Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Two LockBit Ransomwa ...

 Cybersecurity News

Two foreign nationals from the notorious international ransomware group LockBit pleaded guilty in the in Newark federal court for participating in the group and deploying attacks against victims in the United States and worldwide. Ruslan Magomedovich Astamirov, 21, a Russian national, and Mikhail Vasiliev, 34, a dual   show more ...

Canadian-Russian citizen, admitted to involvement in these activities. Between 2020 and 2024, the LockBit group had attacked over 2,500 victims in at least 120 countries, with 1,800 of those in the United States, extorting hundreds of millions of dollars in the form of ransom payments. Scope of LockBit's Operations The guilty pleas follow a recent disruption of LockBit ransomware in February, in which the UK National Crime Agency's Cyber Division, working with the Justice Department, FBI, and other international law enforcement partners, seized public-facing websites and control of servers used by LockBit administrators, disrupting the group's ability to attack and encrypt networks. The disruption diminished LockBit's reputation and ability to attack further victims. The case also involves charges brought against other LockBit members, including its alleged creator, developer, and administrator, Dmitry Yuryevich Khoroshev, who is currently the subject of a reward of up to $10 million through the U.S. Department of State's Transnational Organized Crime Rewards Program. Khoroshev is accused of recruiting new affiliate members, acting as the representative for the group, and developing and maintaining the infrastructure used by affiliates to deploy LockBit attacks. U.S. Attorney Philip R. Sellinger emphasized the commitment to holding cybercriminals accountable, stating: “Astamirov and Vasiliev thought that they could deploy LockBit from the shadows, wreaking havoc and pocketing massive ransom payments from their victims, without consequence. They were wrong. We, in New Jersey, along with our domestic and international law enforcement partners will do everything in our power to hold LockBit’s members and other cybercriminals accountable, disrupt and dismantle their operations, and put a spotlight on them as wanted criminals – no matter where they hide." Impact of the Guilty LockBit Pleas Astamirov, who operated under aliases such as "BETTERPAY" and "Eastfarmer," deployed LockBit against at least 12 victims between 2020 and 2023, extorting approximately $1.9 million in ransom payments. He agreed to forfeit $350,000 in seized cryptocurrency as part of his plea agreement. Vasiliev, who was known online as "Ghostrider" and "Free," among other aliases, targeted at least 12 victims between 2021 and 2023, causing at least $500,000 in damages and losses. These guilty pleas follow a recent disruption of LockBit's infrastructure by international law enforcement agencies in February. The operation significantly diminished the group's ability to attack further victims and damaged its reputation. LockBit Victim Assistance LockBit victims are encouraged to contact the FBI and submit information at https://lockbitvictims.ic3.gov. Law enforcement has developed decryption capabilities that may enable hundreds of victims around the world to restore systems encrypted using the LockBit ransomware variant. Victims are also encouraged to visit https://www.justice.gov/usao-nj/lockbit for case updates and information regarding their rights under U.S. law, including the right to submit victim impact statements and request restitution.

image for US Cyberattacks on t ...

 Cybersecurity News

Global cybercrime costs are projected to soar from $9.22 trillion in 2024 to $13.82 trillion by 2028, according to a report by Stocklytics.com. Cyberattacks in the United States alone are forecasted to exceed $452 billion in 2024.  Alarmingly, a survey among Chief Information Security Officers (CISO) in the United   show more ...

States showed that three in four organizations were at risk of a material cyberattack in 2023. With this in mind, cybersecurity and compliance expert Kiteworks sought to identify the U.S. states where businesses are most at risk of cyberattacks. To do so, the company created a points-based index which analyzed a variety of factors such as annual victim counts, financial losses from cyberattacks, increases in both victims and losses, and the types of cyberattacks experienced. Key Findings of Cyberattacks in US Report Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96. Colorado has seen a 58.7 per cent increase in victim losses since 2017 With the highest population of 38 million, California’s annual cyberattack losses amount to over $656 million (656,847,391) The state of Missouri has the biggest four-year moving increase in financial losses attributed to cyberattacks, with a 136 per cent increase since 2017 Virginia is the only state to see a decrease in cyberattack victims since 2017, with a decrease of 10.8 per cent Colorado is Most at Risk Due to Cyberattacks Colorado is the state where businesses are most at risk of cyberattacks, with a risk score of 7.96 out of 10. Despite its mid-sized population of 5,877,610, Colorado experienced the highest rate of cyberattacks since 2017 and has reported 10,776 annual victims from 2020. Despite Colorado only seeing a moving increase of 3.8 per cent in victims since 2017, the state has faced significant financial losses due to cyberattacks, with a 58.7 per cent increase in losses since 2017, amounting to $104,476,603. This is 65 per cent higher than in the neighbouring state of Utah ($53,047,234). This could be due to Colorado’s aging population, as reports show people over the age of 75 are most likely to report repeat cybercrime victimization. New York is in second place, with a risk score of 7.84 out of 10. As the fourth most populous state with 19,571,216 residents, New York reported 27,205 annual victims between 2020-2023. By contrast, Massachusetts reported one third the number of victims (8,749) over the same period as New York. New York has seen a 14.4 per cent increase in victims over four years, with reports showing cyberattack complaints up 53 per cent since 2022. The financial losses from cyberattacks in the state have also surged by 75.7 per cent, totalling a staggering $440,673,485 lost. Nevada ranks third with a risk score of 7.62 out of 10, reflecting the state's growing vulnerability to cyberattacks. With a population of 3,194,176, Nevada reported 10,551 annual victims from 2020 to 2023. The state has experienced a significant 27.6 per cent increase in victim counts over four years, indicating a rapid rise in cybercrime incidents. Just earlier this year, the state's Gaming Control Board’s website was hit with a cyberattack, resulting in the site being offline for several days. The financial losses from cyberattacks have risen in Nevada by 25.2 per cent since 2017, totaling to $44,994,168, 72 per cent more than the neighbouring state of Idaho ($12,427,049). The Most Costly Cyberattacks  Business Email Compromise (BEC) is the cyberattack in the United States with the highest financial impact, with losses exceeding $1 billion ($1,747,924,931) since 2020 and an average loss of $88,350 per incident. BEC attacks involve fraudsters impersonating business executives or employees to deceive victims into transferring funds or revealing sensitive information. Credit card and check fraud rank second, causing $516,046,155 in total losses and an average loss of $27,039 per incident. This fraud typically involves unauthorized use of payment information. Malware attacks, in third place, have resulted in losses of $237,469,021 with an average loss of $83,235 per incident. Most Common Cyberattacks Non-payment/non-delivery attacks are the most common US cyber threat since 2020 with 60,113 incidents, which involves fraudsters tricking victims into paying for undelivered goods or services. The second most prevalent is personal data breaches, with 40,523 incidents, which can involve unauthorized access to sensitive information often leading to identity theft and fraud. Patrick Spencer, spokesperson at Kiteworks, commented on the results: “Our study reveals a concerning trend: cyberattacks are on the rise, both in frequency and financial impact. As cyber threats continue to evolve, proactive investment in advanced security technologies and employee training can significantly enhance a company's resilience against cybercrime, as well as a greater focus on data security. "Businesses should adopt a content-defined zero trust approach to secure their sensitive communications. By consolidating email, file sharing, SFTP, managed file transfer, and web forms into a private content network protected by a hardened virtual appliance, organizations can ensure that sensitive content is only accessed by authorized users. This approach provides advanced security, comprehensive governance, and regulatory compliance, ensuring the protection of sensitive content,” he concluded. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Beware: Cybercrimina ...

 Cybersecurity News

A routine software update by CrowdStrike on July 19, 2024, unintentionally stirred a major disruption across various infrastructures and organizations. The update triggered the notorious Blue Screen of Death (BSOD), rendering many systems unusable. While initially not deemed a cybersecurity incident, the situation   show more ...

underscores the fragility of digital security and the potential for such disruptions to become serious security threats.  Initial Fallout of BSOD  Problems arose soon after users installed CrowdStrike's latest update. System crashes and the feared BSOD became widespread, leading to significant operational disruptions. Even though it wasn't a direct cybersecurity breach, keeping systems operational is vital for security.  [caption id="attachment_82923" align="alignnone" width="742"] Statement of CrowdStrike’s President and CEO, George Kurtz (Source: X)[/caption] CrowdStrike's CEO, George Kurtz, emphasized that the incident wasn't a cyberattack. However, he acknowledged the severity of the disruption and assured customers a fix was underway. His statement highlighted the importance of robust incident response measures even in non-malicious disruption scenarios.  How Are Cybercriminals Trying to Exploit BSOD  The disruption caused by CrowdStrike has unfortunately created openings for opportunistic threat actors. Cybercriminals have been quick to capitalize on the situation through social engineering attacks. They've set up scam domains and phishing pages disguised as solutions to the BSOD issue. For instance, one malicious domain redirected users to payment pages requesting cryptocurrencies like Bitcoin and Ethereum under the pretense of offering a fix.    [caption id="attachment_82924" align="alignnone" width="2005"] One of the fake domains (Source: X)[/caption] Another domain has surfaced, claiming to offer support services to companies affected by the issue. Caution is advised as these claims are potentially misleading and could pose additional security risks.  What Are the Indicators of Compromise (IoCs)?  Be on the lookout for indicators of compromise (IoCs) that might signal malicious activity. Here's a list of suspicious domains that threat actors might use:  hxxp://crowdstrikestore[.]com[.]br/  hxxp://crowdstrike-bsod[.]com/  hxxp://crowdstrike[.]buzz/  hxxp://crowdstrike[.]life/  hxxp://crowdstrike[.]live/  hxxp://crowdstrike[.]site/  hxxp://crowdstrike[.]technology/  hxxp://crowdstrike[.]us[.]org/  hxxp://crowdstrike0day[.]com/  hxxp://crowdstrikebluescreen[.]com/  hxxp://crowdstrikebsod[.]com/  hxxp://crowdstrikeconnectingevents[.]com/  hxxp://crowdstrikeconnects[.]com/  hxxp://crowdstrikedoomsday[.]com/  hxxp://crowdstrikedown[.]site/  hxxp://crowdstrikeevents[.]com/  hxxp://crowdstrikeeventshub[.]com/  hxxp://crowdstrikeeventsplatform[.]com/  hxxp://crowdstrikeeventsplus[.]com/  hxxp://crowdstrikefix[.]com/  hxxp://crowdstrikeoptimizer[.]com/  hxxp://crowdstrikeredbird[.]com/  hxxp://crowdstrikestore[.]com[.]br/  hxxp://crowdstriketoken[.]com/  hxxp://crowdstrikewhisper[.]com/  hxxp://crowdstrikexdr[.]in/  hxxp://fix-crowdstrike-apocalypse[.]com/  hxxp://fix-crowdstrike-bsod[.]com/  hxxp://microsoftcrowdstrike[.]com/  hxxp://okta-crowdstrike[.]com/  hxxp://crowdstrike[.]us[.]org/  hxxp://whatiscrowdstrike[.]com  www[.]crowdstrike-falcon[.]online  www[.]crowdstrike-helpdesk[.]com  crowdstrikereport[.]com  crowdstrikefix[.]zip  crowdstrike[.]mightywind[.]com  crowdstrikeclaim[.]com  crowdstrikeoutage[.]com  www[.]crowdstrikeoutage[.]com  crowdstrikeupdate[.]com  crowdstrikerecovery1[.]blob[.]core[.]windows[.]net  crowdstrike[.]woccpa[.]com  crowdstrike[.]es  www[.]crowdstrokeme[.]me  1512178658959801095[.]crowdstriek[.]com  www[.]crowdstrikeclaim[.]com  lab-crowdstrike-manage[.]stashaway[.]co  crowdstrokeme[.]me  crowdstrike-bsod[.]com  crowdstrike0day[.]com  crowdstrikebluescreen[.]com  crowdstrikedoomsday[.]com  crowdstrikedown[.]site  crowdstrikefix[.]com  crowdstriketoken[.]com  crowdstuck[.]org  fix-crowdstrike-apocalypse[.]com  fix-crowdstrike-bsod[.]com  microsoftcrowdstrike[.]com  whatiscrowdstrike[.]com  crowdfalcon-immed-update[.]com  crowdstrikebsod[.]com  crowdstrikeoutage[.]info   Falcon Sensor Issue Used to Target CrowdStrike Customers  CrowdStrike Intelligence recommends that organizations ensure they are communicating with CrowdStrike representatives through official channels and they adhere to technical guidance the CrowdStrike support teams have provided. The following CrowdStrike Falcon LogScale query hunts for domains provided above.  [caption id="attachment_82927" align="alignnone" width="947"] Falcon LogScale Query: Source: Crowdstrike Blog[/caption] CISA Warns Organizations to Remain Vigilant of Malicious Actors Meanwhile, US cybersecurity agency CISA has warned that hackers are trying to take advantage of Microsoft outage.   “CISA is aware of the widespread outage affecting Microsoft Windows hosts due to an issue with a recent CrowdStrike update and is working closely with CrowdStrike and federal, state, local, tribal and territorial (SLTT) partners, as well as critical infrastructure and international partners to assess impacts and support remediation efforts,” it said in a statement. “Threat actors continue to use the widespread IT outage for phishing and other malicious activity. CISA urges organizations to ensure they have robust cybersecurity measures to protect their users, assets, and data against this activity,” CISA added. This incident serves as a stark reminder of our dependence on technology and the potential consequences of software malfunctions. The global scale of the outage caused significant disruptions to businesses, governments, and individuals alike. While CrowdStrike is working on a fix, it's crucial for organizations to stay vigilant and implement robust cybersecurity measures to protect themselves from future threats. 

image for Global IT Chaos: Exp ...

 Firewall Daily

Airports were left crippled, healthcare systems were disrupted, supermarket check-outs malfunctioned, and journalists scrambled without the basic tools of the trade to report on an issue causing havoc worldwide. One company and one tiny software update is at the center of a global IT outage that engulfed millions of   show more ...

people, businesses, and organizations on Friday. While the situation is gradually being resolved, the CrowdStrike outage has left a significant impact. It all began with a regular system update that went terribly wrong. Seemingly all at once, millions of computers around the world became unusable and unable to be rebooted, displaying the dreaded "Blue Screen of Death." The culprit? CrowdStrike, a US cybersecurity company based in Texas known for its ransomware, malware, and internet security products designed almost exclusively for businesses and large organizations. [caption id="attachment_82972" align="alignnone" width="1280"] Scenes at Indian Airport (Source: ShivaniReports on X)[/caption] Crowdstrike Outage: What Happened? On Friday, July 19, at 4:09 AM UTC (2:09 PM AEST), CrowdStrike released a sensor configuration update on their Falcon program targeting Windows systems. According to a statement published on the company's blog, this update, intended to target malicious system communication tools in cyberattacks, triggered a "logic error" that resulted in an operating system crash on Windows systems, leaving Mac and Linux users unaffected. We have collected quotes from industry experts to provide insight into the incident: Beenu Arora, Founder and CEO, Cyble Inc: "The recent incident involving CrowdStrike and Microsoft has put the cybersecurity world into overdrive. The exceptional response from the support teams at both companies during these intense moments is commendable. To the professionals working tirelessly around the clock, your resilience and commitment deserve recognition and gratitude. Your efforts to assist affected parties highlight the strength of our industry in the face of adversity. Thank you for your outstanding work during this challenging time. Your dedication serves as a reminder of the importance of rapid and effective incident response in the TechCommunity."   Guy Golan, CEO and Executive Chairman, Performanta: "A mistake of this magnitude is an epic failure and a huge eye-opener for the cyber world and the business world more broadly. It should not have happened. This appears to have been a failure of process and QA, releasing something that was incorrect, perhaps driven by intense market pressures in the vendor race to have the best and greatest features, or in response to the evolving threat landscape and increased need for detection. The impact of one vendor by some of the world’s biggest organizations can bring the world to its knees, and the repercussions will be unprecedented. It’s going to cost companies billions, it will lead to legal action, and it will affect businesses and users in a way we’ve never seen before. Attackers may have more awareness of who is using CrowdStrike as a result of watching this unfold, which could cause further cybersecurity complications down the road. This isn’t the fault of one vendor – perhaps market pressures have led to such a catastrophe. More outages should be expected unless organizations of all sizes start to understand that the digital world is just as significant in the 21st century as the physical world. It’s about time we elevated cyber issues to the top of the agenda and understood the full effects of market pressures."   Alan Stephenson-Brown, CEO, Evolve: "News of a global IT outage that has caused problems at airlines, media, and banks is a timely reminder that operational resilience should be at the forefront of the business agenda. Demonstrating that even large corporations aren't immune to IT troubles, this outage highlights the importance of having distributed data centers and rerouting connectivity that ensures business can continue functioning when cloud infrastructure is disrupted. By prioritizing both contingency planning and preventative measures, IT systems can be protected. I urge business leaders to seriously appraise the systems they have in place to identify potential vulnerabilities before they find themselves the subject of the next IT outage headline.   Martin Greenfield, CEO, Quod Orbis: "The global IT outage underscores a critical weakness in many organizations' cyber-resilience strategies: an overreliance on single-point solutions like antivirus software. While such tools are essential, they should not be the sole pillar of a robust cybersecurity posture. This incident serves as a reminder that even industry-leading solutions can falter, potentially leaving entire sectors vulnerable. Whilst such threats can have a huge impact, steps to prevention are often quite straightforward. Organizations must adopt a more holistic approach to their cyber resilience, implementing a multi-layered defense strategy that encompasses not just software solutions but also robust policies, regular training, and proactive threat hunting. A key component of this approach should be continuous controls monitoring, which allows for real-time visibility into the effectiveness of security measures and rapid response to emerging threats. This incident also underscores the importance of basic cyber hygiene, particularly regular system updates. The involvement of Microsoft operating systems in this outage emphasizes that even simple steps like keeping software current can significantly reduce vulnerability. Yet this fundamental practice is often overlooked, leaving systems unnecessarily exposed. This also applies to security vendors themselves, who should be running regular tests on their solutions to ensure they’re up to date with the threat landscape. The widespread impact of this outage also highlights the interconnectedness of global IT systems and the potential for cascading failures. Companies must conduct thorough risk assessments, not just of their own systems but of their entire supply chain and third-party dependencies. This incident demonstrates how a single point of failure can have far-reaching consequences across multiple sectors and geographies."   Dmytro Tereshchenko, Head of Information Security Department, Sigma Software Group: "The CrowdStrike failure has significantly impacted many organizations globally. This includes critical sectors such as banking, stock exchanges, airports, and emergency services. Recovery protocols are in place for those affected, though a comprehensive restoration across many entities will likely be a protracted process. For cybersecurity professionals, this incident isn’t something new and unexpected. It underscores a known issue within our highly interconnected supply chains. A disruption to any key supplier can indeed have extensive repercussions, affecting a broad spectrum of systems and services. While this situation is neither unprecedented nor unexpected, the timeline for complete recovery remains uncertain. We clearly understand the problem’s scale, but precise recovery estimates are still forthcoming. Users who have yet to encounter issues should be able to operate without significant disruption. Affected entities are already seeing progress in their recovery efforts. At Sigma Software Group, we’ve issued detailed guidelines to our team, and our experts are diligently addressing the situation to mitigate further impact."   Satnam Narang, Sr. Staff Research Engineer, Tenable: "The outage affecting computer systems worldwide is severe. It is affecting critical systems, such as those in hospitals, airports, financial institutions, and more. For instance, patients aren’t able to get medications in the hospital setting. It’s impacted me personally as I have a loved one who is currently in the hospital setting. While the issue is associated with Windows systems, it does not appear to be an issue with Microsoft Windows, but rather, security software installed on millions of Windows computers worldwide. Because this is security software, it requires a higher level of privileges to the underlying operating system, so a bad or faulty security update can result in a catastrophic impact. This event is unprecedented, and the ramifications of it are still developing."

image for Chinese-Linked Threa ...

 Cybersecurity News

A China-linked hacking group known as Ghost Emperor has resurfaced with an updated version of its sophisticated Demodex rootkit, according to cybersecurity researchers. Ghost Emperor typically targets Southeast Asian telecom and government entities, and has modified its infection chain and added new evasion techniques   show more ...

to its malware arsenal. New Ghost Emperor Demodex Infection Chain GhostEmperor employs a multi-stage malware to achieve stealth execution and persistence and utilizes several methods to impede analysis process. [caption id="attachment_82910" align="alignnone" width="2048"] Source: sygnia.co[/caption] Researchers from Sygnia discovered that the updated Demodex infection chain begins when attackers use WMIExec, a remote execution tool, to run a batch file on the victim's machine. The batch file drops a CAB file named "1.cab" to C:WindowsWeb, extracts four files, and imports two malicious registry files to target systems using the reg.exe import [file] command. The threat actor employs legitimate Microsoft tools, such as reg.exe and expand.exe, to achieve stealth in its attack operations. After importing the registry keys, the batch file executes an encrypted PowerShell script to create a new service named "WdiSystem" to load a malicious Service DLL (prints1m.dll) file. The script also creates a service group called "WdiSystemhost" and runs the malicious service within this group, in order to masquerade the malware process as a legitimate Windows system process within the operating system. The Service DLL dynamically loads necessary functions using an internal OS structure named Process Environment Block, accesses the LoadLibraryA function, and deciphers an encrypted configuration containing parameters such as initial sleep time, registry paths of the shellcode location, and a list of module and function names required for operation. The security firm's incident response team uncovered the new variant while investigating a network breach that affected both a client and its business partner. The malware, compiled in July 2021, shares similarities with a version analyzed by Kaspersky in 2021 but incorporates several key changes. Enhanced Evasion Techniques The attack operation employs an EDR evasion technique by setting a specific mitigation policy to its processes, forbidding the loading of DLLs that are not signed by Microsoft. This limits user-mode hooking and helps circumvent analysis tools. The service also reads two encrypted registry keys, decrypts the shellcode, and sets up a reflective loader to execute the core-implant DLL. The researchers note that Ghost Emperor has implemented the following new methods to evade detection EDR Evasion: The malware sets a process mitigation policy that prevents loading of non-Microsoft signed DLLs, potentially blocking security software from injecting monitoring code. Dynamic Function Loading: The malicious DLL dynamically loads necessary functions, making static analysis more difficult. Encrypted Configuration: Key parameters, including registry paths and required function names, are stored in an encrypted configuration within the DLL. Reflective Loading: A position-independent shellcode acts as a reflective loader for the core implant, which is stored as a corrupted PE file to resist analysis. The researchers have shared the following list of IOCs (Indicators of Compromise) [caption id="attachment_82909" align="aligncenter" width="463"] Source: sygnia.co[/caption] The Ghost Emperor threat actor group is the latest among several Chinese-linked APTs that demonstrate advanced techniques and evolved capabilities in its operations, raising concerns among governments, independent researchers and security firms about threats from the region.

image for Safety Gear Giant Ca ...

 Cybersecurity News

Cadre Holdings, a leading provider of safety and survivability products, has disclosed a significant cybersecurity incident through a Form 8-K filed with the U.S. Securities and Exchange Commission (SEC). The incident, which was detected on July 15, 2024, involved an unauthorized third-party gaining access to certain   show more ...

technology systems of the company. Upon detection of the breach using its security tools, Cadre Holdings stated that it promptly activated its standard response protocols. These included an immediate containment effort, an ongoing assessment, and remediation of the incident. The company has also engaged external cybersecurity experts to aid in the investigation, activated its incident response plan, notified federal law enforcement, and preemptively took certain systems offline as a precautionary measure. Cadre Holdings Security Breach in Detail According to the company’s profile on Linkedin, Cadre Holdings was founded in 2021 and is headquartered in Jacksonville, Florida. The company describes itself as a global provider of safety & survivability products designed for first responders, federal agencies, outdoor recreation, and personal protection markets. [caption id="attachment_82963" align="alignnone" width="719"] Source: Cadre Holdings Website[/caption] The company’s core products include body armor, explosive ordnance disposal equipment and duty gear. The highly engineered products are utilized in over 100 countries by federal, state and local law enforcement, fire and rescue professionals, explosive ordnance disposal teams, and emergency medical technicians. Key brands include Safariland and Med-Eng, amongst others. The company has around 5,000 employees including two associate members. In its SEC filing, the company said, “On July 15, 2024, Cadre Holdings, Inc determined that the Company had experienced a cybersecurity incident in which an unauthorized third party gained access to certain technology systems of the Company. “Following detection of the incident with its security tools, the company immediately initiated its standard response protocols to contain, assess and remediate the incident, including beginning an investigation with outside experts, activating its incident response plan, notifying federal law enforcement, and taking certain systems offline in an abundance of caution,” it said. Despite these immediate actions, Cadre Holdings mentioned that it was still in the preliminary stages of its investigation. Consequently, the full scope, nature, and potential impact of the cybersecurity breach remained undetermined. While the company said that certain operations have been affected, it is currently unclear whether the incident will have a material impact on the company's financial condition or operational results. The company has emphasized that it is working diligently to understand the breadth of the incident and to restore normal operations as swiftly as possible. The Form 8-K filing states, "The Company’s investigation and response remains ongoing." It further notes that "the Company is unable to determine at this time whether the incident has had or is reasonably likely to have a material impact on the company’s financial condition or results of operations." In the Form 8-K filing, Cadre Holdings included a cautionary note regarding forward-looking statements. The company acknowledged that these statements are based on its current beliefs and expectations but could be subject to change as the investigation progresses. Factors that may influence the actual outcomes include the ongoing assessment of the cybersecurity incident and its potential legal, reputational, and financial repercussions. While the nature of the accessed data remains unknown, the potential for compromised information regarding product design or vulnerabilities could have serious consequences. Cadre Holdings has assured its stakeholders of their commitment to transparency and will provide updates as the investigation unfolds. Cadre Holdings' commitment to resolving the situation and minimizing any adverse impacts on its stakeholders is evident in its swift and comprehensive response. As the investigation continues, the company aims to enhance its cybersecurity measures to prevent future incidents.

image for Unveiling the CISO C ...

 Business News

CISOs are the frontline defenders in a world where cyber threats are increasingly sophisticated and relentless. They oversee the implementation of robust security measures, ensuring that an organization’s digital fortress is impenetrable. From protecting sensitive data to securing network infrastructures, CISOs play   show more ...

a pivotal role in maintaining the integrity and confidentiality of information. But beyond their defensive duties, CISOs are strategic visionaries. They develop comprehensive cybersecurity strategies that align with an organization's goals and objectives. This involves anticipating future threats, staying abreast of technological advancements, and ensuring that security practices evolve in tandem with emerging trends. By integrating cybersecurity into the broader business strategy, CISOs help organizations achieve a balanced approach to innovation and security. To master this complex battlefield and outmaneuver adversaries, CISOs need a strategic and holistic approach. The Cyber Express proudly presents the Ultimate CISO Checklist for 2024, a treasure trove of insights and expertise from some of the brightest minds in cybersecurity. This year’s checklist is a collaborative masterpiece, blending the collective wisdom of these experts to offer clear, actionable guidance for achieving cybersecurity triumph. The Experts Behind the Masterpiece: Ankur Ahuja, Senior Vice President and CISO of Billtrust: Ankur Ahuja's seasoned insights in risk assessment and management lay the bedrock for the CISO Checklist for 2024. His contributions emphasize understanding vulnerabilities and prioritizing defenses, ensuring the checklist starts with a solid foundation in risk management. Jennifer Cox, Director for Ireland, Women in CyberSecurity (WiCyS) UK & Ireland: Jennifer Cox’s expertise in authentication and access management is the lock and key of today's threat landscape. Her advice on enforcing robust authentication processes is pivotal, ensuring organizations fortify their defenses against unauthorized access. Prashant Warankar, CTO & CISO of Sterlington: Prashant Warankar's focus on patch management and vulnerability prioritization is akin to a vigilant watchtower. His guidance helps CISOs develop effective patch management strategies that swiftly address vulnerabilities and minimize risks. Jane Teh, Chief of Staff to CEO Office & Senior Director, vCyberiz: Jane Teh's expertise in incident response and recovery planning is the lifeboat in a storm. Her detailed approach to incident response planning and regular testing equips organizations to weather cyberattacks and emerge resilient. Pooja Shimpi, Founder and CEO of SyberNow: Pooja Shimpi’s insights on employee training and awareness are the compass for navigating human elements in cybersecurity. Her emphasis on security awareness training reduces the risk of incidents caused by human error. Talal AlBalas, CISO of the Abu Dhabi Quality and Conformity Council: Talal AlBalas’s contributions to vulnerability assessments and penetration testing are the sentinels guarding the gates. His expertise ensures organizations maintain a robust security posture through regular testing and audits. An Essential Guide for CISOs The Ultimate CISO Checklist for 2024 is more than a mere list; it is a meticulously crafted guide designed to arm CISOs with the tools and strategies needed to safeguard their organizations against the relentless tide of cyber threats. By incorporating these expert insights, CISOs can bolster their cybersecurity posture and confidently navigate the digital landscape's complexities. Download the CISO Checklist for 2024 and arm yourself with the knowledge and tools to fortify your organization against an ever-evolving array of cyber threats. This guide is an indispensable resource for every CISO aiming to achieve cybersecurity success in the coming year. DOWLOAD THE REPORT HERE

 Threat Actors

APT41, a China-based hacking group, has targeted organizations in shipping, logistics, media, technology, and automotive sectors in Italy, Spain, Taiwan, Thailand, Turkey, and the U.K. since 2023.

 Feed

Law enforcement officials in the U.K. have arrested a 17-year-old boy from Walsall who is suspected to be a member of the notorious Scattered Spider cybercrime syndicate. The arrest was made "in connection with a global cyber online crime group which has been targeting large organizations with ransomware and gaining access to computer networks," West Midlands police said. "The arrest is part of

 Feed

Cybersecurity firm CrowdStrike, which is facing the heat for causing worldwide IT disruptions by pushing out a flawed update to Windows devices, is now warning that threat actors are exploiting the situation to distribute Remcos RAT to its customers in Latin America under the guise of a providing a hotfix. The attack chains involve distributing a ZIP archive file named "crowdstrike-hotfix.zip,"

 CrowdStrike

Source: www.databreachtoday.com – Author: 1 Business Continuity Management / Disaster Recovery , Endpoint Security , Governance & Risk Management Panelists Discuss Immediate and Long-Term Impact of Global Outage Anna Delaney (annamadeline) • July 19, 2024     Clockwise, from top left: Anna Delaney, Ian   show more ...

Thornton-Trump and Mathew Schwartz In this special edition of the ISMG […] La entrada ISMG Editors: What the CrowdStrike Outage Taught Us So Far – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CrowdStrike

Source: www.databreachtoday.com – Author: 1 Business Continuity Management / Disaster Recovery , Governance & Risk Management , Healthcare Some EHRs Affected; Hospitals Cancel Patient Care in Latest Vendor Mega Incident Marianne Kolbasuk McGee (HealthInfoSec) • July 19, 2024     Mass General Hospital   show more ...

in Boston is among the healthcare entities across the U.S. and elsewhere […] La entrada CrowdStrike/Microsoft Outage Latest Blow to Healthcare – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Agencies

Source: www.databreachtoday.com – Author: 1 Business Continuity Management / Disaster Recovery , Governance & Risk Management , Government CrowdStrike Outage Rekindles Concerns Over Federal Cybersecurity Contingency Plans Chris Riotta (@chrisriotta) • July 19, 2024     The outage delayed passengers at   show more ...

major airlines worldwide. The Federal Aviation Administration helped airlines temporarily halt flights in the […] La entrada Federal Agencies Scramble to Fix Massive Software Outage – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CrowdStrike

Source: www.databreachtoday.com – Author: 1 Security Operations In the Spotlight: Quality Assurance, Business Resilience, Single Points of Failure Mathew J. Schwartz (euroinfosec) • July 19, 2024     A CrowdStrike Falcon software bug has left many Windows systems constantly rebooting to the “blue   show more ...

screen of death.” (Image: Shutterstock) Anyone who might have doubted the extent […] La entrada CrowdStrike, Microsoft Outage Uncovers Big Resiliency Issues – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: www.databreachtoday.com – Author: 1 Jim Ducharme CTO, ClearDATA Jim leads ClearDATA’s Engineering, Product Management, and IT teams with over 25 years in identity, risk, and fraud management. Formerly COO of Outseer, an RSA Company, he has held leadership roles at Aveksa, CA, and Netegrity. Jim holds   show more ...

several patents and a Computer Science degree from […] La entrada Healthcare in The Cloud: Detecting and Overcoming Threats to Ensure Continuity & Compliance – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Saturday, July 20
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember