Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for VIT Bhopal Hacker Li ...

 Cybersecurity News

Did a threat actor lie about orchestrating a data breach containing sensitive data about 8,000 students and faculty of a university in India? VIT Bhopal, the university in question, says so and has shared proof with The Cyber Express debunking the hacker’s claims. The university also felt that the hacker’s failed   show more ...

attempt to carry out a cyberattack was only to "garner attention and notoriety." What Was VIT Bhopal Data Breach Claim? VIT Bhopal was established in 2017 and is a deemed university located on the outskirts of Bhopal, the capital city of the state of Madhya Pradesh. The institution is authorized by the University Grants Commission (UGC), which is a statutory organization of the Government of India for the maintenance of standards of teaching, examination, and research in university education. VIT Bhopal ranks among the top universities in India. As per the National Institutional Ranking Framework (NIRF) Ranking, it stands in 65th position amongst all the universities in India. On June 10, 2024, a threat actor, operating under the name “lucifer001,” claimed on the notorious data breach site BreachForums that they had carried out a cyberattack on the university’s website. [caption id="attachment_76218" align="aligncenter" width="792"] Source: X[/caption] According to the post, the threat actor shared screenshots and claimed to possess the following information: ID: Unique Identification number assigned to each student and faculty member of the university. Username: Login credentials of all the stakeholders used to access university portals, maintain and share records, post newsletters, and research materials confined to the institution. Full name: First and last name of the students and faculty of VIT Bhopal. Email: Email addresses of stakeholders, which is the official mode of communication for announcements, course materials and student-faculty interactions. Password: To access personal accounts and university resources. User Activation Key: A unique code allegedly required for initial account activation or password resets. VIT Bhopal Refutes Data Breach Claim The university responded to the data breach claims and said that the information shared by the cyberattacker was to "gain attention and notoriety through dubious and illegal methods.” Sharing a point-by-point explanation debunking the claims, Dr G Vishnuvarthanan, Assistant Director, Centre for Technical Support, VIT Bhopal University, said, “I would like to provide some invaluable findings and suggestions from our end, which need to be treated as a rebuttal." After an internal investigation, the university found that the hacker only “leaked insignificant” info from a dummy Application Programming Interface (API), which was not protected. “It is crucial to clarify that the alleged breach involved a dummy API endpoint, intentionally open for various third-party integrations with the university's website. This endpoint contains only dummy data, designed explicitly for testing and integration purposes, and does not include any real or sensitive information,” Vishnuvarthanan explained. He then went on to clarify that in its investigation of the data breach claim, the university found that the hacker accessed only eight rows of dummy data, which contained nothing of significance. “VIT Bhopal University takes data security very seriously. Upon learning of the alleged breach, the university immediately conducted a thorough review and investigation. Despite our confidence in our security measures, we verified that only 8 rows of dummy data from the dummy API were accessed. This data has no significance and was part of the publicly available integration tools,” he added. The University stated that it follows industry-standard data security practices and tools to ensure the safety of student and faculty data. He ascertained the university's commitment to data security based on four core practices: Regular Security Audits: Conducting periodic security audits to identify and address potential vulnerabilities. Advanced Encryption: Utilizing advanced encryption techniques to protect data at rest and in transit. Access Controls: Implementing strict access controls to ensure that only authorized personnel can access sensitive information. Incident Response Plan: Maintaining a comprehensive incident response plan to swiftly address any security incidents. Cyber Attack Threat: A Challenge to Digital Assets While the VIT Bhopal data breach claim turned out to be a hoax, cyber threats around the globe is a matter of concern, and are continuing to evolve in sophistication and scale. It is not just organizations but consumers too who face an ever-growing challenge to safeguard their digital assets. To brace this challenge, Cyble, a leading force in AI-based cybersecurity, recently unveiled AmIBreached 3.0, its dark web engine. What is AmIBreached? AmIBreached 3.0, developed by Cyble offers advanced tools to identify, prioritize, and mitigate dark web risks. This comprehensive platform accesses over 150 billion records from breaches, hacking forums, and discussions, providing organizations with critical insights into hidden threats. With real-time monitoring and actionable intelligence, AmIBreached 3.0 helps organizations and individuals proactively address and manage emerging cyber threats efficiently.

image for Synnovis Ransomware ...

 Cybersecurity News

The ransomware attack that crippled Synnovis, a key pathology provider for southeast London's NHS Trusts, continues to disrupt critical services nearly a month after the initial attack. While some progress has been made, the slow recovery highlights the fragility of healthcare infrastructure and the potential for   show more ...

wider patient data breaches. Technical Hurdles Plague Restoration Efforts The attack that took place on June 3 knocked out most of Synnovis' IT systems, impacting everything from lab analysis equipment to results transmission. With electronic workflows crippled, the lab reverted to manual processes, significantly hindering processing capacity and turnaround times. The daily blood sampling count in major London hospitals plunged from 10,000 to merely 400 per day after the cyberattack. The biggest challenge that Synnovis is facing is that all its automated end-to-end laboratory processes are offline, since all IT systems have been locked down in response to the ransomware attack. The ongoing recovery prioritizes critical systems first. New middleware deployed at partner hospitals aims to streamline result reporting, but full restoration remains a distant prospect. Synnovis is collaborating its parent company, SYNLAB, and NHS to ensure a secure and phased recovery. Mutual Aid Boosts Capacity, But Data Breach Looms Large To address the backlog of critical tests, Synnovis implemented a "Mutual Aid" program across southeast London boroughs, leveraging partner labs within the NHS network. Additionally, SYNLAB is diverting resources from its wider UK and international network to bolster processing capacity. However, a more concerning development emerged on June 20. A Russian ransomware group called Qilin claimed responsibility for the attack and leaked data online. Synnovis later confirmed the published data was stolen from its administrative drives. "This drive held information which supported our corporate and business support activities. Synnovis personnel files and payroll information were not published, but more needs to be done to review other data that has been published relating to our employees." - Synnovis While a full analysis is ongoing, initial findings suggest the data may contain patient information like full names, NHS numbers, and test codes. Uncertainties for Synnovis Remain as Investigation Continues The stolen data appears partial and in a complex format, making analysis and identification of impacted individuals challenging. Synnovis, with assistance from the NCSC and NHS cybersecurity specialists, is investigating the attack's scope and potential data breach. Law enforcement and the Information Commissioner are also kept informed. Mark Dollar, CEO of Synnovis, acknowledged the disruption and expressed regret for the inconvenience caused. “We are very aware of the impact and upset this incident is causing to patients, service users and frontline NHS colleagues, and for that I am truly sorry. While progress has been made, there is much yet to do, both on the forensic IT investigation and the technical recovery. We are working as fast as we can and will keep our service users, employees and partners updated.” - Mark Dollar, CEO of Synnovis However, the timeline for full system restoration and the extent of the potential data breach remain unclear. The Synnovis attack highlights a broader trend within healthcare IT systems and the potential consequences of third-party cyberattacks. SYNLAB, the parent company of Synnovis, has been targeted by cybercriminals multiple times in the last year. Similar attacks hit their subsidiaries in Italy in April 2024 and a year earlier in France. These incidents underline a concerning rise in third-party vulnerabilities within the healthcare industry. As Synnovis grapples with recovery, the cybersecurity community awaits further details on the data breach and its potential impact on patients.

image for Prudential Data Brea ...

 Data Breach News

A data breach at insurance giant Prudential has ballooned far beyond initial estimates, with regulators informed that over 2.5 million individuals may have had personal information compromised. This significant update comes after Prudential downplayed the incident in March, stating only 36,545 customers were affected.   show more ...

Prudential is the second largest life insurance company in the United States, with 40,000 employees worldwide and revenue of $50 billion in 2023. Initial Claims vs. Updated Numbers In March 2024, following a February network intrusion, Prudential reported to regulators that hackers accessed a limited dataset, including names, addresses, and driver's license/ID numbers, for 36,545 individuals. However, updated data breach filings submitted to Maine regulators on June 30th paint a much bleaker picture. The revised figures show a staggering 2,556,210 customers potentially impacted by the data leak. A Prudential spokesperson clarified that the leaked information may vary for each affected individual. While the full scope of the breach is under investigation, the significant increase in reported victims raises concerns about the initial assessment and potential notification delays. Prudential's Response and Next Steps Prudential maintains they have completed a "complex analysis" of the affected data and initiated a rolling notification process starting in March. However, the vast increase in impacted individuals begs the question of whether these notifications were comprehensive and timely. The company assures it's offering all affected individuals 24 months of complimentary credit monitoring. ALPHV Ransomware Gang Claimed Prudential Data Breach Prudential has yet to disclose details about the attackers behind the February data breach. However, the ALPHV/BlackCat ransomware gang took responsibility for the incident on February 13. The gang is now shut down, but not before running an exit scam and getting a hefty ransom of $22 million from the Change Healthcare breach. The FBI tied ALPHV to over 60 breaches in its first four months, netting at least $300 million from more than 1,000 victims by September 2023. Notably, this is not Prudential's first major data breach. In 2023, a separate attack involving a compromised file transfer tool exposed the Social Security numbers and other sensitive data of over 320,000 customers. Prudential's revised data breach figures raise critical questions about incident response protocols, data forensics capabilities, and the potential impact on millions of customers. Regulatory bodies could scrutinize Prudential's handling of the situation as the situation evolves.

image for Patelco Credit Union ...

 Firewall Daily

Patelco Credit Union, one of the oldest and largest credit unions in the U.S., fell victim to a ransomware attack on June 29, 2024, forcing the institution to shut down most of its day-to-day banking systems. The attack has affected nearly half a million members across the Bay Area and Northern California, leaving   show more ...

them without access to crucial financial services. The Dublin, Ohio-based credit union disclosed details of the security incident through social media and email communications from President and CEO Erin Mendez. While initial details were scarce, Patelco later confirmed the nature of the attack and its widespread impact on member services. Scope Of Patelco Credit Union Attack The ransomware attack has crippled Patelco's online banking platform, mobile app, and call center operations after staff shut down these systems to contain the attack. Members are currently unable to perform electronic transactions such as transfers (including Zelle), direct deposits, balance inquiries, and online bill payments. [caption id="attachment_79973" align="alignnone" width="1184"] Source: X.com (@PatelcoPays)[/caption] Debit and credit card transactions are functioning in a limited capacity, while ATM cash withdrawals and deposits remain available at Patelco and shared branch ATMs. The credit union's President and CEO, Erin Mendez, issued a statement on social media Saturday morning, announcing that services were unavailable due to a "serious security incident." An email was sent to members later that day, revealing that the incident was a ransomware attack, confirming that the credit union had shut down its systems to contain and remediate the issue. Patelco Credit Union Response and Recovery Efforts In the email shared to Patelco members, Mendez apologized for the inconvenience and assured members that the credit union was working around the clock with third-party cybersecurity professionals to assess the situation and restore services. The credit union has warned members to expect longer than normal wait times at branches and through customer service channels. While the full extent of the attack's impact remains unclear, Patelco has assured members that they can still access cash from ATMs. The credit union has also set up a dedicated webpage for ongoing communications about the incident and system functionality updates. The latest update on the security incident from the dedicated webpage states: Please know that our team and third-party partners are working around the clock to get back up and running. We are committed to providing transparent and frequent updates to best of our ability as well as the best possible service that we can, given the disruption. We sincerely apologize for the inconvenience that this cyber attack has caused for our members. We anticipate longer than normal wait times and truly appreciate your patience and support during this difficult time. The website also provides details on the availability of locations, categorizing them as available, limited functionality, and unavailable. [caption id="attachment_79968" align="alignnone" width="2208"] Availability of Patelco Credit Union Locations (Source: www.patelco.org/securityupdate)[/caption] The site disclosed  that there was no evidence that account information such as account number/member number, or online banking credentials such as mobile and online banking User IDs or passwords, were affected.

image for OpenSSH ‘regreSSHi ...

 Cybersecurity News

Researchers have identified a significant remote code execution (RCE) vulnerability that could affect millions of OpenSSH servers. The vulnerability - dubbed 'regreSSHion' and recorded as CVE-2024-6387 - allows for unauthenticated root-level remote code execution, posing a serious security risk. The   show more ...

vulnerability affects OpenSSH server software running on Linux systems that use the GNU C Library. It stems from a race condition in how OpenSSH handles certain signals during connection attempts. regreSSHion Vulnerability and Its Impact Researchers from Qualys discovered that the vulnerability stems from a signal handler race condition in OpenSSH's server (sshd) on glibc-based Linux systems. The vulnerability is remotely exploitable, making it a significant threat to Linux systems. The potential impact of this vulnerability is severe, as it could lead to a complete system takeover, installation of malware, data manipulation, and the creation of backdoors for persistent access. An attacker with root access could bypass critical security mechanisms such as firewalls, intrusion detection systems, and logging mechanisms, making it even more challenging to detect and respond to an attack. The regreSSHion vulnerability impacts a broad range of OpenSSH versions, from the earliest releases up to, but not including, version 9.8p1. However, its effects vary depending upon the version: Versions before 4.4p1 are vulnerable unless patched for earlier, related flaws. Versions 4.4p1 to 8.5p1 are not affected due to previous security fixes. Versions 8.5p1 to 9.8p1 are vulnerable due to an accidental removal of critical code. However, servers on OpenBSD systems remain unaffected thanks to a secure mechanism implemented in 2001. The researchers stated that they had developed a working exploit for the vulnerability and had disclosed it to the  OpenSSH team to assist in remediation efforts. While the researchers do not release exploits as part of firm policy, they believe that other researchers would be able to replicate results. Mitigating Risk to OpenSSH Servers The vulnerability's discovery highlights the importance of ongoing security audits and regression testing in software development. The flaw is a reintroduction of a bug first patched in 2006, demonstrating how even well-maintained projects can inadvertently reopen old security holes. Organizations running vulnerable OpenSSH versions should take immediate action: Apply patches: Update to OpenSSH 9.8p1 or apply vendor-provided fixes for older versions. Limit access: Restrict SSH connections through network controls to reduce attack surface. Segment networks: Isolate critical systems to prevent lateral movement if a breach occurs. Monitor activity: Deploy intrusion detection systems to alert on potential exploitation attempts. Assess exposure: Use asset management tools to identify vulnerable systems across the enterprise For systems that can't be immediately patched, the researchers recommend setting the LoginGraceTime parameter to 0 in the SSH configuration file as a way to mitigate against remote-code execution. However, the researchers warn that this could instead leave the server vulnerable to denial-of-service attacks.

image for RansomHub Double Thr ...

 Cybersecurity News

The Florida Department of Health, the first accredited public health system in the United States, has reportedly fallen victim to a ransomware attack by the notorious RansomHub group. The attackers claim to have accessed a staggering 100 GB of organizational data and have threatened to publish the stolen information   show more ...

within the next three to four days. The implications of such a breach are potentially devastating, given the sensitive nature of the data held by the Florida Department of Health. The organization is responsible for a wide range of public health services, from disease prevention and health promotion to emergency preparedness and response. A data leak of this magnitude could expose personal health information, disrupt health services, and undermine public trust in the state's health system. UNCONFIRMED: NTT DATA Romania Data Breach Simultaneously, NTT DATA, a global leader in business and technology services, has also been targeted by RansomHub. The group claims to have accessed 230 GB of data from the Romanian division of NTT DATA, with plans to publish it within the same timeframe of three to four days. NTT DATA Romania is a critical player in the IT and business solutions sector, providing services that include consulting, system integration, and IT infrastructure management. A breach of this scale could have severe repercussions, affecting not only the company's operations but also the clients it serves across various industries. [caption id="attachment_79941" align="aligncenter" width="936"] Source: X[/caption] The Cyber Express Outreach and Unverified Claims The Cyber Express Team has reached out to both the Florida Department of Health and NTT DATA Romania to verify the claims made by RansomHub. As of the writing of this report, no official responses have been received from either organization, leaving the claims unverified. However, if these claims are proven to be true, the ramifications could be extensive. Data breaches of this nature can lead to significant financial losses, legal consequences, and reputational damage for the affected organizations. Moreover, the compromised data could be used for malicious purposes, further endangering individuals and businesses. Historical Context of RansomHub's Activities This latest attack is part of a series of high-profile cyberattacks attributed to RansomHub and other ransomware groups in recent months. In June 2024, RansomHub, along with RansomHouse, allegedly carried out three major cyberattacks in Italy within 24 hours. The targeted entities included the websites of Cloud Europe and Mangimi Fusco, with RansomHouse claiming responsibility for a cyberattack on Francesco Parisi. In May 2024, RansomHub claimed responsibility for a cyberattack on Christie’s auction house. This attack disrupted Christie’s website just days before its marquee spring sales and led to the leaking of data that allegedly included information about some of the world’s wealthiest art collectors. Despite the severity of the claims, Christie’s officials downplayed the breach, stating that no financial or transactional data had been compromised. Additionally, in the same month, RansomHub was implicated in a cybersecurity incident involving United Health. This incident was part of the ALPHV ransomware group’s final breach and exit scam, which involved a significant payment of $22 million. As the situation unfolds, it is crucial for the affected organizations, the Florida Department of Health and NTT DATA Romania, to respond promptly and transparently. For now, the claims by RansomHub remain unverified. The Cyber Express Team will continue to monitor the situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for LockBit 3.0 Hits Cro ...

 Cybersecurity News

The nefarious LockBit 3.0 ransomware group has struck once again, targeting unsuspecting victims in their latest wave of attacks. The recent victims to fall prey to the LockBit 3.0 ransomware attack are KBC Zagreb in Croatia and PT Latinusa Tbk in Indonesia. The authenticity of the LockBit group’s claims regarding   show more ...

the cyberattack on KBC Zagreb and PT Latinusa Tbk remain shrouded in uncertainty. Latest Victims of LockBit 3.0 Cyberattack On July 1, 2024, LockBit claimed to have targeted KBC Zagreb which is the largest and most advanced Croatian hospital. According to its website, the medical facility was established in 1942 in the capital city of Zagreb and serves around 10,000 citizens every day across two main campuses and three other locations in the city. [caption id="attachment_79918" align="alignnone" width="840"] Source: X[/caption] On Monday, LockBit ransomware named KBC Zagreb as its latest victim on its dark leak site. In its post, LockBit said, “KBC Zagreb is a company that operates in the hospital and healthcare industry. It employs 2,001-5,000 people and has $500M- $1B of revenue.” [caption id="attachment_79919" align="alignnone" width="1430"] Source: X[/caption] The cyber attacker claimed to have accessed sensitive data of the hospital which includes “medical records, patient exams and studies, research papers of doctors, surgery, organ and donor data, organ and tissue banks, employee data, addresses, phone numbers, employee legal documents, data on donations and relationships with private companies, donation book; medication reserve data; personal data breach reports and much more.” To substantiate its claims, the group uploaded 12 documents as proof which allegedly contained sensitive information of the data breach from the hospital. Lockbit has mentioned that deadline for ransom as July 18. The ransomware attack on KBC Zagreb comes barely a week after the hospital faced a cyberattack by infamous Russian actor “NoName057 (16).” The attack on the intervening night of June 24 and 25, forced the hospital to shut down its entire IT infrastructure.   The attack significantly damaged the hospital’s digital systems, causing a temporary rollback to manual processes. According to news reports, during that attack, Milivoj Novak, assistant director of health care, quality and supervision of KBC Zagreb, said that the shutdown took the hospital back 50 years – to paper and pencil. The hospital also confirmed significant delays due to the cyberattack and that some patients were redirected to other hospitals. The other ransomware victim claimed by the LockBit 3.0 ransomware group is PT. Pelat Timah Nusantara (Latinusa), Tbk.  PT Latinusa Tbk is the first and the only tinplate producer in Indonesia and founded in 1982. [caption id="attachment_79922" align="alignnone" width="1460"] Source: X[/caption] The hackers allegedly exfiltrated internal and external audit documents of the company apart from claims, budgets, analysis, and finance private information. LockBit’s deadline for the ransom is July 3. Despite assertions of successful infiltration and data compromise, the official websites of the targeted companies appear to be fully operational, raising doubts on the veracity of the LockBit’s claims. The Cyber Express Team tried to substantiate LockBit 3.0 ransomware attack claims by reaching out to KBC Zagreb and PT. Pelat Timah Nusantara officials for clarification. However, at of the time of this report, there has been no official response or public statement from the victims, leaving the LockBit 3.0 ransomware attack claim unverified. LockBit 3.0 Continues Cyberattacks Despite Developer's Arrest Recently, the Ukraine National Police arrested a  28-year-old cryptor developer whom they claimed was involved in the LockBit and Conti ransomware groups. Despite the arrest, LockBit has shown an ability to continually regroup and reestablish threat activities, recently launching high-profile ransomware attacks such as one that the one on Monday. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for French Authorities S ...

 Cyber Essentials

French authorities seized servers and proceeds worth millions belonging to the "Coco" chat website, a free-for-all online platform that facilitated child sexual abuse and drug dealing, among other illegal activities. In a major international cooperative effort, the French authorities, alongside Bulgaria,   show more ...

Germany, Lithuania, Netherlands, and Hungary, dismantled a notorious online platform that facilitated a range of criminal activities. Under investigation since December 2023, the website called "Coco" has facilitated child pornography, sexual exploitation, drug dealing and violent acts including homicides, said Eurojust, the European Union Agency for Criminal Justice Cooperation. The details of the seizure were revealed on Monday, a week after the initial announcement from the Paris prosecutor's office that the website was no longer available and only displayed a seizure notice from the French national police. Platform Served as Hub for Organized Crime For years, the platform served as a virtual meeting ground for criminals, enabling them to communicate, plan operations, and conduct transactions, said Eurojust. Over 23,000 judicial procedures linked to this platform have been initiated since 2021, with at least 480 victims identified to date. French authorities launched an investigation in December last year after it received a host of allegations about the abuse faced by some individuals through the platform. The investigation uncovered the platform's role in facilitating activities like human trafficking and child exploitation for organized crime groups, after which the authorities took steps to shut it down. Coordinated Takedown Nets Servers and Millions A synchronized operation supported by Eurojust led to the seizure of servers located in Germany, effectively shutting down the platform and displaying a splash page. Lithuanian and Hungarian authorities swiftly executed freezing orders, securing over €5.6 million in suspected criminal funds. Furthermore, a European Investigation Order (EIO) issued by France was successfully executed in Bulgaria. French magistrates and law enforcement officials, authorized by Bulgarian authorities, conducted bank statement reviews, searches, seizures, and witness interviews. Coco Chat Site's Links to Violence Coco was a chat website with a notorious lack of moderation. Rights groups in France have labeled it a "predator's den" due to its alleged links to violence. SOS Homophobie, for instance, called for its closure after a brutal attack on a gay man allegedly planned by Coco users. Child protection groups have also campaigned against Coco since 2013, citing its easy access for criminals. The website, owned by a Bulgarian company and operating outside French jurisdiction with a [.]gg domain, boasted over 850,000 users in France as of 2023. Paris prosecutors connect Coco's anonymity to its appeal for criminals, highlighting a recent murder allegedly set up on the platform.

image for ‘We Refused to Pay ...

 Cybersecurity News

Affirm Holdings, a prominent U.S. financial technology firm, announced that the personal information of Affirm card users may have been compromised due to a cybersecurity incident at Arkansas-based Evolve Bank and Trust. This Evolve Bank data breach, which occurred last week, involved the illegal release of customer   show more ...

data on the dark web. Evolve Bank, a third-party issuer of Affirm cards, revealed it was the target of a significant cybersecurity attack. Affirm has reassured its customers that its systems remain secure, and Affirm cardholders can continue to use their cards without interruption. However, the company has acknowledged that the breach involved shared personal information used to facilitate card issuance and servicing. In a statement, Affirm's spokesperson highlighted, "Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more." LockBit Blamed for Evolve Bank Data Breach Evolve Bank disclosed that the incident was a ransomware attack perpetrated by the criminal organization LockBit. "This was a ransomware attack by the criminal organization, LockBit," reads Evolve Bank's official statement. The ransomware attack involved unauthorized access to the bank’s systems, resulting in the download and subsequent leak of sensitive customer information. This Evolve Bank data breach occurred in two phases, in February and May when an employee inadvertently clicked on a malicious internet link. "They appear to have gained access to our systems when an employee inadvertently clicked on a malicious internet link. There is no evidence that the criminals accessed any customer funds, but it appears they did access and download customer information from our databases and a file share during periods in February and May," said Evolve Bank. Further, the Bank disclosed that the threat actor also encrypted some data within its environment. However, the Bank had backups available and experienced limited data loss and impact on its operations. Moreover, Evolve Bank confirmed that they have refused to pay the ransom demand because of which LockBit has leaked the data they downloaded. "The threat actor also encrypted some data within our environment. However, we have backups available and experienced limited data loss and impact on our operations. We refused to pay the ransom demanded by the threat actor. As a result, they leaked the data they downloaded. They also mistakenly attributed the source of the data to the Federal Reserve Bank," inform Evolve Bank. Incident Details and Evolve Bank’s Response Evolve Bank provided a comprehensive update on the data breach. The bank identified unusual system behavior in late May 2024, initially suspected to be a hardware failure but later confirmed as unauthorized activity. Cybersecurity specialists were engaged, and Evolve promptly initiated its incident response protocols, successfully halting the attack by May 31, 2024. The attack did not compromise customer funds, but sensitive data was accessed and downloaded from the bank’s databases. "At this time, we have evidence that files were downloaded from our systems," informed Bank. This included names, Social Security numbers, bank account numbers, and contact information of personal banking customers and partners, including Affirm card users. Additionally, personal information related to Evolve employees was likely impacted. "We have now learned that personal information relating to our employees was also likely impacted. We are still investigating what other personal information was affected, including information regarding our Business, Trust, and Mortgage customers," reads the official statement of Evolve Bank. Evolve Bank has undertaken several measures to enhance security and prevent future incidents: Global password resets. Reconstructing critical Identity Access Management components, including Active Directory. Hardening of firewall and dynamic security appliances. Deploying endpoint detection and response tools. The bank is also strengthening its security response protocols, policies, and procedures to improve detection and response to suspected incidents. Impact on Affirm Card Users and Future Actions Affirm cardholders whose data may have been compromised will be directly notified. "The incident may have compromised some data and personal information Evolve had on record. If you do not have an Affirm Card, the incident does not impact you. If you do have an Affirm Card, we’re still investigating and we will have your back," said Affirm official statement. Evolve Bank is offering affected individuals two years of free credit monitoring and identity theft protection. Notifications will begin via email on July 8, 2024, including details about a dedicated call center for assistance and enrollment in credit monitoring services. Evolve Bank urges all affected customers to remain vigilant by monitoring their account activity and credit reports. The bank provided resources for setting up fraud alerts with nationwide credit bureaus (Equifax, Experian, and TransUnion) and obtaining free credit reports. Customers suspecting identity theft or fraud are encouraged to file reports with the Federal Trade Commission (FTC) or local law enforcement. Evolve Bank stated, "We appreciate your patience and understanding as we navigate this challenging situation. Your trust is of utmost importance to us, and we are committed to transparency."

image for Researchers Observe ...

 Firewall Daily

D-Link DIR-859 WiFi routers have been found to have a path traversal vulnerability that allows for information disclosure. This vulnerability, identified as CVE-2024-0769, affects all hardware revisions and firmware versions of the DIR-859. The DIR-859 model has reached its end-of-life status and will not be receiving   show more ...

any further updates from D-Link. D-Link DIR-859 Router Vulnerability The vulnerability allows attackers to access and retrieve sensitive information from the router's configuration files. The vulnerability occurs in the /htdocs/cgibin directory on the DIR-859 router, where HTTP requests are processed by a single binary. By sending a specially crafted HTTP POST request to the router's web interface, an attacker can bypass security measures and gain unauthorized access to user data. Researchers from security firm GreyNoise observed a variation of the exploit in the wild, which targets a specific configuration file containing user account information. The discovered exploit scripts leverage the vulnerability to retrieve the DEVICE.ACCOUNT.xml file, which contains usernames, passwords, group information, and descriptions for all users of the device. Protection Against D-Link Vulnerability D-Link strongly recommends that users of DIR-859 routers retire and replace their devices with newer, supported models. The company advises against continued use of end-of-life products due to the potential security risks involved. The discovery of this vulnerability has significant implications for owners of D-Link DIR-859 routers: Permanent vulnerability: As the router model is no longer supported, there will be no official patch to address this security flaw. Long-term risk: The disclosed information remains valuable to attackers for the entire lifespan of the device, as long as it remains internet-facing. Potential for further exploitation: The vulnerability could be used in combination with other, yet unknown, vulnerabilities to gain full control over the affected devices. For U.S. customers unable to immediately replace their routers, it's crucial to take additional security measures, such as disabling remote management features, usage of strong and unique passwords for all accounts, regularly monitoring router logs for suspicious activity, and considering using a separate  virtual private network (VPN) for added security. D-Link's official security advisory stated: D-Link strongly recommends that this product be retired and cautions that any further use of this product may be a risk to devices connected to it. If US consumers continue to use these devices against D-Link's recommendation, please make sure the device has the most recent firmware, make sure you frequently update the device's unique password to access its web-configuration, and always have WIFI encryption enabled with a unique password. Researchers stated that while the intended usage of disclosed information from the routers is unknown, they remain valuable for the attackers for the lifetime of the device as long as they remain connected to the internet.

image for ‘We Are Investigat ...

 Cybersecurity News

IntelBroker, a threat actor (TA) who is a prominent member of the notorious BreachForums, has allegedly leaked a trove of data stolen from Cognizant Technology Solutions, a leading American multinational specializing in IT services and consulting. The alleged Cognizant data leak reportedly includes a document with 12   show more ...

million lines from Cognizant’s internal website and user data from the company’s Oracle Insurance Policy Admin System (OIPA), a cloud-based DevOps solution. Cognizant Data Leak: What All it May Contain According to IntelBroker, the leaked user file comprises approximately 40,000 user records containing a wide array of sensitive data fields. These fields include policy number, role code, client name, company code, state code, role sequence number, arrangement number, arrangement status, start date, start year, end date, end year, draft day, modular amount, and next premium due date. The Cyber Express Team contacted Cognizant officials to verify these claims. "We are aware of the reports made by a cybercriminal organization, claiming it has targeted some of our services. We take this matter very seriously and we are investigating the validity and extent of this claim," Cognizant Spokesperson told The Cyber Express. Notably, the spokesperson neither denied the claim nor confirmed the Cognizant data leak reports. Should these claims be substantiated, the implications could be far-reaching, posing significant risks to both the affected individuals and Cognizant's reputation. The alleged Cognizant data breach highlights the ongoing and evolving threats that corporations face from sophisticated cybercriminals. IntelBroker Previous Claims IntelBroker is no stranger to high-profile cyber intrusions. The hacker has previously claimed responsibility for a massive data breach involving Advanced Micro Devices (AMD), a leading player in the semiconductor industry. This unverified breach, disclosed on BreachForums, included multiple data samples shared with the forum’s users, raising serious concerns about the security of AMD’s infrastructure. AMD officials have since stated that they are investigating the claims. IntelBroker's notoriety stems from a history of targeting diverse organizations, including critical infrastructure, major tech corporations, and government contractors. The hacker’s sophisticated approach to exploiting vulnerabilities has enabled access to sensitive information on multiple occasions. Previous claims include breaches at institutions like Apple, Lindex Group, and Acuity, a U.S. federal technology consulting firm. Prior Cognizant Data Breaches This incident is not the first time Cognizant has faced cyber threats. On September 1, 2023, Cognizant filed a notice of data breach with the Attorney General of Texas after discovering that an unauthorized party had accessed confidential consumer data stored on the company’s computer network. This Cognizant data breach followed a significant ransomware incident in April 2020, which Cognizant estimated would result in losses between $50 million and $70 million. In the April 2020 incident, Cognizant confirmed on April 18 that a security event involving its internal systems was causing service disruptions. The attack bore the signature of the Maze ransomware group, which had previously targeted multiple high-profile organizations. Cognizant provided affected customers with indicators of compromise (IOCs) and other technical information to aid in defensive measures. The potential leak by IntelBroker highlights the continuous and escalating cyber threats faced by multinational corporations. These incidents not only jeopardize the security of sensitive data but also have significant financial and operational impacts on the affected companies. The Cyber Express Team will continue to monitor the situation and provide updates as more information becomes available. In the meantime, we urge all organizations to review their cybersecurity protocols and ensure they are adequately prepared to respond to potential threats.

image for Patch Your Cisco Swi ...

 Cybersecurity News

Cisco has patched a critical zero-day vulnerability in its NX-OS software. The patched Cisco zero-day vulnerability was exploited in April attacks to install previously unknown malware as root on vulnerable switches. The cybersecurity firm Sygnia, which reported the incidents to Cisco, attributed the attacks to a   show more ...

Chinese state-sponsored threat actor it tracks as Velvet Ant. "The vulnerability was identified as part of a larger forensic investigation performed by Sygnia of a China-nexus cyber espionage operation that was conducted by a threat actor Sygnia dubs as ‘Velvet Ant’," reads Sygnia's official statement. Cisco Zero-Day Vulnerability Overview The patched Cisco zero-day vulnerability, identified as CVE-2024-20399, is a command injection flaw in the Cisco NX-OS Software Command Line Interface (CLI). This vulnerability affects a wide range of Cisco Nexus devices. On July 1, Cisco published an advisory detailing the nature and scope of the vulnerability, which allows attackers with valid administrator credentials to execute arbitrary commands on the underlying Linux operating system of the affected devices. "Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability," reads Cisco's official statement. Sygnia discovered this vulnerability during a forensic investigation of a China-nexus cyber espionage operation conducted by Velvet Ant. The investigation revealed that the threat actor had exploited the zero-day vulnerability to execute malicious code on the underlying OS of the Nexus switches. Velvet Ant's exploitation of CVE-2024-20399 enabled the execution of custom malware on compromised Cisco Nexus devices. This malware facilitated remote connections to the devices, allowing the attackers to upload additional files and execute further code. Network appliances, particularly switches, often go unmonitored, and their logs are rarely forwarded to a centralized logging system, making it challenging to detect and investigate such malicious activities. "This exploitation led to the execution of a previously unknown custom malware that allowed the threat group to remotely connect to compromised Cisco Nexus devices, upload additional files, and execute code on the devices," informed Sygnia. Background on Cisco NX-OS Cisco NX-OS Software is a network operating system used for Cisco’s Nexus series of switches. Although NX-OS is based on a Linux kernel, it abstracts the underlying Linux environment and provides its own set of commands via the NX-OS CLI. To execute commands on the underlying Linux OS from the switch management console, an attacker would need a "jailbreak" type of vulnerability to escape the NX-OS CLI context. The newly identified vulnerability allows attackers with administrator-level access to the Switch management console to escape the NX-OS CLI and execute arbitrary commands on the underlying Linux OS. Impact and Risk Assessment Cisco Nexus switches are widely deployed in enterprise environments, particularly in data centers. Exploiting the identified vulnerability requires the threat group to possess valid administrator-level credentials and have network access to the Nexus switch. Given that most Nexus switches are not directly exposed to the internet, attackers must first achieve initial access to an organization’s internal network to exploit this vulnerability. This reduces the overall risk to organizations, but the incident highlights the importance of monitoring and protecting network appliances. Mitigation Strategies Cisco has released software updates to address the vulnerability described in the advisory. Updating affected devices is the primary mitigation strategy. However, when software updates are not immediately available, it is crucial to adopt security best practices to prevent unauthorized access and mitigate potential exploitation. These practices include: Restrict Administrative Access: Utilize Privileged Access Management (PAM) solutions or dedicated, hardened jump servers with multi-factor authentication (MFA) to restrict access to network equipment. If these options are not feasible, restrict access to specific network addresses. Centralize Authentication, Authorization, and Accounting Management (AAA): Use TACACS+ and systems like Cisco ISE to streamline and enhance security. Centralized user management simplifies monitoring, password rotation, and access reviews, and allows for quick remediation in case of a compromise. Enforce Strong Password Policies: Ensure that administrative users have complex, securely stored passwords. Use Privileged Identity Management (PIM) solutions to auto-rotate administrative account passwords or employ a password vault with restricted access. Restrict Outbound Internet Access: Implement strict firewall rules and access control lists (ACLs) to prevent switches from initiating outbound connections to the internet. Implement Regular Patch and Vulnerability Management: Regularly review and apply patches to all network devices. Use automated tools to identify and prioritize vulnerabilities. "When considering software upgrades, customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page, to determine exposure and a complete upgrade solution. In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers," urges Cisco. Monitoring and Detection Enhancing visibility and forwarding logs to a central logging solution are crucial steps in identifying malicious activities on network devices. Organizations should: Enable Syslog on all switches to send log data to a centralized server. Integrate switch logs with a Security Information and Event Management (SIEM) system to correlate events and detect anomalies. Configure alerts to identify suspicious activities, such as unauthorized SSH connections. Regularly analyze network traffic for anomalies associated with Cisco switches, focusing on management ports like SSH and Telnet. The exploitation of CVE-2024-20399 by Velvet Ant highlights the persistent and evolving threats posed by state-sponsored cyber actors.  Cisco’s timely patching of the vulnerability and Sygnia’s detailed forensic investigation provide crucial insights into mitigating such threats.

image for Atlantic Marine Fish ...

 Cybersecurity News

The U.S. Atlantic States Marine Fisheries Commission (ASMFC) has acknowledged a data breach and begun to notify customers who were affected by it. The ASMFC data breach reportedly took place on April 6, 2024. The commission stated that “it was the victim of a cybersecurity incident” that affected the   show more ...

organization’s electronic systems. The data breach notification was shared by the ASMFC with the Office of the Maine Attorney General on June 28 through their legal counsel. In its notification, the ASMFC shared that around 9,895 people, including 3,823 Maine residents could be affected by the data breach. Hackers allegedly stole a company database containing sensitive Personal Identifiable Information (PII), along with financial records of the commission. The cause of the data breach has been reported as “external system breach (hacking).” Understanding ASMFC Data Breach ASMFC plays a key role in overseeing fisheries along the Atlantic seaboard. Established 80 years ago, the fishery organization states on its site that its mission is "to promote the better utilization of the fisheries, marine, shell and anadromous, of the Atlantic seaboard by the development of a joint program for the promotion and protection of such fisheries, and by the prevention of physical waste of the fisheries from any cause." The 8Base ransomware group claimed the organization as a victim on its leak site and said it had stolen several pieces of critical data. On April 15th, the 8Base ransomware group asserted on its official leak site that it had obtained information such as personal data, invoices, receipts, accounting documents and certificates. The group gave the organization a deadline of four days to pay the ransom, warning that if the ransom was not paid by April 19th, they would release the data. [caption id="attachment_79949" align="alignnone" width="2048"] Source: Archived copy of the official site(asmfc.org) displaying earlier notice.[/caption] According to the commission, “On April 6, 2024, ASMFC learned it was the victim of a cybersecurity incident that affected our organization’s electronic systems. ASMFC promptly notified law enforcement. With assistance from third-party experts, we took immediate steps to secure our systems, restore operations, and investigate the nature and scope of the Incident. Based on our investigation, the Incident appears to have begun on or about March 14, 2024 and ended on April 6, 2024.” ASMFC concluded that sensitive PII could have been part of the data leak: “As part of our extensive forensic investigation, we have worked diligently to determine whether any personally identifiable information may have been impacted. We concluded that some or all the following information may have been subject to unauthorized access and acquisition during the Incident: name, mailing address, email address, phone number, Social Security number, bank account and routing number, copies of ID cards (driver's license, Social Security cards, birth certificate and/or passport),” the organization send in its notification. The breach was discovered during routine security monitoring, but the specific methods used by the hackers remain unclear. In response, ASMFC has taken steps to secure personal information and offered identity theft protection services to those affected. “As an added precaution, we are also offering you a chance to enroll in complimentary identity theft protection services through IDX, A ZeroFox Company. IDX identity protection services include 24 months of Credit and CyberScan monitoring, a $1,000,000 insurance reimbursement policy, and fully managed ID theft recovery services,” the commission shared with all its stakeholders. “Please note that at this time, we have no evidence that your information has been misused. However, we encourage you to take full advantage of this offered service,” ASMFC mentioned in its letter.

image for CVE-2024-6387 aka re ...

 Business

A vulnerability has been discovered in OpenSSH, a popular set of tools for remote management of *nix systems. The bug allows an unauthenticated attacker to execute arbitrary code on the affected system and gain root privileges. The vulnerability was named regreSSHion, and assigned the ID CVE-2024-6387. Given that   show more ...

sshd, the OpenSSH server, is integrated into most operating systems and many IoT devices as well as firewalls, the description of the vulnerability sounds like the beginning of a new epidemic on the scale of WannaCry and Log4Shell. In practice, the situation is somewhat more complex. Widespread exploitation of the vulnerability is unlikely. Nevertheless, all server administrators using OpenSSH must urgently address the vulnerability. Where OpenSSH is Used The OpenSSH utility set is almost ubiquitous. It is a popular implementation of the SSH (secure shell) protocol, and is integrated into most Linux distributions, OpenBSD and FreeBSD, macOS, as well as specialized devices like those based on Junos OS. Since many TVs, smart doorbells, baby monitors, network media players, and even robotic vacuum cleaners are based on Linux systems, OpenSSH is often used in them as well. Starting with Windows 10, OpenSSH is also available in Microsofts OSs, although its an optional component not installed by default. Its no exaggeration to say that sshd runs on tens of millions of devices. How to trigger the regreSSHion vulnerability During an SSH authentication attempt, the user has a time limit to complete the process, with the default setting being 120 seconds. If authentication does not occur, the sshd server asynchronously calls the special sigalarm function, which in turn invokes system-level memory management functions. This was done in a manner unsafe for asynchronous execution. Under certain conditions, and with a small probability, this can trigger a race condition, leading to memory boundary violations and arbitrary code execution. To exploit this vulnerability, an attacker needs to make approximately 10,000 attempts on average, and the target system must be based on Linux versions using the GNU C Library (glibc), such as all Debian variants. Additionally, attackers need to prepare memory structures tailored to the specific version of glibc and Linux. Researchers have reproduced the attack on 32-bit Linux systems but, theoretically, its possible to exploit on 64-bit systems as well — albeit with a lower success rate. Address Space Layout Randomization (ASLR) slows down the exploitation process but does not provide complete protection. Interestingly, this bug was already fixed by the OpenSSH team in 2006, when it was assigned CVE-2006-5051. Therefore, the new bug is a regression — the reappearance of an already known defect due to some changes introduced in the code. This is where the name for the new vulnerability, regreSSHion, comes from. The likelihood of CVE-2024-6387 being exploited in the wild The vulnerability was discovered by researchers and responsibly disclosed to the development team. Therefore, immediate exploitation is unlikely. Moreover, the technical complexities described above make mass exploitation impractical. Ten thousand authentication attempts with standard OpenSSH settings would take six to eight hours per server. Additionally, one needs to know which version of Linux the server is running. If the server has any protection against brute force attacks and DDoS, these measures would likely block the attack. Despite all this, targeted exploitation is quite possible. Patient attackers can conduct reconnaissance and then make low-frequency attempts from different IPs, and sooner or later they might succeed. How to protect your servers against exploitation Versions of OpenSSH up to 4.4p1, plus versions from 8.5p1 to 9.7p1 running on glibc-Linux, are vulnerable. OpenBSD-based servers are not affected, so admins of those can breathe easier; however, everyone else should update sshd to version 9.8. If for some reason immediate updating is not possible, administrators can set the login timeout to zero (LoginGraceTime=0 in sshd_config) as a temporary mitigation. However, developers warn that this makes the SSH server more susceptible to DDoS attacks. Another possible mitigation is stricter access control for SSH — implemented using firewalls and other network security tools.

 Incident Response, Learnings

Polish prosecutors are investigating a suspected Russian attack on the country's state news agency, the Polish Press Agency (PAP). The attack, which occurred in May, aimed to spread disinformation and cause disruptions in Poland's system or economy.

 Trends, Reports, Analysis

Large organizations have significantly bolstered their cybersecurity workforce in 2024, with an average of one expert dedicated to cybersecurity for every 1,086 employees in companies with over $1 billion in revenue, as per a report by Wavestone.

 Trends, Reports, Analysis

The cyber threats landscape has led to changes in the way CISOs evaluate their business's risk appetite, causing tensions with CEO and C-suite members, according to Netskope.

 Trends, Reports, Analysis

Cyber insurance premiums have seen significant reductions in price due to improved cybersecurity measures implemented by organizations. Despite an 18% increase in ransomware incidents, premiums have decreased in 2023/24.

 Expert Blogs and Opinion

Q-Day, the day when a quantum computer can break modern encryption, is approaching rapidly, leaving our society vulnerable to cyberattacks. Recent advancements in quantum technology suggest that Q-Day is coming sooner than expected.

 Malware and Vulnerabilities

This multi-stage trojan utilizes Dropbox and Google Docs to update and deliver payloads. It uses the VBA stomping technique, removing the VBA source code in a Microsoft Office document, leaving only compiled p-code.

 Trends, Reports, Analysis

The most common attack methods against YouTube channels involve phishing attacks to steal login credentials, exploiting weak or reused passwords, and even bypassing two-factor authentication by stealing session cookies.

 Trends, Reports, Analysis

The open source project 'ip' has been archived on GitHub due to a dubious CVE report filed against it. This is not an isolated incident, as open-source developers have seen an increase in unsubstantiated CVE reports for their projects.

 Trends, Reports, Analysis

According to a new analysis by Comparitech, the average ransom demand per ransomware attack in the first half of 2024 was over $5.2m (£4.1m). This was calculated from 56 known ransom demands issued by threat actors during that period.

 Feed

Gentoo Linux Security Advisory 202407-9 - A vulnerability has been discovered in OpenSSH, which can lead to remote code execution with root privileges. Versions greater than or equal to 9.7_p1-r6 are affected.

 Feed

Ubuntu Security Notice 6851-2 - USN-6851-1 fixed vulnerabilities in Netplan. The update lead to the discovery of a regression in netplan which caused systemctl enable to fail on systems without dbus. This update fixes the problem.

 Feed

Ubuntu Security Notice 6844-2 - USN-6844-1 fixed vulnerabilities in the CUPS package. The update lead to the discovery of a regression in CUPS with regards to how the cupsd daemon handles Listen configuration directive. This update fixes the problem. Rory McNamara discovered that when starting the cupsd server with a   show more ...

Listen configuration item, the cupsd process fails to validate if bind call passed. An attacker could possibly trick cupsd to perform an arbitrary chmod of the provided argument, providing world-writable access to the target.

 Feed

Red Hat Security Advisory 2024-4211-03 - An update for kernel is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4210-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4209-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.2 for RHEL 8. Issues addressed include a denial of service vulnerability.

 Feed

Meta's decision to offer an ad-free subscription in the European Union (E.U.) has faced a new setback after regulators accused the social media behemoth of breaching the bloc's competition rules by forcing users to choose between seeing ads or paying to avoid them. The European Commission said the company's "pay or consent" advertising model is in contravention of the Digital Markets Act (DMA).

 Feed

A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in its switches to deliver malware. The vulnerability, tracked as CVE-2024-20399 (CVSS score: 6.0), concerns a case of command injection that allows an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected

 Feed

An Australian man has been charged with running a fake Wi-Fi access point during a domestic flight with an aim to steal user credentials and data. The unnamed 42-year-old "allegedly established fake free Wi-Fi access points, which mimicked legitimate networks, to capture personal data from unsuspecting victims who mistakenly connected to them," the Australian Federal Police (AFP) said in a press

 Feed

The cybersecurity threat landscape has witnessed a dramatic and alarming rise in the average ransomware payment, an increase exceeding 500%. Sophos, a global leader in cybersecurity, revealed in its annual "State of Ransomware 2024" report that the average ransom payment has increased 500% in the last year with organizations that paid a ransom reporting an average payment of $2 million, up from

 Feed

Modern CPUs from Intel, including Raptor Lake and Alder Lake, have been found vulnerable to a new side-channel attack that could be exploited to leak sensitive information from the processors. The attack, codenamed Indirector by security researchers Luyi Li, Hosein Yavarzadeh, and Dean Tullsen, leverages shortcomings identified in Indirect Branch Predictor (IBP) and the Branch Target Buffer (BTB

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Breach Notification , HIPAA/HITECH , Security Operations Industry Associations Want Feds to Put Regulatory Onus on Change Healthcare Marianne Kolbasuk McGee (HealthInfoSec) • July 1, 2024     Industry groups want HHS OCR to provide further clarification about the   show more ...

HIPAA breach notification process in UnitedHealth Group’s Change Healthcare hack. (Image: […] La entrada Groups Ask HHS for Guidance on Massive Change Breach Reports – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Patch Management Over 14 Million Servers May Be Affected by Bug First Fixed Decades Ago Rashmi Ramesh (rashmiramesh_) • July 1, 2024     A bug patched in 2006 is again active in OpenSSH. (Image: Shutterstock) More than 14   show more ...

million servers may be affected by […] La entrada Urgent: Patch Fixed, Reintroduced OpenSSH Bug, Says Qualys – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Network Firewalls, Network Access Control , Patch Management Vulnerability Can Allow Authentication Bypass; No Evidence of Exploitation Yet Rashmi Ramesh (rashmiramesh_) • July 1, 2024     This Juniper Session Smart Router needs   show more ...

a patch ASAP. (Image: Juniper Networks) Juniper Networks released an out-of-band fix […] La entrada Juniper Releases Emergency Fix for Maximum-Severity Flaw – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Balancing

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Artificial Intelligence & Machine Learning , Governance & Risk Management Dunphy of Omron on Enhancing Productivity Through Strategic Gen AI Implementation Michael Novinson (MichaelNovinson) • July 1, 2024     Patrick Dunphy,   show more ...

head of cybersecurity, Omron Generative AI offers significant potential for enhancing productivity across […] La entrada Balancing AI Potential and Risk Management in Cybersecurity – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 The concept of red teaming has been around since the 1960s. Red teams use tactics, techniques and procedures to emulate a real-world threat and measure the effectiveness of your defenses. “Red teaming is narrative-driven,” said Jared Atkinson of SpectorOps.   show more ...

It looks at a specific attack chain and doesn’t take into […] La entrada Purple Teaming: Evaluate the Efficacy of Security Controls – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Tuesday, July 02
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember