Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How to Protect Finan ...

 Cybersecurity News

The US Department of Treasury and the Financial Services Sector Coordinating Council (FSSCC) released a comprehensive suite of resources aimed at guiding financial institutions in their secure cloud adoption journey. These deliverables result from a year-long collaboration between the Financial and Banking   show more ...

Information Infrastructure Committee (FBIIC) and the FSSCC, under the leadership of the U.S. Department of the Treasury’s Cloud Executive Steering Group (CESG), established in May 2023. The CESG was created at the direction of the Financial Stability Oversight Council (FSOC) to address gaps identified in Treasury's landmark report on the Financial Services Sector’s Adoption of Cloud Services. This initiative aims to provide financial institutions with effective practices for secure cloud adoption and operations and to establish an ongoing effort to address identified gaps. US Department of Treasury Key Deliverables and Objectives The published documents target several key areas: Common Lexicon Development: Establishing a standardized set of terms for financial institutions and regulators to use in discussions regarding cloud services. Enhanced Information Sharing: Improving coordination for the examination of cloud service providers. Oversight Assessment: Evaluating existing authorities for overseeing cloud service providers (CSPs). Third-Party Risk Best Practices: Developing best practices for managing risks associated with CSPs, outsourcing, and due diligence processes. Cloud Adoption Roadmap: Providing a detailed roadmap for financial institutions considering comprehensive or hybrid cloud adoption strategies. Security by Design: Enhancing transparency and monitoring of cloud services to ensure better security practices from the outset. “The completion of these two efforts is the culmination of nearly two years of collaboration to further protect our financial system,” said Deputy Secretary of the Treasury, Wally Adeyemo. “The CESG is now a proven model and a new way for the financial services sector to effectively address our most significant cybersecurity challenges.” “Our financial system is essential infrastructure for the entire economy, and it is deeply reliant on a handful of powerful Big Tech cloud service providers,” stated Consumer Financial Protection Bureau Director Rohit Chopra. “Our work will help protect the financial industry from outages and disruption by leveling the playing field between financial firms of all sizes and big cloud service providers.” “Banks and other financial services firms know they must adapt to new technologies, but many have been uncertain as to how to do so safely and soundly,” said Acting Comptroller of the Currency Michael J. Hsu. “Today’s publications mark a significant step forward by providing a roadmap and helpful resources for banks of all sizes. These documents also clarify cloud service providers’ responsibilities for ensuring a secure and resilient financial system.” “These documents are an important step forward in the CESG's effort to make the cloud safer and more resilient within and beyond the financial services industry,” remarked Bill Demchak, Chairman and CEO of PNC Financial Services Group. “The strong partnership between public- and private-sector leaders allows us to take a more holistic, collaborative approach to defending against evolving threats.” Workstreams and Outputs The CESG model represents an unprecedented level of public-private partnership between the US Department of Treasury, FBIIC, FSSCC, and CSPs. The following workstreams were led by the FSSCC: Cloud Profile 2.0: A cloud security implementation plan for financial institutions of all sizes, developed by the FSSCC Cloud Profile Workstream and the Cyber Risk Institute (CRI). This framework is based on the National Institute of Standards and Technology (NIST) Cybersecurity Framework. Financial Sector Cloud Outsourcing Issues and Considerations: Addressing transparency, resource gaps, and operational risks, this document was co-authored by the FSSCC Cloud Outsourcing Issues and Considerations Workstream and the American Bankers Association (ABA), with support from the Securities Industry and Financial Markets Association (SIFMA). Transparency and Monitoring for Better “Secure-by-Design”: This document includes a service inter-dependency and resilience model and proposes baseline security outcomes and simplified cloud configurations for financial institutions, developed by the FSSCC Transparency and Monitoring Secure-by-Design Workstream and the Financial Services Information Sharing and Analysis Center (FS-ISAC). Additionally, the FBIIC led the development of: Cloud Lexicon: A foundational document standardizing cloud terminology for financial institutions and CSPs, led by the Office of the Comptroller of the Currency (OCC). Coordinated Information Sharing and Examinations Initiative: Enhancing coordination between agencies for CSP examination and information sharing, led by the Consumer Financial Protection Bureau (CFPB). Future Plans Under the joint leadership of the FBIIC and FSSCC, the U.S. Treasury and FSSCC plan to publish additional resources related to cloud cyber incident response coordination and cloud concentration risk throughout the year. These efforts aim to integrate CESG deliverables into broader regulatory, oversight, and examination frameworks, thereby strengthening the shared responsibility model for cloud services in the financial sector.

image for Don’t Be Fooled: U ...

 Cybersecurity News

Cybercriminals are exploiting legitimate URL protection services to mask malicious URLs in phishing emails, as detailed in a recent Threat Spotlight by Barracuda Networks. From mid-May 2024 onwards, Barracuda researchers have detected phishing attacks utilizing three different URL protection services provided by   show more ...

trusted, well-established brands. These attacks have impacted hundreds of companies, potentially affecting even more. How Attackers Are Exploiting URL Protection Services URL protection services are designed to enhance email security by rewriting URL links found in emails. They copy the original URL, embed it within a rewritten link, and then scan the link for security threats when the recipient clicks on it. If the scan confirms the URL is safe, the user is redirected to the original site. However, in the observed attacks, users were instead redirected to phishing sites designed to steal sensitive information. Barracuda's analysis suggests that attackers first compromised the accounts of legitimate users to gain access to these URL protection services. Once inside a compromised account, attackers could impersonate the account owner and scrutinize their email communications, a tactic known as business email compromise (BEC) or conversation hijacking. By examining these emails, attackers could identify the specific URL protection service in use. Using the compromised account, attackers would send a phishing email to themselves containing their malicious link. This email would then be processed by the URL protection service, resulting in a rewritten link that attackers could use in their phishing campaigns. “This inventive tactic helps attackers to evade security detection, and the abuse of trusted, legitimate security brands means that recipients are more likely to feel safe and click on the malicious link,” said Saravanan Mohankumar, Manager, Threat Analyst at Barracuda. “The URL protection provider may not be able to validate whether the redirect URL is being used by a customer or by an intruder who has taken over the account. Phishing is a powerful and often successful threat, and cybercriminals will continue to evolve their tools and techniques to maintain this. Security teams need to be prepared.” In the documented cases, malicious URL links were included in emails from domains such as wanbf[.]com and clarelocke[.]com, which mimicked DocuSign and password reset reminders. These deceptive emails are designed to look legitimate, increasing the likelihood that recipients will click on the links. What Can be the Implications and Challenges of This This method of phishing is particularly insidious because it leverages the inherent trust recipients place in well-known security services. Traditional email security tools, which rely on detecting known malicious patterns or behaviors, may find it difficult to identify these attacks due to their use of legitimate URL protection services. The use of legitimate URL protection services provides a cloak of authenticity, making recipients more likely to trust and click on malicious links. Additionally, because the links have already been processed by a security service, there is a higher likelihood that they will bypass conventional security filters. Defensive Strategies Traditional email security tools may struggle to detect these sophisticated attacks. The most effective defense is a multilayered approach that incorporates various security levels to detect and block unusual or unexpected activity, regardless of complexity. Barracuda advocates for a multilayered, AI-powered approach to defense, which can detect and block unusual or unexpected activity, no matter how complex. This includes leveraging machine learning to identify anomalies and potential threats at both the gateway level and after email delivery. Furthermore, continuous and comprehensive security awareness training for employees is crucial. Educating employees about the latest phishing tactics and how to identify suspicious emails can significantly reduce the risk of successful phishing attacks. As defenders improve their capabilities to detect and mitigate phishing attacks, adversaries continually adapt their methods. One common technique is URL obfuscation, where attackers use legitimate shortlink services to hide malicious URLs. This approach has now evolved into a more sophisticated strategy that exploits the reputation and trustworthiness of brand-name URL protection services.

image for Japanese Real Estate ...

 Cybersecurity News

Recruit Co., Ltd., a prominent Tokyo-based company, recently announced a data breach had affected its real estate wing SUUMO and had compromised sensitive data from several of its employees. The incident, discovered on July 9, involved unauthorized access to a server used to test out some of its real estate services.   show more ...

The company says no user or customer information was compromised, and no secondary damage has been reported. However, the breach exposed personal data records of 1,313 current and former employees going as far back as 2007. The firm has also come under increased scrutiny recently over its data collection policies of student data as well as its outsourcing to foreign nations. Recruit Co Ltd Response and Preventive Measures On July 9th, SUUMO, the real estate branch of Recruit, had detected unauthorized access from a third party to the server of a service provided to real estate companies and which was being tested before deployment in some areas. [caption id="attachment_82339" align="alignnone" width="2186"] Source: suumo.jp[/caption] While the affected system had been shut down, it was discovered some of this data relating to employees had been compromised. Recruit expressed regret for the inconvenience and concern stemming from the incident. Recruit took several actions to limit the impact of the breach, including: Contacting affected employees individually Setting up a hotline for inquiries Implementing measures against unauthorized access Rebuilding and re-inspecting affected servers Strengthening overall security measures The statement on its website, issued from the head office in Chiyoda-ku, Tokyo by  President and CEO Yoshihiro Kitamura, announced that data related to 1,313 employees and contractors involved in the development and maintenance of its housing-related services since 2007. "We would like to report the following and offer our deepest apologies for the considerable inconvenience and concern caused to all concerned parties," the statement expressed. "In addition, no leaks of user or customer information have been confirmed in this incident. As of today, no secondary damage caused by the use of employee information has been confirmed," it added. Concerns Over Student Data Management and Outsourcing In a separate recent development, Recruit Co. came under intense scrutiny for its handling of public school students' personal data. While the company had also been authorized by some local governments to collect and manage student information to provide various educational apps, other local governments reported that they had not fully been aware of the data collection practices. These concerns were raised further as it came to light that Recruit had allegedly shared some of this data with foreign businesses to improve other commercial apps. A Yomiuri Shimbun survey found that at least 14 local governments have introduced Recruit’s apps this fiscal year, and about 85,000 elementary and junior high school students use the apps. Some of the local governments were unaware of the overseas outsourcing and other improper management of students’ personal data. The education ministry announced plans to investigate the situation nationwide, after suspecting mismanagement of student data by local governments and the firm. The ministry emphasized the importance of local governments taking proper initiative while collecting and managing students' data, and requires them to supervise app providers and exercise caution when storing data overseas.

image for New Malware Campaign ...

 Firewall Daily

A new sophisticated campaign has been discovered targeting individuals involved in the cryptocurrency market. This campaign utilizes a multi-stage approach, primarily leveraging RDPWrapper and Tailscale to facilitate unauthorized access and establish control over victim systems. The attack begins with a malicious Zip   show more ...

file containing a shortcut (.lnk) file. Upon execution, this shortcut triggers a PowerShell script download from a remote server, initiating a sequence of actions designed to compromise the victim’s system. Notably, the PowerShell script is obfuscated to evade detection mechanisms. An Overview of the RDPWrapper and Tailscale Campaign The campaign involves several malicious components, including PowerShell scripts, batch files, Go-based binaries, and exploits targeting a vulnerable driver known as Terminator (Spyboy). Although Terminator was not immediately activated during initial infections, its potential use highlights the threat actor's intent to escalate privileges post-infection. [caption id="attachment_82448" align="alignnone" width="936"] Infection Chain of RDPWrapper and Tailscale campaign (Credit: Cyble)[/caption] According to Cyble Research and Intelligence Labs (CRIL), a unique aspect of this campaign is the exploitation of legitimate tools such as RDPWrapper and Tailscale. RDPWrapper enables multiple Remote Desktop Protocol (RDP) sessions per user, circumventing the default Windows restriction of one session per PC. This capability allows threat actors to maintain persistent access to compromised systems discreetly. Tailscale, on the other hand, is employed by threat actors to establish a secure, private network connection. By configuring Tailscale, attackers add the victim’s machine as a node on their private network, facilitating remote command execution and data exfiltration without direct visibility from conventional network security measures. Geographic and Industry Targeting The attackers have tailored their approach with geographic and industry-specific targeting in mind. Evidence suggests a focus on Indian users within the cryptocurrency ecosystem, as indicated by the deployment of a decoy PDF related to cryptocurrency futures trading on CoinDCX, a prominent Indian exchange platform. Following initial infection, the malware drops and executes a Go-based loader that performs anti-virtualization and anti-debugging checks. It then downloads additional payloads, including GoDefender (adr.exe) and potentially malicious drivers like Terminator.sys. These payloads are designed to evade detection and enhance control over the compromised system. Furthermore, the malware configures the system to allow for multiple concurrent RDP sessions using RDPWrapper. It also manipulates system registries and installs software like Tailscale to maintain persistent access and facilitate further malicious activities. Strategic Implications and Recommendations for Mitigation Once established, RDP access grants threat actors significant control over compromised devices. They can execute commands, deploy ransomware, exfiltrate sensitive data, or pivot to other systems within the network, potentially causing severe operational and financial damage. Cyble's investigation revealed similarities between this campaign and previous incidents involving the StealC malware strain. The reuse of the same decoy PDF and attack techniques suggests a common threat actor behind these operations, possibly targeting cryptocurrency users with varying attack vectors. To mitigate the risks of sophisticated cyber campaigns targeting cryptocurrency users, Cyble recommends proactive measures. Monitoring should include detection of base64-encoded PowerShell scripts and unauthorized software installations like RDP wrappers. Enhanced security configurations involve strengthening UAC settings, monitoring Defender exclusion paths, and implementing strong authentication for RDP sessions. Network segmentation is crucial to isolate critical systems and minimize the impact of potential compromises.  Threat actors exploit tools such as RDPWrapper and Tailscale to evade detection and maintain persistent access, posing significant operational and financial risks. Maintaining vigilance, implementing proactive security measures, and staying updated with threat intelligence are essential to effectively defend against these advanced cyber threats in today’s digital environment.

image for NATO to Bolster Cybe ...

 Cybersecurity News

NATO, the North Atlantic Treaty Organization, has identified that it faces a complex and ever evolving cyberthreat landscape. While its history is rooted in deterring conventional military attacks, cyberspace has emerged as its new battleground. The alliance organization says that malicious actors are constantly   show more ...

probing NATO's defenses, employing cyberattacks to disrupt operations, steal sensitive information, and sow discord. In response, NATO has undertaken a significant effort to bolster its cyber defenses, safeguarding its networks and the security of its member states. NATO Identifies Russia, China as Source of Cyber Threats NATO has identified Russia, China, and other malicious actors as major threats, employing a range of cyber tactics. These include infiltrating networks to steal classified data, launching denial-of-service attacks to cripple critical infrastructure, and manipulating information to undermine public trust. According to a news release by NATO, “Russia's war of aggression against Ukraine has highlighted the extent to which cyber activities are a feature of modern conflict.” NATO's Comprehensive Approach to Cyber Defense Recognizing the gravity of the situation, NATO has adopted a multi-pronged approach to cyber defense. This strategy integrates political, military, and technical measures to achieve a holistic defense posture. Policy and Strategy: At the 2021 Summit, NATO introduced a Comprehensive Cyber Defence Policy. It emphasizes deterring, defending against, and countering cyber threats across all domains – peacetime, crisis, and conflict. The policy acknowledges that under specific circumstances, a large-scale cyberattack could be considered an armed attack, potentially triggering a collective response from member states under Article 5 of the NATO treaty. Network Protection and Situational Awareness: The NATO Cyber Security Centre (NCSC) serves as the central hub for safeguarding NATO's own networks. It provides 24x7 protection and works tirelessly to keep pace with the ever-changing threat landscape. Additionally, the Cyberspace Operations Centre, established in Mons, Belgium in 2018, enhances situational awareness by monitoring cyber threats and coordinating NATO's operational activities in cyberspace. This center plays a critical role in ensuring that NATO commanders have a clear understanding of the cyber landscape and can make informed decisions to protect the Alliance. Now, in the 2024 NATO Summit in Washington, D.C., allies have agreed to establish the NATO Integrated Cyber Defence Centre to enhance network protection, situational awareness and the implementation of cyberspace as an operational domain. Education, Training, and Exercises: NATO feels that building a skilled workforce is paramount. For this the organization conducts regular exercises like the annual Cyber Coalition Exercise to test and refine cyber defense capabilities. The Alliance also emphasizes education and training through initiatives like the NATO Cyber Range, fostering expertise among member states. International Cooperation: The member organizations say that it actively engages with partner countries, international organizations, industry leaders, and academia. “Collaboration fosters information sharing, facilitates joint exercises, and promotes best practices for cyber defense. A key partnership is with the European Union, with both organizations working together to counter hybrid threats and bolster cyber resilience,” NATO said. [caption id="attachment_82456" align="alignnone" width="774"] Source: NATO Website[/caption] Strengthening National Defenses: A Shared Responsibility While NATO provides a collective framework, it emphasized that the primary responsibility for robust cyber defenses lies with individual member states. The NATO Defence Planning Process sets timely targets for national cyber defense capabilities, ensuring a standardized approach across the Alliance. NATO also facilitates information sharing, best practice exchanges, and offers assistance to Allies seeking to bolster their national defenses. Additionally, the newly established Virtual Cyber Incident Support Capability (VCISC) provides support to member states facing large-scale cyberattacks. The Road Ahead: Continuous Improvement The cyber threat landscape is constantly evolving, demanding continuous adaptation from NATO and its member states. Looking ahead, the organization has identified several critical key areas: Enhancing Cyber Resilience: Critical infrastructure, such as power grids and communication networks, needs robust defenses against cyberattacks. This requires collaboration between governments, industry leaders, and the public to identify vulnerabilities and implement preventative measures. Developing New Technologies: Staying ahead of the curve necessitates ongoing investment in research and development. NATO is actively exploring new technologies to enhance cyber detection, prevention, and response capabilities. Promoting International Norms: Establishing clear international norms for responsible state behavior in cyberspace is crucial. This would help to deter malicious activities and foster a more stable digital environment. By adopting a comprehensive approach that combines strong policy frameworks, cutting-edge technologies, and international cooperation, NATO is working to safeguard its member states from the ever-present threat of cyberattacks. As the digital age continues to evolve, so too will NATO's cyber defense capabilities, ensuring a secure and stable future for the Alliance.

image for After Advance Auto P ...

 Firewall Daily

Modern Automotive Network, a prominent player in the motor vehicle manufacturing sector in the USA, has reportedly been targeted by BlackByte ransomware group. The Modern Automotive Network cyberattack highlights the growing menace posed by cyber threats to critical industries. The BlackByte ransomware, known for its   show more ...

Russian origins and operational model, has gained infamy since its emergence in mid-2021. Operating on a ransomware-as-a-service (RaaS) basis, BlackByte utilizes sophisticated techniques, including double-extortion tactics, to coerce victims into paying ransom. Initially noted for its relatively low activity, BlackByte evolved rapidly, prompting alerts from federal agencies like the FBI and USS. Modern Automotive Network Cyberattack Stands Unconfirmed While specifics of the Modern Automotive Network cyberattack remain unverified due to the absence of an official statement from the organization, screenshots purportedly from the cybercriminals have surfaced on dark web forums. These screenshots depict sensitive data allegedly exfiltrated from the company's systems, highlighting the severity of the Modern Automotive Network cyberattack. In a parallel incident, Advance Auto Parts, a leading auto parts retailer with a widespread presence across the United States, disclosed a data breach affecting over 2.3 million individuals. According to Fox News, the Advance Auto Parts data breach, occurring between April 14, 2024, and May 24, 2024, involved unauthorized access to personal information such as Social Security numbers, driver's licenses, and other government-issued IDs of current and former employees, as well as job applicants. The breach at Advance Auto Parts is believed to be part of a broader campaign targeting cloud storage services like Snowflake, where hackers exploited stolen credentials to gain access. This campaign has also affected other entities, including Ticketmaster and Pure Storage, indicating a coordinated effort by cybercriminals to exploit vulnerabilities in cloud infrastructure. In response to the breach, Advance Auto Parts has taken immediate steps to contain the incident, terminate unauthorized access, and enhance its cybersecurity measures. The company has reportedly engaged with law enforcement agencies and cybersecurity experts to investigate the breach thoroughly. Additionally, impacted individuals have been offered complimentary credit monitoring and identity theft protection services for 12 months, as reported by Fox News.  Cybers Threats to the Automotive Industry Have Risen Over Time In recent years, the automotive industry has demonstrated resilience despite challenges like the COVID-19 pandemic, with global car sales rebounding and market projections showing robust growth ahead. However, this sector is increasingly targeted by cybercriminals, who exploit its complex supply chains and high-value transactions. Cyber threats, specifically Business Email Compromise (BEC) and Vendor Email Compromise (VEC) attacks, have surged within the automotive industry. Abnormal Security reports indicate a substantial increase in BEC attacks, with incidents targeting companies like Toyota parts suppliers resulting in significant financial losses. Similarly, VEC attacks have affected a majority of automotive organizations, leveraging vulnerabilities in vendor ecosystems and supply chain complexities. The attractiveness of the automotive industry to cybercriminals lies in its valuable data, including customer information and proprietary manufacturing details. Moreover, the sector's rapid digitization and adoption of advanced technologies like Electric Vehicles (EVs) have expanded its threat landscape, making it more susceptible to cyber incidents. The financial implications of these attacks are severe, with the average cost of a successful BEC attack surpassing $137,000 in 2023 alone, reported Internet Crime Complaint Center. Beyond monetary losses, cyber incidents disrupt services and business operations, leading to production delays and data breaches that compromise customer trust and incur regulatory scrutiny. The timing and scale of these cyberattacks highlight the vulnerabilities within the automotive and retail sectors. To mitigate these risks, experts recommend a multifaceted defense strategy. This includes implementing robust identity security measures such as multifactor authentication and anomaly detection, enforcing strict vendor security guidelines, and fostering a culture of cybersecurity awareness through continuous employee training and education programs.  

image for 12.9 Million Austral ...

 Data Breach News

A cyberattack on MediSecure, a former Australian e-prescription delivery service, has resulted in a colossal data breach impacting nearly 13 million individuals. This staggering number makes the MediSecure data breach one of the largest healthcare data breaches in Australian history. MediSecure disclosed on Thursday   show more ...

that a malicious actor breached its database and potentially exfiltrated 6.5 terabytes of data that contained 12.9 million records of Australians. The findings are a part of the investigation conducted along with cyber and forensic experts from McGrathNicol Advisory in collaboration with the National Cyber Security Coordinator. The main motive of taking outside help was to confirm the extent of the data breach and all individuals impacted, at the earliest. According to the findings, the compromised data includes a treasure trove of highly sensitive personal and health information. full name; title; date of birth; gender; email address; address; phone number; individual healthcare identifier (IHI); Medicare card number, including individual identifier, and expiry; Pensioner Concession card number and expiry; Commonwealth Seniors card number and expiry; Healthcare Concession card number and expiry; Department of Veterans’ Affairs (DVA) (Gold, White, Orange) card number and expiry; prescription medication, including name of drug, strength, quantity and repeats; and reason for prescription and instructions. While MediSecure emphasizes that Medicare and other government-issued card numbers cannot be used solely for identity theft, the breach significantly increases the risk of phishing attacks and other online scams targeting the affected individuals. Challenges in Identifying Victims and Questions of Financial Preparedness While acknowledging the severity of the breach, MediSecure highlighted the difficulty in pinpointing every impacted individual. The company cites the sheer volume (6.5 terabytes) and complexity of the exposed data as hindrances. This lack of granular identification raises concerns about the timeliness of notifying victims and empowering them to take proactive security measures. MediSecure further explains that financial limitations prevented them from conducting a more in-depth analysis to identify specific victims, which questions the company's preparedness for such large-scale cyber incidents and their commitment to user data security. "The impacted server analyzed by McGrathNicol Advisory consisted of an extremely large volume of semi-structured and unstructured data stored across a variety of data sets. This made it not practicable to specifically identify all individuals and their information impacted by the Incident without incurring substantial cost that MediSecure was not in a financial position to meet." - MediSecure The company also reveals that their request for financial assistance from the Commonwealth Government to aid in the response efforts was denied. Addressing recent reports suggesting they requested government funding to cover operational costs unrelated to the cyberattack, the company clarified that the funding request was "limited and confined" to the specific costs associated with the cyberattack incident response. This clarification comes amidst concerns regarding the financial viability of MediSecure after it filed for liquidation in June 2024. Despite the funding denial, MediSecure maintains it has been working diligently with various government agencies, including the National Cyber Security Coordinator (ACSC), the Australian Federal Police (AFP), and the Australian Signals Directorate (ASD). Dark Web Data Sale Claim Investigation Ongoing According to a MediSecure's statement, the company is also currently reviewing a data set recovered from a dark web forum to determine which individuals were affected by the breach. This process, however, appears to be taking longer than anticipated. The company is collaborating with the Commonwealth Government to notify all impacted individuals as soon as possible. A week after the MediSecure data breach incident became public, a Russian hacking forum member claimed to have 6.5TB of data including personal information of thousands of Australians. The post on the forum read, “For sale: Database of an Australian medical prescriptions company MedSecure [sic].” The forum user detailed the leaked information available, which likely matches the data that MediSecure now confirmed as compromised. The Australian National Cyber Security Coordinator, however, warned people against hunting for any such leaked data sets. No one should go looking for or access stolen sensitive or personal information from the dark web. This activity only feeds the business model of cyber criminals and can be a criminal offence," the Australian NCSC said. MediSecure No Longer Part of National System, But Risk of Phishing and Scams Remains High Both MediSecure and the Home Affairs Department said it's crucial to clarify that MediSecure is no longer involved in Australia's national prescription delivery service.​ This e-prescription service transitioned to eRx Script Exchange (eRx) in late 2023, and this new system remains unaffected by the current breach, the Home Affairs ministry said. "The affected data relates to prescriptions distributed by MediSecure’s systems up until November 2023." - Australian Department of Home Affairs However, while the specific individuals impacted remain unidentified, that exposed data significantly increases the risk of cyberattacks targeting these individuals. Phishing scams, identity theft attempts, and other online fraud schemes are likely to exploit the stolen information, the home department warned. Recommendations for Impacted Australians and Lingering Concerns Heightened Vigilance Advised: While the investigation unfolds, MediSecure advises potentially affected individuals to exercise heightened vigilance against phishing attempts, identity theft, and other cyber scams. Australians are encouraged to monitor their financial statements closely, be wary of unsolicited emails or calls, and leverage strong passwords across all online accounts. Additionally, the Australian Government's dedicated webpage provides resources and guidance on protecting personal information and online accounts. Long-Term Impact and Importance of Robust Cybersecurity: This unprecedented data breach exposes critical vulnerabilities in data security practices and raises concerns about the long-term impact on affected individuals. The potential for misuse of sensitive health information is significant, and the lack of immediate identification hinders proactive measures. This incident serves as a stark reminder for organizations handling sensitive data to invest in robust cybersecurity measures and prioritize user privacy.

image for Gemini AI’s 6,000 ...

 Knowledge Hub

A new revolution in cybersecurity training is underway, driven by the fusion of artificial intelligence and the NIST NICE framework. Google Gemini AI now offers a comprehensive library of over 6,000 cybersecurity prompts, designed to enhance cybersecurity skills and knowledge. The NIST NICE framework, developed by the   show more ...

U.S. National Institute of Standards and Technology, serves as the cornerstone of cybersecurity education. It maps specific tasks, knowledge, and skills (TKSs) required for various cybersecurity roles, helping individuals, employers, and training providers. The NICE framework helps in identifying career paths, defining job requirements and developing targeted curricula. Aligning one’s skillset with the NICE framework invests in career development and bolsters collective defense against cyber threats. But the framework's vastness can be daunting. Here’s where AI steps in. Google Gemini AI's prompts are tailored to offer a dynamic, personalized learning experience, accelerating the journey to cybersecurity expertise. Also listen to our Podcast: AI’s Role in Cybersecurity: Insights From Mike Beck Prompt Engineering: The Key to Unlocking LLM Potential Large Language Models like Google Gemini and OpenAI's ChatGPT are powerful tools capable of understanding and generating human-like text. But how do we harness this power for cybersecurity learning? The answer lies in prompt engineering – the art of crafting the right questions and scenarios to guide the LLM's responses. Well-crafted prompts tailored to the NICE Framework TKSs can: Pinpoint Knowledge Gaps: Identify areas where you need to upskill by analyzing the TKSs for your target role. Develop Specific Skills: Craft prompts that focus on specific TKSs, enabling deep dives into crucial cybersecurity skills. Simulate Real-World Scenarios: Put yourself in the shoes of a security professional facing real-world challenges, applying TKSs in practical situations. Create Personalized Learning Plans: LLMs can generate personalized learning paths based on your needs and goals, ensuring efficient progress. There are several prompt types to consider: Conceptual prompts, which challenge understanding of fundamental concepts like encryption and risk management. Scenario-based prompts, which simulate real-world challenges, such as responding to data breaches. Knowledge-check prompts, which test understanding of specific TKSs. Google Gemini AI's natural language processing capabilities make it ideal for crafting prompts aligned with the NICE Framework and accelerates skill development. The researchers behind this project created a comprehensive library of prompts by: TKS Identification: Extracting unique TKS statement IDs and descriptions from the NICE Framework. Prompt Generation with Gemini: Using Gemini within AI Studio to create three prompt types for each TKS: conceptual, scenario-based, and knowledge-check. Structured Organization: Utilizing AI Studio's table formatting to organize prompts with corresponding TKS IDs, descriptions, and outputs. This streamlined process ensures each prompt precisely aligns with the corresponding NICE Framework competency. The NICE framework aids in training security-specific LLMs, such as Google's SecLM. By aligning LLMs with specific TKSs, models proficient in cybersecurity tasks are created, enhancing threat detection, analysis and response. AI-Powered Cybersecurity Toolkit The meticulously crafted library of NIST NICE-aligned prompts is now freely available to the entire cybersecurity community. Editor's Note: Clicking on the above link will directly download a ZIP file, which contains the cybersecurity prompts aligned with the NIST NICE framework in a spreadsheet format. This treasure trove includes prompts for various TKSs, giving you a glimpse of what awaits. The format followed is: TKS ID TKS Description Conceptual Prompt Scenario-Based Prompt Knowledge-Check Prompt Elevate Your Expertise Taking these Actions Here's how to effectively integrate these cybersecurity prompts into your daily routine: Identify Your Goals: Define your learning objectives. Are you targeting a specific NICE category or certification exam? Choose relevant prompts to focus on. Daily Integration: Dedicate time each day to engage with the prompts. Use them as warm-up exercises, knowledge checks, or creative sparks for brainstorming. Experiment with Styles: The beauty of prompts lies in their versatility. Use them for solo study, group discussions, or even presentations. Embrace the Interactive Nature: Ask follow-up questions, challenge the AI's responses, and delve deeper into the topics at hand. Track Your Progress: Monitor your responses, insights, and questions as you work through the prompts. This helps measure progress and identify areas for improvement. The release of the NIST NICE-aligned prompt library marks a significant step in empowering the cybersecurity community with AI. Future explorations will delve into advanced prompt engineering, real-world AI applications in cybersecurity, and innovative integration of AI into daily workflows.

image for Fractal ID Confirms ...

 Cybersecurity News

Blockchain identity platform Fractal ID experienced a data breach on July 14, which was publicly disclosed on its website and X, formerly known as Twitter on July 17. The Fractal ID data breach has raised concerns about the security of personal data within the Web3 ecosystem, particularly among Fractal ID's   show more ...

partners, which include prominent platforms like Gnosis Pay, Acala, Polygon ID, and Lukso. Fractal ID revealed that approximately 0.5% of its user base was affected by the Fractal ID data breach. The company did not specify which of its partners, if any, were directly impacted. However, users on social media platform X reported receiving emails from the Gnosis Pay team, advising them to be wary of unsolicited communications. Details of the Fractal ID Data Breach According to Fractal's official notification, the data breach occurred on July 14, when a third party gained unauthorized access to an operator’s account and executed an API script to access user data. The Fractal ID cyberattack began at 05:14 AM UTC and was detected and contained by 07:29 AM UTC. Despite the quick response, the attacker accessed the personal data of approximately 0.5% of Fractal ID's user base, which includes names, email addresses, wallet addresses, phone numbers, physical addresses, and images of uploaded documents. "The attacker had access to data from approximately 0.5% of the Fractal ID user base. The potential compromised information includes information contained in Fractal ID user profiles. This data may include names, email addresses, wallet addresses, phone numbers, physical addresses, images and pictures of uploaded documents," reads the official statement of Fractal ID. Fractal ID emphasized its commitment to user security and privacy, stating, "We have taken immediate steps to mitigate the impact of this breach and have implemented additional security measures. We have also contacted the pertinent data protection authorities and the cybercrime police division." "The breach was contained within our environment and did not affect any of our clients' systems, or their products that use our services. Data breaches can result in the accessed data being shared with third parties or used for commercial purposes. We encourage affected users to be cautious of unsolicited communications requesting additional personal information," informed Fractal ID. [caption id="attachment_82467" align="aligncenter" width="598"] Source: Fractal ID's X account[/caption] Fractal also warned users to be wary of unsolicited communications requesting additional personal information. Reactions and Speculations The breach has sparked significant concern among users and partners. A Twitter account named "ethereal" expressed frustration, questioning the trust placed in service providers with sensitive personal information. [caption id="attachment_82465" align="aligncenter" width="600"] Source: etherael's X account[/caption] Web3 developer Paulo Fonseca also shared an image of an email reportedly sent to some Gnosis Pay users, which stated, "At 7:30 PM CET on Monday, July 15, 2024, our KYC service provider Fractal ID notified the Gnosis Pay team of a data breach that occurred on Sunday, July 14, 2024. [caption id="attachment_82471" align="aligncenter" width="673"] Source: Paulo Fonseca's X account[/caption] Adding to the complexity of the situation, on July 16, Gnosis Pay tweeted about a separate security incident involving an exploit on the Li.Fi/Jumper service. They disabled the widget in their web app and provided steps for users to revoke token approvals. This exploit reportedly led to a loss of nearly $10 million in cryptocurrency, as reported by The Cyber Express Team. The Li.Fi attack, which occurred on July 16, targeted a vulnerability in Li.Fi’s contract, allows attackers to drain funds from users’ wallets. [caption id="attachment_82466" align="aligncenter" width="604"] Source: Gnosis Pay's X account[/caption] Potential Connections and Broader Implications While there is no confirmed link between the Fractal ID breach and the Li.Fi exploit, the coincidence of timing raises questions. The Cyber Express Team reached out to Gnosis for comment but did not receive a response before publication. The Fractal ID data breach highlights the vulnerabilities inherent in systems that handle sensitive user data, particularly in the context of cryptocurrency and Web3 applications. Most jurisdictions require cryptocurrency exchanges or payment providers to collect and store Know Your Customer (KYC) information, which includes images of users' identity documents, names, physical addresses, emails, and other sensitive data. Supporters of KYC requirements argue that this practice is essential for preventing money laundering and other illicit activities. However, critics contend that the storage of such sensitive data poses significant risks, as evidenced by the Fractal ID breach.

image for Intimate image abuse ...

 Privacy

In todays digital age, our social and romantic interactions are increasingly online, and the normalization of both storing and sharing intimate images has reached concerning levels. Our recent global study – one of the largest polls ever conducted on this matter – reveals some alarming trends, and highlights the   show more ...

urgent need for both awareness and education on intimate image abuse, commonly known as revenge porn. The digital age of intimacy Nearly a quarter of the people surveyed in our poll have explicit images saved on their devices – with the highest rates among younger age groups. Specifically, 34% of 16–24-year-olds and 25–34-year-olds admitted storing such images. Additionally, 25% of respondents have shared intimate images with people theyre dating or chatting with online – with this figure rising to 39% among 25–34-year-olds. Despite the widespread sharing of intimate images, only 21% of those whove shared an image requested its deletion from the recipients device. This statistic highlights a troubling lack of awareness about the long-term consequences of sharing intimate images. The dark side of image sharing The study also exposes a darker side of intimate image sharing. Shockingly, 8% of those whove shared nude or explicit material admitted to doing so for revenge, and 9% – to frighten others. Nearly half of all respondents reported that theyve either experienced intimate image abuse themselves, or know someone who has. This issue is particularly pronounced among younger generations, with 69% of 16–24-year-olds and 64% of 25–34-year-olds reporting such experiences. Aaliyahs story is a stark reminder of this reality; her ex-partner maliciously shared her intimate images online, causing severe emotional and psychological impacts. Victim blaming: a harmful misconception One of the most disturbing findings of our study is the prevalence of victim blaming. Precisely half of the respondents believe that if you share an intimate image of yourself, it remains your fault if it ends up in the wrong hands. This harmful misconception contributes to the stigma and isolation victims feel, making it harder for them to seek help and support. We need to emphasize this: if someone shares your intimate images without your consent, its not your fault. The blame lies solely with those who misuse and exploit these images and, by definition – your trust. Alices story illustrates this perfectly. After her partners death, she found intimate images of herself online — images that were secretly taken while she was sleeping, highlighting that the real culprit is the one who takes and shares these images without explicit permission. No one should have to suffer the emotional and psychological harm caused by intimate image abuse, and its crucial that we all work to change the narrative around this issue. Protect yourself online To protect yourself from intimate image abuse, consider the following tips: Think before you post: be mindful of who you share your data with, and consider the potential risks; Use secure messengers: opt for messaging services with end-to-end encryption; Report abuse: if you believe youre a victim of intimate image abuse, keep evidence and report it to the police and the respective platforms; Check permissions: regularly review the permission settings on your apps to control data sharing; Use strong passwords: employ a reliable security solution to create and manage unique passwords for each account; Utilize resources: take advantage of tools like StopNCII.org to help prevent intimate images being shared online without your consent; Find an organization in your country to provide you with further support. The findings from our study make it clear that, while technology has made intimate image sharing easier, it has also increased the risk of abuse. Awareness and education are crucial in mitigating these risks and protecting individuals from the emotional and reputational harm associated with intimate image abuse. For more information and resources, subscribe to our Telegram channel, and visit our blog and the revenge porn helpline in your country.

image for Transatlantic Cable ...

 News

Episode 356 of the Transatlantic Cable Podcast kicks off with news around the AT&T mega-breach. From there the team discuss two stories related to AI – the first looks at how AI is being used to help doctors detect early-onset Alzheimers; the team then talk about how K-Pop are looking to use artificial intelligence   show more ...

to write songs and create artwork. The final story discusses how legendary artist Bob Dylan has banned smart-phones in his upcoming gigs – just how that will pan out is anybodys guess. If you liked what you heard, please consider subscribing. AT&T says hackers stole records of nearly all cellular customers calls and texts New AI tool could be game-changer in battle against Alzheimers Will K-pops AI experiment pay off? Bob Dylan to bring phone-free tour to Edinburgh

 Incident Response, Learnings

Interpol's global operation, Jackal III, targeted West African cybercrime groups, including Black Axe. It resulted in 300 arrests across 21 countries, seizure of $3 million, identification of 400 suspects, and the blocking of over 720 bank accounts.

 Threat Actors

Scattered Spider, a notorious cybercrime group, has added ransomware strains RansomHub and Qilin to its arsenal, as revealed by Microsoft. They are known for sophisticated social engineering tactics to breach targets and steal data.

 Malware and Vulnerabilities

Tracked as CVE-2024-20419, the flaw enables remote attackers to set new passwords without authentication. Admins are advised to upgrade to the fixed release to protect vulnerable servers, as there are no workarounds available.

 Trends, Reports, Analysis

A report by Legit Security highlights concerns around the security posture of the GitHub Actions marketplace, with most custom Actions lacking verification and being maintained by one developer.

 Trends, Reports, Analysis

According to a new report by JumpCloud, About 49% of SME IT teams feel they lack resources to defend against cyber-threats, with layoffs affecting nearly half of them. 71% believe budget cuts would increase risk.

 Feed

Red Hat Security Advisory 2024-4597-03 - An update for OpenShift Jenkins is now available for Red Hat Product OCP Tools 4.15. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available   show more ...

for each vulnerability from the CVE link in the References section. Issues addressed include bypass and traversal vulnerabilities.

 Feed

Red Hat Security Advisory 2024-4568-03 - An update for java-17-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions,   show more ...

Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.

 Feed

Red Hat Security Advisory 2024-4563-03 - An update for java-1.8.0-openjdk is now available for Red Hat Enterprise Linux 8, Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, Red Hat   show more ...

Enterprise Linux 8.4 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Telecommunications Update Service, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 8.8 Extended Update Support, Red Hat Enterprise Linux 9, Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions, and Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include an out of bounds access vulnerability.

 Feed

Ubuntu Security Notice 6901-1 - It was discovered that stunnel did not properly validate client certificates when configured to use both the redirect and verifyChain options. A remote attacker could potentially use this issue to obtain sensitive information by accessing the tunneled service.

 Feed

Debian Linux Security Advisory 5732-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Prem) that could enable a remote, unauthenticated attacker to change the password of any users, including those belonging to administrative users. The vulnerability, tracked as CVE-2024-20419, carries a CVSS score of 10.0. "This vulnerability is due to improper

 Feed

Meta has suspended the use of generative artificial intelligence (GenAI) in Brazil after the country's data protection authority issued a preliminary ban objecting to its new privacy policy. The development was first reported by news agency Reuters. The company said it has decided to suspend the tools while it is in talks with Brazil's National Data Protection Authority (ANPD) to address the

 Feed

Cybersecurity researchers have shed light on an adware module that purports to block ads and malicious websites, while stealthily offloading a kernel driver component that grants attackers the ability to run arbitrary code with elevated permissions on Windows hosts. The malware, dubbed HotPage, gets its name from the eponymous installer ("HotPage.exe"), according to new findings from ESET. The

 Feed

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven, but often overlooked, strategy: Security Champion Programs — a way to turn developers from

 Feed

As the travel industry rebounds post-pandemic, it is increasingly targeted by automated threats, with the sector experiencing nearly 21% of all bot attack requests last year. That’s according to research from Imperva, a Thales company. In their 2024 Bad Bot Report, Imperva finds that bad bots accounted for 44.5% of the industry’s web traffic in 2023—a significant jump from 37.4% in 2022. 

 Feed

Cybersecurity researchers have uncovered security shortcomings in SAP AI Core cloud-based platform for creating and deploying predictive artificial intelligence (AI) workflows that could be exploited to get hold of access tokens and customer data. The five vulnerabilities have been collectively dubbed SAPwned by cloud security firm Wiz. "The vulnerabilities we found could have allowed attackers

 Feed

Unknown threat actors have been observed leveraging open-source tools as part of a suspected cyber espionage campaign targeting global government and private sector organizations. Recorded Future's Insikt Group is tracking the activity under the temporary moniker TAG-100, noting that the adversary likely compromised organizations in at least ten countries across Africa, Asia, North America,

 Google

Social media fuels conspiracies galore after Donald Trump is shot at a rally, cryptocurrency websites are hijacked after a screw-up at Squarespace, and our guest takes a close look at bottoms on Instagram. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by Zoë Rose.

2024-07
Aggregator history
Thursday, July 18
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember