Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Researchers Observe ...

 Cybersecurity News

Researchers have observed improvements in the ViperSoftX info-stealing malware that had been first spotted in 2020. The malware has moved toward employing more sophisticated evasion tactics, refined through the incorporation of the Common Language Runtime (CLR) to run PowerShell commands within AutoIt scripts   show more ...

distributed through pirated eBook copies. This clever trick allows the malware to blend in with legitimate system activities, making it harder for security solutions to spot. ViperSoftX Distributed as Trojan Horse in eBooks [caption id="attachment_81267" align="alignnone" width="1932"] Source: www.trellix.com[/caption] ViperSoftX spreads through torrent sites, masquerading as eBooks. The infection chain of ViperSoftX begins when users access the downloaded RAR archive that includes a hidden folder, a deceptive shortcut file  that appears to be a harmless PDF or eBook along with a PowerShell script, AutoIt.exe, and AutoIt script that pose as simple JPG image files. [caption id="attachment_81268" align="alignnone" width="1200"] Source: www.trellix.com[/caption] When the user clicks on the shortcut file, it initiates a command sequence that begins by listing the contents of "zz1Cover4.jpg". Subsequently, it reads each line from this file in which commands are cleverly hidden within blank spaces, to a Powershell Command Prompt, effectively automating the execution of multiple commands. The researchers from Trellix state that the PowerShell code performs several actions, including unhiding the hidden folder, calculating the total size of all disk drives, and configuring Windows Task Scheduler to run AutoIt3.exe every five minutes after the user logs in, effectively setting up persistence mechanisms on infected systems. The malware also copies two files to the %APPDATA%MicrosoftWindows directory, renaming one of them to .au3 and the other to AutoIt3.exe. Increasing ViperSoftX Sophistication The malware's use of CLR to run PowerShell within AutoIt is particularly sneaky. AutoIt, typically used for automating Windows tasks, is often trusted by security software. By piggybacking on this trust, ViperSoftX can fly under the radar. The malware employs additional tricks up its sleeve in the form of heavy obfuscation, deception and encryption to hide its true nature. ViperSoftX uses heavy Base64 obfuscation and AES encryption to hide the commands in the PowerShell scripts extracted from the image decoy files. This level of obfuscation challenges both researchers and analysis tools, making it even more difficult to decipher the malware's functionality and intent. The malware even attempts to modify the Antimalware Scan Interface (AMSI) to bypass security checks run against its scripts. By leveraging existing scripts, the malware developers accelerate development and focus on improving their evasion tactics, Analysis of the malware's network activity demonstrates attempts to blend traffic with legitimate system activity. Researchers observed the use of deceptive hostnames such as security-microsoft[.]com by the malware to appear more trustworthy and deceive victims into associating the traffic activity with with Microsoft. Analysis of a suspicious Base64-encoded User-Agent string, revealed detailed amount of system information extracted through PowerShell command execution from infected systems including logical disk volume serial number, computer name, username, operating system version, antivirus product information, and cryptocurrency details. The researchers warn against the increasing sophistication in ViperSoftX's operations as its ability to execute malicious functions while evading traditional security measures makes it a formidable opponent.

image for ‘Gay Furry Hackers ...

 Cybersecurity News

SiegedSec, who describe themselves as "gay furry hackers," claimed responsibility for a cyberattack on The Heritage Foundation before the hacktivist group promptly disbanded. The Heritage Foundation cyberattack surfaced on July 2, 2024, when SiegedSec allegedly released two gigabytes of the conservative think   show more ...

tank’s internal data. The Heritage Foundation was specifically targeted because of its "Project 2025" plans, which SiegedSec views as a blueprint for Donald Trump to implement sweeping far-right reforms should he win another term as president. According to the hacktivist group, these plans align with anti-trans and anti-abortion policies they are actively opposing through their cyber campaign. SiegedSec’s Cyberattack on The Heritage Foundation Explained On July 2, SiegedSec released an alleged leak from The Heritage Foundation’s blogs and material related to ‘The Daily Signal’, a right-wing media site affiliated with Heritage. The data was created between 2007 and November 2022. [caption id="attachment_81349" align="aligncenter" width="493"] Source: SeigedSec't Telegram Post[/caption] The leak exposed sensitive information, including full names, email addresses, passwords, and usernames of individuals associated with The Heritage Foundation, including users with U.S. government email addresses. In its Telegram channel, SiegedSec explained its motives, saying, “Project 2025 threatens the rights of abortion healthcare and LGBTQ+ communities in particular. So of course, we won’t stand for that!” However, according to an article in Fudzilla, a Heritage spokesperson refuted the claims, stating that "an organized group stumbled upon a two-year-old archive of The Daily Signal website available on a public-facing website owned by a contractor." The spokesperson said no Heritage systems were breached at any time, dismissing the hack as "a false exaggeration by a group of criminal trolls seeking attention." SiegedSec Announces Retirement, Exposes Chats with The Heritage Foundation Following the alleged data breach, SiegedSec surprisingly announced the group’s disbanding on July 11. [caption id="attachment_81350" align="aligncenter" width="473"] SiegedSec's Post on Telegram[/caption] “Yes, this is a sudden announcement. We planned to disband later today or tomorrow, but given the circumstances, I believe its best we do so now. “I've been considering quitting cybercrime lately, and the other members have agreed it’s time to let SiegedSec rest for good,” the group posted on its Telegram account. The group then invited The Heritage Foundation to contact them over the leak, which is when one Mike Howell, an investigative columnist for the Daily Signal, contacted SiegedSec over the messaging app Signal. In a conversation with Vio, a spokesperson for SiegedSec, Howell said that The Heritage Foundation was “in the process of identifying and outting [sic] members of your group” and working with the FBI. In its Telegram post on July 11, SiegedSec said, “Mike Howell reached out to us, at first to ask questions to understand our motives and why we breached his organization. Then, he proceeded to throw insults, threats, and claimed our existence was against nature.” “We tried answering things in a way to hopefully help him understand. But as his insults grew, so did our impatience. So we are releasing all of our chat logs with Mike Howell.” Chat Logs of SiegedSec vs Heritage Foundation Response [caption id="attachment_81352" align="aligncenter" width="617"] Source: X[/caption] The chat logs appear to support the claims made by SiegedSec. The chat transcript showed Mike Howell using offensive language to describe SiegedSec members. Howell also threatened to expose the identities of the hackers, using a homophobic slur in the process. Following an exchange where Howell issued a violent threat, SiegedSec member vio queried whether Howell would object to the conversation being made public. “Please share widely,” Howell responded, “I hope the word spreads as fast as the STDs do in your degenerate furry community.” Howell reposted this information on Twitter, quoting the lyrics of the song “The Way I Am” by Eminem. Howell's retweet essentially confirmed the authenticity of the chat logs. SiegedSec, however, maintained that their decision to disband was pre-planned. "While this announcement may seem abrupt," SiegedSec explained, "we had already planned to disband within the next day or two. Given the recent developments, including the intense media attention and the potential for FBI involvement, we believe disbanding now is the best course of action for our mental wellbeing." The group elaborated that they had been contemplating ending their cybercrime activities for some time, and the other members agreed it was time to permanently shut down SiegedSec's operations. History of SiegedSec’s Cyberattacks SiegedSec, a hacktivist collective led by "YourAnonWolf," gained prominence shortly before the Russian invasion of Ukraine. The group, humorously labeling themselves as "gay furry hackers," quickly amassed a following and claimed responsibility for various cyber attacks. Operating with affiliations to groups like GhostSec, SiegedSec is known for its witty slogans and profane communication style. The collective predominantly comprises members in the 18-26 age bracket, showcasing a youthful and dynamic approach to their hacking activities. Some of the organizations associated with SiegedSec's cyberattacks include NATO, River Valley Church in the U.S. for its alleged anti-trans stand, AirAsia Berhad, Murphy Oil Corporation and Telerad Bangladesh Ltd.

image for Mining Giant Sibanye ...

 Firewall Daily

Sibanye-Stillwater disclosed that it had fallen victim to a cyberattack, resulting in operational disturbances across its global IT systems. The Sibanye-Stillwater cyberattack began on Monday, affecting the company's servers and causing widespread disruptions. However, core mining and processing activities have   show more ...

largely continued unaffected. A Sibanye-Stillwater spokesperson confirmed the attack to The Cyber Express, stating, "We confirm that a cyber attack has taken place at Sibanye-Stillwater. While the investigation into the incident is ongoing, there has been limited disruption to the Group’s operations globally." The company promptly isolated the affected IT systems and engaged external cybersecurity experts to investigate and restore normal operations. Decoding the Sibanye-Stillwater Cyberattack Despite the severity of the cyberattack on Sibanye-Stillwater, the organization has not received any ransom demands nor identified the perpetrators behind the cyberattack. The company has reassured stakeholders of its commitment to mitigating the impact of the attack and enhancing protections against future threats. The Johannesburg-headquartered firm, known for its operations in precious metals like platinum and gold in South Africa, also operates internationally, including a palladium mine in the U.S. and projects in Finland, France, and Australia involving lithium, nickel, and zinc. As of now, the company's official website, www.sibanyestillwater.com, remains inaccessible, displaying a message indicating technical difficulties. The Cyber Express has reached out to the organization to learn more about the extent of the cyberattack on Sibanye-Stillwater or its mitigation strategies. In response, a spokesperson shared information on the attack and mitigation strategies implemented at the time of the incident. Measures taken included implementing immediate containment measures in line with our Incident Response plan which included proactively isolating IT systems and safeguarding data", said the spokesperson.  Sibanye-Stillwater Cyberattack and Mitigation Strategies In a formal statement released on Thursday, Sibanye-Stillwater highlighted its commitment to managing the cyber incident diligently: "Our efforts remain focused on working towards the full remediation of the effects of this attack. We are voluntarily reporting this incident to the appropriate regulators and will provide further updates as necessary." Sibanye-Stillwater, listed on both the Johannesburg Stock Exchange (JSE: SSW) and the New York Stock Exchange (NYSE: SBSW), is a prominent player in the global mining and metals processing industry, specializing in platinum group metals (PGMs) and gold production. The company has also expanded its operations into battery metals mining and recycling, emphasizing its commitment to sustainability and operational resilience. Sibanye-Stillwater is a multinational mining and metals processing group with operations across five continents. The company is a leading producer of platinum, palladium, and rhodium, and has interests in various other metals including gold, iridium, ruthenium, nickel, chrome, copper, and cobalt. Sibanye-Stillwater is also involved in recycling PGM autocatalysts and leading mine tailings re-treatment operations globally.

image for SCOTUS Chevron Rulin ...

 Cybersecurity News

In the two weeks since the U.S. Supreme Court struck down a 40-year-old precedent that gave federal agencies wide latitude in interpreting the laws they enforce, there has been widespread concern that an activist judiciary will thwart regulators’ efforts to protect public health and safety. In a Center for   show more ...

Cybersecurity Policy and Law blog post, Harley Geiger, Ines Jordan-Zoob and Tanvi Chopra said the ruling in Loper Bright Enterprises v. Raimondo that overturned the 1984 Chevron v. Natural Resources Defense Council precedent “is likely to have a seismic effect on regulatory enforcement and policymaking across sectors. This includes digital security, where many federal regulations involve interpretations of older statutory authorities that pre-date modern cybersecurity practices and threats.” They cited the SEC’s cybersecurity incident disclosure rule, Gramm-Leach-Bliley Act (GLBA) information security requirements for non-banking financial institutions, and TSA transportation cybersecurity requirements as regulations that could be challenged. And pending rules like CISA’s proposed implementation of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) could be narrowed as a result of the SCOTUS Chevron ruling. SCOTUS Chevron Ruling Doesn't Stop Many Cybersecurity Laws In an interview with The Cyber Express, Ilia Kolochenko, an attorney in the Platt Law cyber law practice and CEO of ImmuniWeb, said public health and environmental agencies like the EPA may be impacted by the ruling, but he thinks the effect on cybersecurity regulation will be minimal. “We don’t have a lot of cybersecurity rules, and the ones we have are pretty lenient,” Kolochenko said. “I don’t think we’ll see a lot of litigation.” [caption id="attachment_81278" align="alignright" width="192"] Ilia Kolochenko[/caption] Federal agencies have largely relied on cybersecurity guidance, assistance and frameworks rather than strict regulations, he said. And he thinks companies will likely choose to avoid the negative publicity and suspicions that would come from challenging cyber regulations. Most businesses tend to settle FTC complaints rather than fight them in court, he notes. Investors might lose faith in a company challenging the SEC rules, for example, and consumers might wonder “what are you hiding?” He cites the long-running case of LabMD v. FTC as an example of how a lawsuit can backfire – LabMD might have won the case, but it went out of business in the process, and FTC has been working on clearer security regulations since. “Be careful what you ask for, because you might get it,” Kolochenko quipped. But perhaps more importantly, there are so many state, private and global cybersecurity requirements – such as the California Consumer Privacy Act (CCPA), the EU’s General Data Protection Regulation (GDPR) and the credit card industry’s PCI DSS, that there might not be much to gain by challenging a federal agency’s authority. “We won’t see tectonic changes” because of all those issues, he said. A National Data Privacy Law Would Help In fact, it’s that patchwork of state privacy and security laws that Kolochenko would most like to see addressed – those myriad requirements that make it “extremely expensive to comply,” he said. Kolochenko would like to see a U.S. national data privacy law to preempt state laws and make compliance easier, but those efforts stalled in Congress once again this year – and could become even more challenging in the future, as the Supreme Court’s ruling will mean that Congress will need greater expertise and precision in drafting legislation. Kolochenko said Congress may need a formal cybersecurity committee to deal with those challenges. There’s a White House-led effort to harmonize cybersecurity regulations and policies that could help – but ironically, the Supreme Court’s ruling could slow that down too. A House bill to help that process along was unveiled yesterday, but likely won’t get very far with an election and new Congress looming. Put it all together – the relative leniency of federal regulations; tougher state, private and international laws that companies must comply with anyway; the reluctance of businesses to sue; and a gridlocked Congress – and you begin to see why the SCOTUS Chevron ruling might not change much in cybersecurity regulations, at least not any time soon.

image for The Global Epidemic ...

 Firewall Daily

In the shadows of the internet lurks a sophisticated web of deception and exploitation, primarily centered around a practice known as "pig butchering" in the world of cryptocurrency scams. This article shares details into the intricate world of pig butchering, exploring its origins, the pivotal role of   show more ...

platforms like Huione Guarantee, and the broader implications for cybersecurity and global law enforcement. Pig butchering, initially localized in Southeast Asia, has metastasized into a global threat, ensnaring unsuspecting victims through sophisticated social engineering and digital manipulation tactics. This global threat has now conspired with major public platforms with Huione Guarantee being the latest facilitators of these scams. The term "pig butchering" vividly describes the systematic approach used by scammers: establishing trust through fictitious identities on social media or dating platforms, and then convincing victims to invest in fraudulent cryptocurrency scams. Rise of Pig Butchering: From Southeast Asia to Global Menace These operations are highly sophisticated, often involving the creation of elaborate personas and counterfeit websites that mimic legitimate trading platforms. Once victims are ensnared, scammers typically demand additional fees or taxes, effectively locking victims out of their investments and causing substantial financial harm. At the epicenter of the pig butchering ecosystem lies Huione Guarantee, an online platform linked with Huione Group, a Cambodian financial conglomerate associated with the country's ruling elite. Originally designed as an escrow service for peer-to-peer transactions using Tether cryptocurrency on Telegram, Huione Guarantee has inadvertently become a haven for crypto scammers. According to Elliptic, a crypto-tracing firm, Huione Guarantee has facilitated illicit transactions amounting to an astounding $11 billion since its inception. This figure highlights the platform's significant role within the crypto scam domain, serving as a marketplace for fictitious investment opportunities and tools utilized in human trafficking and other illicit activities. The Dark Side of Huione Guarantee: Tools of Exploitation Beyond its role as a transaction facilitator, Huione Guarantee hosts a marketplace where various tools crucial to perpetuating pig butchering scams are readily available for purchase. These tools include shock-enabled GPS tracking shackles, electric batons, and deepfake services, showcasing the nefarious capabilities wielded by scammers. Such tools not only aid in executing financial fraud but also play a pivotal role in coercing and controlling individuals involved in scam-related forced-labor schemes across Southeast Asia. Addressing pig butchering and similar crypto scams necessitates a coordinated global effort, with law enforcement agencies from multiple countries actively collaborating to dismantle these criminal networks. Recent actions, such as the U.S. Department of Justice's seizure of domains linked to pig butchering scams, exemplify these efforts, aiming to disrupt illicit activities and safeguard vulnerable victims. In India, Cyble Research and Intelligence Labs have played a pivotal role in uncovering pig butchering scams targeting Indian investors. Their investigations have revealed a proliferation of fraudulent trading apps distributed through mainstream platforms like Google Play Store and App Store, exploiting individuals seeking high returns in the volatile cryptocurrency market. Similar operations have been reported in Taiwan, Korea, and other Asian countries, highlighting the global reach and transnational nature of crypto scam networks. Deepfake Scams: Exploiting Digital Deception The advent of deepfake technology has introduced a new layer of sophistication to pig butchering scams, enabling scammers to create convincing digital personas and manipulate video content to deceive victims effectively. These deepfakes enhance the credibility of fraudulent investment schemes or impersonate trusted figures, further blurring the lines between reality and deception in the digital age. Despite concerted efforts by law enforcement and cybersecurity experts, combating pig butchering and related crypto scams remains a formidable challenge. The decentralized nature of cryptocurrencies and their inherent anonymity pose significant obstacles to tracking and recovering stolen funds. Moreover, the rapid evolution of scam tactics—from phishing sites impersonating legitimate brokers to advanced deepfake technologies—necessitates continuous adaptation and vigilance from regulators and individuals alike. As the crypto world continues to face these threats, stakeholders must prioritize education, awareness, and regulatory measures to mitigate risks associated with pig butchering and similar scams. Enhanced collaboration between international law enforcement agencies, technology firms, and financial institutions is critical for disrupting the financial flows that sustain these illicit operations and safeguarding vulnerable individuals from digital exploitation. The pervasive nature of pig butchering scams highlights the urgent need for a united global response. By exposing the inner networks of these scams, raising public awareness, and leveraging technological advancements, we can collectively combat crypto fraud and uphold the integrity of digital economies worldwide.

image for Patch Now! Critical ...

 Vulnerabilities

Palo Alto Networks has issued security updates to address vulnerabilities impacting its products, including a critical vulnerability in its Expedition migration tool that could grant attackers complete administrator control. This critical vulnerability, designated CVE-2024-5910, boasts a CVSS score of 9.3 and stems   show more ...

from a lack of authentication within the Expedition migration tool. This missing safeguard could allow malicious actors with network access to Expedition to seize administrative accounts. All Expedition Versions Before 1.2.92 At Risk The ramifications of a compromised Expedition migration tool admin account are significant. According to the Palo Alto Networks advisory, "configuration secrets, credentials, and other data imported into Expedition is at risk" and would be exposed to attackers who exploit this flaw. The vulnerability affects all versions of Expedition prior to 1.2.92, which incorporates a fix. Thankfully, there's no evidence of this vulnerability being actively exploited. However, Palo Alto Networks strongly recommends updating Expedition to the latest version to mitigate potential threats. As a temporary workaround, Palo Alto Networks advises restricting network access to Expedition solely to authorized users, devices and networks. Palo Alto Firewalls Face Blast-RADIUS In addition to the Expedition migration tool flaw, Palo Alto Networks also addressed a recently discovered vulnerability in the RADIUS protocol, dubbed Blast-RADIUS. This vulnerability, tracked as CVE-2024-3596, could enable attackers to bypass authentication procedures on Palo Alto Networks firewalls leveraging RADIUS servers. Technical details delve into how Blast-RADIUS exploits a scenario where an attacker positions themselves between a Palo Alto Networks PAN-OS firewall and a RADIUS server, launching a so-called "man-in-the-middle" attack. This maneuver allows the attacker to potentially "escalate privileges to 'superuser' when RADIUS authentication is in use and either CHAP or PAP is selected in the RADIUS server profile," as outlined in the Palo Alto Networks advisory. For those unfamiliar, CHAP (Challenge-Handshake Authentication Protocol) and PAP (Password Authentication Protocol) are two authentication protocols that, according to the advisory, "should not be used unless they are encapsulated by an encrypted tunnel" due to their lack of inherent Transport Layer Security (TLS) encryption. Luckily, PAN-OS firewalls configured to utilize EAP-TTLS with PAP for RADIUS server authentication are not susceptible to this exploit. "Palo Alto Networks is aware of proof of concept code demonstrating how to exploit this generic issue." Palo Alto Networks has identified several PAN-OS versions impacted by Blast-RADIUS, with fixes already available for most. The following PAN-OS versions are impacted: PAN-OS 11.1 (fixed in versions >= 11.1.3) PAN-OS 11.0 (fixed in versions >= 11.0.4-h4) PAN-OS 10.2 (fixed in versions >= 10.2.10) PAN-OS 10.1 (fixed in versions >= 10.1.14) PAN-OS 9.1 (fixed in versions >= 9.1.19) A fix for Prisma Access is anticipated by July 30.

image for LuLu Hypermarket Dat ...

 Firewall Daily

IntelBroker, a solo hacker on dark web forums, has claimed the LuLu Hypermarket data breach, targeting a prominent retail giant in the Gulf region. The hacker allegedly breached the database of the hypermarket giant, compromising the personal information of approximately 196,000 individuals.  In his post, the hacker   show more ...

claims to have access to full databases related to the organization, stating, “I have the full database, including the millions of users and orders that I'm currently importing as a bacpac file so I can release it at a later date. The compromised data, according to IntelBroker, includes, “cellular numbers & email Addresses”. LuLu Hypermarket, a division of the multinational LuLu Group International, is renowned for its vast retail facilities combining supermarkets and department stores under one roof. With over 201 stores across the Gulf, LuLu Hypermarket offers a comprehensive range of products and services to cater to diverse consumer needs. IntelBroker Claims Massive LuLu Hypermarket Data Breach and Claims to Leak Data Soon The LuLu Hypermarket data breach, disclosed by the hacker on BreachForums, a notorious platform for trading stolen data, exposed sensitive information including cellular numbers and email addresses. The hacker claimed to possess the entire LuLuMarket database and hinted at further leaks, highlighting the severity of the incident and its potential repercussions for LuLu Hypermarket's reputation and operational integrity. [caption id="attachment_81294" align="alignnone" width="1970"] Source: Dark Web[/caption] The LuLu Hypermarket data breach is part of a broader trend affecting retail and commercial sectors worldwide, where cyberattacks have increasingly targeted organizations handling vast amounts of consumer data. Recent incidents involving Canadian and Swedish supermarket chains illustrate the pervasive nature of cyber threats, which can disrupt operations, compromise customer trust, and incur significant financial and reputational damage. IntelBroker, known for previous high-profile breaches targeting entities such as Los Angeles International Airport and Acuity, a U.S. federal technology consulting firm, operates by exploiting vulnerabilities in digital systems to gain unauthorized access to sensitive information. The hacker's activities highlight the tactics of cybercriminals and the growing challenges organizations face in protecting customer data from sophisticated cyber threats. In an exclusive interview with The Cyber Express, IntelBroker provided insights into their motivations and operational strategies, shedding light on the inner workings of cybercriminal activities. The hacker's disclosures offered a glimpse into the mindset of threat actors who capitalize on weaknesses in cybersecurity defenses to exploit valuable data for financial gain or notoriety within underground hacker communities. The Unnerving Threat to Hypermarkets and Supermarkets LuLu Hypermarket's response to the breach remains pivotal in determining the extent of consumer data exposure and the efficacy of its incident response protocols. While the company has yet to issue an official statement confirming the LuLu Hypermarket cyberattack, industry experts emphasize the importance of transparency and proactive communication in managing cybersecurity incidents to preserve stakeholder trust and comply with regulatory requirements. The fallout from cyber incidents extends beyond immediate operational disruptions, influencing consumer perceptions of data security and privacy protections. Cybersecurity incidents targeting retail organizations highlight systemic vulnerabilities in digital commerce ecosystems, where interconnected systems and third-party dependencies increase the attack surface for threat actors. The rise of cyberattacks on supermarkets necessitates collaborative efforts among industry stakeholders, government agencies, and cybersecurity professionals to fortify defenses and safeguard critical infrastructure from malicious activities. In response to cyberattacks on supermarkets, regulatory bodies worldwide are enacting stringent data protection laws and guidelines to enhance cybersecurity resilience across sectors. Compliance with these regulations requires businesses to adopt proactive cybersecurity measures, implement data encryption protocols, and conduct regular audits to assess system vulnerabilities and compliance readiness. The LuLu Hypermarket data breach highlights the need for a proactive approach to cybersecurity governance, emphasizing continuous monitoring, incident response preparedness, and stakeholder engagement to mitigate risks and enhance organizational resilience against cyber threats.  The LuLu Hypermarket data breach is an ongoing story and TCE will be closely monitoring the situation. We’ll update this post once we have more information on this alleged cyberattack on LuLu Hypermarket or any official confirmation from the parent company, LuLu Group International. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Hacktivist Groups Ta ...

 Firewall Daily

Hacktivist groups have intensified their efforts to launch cyberattacks on the NATO 75th Anniversary Summit in Washington, DC, taking place from July 9 to July 11, 2024. This international conference brings together leaders, military experts, and representatives from 32 member countries to address pressing   show more ...

geopolitical challenges and strengthen global security alliances. These hacktivist groups, known for their anti-NATO sentiments, have orchestrated a series of coordinated cyberattacks aimed at undermining NATO’s initiatives, particularly in relation to Ukraine. Their tactics include Distributed Denial of Service (DDoS) attacks on NATO websites, designed to disrupt operations and shape public opinion against Ukraine’s NATO integration. Hacktivist Groups Launch Cyberattacks on the NATO 75th Anniversary Summit The heightened cyber activity coincides with critical geopolitical maneuvers involving NATO member states. For instance, the Czech Republic and Denmark recently experienced cyber intrusions following announcements of increased military cooperation with Ukraine. According to the Cyble Research and Intelligence Labs (CRIL) report, leading the charge are prominent hacktivist collectives like People’s Cyber Army (APT44), NoName057(16), UserSec, and others, operating with a shared goal of challenging NATO’s influence and disrupting its operational capabilities. These groups have formed alliances across international borders, amplifying their collective impact and demonstrating a sophisticated approach to cyber warfare. In addition to DDoS attacks, recent weeks have seen a surge in data leaks targeting NATO’s sensitive information. Documents containing budget details, operational procedures, and member state information have been illicitly obtained and disseminated online, exposing NATO’s vulnerabilities to espionage and cyber espionage. Mitigation and Prepares for Upcoming NATO Cyberattacks The tactics of hacktivist groups, supported by international collaborations, highlight a growing cyber threat that NATO must mitigate with heightened vigilance. The alliance’s ability to fortify its cyber defenses and safeguard critical infrastructure will be crucial in mitigating future attacks and preserving global security. As the NATO Summit progresses amid these cyber challenges, cybersecurity experts stress the importance of proactive measures and collaborative efforts to defend against persistent threats. The ongoing conflict in Ukraine, coupled with geopolitical tensions with Russia and other adversaries, highlights the urgency for NATO to enhance its cybersecurity posture and protect its strategic interests. The alliance’s response to these cyber threats will not only shape its ability to maintain operational integrity but also serve as a demonstration of its commitment to collective defense and international security cooperation. In an era defined by technological advancements and geopolitical complexities, NATO’s resilience in the face of cyber warfare remains pivotal to its mission and global stability. The coordinated efforts of hacktivist groups targeting NATO highlight the need for continuous adaptation and innovation in cybersecurity strategies. By upgrading defenses and fostering greater international cooperation, NATO can effectively confront and mitigate cyber threats, safeguarding its mission and members against risks associated with hacktivist groups this year. 

image for Citrix, CISA and NCS ...

 Vulnerabilities

Security professionals and system administrators should prioritize patching a critical vulnerability in Citrix NetScaler Console, as recommended not only by the networking appliance manufacturer but also the U.S. Cybersecurity and Infrastructure Security Agency and the National Cyber Security Centre of Ireland. The   show more ...

vulnerability, tracked as CVE-2024-6235, is found in the Citrix NetScaler Console, a cloud-based management tool for NetScaler appliances. Exploiting this flaw could grant attackers unauthorized access to sensitive data, posing a significant security risk. This high-severity vulnerability scores 9.4 on the Common Vulnerability Scoring System (CVSS), indicating its critical nature. It stems from improper authentication controls within NetScaler Console, potentially allowing attackers with access to the console's IP address to bypass security measures and steal sensitive information. Versions of NetScaler Console 14.1 before 14.1-25.53 are impacted. Both CISA and NCSC issued advisories urging immediate patching. CISA’s alert warns, “A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. Patching Beyond NetScaler Console: Addressing Denial-of-Service Threats The security updates address not only the critical authentication bypass vulnerability but also a high-severity denial-of-service (DoS) flaw within NetScaler Console that is tracked as CVE-2024-6236. This DoS vulnerability exists similarly in the NetScaler Agent and NetScaler Service Virtual Machine (SVM). The flaw allows attackers with access to any of these components' IPs to launch DoS attacks, potentially disrupting critical services. Citrix also addressed another high-severity DoS vulnerability (CVE-2024-5491) affecting NetScaler ADC and Gateway appliances. Privilege Escalation Risk in Citrix Workspace App The security updates encompass a high-severity vulnerability (CVE-2024-6286) within the Citrix Workspace app for Windows. This flaw could allow low-privileged attackers with local access to a system to escalate their privileges to SYSTEM level, granting them complete control over the system. This vulnerability impacts Citrix Workspace app versions before 2403.1 in the current release and versions before 2402 in the long-term service release. NetScaler: A Repeated Target This is not the first time NetScaler has been exploited by malicious actors. Last year, a critical-severity flaw, identified as CVE-2023-4966, in Citrix NetScaler ADC and Gateway appliances was leveraged to target professional services, technology, and government organizations. This previous flaw stemmed from an unauthenticated buffer overflow issue and could enable attackers to steal sensitive information. Given NetScaler's history as a target and the severity of the newly patched vulnerabilities, applying the security updates is paramount to maintaining a secure environment. Security professionals and system administrators should prioritize patching all affected Citrix products immediately.

image for Change Healthcare Da ...

 Cybersecurity News

UnitedHealth Group’s Change Healthcare unit has uploaded a substitute data breach notice to its website about its February 2024 cyberattack and assured that affected individuals will start receiving emails of notification letters from July 20, 2024. Change Healthcare, in its notice published this week, said the data   show more ...

review is in the late stages; however, it is possible that further individuals may still be identified as having been affected. Change Healthcare Data Breach: Background and Context The company has provided a detailed timeline of data leak events in its substitute notice. Change Healthcare explains that the intrusion was discovered on February 21, 2024. Hackers were able to access internal systems between February 17 and 20. By March 7, Change Healthcare confirmed a significant amount of data was stolen from its network.  Analysis of the stolen data was delayed until March 13, 2024, when Change Healthcare was able to secure a soft copy for review. Initial investigations revealed that a substantial number of individuals in the United States were impacted. The total number affected has not been officially released but estimates suggest it could be as high as 1 in 3 Americans, potentially exceeding 110 million people. The type of information exposed or stolen varies depending on the individual and may include some or all of the following: Health insurance details (like primary, secondary, or other health plans/policies, insurance companies, member/group ID numbers, and Medicaid-Medicare-government payor ID numbers) Health information (including medical record numbers, providers, diagnoses, medications, test results, images, care and treatment details) Billing, claims, and payment information (such as claim numbers, account numbers, billing codes, payment cards, financial and banking information, payments made, and balance due) Additional personal information such as Social Security numbers, driver's licenses or state ID numbers, or passport numbers In certain instances, guarantor information was also compromised. The notice outlines steps affected individuals can take to safeguard themselves from potential misuse of their information. Change Healthcare Offers Mandatory Mitigation Services Change Healthcare is providing complimentary credit monitoring and identity theft protection services to affected individuals for a two-year period. The stolen data was obtained by an affiliate of the BlackCat ransomware group, who remain in possession of a copy. Additionally, the operators of the now-defunct BlackCat ransomware group may also have a copy, and the RansomHub ransomware group has claimed to have acquired the data. Since credit monitoring services are now available, and considering the possibility that 1 in 3 Americans may be affected, it is highly recommended that all US citizens sign up for these services immediately if they believe they may have been impacted. To register, visit http://changecybersupport.com or call (888) 846-4705. Response to Change Healthcare Cyberattack While the Change Healthcare cyberattack, did leave a notable dent in UnitedHealth Group’s earnings from operations, which included $872 million in adverse effects, the company’s adjusted earnings from operations remained resilient, excluding direct response costs attributed to the cyberattack. As per the press release in April, In light of the cyberattack’s potential implications on claims receipt timing, UnitedHealth Group exercised prudence by allocating an additional $800 million towards claims reserves in the first quarter, reflecting a proactive approach to manage potential future impacts on its financial stability. Looking beyond the immediate financial repercussions, UnitedHealth Group remains focused on maintaining consistent care patterns and supporting its care providers through accommodations necessitated by the cyberattack, as evidenced by a medical care ratio of 84.3% in the first quarter of 2024. Despite the turbulence induced by the cyberattack on Change Healthcare, UnitedHealth Group reaffirmed its commitment to shareholder value by returning $4.8 billion through dividends and share repurchases in the first quarter.

image for Global Crypto Exchan ...

 Cybersecurity News

A global cryptocurrency derivatives exchange BitMEX (HDR Global Trading Limited) admitted guilt on Wednesday to violating the Bank Secrecy Act by "willfully" flouting U.S. anti-money laundering (AML) regulations. This admission, following previous actions against its founders, exposes significant   show more ...

vulnerabilities in cryptocurrency exchange oversight. The Department of Justice (DoJ) accused BitMEX of operating from 2015 to 2020 as a "vehicle for large-scale money laundering and sanctions evasion schemes." The exchange allegedly failed to implement a "Know Your Customer" (KYC) program, a cornerstone of AML compliance that verifies user identities and helps prevent illicit activities. "By only mandating lax service access credentials, BitMEX not only failed to comply with nationally required anti-money laundering procedures designed to protect the US financial markets from illicit actors and transactions, but knowingly did so to increase the business’s revenue," said FBI Assistant Director Christie M. Curtis, highlighting a deliberate effort to circumvent regulations. This raises concerns about the potential for other cryptocurrency exchanges to exploit similar loopholes. The DoJ charges echo a 2022 guilty plea by Gregory Dwyer, BitMEX's first employee, for violating the Bank Secrecy Act. Prosecutors previously secured convictions against the exchange's founders for similar offenses. These actions demonstrate a coordinated effort to hold BitMEX and its leadership accountable. BitMEX Founders Also Admitted Guilt and Received Sentences In 2022, the three founders of BitMEX pleaded guilty to the same charges as Dwyer. Judge Koeltl took into account the exchange's belated efforts to implement AML and KYC controls during sentencing. 36-year-old Florida resident Hayes, the former CEO, received a six-month home detention sentence and two years of probation. 38-year-old Delo was sentenced to 30 months of probation and allowed to return to Hong Kong. The judge found Reed slightly less culpable than the other founders and sentenced the Massachusetts resident to 18 months of probation in July. Both, Hayes and Delo agreed to pay a $10 million fine, at the time. All three founders – Hayes, Delo, and Reed – still own BitMEX. The founders also reached a settlement agreement with the Department of Treasury. The agreement did not require them to admit or deny allegations that BitMEX "processed over $200 million in suspicious transactions and failed to report nearly 600 suspicious activities," according to the DOJ. Cryptocurrency's Regulatory Struggles The case also underscores the ongoing struggle to regulate the cryptocurrency space. While the Commodity Futures Trading Commission (CFTC) imposed a $100 million civil penalty on BitMEX in 2021 for related violations, the lack of a centralized authority creates challenges in enforcing AML and KYC requirements across the entire cryptocurrency ecosystem. This incident serves as a wake-up call for regulatory bodies. It necessitates a collaborative effort to establish clear and comprehensive AML/KYC frameworks for cryptocurrency exchanges. Strengthening international cooperation and information sharing is also crucial to combatting money laundering and other illicit activities within the crypto sphere. Recently, the FBI warned of the financial risks associated with using unregistered cryptocurrency transfer services, especially considering potential law enforcement actions against these platforms. The warning focussed on crypto transfer platforms that operate without proper registration as Money Services Businesses (MSB) and fail to comply with anti-money laundering regulations mandated by the U.S. federal law. The future of BitMEX remains uncertain. The exchange faces potential financial penalties and could struggle to regain user trust. The DOJ had earlier noted that "due to the lack of KYC controls, the full extent of criminal activity on BitMEX may never be known." This case sets a significant precedent and paves the way for stricter enforcement of AML regulations within the cryptocurrency industry.

image for How to set up Apple ...

 Products

The Kaspersky for iOS app now supports Apple Shortcuts and Siri. In this post, we discuss the new possibilities this gives our users, and how to configure Shortcuts to work with the Kaspersky app. How to give voice commands to Kaspersky You can now turn the VPN on and off in the Kaspersky for iOS app using voice   show more ...

commands. Setting this up is very quick and easy: just activate Siri and say, Siri, turn on Kaspersky VPN. The system will then ask if you really want to enable commands — tap the blue Turn On button. If youve just installed Kaspersky on your iPhone or iPad and have never turned the VPN on before, youll need to open the app and activate the VPN manually to accept all the necessary user agreements. After that, everything will work smoothly. To activate voice commands for Kaspersky VPN, launch Siri and say, Siri, turn on Kaspersky VPN Now all you have to do is say, Siri, turn on Kaspersky VPN to establish a VPN connection or Siri, turn off Kaspersky VPN to disconnect — its as easy as pie. To turn on Kaspersky VPN, say, Siri, turn on Kaspersky VPN. To turn it off, say, Siri, turn off Kaspersky VPN How to turn VPN on and off using Shortcuts But thats just the beginning. You can also use Apple Shortcuts to place Turn on VPN and Turn off VPN shortcuts on your iPhones Home Screen. To do this, find and open the Shortcuts app; the easiest way to do this is through search — especially if you rarely use this app. To set up Kaspersky VPN Home Screen shortcuts, open the Shortcuts app and select Kaspersky Next, find the Kaspersky app in Shortcuts and tap it. If its difficult to find due to an over-abundance of icons, you can use the search function. To do this, tap All Shortcuts and type Turn in the search field. In both cases, the necessary shortcuts will now appear on the screen. To find Kaspersky VPN shortcuts in Shortcuts, you can use the search function Simply tapping the shortcut will immediately activate it — turning the VPN on or off. To add a shortcut to the Home Screen, tap and hold the shortcut. A pop-up menu will appear — select Add to Home Screen. On the next screen, you can choose the icon and color of the shortcut. By default, iOS suggests blue, but we recommend choosing green for Turn on VPN, and red for Turn off VPN. This way, youll instantly know which shortcut does what, making them convenient to use. How to add Turn on VPN and Turn off VPN shortcuts to the Home Screen All done! Now you have handy shortcuts on your Home Screen that let you quickly turn the VPN on or off in the Kaspersky for iOS app with just a single tap. Now you can turn Kaspersky VPN on and off with one tap How to trigger Kaspersky VPN activation when launching apps And thats still not all! You can also use Shortcuts to automatically trigger VPN activation in Kaspersky for iOS. For example, you can automatically establish a VPN connection when launching a particular app. To do this, open the Shortcuts app, go to the Automation tab, and tap the large blue New Automation button (or the + in the upper right corner of the screen if youve created automation scripts before). On the page that opens, scroll down to the App option and tap it. You can use Shortcuts to automate Kaspersky VPN activation — for example, when launching a particular app Next, tap Choose to select an app, check the box at the bottom of the screen next to Run Immediately so the system doesnt ask unnecessary questions, and tap Next. Select the desired app and check the box next to Run Immediately On the next screen, use the search to find the familiar Turn on VPN shortcut and select it. Done! Now a VPN connection will be established automatically when you launch the app youve selected. Tap Next and find the Turn on VPN shortcut By the way, you can also configure the VPN connection to automatically disconnect when you close this app. To do this, repeat all the steps described above, but change the condition to Is Closed, and select the Turn off VPN shortcut. You can also automatically disconnect the VPN when closing an app: create a new automation script, change the condition to Is Closed, and select the Turn off VPN shortcut How to trigger Kaspersky VPN activation when connecting to Wi-Fi networks Another possibility is to activate the VPN automatically when connecting to any Wi-Fi network — or a specific network that you dont fully trust but have to use frequently. To do this, create a new automation script, scroll down to Wi-Fi, and select it. To turn the VPN on automatically when connecting to Wi-Fi, create a new automation script and select Wi-Fi from the list In the window that opens, click Choose to select a network — either a specific one or Any Network. As before, check the box next to Run Immediately so you dont have to confirm this action each time. Select the desired network or Any Network, and check the box next to Run Immediately Next, click Next and select the Turn on VPN shortcut. You can also create an additional script to close the VPN connection automatically when disconnecting from Wi-Fi. The features described in this post are available to users with Kaspersky Plus and Kaspersky Premium subscriptions. Other useful features of Kaspersky for iOS Of course, the VPN is by no means the only thing in our super app Kaspersky for iOS. It also includes anti-phishing, an ad and tracker blocker, a password manager, automatic personal data-leak checking, home network protection from strangers, and much more. To enhance the security of your device, simply tap Security Scan By the way, the updated Kaspersky for iOS app features a convenient Security Scan button at the top of the main screen, allowing you to run a security check and improve your devices protection with a single tap.

 Identity Theft, Fraud, Scams

Warnings have been issued in India regarding a rise in fraudulent smishing attacks, with scammers impersonating India Post to deceive people into giving personal information or clicking on malicious links.

 Malware and Vulnerabilities

Campaigns distributing DarkGate malware use various methods like email attachments and malicious ads. A campaign in March-April 2024 used Samba file shares hosting malicious files for DarkGate infections.

 Expert Blogs and Opinion

A diverse workforce brings different perspectives, experiences, and problem-solving approaches to the table, enabling teams to identify vulnerabilities and develop more robust defense strategies.

 Security Products & Services

The genesis of BunkerWeb came from the need to apply security practices manually every time a web application was put online. The solution meets global needs with a modular architecture allowing for extensions.

 Malware and Vulnerabilities

The vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.

 Malware and Vulnerabilities

Security researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.

 Trends, Reports, Analysis

This decision comes after a warning from the Singapore Police about phishing scams targeting bank customers. Scammers have managed to defraud individuals of over S$600,000 ($445,000) in just a few weeks.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

This Metasploit module exploits an authenticated administrator-level vulnerability in Atlassian Confluence, tracked as CVE-2024-21683. The vulnerability exists due to the Rhino script engine parser evaluating tainted data from uploaded text files. This facilitates arbitrary code execution. This exploit will   show more ...

authenticate, validate user privileges, extract the underlying host OS information, then trigger remote code execution. All versions of Confluence prior to 7.17 are affected, as are many versions up to 8.9.0.

 Feed

Debian Linux Security Advisory 5728-1 - Phillip Szelat discovered that Exim, a mail transport agent, does not properly parse a multiline RFC 2231 header filename, allowing a remote attacker to bypass a $mime_filename based extension-blocking protection mechanism.

 Feed

Debian Linux Security Advisory 5727-1 - Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of arbitrary code or privilege escalation.

 Feed

Ubuntu Security Notice 6891-1 - It was discovered that Python incorrectly handled certain inputs. An attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 14.04 LTS and Ubuntu 18.04 LTS. It was discovered that Python incorrectly used regular expressions vulnerable to   show more ...

catastrophic backtracking. A remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 LTS.

 Feed

Ubuntu Security Notice 6892-1 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6868-2 - Sander Wiebing, Alvise de Faveri Tron, Herbert Bos, and Cristiano Giuffrida discovered that the Linux kernel mitigations for the initial Branch History Injection vulnerability were insufficient for Intel processors. A local attacker could potentially use this to expose sensitive   show more ...

information. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6866-3 - It was discovered that the ext4 file system implementation in the Linux kernel did not properly validate data state on write operations. An attacker could use this to construct a malicious ext4 file system image that, when mounted, could cause a denial of service. It was discovered that   show more ...

the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.

 Feed

Red Hat Security Advisory 2024-4505-03 - Moderate: An update for Red Hat Build of Apache Camel 4.4 for Quarkus 3.8 update is now available. The purpose of this text-only errata is to inform you about the enhancements that improve your developer experience and ensure the security and stability of your products. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4504-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.

 Feed

Red Hat Security Advisory 2024-4464-03 - Red Hat Advanced Cluster Management for Kubernetes 2.10.4 General Availability release images, which apply security fixes and fix bugs. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4462-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-4460-03 - An update for Red Hat Data Grid 8 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section.

 Feed

Red Hat Security Advisory 2024-4456-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a traversal vulnerability.

 Feed

Multiple threat actors have been observed exploiting a recently disclosed security flaw in PHP to deliver remote access trojans, cryptocurrency miners, and distributed denial-of-service (DDoS) botnets. The vulnerability in question is CVE-2024-4577 (CVSS score: 9.8), which allows an attacker to remotely execute malicious commands on Windows systems using Chinese and Japanese language locales. It

 Feed

GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug that allows an attacker to run pipeline jobs as an arbitrary user. Tracked as CVE-2024-6385, the vulnerability carries a CVSS score of 9.6 out of a maximum of 10.0. "An issue was discovered in GitLab CE/EE affecting versions 15.8 prior to 16.11.6, 17.0 prior to

 Feed

The China-linked advanced persistent threat (APT) group codenamed APT41 is suspected to be using an "advanced and upgraded version" of a known malware called StealthVector to deliver a previously undocumented backdoor dubbed MoonWalk. The new variant of StealthVector – which is also referred to as DUSTPAN – has been codenamed DodgeBox by Zscaler ThreatLabz, which discovered the loader strain in

 Feed

Today, all organizations are exposed to the threat of cyber breaches, irrespective of their scale. Historically, larger companies were frequent targets due to their substantial resources, sensitive data, and regulatory responsibilities, whereas smaller entities often underestimated their attractiveness to hackers. However, this assumption is precarious, as cybercriminals frequently exploit

 Feed

Spanish language victims are the target of an email phishing campaign that delivers a new remote access trojan (RAT) called Poco RAT since at least February 2024. The attacks primarily single out mining, manufacturing, hospitality, and utilities sectors, according to cybersecurity company Cofense. "The majority of the custom code in the malware appears to be focused on anti-analysis,

 Feed

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 (CVSS score: 9.3), the vulnerability has been described as a case of missing authentication in its Expedition migration tool that could lead to an admin account takeover. "Missing authentication

 Feed

Threat actors have been observed publishing a new wave of malicious packages to the NuGet package manager as part of an ongoing campaign that began in August 2023, while also adding a new layer of stealth to evade detection. The fresh packages, about 60 in number and spanning 290 versions, demonstrate a refined approach from the previous set that came to light in October 2023, software supply

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cryptocurrency Exchange Platform ‘Willfully Flouted US Anti-Money Laundering Laws’The once-leading cryptocurrency exchange platform known as BitMEX pleaded guilty Wednesday to willfully violating the Bank Secrecy Act and anti-money laundering laws to   show more ...

effectively serve as a money laundering vehicle from 2015 to 2020, according to the U.S. Department of Justice. Original […] La entrada BitMEX Pleads Guilty to Violating Anti-Money Laundering Laws – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Remote Access Trojan ‘Poco RAT’ Targets Mining, Manufacturing Sectors, Says ReportA new report published by Cofense Intelligence identifies a malware called “Poco RAT” that is actively targeting mining and manufacturing sectors across Latin   show more ...

America through a simple remote access Trojan that could be capable of delivering additional malware for ransomware […] La entrada Researchers Discover New Malware Aimed at Mining Sector – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 ‘Don’t Panic,’ Say DevelopersSecurity researchers identified an attack method against a commonly used network authentication protocol that dates back to the dial-up internet and relies on an obsolete hashing function. Researchers say “a   show more ...

well-resourced attacker” could make it practical. Original Post url: https://www.databreachtoday.com/widely-used-radius-authentication-flaw-enables-mitm-attacks-a-25738 Category & Tags: – Views: 0 La entrada Widely Used RADIUS Authentication Flaw Enables MITM Attacks – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Australia

Source: www.databreachtoday.com – Author: 1 Nation-State Group APT40 Routinely Exploits Publicly Known Software FlawsThe Australian cybersecurity agency is blaming a Chinese state-backed cyberespionage group, tracked as APT40, for persistent cyberattacks on Australian organizations to steal sensitive   show more ...

information. The group exploits known software vulnerabilities to compromise networks. Original Post url: https://www.databreachtoday.com/australia-flags-persistent-chinese-cyberespionage-hacking-a-25737 Category & Tags: – Views: […] La entrada Australia Flags Persistent Chinese Cyberespionage Hacking – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Thursday, July 11
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember