Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for South Korean ISP Acc ...

 Cybersecurity News

South Korean telecommunications giant KT is under investigation for allegedly hacking the systems of customers who used torrent services such as web hard drives (Webhard), a popular file-sharing service in the country. The scandal, which has been ongoing for nearly five months, has affected an estimated 600,000   show more ...

customers, with the police investigation revealing that KT may have operated a dedicated malware team. Malware Infiltrated Systems of Torrenting Subscribers The incident came to light in May 2020 when numerous web hard drives suddenly stopped working. Users flooded company forums with complaints about unexplained errors. An investigation revealed that malware had infiltrated the "Grid Program," software that enables direct data exchange between users. [caption id="attachment_79121" align="alignnone" width="2800"] Source: mnews.jtbc.co.kr[/caption] The malware, which was designed to interfere with BitTorrent traffic, was allegedly used to monitor and control the internet activities of KT subscribers. The police believe that the motive behind this hacking was to reduce network-related costs, as torrent transfers can be costly for internet service providers. KT, however, claims that it was merely trying to manage traffic on its network to ensure a smooth user experience. KT instead stated that the Webhard services were malicious, however after the the Gyeonggi Southern District Office conducted raids on KT facilities, they believe the ISP may have violated communications and network laws. A police follow-up investigation stated that KT operated a dedicated team responsible for developing, distributing, and operating the malware program. The hacking was traced to  KT's Bundang IDC Center, one of its data centers. Over five months, an estimated 20,000 PCs were infected daily. The malware reportedly created strange folders, made files invisible, and disabled web hard programs. Legal and Ethical Implications KT and Webhard companies have a history of conflict, including lawsuits. While a previous court ruled in KT's favor regarding traffic blocking of grid services, the current situation differs significantly. KT was alleged to have planted malicious code on individual users' PCs without consent or explanation. South Korean legal experts question KT's methods, suggesting the company could have pursued formal procedures through its legal team instead of resorting to hacking. The incident raises serious concerns about privacy, corporate responsibility, and the extent to which internet service providers can control network traffic. The scandal has also raised concerns about the security of KT's customers' data, with many wondering what other sensitive information may have been compromised. The company's CEO has since resigned, and the company's reputation has taken a significant hit. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Dark Web Actor Adver ...

 Firewall Daily

A dark web actor is advertising a zero-day exploit targeting Google Chrome. The exploit specifically targets versions 126.0.6478.126 and 126.0.6478.127 of Google Chrome for Windows, specifically the 21H1 and 21H2 versions. This exploit, which allows for Sandbox escape, was put up for sale by a threat actor identified   show more ...

as 'ctf' on the XSS forum. The threat actor's post on the forum detailed the nature of the exploit, highlighting its capability to execute remote code on affected systems potentially. The asking price for this exploit was set at an exorbitant $1 million, payable in cryptocurrencies like Monero or Bitcoin. Notably, the threat actor did not provide a proof-of-concept demonstration but insisted on dealing through a mutually agreed-upon guarantor or middleman. Dark Web Actor Selling Sandbox Escape Exploit [caption id="attachment_79184" align="alignnone" width="1352"] Source: Dark Web[/caption] Sandbox escape vulnerabilities like these pose a significant risk by allowing malicious actors to break out of the confinement typically imposed by security measures such as sandboxes. Such exploits can enable attackers to execute arbitrary code on a system beyond the restricted environment, thereby potentially compromising sensitive data or even gaining full control over the affected machine. In a separate incident earlier this year, vulnerabilities in the sandboxing mechanism of Judge0, an online code execution system, were also reported. These vulnerabilities, described as critical, could similarly enable attackers to perform sandbox escapes and gain root permissions on the host machine. Tanto Security, an Australian cybersecurity firm, highlighted the severity of these flaws, which could be exploited to achieve a complete system takeover. The Threat of Sandbox Escape Vulnerabilities Judge0, known for facilitating online code execution for various applications including e-learning platforms and code editors, experienced these vulnerabilities due to issues in its sandbox setup scripts. Specifically, flaws in the isolation mechanism allowed attackers to manipulate symbolic links and execute arbitrary code outside the designated sandbox environment. The ongoing emergence of such sandbox escape vulnerabilities highlights the importance of cybersecurity practices and prompt patch management. Organizations and individuals are advised to remain vigilant, apply security updates promptly, and employ defense-in-depth strategies to mitigate the risks posed by such exploits. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Polyfill Supply Chai ...

 Cybersecurity News

Claims, counterclaims, website shutdowns, redirections and DDoS attacks were among the highlights (or lowlights) as news of the Polyfill supply chain attack entered its second day. After Polyfill(.)io was shut down by registrar Namecheap, the allegedly compromised JavaScript CDN service relaunched at Polyfill(.)com,   show more ...

and claimed it had been “maliciously defamed.” Meanwhile, the researchers who first reported the supply chain compromise were hit by a DDoS attack, while many security researchers wondered how such a widely used web component could have been sold to a Chinese company in the first place. Here are the latest developments in the attack, which is potentially the largest-ever digital supply chain attack. While the full extent of malware distributed through the CDN remains unknown, initial estimates were that more than 100,000 websites were using the service. However, in a post on X, Cloudflare CEO Matthew Prince said “Tens of millions of websites (4% of the web) uses Polyfill(.)io. Extremely concerning malware has been discovered impacting any site using Polyfill.” He also said Cloudflare was automatically replacing Polyfill links with its own mirror. [caption id="attachment_79279" align="alignnone" width="400"] Extent of website exposure to Polyfill(.)io (source: X)[/caption] Extent of Polyfill Supply Chain Attack Unknown, But Big Names Among Users Some of the biggest names turning up in a search for cdn(.)polyfill(.)io include Intuit, JSTOR, the World Economic Forum, a Coldwell Banker real estate site, major educational sites like Brandeis University, the technical standards organization ASTM, the Bank of Ireland, Live Nation sites for Spain and the UK, the RAINN anti-sexual violence organization, data management vendor AvePoint, investment company MSCI, industrial network company Moxa, the Environmental Defense Fund, and the Dubai Airports Company. The extent of the Polyfill supply chain attack may be unknown for some time. In February, a Chinese company bought the Polyfill domain and the Github account, and concern about the deal surfaced almost immediately. The Sansec researchers who initially publicly disclosed the threat two days ago noted that since the acquisition, “this domain was caught injecting malware on mobile devices via any site that embeds cdn.polyfill.io. Any complaints were quickly removed from the Github repository.” The researchers said that the polyfill code is dynamically generated based on the HTTP headers, “so multiple attack vectors are likely.” Sansec decoded one particular malware strain that redirects mobile users to a sports betting site using a fake Google analytics domain (googie-anaiytics(.)com). The researchers said they were subsequently hit by a DDoS attack after publishing their initial report. [caption id="attachment_79278" align="alignnone" width="400"] Researchers hit by DDoS attack (source: X)[/caption] Google Started Blocking Ads in Mid-June It’s not clear how long the threat has been known – it is standard practice for threat researchers to wait to reveal their findings until affected parties have had a chance to fix vulnerabilities – but Google has apparently been rejecting ads that link to the googie-anaiytics domain since at least mid-June. In a letter to advertisers, Google cited redirects coming from “a few different third-party web resource providers including Polyfill.io, Bootcss.com, Bootcdn.net, or Staticfile.org” for the rejected ads. Mitigations Set Up By Cloudflare, Fastly To mitigate supply chain risk, Cloudflare released an automatic JavaScript URL rewriting service that will rewrite any link to polyfill.io found in a website proxied by Cloudflare to a link to the company’s mirror under cdnjs. Cloudflare also charged that Polyfill was falsely misusing the Cloudflare name and logo on its website. Fastly – which hosted the CDN for free before it was sold – had also set up an alternative service based on the Polyfill open source project. Developer Andrew Betts, who had created the Polyfill service project, said in an X post at the time of the sale in February that "No website today requires any of the polyfills in the http://polyfill.io library. Most features added to the web platform are quickly adopted by all major browsers, with some exceptions that generally can't be polyfilled anyway, like Web Serial and Web Bluetooth." Polyfill Owner Responds The Polyfill(.)io owners took to X to respond to the malware charges. “Someone has maliciously defamed us,” said a post to the Polyfill_Global account. “We have no supply chain risks because all content is statically cached. Any involvement of third parties could introduce potential risks to your website, but no one would do this as it would be jeopardize  (sic) our own reputation.” [caption id="attachment_79275" align="alignnone" width="400"] Polyfill response (source: X)[/caption] The Cyber Express will continue to update readers as this story evolves.

image for Polyfill Supply Chai ...

 Cybersecurity News

A widespread supply chain attack has hit more than 100,000 websites, including notable platforms like JSTOR, Intuit, and the World Economic Forum. The attack stems from a fake domain impersonating the popular open-source library Polyfill.js, which supports older browsers. In February, the Chinese company Funnull had   show more ...

acquired the domain and GitHub account associated with the project, leading to the injection of malware into sites that embed cdn.polyfill.io. The malicious code is designed to redirect mobile users to sports betting sites or pornographic sites using a fake Google Analytics domain. Malicious Polyfill Injection and Its Impact Researchers stated that the injected malware is dynamically generated based on HTTP headers, making it difficult to detect. The Polyfill injection attack is a classic example of a supply chain attack against a widely used library. [caption id="attachment_79097" align="alignnone" width="2454"] At least 104183 websites might be affected. (Source: publicwww.com)[/caption] The compromised Polyfill code dynamically generates malware based on HTTP headers, potentially utilizing multiple attack vectors. Researchers from Sansec decoded one variant that redirects mobile users to a sports betting site using a fake Google Analytics domain. The malware employs sophisticated techniques and defenses against reverse engineering to evade detection, including:  Activating only on specific mobile devices at certain hours  Avoiding execution when an admin user is detected  Delaying activation when web analytics services are present The attack's scope is significant, with Google already blocking Google Ads for e-commerce sites using polyfill.io. Researchers later reported that their infrastructure had been subjected to DDoS attacks after reporting on the campaign. Mitigation and Recommendations Andrew Betts, the original Polyfill author, took to X to advise against the usage of Polyfill altogether, stating that modern browsers no longer require it. He added that he had no influence over the sale of the project and was never in possession of the new domain, and cautioned that websites that serve third-party scripts are a huge security concern. [caption id="attachment_79101" align="alignnone" width="623"] Source: X.com(@triblondon)[/caption] [caption id="attachment_79102" align="alignnone" width="634"] Source: X.com(@triblondon)[/caption] Experts have set up a domain (polykill.io) to warn against the compromise of the project and have recommend the following steps for website owners: Immediately and remove usage of cdn.polyfill.io from websites and projects. Replace with a secure alternative such as those being offered by Fastly and CloudFlare. Fastly has saved and hosted an earlier version(https://polyfill-fastly.io/) of the project's codebase before its sale to Funnull. The website cautioned of the risks associated with the takeover of the project: "There are many risks associated with allowing an unknown foreign entity to manage and serve JavaScript within your web application. They can quietly observe user traffic, and if malicious intent were taken, they can potentially steal usernames, passwords and credit card information directly as users enter the information in the web browser." CloudFlare had also published its findings and recommendations in response to concerns over the compromise of domains. The company stated in a blog article: The concerns are that any website embedding a link to the original polyfill.io domain, will now be relying on Funnull to maintain and secure the underlying project to avoid the risk of a supply chain attack. Such an attack would occur if the underlying third party is compromised or alters the code being served to end users in nefarious ways, causing, by consequence, all websites using the tool to be compromised." This incident serves as a stark reminder of the security implications of relying on external code libraries/third-party scripts and the importance of vigilance in maintaining website integrity, plus the potential malicious takeover of massively deployed projects. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for OpenAI’s ChatGPT ...

 Compliance

Experts are raising eyebrows after OpenAI announced a one-month delay in the rollout of its highly anticipated “Voice Mode” feature for ChatGPT, citing safety concerns. The company said it needs more time to ensure the model can “detect and refuse certain content.” “We’re improving the model’s ability to   show more ...

detect and refuse certain content. We’re also working on enhancing the user experience and scaling our infrastructure to support millions of users while maintaining real-time responses.” - OpenAI The stalling of the rollout comes a month after OpenAI announced a new safety and security committee that would oversee issues related to the company’s future projects and operations. It is unclear if this postponement was suggested by the committee or by internal stakeholders. Features of ChatGPT’s ‘Voice Mode’ OpenAI unveiled its GPT-4o system in May, boasting significant advancements in human-computer interaction. “GPT-4o (‘o’ for ‘omni’) is a step towards much more natural human-computer interaction,” OpenAI said at the time. The omni model can respond to audio inputs at an average of 320 milliseconds, which is similar to the response time of humans. Other salient features of the “Voice Mode” promise real-time conversations with human-like emotional responses, but this also raises concerns about potential manipulation and the spread of misinformation. The May announcement gave a snippet at the model’s ability to understand nuances like tone, non-verbal cues and background noise, further blurring the lines between human and machine interaction. While OpenAI plans an alpha release for a limited group of paid subscribers in July, the broader rollout remains uncertain. The company emphasizes its commitment to a “high safety and reliability” standard but the exact timeline for wider access hinges on user feedback. The ‘Sky’ of Controversy Surrounding ‘Voice Mode’ The rollout delay of “voice mode” feature of ChatGPT follows the controversy sparked by actress Scarlett Johansson, who accused OpenAI of using her voice without permission in demonstrations of the technology. OpenAI refuted the claim stating the controversial voice of “Sky” - one of the five voice modulation that the Voice Mode offers for responses – belonged to a voice artist and not Johansson. The company said an internal team reviewed the voices it received from over 400 artists, from a product and research perspective, and after careful consideration zeroed on five of them, namely Breeze, Cove, Ember, Juniper and Sky. OpenAI, however, did confirm that its top boss Sam Altman reached out to Johannson to integrate her voice. “On September 11, 2023, Sam spoke with Ms. Johansson and her team to discuss her potential involvement as a sixth voice actor for ChatGPT, along with the other five voices, including Sky. She politely declined the opportunity one week later through her agent.” - OpenAI Altman took a last chance of onboarding the Hollywood star this May, when he again contacted her team to inform the launch of GPT-4o and asked if she might reconsider joining as a future additional voice in ChatGPT. But instead, with the demo version of Sky airing through, Johannson threatened to sue the company for “stealing” her voice. Owing to the pressure from her lawyers, OpenAI removed the Sky voice sample since May 19. “The voice of Sky is not Scarlett Johansson's, and it was never intended to resemble hers. We cast the voice actor behind Sky’s voice before any outreach to Ms. Johansson. Out of respect for Ms. Johansson, we have paused using Sky’s voice in our products. We are sorry to Ms. Johansson that we didn’t communicate better.” – Sam Altman Although the issue seems to have resolved for the time being, this duel between Johannson and Altman brought to the fore the ethical considerations surrounding deepfakes and synthetic media. Likely Delays in Apple AI and OpenAI Partnership Too If the technical issues and the Sky voice mode controversy weren’t enough, adding another layer of complication to OpenAI’s woes is Apple’s recent brush with EU regulators that now casts a shadow over the future of ChatGPT integration into Apple devices. Announced earlier this month, the partnership aimed to leverage OpenAI's technology in Cupertino tech giant’s “Apple Intelligence” system. However, with Apple facing potential regulatory roadblocks under the EU’s Digital Markets Act (DMA), the integration’s fate remains unclear. This confluence of factors – safety concerns, potential for misuse, and regulatory hurdles – paints a complex picture for OpenAI's “Voice Mode.” The cybersecurity and regulatory industry will undoubtedly be watching closely as the technology evolves, with a keen eye on potential security vulnerabilities and the implications for responsible AI development.

image for Scammers Spotted Pro ...

 Cybersecurity News

Scammers are exploiting the buzz around the 2024 Paris Olympics to lure victims into investing in initial coin offerings (ICOs). These scams tend to promise big returns on "Olympic" tokens. The campaigns manufacture hype around such offerings through the use of use fake websites, AI-generated images, and   show more ...

social media campaigns to entice investors.  Olympics Initial Coin Offerings (ICO) Fraud Researchers from Trend Micro uncovered a recent scheme that claimed to offer an official "Olympics Games Token" for sale. The Olympic Games Token ICO website, theolympictoken[.]com, was registered on March 30, 2024, and its website went live a day later.  The website also links to a legitimate Olympics 2024 logo and a countdown to the event, making it seem like a legitimate project. [caption id="attachment_79264" align="alignnone" width="395"] Source: trendmicro.com[/caption] It linked to a "whitepaper" – a document explaining the project's tech and goals. But that link led nowhere useful. Instead of details, it dumped visitors on the official Olympics website. Red flag number one. A Twitter account and Telegram channel pushed followers to buy tokens ASAP. When the original site got shut down, a near-identical one (olympictokensolana[.]com) popped up under a new name. The researchers spotted at least ten other websites using 2024 Olympics-associated branding to lure victims into ICO scams; some of them were shut down shortly after their discovery. Use of AI-Generated Images Olympics in ICO Scams [caption id="attachment_79257" align="alignnone" width="1263"] Source: trendmicro.com[/caption] The researchers remarked that AI-generated images are becoming increasingly common in such ICO scams, as they offer a cost-effective and time-efficient way to create convincing lures. Cybercriminals can use AI to generate text, correct spelling and grammatical errors, and even create sentences in languages they do not speak. [caption id="attachment_79256" align="alignnone" width="384"] Source: trendmicro.com[/caption] The researchers spotted at least three other ICO Olympics scam websites employing the usage of AI-generated imagery for promotion. Spotting Fake ICO Campaigns ICOs have gained significant attention as cryptocurrency continues to be adopted in various industries. While most new tokens lack utility and are simply memecoins, it does not always mean they are scams. Investors should be vigilant and look out for potential scams and rug-pulls. A legitimate ICO should have a proper website and social media presence, a transparent team, an active community, a comprehensive whitepaper, legitimacy of claims, token distribution, smart contract audit, and liquidity management. The researchers have shared the following guidelines to help identify such scams: Proper website and social media presence: The researchers stated that scam sites are often poorly designed or lack active presence on social media. Transparent team: Cross-check the identities and credentials of the teams behind the offering. Anonymity is a red flag. Active community: Genuine projects have engaged followers on platforms like Discord, Twitter or Telegram, which suggests genuine interest and support. Comprehensive whitepaper: A whitepaper that outlines the project's goals, utility, and technical aspects, which demonstrates a thorough understanding of the project's concept and planning. Legitimacy of claims: Claims backed by verifiable evidence, such as partnerships, use cases, and endorsements. Token distribution: Avoid projects with highly concentrated token ownership which might increase the chances of exit scams. Smart contract audit: Audit by reputable third-parties, which identify vulnerabilities. Liquidity management: Liquidity is locked to prevent premature withdrawals and is decentralized among the community, which secures investors' funds. In the case of the Olympic Games Token, the website raised several red flags such as a very low number of token holders and an invalid whitepaper link. Investors and those interested in cryptocurrency should follow adequate precautions to avoid falling victim to such scams. Experts have been monitoring Olympics-related search engine results and social media activity to counter fraudulent ticketing scams and coordinated disinformation campaigns.

image for Data of 93,000 Volun ...

 Cybersecurity News

A threat actor claims to have carried out a cyberattack on India’s National Disaster Management Authority (NDMA). The NDMA is the top statutory body for disaster management in India, with the Prime Minister as its chairperson. The threat actor, operating under the alias “infamous,” has allegedly gained access to   show more ...

personal data of 93,000 volunteers, including their names, age, mobile numbers and other critical records. The hacker is currently selling the data on the dark web for $1,000. Exploring Data Leak Claims of NDMA Volunteers The NDMA was created in 2006. Its primary responsibility is to coordinate response to natural or man-made disasters and for capacity-building in disaster resiliency and crisis response. It is also the apex body for setting policies, plans and guidelines for disaster management to ensure a timely and effective response to disasters. The allegation that NDMA data had been hacked emerged on June 25 on the data leak site BreachForums. The threat actor “infamous” claimed to be in possession of a stolen database, consisting of the Personally Identifiable Information (PII) of NDMA volunteers, including their personal details such as name, title, gender, blood group, date of birth, email, mobile number, ID number, marital status, family contact number, education qualifications, skills, cadre, address, postal code, and the current state of residence. [caption id="attachment_79228" align="alignnone" width="1596"] Source: X[/caption] To substantiate the data breach claim, the threat actor attached sample records, with the latest timestamp of June 2024, while disclosing that the database includes records of 93,000 volunteers. The cyberattacker is asking $1,000 for the entire data set on BreachForums. Despite these claims by the threat actor, a closer inspection reveals that NDMA’s website is currently functioning normally, showing no signs of a security breach. The threat actor has also not provided clarity on the time period when the services of volunteers occurred. The Cyber Express has reached out to NDMA to verify the alleged cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified. NDMA Volunteers Must Stay Vigilant While authorities investigate the data breach claim, NDMA volunteers must be vigilant and take steps to prevent any malicious activities. Cybercriminals usually employ a range of tactics to misuse personal information, perpetuating identity theft and financial fraud. Some prominent techniques include phishing, where hackers trick individuals into revealing their PII by mimicking legitimate entities through fraudulent emails or phone calls. Individuals are also susceptible to identity theft and fraud, where fraudsters use psychological tactics to divulge sensitive information, such as passwords or credit card details. Since the email addresses have also been allegedly leaked, individuals must be vigilant of suspicious messages requesting sensitive information, as well as any unusual activity involving new or existing accounts. Hackers Target 373 Indian Govt Websites in Five Years: Report According to data published by the Indian Government, hackers have repeatedly targeted key websites run by the administration. An article in The Hindustan Times, quoting data from the Ministry of Electronics and Information Technology, said that, “As per the information reported to and tracked by CERT-In (Indian Computer Emergency Response Team), a total number of 110, 54, 59, 42, 50 and 58 website hacking incidents of Central Ministries/Departments and State Government organizations were observed during the years 2018, 2019, 2020, 2021, 2022 and 2023 (up to September).” The report added that some government offices were still using outdated Windows versions in their official computers and laptops, making them vulnerable to cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Exploring Memory Saf ...

 Firewall Daily

In collaboration with the Federal Bureau of Investigation (FBI), Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), and Canadian Cyber Security Center (CCCS), the Cybersecurity and Infrastructure Security Agency (CISA) have released comprehensive guidance aimed at tackling memory safety   show more ...

vulnerabilities within critical open source software (OSS) projects. This initiative highlights the importance of mitigating risks associated with memory safety, as outlined in "The Case for Memory Safe Roadmaps". Understanding Memory Safety Vulnerabilities with The Case for Memory Safe Roadmaps Memory safety vulnerabilities pose threats to software integrity and security, leading to costly consequences such as frequent patching and incident responses. Recognizing these challenges, CISA advocates for the adoption of memory-safe roadmaps by software manufacturers. These roadmaps are designed to address memory safety concerns, particularly in external dependencies, which often include OSS components. The joint report by CISA, FBI, ACSC, and CCCS analyzed 172 critical OSS projects to assess their vulnerability to memory safety risks. The findings reveal that a substantial proportion of these projects are written in memory-unsafe languages, with 52% of projects containing such code. Even more strikingly, memory-unsafe languages account for 55% of the total lines of code across all projects studied. The report highlights that many of the largest OSS projects, critical to global digital infrastructure, rely heavily on memory-unsafe languages. For instance, among the ten largest projects analyzed, the median proportion of memory-unsafe code is 62.5%, highligheting the pervasive nature of this issue even in prominent software initiatives. Implications and Industry Response Despite efforts to promote memory-safe programming languages like Rust, the analysis found that projects purportedly written in memory-safe languages often incorporate dependencies that are still coded in memory-unsafe languages. This interdependence highlights the complexity of achieving comprehensive memory safety across complex software ecosystems. In response to these findings, CISA is urging organizations and software manufacturers to take several proactive steps. One key recommendation is to prioritize efforts aimed at mitigating memory safety vulnerabilities in open-source software (OSS). By addressing these vulnerabilities, organizations can bolster the overall security posture of their software environments. Additionally, CISA emphasizes the importance of informed decision-making when it comes to software dependencies. Organizations are encouraged to carefully evaluate and select software based on considerations of memory safety. This strategic approach can help mitigate risks associated with potential vulnerabilities in OSS. Furthermore, CISA calls for collaboration with the OSS community to advance the adoption of memory-safe practices and languages. By working together, industry stakeholders can contribute to the development and implementation of more secure software solutions.

image for More than $250M Seiz ...

 Cyber Essentials

A coordinated international police operation led by Interpol has resulted in the disruption of global online scam networks that carried out phishing, investment fraud, romance and impersonation scams and operated fake online shopping sites. The global operation, codenamed “First Light,” led to the seizure of   show more ...

assets amounting to $257 million and froze more than 6,700 bank accounts linked to the online scam syndicates. Under the banner of Operation First Light 2024, the police also arrested a total of 3,950 suspects and identified another 14,643 as likely members of the global online scam syndicates. “By confiscating such large amounts of money, and disrupting the networks behind them, we not only safeguard our communities but also deal a significant blow to the transnational organized crime groups that pose such a serious threat to global security.” - Director of Interpol’s Financial Crime and Anti-Corruption Centre (IFCACC), Dr Isaac Kehinde Oginni Global Online Scam Crackdown Impact The impact of this police operation against global online scam is “more than just numbers – they represent lives protected, crimes prevented, and a healthier global economy worldwide,” Oginni said. Interpol’s Global Rapid Intervention of Payments (I-GRIP) mechanism traced and intercepted the illicit proceeds from online scams across borders in both, fiat currency cash ($135 million) and cryptocurrency ($2 million). An example of this interception was a business email compromise fraud that involved a Spanish citizen who unwittingly transferred $331,000 to Hong Kong, China, the Interpol said. In another case, the Australian authorities successfully recovered AU$ 5.5 million (approximately $3.7 million) for an impersonation scam victim, after the online scammers fraudulently transferred the funds to Malaysia and Hong Kong-based bank accounts. The global nature of online scams was underscored by the operation’s diverse participants. From rescuing 88 young people forced to work in a Namibian scam ring to preventing a tech support scam targeting a senior citizen in Singapore, Operation First Light 2024 showcased the importance of international cooperation. Operations of First Light have been coordinated since 2014 and are designed to fight social engineering and telecom fraud. The operation is funded by China’s Ministry of Public Security and coordinated by Interpol. [caption id="attachment_79238" align="aligncenter" width="1024"] Operation First Light conclusion meeting in Tianjin, China (Source: Interpol)[/caption] In 2022, First Light saw a coordinated effort between law enforcement of 76 countries that resulted in the seizure of $50 million worth of illicit funds that was defrauded from more than 24,000 victims. “The world is grappling with the severe challenges of social engineering fraud, and organized crime groups are operating from Southeast Asia to the Middle East and Africa, with victims on every continent,” Oginni said. “No country is immune to this type of crime, and combating it requires very strong international cooperation.” - Dr Isaac Kehinde Oginni Investment and Phishing Scams Top Threats to U.S. According to FBI's Internet Crime report (IC3), Investment scams led to the highest reported losses in the United Stated last year. Totaling $4.57 billion, investment scams saw a 38% increase from 2022. Crypto-investment fraud also rose 53% to $3.94 billion. Scammers mainly targeted individuals aged 30-49 in these scam types. Phishing schemes, on the other hand, were the most reported crime in 2023, with over 298,000 complaints, comprising 34% of all complaints received. In the FBI San Francisco division, there were 364 complaints with nearly $1.5 million in losses. Santa Clara County had the most complaints, while Alameda County had the highest losses at $500,000.

image for Critical SQL Injecti ...

 Firewall Daily

A critical security flaw has been reported in Fortra FileCatalyst Workflow, a widely used platform designed for efficient file exchange and collaboration within private cloud environments. This vulnerability, identified as CVE-2024-5276, allows remote attackers to exploit SQL injection to potentially create   show more ...

unauthorized administrative accounts and manipulate the application's database. Fortra FileCatalyst Workflow serves as a pivotal tool for organizations requiring rapid and secure data transfers across large file sizes. It facilitates seamless collaboration in secure, private cloud spaces, making it indispensable for many businesses globally. Understanding Fortra FileCatalyst Workflow Vulnerability  [caption id="attachment_79207" align="alignnone" width="1382"] Source: Fortra[/caption] Tenable researchers discovered Fortra FileCatalyst Workflow vulnerability or CVE-2024-5276 on June 18, 2024, marking it as a critical vulnerability due to its potential impact. This flaw affects versions up to and including FileCatalyst Workflow 5.1.6 Build 135. The vulnerability arises from improper input validation within the application's handling of SQL queries, specifically through the 'jobID' parameter in various URL endpoints. Exploitation of this flaw can allow attackers to inject malicious SQL code, thereby gaining unauthorized access to the system. Fortra promptly addressed the issue following Tenable's responsible disclosure. In their security bulletin, Fortra clarified that while the vulnerability allows for the creation of admin users and manipulation of data, it does not facilitate data theft directly. They have released a fix in FileCatalyst Workflow version 5.1.6 Build 139, which patches the vulnerability and is strongly recommended for all users. Mitigation and Upgrade Steps Users of affected versions (up to Build 135) are advised to upgrade immediately to the patched version (Build 139) to mitigate the risk of exploitation. For those unable to upgrade immediately, disabling anonymous access on the Workflow system can reduce exposure to potential attacks leveraging CVE-2024-5276. As of the latest reports, there have been no documented cases of CVE-2024-5276 being actively exploited. However, given the severity of the vulnerability and the availability of exploit details, organizations are urged to prioritize updates to safeguard their systems against potential threats. The identification and swift response to CVE-2024-5276 highlight the critical importance of proactive security measures in maintaining the integrity and confidentiality of organizational data. Fortra's proactive approach in releasing a patch highlights the rise of vulnerabilities within internet devices and the security of user data. For more information on CVE-2024-5276 and to download the latest patched version of FileCatalyst Workflow, visit the official Fortra FileCatalyst Workflow website.

image for Evolve Bank Confirms ...

 Cybersecurity News

Evolve Bank & Trust disclosed that it has been the target of a cybersecurity incident. In a statement, the bank confirmed that customers' personal information had been illegally obtained and released on the dark web by cybercriminals. This Evolve Bank data breach affected both retail bank customers and the   show more ...

customers of Evolve’s financial technology partners. The Evolve Bank data breach involved a known cybercriminal organization that illegally obtained and published sensitive information. The stolen data includes Personal Identification Information (PII) such as names, Social Security Numbers, dates of birth, account details, and other personal information. "Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users)," reads the official statement. Evolve Bank & Trust has confirmed that its debit cards, and online, and digital banking credentials have not been compromised in the incident and remain secure. "Evolve has engaged the appropriate law enforcement authorities to aid in our investigation and response efforts. Based on what our investigation has found and what we know at this time, we are confident this incident has been contained and there is no ongoing threat," reads the official statement. Details of the Evolve Bank Data Breach There were reports that the Russian hacker group LockBit was responsible for the ransomware attack and data breach at Evolve Bank. LockBit had claimed to possess Federal Reserve data and, when their demands were not met, released approximately 33 terabytes of data from Evolve's systems. The group had allegedly touted their cache of Federal Reserve data, which was used to pressure the bank into meeting their demands. In response to the reports surfacing about the Evolve data breach, Evolve Bank & Trust is actively informing affected individuals about the breach. The bank has started reaching out to impacted customers and financial technology partners' customers through emails sent from notifications@getevolved.com. The communication includes detailed instructions on how to enroll in complimentary credit monitoring and identity theft detection services. Steps Taken by Evolve Bank & Trust The bank is undertaking a comprehensive response to this incident, which includes: Engagement with Law Enforcement: Evolve has involved appropriate law enforcement authorities to aid in the investigation and response efforts. Customer Communication: Direct communication with affected customers and financial technology partners' customers is ongoing to ensure they are informed and can take necessary protective measures. Credit Monitoring Services: Impacted individuals are being offered complimentary credit monitoring and identity theft detection services. Continuous Monitoring: Evolve is closely monitoring the situation and will provide updates as necessary to keep customers informed. Recommendations for Affected Customers Evolve Bank & Trust advises all retail banking customers and financial technology partners' customers to remain vigilant by: Monitoring Account Activity: Regularly check bank accounts and report any suspicious activity immediately. Credit Report Checks: Set up free fraud alerts with nationwide credit bureaus—Equifax, Experian, and TransUnion. Customers can also request and review their free credit report through Freecreditreport.com. Reporting Suspicious Activity: Contact the bank immediately if any fraudulent or suspicious activity is detected. Additionally, individuals can file a report with the Federal Trade Commission (FTC) or law enforcement authorities if they suspect identity theft or fraud. Recently, Evolve received an enforcement action from its primary regulator, the Federal Reserve Board, highlighting deficiencies in the bank's IT practices and requiring a plan and timetable to correct these issues. This breach highlights the importance of addressing these security concerns promptly. Evolve Bank & Trust is known for its partnerships with several high-profile fintech companies, including Mercury, Stripe, Affirm, Airwallex, Alloy, Bond (now part of FIS), Branch, Dave, EarnIn, and TabaPay. The bank has also worked with Wise and Rho in the past, though both have since migrated to other banking partners.

image for Crypto Scammers Hija ...

 Deepfake

Crypto scammers hijacked Channel 7 News Australia's YouTube account to run a live stream of an Elon Musk deepfake on loop. The AI-generated version of the business tycoon was seen luring users to scan a QR code and invest in a money-doubling scheme through cryptocurrency. The news and media company is   show more ...

investigating claims even as traces of account takeover persist at the time this article was published. Crypto Scammers Shift to Deepfake Deployment Crypto scammers hijacking social media accounts of popular brands and celebrities on platforms like YouTube and X is not a novel thing. But what transpired on Thursday could very well be a snippet of things to come as we move towards the Age of AI. Crypto scammers first took over the YouTube account of Channel 7 News and modified it in a way that it masqueraded the official Tesla channel. [caption id="attachment_79292" align="aligncenter" width="300"] Hijacked Channel 7 News' YouTube Account Screenshot (Source: Reddit)[/caption] After making aesthetic changes to the YouTube account, the crypto scammers replaced the videos in the channel with a deepfake live stream of Tesla chief Elon Musk. The AI-generated Musk was seen encouraging viewers to scan a QR code and invest in cryptocurrency. [caption id="attachment_79296" align="aligncenter" width="600"] Musk's Deepfake Asking Users to Scan or Regret (Source: Reddit)[/caption] As per local media, the Musk deepfake said, "All you need to do is scan the QR code on the screen, go to the website and watch your cryptocurrency double. Today's event is a chance for all crypto enthusiasts and users to double their assets." "This is an opportunity that cannot be missed." - Elon Musk Deepfake The deepfake video was made in a way that Musk's AI version even interacted with the audience, where he continued to say that twice as much would return to investors' wallets. The Channel 7 News has several region- and programming-specific YouTube channels, and most of them seemed to be hijacked at present, with all of them running the same deepfake live stream on loop. The page is no longer accessible via direct links from the company website, but as pointed by a Reddit user, if you go to the YouTube channel via the platform's search, it still displays the changes made by crypto scammers, which is a Tesla logo as seen in the images above. Experts, Leaders Press for Deep Fake Regulations Owing to the menace of deepfakes, nearly 1,500 AI and tech experts in February urged global regulation of deepfakes to curb risks like fraud and political disinformation. An open letter recommends that lawmakers criminalize deepfake child pornography, penalize creators and facilitators of harmful deepfakes, and hold software developers accountable. "The whole deepfake supply chain should be held accountable, just as they are for malware and child pornography." - The Open Letter Legal experts and technologists have also previously urged the U.S. Congress to regulate the use of deepfake technologies and provide new protections particularly for women and minority communities against the use of digitally manipulated media. Experts warned that the deceptive content is already affecting national security, personal privacy and public trust.

image for AzzaSec, NoName Cybe ...

 Cybersecurity News

Amidst the ongoing Russo-Ukrainian war, hackers from Italy have decided to join forces with an infamous cyber attacker group in Russia. Azzasec is an Italian hacktivist group who has been involved in anti-Israel campaigns and has teamed up with the infamous pro-Russian hacktivists Noname057(16). Azzasec has a large   show more ...

network of partner groups, whereas Noname05716 is selective in their allies. The alliance between these two nefarious groups signifies a potential increase in the scale and sophistication of cyberattacks on Ukraine and its allies. Understanding the AzzaSec Ransomware On June 26, 2024, NoName formally announced on its social media channels about the alliance. “Today we have formed an alliance with the Italian hacker group AzzaSec, which is one of the TOP 3 coolest hack teams in Italy! We are always open to cooperation with various trance around the world!” the post read. [caption id="attachment_79189" align="alignnone" width="837"] Source: X[/caption] AzzaSec is an infamous actor that infects computers and encrypts files. It later demands a ransom for its decryption. Once a computer is infected, AzzaSec assigns the '.AzzaSec' extension to the filenames. It alters files such as '1.png' to '1.png.AzzaSec' and '2.pdf' to '2.pdf.AzzaSec.' Additionally, it changes the desktop wallpaper and provides a ransom note via a pop-up window like the screenshot below. [caption id="attachment_79190" align="alignnone" width="1828"] Source: X[/caption] The group demands ransom through Bitcoin. AzzaSec’s sophisticated encryption techniques and the secrecy of cryptocurrency transactions make it increasingly difficult for authorities to crackdown and defuse the cybercriminals. AzzaSec recently announced the release of a Windows ransomware builder. The group claimed that their ransomware could bypass major antivirus solutions such as Windows 10 / 11 Defender, Avast, Kaspersky, and AVG. AzzaSec’s emergence into the ransomware scene signals a reminder for organizations and individuals alike to upgrade their cybersecurity measures and remain vigilant against online threats. Inglorious Past of NoName NoName057(16) , on the other hand,  first emerged in March 2022 and is known for its cyber-attacks on Ukrainian, American, and European government agencies, media, and private companies. The group is considered one of the biggest unorganised and free pro-Russian activist group. Renowned for its widespread cyber operations, NoName057(16) has garnered notoriety for developing and distributing custom malware, notably the DDoS attack tool, the successor to the Bobik DDoS botnet. [caption id="attachment_79192" align="alignnone" width="1280"] Source: X[/caption] According to a report by Google-owned Mandiant, NoName057(16), along with other Russian state hackers, pose the biggest cyber threat to elections in regions with Russian interest. “Mandiant is tracking multiple self-proclaimed hacktivist groups primarily conducting DDoS attacks and leaking compromised data in support of Russian interests. These groups claim to have targeted organizations spanning the government, financial services, telecommunications, transportation, and energy sectors in Europe, North America, and Asia; however, target selection and messaging suggests that the activity is primarily focused on the conflict in Ukraine. Relevant groups include KillNet, Anonymous Sudan, NoName057(16), JokerDNR/DPR, Beregini, FRwL_Team (aka "From Russia with Love"), and Moldova Leaks,” Google stated in its threat intelligence report in April. The alliance between AzzaSec and NoName057(16) raises serious concerns about the evolving cyber threat landscape. With a combined skillset for ransomware deployment and large-scale attacks, these groups pose a significant risk to organizations and governments aligned with Ukraine. As the Russo-Ukrainian war rages on, the digital front is likely to see further escalation in cyberattacks.  It is crucial for targeted nations and organizations to bolster their cybersecurity defenses, implement robust incident response plans, and collaborate on international efforts to counter these cyber threats. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Apple Rolls Out Crit ...

 Firewall Daily

Apple has taken steps to enhance the security of its popular AirPods lineup by addressing a critical Bluetooth vulnerability through a new firmware update. This AirPods firmware update,  identified as Firmware 6A326 and 6F8, is aimed at several models including AirPods, AirPods Pro, AirPods Max, Powerbeats Pro, and   show more ...

Beats Fit Pro. The AirPods vulnerability tracked as CVE-2024-27867 and discovered by Jonas Dreßler, posed a potential risk where attackers within Bluetooth range could spoof a user's device and gain unauthorized access to their AirPods. This issue highlights the importance of timely updates to protect Apple devices from cyberattacks.  AirPods Firmware Update Fixes Major Bluetooth Vulnerability Initially, Apple's AirPods firmware update patch notes appeared routine, mentioning "bug fixes and other improvements." However, further details on Apple's security website revealed the update's critical nature, specifically addressing an authentication issue with improved state management related to Bluetooth connections. For affected users, the AirPods firmware update will be applied automatically when AirPods are paired with an iPhone or another compatible device. To verify the update, users can check the firmware version by navigating to Settings > Bluetooth on iOS devices or System Settings > Bluetooth on Macs. This proactive approach highlights the regular updates required by devices regardless of operation systems. By promptly addressing vulnerabilities such as the AirPods vulnerability, Apple aims to create a safer digital environment for its users worldwide. Fixing Several Apple Product Vulnerabilities Beyond addressing the AirPods vulnerability, the firmware update also includes general bug fixes and performance improvements. This comprehensive approach ensures not only enhanced security but also a smoother user experience across the AirPods ecosystem. Users are encouraged to stay vigilant and keep their devices updated to the latest firmware version. This practice is crucial for safeguarding against potential security risks and maintaining the integrity of personal data. Apple's dedication to security is further demonstrated through its adherence to industry-standard practices, including not disclosing specific security issues until patches or releases are available and thoroughly tested. This approach ensures that users can trust Apple products to protect their privacy and security effectively. For more detailed information about the update and additional security-related matters, users can visit Apple's official security updates page and review the comprehensive product security documentation available.

image for Meta AI plans to use ...

 Privacy

The internet in recent weeks has been abuzz with talk of Metas new security policy. The company behind Facebook, Instagram, and WhatsApp informed a portion of its user base that, starting June 26, their personal data is to be used to train the generative artificial intelligence developed by its subdivision Meta AI. To   show more ...

find out what data is affected, whether or not you can opt out, and how to stay digitally safe, read on. Will Meta use Facebook and Instagram content to train its AI? Meta AI has been around for over nine years already. Training its neural networks requires data — lots and lots of it — and it appears that the content generated by users of the worlds largest social networks might soon become Metas AI knowledge base. It all started in May 2024, when posts about changes to Metas security policies began circulating online. The rumor was that, starting late June, the company planned to use content from Facebook and Instagram for generative AI training. However, these notifications werent sent to everyone — only to a select group of users in the EU and US. Following a wave of outrage, Meta issued an official statement to EU residents. However, this seemed to generate more questions than answers. There was no press release explicitly stating, As of this date, Meta AI will use your data for training. Instead, a new page titled Generative AI at Meta appeared, detailing what data the company plans to use to develop artificial intelligence, and how. Again, with no specific dates. Will Meta read my private messages? According to company representatives — no, Meta AI wont be reading your private messages. Chief Product Officer Chris Cox made clear that only public user photos posted on Facebook and Instagram would be used for AI training. We dont train on private stuff, Cox is on the record as saying. The executives statement is echoed on the companys official page dedicated to generative AI. It states that the company will solely utilize publicly available data from the internet, licensed information, and information shared by users within Meta products and services. Furthermore, it explicitly mentions, We do not use the content of your private messages with friends and family to train our AIs. Be that as it may, Meta AI has been scraping users public posts for at least a year now. This data, however, is depersonalized: according to company claims, the generative AI doesnt link your Instagram photos with your WhatsApp statuses or Facebook comments. How to opt out of having your data fed into Meta AI Sadly, theres no nicely labeled I prohibit the use of my data to train Meta AI button; instead, the opt-out mechanism is rather complicated. Users are required to fill out a lengthy form on Facebook or Instagram providing a detailed reason for opting out. This form is hidden within the maze of privacy settings for EU residents: Menu -> Settings and privacy -> Settings -> Security policy. Alternatively, you can find it on the new Meta Privacy Center page, under Privacy and Generative AI. The link is so well hidden its almost as if Meta doesnt want you to find it. But we did the digging for you: heres the form to opt out of Meta AI training on your personal data, although the official title is deliberately more vague: Data subject rights for third-party information used for AI at Meta. But even armed with our direct link to this form, dont get your hopes up: regardless of which of the three options you choose, a most convoluted and confusing form-filling process awaits. Note the rather curious disclaimer in the description: We dont automatically fulfill requests sent using this form. We review them consistent with your local laws. In other words, even if you opt out, your data might still be opted-in. Its crucial to correctly state your reasons for wanting to opt out, and be a citizen of a country in which the GDPR is in effect. This data protection regulation can serve as the basis for deciding in favor of the user — not Meta AI. It stipulates that Meta must obtain explicit consent to participate in voluntary data sharing, and not just publish a hidden opt-out form. This situation has caught the attention of NOYB (None Of Your Business) – the European Center for Digital Rights. Its human rights advocates have filed 11 complaints against Meta in courts across Europe (Austria, Belgium, France, Germany, Greece, Ireland, Italy, the Netherlands, Norway, Poland, and Spain) and, seeking to protect the personal data of their citizens. The Irish Data Protection Commission took note of these claims and issued an official request to Meta to address the lawsuits. The tech giants reaction could have been predicted without any algorithms: the company publicly accused the plaintiffs of hindering the development of generative AI in Europe. Meta stated they believe their initial approach to be legally sound, and so will likely continue their attempts to integrate AI into users lives. The bottom line So far, the saga appears to be just another spat between Meta and the media. The latter claim that Meta wants to process personal data — including the most intimate messages and photos, while Meta bosses are trying to pour cold water on the allegations. Remember: you are primarily responsible for your own digital security. Be sure to use reliable protection, read privacy policies carefully, and always stay informed about your rights regarding the use of your data.

image for Dark Reading Confide ...

 Feed

Episode 2: Incident response experts-turned-ransomware negotiators Ed Dubrovsky, COO and managing partner of CYPFER, and Joe Tarraf, chief delivery officer of Surefire Cyber, explain how they interact with cyber threat actors who hold victim organizations' systems and data for ransom. Among their fascinating   show more ...

stories: how they negotiated with cybercriminals to restore operations in a hospital NICU where lives were at stake, and how they helped a church, where the attackers themselves "got a little religion."

 Malware and Vulnerabilities

These vulnerabilities include SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. Ubuntu has released updates for various versions, including Ubuntu 22.04 LTS, 20.04 LTS, 18.04 ESM, and 16.04 ESM.

 Trends, Reports, Analysis

Major secrets, including cloud environment credentials, internal infrastructures, and telemetry platforms, have been found exposed on the internet due to Git-based processes and Source Code Management (SCM) platforms behavior.

 Malware and Vulnerabilities

ReversingLabs researchers discovered a suspicious package on npm called legacyreact-aws-s3-typescript. They found that the package contained a post-install script that downloaded and executed a simple backdoor.

 Feed

Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It's capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.

 Feed

GRR Rapid Response is an incident response framework focused on remote live forensics. The goal of GRR is to support forensics and investigations in a fast, scalable manner to allow analysts to quickly triage attacks and perform analysis remotely. GRR consists of 2 parts: client and server. GRR client is deployed on   show more ...

systems that one might want to investigate. On every such system, once deployed, GRR client periodically polls GRR frontend servers for work. "Work" means running a specific action: downloading file, listing a directory, etc. GRR server infrastructure consists of several components (frontends, workers, UI servers) and provides web-based graphical user interface and an API endpoint that allows analysts to schedule actions on clients and view and process collected data.

 Feed

Debian Linux Security Advisory 5722-1 - It was discovered that multiple integer overflows in libvpx, a multimedia library for the VP8 and VP9 video codecs, may result in denial of service and potentially the execution of arbitrary code.

 Feed

Debian Linux Security Advisory 5721-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

 Feed

Red Hat Security Advisory 2024-4146-03 - An update for golang is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include denial of service and memory leak vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4126-03 - This is release 1.4 of the container images for Red Hat Service Interconnect. Red Hat Service Interconnect 1.4 introduces a service network, linking TCP and HTTP services across the hybrid cloud. A service network enables communication between services running in different   show more ...

network locations or sites. It allows geographically distributed services to connect as if they were all running in the same site.

 Feed

Red Hat Security Advisory 2024-4107-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a use-after-free vulnerability.

 Feed

Red Hat Security Advisory 2024-4092-03 - An update for the redhat-ds:12 module is now available for Red Hat Directory Server 12.4 for RHEL 9. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4081-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-23 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4079-03 - An update for the quarkus-mandrel-java and quarkus-mandrel-231 packages is now available for the Red Hat build of Quarkus. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4075-03 - An update for kpatch-patch is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

 Feed

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt injection in the "ask" function that could be exploited to trick the library into executing arbitrary

 Feed

A 22-year-old Russian national has been indicted in the U.S. for his alleged role in staging destructive cyber attacks against Ukraine and its allies in the days leading to Russia's full-blown military invasion of Ukraine in early 2022. Amin Timovich Stigal, the defendant in question, is assessed to be affiliated with the Main Directorate of the General Staff of the Armed Forces of the Russian

 Feed

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135 and earlier. It has been addressed in version 5.1.6 build 139. "An SQL injection vulnerability in

 Feed

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable, providing seamless experiences from collaboration and communication to work management and

 Feed

Did you know it’s now possible to build blockchain applications, known also as decentralized applications (or “dApps” for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an all-in-one development toolkit for Algorand, enables developers to build blockchain applications in pure

 Feed

The peer-to-peer malware botnet known as P2PInfect has been found targeting misconfigured Redis servers with ransomware and cryptocurrency miners. The development marks the threat's transition from what appeared to be a dormant botnet with unclear motives to a financially motivated operation. "With its latest updates to the crypto miner, ransomware payload, and rootkit elements, it demonstrates

 Data loss

Wikileaks's Julian Assange is a free man, deepfakes cause trouble in the playground, and we hear hot takes about ransomware and tales from inside a devastating denial-of-service attack. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Eleanor Dallaway.

 Threat Lab

If you’re using cyber security software from Kaspersky Lab, Inc, you will need to find an alternative solution soon. On June 20, 2024, the U.S. Department of Commerce banned software from the Russian-owned company, saying it posed an unacceptable risk to national security.  Citing the Russian government’s   show more ...

offensive cyber capabilities and its capacity to influence Kaspersky’s operations, Commerce Department regulators are strongly encouraging individuals and businesses that use Kaspersky products and services to transition to new vendors to limit potential exposure of personal or sensitive data.   While customers won’t face legal penalties for continuing to use the software, federal regulators caution that users will assume any risks associated with a breach.  The only good news is that current users of Kaspersky software are being given several months to transition to alternative cyber security products — until 12:00 AM EDT on September 29, 2024.  Factors to consider when evaluating antivirus software After events like this, you may wonder how much it matters where your cyber security solutions are developed and headquartered. Effective cybersecurity solutions can come from any corner of the globe, and transparency and openness to independent review are far more important factors than national origin.  So how do you go about evaluating and selecting antivirus software?    Once you’ve looked around and realized that a free solution won’t provide the protection you need, you’ll want to consider protecting yourself with software from one of the well-established industry leaders in this space. Here’s what a best-in-class provider like Webroot® has to offer:  Regular definition updates – In the age of polymorphic malware and zero-day phishing attacks, any software with regular, cloud-initiated definition updates is out of date by the time it’s installed on your computer.  Refined malware detection – The threat landscape in the field of cybersecurity is always evolving. You need a multi-layered approach to malware protection.   Designated threat research team – While AI is increasingly important in the field of internet security, there’s still no substitute for a team of trained professionals to sift through the data and identify the latest cyber threats.  Customer service – You’ll want to rely on  team of threat researchers with award-winning support available 24/7.   Reliable and reputable – The number of cyber security companies and products has exploded in recent years. But you should give greater weight to one of the well-established market leaders in this space. Webroot, for example, was founded in 1997 in Boulder, CO. The brand is now part of OpenText, a global leader in Enterprise Information Management.   Resources to help you choose the right antivirus Personal or business: Business requirements (think networks, fleets of computers, and downtime risks) are different than those of an individual trying to protect their laptop and mobile device. Webroot has products tailored to both business and personal use.  Need help choosing? Evaluating security solutions and matching them to your needs can be daunting. Consider using Webroot’s self-guided tools to help you pick a personal or business product.   Try before you buy: You can kick the tires on Webroot’s products for free. Try the personal free trials here. Or try the business free trials here.  The post What to do if you’re using Kaspersky security software that is now banned in the U.S. appeared first on Webroot Blog.

 Feed

A view of the H1 2024 threat landscape as seen by ESET telemetry and from the perspective of ESET threat detection and research experts

 0 - CT - CISO Strategics - CISO Strategi

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Guidelines on CyberSecurity Specifications se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Security Metrics Guide to PCI DSS Compliance se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - Da

The document emphasizes the importance of legally qualifying actors in the processing of personal data, particularly in the context of public affairs professionals. It mentions that data processing by public affairs professionals can be justified based on legitimate interest. The need for comprehensive information to   show more ...

be provided to data subjects in accordance with the GDPR […] La entrada GUÍA PRÁCTICA DEL GDPR se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - DFIR -

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Guia de Resposta a Incidentes de Segurança para LGPD se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

Security, privacy and compliance The document outlines key steps to enhance cloud security, including conducting third-party audits like ISO 27017 for compliance verification, establishing security, privacy, and compliance controls within Google Cloud infrastructure, and performing risk assessments with technical   show more ...

controls. It emphasizes integrating identity providers for Single Sign-On (SSO) and configuring Multi-Factor Authentication (MFA), as […] La entrada Google Cloud Architecture Framework se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Risk & Compli

The document acknowledges the contributions of various professionals and organizations in developing the Handbook, emphasizing that the content reflects collective inputs and consensus rather than individual views. It highlights the importance of board directors adopting best cybersecurity practices and ensuring   show more ...

cyber literacy among all members. The responsibility of board members has increased due to the […] La entrada CYBER-RISK OVERSIGHT HANDBOOK FOR CORPORATE BOARDS se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - Pe

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada FIREWALL Audit CHECKLIST se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

Docker is being widely used in the information technology world. It is probably one of the most used buzzwords in the past few years. With the introduction of DevOps, Docker Docker’s significance has only grown since it comes with some great features. With great features, new threats get introduced. Docker is   show more ...

commonly used by development […] La entrada HACKING AND SECURING DOCKER CONTAINERS se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

2023 saw a 51% decline in the value lost to hacks, scams, and exploits in Web3. Still, $1.8 billion is nothing to sneeze at, and in this report, we’ll examine the major incidents and exploits that led to this tendigit number. The crypto industry faced legal and regulatory headwinds throughout 2023, with the U.S.   show more ...

Securities […] La entrada HACK3D THE WEB3 SECURITY REPORT 2023 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Healthcare , Industry Specific Researchers Say Manufacturer Proges Plus Hasn’t Responded to Vulnerability Findings Prajeet Nair (@prajeetspeaks) • June 27, 2024     Temperature monitors made by Proges Plus and used in   show more ...

hospitals have unpatchable vulnerabilities, says Nozomi Networks. (Image: Shutterstock) Vulnerabilities in internet-connected temperature […] La entrada No Patches for Hospital Temperature Monitors’ Critical Flaws – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Users of All OpenAI Services in Unsupported Countries Will Lose Access by July 9 Rashmi Ramesh (rashmiramesh_) • June 26, 2024     Image:   show more ...

Shutterstock OpenAI appears to be removing access to its services for […] La entrada OpenAI Drops ChatGPT Access for Users in China, Russia, Iran – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Governance & Risk Management , Patch Management Progress Software: ‘Newly Disclosed Third-Party Vulnerability Introduces New Risk’ Akshaya Asokan (asokan_akshaya) , David Perera (@daveperera) • June 26, 2024       show more ...

It’s time for MOVEit Transfer customers to once again be on high alert for hackers. (Image: […] La entrada Hackers Quick to Exploit MOVEit Authentication Flaw – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Agencies

Source: www.databreachtoday.com – Author: 1 Government , Industry Specific , Recruitment & Reskilling Strategy Federal Officials Say There Is ‘No Silver Bullet’ to Fixing the Cyber Workforce Gap Chris Riotta (@chrisriotta) • June 26, 2024     DHS CIO Eric Hysen, DOD Principal Deputy CIO Leslie   show more ...

Beavers, NIST Director for the National Initiative for Cybersecurity […] La entrada US Federal Agencies Still Struggle to Recruit Cyber Talent – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Activist

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Vulnerability Assessment & Penetration Testing (VA/PT) Activist Investors Are Rare in Cybersecurity, But Rapid7’s Struggles Drew a Firm In Michael Novinson (MichaelNovinson) • June 26, 2024     Double-digit topline   show more ...

growth, high levels of R&D spend, and large ownership stakes by founders tend to keep […] La entrada Why Activist Investor Jana Is Pressing Rapid7 to Sell Itself – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Professional Certifications & Continuous Training , Recruitment & Reskilling Strategy , Training & Security Leadership How Understanding Hiring Trends Can Boost Your Career in Cyber Brandy Harris • June 26, 2024     Image: Getty Images The journey   show more ...

to securing a career in cybersecurity can often feel daunting. The job […] La entrada Keeping Track of the Cybersecurity Job Market – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Bogus

Source: www.databreachtoday.com – Author: 1 Finance & Banking , Fraud Management & Cybercrime , Industry Specific Actual Victim: Evolve Bank, Now Dealing With Open Banking Enforcement Action by Fed Mathew J. Schwartz (euroinfosec) • June 26, 2024     The LockBit ransomware-as-a-service gang did   show more ...

not hack the U.S. Federal Reserve Bank. (Image: Shutterstock) More reasons […] La entrada Bogus: LockBit’s Claimed Federal Reserve Ransomware Hit – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-06
Aggregator history
Thursday, June 27
SAT
SUN
MON
TUE
WED
THU
FRI
JuneJulyAugust