Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Weekly Vulnerability ...

 Vulnerabilities

Cyble Research & Intelligence Labs (CRIL) analyzed 21 vulnerabilities in its weekly vulnerability report for the second week of July, including high severity flaws in products from Rockwell Automation, Microsoft and Johnson Controls. The report also emphasized critical-severity vulnerabilities in Gogs, Rejetto and   show more ...

OpenSource Geospatial Foundation, which pose a significant threat. A recent study led by Microsoft found that more than 80% of successful cyberattacks could have easily been prevented through timely patches and software updates. And with an estimate that the average computer needs about 76 patches per year from 22 different vendors, The Cyber Express each week partners with Cyble’s highly efficient dark web and threat intelligence to highlight critical security vulnerabilities that warrant urgent attention. The Week’s Top Vulnerabilities These are the three most critical vulnerabilities Cyble researchers focused on this week: CVE-2024-39930: Gogs Impact Analysis: A critical vulnerability in the built-in SSH server of Gogs versions through 0.13.0 that allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Successful exploitation could lead to unauthorized access, data breaches, and complete compromise of the Gogs server potentially allowing attackers to run arbitrary commands, access or modify sensitive data, install malware, or use the server as a pivot point for further attacks on the network. Internet Exposure? Yes Patch? Yes CVE-2023-2071: Rockwell Automation Impact Analysis: This is a critical vulnerability in Rockwell Automation's FactoryTalk View Machine Edition on PanelView Plus that allows an unauthenticated attacker to achieve remote code execution. Successful exploitation could lead to complete system compromise, allowing attackers to gain unauthorized access, steal sensitive data, or use the compromised system as a foothold for further attacks on the network. Internet Exposure? NA Patch? Yes CVE-2023-29464: Rockwell Automation Impact Analysis: This is a vulnerability in Rockwell Automation's FactoryTalk Linx that allows an unauthorized attacker to achieve a denial-of-service (DoS) condition. The vulnerability stems from improper input validation, where the FactoryTalk Linx software fails to handle certain malformed packets properly. Exploitation of the vulnerability may lead to a DoS that could disrupt critical industrial control systems and processes that rely on FactoryTalk Linx for communication, potentially leading to operational downtime, production delays, and safety risks. Internet Exposure? NA Patch? Yes CISA Adds 3 Vulnerabilities to KEV Catalog Three of the vulnerabilities in the Cyble report were added to CISA’s Known Exploited Vulnerabilities (KEV) catalog: CVE-2024-23692, Rejetto HTTP File Server vulnerability with a 9.8 CVSSv3 criticality score CVE-2024-38080, a Microsoft Windows Hyper-V Elevation of Privilege vulnerability with a 7.8 criticality rating that gives attackers SYSTEM privileges to the attacker CVE-2024-38112, a Windows MSHTML Platform Spoofing vulnerability with a 7.8 criticality rating The researchers observed multiple threat actors, including notable groups like LemonDuck, actively exploiting CVE-2024-23692 vulnerability to gain initial access to the infected system and deploy various malware. The full report available for CRIL subscribers covers all these vulnerabilities and more, 5 advisories covering eight vulnerabilities specific to Industrial Control Systems (ICS) assets affecting the likes of Johnson Controls, Mitsubishi Electric and Delta Electronincs.

image for Rite Aid Discloses M ...

 Firewall Daily

Rite Aid Corporation, a prominent American drugstore chain headquartered in Philadelphia, has fallen victim to a data breach following a cyberattack operation by the RansomHub ransomware group. This Rite Aid data breach disclosed recently, has compromised a vast amount of sensitive customer information, including   show more ...

names, addresses, DL ID numbers, dates of birth, and Rite Aid rewards numbers. The cybercriminals behind the Rite Aid cyberattack have claimed to have exfiltrated approximately 10 GB of data, amounting to around 45 million lines of personal information. Rite Aid, known for its extensive network of over 2,000 stores across the United States, ranks No. 148 in the Fortune 500 as of 2022. The cyberattack on Rite Aid, reportedly initiated in June, highlights the vulnerability of large corporations to sophisticated cyber threats despite cybersecurity measures. Decoding the Rite Aid Data Breach by RansomHub Ransomware Group [caption id="attachment_81683" align="alignnone" width="882"] Source: Dark Web[/caption] In an announcement on the Tor Leak site, the RansomHub ransomware group detailed their unauthorized access to Rite Aid's network, emphasizing their capture of sensitive customer details. They have also set a ransom deadline of July 26, 2024, threatening to release the stolen data if their demands are not met. The Cyber Express has reached out to the organization to learn more about this Rite Aid data breach. However, at the time of writing this, no official statement or response has been received. However, the company previously acknowledged a "limited cybersecurity incident" in June and assured stakeholders that investigations are nearing completion. Rite Aid has emphasized its commitment to customer data security, noting that the incident has been a top priority. Fortunately, Rite Aid has clarified that the breach does not compromise the social security numbers, health records, or financial information of its customers. Nonetheless, the exposure of personal details remains a significant concern for affected individuals. Previous Cybersecurity Instances  This is not the first time Rite Aid has faced cybersecurity challenges. In May 2023, the company was one of several organizations targeted in the MOVEit hacking campaign orchestrated by the Cl0p ransomware gang. During that incident, over 24,000 customers' personally identifiable information, including insurance and prescription details, was compromised. As the investigation into the latest breach continues, Rite Aid is working closely with cybersecurity experts to restore systems and ensure operational stability. The company has also begun notifying impacted customers about the incident and recommended precautions to safeguard against potential misuse of their personal information. In response to the escalating cyber threats, Rite Aid and other affected organizations are stepping up their cybersecurity measures to prevent future breaches and protect consumer data from malicious actors. The incident serves as a stark reminder of the persistent challenges posed by cyber threats in the digital domain. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Indonesia Restores 8 ...

 Firewall Daily

Indonesia has achieved a new milestone in restoring 86 public services following the Temporary National Data Center cyberattack. The cyberattack affected operations across 16 state institutions, including services for permits and scholarships. Coordinating Minister for Political, Legal, and Security Affairs, Hadi   show more ...

Tjahjanto, emphasized the collaborative efforts involved in the recovery process, stating, "Efforts to restore PDNS 2 services were carried out by a team consisting of the Ministry of Communication and Information, BSSN, PT Telkom Tbk, and active participation from all tenants”, reported The Star.  Indonesia Restores 86 Public Services Following the Temporary National Data Center Cyberattack The cyberattack on the Temporary National Data Center, perpetrated by Brain Cipher ransomware on June 20, initially disrupted 211 public services, escalating to impact 282 services within days. Refusing to negotiate with the ransomware group demanding $8 million, the Indonesian government opted for a rigorous recovery strategy instead. "We divide it into three zones. The incident-affected data on PDNS 2 is in the red zone, and it is set in the process of quarantine," explained Tjahjanto regarding the meticulous data handling approach. This method involves isolating compromised data in the red zone, fortifying security and scanning for vulnerabilities in the blue zone, and finally reintroducing data to users through the green zone. Since the attack, substantial progress has been made, with 86 services successfully reinstated as of the latest update. These services include critical functions such as licensing and information portals managed by various ministries and institutions, including the Ministry of Education, Culture, Research, and Technology. Indonesian Minister’s Take on the Cyberattack on the Temporary National Data Center Minister Hadi Tjahjanto further disclosed the specific services restored, noting, "As of July 12, at 17.30 WIB, 86 services from 16 ministries, institutions, and local governments have gone live." Looking ahead, Tjahjanto reiterated the government's commitment to cybersecurity resilience, stating, "The government is cleaning up data from malware or suspicious viruses from data that have been saved while strengthening the infrastructure security parameters. The coordinated response highlights Indonesia's proactive approach to cybersecurity, leveraging expertise from multiple agencies and stakeholders to mitigate risks and restore operational continuity. Despite the challenges posed by the cyberattack, Indonesia remains steadfast in its efforts to bolster digital infrastructure security and safeguard public services. The attack on PDNS 2 marked a significant challenge for Indonesia's cybersecurity landscape, prompting a swift and coordinated response to mitigate its impact. The government's decision not to negotiate with ransomware perpetrators signals a firm stance against cyber extortion, prioritizing the integrity of public services and national security. Efforts to restore affected services are part of a phased strategy, emphasizing data security and operational continuity. "We've divided the recovery process into three zones: red, blue, and green, ensuring that data is thoroughly cleansed and fortified before being reintegrated," Tjahjanto elaborated.

image for Homoglyphs and IL We ...

 Cybersecurity News

A sophisticated malware campaign targeting the NuGet package manager has been uncovered by  researchers. The ongoing attack, which began in August 2023, has evolved to employ advanced techniques like homoglyphs and IL weaving to evade detection and fool developers. NuGet is a Microsoft-supported mechanism for sharing   show more ...

to allow developers to create, share, and consume .NET (including .NET Core code. The threat actors have refined their methods over time, moving from simple initialization scripts to more complex approaches to impersonate protected NuGet prefixes to inject malicious code into legitimate .NET binaries. Homoglyph Attacks Bypass Security Measures Researchers from ReversingLabs observed, that in a a clever twist, attackers had exploited NuGet's support for homoglyphs to circumvent the platform's prefix reservation system. By using visually identical but technically distinct characters, they created package names that appeared legitimate but weren't subject to the usual restrictions. [caption id="attachment_81691" align="alignnone" width="2772"] Source: www.reversinglabs.com[/caption] One of the most notable techniques used in this campaign is the use of homoglyphs, unique characters that look identical but have different digital identifiers. The attackers used homoglyphs to create a package that convincingly mimics those that use the reserved "Guna" prefix, a security feature of NuGet. For example, the malicious package "Gսոa.UI3.Wіnfօrms" used Armenian and Cyrillic characters to mimic the  "Guna" prefix, allowed the attackers to publish packages that looked official but contained malicious code. The campaign's latest phase employs IL weaving, a technique that modifies compiled .NET binaries. Attackers patch legitimate DLL files to include malicious module initializers, which execute when the module is first loaded. This approach makes detection more challenging, as the malicious code is embedded within otherwise legitimate binaries. The injected code typically functions as a downloader, retrieving additional malware from attacker-controlled servers. [caption id="attachment_81693" align="alignnone" width="900"] Source: www.reversinglabs.com[/caption] Researchers identified approximately 60 packages and 290 versions involved in this campaign. While the affected packages have been removed from NuGet, the evolving nature of the attack underscores the need for heightened vigilance in the software supply chain. Evolved Tactics The threat actors behind this campaign have continually refined their tactics, evolving from exploiting NuGet's MSBuild integrations to using simple, obfuscated downloaders inserted into legitimate PE binary files via IL weaving. This technique allows them to add malicious functionality to compiled .NET binaries, making it harder to detect. The detection of these malicious packages is challenging due to the use of homoglyphs and IL weaving. Traditional detection methods, such as YARA, may not be effective in identifying these threats. However, behavioral analysis can help identify suspicious packages and indicators of compromise. This latest campaign highlights the importance of staying ahead of malicious actors and their evolving tactics. The use of homoglyphs and IL weaving demonstrates the creativity and determination of attackers to deceive developers and security teams. It is crucial for development organizations to prioritize software supply chain security and stay informed about emerging threats. Researchers have shared potential Indicators of Compromise (IOCs) for this campaign to NuGet administrators, with identified packages removed from the platform. It is essential for developers to remain vigilant and report any suspicious packages to ensure the security of the software supply chain.

image for Israeli Army Faces U ...

 Firewall Daily

Amidst the recent conflict, the Israeli army’s vital operational cloud computing systems became the target of an extensive wave of cyberattacks, totaling a staggering 3 billion attempts. According to Col. Racheli Dembinski, commander of the army’s Center of Computers and Information Systems unit, these attacks   show more ...

upon the Israeli army were aimed at disrupting critical systems used by ground troops to manage combat operations, troop movements, and real-time information sharing. In an interview with Haaretz, Col. Dembinski emphasized the severity of the cyber offensive, noting that the cyberattacks on the Israeli army began with a coordinated effort on October 7, catching the military off guard initially. She highlighted that despite the scale and intensity of the cyberattacks on the Israeli army, none succeeded in compromising the army's operational capabilities. 3 Billion Attempts of Israeli Army Cyberattacks Following an internal investigation, the Israeli military acknowledged shortcomings in its readiness for such extensive cyber infiltration scenarios. This revelation comes amidst a broader trend of increasing cyber threats not only against military institutions but also targeting private companies and government entities across Israel. Concurrently, the conflict in Gaza has escalated humanitarian concerns, with devastating impacts on Palestinian civilians. Since October 7, the Gaza Ministry of Health has reported tragic casualties, including over 38,345 fatalities and 88,295 injuries. The ongoing conflict has also resulted in a mass displacement crisis, marking one of the largest exoduses in Palestine since the Nakba in 1948. The Israeli military's resilience against cyber threats reflects a dual challenge of defending against cyber offensives while managing the complex humanitarian repercussions of the conflict. Despite the cyberattacks, Israel faces international scrutiny and legal challenges, including allegations of disproportionate use of force and civilian casualties, predominantly among women and children. Israel Fighting Against Cyber Attackers As the conflict persists, Israel continues to fortify its cyber defenses and explore strategies to mitigate cyber risks. Integrating cyber resilience into national security strategies highlights the evolving nature of modern warfare, where cyber capabilities are as crucial as traditional military strengths. The global community remains vigilant as developments unfold, advocating for peaceful resolutions and humanitarian aid to alleviate the suffering of civilians affected by the conflict. Amidst geopolitical tensions and technological advancements, the pursuit of stability and peace remains paramount for all parties involved in the region. The ongoing challenges highlight the intricate balance between national security imperatives, humanitarian responsibilities, and international legal scrutiny, shaping the discourse on conflict resolution and cybersecurity in the modern era.

image for Indian Authorities A ...

 Cybersecurity News

The Central Bureau of Investigation (CBI) of India has uncovered a large-scale human trafficking operation that has ensnared thousands of Indians in Southeast Asian countries to work in Chinese scam centers. According to a first information report(FIR) filed by the agency, victims are being forced to work as cyber   show more ...

criminals in these operations. Rajesh Kumar, CEO of the Indian Cyber Crime Coordination Centre, revealed that an average of 7,000 cyber-related complaints are registered daily with the National Cybercrime Reporting Portal. Most of these frauds originate in Cambodia, Myanmar and Laos. Trafficking Scheme of Chinese Scam Centers According to a recent report from The Indian Express, victims of these campaigns are lured in with promises of lucrative jobs in foreign countries such as Dubai and Bangkok, only to be trafficked to Southeast Asian countries. Once they arrive, they are forced to work in call centers or "casinos" where they are trained to scam people from around the world. One such victim, Saddam Sheikh from Maharashtra's Palghar district, was contacted via WhatsApp about a job opportunity in Thailand. After paying 140,000 rupees (approximately $1,700) for a visa, Sheikh was sent to Bangkok and then to Laos. He was forced to scam people in India, Canada and the United States by promoting fraudulent cryptocurrency investments online. Sheikh eventually managed to escape and return to India. Similar cases have been reported in other parts of Southeast Asia. Martha Praveen, who fled a scam operation in Cambodia, claimed he was among 5,000 Indians working in a call center run by Chinese gangs. Praveen was initially offered a job in Azerbaijan but was instead sent to Cambodia. Upon arrival, his passport was confiscated, and he was taken to a large office complex housing multiple call centers disguised as casinos. Government Response and Investigation The CBI filed its case after consulting with the home ministry, telecom ministry and Reserve Bank of India. These institutions were tasked with identifying and addressing vulnerabilities in the banking and telecom sectors that enable such scams. The Telangana Cyber Security Bureau has also filed a similar report based on Praveen's complaint. The victims were reportedly involved in scamming people by offering fraudulent trading, investment and job opportunities, primarily targeting Indians, Europeans and Turkish nationals. As investigations continue, authorities are working to dismantle these criminal networks and prevent further exploitation of Indian citizens. The scale of the operation highlights the need for increased vigilance and cooperation between international law enforcement agencies to combat human trafficking and cyber crime. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Email Security & Protection , Fraud Management & Cybercrime , Governance & Risk Management Nearly 5 Million Servers May be Affected, Only 82 Have Been Patched Prajeet Nair (@prajeetspeaks) • July 13, 2024     Administrators have been slow to patch a   show more ...

critical vulnerability in Exim Mail Transfer Agent couldenables […] La entrada Millions of Exim Servers Still Exposed to Critical Flaw – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 George Chatterton Secure Endpoint – Practice Manager, Optiv George Chatterton is an information security professional with nearly 20 years’ experience in various industry sectors including Manufacturing, Telecom, Value Added Resellers, Security Solution   show more ...

Integrators, Managed Services, and technology service providers. As a Practice Manager in Digital and Infrastructure Security Transformation, he […] La entrada Live Webinar | Is Your Organization Ready for the Next Wave of Endpoint Security Modernization? – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Sunday, July 14
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember