitless possibilities within cybersecurity.

image for Weekly Vulnerability ...

 Cybersecurity News

Cyble Research & Intelligence Labs (CRIL) last week analyzed 154 vulnerabilities in its weekly vulnerability report, including critical flaws in products from the likes of Microsoft, VMware, Veeam and ASUS. A whopping 126 of the vulnerabilities occurred in Siemens industrial control systems (ICS) products,   show more ...

potentially putting critical manufacturing infrastructure at risk. About 25,000 new security vulnerabilities are discovered each year, yet only a small percentage of those are actively exploited by threat actors. To help security teams focus on the most important vulnerabilities and threats, The Cyber Express is collaborating with Cyble’s highly skilled dark web and threat intelligence researchers to highlight security vulnerabilities that warrant particularly close attention. The Week’s Top Vulnerabilities Cyble’s weekly report focused on 9 of the vulnerabilities in particular; they are: CVE-2024-37079, CVE-2024-37080 and CVE-2024-37081: VMware Impact Analysis: These critical and high severity heap-overflow and privilege escalation vulnerabilities impact the VMware vCenter Server, a central management platform for VMware vSphere, enabling the management of virtual machines and ESXi hosts. With the global usage of the impacted product and the history of leveraging flaws impacting vCenter, there is strong potential for threat actors (Tas) to leverage these critical vulnerabilities also. Internet Exposure: Yes Available Patch? Yes CVE-2024-3080: ASUS Router Bypass Impact Analysis: This critical authentication bypass vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to log in to the device. Recently, the Taiwan Computer Emergency Response Team informed users about the vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes CVE-2024-3912: ASUS Arbitrary Firmware Upload Vulnerability Impact Analysis: This critical arbitrary firmware upload vulnerability impacts certain ASUS router models, allowing unauthenticated remote attackers to execute arbitrary system commands on the device. The Taiwan Computer Emergency Response Team also informed users about this vulnerability and released an advisory with fixes to patch the flaw. Internet Exposure: Yes Patch Available? Yes CVE-2024-29855: Veeam Recovery Orchestrator Impact Analysis: This critical authentication bypass vulnerability impacts the Veeam Recovery Orchestrator. The recovery solution extends the capabilities of the Veeam Data Platform by automating recovery processes and providing comprehensive reporting and testing features. The availability of a recent publicly available proof-of-concept (PoC) exploit for this vulnerability elevates the risk of exploitation in attacks by TAs. Internet Exposure: No Patch Available? Yes CVE-2024-30103: Microsoft Outlook RCE Vulnerability Impact Analysis: This high-severity remote code execution (RCE) vulnerability impacts Microsoft Outlook. Since the zero-click RCE flaw can be exploited simply by opening and previewing an email that contains a malicious payload in the body of the email, requiring no further interaction from the user, there are high possibilities for the weaponization of the vulnerability by TAs in targeting government and private entities. Internet Exposure: No Patch Available? Yes CVE-2024-30078: Windows Wi-Fi Driver RCE Vulnerability Impact Analysis: This high severity remote code execution (RCE) vulnerability impacts Windows Wi-Fi Driver. With the wide usage of Windows devices around the world and the ability to exploit without the need for any user interaction, TAs can leverage the flaw to gain initial access to the devices and later install malware and exfiltrate user data. Internet Exposure: No Patch Available? Yes CVE-2024-37051: JetBrains GitHub Plugin Vulnerability Impact Analysis: This critical vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform affects all IntelliJ-based IDEs, leading to the exposure of GitHub access tokens. TAs can leverage the vulnerability by using exposed tokens to gain unauthorized access to user GitHub accounts and repositories and possibly deploy malicious code or delete the repositories. Internet Exposure: No Patch Available? Yes CISA Adds 5 Vulnerabilities to KEV Catalog Five of the vulnerabilities in the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-32896, an Android Pixel vulnerability with a 7.8 CVSSv3 criticality score CVE-2024-26169, a Microsoft Windows error reporting service elevation of privilege vulnerability with a 7.8 criticality rating CVE-2024-4358, a Progress Telerik Report Server vulnerability with a 9.8 rating CVE-2024-4610, an Arm Mali GPU Kernel Driver vulnerability with a 5.5 rating CVE-2024-4577, a PHP remote code execution flaw, a 9.8 vulnerability that Cyble addressed in last week’s report The full Cyble report available for clients covers all these vulnerabilities, along with details and discussion around exploits found on the dark web, industrial control system (ICS) vulnerability intelligence, and cybersecurity defenses. Cyble security analysts also conducted scans of customer environments to alert them of any exposures – and found more than 2 million exposures to 13 of the vulnerabilities. Stay ahead of cyber threats with the Weekly Vulnerability Intelligence Report by Cyble, brought to you by The Cyber Express. Subscribe now for the latest insights powered by Cyble's advanced AI-driven threat intelligence.

image for TCE Cyberwatch: Your ...

 Cybersecurity News

In today's digital age, staying informed about the latest developments in cybersecurity is crucial. Cyber threats are constantly evolving, and staying ahead of these challenges requires up-to-date knowledge and proactive measures. TCE Cyberwatch is here to provide you with a comprehensive weekly roundup of the   show more ...

most significant cybersecurity news, trends, and insights. Each week, we delve into the latest breaches, emerging threats, advancements in security technology, and critical updates from the cybersecurity world. Whether it's a major data breach affecting millions, a new vulnerability discovered in popular software, or innovative strategies to enhance your defenses, TCE Cyberwatch covers it all. Read on and find out what was the most relevant news in the world of cybersecurity this week. TCE Cyberwatch: A Weekly Round Up CISA Issues Urgent Advisories to Patch Critical Flaws in Industrial Control Systems The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued 20 advisories to address vulnerabilities in Industrial Control Systems (ICS). These advisories offer detailed technical information and mitigation strategies for various ICS components. Key vulnerabilities include CVE-2024-33500 in Siemens Mendix Applications, which poses remote exploitation risks due to improper privilege management, and issues in Siemens SIMATIC S7-200 SMART devices that can lead to denial-of-service attacks. Additional affected systems include Siemens TIA Administrator, SCALANCE devices, Fuji Electric’s Tellus Lite, and Rockwell Automation’s FactoryTalk View SE. CISA stresses the importance of timely updates, network access restrictions, and strict adherence to security protocols. Although no public exploits have been identified, CISA recommends proactive measures such as network segmentation and secure remote access to bolster ICS resilience against cyber threats. Read More Microsoft Vows Security Overhaul After U.S. Report Microsoft has faced severe criticism over its cybersecurity measures, highlighted by a U.S. Cyber Safety Review Board (CSRB) report detailing multiple security failures. These failures include a July 2023 attack by Chinese actors on senior U.S. officials' email accounts. Despite pledges to prioritize security, issues have been compounded by the flawed rollout of the Windows Recall feature. In a House Committee hearing, Microsoft President Brad Smith acknowledged these failings, accepted responsibility, and outlined plans for improvement. These measures include integrating security into executive bonuses and employee reviews, adding 1,600 security engineers, and expanding senior-level oversight. Microsoft is also addressing all CSRB recommendations and enhancing identity protection, network security, and threat detection. Smith emphasized the ongoing battle against cyberattacks, noting that Microsoft detects nearly 4,000 password-based attacks per second. Read More Over 300 Fake Paris 2024 Sites Target Olympic Ticket Buyers As the Paris 2024 Summer Olympics approach, security researchers and officials have identified over 300 fraudulent ticketing sites exploiting legitimate Olympics branding to scam users. One notable site, paris24tickets[.]com, appeared professional and ranked highly in Google search results, misleading users into providing personal and financial information. Proofpoint researchers exposed this site as entirely fraudulent, collecting sensitive data instead of processing ticket orders. The French Gendarmerie Nationale has identified 338 scam sites since March 2023, shutting down 51 and putting 140 on notice. Scammers use ads and targeted emails to attract victims, often offering fake discounts. Captain Etienne Lestrelin advises against buying tickets outside official sources, warning that excessively cheap tickets are likely scams and could involve buyers in criminal activities. Read More Tesla's $45 Billion Payout: Court Battle Looms Over Coercion Claims Tesla's efforts to reinstate Elon Musk's $45 billion pay package continue to face legal challenges despite shareholder support. The package was nullified by a Delaware judge due to concerns over board independence. Tesla's chair plans to resubmit the deal to the court, but plaintiffs argue the vote was coerced and legally flawed. Richard Tornetta's lawyer, representing the plaintiffs, claims the new vote does not address the initial issues. Legal experts predict ongoing court battles in Delaware, with possible appeals to the state’s supreme court. They also highlight potential coercion by Musk, who threatened to develop AI and robotics outside Tesla if the vote failed. Future pay deals will be governed by Texas law following Tesla's incorporation move, but existing litigation remains in Delaware. Read More MFA Failure Exposes Millions: Medibank Fined for Massive Data Breach A lack of multi-factor authentication (MFA) likely caused the Medibank data breach, exposing the personal data of 9.7 million customers in October 2022. The Australian Information Commissioner’s report revealed that hackers stole an IT service desk operator’s credentials via malware on a home device. The compromised VPN lacked MFA, allowing unauthorized access. Ignored security alerts further enabled the attackers to extract 520GB of sensitive data. Medibank's inadequate cybersecurity measures, highlighted in a 2020 risk assessment, included excessive access privileges and the absence of MFA. This negligence led to legal action by Australia's privacy regulator, with potential fines exceeding AU$2 million. Sanctions and arrests followed for the hackers involved. The breach underscores the critical need for MFA, proper alert management, regular security audits, and employee training. Read More META Stealer Ups the Ante: Encrypted Builds, Custom Stubs in v5.0 Update META Stealer v5.0 has launched, introducing advanced features and heightened security for this information-stealing malware. Key improvements include TLS encryption for secure communication between the build and the control panel, similar to updates seen in other top stealers like Lumma and Vidar. The update also offers a new build system for generating unique builds, supported by a "Stub token" currency for creating Runtime stubs, enhancing customization. The "Crypt build" option encrypts builds to evade detection during scans, significantly boosting stealth capabilities. Additionally, the panel's security and licensing systems have been upgraded to minimize disruptions. While previous updates, such as version 4.3 in February 2023, introduced features like enhanced detection cleaning and Telegram integration for build creation, version 5.0 focuses on individualized security and continuous improvement. Read More In this week's edition of TCE Cyberwatch, we've covered critical cybersecurity updates, from CISA's advisories on industrial control systems to Microsoft's pledges for security improvements and the exposure of fraudulent Olympic ticketing sites. As cyber threats continue to evolve, staying informed and proactive is essential. By keeping abreast of the latest news and trends, you can better protect your digital assets and stay ahead in the ongoing battle against cyberattacks. Stay vigilant and informed with TCE Cyberwatch.

image for Allcargo’s ECU Wor ...

 Appointments

ECU Worldwide, a global player in Less than Container Load (LCL) consolidation, has appointed Rajneesh Garg as its new Chief Information Officer (CIO). In his new role, Garg will focus on managing and supporting software applications, leading technology transformation initiatives, and ensuring their successful   show more ...

implementation and adoption. He will work closely with the IT group shared services organization and report to Kapil Mahajan, Global CIO of Allcargo Group, from the company's Mumbai headquarters. "I am excited to be a part of ECU Worldwide known for its vision of a digital-first approach to build unmatched customer centricity at a global scale,” said newly appointed CIO, Garg. He added further, “The role gives me an opportunity to leverage my know-how to drive the growth journey of the company led under the leadership of Founder and Chairman Mr. Shashi Kiran Shetty, which is based on sustainability, superior customer experience, and futuristic approach. I look forward to working with the Allcargo Group to contribute to ECU Worldwide's growth journey.” Rajneesh Garg Extensive Background Garg brings over 20 years of leadership experience across various sectors, including banking, insurance, travel, hospitality, manufacturing, energy resources, and retail. Before joining ECU Worldwide, he was Vice President of Information Technology at Capgemini, overseeing regional delivery and growth for consumer products and retail accounts in the Nordic region. Garg holds a postgraduate degree in computer science from Moscow State University in Russia and has also worked in senior leadership roles at Tata Consultancy Services for over two decades. "With his extensive and diversified leadership experience in various sectors, Rajneesh will be instrumental in driving our technology transformation forward. His strategic vision aligns with our efforts to fortify ECU Worldwide's IT division as we pursue our ambitious growth and expansion strategies. We are confident that under Garg's leadership, our IT division will continue to break new ground in offering superior customer experience. We look forward to working with him as we embark on the next phase of growth,’’ said Kapil Mahajan, Global Chief Information Officer, Allcargo Group. Way Forward Founded in 1987, ECU Worldwide is a wholly-owned global subsidiary of Allcargo Logistics. The company is a major player in multi-modal transport and a leader in LCL consolidation. ECU Worldwide operates with a digital-first approach and is supported by leaders with expertise in logistics, data science, and technology. The appointment of Garg as CIO is a significant step for ECU Worldwide. His extensive experience and strategic approach are expected to drive the company’s technology initiatives and support its growth in the global LCL market. Garg's collaboration with the Allcargo Group leadership aims to bring technological advancements and improvements to ECU Worldwide's services and operations.

image for Lindex Group Faces A ...

 Firewall Daily

Lindex Group, an international retail giant specializing in high-quality fashion, has reportedly fallen victim to a data breach. According to claims made by threat actor IntelBroker on dark web forums, the Lindex Group data breach allegedly occurred in June 2024, targeting Lindex Group's internal GitLab. The   show more ...

perpetrator allegedly exploited vulnerabilities stemming from developers storing credentials in their Jira workplace, thereby gaining access to a collection of source code belonging to the company. Lindex Group, which has been a part of the Finnish Stockmann Group since 2007, operates approximately 480 stores across 18 markets, including the Nordic countries, the Baltic states, Central Europe, and the Middle East. With a workforce of around 5,000 employees, the company holds a prominent position in the retail industry, focusing on an omnichannel approach to fashion retailing. Decoding IntelBroker’s Claims of Lindex Group Data Breach [caption id="attachment_78687" align="alignnone" width="1242"] Source: X[/caption] The claims made by IntelBroker on the dark web suggest that the compromised source code of Lindex Group is now accessible through undisclosed channels, although specific details such as the price for access or direct communication channels have not been publicly disclosed. The situation has prompted concerns about the potential impact on Lindex Group's operations and the security of its customers' data. Despite these reports, Lindex Group has yet to issue an official statement or response regarding the alleged breach. The Cyber Express has reached out to the organization to learn more about this the breach claims. However, at the time of this, no official statement or response has been received. Visitors to Lindex Group's website may find it operational without immediate signs of intrusion, suggesting that the attack may have targeted backend systems rather than initiating a more visible front-end assault like a Distributed Denial-of-Service (DDoS) attack or website defacements. IntelBroker Hacking Spree IntelBroker, the solo hacker claiming responsibility for the breach, has a history of similar actions, having previously claimed involvement in cybersecurity incidents affecting other major companies. One notable example includes an alleged data breach targeting Advanced Micro Devices (AMD), a leading semiconductor manufacturer, and Apple was another alleged victim. The incident, disclosed on platforms like BreachForums, involved the exposure of sensitive data, prompting AMD to initiate investigations in collaboration with law enforcement authorities and third-party cybersecurity experts. The situation highlights the persistent nature of hackers like IntelBroker, who continue to exploit vulnerabilities in digital infrastructure for financial gain or malicious intent. For organizations like Lindex Group, the fallout from such breaches can encompass not only financial losses but also reputational damage and regulatory scrutiny. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Jollibee Probes Alle ...

 Cybersecurity News

Jollibee Foods Corporation (JFC), which is the largest fast-food chain operator in Philippines, has launched an investigation for an alleged data breach in its system that may have affected millions of its customers across the globe. The Jollibee probe was initiated after a threat actor claimed responsibility for   show more ...

breaching the systems of the Jollibee Foods Corporation. On June 21, The Cyber Express reported that a notorious attacker, operating under the alias “Sp1d3r”, claimed to have access to the sensitive data of 32 million customers of the fast food chain and offered to sell the database for $40,000 on the dark web. [caption id="attachment_78479" align="alignnone" width="1950"] Source: X[/caption] Details of Jollibee Probe into Cyberattack The Philippines National Privacy Commission (NPC) regulations make it mandatory for organizations in the country to report and inform stakeholders of cybersecurity incidents within 72 hours of discovery. A statement was released on June 22 by Richard Shin, Chief Financial Officer and Corporate Information Officer of JFC, which said that it was addressing “a cybersecurity incident” that reportedly affected the company, “in addition to other subsidiaries”. “The Company is addressing the incident and has implemented its response protocols and deployed enhanced security measures to further protect the Company’s and its subsidiaries’ data against threats. The Company has also launched its investigation on the matter to understand the scope of this incident, and is currently working with the relevant authorities and experts in its investigation,” the statement said. JFC, however, added that its e-commerce platforms and those of its subsidiaries’ brands remained unaffected by the cyberattack and continued to be operational. It added that the safety of data from stakeholders was paramount for the company. “JFC recognizes the value and importance of the confidentiality of personal information of its stakeholders. The Company assures the public of its commitment to prioritize the protection and confidentiality of such personal information, including customer data, by continuously fortifying its defenses against future threats,” the company said. “The Company further assures the public that it continues to monitor and update its security measurements as appropriate under the circumstances, and as may be required by the results of its investigation into this matter,” it added. The fast-food delivery group urged the public to be vigilant and exercise good information security practices, including keeping passwords secure and changing them often. Jollibee’s Cybersecurity Concerns   The alleged data breach of the fast-food chain took place on popular data hack site BreachForums on June 20. The threat actor, “Sp1d3r”, claimed to have carried out a cyberattack and had gained access to the data of 32 million Jollibee customers, including their names, addresses, phone numbers, email addresses and hashed passwords. The hacker also allegedly exfiltrated 600 million rows of data related to food delivery, sales orders, transactions and service details. JFC, meanwhile, is investigating this alleged cyberattack on its brands and subsidiaries, including Greenwich, Red Ribbon, Burger King Philippines, and Highlands Coffee. This is not the first time that Jollibee has faced flak for its cybersecurity measures. In December 2017, JFC had informed of a data breach of its delivery website. The NPC had then warned that the data of 18 million customers was at “a very high risk” of being exposed. After an investigation, the NPC in May 2018 suspended Jollibee’s delivery website due to “serious vulnerabilities.” JFC also took down the delivery websites of its other brands. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Indonesia National D ...

 Cybersecurity News

A ransomware attack on Indonesia's national data center has disrupted official government services. The attack has reportedly affected more than 200 government agencies at national and regional levels, and the threat actors claiming responsibility have demanded a ransom of $8 million for a restoration of these   show more ...

systems. A senior official has reported that the government has refused to pay the ransom, instead focusing on restoring services and trying to identify the attackers. Authorities Have Detected Samples of LockBit 3.0 Ransomware Samuel Abrijani Pangerapan, director general of informatics applications at the Communications and Informatics Ministry, confirmed that essential services like immigration checks at airports had been disrupted. Long lines were formed at affected airports after automated passport machines were rendered useless. While some of these services have been restored, including the government's immigration services, ongoing efforts are aimed at restoring other critical operations, such as investment licensing. Samuel stated, “We have tried our best to carry out recovery while the (National Cyber and Crypto Agency) is currently carrying out forensics.” The National Cyber and Crypto Agency has detected samples of LockBit 3.0 ransomware, a variant known for encrypting victims' data and demanding payment for its release. PT Telkom Indonesia, an Indonesian multinational telecommunications company, is working with domestic and international authorities and leading the efforts to efforts to break the encryption and restore access to the compromised data. Herlan Wijanarko, the company's director of network & IT solutions, confirmed that the attackers had offered a decryption key in exchange for an $8 million ransom. Experts Concerned About Indonesia Government Infrastructure Security Cybersecurity experts warn that the severity of the attack highlights significant vulnerabilities in the government's digital infrastructure and incident response capabilities. Cybersecurity expert Teguh Aprianto described the latest attack as "severe" and notes that it highlights the need for improved infrastructure, manpower, and vendor management to prevent such attacks in the future. Teguh stated, "It shows that the government infrastructure, manpower handling this and the vendors are all problematic." In recent years, Indonesia has faced a series of high-profile cyber attacks, including a ransomware attack on its central bank and a data breach at its largest Islamic lender. The consequences of these attacks can be severe, with victims often forced to pay large sums to regain access to their data. Last year, the LockBit ransomware gang claimed responsibility for an attack on the Bank Syariah Indonesia. Sensitive information of over 15 million individuals had been stolen in the attack, affecting both customers and employees. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Empowering Women in ...

 Features

In a world increasingly dependent on digital infrastructure, the cybersecurity landscape continues to evolve, and so does the role of women in this critical field. Irene Corpuz, a cyber policy expert at the Dubai Electronic Security Center and co-founder and board member of Women in Cyber Security Middle East   show more ...

(WiCSME), shared her insights on effective strategies for encouraging women in cybersecurity and the challenges small businesses face in prioritizing cybersecurity at The World Cybercon META Edition hosted by The Cyber Express in Dubai. Strategies to Encourage Women in Cybersecurity Irene Corpuz believes that collaboration and communication are key to empowering women in cybersecurity. One of the most effective strategies is to collaborate and communicate our objectives and advocacy for increasing and empowering women in cyber," she states. By showcasing women in various roles—from mentors and speakers to leaders—on platforms like conferences, the visibility and success of these women can inspire others to pursue their ambitions in the field. "Seeing other women grow and succeed motivates them to pursue their dreams and careers," Irene emphasizes. She highlights the importance of a supportive community, which acts as a backbone for women in cybersecurity, helping them navigate and thrive in the industry. Trends in Women's Participation in Cybersecurity Reflecting on her journey, Irene observes a positive trend in the participation of women in cybersecurity. When WiCSME was founded in 2018, women made up only 12% of the cybersecurity workforce. However, this number has significantly increased to 25% by last year. This growth is attributed not just to WiCSME but to the collective efforts of various women-in-cyber organizations worldwide. "There’s a continuous growth, and awareness of the importance of diversity and inclusion in cybersecurity is becoming more widespread," Irene notes. This trend signifies a growing recognition of the value that diverse perspectives bring to the cybersecurity industry. Challenges for Small Businesses in Cybersecurity Transitioning the conversation to small businesses, Irene sheds light on the challenges they face in prioritizing cybersecurity. "Small businesses and young entrepreneurs often face constraints in financial resources," she explains. As these businesses focus on growth and expanding their customer base, investing in cybersecurity often becomes a secondary priority. However, Irene stresses the importance of embedding a cybersecurity and awareness culture from the beginning, even if it means taking small steps. "Startups and SMEs need to take baby steps in embedding cybersecurity and awareness culture within their employees," she advises. As these companies mature, their cybersecurity measures should evolve accordingly to build a resilient defense against cyber threats. Conclusion The insights shared by Irene Corpuz underscore the significance of community support and visibility in empowering women in cybersecurity. Furthermore, her perspective on the challenges faced by small businesses highlights the necessity of integrating cybersecurity practices gradually and consistently. As the cybersecurity landscape continues to evolve, the contributions of women and the resilience of small businesses will play a pivotal role in shaping a secure digital future.

image for Crypto Investors Ala ...

 Firewall Daily

Crypto portfolio tracking app Coinstats has found itself at the center of a security breach, impacting approximately 1,590 user wallets. The Coinstats data breach, which occurred on June 22, 2024, has been attributed to a group with alleged ties to North Korea, marking a concerning development for crypto investors.    show more ...

Coinstats swiftly responded to the breach by taking down its application temporarily. This proactive measure was aimed at containing the data breach at Coinstats and preventing further unauthorized access to user data and funds.  The affected wallets, constituting about 1.3% of all Coinstats wallets, were primarily those created directly within the app. Fortunately, wallets connected to external exchanges and platforms remained unaffected, providing some relief amidst the security scare. Understanding the Coinstats Data Breach  [caption id="attachment_78679" align="alignnone" width="733"] Source: Coinstats on X[/caption] In a public statement addressing the breach, Coinstats reassured its user base that the incident has been mitigated, and immediate steps have been taken to secure the platform. Users whose wallet addresses were compromised were advised to take action by transferring their funds using exported private keys. A spreadsheet link was provided for users to check if their wallets were among those affected. CEO Narek Gevorgyan highlighted the seriousness of the situation, acknowledging the challenges posed by the Coinstats cyberattack while emphasizing Coinstats' commitment to restoring normal operations swiftly and securely. Gevorgyan outlined that comprehensive security measures were being implemented during the restoration process to fortify the platform against future vulnerabilities. "We're actively working to bring the app back online as quickly as possible. Thank you for your patience," stated Gevorgyan in an update shared via Coinstats' official channels. North Korea-linked Hackers Behind the Data Breach at Coinstats The revelation of North Korea-linked hackers being behind the breach adds a geopolitical dimension to the Coinstats data breach incident, highlighting the global reach and sophisticated tactics employed by cyber threat actors targeting digital assets and platforms. This aspect of the breach highlights the need for heightened cybersecurity measures across the cryptocurrency sector. In a similar case, another crypto firm, BtcTurk faced a cyberattack on its hot wallets on June 22, 2024. Binance Binance CEO Richard Teng confirmed this attack, pledging ongoing support for BtcTurk's investigation. Cryptocurrency investigator ZachXBT hinted at a possible link between the breach and a $54 million Avalanche transfer.  Coinstats users have been urged to remain vigilant and monitor their accounts closely for any unauthorized transactions or suspicious activities. The company assured its users that it is actively investigating the extent of funds moved during the breach and pledged to provide updates as new information becomes available. In response to the breach, regulatory bodies and industry stakeholders may scrutinize Coinstats' security practices and response protocols. The outcome of such scrutiny could influence future cybersecurity standards within the cryptocurrency industry, potentially leading to more stringent requirements for platform security and user protection.

image for Millions of American ...

 Cybersecurity News

UnitedHealth has, for the first time, detailed the types of medical and patient data stolen in the extensive cyberattack on Change Healthcare (CHC). The company announced that CHC cyberattack notifications will be mailed in July to affected individuals. "CHC plans to mail written letters at the conclusion of data   show more ...

review to affected individuals for whom CHC has a sufficient address. Please note, we may not have sufficient addresses for all affected individuals. The mailing process is expected to begin in late July as CHC completes quality assurance procedures," reads the official statement by Change Healthcare. UnitedHealth issued a data breach notification, revealing that the ransomware attack exposed a "substantial quantity of data" for a "substantial proportion of people in America." During a congressional hearing, UnitedHealth CEO Andrew Witty estimated that "maybe a third" of all Americans' health data was compromised in the attack. Stolen Data Information in CHC Cyberattack The Change Healthcare data breach notification provided a comprehensive overview of the types of information that may have been affected. Although CHC cannot confirm exactly what data was compromised for each individual, the exposed information may include: Contact Information: Names, addresses, dates of birth, phone numbers, and email addresses. Health Insurance Information: Details about primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers. Health Information: Medical record numbers, providers, diagnoses, medicines, test results, images, and details of care and treatment. Billing, Claims, and Payment Information: Claim numbers, account numbers, billing codes, payment card details, financial and banking information, payments made, and balances due. Other Personal Information: Social Security numbers, driver’s license or state ID numbers, and passport numbers. This information may vary for each impacted individual. To date, CHC has not seen full medical histories appear in their data review. "The information that may have been involved will not be the same for every impacted individual. To date, we have not yet seen full medical histories appear in the data review. Also, some of this information may have related to guarantors who paid bills for health care services. A guarantor is the person who paid the bill for health care services," the official statement reads further. Cyberattack on Change Healthcare: What Exactly Happen? The Change Healthcare cyberattack occurred when a cybercriminal gained unauthorized access to the CHC computer system on February 21, 2024. Upon discovering the ransomware deployment, CHC immediately took steps to halt the activity, disconnected and shut down systems to prevent further impact and initiated an investigation. Law enforcement was contacted, and CHC's security team, along with several top cybersecurity experts, worked tirelessly to address the breach and understand its scope. The investigation revealed that a significant amount of data was exfiltrated from CHC’s environment between February 17, 2024, and February 20, 2024. By March 7, 2024, CHC confirmed the data exfiltration and began analyzing the compromised files. On April 22, 2024, CHC publicly confirmed that the impacted data could affect a substantial proportion of the American population. As of June 20, 2024, CHC began notifying customers whose data was identified as compromised. When CHC learned about the activity, CHC immediately began an investigation with support from leading cybersecurity experts and law enforcement. In response to this incident, CHC immediately took action to shut down systems and sever connectivity to prevent further impact," informed Change Healthcare official release "CHC has also reinforced its policies and practices and implemented additional safeguards in an effort to prevent similar incidents from occurring in the future. CHC, along with leading external industry experts, continues to monitor the internet and dark web. What Steps Affected Individuals Can Take While the investigation continues, individuals who suspect their information may have been compromised can take several steps to protect themselves: Enroll in Credit Monitoring and Identity Protection: CHC is offering two years of complimentary credit monitoring and identity protection services. Monitor Statements and Reports: Regularly check explanations of benefits from health plans, statements from healthcare providers, bank and credit card statements, credit reports, and tax returns for any unfamiliar activity. Report Unfamiliar Health Services: If any unauthorized healthcare services are found on an explanation of the benefits statement, contact the health plan or doctor. Alert Financial Institutions: Immediately contact financial institutions or credit card companies if suspicious activity is detected on bank or credit card statements or tax returns. File a Police Report: Contact local law enforcement if you believe you are a victim of a crime. Individuals may also have additional rights depending on their state of residence and should refer to the provided Reference Guide for more information. The ransomware attack on CHC has highlighted significant vulnerabilities in the handling of sensitive health and personal information. As the investigation progresses, affected individuals are urged to stay vigilant and utilize the resources provided to mitigate potential risks.

image for Binance Steps in to ...

 Firewall Daily

Following the massive cyberattack on Turkish cryptocurrency exchange BtcTurk, Binance has joined efforts to investigate the incident and has frozen over $5.3 million in stolen funds. Binance CEO Richard Teng confirmed this intervention on X, sharing operation details. The BtcTurk cyberattack, which occurred on June   show more ...

22, 2024, targeted BtcTurk's hot wallets, exposing vulnerabilities in the exchange's internet-connected software-based crypto wallets. [caption id="attachment_78617" align="alignnone" width="738"] Source: X[/caption] BtcTurk reassured its users in a statement on its website and denoted that most assets stored in cold wallets remained secure, safeguarding the bulk of its users' holdings. Binance CEO Richard Teng stated on X that their team is actively supporting BtcTurk in their investigation and pledged to provide updates as their security teams uncover more information.  Decoding the BtcTurk Cyberattack Cryptocurrency investigator ZachXBT hinted at a potential link between the BtcTurk breach and a $54 million Avalanche transfer. The transfer, involving 1.96 million AVAX to Coinbase and subsequent Bitcoin withdrawals from Binance, coincided suspiciously with the timing of the cyberattack on BtcTurk. [caption id="attachment_78620" align="alignnone" width="755"] Source: X[/caption] Despite the setback, BtcTurk announced plans to gradually restore crypto deposit and withdrawal services once their cybersecurity measures are completed. They emphasized that their financial resilience surpasses the amount lost in the attack, ensuring that user assets remain unaffected. “Our teams have detected that there was a cyber attack on our platform on June 22, 2024, which caused uncontrolled footage to be taken. Only some of the balances in the hot wallets of 10 cryptocurrencies were affected by the cyber attack in question, and our cold wallets, where most of the assets are kept, are safe. BtcTurk's financial strength is well above the amounts affected by this attack, and user assets will not be affected by these losses”, reads the organization's statement.  Mitigation Against the Cyberattack on BtcTurk The BtcTurk cyberattack specifically impacted deposits of various cryptocurrencies, including Bitcoin (BTC), Aave (AAVE), Algorand (ALGO), Ankr (ANKR), Cardano (ADA), Avalanche (AVAX), ApeCoin (APE), Axie Infinity (AXS), Chainlink (LINK), Cosmos (ATOM), Filecoin (FIL), among others, says BtcTurk's. “Our teams are carrying out detailed research on the subject. At the same time, official authorities were contacted. As a precaution, cryptocurrency deposits and withdrawals have been stopped and will be made available for use as soon as our work is completed. You can follow the current status of the transactions on https://status.btcturk.com”, concludes the statement.  As investigations continue, both BtcTurk and Binance are working diligently to mitigate the impact of the cyberattack and strengthen their security protocols to prevent future incidents. Users are encouraged to monitor official channels for updates on the situation. By collaborating and taking swift action, Binance and BtcTurk aim to uphold trust within the cryptocurrency community while enhancing the resilience of their platforms against online threats.

image for The NYSE

 Feed

The settlement between the SEC and the owner of the New York Stock Exchange is a critical reminder of the vulnerabilities within financial institutions' cybersecurity frameworks as well as the importance of regulatory oversight.

 Malware and Vulnerabilities

The Shadowserver Foundation, in collaboration with top security agencies and vendors, detected multiple remote command execution attempts by a Mirai-like botnet. It advised Zyxel NAS owners to actively search for signs of compromise.

 Feed

The Netis MW5360 router has a command injection vulnerability via the password parameter on the login page. The vulnerability stems from improper handling of the "password" parameter within the router's web interface. The router's login page authorization can be bypassed by simply deleting the   show more ...

authorization header, leading to the vulnerability. All router firmware versions up to V1.0.1.3442 are vulnerable. Attackers can inject a command in the password parameter, encoded in base64, to exploit the command injection vulnerability. When exploited, this can lead to unauthorized command execution, potentially allowing the attacker to take control of the router.

 Feed

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

 Feed

Red Hat Security Advisory 2024-4053-03 - An update for python-yaql, openstack-tripleo-heat-templates, and openstack-tripleo-common is now available for Red Hat OpenStack Platform 16.2. Issues addressed include an information leakage vulnerability.

 Feed

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it as Instagram, WhatsApp, and various e-commerce and antivirus apps. "It provides malicious actors with a powerful toolkit for remote administration and control, enabling a range of malicious activities

 Feed

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name RedJuliett, describing it as a cluster that operates Fuzhou, China, to support Beijing's intelligence

 Feed

Learn about critical threats that can impact your organization and the bad actors behind them from Cybersixgill’s threat experts. Each story shines a light on underground activities, the threat actors involved, and why you should care, along with what you can do to mitigate risk.  Cybersecurity professionals are facing unprecedented challenges as they strive to manage increasing workloads

 Feed

Google has developed a new framework called Project Naptime that it says enables a large language model (LLM) to carry out vulnerability research with an aim to improve automated discovery approaches. "The Naptime architecture is centered around the interaction between an AI agent and a target codebase," Google Project Zero researchers Sergei Glazunov and Mark Brand said. "The agent is provided

 Feed

Cybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution. Tracked as CVE-2024-37032, the vulnerability has been codenamed Probllama by cloud security firm Wiz. Following responsible disclosure on May 5, 2024, the issue was addressed in version

2024-06
Aggregator history
Monday, June 24
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust