Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for GeoServer and GeoToo ...

 Firewall Daily

Widely used open-source Java tools, GeoServer and GeoTools, that help in geospatial data processing have fixed security vulnerabilities related to XPath expression injection. Identified as CVE-2024-36401 and CVE-2024-36404, these XPath expression injection vulnerabilities could potentially lead to remote code   show more ...

execution, posing serious risks to affected systems. These expression injection vulnerabilities stem from the way GeoServer handles XPath expressions. Specifically, when GeoServer interacts with the GeoTools library API, it passes element type attribute names insecurely to the commons-jxpath library. This mishandling allows malicious actors to inject crafted XPath expressions that could execute arbitrary code on the affected server. Exploitation and Impact of XPath Expression Injection Vulnerabilities An unauthenticated attacker can exploit these vulnerabilities by sending specially crafted inputs via multiple OGC request parameters. This could lead to unauthorized remote code execution within the context of the GeoServer application, potentially compromising the confidentiality, integrity, and availability of geospatial data stored and processed by the affected systems. For GeoServer, vulnerable versions include those before 2.23.6, versions between 2.24.0 to 2.24.3, and versions between 2.25.0 to 2.25.1. Similarly, for GeoTools, affected versions encompass those before 29.6, versions between 30.0 to 30.3, and versions between 31.0 to 31.1. To address these security risks, immediate action is strongly recommended. Users should upgrade GeoServer installations to versions 2.23.6 or later, 2.24.4 or later, and 2.25.2 or later. Likewise, GeoTools users should upgrade to version 29.6 or later, 30.4 or later, or 31.2 or later. Official patches have been released to mitigate these vulnerabilities, and users should download them promptly from the respective GeoServer and GeoTools repositories. Mitigation and Patches for XPath Expression Injection Vulnerabilities For those unable to upgrade immediately, replace vulnerable jar files (gt-app-schema, gt-complex, gt-xsd-core) in the WEB-INF/lib directory of GeoServer with versions 2.25.1, 2.24.3, 2.24.2, 2.23.2, 2.21.5, 2.20.7, 2.20.4, 2.19.2, or 2.18.0 can provide temporary protection. These actions are essential to safeguarding geospatial data processing systems against potential exploitation and maintaining the integrity and security of critical infrastructure. Temporary Workaround: If immediate updates are not feasible, consider deleting the gt-complex-x.y.jar file (where x.y represents the GeoTools version, e.g., gt-complex-31.1.jar for GeoServer 2.25.1). Note that this action may temporarily compromise certain functionalities of GeoServer. The vulnerabilities in GeoServer and GeoTools underline the critical importance of promptly applying security updates and patches. Organizations and users relying on these tools for geospatial data management and processing should prioritize updating their installations to mitigate the risk of exploitation. By staying informed and proactive in addressing security advisories, users can safeguard their systems against potential threats and ensure the secure operation of geospatial services.

image for Apple Caves to Rosko ...

 Policy Updates

In a move that tightens Russia's grip on internet control, Apple has removed several Virtual Private Network (VPN) applications from the App Store in response to a request by Roskomnadzor, the country's federal media watchdog. The deleted VPN apps belonging to ProtonVPN, Red Shield VPN, NordVPN, and Le VPN   show more ...

were popular tools used by Russians to bypass government-imposed internet censorship. Red Shield VPN and Le VPN confirmed the removals, sharing messages from Apple stating the apps were deleted per "demand from Roskomnadzor" for containing "content considered illegal in Russia." VPNs creates encrypted tunnels for internet traffic, allowing users to access blocked websites and applications anonymously. Apple offered little explanation, suggesting developers contact Roskomnadzor directly. Red Shield VPN, in turn, advised users to switch their Apple ID country to access the app and updates elsewhere. But the suggestion came not before it used some stern wordings against the Cupertino giant. It said: "Apple's actions, motivated by a desire to retain revenue from the Russian market, actively support an authoritarian regime. This is not just reckless but a crime against civil society. The fact that a corporation with a capitalization larger than Russia's GDP helps support authoritarianism says a lot about the moral principles of that corporation." - Red Shield VPN Red Shield said its services aims to provide free access to information and improving the world. But in the notification, Apple refers to Roskomnadzor's request to remove the app and claims that its app "solicits, promotes, or encourages criminal or clearly reckless behavior," which it strongly disagrees with. A similar notice was sent to LeVPN as seen in the image below: [caption id="attachment_80371" align="aligncenter" width="1024"] Apple Notice to LeVPN (Source: LeVPN)[/caption] Banning and Removal of VPN Apps Not New This is just the latest chapter in Russia's escalating efforts to control online information. The crackdown on VPN Apps and their services predates the Ukraine war but has intensified significantly since. Roskomnadzor executed large-scale blocks targeting VPN protocols like WireGuard, OpenVPN, and IPSec in August and September 2023. According to Sergei Khutortsev, Director of Roskomnadzor's Public Communications Network Monitoring and Management Centre, 167 "malicious" VPN services and 84 applications have been blocked in just two years. This aggressive censorship push extends beyond VPNs. Roskomnadzor is reportedly developing an AI-powered system to maintain a vast register of banned information, further solidifying its control over the Russian online landscape. Additionally, the agency compels telecom operators to block roughly 300,000 unregistered SIM cards weekly. While Apple's compliance with Roskomnadzor's demands raises concerns about corporate responsibility in the face of authoritarian restrictions, it's a tactic with limited effectiveness. Tech-savvy users will undoubtedly explore alternative methods to access VPN services. The bigger worry lies with Roskomnadzor's growing arsenal of censorship tools and its potential to stifle free speech and the flow of information within Russia.

image for Hacker Shares Data A ...

 Firewall Daily

A known threat actor on the BreachForums who uses the moniker '888' has shared data allegedly stolen from Shopify in a data breach incident. The data is claimed to consist personal details, email subscriptions and order-related information of its users. Shopify Inc. is a Canada-based multinational business   show more ...

that offers a proprietary e-commerce platform along with integrations to allow individuals, retailers and other businesses to setup their own online stores or retail point-of-sale websites. Alleged Shopify Data Breach The Shopify data breach claims to contain 179,873 rows of user information. These records allegedly include Shopify ID, First Name, Last Name, Email, Mobile, Orders Count, Total spent, Email subscriptions, Email subscription dates, SMS subscription, and SMS subscription dates. [caption id="attachment_80373" align="alignnone" width="1723"] Source: BreachForums[/caption] The Cyber Express could not verify the authenticity of these claims but the threat actor has a high-ranking reputation within the BreachForums community that has earned him the title of 'Kingpin.' The breach could possibly have stemmed from a recent data breach incident impacting Evolve Bank and Trust. Evolve Bank and Trust is a supporting partner of Shopify Balance, a money management integration built-in to the admin pages of Shopify stores. The bank is also a third-party issuer of Affirm debit cards. [caption id="attachment_80362" align="aligncenter" width="272"] Source: X.com(@lvdeeaz)[/caption] Recent Evolve Bank and Trust Data Breach Towards the end of June, the Evolve Bank confirmed that it had been impacted by a cybersecurity incident claimed by LockBit. The bank disclosed that the stolen data included sensitive personal information such as names, social security numbers(SSNs), dates of birth, and account details, among other data. In an official statement in response to the Evolve data breach, the bank said, “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users).” Later, the financial firm Affirm Holdings had confirmed that it had also been affected by the Evolve Bank and Trust Data Breach. The firm stated in a security notice on its website, "Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more." Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Major Security Flaws ...

 Firewall Daily

Mitsubishi Electric's GENESIS64 and MC Works64 software have been identified with multiple vulnerabilities, posing significant security risks to industrial control systems. These Mitsubishi Electric vulnerabilities encompass a range of critical issues, including unrestricted resource allocation, improper digital   show more ...

signature validation, and insufficient control over file search paths. Such weaknesses can potentially lead to denial of service (DoS) attacks and unauthorized execution of programs, compromising the integrity and availability of industrial operations. The Mitsubishi Electric vulnerabilities are cataloged under specific CVE identifiers: CVE-2023-2650 and CVE-2023-4807 affecting GENESIS64 Version 10.97.2, CVE-2024-1182 impacting all versions of GENESIS64 and MC Works64, and CVE-2024-1573 plus CVE-2024-1574 affecting specific versions of GENESIS64 and all iterations of MC Works64. Each vulnerability has been assessed with a CVSS base score, which reflects its severity and potential impact on system security. Mitigation Against the Mitsubishi Electric Vulnerabilities To mitigate these Mitsubishi Electric vulnerabilities effectively, the organization recommends several proactive measures. First and foremost, users are advised to apply the latest security patches promptly. These patches address identified vulnerabilities and are available for download via the ICONICS Community Portal, ensuring that systems are fortified against potential exploits. For vulnerabilities where immediate patches are not available, implementing suggested workarounds and securing network access are vital interim steps. In addition to patching and securing networks, best practices include deploying firewalls to protect control system networks, restricting physical access to installed PCs, and exercising caution with email attachments and links from unknown sources. Specific guidelines for each CVE include disabling vulnerable functions where applicable and upgrading to newer software versions that incorporate fixes for these vulnerabilities. Mitsubishi Electric has collaborated closely with security advisories and organizations like JPCERT/CC to disseminate detailed information and guidance. This collaboration aims to raise awareness among users and facilitate proactive measures against potential exploits. Staying Informed on New Vulnerabilities For users of GENESIS64 and MC Works64, staying informed about security updates and adhering to recommended mitigations are critical steps to enhance cybersecurity resilience. By following these precautions, organizations can effectively safeguard their industrial control systems from emerging threats and ensure uninterrupted operations. Furthermore, ongoing vigilance and adherence to cybersecurity best practices are essential. Regularly monitoring for new flows just like the Mitsubishi Electric vulnerabilities, promptly applying patches and updates, and conducting thorough security assessments are integral components of better cybersecurity strategies. This proactive approach not only mitigates current risks but also strengthens defenses against future threats. By prioritizing cybersecurity and implementing comprehensive risk management strategies, organizations can safeguard their critical infrastructure and maintain operational continuity against cybersecurity challenges. Mitsubishi Electric remains committed to supporting its customers with timely updates and proactive security measures to uphold the integrity and security of its industrial control systems.

image for Vintage Investment P ...

 Appointments

Vintage Investment Partners, a global venture capital platform managing $4 billion in assets, has announced the appointment of Ilan Leiferman as Chief Value-Add Officer. Leiferman will lead Vintage's Value+ platform, bringing extensive experience from his nearly four-year tenure at Amazon Web Services (AWS), where   show more ...

he spearheaded business development for top-tier venture capitalists and startups and built AWS's global cybersecurity business practice for startups. Vintage's Value+ platform is a pivotal part of the firm's strategy to add value to the venture ecosystem. It leverages Vintage's extensive network, including over 4,000 venture funds and over 25,000 startups, to connect venture-backed technology startups with corporations seeking digital transformation support. The platform has facilitated over 280 purchase orders and paid proofs of concept for startups from global corporations, amounting to over $200 million in business. Ilan Leiferman: Leadership Transition and Strategic Vision Ilan Leiferman will be succeeding Orit Shilo, who will be relocating abroad after three impactful years at Vintage. Abe Finkelstein, Co-Managing Partner of Vintage, expressed enthusiasm about the leadership transition, stating, "Value+ is a critical component of Vintage's strategy of adding value to the ecosystem, and we are excited to have Ilan on board to enhance our focus on connecting startups and corporates as well as leveraging the power of Gen-AI to roll out new free services for funds and startups across the globe." Leiferman's expertise in fostering business development and his strategic vision for integrating advanced technologies like Gen-AI will be instrumental in expanding the Value+ platform's capabilities. This appointment is poised to enhance the platform's offerings, ensuring that it continues to be a vital resource for startups and corporations navigating their digital journeys. Leiferman's background at AWS, where he was responsible for developing business opportunities for leading VCs and startups, highlights his capability to drive innovation and growth within the venture ecosystem. His work in establishing AWS's global cybersecurity business practice for startups demonstrates his proficiency in addressing complex technological needs and creating impactful business solutions. About Vintage Investment Partners Vintage Investment Partners is a distinguished global venture platform that combines Secondary Funds, Growth-Stage Funds, and Fund-of-Funds. With $4 billion in assets under management across 15 active funds, Vintage has established itself as a significant player in the venture capital landscape. The firm's investments span leading venture funds and mid-to-late-stage startups, positioning it at the forefront of innovation and growth in the technology sector. As Orit Shilo transitions from her role at Vintage, the firm extends its gratitude for her contributions and wishes her success in her future endeavors. Her leadership over the past three years has been integral to the development and success of the Value+ platform. Looking ahead, Leiferman's appointment signals a new phase of growth and innovation for Vintage Investment Partners. The focus on leveraging Gen-AI and enhancing the platform's services reflects Vintage's dedication to staying at the cutting edge of technological advancement and providing unparalleled value to its stakeholders.

image for For Cybersecurity Pr ...

 Cybersecurity News

For most Americans, July 4 is an idyllic holiday of cookouts, parades and fireworks, and leisure time by the pool or even at the beach. It’s a day when offices and businesses shut down, and even the stock market takes the day off.  But for cybersecurity pros, there’s always a little discomfort in the back of   show more ...

their minds, the thought that somewhere hackers are working overtime, trying to breach networks while much of the security staff has the day off.  “If only threat actors would take time off during holidays,” quipped Ryan Barnett, Principal Security Researcher at Akamai Technologies.  This year, July 4 will come with a little additional uncertainty: Whether CDK Global can get its critical auto dealership software back up and running in time for holiday sales. The early progress suggests the company may make good on that pledge.  Fortunately, July 4 has usually been relatively free of major security drama, with the Kaseya supply chain ransomware attack of 2021 and a North Korea-connected DDoS attack in 2009 two noteworthy exceptions. But that doesn’t mean the day isn’t full of small incidents that never get written up by security writers. You can be sure that somewhere, some cybersecurity pros will be laboring away, missing all the fun.  Not Just July 4, All Holidays are Risky for Security Pros  Holidays in general tend to be an important time for security pros to be vigilant, which means they can pretty much never relax on a holiday. After nasty attacks over Mother’s Day, Memorial Day and Independence Day in 2021, a rough month that included the Colonial Pipeline, Kaseya and meatpacking plant attacks by the DarkSide and REvil ransomware groups, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned organizations to be especially vigilant on holidays.  CISA said cyber criminals “may view holidays and weekends—especially holiday weekends—as attractive timeframes in which to target potential victims, including small and large businesses. In some cases, this tactic provides a head start for malicious actors conducting network exploitation and follow-on propagation of ransomware, as network defenders and IT support of victim organizations are at limited capacity for an extended time.”  CISA recommended controls like ransomware-resistant backups, isolating critical workloads and strong authentication and access controls.  For security pros, there probably wasn’t a lot of news in the CISA warning; a part of the job is knowing that attackers are always present, whether you’re on the job or not. With any luck, maybe you have a third-party service provider watching over your IT environment during off hours – which means that someone at the service provider’s security operations center (SOC) has to spend the holiday staring at a screen instead of being with family. Even then, there’s always the possibility that a managed security services provider (MSSP) might need onsite assistance in dealing with an incident.  December Can Be Rough for Security Teams Too  Not surprisingly, December can be another tough month for security teams. In addition to lower staffing levels, online activity and shopping make it a great time of year for scams and phishing emails to find unwitting victims. And as holidays in December are more global in nature, the cyber pain can be felt around the world.  The first widely disruptive worm had a Christmas theme: “Christmas Tree EXEC” wreaked havoc on networks in December 1987, and cyberattacks have been a holiday tradition since. Barnett, the Akamai Technologies researcher, had his own December nightmare. The dreaded Log4j “Log4Shell” vulnerability – the subject of a CISA advisory just two days before Christmas – hit while he was vacationing with family in late 2021.  “I distinctly remember being in the car with my family on vacation in Florida at the time of Log4J and jumping on triage conference calls,” he said. “While not fun, it's part of the job.”  “This was, thankfully, an atypical event, as it was an extremely far-reaching vulnerability coupled with a myriad of attack payload obfuscation options,” Barnett said. “These large cyber events raise in criticality when threat actors have proof of concept exploit code. In these situations, it is ‘all hands on deck’ with regards to cyber defense operations staffing, and that usually includes 24/7 support.”  These never-ending cyber threats that seem to get even worse at holiday time are one reason security pros report such high levels of job stress. So, if you share a cookout with a cybersecurity pro this July 4th and they seem a little preoccupied, let them know you get where they’re at, and maybe they’ll even relax a little. We hope.

image for Florida Department o ...

 Cybersecurity News

The Florida Department of Health, the first accredited public health system in the United States, has responded to a query by The Cyber Express regarding claims of a ransomware attack by the notorious RansomHub group. Reports initially suggested that the Florida Department of Health had fallen victim to a significant   show more ...

ransomware attack, potentially compromising critical systems and sensitive data. Florida Department of Health Official Response In an official statement to The Cyber Express, the Florida Department of Health acknowledged the occurrence of temporary outages within their online Vital Statistics system, which is believed to be linked to a potential cyber incident. The statement read, "The Florida Department of Health (Department) can confirm that there have been temporary outages of the online Vital Statistics system following a potential cyber incident. As is standard practice, the Department is coordinating with law enforcement and all relevant stakeholders." Despite these disruptions, the department reassured the public that the majority of its systems and services remain fully operational. "Any effected parties will be notified as a comprehensive assessment of the situation is completed. The majority of Department systems and services remain operational with no disruptions." the statement shared with The Cyber Express team further noted. However, the department has not disclosed any further details in regards to the Florida Department of Health cyberattack, the attacker group, or the extent of the data breach. This lack of specific information leaves many questions unanswered about the potential impact on the department’s data and operations. RansomHub Group’s Claims The initial reports, which emerged two days ago, claimed that the RansomHub group had accessed a staggering 100 GB of data from the Florida Department of Health. The group reportedly threatened to publish this stolen information within the next three to four days, escalating concerns about the potential repercussions of the breach. In a parallel development, the RansomHub group also claimed responsibility for targeting NTT DATA, a global leader in business and technology services. According to the group's statements, they have accessed 230 GB of data from the Romanian division of NTT DATA and plan to release it within the same three to four-day timeframe. As of now, NTT DATA has not confirmed these claims nor responded to inquiries by The Cyber Express. The lack of confirmation from NTT DATA adds another layer of uncertainty to the situation, as the potential exposure of such a significant volume of data could have widespread implications. Public Health Organizations as Prime Targets The Florida Department of Health's response highlights the ongoing challenges that public health organizations face in safeguarding their digital infrastructure against increasing cyber threats. Public health systems, in particular, are attractive targets for cybercriminals due to the vast amounts of sensitive personal and medical information they handle. The potential fallout from such breaches can be severe, impacting not only the affected organizations but also the individuals whose data is compromised. However, the department’s swift coordination with law enforcement and other stakeholders highlights the importance of a rapid and coordinated response in mitigating the impact of such incidents. The Cyber Express will continue to monitor the situation closely, providing updates as more information becomes available. The Cyber Express remains committed to delivering timely and accurate updates to keep the public informed. In the meantime, this incident serves as a reminder of the critical need for enhanced cybersecurity measures and proactive incident response strategies to protect sensitive data and maintain the integrity of essential services.

image for Formula 1 Governing ...

 Cybersecurity News

The Fédération Internationale de l'Automobile (FIA), the auto racing governing body since the 1950s, has confirmed that attackers gained unauthorized access to personal data after compromising several FIA email accounts in a phishing attack. The FIA data breach has raised significant concerns within the   show more ...

motorsport community and beyond, as the organization manages sensitive information related to its various operations and members. In an official statement, the FIA revealed the extent of the breach: "Recent incidents pursuant to phishing attacks has led to the unauthorized access to personal data contained in two email accounts belonging to the FIA." The organization has acknowledged the seriousness of the incident and has taken immediate action to mitigate the impact. FIA Data Breach: Immediate Response and Regulatory Notification Upon discovering the breach, the FIA acted swiftly to rectify the issues, notably cutting off illegitimate accesses in a very short time. The organization notified relevant regulatory bodies, including the Commission Nationale de l'Informatique et des Libertés (the French data protection regulator) and the Préposé Fédéral à la Protection des Données et à la Transparence (the Swiss data protection regulator). "The FIA took all actions to rectify the issues, notably in cutting the illegitimate accesses in a very short time, once it became aware of the incidents and notified the Commission Nationale de l'Informatique et des Libertés (the French data protection regulator), and the Préposé Fédéral à la Protection des Données et à la Transparence (the Swiss data protection regulator)," reads the official statement. The FIA has expressed regret for any concern caused to the affected individuals and emphasized its dedication to data protection. "We take our data protection and information security obligations very seriously and continuously review our systems to ensure they are robust, in the context of evolving cyber-criminality. The FIA has put additional security measures in place to protect against any future attacks.," the FIA stated. The organization has implemented additional security measures to protect against future attacks and is committed to ongoing improvements in its cybersecurity posture. FIA's Legacy and Role Founded in 1904 as the Association Internationale des Automobile Clubs Reconnus (AIACR), the FIA is a non-profit international association that coordinates numerous auto racing championships, including the prestigious Formula 1 and the World Rally Championship (WRC). The FIA brings together 242 member organizations from 147 countries across five continents and controls the FIA Foundation, which promotes and funds road safety research. Despite the swift response, the FIA has yet to disclose critical details about the cyberattack on FIA, including when it was detected, how many individuals' personal information was accessed, and what specific data was exposed or stolen. This lack of information has left many stakeholders eager for further updates to understand the full scope and potential implications of the incident. The Cyber Express has reached out to an FIA spokesperson with additional questions about the incident. However, a response was not immediately available. The Cyber Express will continue to monitor the situation and provide updates as more information becomes available. In the meantime, organizations across all sectors are urged to review and strengthen their cybersecurity protocols to safeguard against similar threats.

image for Aftermarket Software ...

 Cybersecurity News

Enterprise Resource Planning (ERP) system eViridis has reportedly suffered a significant data breach, potentially impacting its clients as well. A Threat Actor (TA) has claimed responsibility for the eViridis data breach, stating they have compromised and exfiltrated the company's entire data set, including email   show more ...

logs and client information. eViridis is owned and operated by US-based investment and advisory services firm, Aveniras LLC. The TA is allegedly selling the stolen database on the dark web, with prices starting at US $500. Details of eViridis Data Breach  eViridis was established in the year 2010 to develop business-to-business software solutions for the emerging aftermarket electronics industry, including aftermarket resale, part harvesting, and electronics recycling. The company offers consulting services to assist recyclers and corporations. On its website, the company states, “For more than 10 years eViridis has been helping some of the largest Manufacturing, Media, Financial Services and Healthcare companies in the world transform labor intensive, manual ways of working into streamlined digital processes and workflows.” [caption id="attachment_80273" align="alignnone" width="1790"] Source: eViridis website[/caption] According to the company's profile on the internet, there are around 200 employees in the firm which has a revenue worth $31.1 million. eViridis data breach was allegedly executed by threat actor, who is operating under the alias “jewwu”. In his post on dark web marketplace BreachForums, the TA shared that the stolen data impacts not just the company but also its clients. The TA apparently compromised email logs, client data, and other company information. The bad actor also shared a few screenshots to support the assertions of data breach. This includes data like user login id and passwords, server login credentials, documents like count of assets, audit evaluation results and load acknowledgment report. The screenshots of the alleged data breach also contained data of eViridis clients such as evTerra Recycling, Jabil and Estrella TV. [caption id="attachment_80274" align="alignnone" width="2087"] Source: X[/caption] Explaining further details of the data breach, the TA wrote, “The full size of this breach is around 2.1TB. Granted I only have about 61GB of this archived, I still have access to the other 1.61TB of information but I currently do not have the space to download it all, so there is a chance I may lose access once this thread gains traction. 61GB is definitely safe and available though.” The bad actor was willing to negotiate and sell the stolen data for USD $500 and up. [caption id="attachment_80275" align="alignnone" width="1047"] Source: X[/caption] Potential Impact of eViridis Data Breach If proven, the potential consequences of this data breach could be critical as the sensitive data including financial details of the firm as well as the clients could be leaked. The organizations should take appropriate measures to protect the privacy and security of the stakeholders involved. Financial data breaches can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry. Currently, details regarding the extent of the data breach, data compromise, and the motive behind the cyber assault remain undisclosed. Despite the claims made by the threat actor, the official websites of the targeted companies remain fully functional. This discrepancy has raised doubts about the authenticity of the bad actor’s assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to eViridis and its parent company Aveniras LLC. As of writing this news report, no response has been received, leaving the data breach claims unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for People’s Cyber Arm ...

 Firewall Daily

The People’s Cyber Army, associated with APT44, and NoName057 allegedly orchestrated a series of DDoS attack on Denmark. These attacks were publicly claimed on the groups' Telegram channels and are reportedly a response to Denmark’s plan to train an additional 50 Ukrainian F-16 pilots, as announced by Danish   show more ...

Air Force Commander Jan Dam. The People’s Cyber Army reportedly targeted Denmark’s government procurement site (udbud.dk) and the news outlet 24tech.dk. Simultaneously, NoName057 directed attacks at MitID's authentication portal, the Danish Tax Agency, the National Bank of Denmark, and the Danish Evaluation Agency. People’s Cyber Army Claims DDoS Attack on Denmark [caption id="attachment_80259" align="alignnone" width="643"] Source: Dark Web[/caption] The impact of these DDoS attack on Denmark has been felt across critical Danish organizations including 24tech.dk, the Danish Tax Agency, the National Bank of Denmark, MitID, and Denmark’s government procurement site (udbud.dk). These incidents has allegedly primarily affected Denmark but also have potential implications across Europe and the UK, particularly in sectors such as government and media. Denmark's decision to train Ukrainian F-16 pilots has stirred controversy, triggering these retaliatory actions from hacktivist groups. The Cyber Express has reached out to the affected organizations to learn more about this DDoS attack on Denmark and claims made by the the threat actors.  However, at the time of writing this, no statements has been issued at this time, leaving the claims surrounding these cyberattacks on Denmark unverified. Collaboration with The People’s Cyber Army, APT44, and NoName057 The recent cyberattacks on Denmark by the People’s Cyber Army (associated with APT44) and NoName057 highlight the escalating threat posed by pro-Russian hacktivist groups. APT44, recognized for its sophisticated cyber operations, has a history of targeting critical infrastructure and government agencies, notably using DDoS attacks to disrupt systems. This group’s activities, often aligned with Russia’s geopolitical interests, demonstrate a strategic integration of cyber capabilities in international conflicts. NoName057, emerging as a disruptive force in recent years, employs similar tactics through DDoS attacks aimed at Ukrainian, American, and European targets. Operating primarily through online platforms like Telegram and GitHub, the group seeks to amplify its impact by coordinating with other pro-Russian collectives. Their actions reflect a broader trend of hacktivist movements leveraging digital tools to advance political agendas and challenge perceived adversaries. The collaboration between these groups highlights the decentralized and adaptable nature of modern cyber threats, where state-sponsored actors and loosely affiliated hacktivist groups converge based on shared objectives. These incidents not only disrupt targeted organizations but also highlight vulnerabilities in global cybersecurity frameworks.  Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for False Alarm: IntelBr ...

 Cybersecurity News

Cognizant Technology Solutions, a leading American multinational specializing in IT services and consulting, has provided an update regarding the alleged Cognizant data breach claimed by IntelBroker, a prominent member of the notorious BreachForums. In response to inquiries by The Cyber Express, a spokesperson from   show more ...

Cognizant confirmed that their investigation revealed the incident involved a cloud-based testing environment with fictional test data. "We have investigated the claim and found that the impact involved a cloud-based testing environment with fictional test data," the Cognizant spokesperson told The Cyber Express. The organization further clarified that no clients or client data were impacted by this event. "No clients or client data were impacted by this event," reads the official statement from Cognizant. The company has not confirmed any other claims regarding the alleged data breach. In a prior statement to The Cyber Express, the spokesperson had stated, "We are aware of the reports made by a cybercriminal organization, claiming it has targeted some of our services. We take this matter very seriously and we are investigating the validity and extent of this claim." Initial Cognizant Data Breach Claims by IntelBroker Earlier, The Cyber Express had reported that IntelBroker had allegedly leaked a substantial amount of data stolen from Cognizant Technology Solutions. According to IntelBroker, the leak included a document with 12 million lines from Cognizant’s internal website and user data from the company’s Oracle Insurance Policy Admin System (OIPA), a cloud-based DevOps solution. The purported leaked file reportedly contained approximately 40,000 user records with various sensitive data fields, such as policy number, role code, client name, company code, state code, role sequence number, arrangement number, arrangement status, start date, start year, end date, end year, draft day, modular amount, and next premium due date. IntelBroker’s Notorious History IntelBroker is well-known for high-profile cyber intrusions. The hacker has previously claimed responsibility for a massive data breach involving Advanced Micro Devices (AMD), a leading player in the semiconductor industry. This unverified breach, disclosed on BreachForums, included multiple data samples shared with the forum’s users, raising serious concerns about the security of AMD’s infrastructure. AMD officials have since stated that they are investigating the claims. IntelBroker's notoriety is rooted in a history of targeting diverse organizations, including critical infrastructure, major tech corporations, and government contractors. The hacker's sophisticated approach to exploiting vulnerabilities has enabled access to sensitive information on multiple occasions. Previous claims include breaches at institutions like Apple, Lindex Group, and Acuity, a U.S. federal technology consulting firm. Cognizant Technology Solutions' prompt response and thorough investigation highlight their commitment to security and client data protection. By swiftly addressing the claims of Cognizant cyberattack and confirming the integrity of their client data, Cognizant has taken an essential step in maintaining trust and transparency with their stakeholders. The Cyber Express will continue to monitor the situation closely, providing updates as more information becomes available. As investigations continue, it is crucial for organizations to communicate clearly and promptly with stakeholders, providing accurate information about the nature and extent of any data breaches. By staying informed and prepared, organizations can better protect their digital assets and maintain the trust of their clients and partners. The Cyber Express remains committed to delivering timely and accurate updates to keep the public informed about significant cybersecurity developments.

image for Australia Bets $2 Bi ...

 Cybersecurity News

Amazon Web Services (AWS) has announced a $2 billion strategic partnership with the Australian Government to create a "Top Secret" AWS Cloud (TS Cloud). This initiative is set to significantly enhance Australia's defence and intelligence capabilities. "The partnership leverages AWS's global   show more ...

experience, reliability, security, and performance, with local skilled personnel, the ability to dedicate thousands of engineers and experts to long-term government initiatives. It provides for continuous infrastructure investment and focus on enhancing cloud services to meet evolving needs," reads the AWS official release. While this may seem like a massive leap forward in terms of innovation and security, it also raises questions about dependency on a single corporation for critical national infrastructure. Let's dive in and dig more into this AWS and Australian Government partnership. AWS History of Investment and Innovation AWS's commitment to Australia isn't new. Since establishing a local presence with the 2012 launch of the AWS Asia Pacific (Sydney) Region, the company has been a driving force behind digital transformation in both the public and private sectors. The 2023 launch of the AWS Asia Pacific (Melbourne) Region further solidified this relationship. AWS claims that these investments have already amounted to over $9.1 billion into the local economy, with plans to invest an additional $13.2 billion by 2027. While these numbers are staggering, they also highlight the immense influence AWS has accumulated over the past decade. The TS Cloud initiative, albeit promising, cements AWS's role as a critical player in Australia's digital infrastructure, raising concerns about monopolistic tendencies and the risks associated with single-provider dependencies. AWS Partnership: Implications for Defence and Intelligence The TS Cloud is purpose-built for Australia’s Defence and Intelligence agencies to securely host sensitive information and facilitate seamless data sharing between the National Intelligence Community and the Australian Defence Force. AWS touts that the cloud will unlock new Artificial Intelligence (AI) and Machine Learning (ML) capabilities, potentially revolutionizing how classified data is managed and analyzed. "With the TS Cloud, Australia’s Defence and Intelligence agencies will have the ability to select from AWS’s services across compute, storage, databases, analytics, AI and ML. Cloud technology is an important capability for agencies to accelerate innovation and agility whilst staying secure. By eliminating the basic, routine IT infrastructure tasks, agencies can focus on what’s most important to them: protecting and advancing Australia’s interests. The cloud eliminates the undifferentiated heavy lifting of sourcing and maintaining IT hardware, and enables a mission first focus," AWS statement reads. However, while the potential benefits are significant, the security implications of entrusting such sensitive data to a cloud environment, even one designed with the highest security standards, cannot be overlooked. The success of this initiative will largely depend on AWS's ability to continually meet stringent security requirements and protect against increasingly sophisticated cyber threats. Security and Compliance AWS's certification as a Strategic Hosting Provider under the Australian Government’s Hosting Certification Framework and its ongoing compliance with the Information Security Registered Assessors Program (IRAP) for operating workloads at the PROTECTED level is reassuring. As of June 2024, AWS boasts 151 Cloud services available in Australia, supporting a plethora of security standards and compliance certifications. The AWS-Australia partnership is not just about technology; it’s also about economic growth and workforce development. AWS claims that the TS Cloud initiative will generate local jobs in fields like cybersecurity, data analytics, and cloud computing. Additionally, AWS’s collaboration with educational institutions aims to prepare Australians for future roles, with over 400,000 individuals having already received cloud skills training since 2017. "We’re excited by the opportunities the TS Cloud initiative brings to Australia’s economy and communities. The government’s investment opens doors for creating new jobs, developing skills, and sparking innovation across multiple sectors. By enabling Australian businesses to design, build, and integrate cutting-edge cloud capabilities, this collaboration will generate new local jobs in fields like cybersecurity, data analytics, and cloud computing," reads the statement. While the creation of new jobs and skills development is a positive outcome, it also raises questions about the long-term impact on the local tech industry. As AWS continues to expand its footprint, there is a risk of creating a dependency on AWS-specific skills, potentially limiting the diversity and resilience of Australia's tech ecosystem. AWS and Australian Government Partnership: Sustainability Efforts AWS’s investment in sustainable cloud infrastructure, including renewable energy projects like the 125MW Amazon Solar Farm in Wandoan, Queensland, reflects a commitment to environmental responsibility. These projects are forecast to generate significant economic benefits and contribute to Australia’s GDP. However, it remains to be seen how these initiatives will balance with the overall environmental impact of large-scale data centers, which are known for their substantial energy consumption. The integration of sustainable practices within such a large operation will require continuous effort and innovation. A Double-Edged Sword The AWS-TS Cloud initiative represents a significant leap forward in enhancing Australia’s national security and digital capabilities. However, this partnership also exemplifies the complex interplay between innovation, security, and economic dependency. As Australia embraces this ambitious project, it must also navigate the inherent risks and ensure that the benefits do not come at the cost of sovereignty and independence in critical national infrastructure. As AWS and the Australian Government move forward with the TS Cloud initiative, ongoing scrutiny and transparent reporting will be essential to safeguard the interests of all stakeholders. The Cyber Express will continue to monitor developments and provide in-depth analysis on the implications of this strategic partnership.

image for Dark Web Actors Expl ...

 Firewall Daily

A threat actor identified as Alderson1337 has surfaced on BreachForums offering to sell an exploit designed to target 'npm' accounts through a critical account takeover vulnerability. 'npm' stands as a pivotal package manager for JavaScript, managed by npm, Inc., a subsidiary of GitHub.  This account   show more ...

takeover vulnerability, according to Alderson1337, could potentially allow malicious actors to compromise npm accounts associated with specific organizational employees. The npm exploit involves injecting undetectable backdoors into packages utilized by these employees, which, upon subsequent updates, could lead to widespread device compromise within the organization. Dark Web Actor Selling npm Exploit for Account Takeover Vulnerability [caption id="attachment_80221" align="alignnone" width="2114"] Source: Dark Web[/caption] The threat actor refrained from disclosing a proof of concept (PoC) openly but instead invited interested parties to initiate private communications for further details. This move suggests a strategic effort to maintain the exploit's confidentiality and ensure exclusivity among potential buyers. This npm exploit, if successful, could potentially inject backdoors into npm packages, thereby compromising organizational devices. The incident has primarily impacted npm Inc., with npmjs.com being the related website. The potential repercussions extend worldwide, although the specific industry impact remains unclassified.  Following this npm exploit for account takeover vulnerability, The Cyber Express contacted npm to clarify the reported vulnerability and the involved threat actors. As of now, npm has not issued an official statement, leaving the assertions regarding the account takeover vulnerability unconfirmed. Understanding Account Takeover Vulnerabilities Account Takeover (ATO) vulnerabilities represent a severe threat where cybercriminals gain unauthorized access to online accounts by exploiting stolen passwords and usernames. These credentials are often obtained through various means, such as social engineering, data breaches, or phishing attacks. Once acquired, cybercriminals can employ automated bots to systematically test these credentials across multiple platforms, including travel, retail, finance, eCommerce, and social media sites. Commonly, users' reluctance to update passwords and the tendency to reuse them across different platforms exacerbate the risk of credential stuffing and brute force attacks. This practice allows attackers to gain access to accounts, potentially leading to identity theft, financial fraud, or misuse of personal information. To mitigate the risk of ATO attacks, experts recommend adopting robust password management practices, including the use of unique, complex passwords for each account and implementing two-factor authentication (2FA) wherever possible. Regular monitoring of unauthorized account activities and prompt response to suspicious login attempts are also crucial in maintaining account security. While the specifics of Alderson1337's claims await verification, the incident highlights the ongoing challenges posed by account takeover vulnerabilities in today's interconnected digital environment. Vigilance and collaboration across the cybersecurity community are vital in mitigating such threats and preserving the integrity of online platforms and services. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Trends, Reports, Analysis

The Cy-Xplorer 2024 report by Orange Cyberdefense reveals a significant rise in cyber extortion, with 60 ransomware groups affecting 4374 victims from Q1 2023 to Q1 2024. SMBs are targeted 4.2 times more than larger enterprises.

 Malware and Vulnerabilities

OVHcloud successfully mitigated a record-breaking DDoS attack with a packet rate of 840 million packets per second. The attack originated from compromised MikroTik network devices, which were used to generate high packet rates.

 Threat Actors

ANSSI warned about a hacking group linked to Russia's SVR targeting French diplomatic interests. The group has compromised email accounts at the French Ministry of Culture and the National Agency for Territorial Cohesion

 Malware and Vulnerabilities

Hackers are targeting older versions of the HTTP File Server from Rejetto to drop malware and cryptocurrency mining software by exploiting a critical vulnerability (CVE-2024-23692) that allows executing arbitrary commands without authentication.

 Malware and Vulnerabilities

Canonical has released Ubuntu security updates to address bugs in Ghostscript, a tool used for interpreting PostScript and PDF files. These vulnerabilities could potentially allow attackers to bypass security restrictions or execute malicious code.

 Malware and Vulnerabilities

The Mekotio banking trojan is a highly sophisticated malware that targets Latin American countries, with a focus on stealing banking credentials. It spreads through phishing emails, tricking users into interacting with malicious links or attachments.

 Feed

Debian Linux Security Advisory 5725-1 - Johannes Kuhn discovered that messages and channel names are not properly escaped in the modtcl module in ZNC, a IRC bouncer, which could result in remote code execution via specially crafted messages.

 Feed

Ubuntu Security Notice 6877-1 - It was discovered that LibreOffice incorrectly performed TLS certificate verification when the LibreOfficeKit library is being used by third-party components. A remote attacker could possibly use this issue to obtain sensitive information.

 Feed

This Metasploit module exploits vulnerabilities in multiple Zyxel devices including the VPN, USG and APT series. The affected firmware versions depend on the device module, see this module's documentation for more details.

 Feed

Ubuntu Security Notice 6875-1 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6864-1 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. A security issue was discovered in the Linux kernel. An attacker could possibly use it to compromise the system.

 Feed

Ubuntu Security Notice 6874-1 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6873-1 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6871-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6305-3 - USN-6305-2 fixed a vulnerability in PHP. The update caused a regression in Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. This update fix it. It was discovered that PHP incorrectly handled certain XML files. An attacker could possibly use this issue to expose sensitive information.

 Feed

Ubuntu Security Notice 6870-1 - It was discovered that the Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6868-1 - Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive   show more ...

information. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6867-1 - It was discovered that the HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6866-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that   show more ...

the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Ubuntu Security Notice 6865-1 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that   show more ...

the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

A coordinated law enforcement operation codenamed MORPHEUS has felled close to 600 servers that were used by cybercriminal groups and were part of an attack infrastructure associated with the Cobalt Strike.  The crackdown targeted older, unlicensed versions of the Cobalt Strike red teaming framework between June 24 and 28, according to Europol. Of the 690 IP addresses that were flagged to

 Feed

Cloud communications provider Twilio has revealed that unidentified threat actors took advantage of an unauthenticated endpoint in Authy to identify data associated with Authy accounts, including users' cell phone numbers. The company said it took steps to secure the endpoint to no longer accept unauthenticated requests. The development comes days after an online persona named ShinyHunters

 Feed

Brazil's data protection authority, Autoridade Nacional de Proteção de Dados (ANPD), has temporarily banned Meta from processing users' personal data to train the company's artificial intelligence (AI) algorithms. The ANPD said it found "evidence of processing of personal data based on inadequate legal hypothesis, lack of transparency, limitation of the rights of data subjects, and risks to

 Feed

Microsoft has revealed two security flaws in Rockwell Automation PanelView Plus that could be weaponized by remote, unauthenticated attackers to execute arbitrary code and trigger a denial-of-service (DoS) condition. "The [remote code execution] vulnerability in PanelView Plus involves two custom classes that can be abused to upload and load a malicious DLL into the device," security researcher

 Law & order

Apps can let you spy on strangers in bars, a gang of cryptocurrency thieves turns to kidnap and assault, and have you joined the mile-high evil twin club? All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Mark Stockley of the brand-new "The AI Fix" podcast.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Cloud Security , Next-Generation Technologies & Secure Development Framework Sets Stage for Agencies to Increasingly Adopt New, Modern Tech Solutions Chris Riotta (@chrisriotta) • July 3, 2024     The new   show more ...

framework prioritizes certain generative AI capabilities, such as chat interfaces and debugging tools. […] La entrada FedRAMP Launches New Framework for Emerging Technologies – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Affects

Source: www.databreachtoday.com – Author: 1 Critical Infrastructure Security Hackers Have Not Yet Exploited the CVSS 10-Rated Flaw, Says PTC Rashmi Ramesh (rashmiramesh_) • July 3, 2024     Image: Shutterstock Software maker for critical manufacturing organizations PTC patched a critical flaw that could   show more ...

allow hackers to execute arbitrary commands on a system server, days after […] La entrada Patched: RCE Flaw That Affects Critical Manufacturing – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 attack

Source: www.databreachtoday.com – Author: 1 Finance & Banking , Fraud Management & Cybercrime , Industry Specific Customers Cannot Make Payments, Receive Direct Deposits or Transfer Funds Rashmi Ramesh (rashmiramesh_) • July 3, 2024     Patelco Credit Union is on day four of its ransomware attack   show more ...

incident. (Image: Shutterstock) A ransomware attack forced Patelco Credit […] La entrada On Day 4 of Ransomware Attack, Service Still Down at Patelco – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Children's

Source: www.databreachtoday.com – Author: 1 Breach Notification , Fraud Management & Cybercrime , Healthcare Chicago Pediatrics Center Refused to Pay Ransom to Rhysida Cybercrime Group Marianne Kolbasuk McGee (HealthInfoSec) • July 3, 2024     Ann & Robert H. Lurie Children’s Hospital of   show more ...

Chicago is notifying nearly 800,000 patients, employees and others whose data was […] La entrada Children’s Hospital Notifies 800,000 of Data Theft in Attack – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Rick Bryant Healthcare Chief Technology Officer, Rubrik Rick Bryant is the Healthcare Chief Technical Officer for Rubrik. In this role, he leads initiatives within Rubrik to serve the healthcare information technology industry through technology excellence and process   show more ...

solutions. Rick has a passion for patient security, privacy, and data driven outcomes. […] La entrada Securing Healthcare: Minimizing Risk in an Ever-Changing Threat Landscape – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Sam Curry Global VP, CISO – Zscaler Sam Curry has over three decades as an entrepreneur, infosec expert and executive at companies like RSA, Arbor Networks, CA, McAfee, Cybereason, and more. He is dedicated to empowering defenders in cyber conflict and   show more ...

fulfilling the promise of security, enabling a safe, reliable, […] La entrada How Top Cybersecurity Leaders Predict Threats and Navigate Risk​ – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 business

Source: www.databreachtoday.com – Author: 1 Heather Hughes Vice President, Engagement Management, Stroz Friedberg Incident Response Aon’s Cyber Solutions Heather is a Vice President for Stroz Friedberg’s Houston office where she leads a wide variety of engagements, including data breach/incident response   show more ...

matters, complex digital forensics investigations, security risk assessments, and cyber due diligence investigations. Heather is […] La entrada The Cost of Underpreparedness to Your Business – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.databreachtoday.com – Author: 1 Adopting and implementing a zero trust security approach is critical to help avoid the types of major IT disruptions and massive data compromises seen in recent cyberattacks that affected the healthcare, public health and government sectors, said Clinton McCarty,   show more ...

director of enterprise security and CISO at federal contractor National Government […] La entrada Why Zero Trust Is Critical in Health and Government Sectors – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Leadership & Executive Communication , Professional Certifications & Continuous Training , Training & Security Leadership What to Do When a Sudden Change or Loss Challenges These Qualities Brandy Harris • July 3, 2024     Steve King, managing   show more ...

director, CyberEd.io This blog post is dedicated to Steve King, managing director […] La entrada Embracing Resilience, Grit and Adaptability in the Workplace – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Thursday, July 04
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember