Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Disney Data Breach F ...

 Cybersecurity News

A hacktivist group claims to have hacked into renowned entertainment company Disney’s internal Slack channels and stolen about more than a terabyte of data. The Disney data breach was allegedly orchestrated by a group that identifies itself as “NullBulge.” According to the threat actor, it exfiltrated 1.1 TB of   show more ...

files and chat messages from 10,000 Slack channels, including those used by the company’s developers. “Anything we could get our hands on, we downloaded and packaged up. Want to see what goes on behind the doors? Go grab it,” the group wrote in a post on X (formerly twitter). [caption id="attachment_81810" align="aligncenter" width="606"] Source: X[/caption] Disney Data Breach in Detail On July 12, 2024, threat actor “NullBulge” wrote a post on data leak marketplace Breachforums that claimed that the group breached details of Disney’s unannounced projects, raw images and code, some login credentials, link to internal API and webpages, and other miscellaneous data. The leak purportedly contains contents from Slack chats, such as various files of the employees, screenshots, pictures of the employees’ pets, and phone numbers, among other details posted on Slack. In their blog post, the attackers stated that they had a mole in Disney, an employee who assisted them in the malicious data leak. However, they claimed that this collaborator consequently refused to supply them with more data. “We tried to hold off until we got deeper in, but our inside man got cold feet and kicked us out!” read the blog post. Disney Yet to React to Data Breach Claims Disclosure of internal chats is dangerous for not just Disney but for every other firm. This provides access to sensitive information for hackers who can potentially exploit vital communication resources, and threaten to release damaging information. The Cyber Express has reached out to Disney to learn more about this cyberattack and the authenticity of the claims made by the threat actor. However, at publication time, no official statement or response has been received, leaving the claims for the Disney data breach unverified. Even though Disney hasn’t reacted to the leak yet, if the attackers’ statements are to be believed, then the stolen information would be highly beneficial to fraudsters. For example, hackers often look for victims that have the most potential for supply chain attacks. Leaked company information would let a malicious actor more easily enter the company’s network. And hackers love to showcase their prowess by sending crude messages to organizations through their internal base, such as Slack channels. According to a report making the rounds online, the Disney Data Breach has revealed that the company could release a sequel to the 2021 game Aliens: Fireteam Elite. The sequel was codenamed Project Macondo and is scheduled for Q3 2025, although that plan might have changed. The documents describe a new mode called Annihilation, which is a 'new spin on Horde Mode with a variety of objectives and encounters.' The project’s scope is also outlined, suggesting the documents are a pitch or from early in development. It describes having an ‘ideal scope’ of 12 hours of gameplay in the Campaign mode, and one map for Annihilation. Disney Hack Not the First Instance of Slack Access Breach This is not the first instance of hackers gaining access to slack channels of a company. Last year, a threat actor initiated a chat to carry out a malware attack on renowned global casino and resort powerhouse MGM Resorts. The bad actors spied on employees and obtained more data. In December 2022, video game publishing company Activision also was hacked, in which the attackers got into the corporate Slack and the game release schedule. A culprit in 2022 managed to penetrate Uber’s cyber security and proceeded to leave a message on the company’s Slack forums, apparently in a protest of the company's payout policy to drivers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for French Telecom Giant ...

 Cybersecurity News

Societe Francaise Du Radiotelephone, popularly known as SFR, a prominent telecommunications company based in France, has fallen victim to an alleged cyberattack. The SFR data breach, which was allegedly orchestrated on July 12, 2024, has been attributed to a hacker known as “KevAdams,” who claims to have   show more ...

infiltrated and compromised over 1.4 million landline users’ data of the company. SFR is France’s third-largest telecom provider. Decoding SFR Data Breach Claims According to the company’s profile, SFR was founded in 1987 and its head office is located in Paris. In 2021, it was categorized as a large company which has over 5,000 employees. In his post on dark web marketplace Breachforums, threat actor “KevAdams” claimed that the exfiltrated database contained 1,445,683 million records that allegedly compromised sensitive Personal Identifiable Information (PII) of customers. To substantiate the data breach claim, the threat actor attached sample records, with the latest timestamp of July 2024 which included the “first name, last name, phone number, address, latitude, longitude, subscribed, and redlist [sic]” data of customers. The TA offered to sell the entire database for $300. The hacker also claimed to sell the data exclusively to a buyer for $850. He asked for payment to be made in XMR (Monero) cryptocurrency or LTC (Litecoin). The actor also noted that he would delete the sale thread after the exclusivity price was paid. Potential Impact of SFR Data Breach If proven, the potential consequences of this cyberattack could be critical as the personal details of customers could be leaked. SFR should take appropriate measures to protect the privacy and security of the stakeholders involved. Data breaches of this kind can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry. Currently, details regarding the extent of the data breach, the amount of data compromised, and the motive behind the cyber assault remain undisclosed. Despite the claims made by the threat actor, the official website of the targeted company remains fully functional. This discrepancy has raised doubts about the authenticity of the cyber criminal’s assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to the officials of SFR Telecom. As of the writing of this news report, no response has been received, leaving the data breach claim unverified. Meanwhile, customers can take preventive steps like changing passwords and login credentials of accounts linked to Corse GSM. They should also be wary and not fall victim to phishing attempts. Fraudsters could use the leaked email addresses to send fraudulent links. They should also monitor their bank accounts linked to the subscription of Corse GSM mobile plans. They should also relay information about any suspicious activity to law enforcement authorities. The cyberattack on Societe Francaise Du Radiotelephone underscores the persistent threat posed by malicious actors seeking to exploit vulnerabilities in digital infrastructure. As organizations continue to rely heavily on technology to conduct their operations, safeguarding against cyber threats remains paramount to protect sensitive data and maintain the trust of customers and stakeholders alike. This is an ongoing story and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the alleged SFR Telecom data breach or any official confirmation from the organization. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Microsoft’s DMARC ...

 Cybersecurity News

Microsoft recently sent data breach notifications to Microsoft 365 customers that were flagged as spam and even blocked by the company’s own security tools, according to security researchers. The emails were flagged – and raised concerns among Microsoft customers – for a few reasons: they asked for high-level   show more ...

account information, included a link that was not clearly connected to Microsoft, and also appeared to improperly implement DMARC anti-spoofing protocols. While Microsoft deserves credit for transparency, the world's largest software company also demonstrated the perils of failing to follow some pretty essential email authentication and security practices. Microsoft Emails Lacked SPF and DKIM Authentication The issue was flagged by security researcher Kevin Beaumont, whose LinkedIn post on the issue was shared more than 400 times. “Check your email logs (including Exchange Online) for an email from mbsupport@microsoft.com,” Beaumont wrote. “Microsoft had a breach by Russia impacting customer data and didn’t follow the Microsoft 365 customer data breach process. “The notifications aren’t in the portal, they emailed tenant admins instead. The emails can go into spam - and tenant admin accounts are supposed to be secure breakglass accounts without email. They also haven’t informed orgs via account managers. You want to check all emails going back to June. It is widespread.” A commenter, Thanos Vrachnos, replied that “Several of my clients received this email. All of them were worried it was phishing, since no SPF & DKIM were used according to the email headers and the URL mentioned in the email message was hosted as a simple (almost dummy) Azure PowerApp with a simple DV SSL certificate issued by another trusted CA and without any organization info (all other MS domains have OV/EV certificates issued by Microsoft as a publicly trusted CA)...weird way for a provider like this to communicate an important issue to potentially affected customers.” The notification – from a Midnight Blizzard attack earlier this year – was also flagged by Microsoft customers on company forums too. On Mastodon, Beaumont noted more than 500 organizations where the emails had been flagged as phishing attempts and submitted to sandboxes. Getting DMARC Right Microsoft’s own 365 documentation includes a primer on “How SPF, DKIM, and DMARC work together to authenticate email message senders.” In Microsoft’s own words: The Sender Policy Framework (SPF) specifies the source email servers that are authorized to send mail for the domain. DomainKeys Identified Mail (DKIM) uses a domain to digitally sign important elements of the message to ensure the message hasn't been altered in transit. Domain-based Message Authentication, Reporting and Conformance (DMARC) specifies the action for messages that fail SPF or DKIM checks for senders in the domain, and specifies where to send the DMARC results (reporting). The challenge with DMARC, SPF and DKIM is they must be implemented properly to provide adequate protection. Just last week, email security vendor EasyDMARC released a study that found that while 61% of top manufacturing companies have implemented DMARC, only 19% have adopted the stringent p=reject policy that provides full protection against phishing and spoofing. DMARC takes time to get right. You implement and verify SPF, DKIM and DMARC policies; deploy DMARC in monitoring mode (p=none); monitor reports to identify legitimate email sources that are getting rejected; and then over time, as issues get resolved, increase enforcement to ‘p=quarantine’ or ‘p=reject.’ DMARC offers great promise for fighting spoofing and phishing, the point where so many cyber attacks start. Taking time to get it right could greatly improve your cybersecurity defenses – and keep your organization from embarrassing public scrutiny.

image for Kaspersky Exits U.S. ...

 Business News

Kaspersky Lab, the embattled Russian cybersecurity firm, has announced the closure of its U.S. operations this week, laying off its entire American workforce of less than 50 employees. In a statement to The Cyber Express, Kaspersky said: "Starting from July 20, 2024 Kaspersky will gradually wind down its U.S.   show more ...

operations and eliminate U.S.-based positions. The decision and process follows the Final Determination by the U.S. Department of Commerce, prohibiting the sales and distribution of Kaspersky products in the U.S." The completion of its exit formalities, however, will still take time. "It's a long process that can take more than a year," Kaspersky said. The antivirus provider has been operating in the U.S. for close to 20 years. But after last month's ban, the company "carefully examined and evaluated the impact of the U.S. legal requirements and made this sad and difficult decision as business opportunities in the country are no longer viable," Kaspersky told The Cyber Express. As told by Kaspersky, the move follows last month's U.S. Commerce Department ban on Kaspersky software sales and the U.S. Treasury Department's sanctioning of its top executives, citing national security concerns. The Treasury Department’s Office of Foreign Assets Control (OFAC) specifically targeted key individuals within Kaspersky Lab, including the chief operating officer, chief legal officer, chief of human resources, and chief business development and technology officers, among others. The Department of Homeland Security (DHS) had previously banned Kaspersky from government systems in 2017, followed by a similar ban on its use within the U.S. military in 2018. However, the June 2024 Commerce Department ban effectively crippled Kaspersky's commercial business in the U.S. The U.S. government has never provided concrete evidence that Kaspersky or the Russian government used its software for espionage. Kaspersky maintains its innocence, claiming the ban is based on "geopolitical climate and theoretical concerns" rather than a factual evaluation of their products. Unanswered Questions and Potential Security Risks Despite the lack of concrete evidence, the U.S. government expressed concern about Russia's potential to compel Kaspersky to cooperate with surveillance activities. Secretary of Commerce Gina Raimondo said last month, “Russia has shown time and again they have the capability and intent to exploit Russian companies, like Kaspersky Lab, to collect and weaponize sensitive U.S. information, and we will continue to use every tool at our disposal to safeguard U.S. national security and the American people." Kaspersky software's deep access to system files, a necessity for antivirus functionality, raises potential security risks in the eyes of U.S. officials. The recent ban prevents Kaspersky from not only selling new software but also providing security updates to existing users after September 29. This leaves millions of endpoints vulnerable as the software becomes increasingly ineffective against evolving threats. Uncertain Future for Existing Users While the U.S. government won't penalize those continuing to use Kaspersky software, they strongly advise switching to alternative solutions. Security professionals managing potentially vulnerable systems with Kaspersky software face a critical decision: replace Kaspersky entirely or find alternative mitigation strategies until a new solution can be implemented. Fallout for Kaspersky The U.S. ban is a significant blow to Kaspersky. While the U.S. sales only accounted for roughly 10% of their global revenue and only about 3% of antivirus users were running Kaspersky software in the country before the U.S. government banned sales in June, losing access to the U.S. market weakens their brand reputation and could potentially influence other countries to follow suit. Kaspersky's future remains uncertain, particularly as they grapple with the closure of their U.S. operations and the ongoing scrutiny from governments around the world. However Kaspersky told The Cyber Express: "Kaspersky's business remains resilient, and our key priority remains the same – to protect our customers in any country from cyberthreats. Being a global cybersecurity vendor, the company will continue investing in strategic markets and remain committed to serving its customers and partners and ensuring their protection." "As a global company operating in more than 200 territories and countries, Kaspersky will be able to adapt its sales pipeline and maintain its global presence by focusing on the markets where it sees the most potential for its business development," the company told TCE. Security professionals and network engineers should closely monitor this evolving situation and consider alternative antivirus solutions to ensure the security of their networks. * Update July 15, 4:15 p.m.- Added Kaspersky's statement on how much time it will take for the company to completely exit U.S.

image for UAE E-commerce Ghaya ...

 Cybersecurity News

A threat actor has recently claimed to have leaked sensitive data from Ghayar, a UAE-based e-commerce platform specializing in spare parts. According to the allegations, the Ghayar data breach occurred in July 2024 and compromised the personal information of approximately 7,100 users. The potentially exposed data   show more ...

reportedly includes customer IDs, names, email addresses, country codes, mobile numbers, passwords, and customer statuses. Extent of the Alleged Ghayar Data Breach The threat actor's claim details the extent of the compromised data, highlighting significant risks for the affected users. The exposed information includes: Customer IDs: Unique identifiers for users on the Ghayar platform. Names: Full names of the customers. Email Addresses: Personal email addresses used for account registration. Country Codes: Codes indicating the customers' countries of residence. Mobile Numbers: Contact numbers associated with the user accounts. Passwords: Encrypted or possibly plaintext passwords. Customer Statuses: Information regarding the customers' activity and status on the platform. Despite these extensive details, the threat actor has not disclosed any specific motive behind the Ghayar cyberattack. This lack of clarity raises questions about whether the breach was driven by financial gain, a desire to damage Ghayar's reputation or another unknown reason. Ghayar e-Dealing, a limited liability company (L.L.C) registered in the Emirate of Dubai, UAE, owns and operates the website and the Ghayar App. The company specializes in providing spare parts for all types of vehicles, offering quick and safe delivery services. Ghayar is committed to global policies that guarantee the quality of spare parts and provide flexible return options to ensure total customer satisfaction. As of the time of writing, the Ghayar official website remains fully functional, with no visible signs of disruption or foul play. To verify the claim of the data breach, The Cyber Express Team reached out to Ghayar officials for comment. However, no response has been received, leaving the claim unverified at this moment. The Cyber Express will update the story as soon as more information becomes available. Previous Incidents in the Sector This alleged data breach at Ghayar follows another significant incident involving Advance Auto Parts, Inc., a major provider of automobile aftermarket components. In this case, a threat actor using the handle “Sp1d3r” claimed responsibility for stealing three terabytes of data from the company’s Snowflake cloud storage. The stolen information was allegedly being sold for $1.5 million. Advance Auto Parts reported the data breach to the US Securities and Exchange Commission (SEC) in June 2024. In their SEC filing, the company detailed the unauthorized access and subsequent investigation: "On May 23, 2024, Advance Auto Parts, Inc. identified unauthorized activity within a third-party cloud database environment containing Company data and launched an investigation with industry-leading experts. On June 4, 2024, a criminal threat actor offered what it alleged to be Company data for sale. The Company has notified law enforcement." The Advance Auto Parts incident underscores the vulnerability of cloud storage solutions and the critical need for robust cybersecurity measures. Implications and Recommendations For the customers potentially affected by the alleged Ghayar data breach, several precautionary measures are recommended to protect their information: Change Passwords: Users should change their passwords for Ghayar and any other accounts where they might have used the same password. Enable Two-Factor Authentication (2FA): Adding an extra layer of security to their accounts. Monitor Accounts: Keeping a close watch on financial accounts and email for any suspicious activity. Be Wary of Phishing Attempts: Users should be cautious of any unusual emails or messages, especially those asking for personal information. Update Security Software: Ensuring all devices have the latest security software installed to protect against potential threats. [contact-form][contact-field label="Name" type="name" required="true" /][contact-field label="Email" type="email" required="true" /][contact-field label="Website" type="url" /][contact-field label="Message" type="textarea" /][/contact-form] The lack of response from Ghayar's officials leaves the situation unresolved, but the potential implications for affected customers are serious. The Cyber Express will continue to monitor the situation and provide updates as more information becomes available. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Cyber Insurance for ...

 Cyber Essentials

Imagine waking up to discover that hackers have breached your company's defenses, accessed sensitive customer data and crippled your operations. This nightmare became a reality for Snowflake on May 31, 2024, when attackers infiltrated customer accounts using single-factor authentication. Leveraging credentials   show more ...

obtained through infostealing malware, these cybercriminals launched data breaches starting in April 2024. Snowflake initially downplayed the impact, calling it "limited," but a deeper investigation by Mandiant revealed a much graver scenario: 165 customers, including giants like Ticketmaster, Advance Auto Parts, and Santander, were affected. Snowflake's ordeal is far from an isolated incident. The infamous SolarWinds attack saw hackers inject a backdoor into a software update of this popular networking tool, granting them remote access to thousands of corporate and government servers worldwide. This massive breach led to numerous security incidents and exposed critical data. Similarly, British Airways found itself in hot water when a Magecart supply chain attack compromised its trading system, leaking sensitive customer information. These high-profile cyberattacks shine a spotlight on the escalating vulnerabilities within supply chains, underlining the dire need for robust cybersecurity measures. As these threats continue to grow, businesses are left pondering a critical question: Is investing in cyber insurance worth it? This article explores the potential benefits and challenges of cyber insurance, helping businesses determine if it's a worthy investment for safeguarding their operations against the ever-evolving cyber threat landscape. Understanding Cyber Insurance Cyber insurance, also known as cyber liability or cybersecurity insurance, is a specialized contract designed to mitigate the financial risks associated with online business operations. By paying a monthly or quarterly fee, businesses can transfer some of their cyber risk to an insurer. Unlike traditional insurance plans, cyber insurance policies are highly dynamic, often changing from month to month to keep pace with the evolving nature of cyber threats. This variability is due to the limited historical data available to underwriters, making it challenging to create stable risk models for determining coverage, rates, and premiums. So, From Where Did It Origin? The origins of cyber insurance trace back to the late 1990s when the growing reliance on technology and the rise in cyber threats necessitated a new type of protection. Initially focused on data breaches and computer attacks, cyber insurance has since expanded to cover a wide range of cybercrimes, including ransomware, cyber extortion, social engineering attacks, system failures, and business interruptions resulting from cybersecurity incidents. The increasing popularity of cyber insurance is well-founded. The financial impact of cyberattacks on businesses can be devastating, encompassing direct financial losses, operational disruptions, and severe damage to reputation and customer trust. For instance, a cyberattack can lead to halted production lines, breached customer data, and a significant loss of market confidence. As the cyber insurance market rapidly grows—it was valued at approximately $13 billion in 2023, nearly double its size in 2020—forecasts suggest it will continue to expand, reaching an estimated $22.5 billion by 2025. This growth highlights the necessity of cyber insurance in today's digital landscape, where the true cost of cyberattacks can be staggering. With 70 percent of businesses experiencing a cyberattack, the importance of having cyber insurance cannot be overstated. Components of Cyber Insurance Relevant to Supply Chains Cyber insurance tailored for supply chains encompasses critical components designed to mitigate the multifaceted risks posed by cyber threats. Coverage details typically include protection against data breaches, crucial for safeguarding sensitive information compromised during cyber incidents. This coverage extends to forensic expenses, covering the costs of hiring external forensic teams to investigate and ascertain the extent of data breaches—a vital step in understanding and mitigating the damage. Business interruption coverage is equally pivotal, offering compensation for revenue losses incurred due to cyber incidents disrupting normal operations. This aspect of cyber insurance becomes indispensable, especially considering that supply chain disruptions last year led to an average annual loss of $82 million per company across key industries. Third-party liability coverage shields businesses from legal and financial repercussions arising from breaches affecting external stakeholders. This includes expenses for legal representation to navigate regulatory fines, penalties, and compliance requirements mandated by federal and state authorities. Additionally, cyber insurance often covers credit monitoring and identity theft repair services, not only to mitigate legal liability but also as a proactive measure to rebuild customer trust and uphold ethical business practices. Exclusions and limitations in cyber insurance policies are essential considerations. Common exclusions may include certain types of cyber incidents or inadequate coverage for specific losses, necessitating careful review and customization of policies to align with supply chain vulnerabilities and risk tolerance. Limitations and caps on coverage are also critical, outlining the maximum financial assistance available for various aspects of cyber incident response and recovery. The benefits of cyber insurance for supply chains extend beyond financial protection to encompass enhanced risk management strategies. Policies often include comprehensive support services such as incident response teams and legal assistance, pivotal in minimizing the impact of cyber incidents on business continuity and reputation. Moreover, investing in cyber insurance can confer a competitive advantage by demonstrating proactive risk management to customers, partners, and stakeholders—crucial in differentiating businesses in today's hyper-connected marketplace. Challenges and Considerations Cyber insurance presents a myriad of challenges, reflecting the complex and evolving nature of cyber threats. One of the primary hurdles is the lack of mandatory reporting for cyber breaches that don't directly impact consumer data, leaving a significant number of attacks unreported. This data gap undermines insurers' ability to accurately assess the full costs of cyber incidents, complicating the development of effective cyber insurance policies tailored to diverse risks. Another significant challenge stems from organizations' varying levels of preparedness and awareness regarding cyber threats. Many businesses lack comprehensive knowledge about their internal cybersecurity readiness, posing difficulties for insurers in accurately underwriting cyber risks. This uncertainty makes it challenging to formulate precise policies that adequately cover potential vulnerabilities and exposures. Public awareness and perception of cyber insurance also play a critical role. While a substantial portion of U.S. adults are familiar with cyber insurance, there remains a disparity in understanding between those who have experienced cybercrime and those who haven't. Concerns about the perceived cost of premiums and the need for more research deter many organizations from investing in cyber insurance, despite the growing necessity in today's digital age. Moreover, defining and categorizing cyber threats accurately present ongoing challenges for insurers. The rapid evolution of technologies like IoT complicates risk assessment and policy formulation, as insurers grapple with defining and quantifying the impact of emerging cyber risks. This ambiguity can lead to gaps in coverage and potentially expose organizations to significant financial and reputational damage in the event of a major cyberattack. Geographical limitations further complicate cyber insurance coverage, unlike traditional insurance which typically defines risks based on physical locations. In the world of cyber insurance, where attacks can originate and propagate globally with minimal regard for physical boundaries, insurers face complexities in determining the scope and extent of coverage across diverse operational environments. Finally, the "actuarial paradox" poses a unique conundrum in cyber insurance. Unlike traditional insurance where historical data can reliably predict future risks, the response to a cyber breach can potentially mitigate future vulnerabilities. Insurers must grapple with assessing whether companies that have experienced breaches and responded effectively are indeed lower risks deserving of reduced premiums—an intricate balancing act in the ever-changing cybersecurity landscape. Addressing these challenges requires collaboration between insurers, businesses, and cybersecurity experts to develop innovative solutions that effectively mitigate cyber risks while enhancing the accessibility and efficacy of cyber insurance policies in safeguarding organizations against the evolving threat landscape. Making the Decision: Is It Worth The Investment? Investing in cyber insurance tailored for supply chain attacks demands a careful cost-benefit analysis to determine its viability. As the cyber insurance market continues its rapid expansion—nearly tripling in size over the past five years—the landscape of cyber threats grows increasingly complex. Conducting a thorough evaluation involves weighing the potential costs of cyber incidents, such as data breaches and operational disruptions, against the premiums and coverage offered by cyber insurance policies. For businesses, particularly small and medium-sized enterprises (SMEs), the decision hinges on customizing policies to align with specific supply chain risks. This customization not only requires a keen understanding of internal vulnerabilities but also necessitates a comprehensive risk assessment to identify potential exposures. While large companies dominate the cyber insurance market, SMEs often shoulder their cyber risks independently due to perceived complexities and costs associated with cyber insurance. However, recent trends indicate a growing commitment from reinsurers and emerging interest from capital markets in mitigating cyber risks. Despite these developments, a significant portion of cyber risks remains uninsured, highlighting the need for broader adoption and tailored solutions to protect supply chains effectively. In conclusion, the decision to invest in cyber insurance for supply chain attacks is not merely about financial protection but also strategic resilience. It entails proactive risk management, enhanced operational continuity, and bolstered customer trust—all critical components in navigating today's digital landscape. By aligning insurance investments with specific risk profiles and leveraging tailored policies, businesses can fortify their defenses against cyber threats while positioning themselves for sustainable growth and resilience in an increasingly interconnected world.

image for Are You Yet to Compl ...

 Features

By Shrikant Navelkar, Director, Clover Infotech In the ever-evolving landscape of modern business, cloud technology has emerged as a pivotal force driving innovation, efficiency, and competitiveness. However, it's estimated that around 30-40% of enterprises are yet to adopt cloud technology optimally. This means   show more ...

that a significant number of businesses are still in the early stages of cloud adoption, using cloud services minimally, or relying heavily on traditional on-premises infrastructure. Are you one of them? If you are, it’s time to consider why you haven't fully embraced the cloud and how you can overcome the barriers to modernize effectively. Major Apprehensions Preventing Complete Cloud Adoption Despite the numerous advantages cloud technology offers, many enterprises are still hesitant to make the transition. A recent survey by PwC highlights the key barriers to cloud adoption, with the following approximate distribution among respondents: Security Concerns (66%) The most common apprehension is related to the security of data in the cloud. Enterprises are wary of data breaches, cyber-attacks, and the potential loss of sensitive information. However, it's crucial to note that reputable cloud service providers invest significantly in security measures, often offering better protection than on-premises solutions. Compliance and Data Sovereignty (50%) Regulatory requirements and data sovereignty issues pose significant challenges. Businesses operating in multiple regions must comply with various regulations concerning data storage and transfer, making cloud adoption more complex. Vendor Lock-in (45%) Fear of being locked into a single vendor's ecosystem, with limited flexibility and high switching costs, is a major concern. This often leads to enterprises delaying or avoiding the full cloud migration. Skills Gaps (40%) The shortage of skilled professionals who can effectively manage and utilize cloud technologies is a substantial barrier. Enterprises need to invest in training and upskilling their workforce to bridge this gap. Existing Investments (35%) Many organizations have already invested heavily in their on-premises infrastructure. The reluctance to abandon these investments and the perceived redundancy of the existing systems hinder cloud adoption. Cost Management (30%) Managing costs in a cloud environment can be challenging, especially with variable pricing models. Enterprises fear unexpected expenses and a lack of control over cloud spending. Overcoming Barriers with Managed Services Providers (MSPs) To fully realize the benefits of cloud technology, enterprises must seek customized solutions offered by Managed Services Providers (MSPs). MSPs play a crucial role in helping businesses navigate the complexities of cloud adoption, providing expertise and support throughout the journey. Here’s how they will support your cloud journey: Cloud Consulting Services: Utilizing an application assessment framework, MSPs will carefully evaluate your applications landscape for functional and technical feasibility to create a comprehensive cloud roadmap. This initial consulting phase ensures that your cloud strategy aligns with your business goals and technical requirements. Cloudification Journey: Once the cloud roadmap is established, MSPs guide you through a detailed cloudification process. This includes: On-premises Modernization: Upgrading your existing infrastructure to be cloud-ready. Data Management: Ensuring data integrity and compliance with regulatory requirements. Security Management: Implementing robust security measures to protect your data. Integrations Management: Seamlessly integrating cloud services with existing systems. Customization Replications: Tailoring cloud solutions to meet your specific business needs. Cloud Consolidation: Depending on your strategy, MSPs can assist with: Single Cloud Strategy: Consolidating your infrastructure on a single cloud platform like Oracle Cloud Infrastructure (OCI), simplifying management and improving efficiency. Multi-cloud Strategy: Navigating the complexities of managing multiple cloud platforms, optimizing cloud credits, and enhancing ROI. By adopting a tailored approach, MSPs enable you to streamline your cloud operations and maximize the benefits of your chosen cloud strategy. Cloud Managed Services: With a team of certified cloud experts, MSPs help you optimize cloud resources continuously. They provide ongoing support to adjust cloud usage based on business requirements, ensuring cost-effective operations without compromising on performance. By leveraging their extensive experience across industries, MSPs can help you save millions in cloud costs while achieving efficient modernization. Conclusion As the digital landscape continues to evolve, embracing cloud technology is no longer an option but a necessity for staying competitive. Optimization of the cloud infrastructure can not only add great value in terms of resource utilization and cost-efficiency but also lays the foundation for unprecedented growth and success.

image for AT&T Paid Hackers $3 ...

 Cybersecurity News

AT&T admitted on Friday that a significant security breach had compromised the call records of tens of millions of its customers. Following this revelation, new reports have surfaced that the telecom giant paid around $370,000 to the hacker responsible for the AT&T data breach to delete all the stolen data.   show more ...

The payment was made in cryptocurrency in May, and as part of the agreement, the hacker provided a video showing the data being deleted, according to Wired. AT&T Data Breach: Negotiations and Payment Details Wired conducted its own investigation and confirmed that the payment transaction did take place. The hacker, believed to be part of the notorious ShinyHunters group, initially demanded $1 million but eventually settled for around a third of that amount. The payment was facilitated through a security researcher known only as Reddington, who acted as an intermediary between AT&T and the hacker. Reddington also received a fee for his role in the negotiations. Reddington shared the deletion video with Wired, expressing confidence that it showed the complete erasure of the stolen dataset. The video was provided to AT&T as proof of deletion. The hacker used the funds from AT&T to launder the cryptocurrency through several exchanges and wallets. Background of AT&T Data Breach The data breach at AT&T first came to light in mid-April when Reddington was contacted by an American hacker living in Turkey, believed to be John Erin Binns. Binns claimed to have obtained AT&T call logs and shared samples with Reddington, who verified their authenticity. Binns indicated that he had also accessed call and texting logs of millions of other AT&T customers through a poorly secured cloud storage account hosted by Snowflake. Reddington reported the breach to the security firm Mandiant, which then notified AT&T. AT&T revealed in a regulatory filing to the Securities and Exchange Commission (SEC) that the stolen data included call and text messaging metadata, though not the content of the communications or the names of the phone owners. The stolen data encompassed telephone numbers of nearly all AT&T cellular customers and those who communicated with them between May 1, 2022, and October 31, 2022, as well as on January 2, 2023. The dataset also included dates and durations of calls and, for some records, cell site ID numbers that can reveal general locations of phone users. The ShinyHunters group has been linked to a series of data thefts from unsecured Snowflake cloud storage accounts. AT&T is one of more than 150 companies affected by this hacking spree, which included victims like Ticketmaster, Santander, LendingTree, and Advance Auto Parts. The hackers exploited the lack of multi-factor authentication on these accounts, accessing them with stolen credentials and siphoning off data. In its SEC filing, AT&T disclosed that it first learned of the breach in April but was granted exemptions by the Department of Justice to delay notification due to potential national security or public safety concerns. The FBI was informed shortly after AT&T discovered the hack and reviewed the data to assess the potential harm. John Erin Binns, the hacker believed to be behind the AT&T breach, was arrested in Turkey in May for an unrelated data theft from T-Mobile in 2021. Binns has a history of legal issues and has accused U.S. authorities of various conspiracies against him. In 2022, Binns was indicted on 12 counts related to the T-Mobile hack, which involved the theft and sale of sensitive information on over 40 million people. Despite his legal troubles, Binns allegedly continued his hacking activities, including the AT&T breach. Future Risks and Precautions Despite the payment and deletion of the stolen data, some AT&T customers may still be at risk if other copies of the data exist. The hacker who allegedly received the payment claims that Binns had shared samples of the data with others, though it remains unclear how many people received these excerpts and what they did with them. The Cyber Express Team has reached out to AT&T officials for the comment, however, as of writing this news report no official response was received. AT&T's decision to pay the hacker highlights the complex and often difficult choices companies face when dealing with data breaches.

image for Google Parent Alphab ...

 Cybersecurity News

Google's parent company, Alphabet, is reportedly in advanced negotiations to acquire the cybersecurity startup Wiz for approximately US$23 billion, according to Reuters. If the deal materializes, it would mark Alphabet's largest acquisition to date. The potential Alphabet Wiz acquisition, primarily funded in   show more ...

cash, could be finalized soon. Wiz, originally founded in Israel and now headquartered in New York, has rapidly emerged as one of the fastest-growing software startups globally. The company specializes in cloud-based cybersecurity solutions, offering real-time threat detection and response capabilities powered by artificial intelligence. Wiz's Financial Performance and Clientele Should Alphabet proceed with this acquisition, it would represent a notable move amidst the current climate of heightened regulatory scrutiny of major technology companies under President Joe Biden's administration. In recent years, U.S. regulators have shown increasing resistance to large tech companies expanding through significant acquisitions. In 2023, Wiz generated approximately $350 million in revenue and collaborates with 40% of Fortune 100 companies, according to information on its website. The company recently raised $1 billion in a private funding round, which valued it at $12 billion. On reaching out for comments, both Alphabet and Wiz have not yet responded to The Cyber Express Team's requests on the potential deal. Wiz collaborates with multiple cloud service providers, including Microsoft and Amazon, and boasts a client roster that includes Morgan Stanley and DocuSign. With a workforce of 900 employees spread across the United States, Europe, Asia, and Israel, Wiz has previously announced plans to expand its global team by an additional 400 employees in 2024. Strategic Decisions of Alphabet Interestingly, Alphabet recently decided against pursuing a takeover of the online marketing software company HubSpot. The broader technology sector has seen an uptick in dealmaking activity this year. In January, design software company Synopsys (SNPS.O) agreed to acquire its smaller rival Ansys for around $35 billion. Additionally, Hewlett Packard Enterprise (HPE.N) struck a deal to purchase networking gear maker Juniper Networks (JNPR.N) for $14 billion. Technology has accounted for the largest share of mergers and acquisitions during the first half of the year, with activity surging over 42% year-on-year to reach $327.2 billion, based on data from Dealogic. Moreover, The New York Times reports that Google is pushing forward with the Wiz acquisition despite potential regulatory hurdles. The company appears willing to challenge any opposition to enhance its cloud-computing division, which currently trails behind Amazon Web Services and Microsoft Azure. Google faces two antitrust lawsuits from the Justice Department, targeting its search engine dominance and digital advertising-technology business. A verdict in the search case is expected this summer. The Biden administration has taken a firm stance against major tech acquisitions, blocking several high-profile deals including Penguin Random House's $2.18 billion acquisition of Simon & Schuster and JetBlue's $3.8 billion purchase of Spirit Airlines. Amazon also abandoned its $1.7 billion acquisition of iRobot due to regulatory pushback. In recent years, Google has been striving to diversify its revenue sources beyond online advertising, with search, YouTube, and other platforms still accounting for 75% of its income. The acquisition of Wiz, while not an immediate game-changer, would enhance Google Cloud's capabilities and strengthen its ties with companies relying on Wiz for security across AWS, Azure, and other cloud services. Historically, Google has been cautious with large acquisitions. After buying Motorola for $12.5 billion, it sold the company to Lenovo at a loss less than two years later. More recently, in 2021, Google acquired Fitbit for $2.1 billion, a deal that faced regulatory scrutiny before approval. Google has made several strategic acquisitions to enhance its cloud computing offerings. In 2022, it purchased Mandiant, a cybersecurity firm, for $5.4 billion, and Siemplify, another cybersecurity company. Thomas Kurian, CEO of Google Cloud, has been a driving force behind the push to acquire Wiz, aiming to make cybersecurity a key strength of Google Cloud. Wiz's services would help corporate clients like BMW, Slack, and Morgan Stanley mitigate security risks associated with cloud computing. If the deal goes through, it would signify a bold step in Alphabet's growth strategy amidst a challenging regulatory landscape.

image for Kaspersky Premium ta ...

 Tips

We write a lot about phishing, and always recommend our products as the best line of defense. And for good reason — Kaspersky Premium for Windows outperformed 14 other solutions in AV-Comparatives 2024 Anti-Phishing Test — beating global vendors like Bitdefender, McAfee, Avast, and others. The AV-Comparatives   show more ...

Approved Anti-Phishing certificate — a mark of quality in protecting users from phishing Because Kaspersky products utilize a unified stack of security technologies, which was rigorously tested by researchers, this award equally applies to our other products and solutions — both for home users (Kaspersky Standard, Kaspersky Plus, and Kaspersky Premium) and for business (such as Kaspersky Endpoint Security for Business and Kaspersky Small Office Security). About the test The independent Austrian organization AV-Comparatives has a 25-year track of record of evaluating the effectiveness of cybersecurity products and solutions. This latest test assessed how well popular cybersecurity solutions protect users from phishing threats while browsing the web and using email. The test ran from May 17 to 28, 2024, using a selection of 275 fresh and active phishing links. The phishing URLs included sites designed to steal data from bank cards, PayPal and online banking accounts, Dropbox and eBay, social media and email accounts, online games, and other online services. To test for false positives, 250 links to legitimate online banking services worldwide were also included. To achieve certification, security solutions had to block at least 85% of phishing addresses and avoid any false positives on legitimate websites. Kaspersky Premium for Windows blocked the highest number of phishing links among all the tests participants — 93% — without a single false positive, securing first place. Only seven of the 15 tested solutions from other vendors met the certification criteria — albeit with lower scores: McAfee (92%), Avast (91%), Trend Micro (89%), Fortinet (89%), Bitdefender (89%), ESET (87%), and NordVPN (85%). Comparison of AV-Comparatives anti-phishing test results for eight certified protection solutions AV-Comparatives has been conducting its anti-phishing test — whose list of threats and legitimate websites is updated annually — since 2011, and our products have excelled consistently year after year. The test is performed on computers with identical hardware configurations, operating systems, and browsers, simultaneously for all security solutions put to the test. All other phishing protection mechanisms in the operating system or browser are disabled. Each tested product is configured to default settings and has unlimited internet access and the ability to update throughout the test. A visit to a phishing site is only considered as detected if the security solution warns the user that the site is unsafe. A legacy of success In 2023 alone, our products participated in 100 independent studies and emerged victorious 93 times. Since 2013, our products have undergone rigorous testing by independent researchers 927 times, achieving 680 first-place finishes, and placing in the top-three 779 times. This is an absolute record among all security solution vendors — both in terms of tests conducted and victories secured. Heres a rundown of some of our most notable recent wins: Kaspersky Standard for Windows was recognized by AV-Comparatives as Product of the Year in 2023 based on the results of seven tests conducted over 13 months — surpassing Bitdefender, Avast, McAfee, and 12 other security solutions. Concurrently, AV-Test awarded our home user protection its annual Best Advanced Protection 2023 award based on six tests. We dedicated a separate blog post to this achievement. Kaspersky Plus for Windows achieved a perfect score in the Total Accuracy Rating category in all of SE Labs Endpoint Security: Home tests conducted in 2023 and 2024 — earning the AAA rating. Kaspersky Plus for Mac was recognized as the best security solution for macOS users by AV-Test in 2023, achieving top scores and quality certifications in all four tests conducted that year. In March 2024, the product received further acclaim from AV-Test — again earning a perfect score. Kaspersky Plus for Android received a five-star rating in all six of Testing Ground Labs tests conducted in 2023, and two tests in 2024. Consistency is a sign of success! Kaspersky Safe Kids stood out as the only product among five participants in the test of parental control and child protection solutions to receive the Approved Parental Control certification from AV-Comparatives in 2024. This recognition comes as a result of the product blocking over 98% of websites distributing pornographic content — all without any false positives. You can check out our other awards in the TOP-3 section on our website.

image for Researchers: Weak Se ...

 A Little Sunshine

At least a dozen organizations with domain names at domain registrar Squarespace saw their websites hijacked last week. Squarespace bought all assets of Google Domains a year ago, but many customers still haven’t set up their new accounts. Experts say malicious hackers learned they could commandeer any migrated   show more ...

Squarespace accounts that hadn’t yet been registered, merely by supplying an email address tied to an existing domain. Until this past weekend, Squarespace’s website had an option to log in via email. The Squarespace domain hijacks, which took place between July 9 and July 12, appear to have mostly targeted cryptocurrency businesses, including Celer Network, Compound Finance, Pendle Finance, and Unstoppable Domains. In some cases, the attackers were able to redirect the hijacked domains to phishing sites set up to steal visitors’ cryptocurrency funds. New York City-based Squarespace purchased roughly 10 million domain names from Google Domains in June 2023, and it has been gradually migrating those domains to its service ever since. Squarespace has not responded to a request for comment, nor has it issued a statement about the attacks. But an analysis released by security experts at Metamask and Paradigm finds the most likely explanation for what happened is that Squarespace assumed all users migrating from Google Domains would select the social login options — such “Continue with Google” or “Continue with Apple” — as opposed to the “Continue with email” choice. Taylor Monahan, lead product manager at Metamask, said Squarespace never accounted for the possibility that a threat actor might sign up for an account using an email associated with a recently-migrated domain before the legitimate email holder created the account themselves. “Thus nothing actually stops them from trying to login with an email,” Monahan told KrebsOnSecurity. “And since there’s no password on the account, it just shoots them to the ‘create password for your new account’ flow. And since the account is half-initialized on the backend, they now have access to the domain in question.” What’s more, Monahan said, Squarespace did not require email verification for new accounts created with a password. “The domains being migrated from Google to Squarespace are known,” Monahan said. “It’s either public or easily discernible info which email addresses have admin of a domain. And if that email never sets up their account on Squarespace — say because the billing admin left the company five years ago or folks just ignored the email — anyone who enters that email@domain in the squarespace form now has full access to control to the domain.” The researchers say some Squarespace domains that were migrated over also could be hijacked if attackers discovered the email addresses for less privileged user accounts tied to the domain, such as “domain manager,” which likewise has the ability to transfer a domain or point it to a different Internet address. Squarespace says domain owners and domain managers have many of the same privileges, including the ability to move a domain or manage the site’s domain name server (DNS) settings. Monahan said the migration has left domain owners with fewer options to secure and monitor their accounts. “Squarespace can’t support users who need any control or insight into the activity being performed in their account or domain,” Monahan said. “You basically have no control over the access different folks have. You don’t have any audit logs. You don’t get email notifications for some actions. The owner doesn’t get email notification for actions taken by a ‘domain manager.’ This is absolutely insane if you’re used to and expecting the controls Google provides.” The researchers have published a comprehensive guide for locking down Squarespace user accounts, which urges Squarespace users to enable multi-factor authentication (disabled during the migration). “Determining what emails have access to your new Squarespace account is step 1,” the help guide advises. “Most teams DO NOT REALIZE these accounts even exist, let alone theoretically have access.” The guide also recommends removing unnecessary Squarespace user accounts, and disabling reseller access in Google Workspace. “If you bought Google Workspace via Google Domains, Squarespace is now your authorized reseller,” the help document explains. “This means that anyone with access to your Squarespace account also has a backdoor into your Google Workspace unless you explicitly disable it by following the instructions here, which you should do. It’s easier to secure one account than two.”

 Threat Actors

Crystalray's attack chain involves using various OSS tools for reconnaissance, scanning, and exploiting vulnerabilities. The group was first discovered in February using the "SSH-Snake" tool to exploit vulnerabilities in Atlassian Confluence.

 Incident Response, Learnings

Vyacheslav Igorevich Penchukov, a criminal who used Zeus and IcedID malware to steal millions of dollars from victims, has been sentenced to almost a decade in prison and ordered to pay $73 million in restitution by a Nebraska federal court judge.

 Geopolitical, Terrorism

The new cyber-defense facility, dubbed NATO Integrated Cyber Defence Centre (NICC), will be located in Belgium at SHAPE and will consist of civilian and military experts from member states.

 Malware and Vulnerabilities

Signal has now taken steps to address the issue by integrating Electron's SafeStorage API to secure the data store from offline attacks. The new implementation is currently being tested and will soon be available in a Beta version.

 Feed

GeoServer is an open-source software server written in Java that provides the ability to view, edit, and share geospatial data. It is designed to be a flexible, efficient solution for distributing geospatial data from a variety of sources such as Geographic Information System (GIS) databases, web-based data, and   show more ...

personal datasets. In the GeoServer versions before 2.23.6, greater than or equal to 2.24.0, before 2.24.4 and greater than equal to 2.25.0, and before 2.25.1, multiple OGC request parameters allow remote code execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. An attacker can abuse this by sending a POST request with a malicious xpath expression to execute arbitrary commands as root on the system.

 Feed

Ubuntu Security Notice 6898-1 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software   show more ...

RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6897-1 - It was discovered that Ghostscript incorrectly handled certain long PDF filter names. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. It was discovered that   show more ...

Ghostscript incorrectly handled certain API parameters. An attacker could possibly use this issue to cause Ghostscript to crash, resulting in a denial of service. This issue only affected Ubuntu 24.04 LTS.

 Feed

Red Hat Security Advisory 2024-4548-03 - An update for kpatch-patch-5_14_0-284_48_1 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4547-03 - An update for kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.

 Feed

jSQL Injection is a lightweight application used to find database information from a distant server. jSQL Injection is also part of the official penetration testing distribution Kali Linux and is included in various other distributions like Pentest Box, Parrot Security OS, ArchStrike and BlackArch Linux. This is the source code release.

 Feed

Red Hat Security Advisory 2024-4546-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4544-03 - An update for ghostscript is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

 Feed

Red Hat Security Advisory 2024-4543-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4542-03 - An update for ruby is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a HTTP response splitting vulnerability.

 Feed

Red Hat Security Advisory 2024-4533-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include code execution and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4528-03 - An update for less is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a code execution vulnerability.

 Feed

Cybersecurity researchers have shed light on a new version of a ransomware strain called HardBit that comes packaged with new obfuscation techniques to deter analysis efforts. "Unlike previous versions, HardBit Ransomware group enhanced the version 4.0 with passphrase protection," Cybereason researchers Kotaro Ogino and Koshi Oyama said in an analysis. "The passphrase needs to be provided during

 Feed

Retail banking institutions in Singapore have three months to phase out the use of one-time passwords (OTPs) for authentication purposes when signing into online accounts to mitigate the risk of phishing attacks. The decision was announced by the Monetary Authority of Singapore (MAS) and The Association of Banks in Singapore (ABS) on July 9, 2024. "Customers who have activated their digital

 Feed

Imagine you could gain access to any Fortune 100 company for $10 or less, or even for free. Terrifying thought, isn’t it? Or exciting, depending on which side of the cybersecurity barricade you are on. Well, that’s basically the state of things today. Welcome to the infostealer garden of low-hanging fruit. Over the last few years, the problem has grown bigger and bigger, and only now are we

 Feed

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a 10x surge, adding it includes "mass scanning, exploiting multiple vulnerabilities, and placing backdoors using multiple [open-source software]

 Feed

Cybersecurity researchers said they discovered an accidentally leaked GitHub token that could have granted elevated access to the GitHub repositories of the Python language, Python Package Index (PyPI), and the Python Software Foundation (PSF) repositories. JFrog, which found the GitHub Personal Access Token, said the secret was leaked in a public Docker container hosted on Docker Hub. "This

 Data loss

A group of hacktivists claims to have breached the IT systems of Disney, and stolen a gigantic 1.1 terabytes worth of data from the entertainment giant's internal Slack messaging channels. The hacking group, which calls itself NullBulge, posted on an underground hacking forum that it had hoped to postpone   show more ...

announcing the breach until it had accessed more information, "but our insider man got cold feet and kicked us out." Read more in my article on the Hot for Security blog.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cyberwarfare / Nation-State Attacks , Election Security , Fraud Management & Cybercrime ‘Russian Troll Farms Are Highly Active’ as FBI Investigates Attempted Assassination Tom Field (SecurityEditor) , Cal Harrison , Prajeet Nair (@prajeetspeaks) •   show more ...

July 14, 2024     Image: Shutterstock Within hours of the assassination attempt against former President […] La entrada Experts Warn of Post-Trump Shooting Misinformation, Scams – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Monday, July 15
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember