Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for WazirX Cyberattack: ...

 Firewall Daily

In response to the recent WazirX cyberattack that led to the theft of $230 million from one of its multisig wallets, WazirX -- India’s largest cryptocurrency exchange -- has temporarily paused trading on its platform. This follows an earlier suspension of withdrawals after hackers compromised the wallet’s private   show more ...

keys. To recover the funds lost in the WazirX cyberattack, the company has also launched a Bounty Program, offering significant rewards for valuable information and assistance in retrieving the stolen assets. In a social media post, the company announced the launch of its bounty program. According to the official release, the initiative invites the community to participate through two key bounty opportunities. The first, "Track & Freeze," offers rewards of up to $10,000 in USDT for actionable intelligence that leads to freezing the stolen funds. The second, "White Hat Recovery," offers a 10% reward of the recovered amount, with a maximum of $23 million, to white hat hackers who assist in recovering the stolen assets. This bounty program will be active for three (3) months from the date of this announcement. However, the duration of the program may be adjusted—either extended or shortened—based on evolving needs and results, with or without prior notice to participants, the release stated. The bounty program is open to all individuals except current and former WazirX employees and their immediate family members. To qualify, participants must provide detailed submissions, including addresses, transactions, and tracking and recovery methodologies. Additionally, all participants are required to maintain confidentiality and refrain from sharing any information with third parties. The social media post concluded with the statement: "Your expertise and collaboration are essential in our efforts to secure and recover the stolen funds." Mitigation Measures for the WazirX Cyberattack Following the cyberattack on WazirX, the company has implemented several immediate and comprehensive measures to address the situation. The exchange has filed an online complaint via the National Cyber Crime Reporting Portal and is in the process of submitting a physical complaint. Additionally, WazirX reported the incident to the Financial Intelligence Unit (FIU) India and CERT-In. Further, WazirX has reached out to over 500 exchanges to block the identified addresses linked to the theft, with many exchanges cooperating and assisting in the recovery efforts. The company is also engaging with cybersecurity experts to support its investigation and recovery initiatives. To ensure asset safety, WazirX has temporarily suspended INR and cryptocurrency deposits and withdrawals. In addition, all trading activities have been paused to allow for a thorough examination of affected systems, forensic data, and a comprehensive security audit. This decision, prompted by concerns over the partial collateralization of assets, will enable the exchange to thoroughly examine affected systems, conduct forensic analysis, and conduct a rigorous security audit. WazirX Cyberattack: A Major Blow to the Crypto Community WazirX is actively engaged in analyzing forensic data and working with experts to determine effective recovery strategies. This significant breach has had a major impact, affecting numerous users and raising serious concerns about the security of digital assets. While WazirX has assured users that their safety and security are top priorities as they deal with this complex situation, the cyberattack has once again brought attention to the vulnerabilities in the digital asset space. This incident highlights the ongoing need for stronger security measures in the cryptocurrency world. WazirX has started tracking and blocking some of the stolen funds, but details about these efforts are not yet available. The company has promised to keep users updated regularly and address any new concerns that come up. This story is still developing, and The Cyber Express will keep you informed with the latest updates as more information becomes available.

image for Fix Now! New Microso ...

 Cyber Essentials

In response to the widespread issues caused by the CrowdStrike Falcon agent on Windows clients and servers, Microsoft has introduced an updated recovery tool designed to streamline the repair process for IT administrators. The updated Microsoft recovery tool offers two repair options, providing flexibility in   show more ...

addressing the problems on affected systems. This article outlines the recovery steps and details of repair options available for Windows clients, servers, and OS hosted on Hyper-V. The signed Microsoft recovery tool is available for download from the Microsoft Download Center. Administrators can access the tool using the following link: Microsoft Recovery Tool. The tool includes detailed instructions for recovering Windows clients and servers, as well as OS hosted on Hyper-V environments. Microsoft Recovery Tool: Repair Options Microsoft provides two distinct recovery options: Recover from WinPE (Windows Preinstallation Environment) Recover from Safe Mode Recover from WinPE The WinPE recovery option is recommended for its efficiency and ease of use. This method does not require local administrator privileges, making it a convenient choice for IT administrators. However, if BitLocker is enabled on the device, the BitLocker recovery key will need to be manually entered. For devices using third-party disk encryption solutions, administrators should consult the vendor's guidance to recover the drive. Steps for WinPE Recovery: Insert the USB key into the impacted device. Reboot the device and press F12 (or follow manufacturer-specific instructions) to enter the BIOS boot menu. Select the option to boot from the USB drive. If BitLocker is enabled, enter the BitLocker recovery key. The tool will run the remediation script as recommended by CrowdStrike. Remove the USB drive and reboot the device normally. Recover from Safe Mode The Safe Mode recovery option can be useful for devices with TPM-only protectors or those where the BitLocker recovery key is not readily available. This method requires access to an account with local administrator privileges. Steps for Safe Mode Recovery: Insert the USB key into the impacted device. Reboot the device and press F12 (or follow manufacturer-specific instructions) to enter the BIOS boot menu. Select the option to boot from the USB drive. The tool will configure the machine to boot in Safe Mode. Reboot the device into Safe Mode. Run the repair.cmd script from the root of the USB drive. The tool will remove impacted files and restore the normal boot configuration. Reboot the device normally. Additional Considerations Some devices may have restrictions that prevent them from connecting to a USB drive. In such cases, reimaging the device may be a better option. As with any recovery process, it is advisable to test the recovery steps on multiple devices before applying them broadly across an environment. Creating the Boot Media To create the bootable recovery media, administrators will need the following prerequisites: A Windows 64-bit client with at least 8GB of free space. Administrative privileges on the Windows client. A USB drive with a minimum of 1GB and a maximum of 32GB capacity. Note that all existing data on this USB drive will be wiped. Steps to Generate WinPE Recovery Media: Download the Microsoft Recovery Tool from the Microsoft Download Center. Extract the PowerShell script from the downloaded solution. Run MsftRecoveryToolForCSv2.ps1 from an elevated PowerShell prompt. The ADK will download and media creation will start, taking several minutes. Select the option to generate an ISO or USB drive and specify the drive letter. Using Recovery Media on Hyper-V Virtual Machines The recovery media can also be used to remediate impacted Hyper-V virtual machines. Administrators should select the option to generate an ISO when creating the recovery media. For non-Hyper-V virtual machines, follow the hypervisor vendor's instructions to use the recovery media. Steps to Recover Hyper-V Virtual Machines: Add a DVD Drive under Hyper-V settings > SCSI Controller. [caption id="attachment_83029" align="aligncenter" width="841"] Screenshot for where to add the DVD Drive[/caption] 2. Add the recovery ISO as an Image file under Hyper-V settings > SCSI Controller > DVD Drive. [caption id="attachment_83030" align="aligncenter" width="837"] Screenshot of where to add the image file[/caption] 3. Change the boot order to move the added DVD Drive to the first boot entry. [caption id="attachment_83031" align="aligncenter" width="841"] Screen shot of the original boot order.[/caption] 4. Start the virtual machine and boot to the ISO image. [caption id="attachment_83032" align="aligncenter" width="838"] Screenshot of change the boot order.[/caption] 5. Follow the appropriate recovery steps (WinPE or Safe Mode) as described above. 6. Restore the boot order to its original settings. 7. Reboot the virtual machine normally. Background on the CrowdStrike Falcon Agent Issue On Friday, July 20, Windows users worldwide were hit by the Blue Screen of Death (BSOD), a critical error attributed to a file named "csagent.sys" associated with CrowdStrike’s Falcon Sensor. This issue led to sudden crashes upon startup or reboot, causing significant disruptions across various sectors, including major banks, media companies, tech firms, and critical infrastructures like airports and airlines. Discussions on social media revealed the widespread nature of the problem, with users from Germany, India, Japan, and the U.S. sharing their frustrating experiences. The Australian government assured the public that this was not a cybersecurity incident and urged calm, stating there was no reason to panic. Conclusion Microsoft's proactive release of the recovery tool provides a vital solution for IT admins and users affected by the CrowdStrike Falcon agent issue. By following the detailed recovery steps and choosing the appropriate recovery option, users can restore normal operations to their impacted devices.

image for L.A. County Courts S ...

 Cybersecurity News

The Los Angeles County Superior Court - the largest superior court system in the U.S. - has been shut down following a ransomware attack. Despite system and network troubles, the L.A. County Courts said recent cybersecurity upgrades enabled IT staff to respond quickly to the attack and minimize damage. All 36 courts   show more ...

in the L.A. County court system were closed on Monday, July 22 after IT teams were unable to fully restore systems over the weekend. However, the court said it expects to reopen on Tuesday, July 23. L.A. County Courts Shut Down ‘Nearly All Network Systems’ The attack occurred on Friday, July 19 and was unrelated to the massive global CrowdStrike outage that many IT teams are still recovering from. “The Court experienced an unprecedented cyber-attack on Friday which has resulted in the need to shut down nearly all network systems in order to contain the damage, protect the integrity and confidentiality of information and ensure future network stability and security,” Presiding Judge Samantha P. Jessner said in a statement. “While the Court continues to move swiftly towards a restoration and recovery phase, many critical systems remain offline as of Sunday evening. One additional day will enable the Court’s team of experts to focus exclusively on bringing our systems back online so that the Court can resume operations as expeditiously, smoothly and safely as possible.” The statement said court staff “have been working vigorously over the past 72 hours in partnership with outside consultants, vendors, other courts and law enforcement to get the Court’s network systems back online.” Affected systems span the court’s entire operations, from external systems such as the MyJuryDuty Portal and the court’s website to internal case management systems. Even as the court reported “significant progress,” it noted that “there remain some challenges that are delaying progress.” No threat actor group has yet publicly claimed responsibility for the attack. While the court website is back up, many requests are resulting in errors and many functions remain unavailable. [caption id="attachment_83134" align="aligncenter" width="500"] Website error, lacourt.org[/caption] Upgraded Cybersecurity Controls May Have Helped L.A. County Courts The attack began in the early morning hours of Friday, July 19, an earlier court statement said. “Immediately upon discovery of the attack, the Court disabled its network systems to mitigate further harm,” the statement said. The court is receiving support from the California Governor’s Office of Emergency Services (CALOES) and local, state and federal law enforcement. The statement said that a preliminary investigation “shows no evidence of court user’s data being compromised.” The Court said it has “invested heavily in its cybersecurity operations, modernizing its cybersecurity infrastructure and making strategic staff investments in the Cybersecurity Division within CTS. As a result of this investment, the Court was able to quickly detect an intrusion and address it immediately.” The L.A. County court system serves the county’s 10 million residents. More than 1 million cases a years are filed in the county system, and more than 2,000 jury trials a year are held in its courtrooms. Courts in the U.S. and elsewhere have suffered their share of ransomware attacks. In a little over a year, Kansas, Illinois, Ohio and Florida courts have been the victims of cyberattacks, while Switzerland and Australia have been among the victims in other countries.

image for Data Breach Defense ...

 Cybersecurity News

The increasing prevalence of scams and data breaches makes safeguarding your personal information more challenging than ever. Cybercriminals are becoming increasingly sophisticated, employing advanced techniques to impersonate trusted organizations and deceive individuals into revealing sensitive details. As   show more ...

technology continues to evolve, so do the tactics of these cyber adversaries. They often leverage social engineering to exploit human psychology, creating a sense of urgency or fear to prompt immediate action. This can lead to the unintentional disclosure of personal information, such as login credentials, social security numbers, or financial data, which can then be used for malicious purposes like identity theft or financial fraud.   In the aftermath of a data breach, swift and informed action can mitigate the damage and prevent further harm. Understanding the scope of the data breach, changing compromised passwords, monitoring financial accounts, and enabling fraud alerts are essential steps in protecting yourself. In this guide, we will walk you through a comprehensive, step-by-step approach to effectively manage and mitigate the impact of a data breach, ensuring you are prepared to protect your personal information.  Step-by-step to Manage and Mitigate the Impact of Data Breach Assess the Situation First, stay calm and assess the scope of the data breach. Begin by identifying the specific information that has been compromised, such as usernames, passwords, personal details, or financial data. Understanding what has been exposed is crucial for determining the next steps to take.  For login credentials, perhaps unauthorized activity may be a heads-up, and for financial data, if you have notifications paired to see any unauthorized transaction, that may be helpful. Next, assess how this information could potentially be misused. Could your data have been stolen for identity theft, or financial fraud, etc? This assessment will allow you to know what steps to take to mitigate the damage.  Change Passwords  Changing your passwords immediately after a data breach is essential for preventing unauthorized access to your accounts. Many services offer an option to log out of all devices when you update your password, which helps prevent further malicious activity. Make sure to use strong, unique passwords for each affected account; reusing passwords increases the risk of further breaches. Implementing distinct passwords for each account enhances your security and reduces the chances of being hacked again.  A strong password should incorporate a combination of uppercase and lowercase letters, numbers, and special characters like @, #, $, %, and !. Using easily guessable personal information, which can often be found on social media, weakens your password. Avoid common phrases such as "Password123." To manage complex passwords securely, consider using a password manager to generate and store them safely.  Enable Multi-Factor Authentication   Multi-Factor Authentication (MFA) enhances security by requiring an additional form of verification beyond your password. This could include codes sent via email or text message, or biometric methods such as facial recognition on your phone or fingerprint scanning on your laptop. By adding these extra layers of protection, MFA helps ensure that only authorized users can access your accounts.  Enabling MFA on all available accounts is crucial and often a straightforward process, typically prompted by the service. For instance, using tools like Microsoft Authenticator or providing your phone number to receive verification codes can enhance security. This is particularly important for accounts with sensitive or financial information. Even if your password is compromised, MFA adds an additional layer of protection to prevent unauthorized access.  Monitor Financial Accounts  Regularly monitoring your bank statements, credit card transactions, and other financial accounts is crucial following a data breach. Enabling notifications for real-time updates on transactions helps ensure that your card is used only for authorized activities. This proactive approach allows you to quickly spot and address any unauthorized transactions.  If you discover any unfamiliar or unauthorized transactions, report them immediately to your financial institution. This may involve taking additional steps, such as disabling your card. Acting quickly can help minimize financial losses and prevent further malicious activity.  Alert or Sign up for Credit Bureaus or Theft Protection Services  Placing a fraud alert or credit freeze on your credit report with major credit bureaus—such as Equifax, Experian, and TransUnion—can help protect against identity theft. While these measures may not always be the most financially accessible, they are effective.  A fraud alert requires creditors to take additional steps to verify your identity before opening new accounts in your name. A credit freeze restricts access to your credit report, making it harder for identity thieves to open new accounts using your information.  Update Security Settings  Ensure that you are reviewing and updating security settings on your online accounts, especially privacy settings on social media platforms. Restrict who can view your personal information and posts to minimize exposure. Private accounts are safer than Public as information found on social media can help hackers.   Consider adjusting your privacy settings to limit the visibility of personal details, such as your birthdate, email address, and phone number. Regularly review and update your security questions and answers to prevent hackers from guessing them over time. Choose questions with answers that are not easily guessable or publicly available to enhance your security.  Stay Informed and Vigilant  Keep yourself informed about developments related to the data breach. Make sure to follow updates from the affected organizations or authorities to understand the ongoing impact and any steps you should take to further protect yourself. Our Weekly recap, TCE Cyberwatch, is one way you can keep track of possible cyberattacks and changes that could have affected you.    Stay vigilant and be on the lookout for phishing emails and fraudulent phone calls, which are two of the most common scams targeting individuals affected by a data breach. Exercise caution when clicking on links or downloading attachments from unfamiliar sources, as they may contain malware or phishing attempts designed to steal additional information.  In conclusion, experiencing a scam or data leak can be frightening, but it’s crucial to stay calm and take the necessary steps to minimize damage. It can be challenging to think clearly during such situations, but being prepared and knowing what actions to take is essential.   By following these steps, you can significantly reduce the impact of the breach. Numerous services are available to assist you, and this experience serves as a valuable learning opportunity. If your data is exposed, you’ll be better equipped to recognize and respond to similar threats in the future. 

image for Protecting Telecom N ...

 Firewall Daily

In the aftermath of the CrowdStrike and Microsoft outage that crippled critical infrastructure worldwide—impacting airports, hospitals, schools, and government offices—the role of security experts has been thrust into the spotlight once more. Chief Information Security Officers (CISOs) and Chief Technology   show more ...

Officers (CTOs) are facing heightened responsibilities in safeguarding networks against an increasingly sophisticated range of cyber threats originating from the dark web. Telecom networks, crucial for global communication, have emerged as prime targets due to the vast volumes of sensitive data they manage. Cybersecurity experts assert that telecom networks are particularly attractive to cybercriminals because they store extensive personal and financial information, thereby exposing them to serious risks such as malware, phishing, and ransomware attacks. With the rise of hacktivist groups, ransomware gangs, and lone hackers, The Cyber Express offers effective CTO strategies for dark web threats. This easy-to-follow guide helps CTOs tackle the daily challenges of mitigating these digital adversaries. Telecom Network Security: Challenges and Solutions Securing telecom networks against hackers is an important part of CTO strategies for dark web threats. The industry faces numerous challenges, including the inherent complexity of telecom infrastructures themselves. These infrastructures, characterized by interconnected systems and diverse technologies, necessitate comprehensive security measures to effectively cover every component. Notably, ransomware affected 72.7% of organizations globally in 2023, reported Statista, further highlighting the pervasive threat across diverse sectors. The first challenge lies in the complexity of telecom infrastructures themselves. Interconnected systems and diverse technologies necessitate comprehensive security measures to cover every component effectively. This complexity heightens the difficulty of ensuring robust security across the entire network architecture. Moreover, rapid technological advancements such as 5G deployment and IoT proliferation expand the attack surface, demanding enhanced mitigation strategies. Concurrently, phishing remains the most common email attack method, accounting for 39.6% of all email threats, as per data by Hornetsecurity’s Cyber Security Report 2024. Spear phishing attachments were used in 62% of these attacks, highlighting the need for targeted defenses, reported IBM X-Force Threat Intelligence Index 2024. Another critical challenge for telecom companies is regulatory compliance. Meeting diverse regulatory requirements across regions, such as GDPR and PCI DSS, adds complexity to security operations. Strict adherence to these standards is essential not only to avoid legal repercussions but also to maintain trust with customers who expect their data to be protected according to established guidelines. Resource constraints pose yet another obstacle. Budget limitations often restrict the implementation of comprehensive security measures. Therefore, telecom companies must prioritize their security needs and allocate resources efficiently to achieve the best possible security posture within their financial constraints. Best CTO Strategies for Dark Web Threats in 2024 Implementing effective strategies to counter cybercriminals is crucial for CTO strategies for dark web threats aiming to bolster security posture and foster a conducive business environment. One key strategy is leveraging artificial intelligence (AI) for immediate threat detection. Cybersecurity firms like Cyble provide specialized threat monitoring services designed specifically to mitigate risk associated with the dark web. These solutions include ongoing scanning, instant alerts, and expert evaluation of potential threats. Studies indicate that bad actors increasingly leverage generative AI, attributing an 85% rise in cyberattacks to its use, said CFO. By analyzing extensive datasets, AI can swiftly identify anomalies indicative of potential malicious activities, enabling proactive threat response. Another critical area is securing the supply chain, particularly AI algorithms and data used for training AI models. Ensuring the integrity of third-party components is vital to prevent vulnerabilities that could compromise network security. Partnering with trusted vendors and enforcing stringent security protocols can effectively mitigate risks associated with supply chain vulnerabilities, thereby fortifying the telecom infrastructure against external threats. Continuous monitoring plays a pivotal role in maintaining cybersecurity defenses. Automated monitoring systems provide real-time detection of suspicious activities, allowing telecom companies to promptly address emerging threats before they escalate. This proactive stance minimizes potential damages and reinforces network security, further promoting CTO strategies for dark web threats.  Enhancing employee awareness through comprehensive training programs is equally essential. Educating staff on identifying and mitigating cybersecurity risks specific to telecom networks and AI technologies helps cultivate a culture of security awareness. Notably, human error contributes to 74% of all breaches, emphasizing the need for proactive employee education and vigilance. Krzysztof Olejniczak, Chief Information Security Officer (CISO) at STX Next, highlighted the crucial role that employee awareness and readiness play in mitigating cyber risks. “Data from our recent survey highlights that employees continue to be the weakest link in company security. Even with robust technological measures in place, ineffective implementation, inadequate support processes, or a lack of governance can undermine these efforts,” noted Olejniczak. Adhering to regulatory standards such as GDPR and PCI DSS is non-negotiable for telecom companies aiming to uphold robust data protection practices. In 2023, fines under the General Data Protection Regulation (GDPR) in the EU reached approximately €2.1 billion, marking a substantial increase compared to previous years. The surge was driven by a landmark €1.2 billion penalty against Meta for improper data transfers to the U.S. Despite fluctuations, average fines have risen significantly since 2019, with notable penalties levied against Meta, Amazon, and Google, including a €746 million fine on Amazon in 2021. By aligning with industry regulations, telecom companies demonstrate their commitment to safeguarding customer data and avoiding penalties linked to non-compliance. Ultimately, investing in cybersecurity initiatives is a pathway to profitability for telecom companies. This investment yields multiple benefits, including cost reduction from mitigating data breaches and operational disruptions, enhancing customer trust and loyalty, and creating new revenue streams through managed security services.  To optimize the effectiveness of CTO strategies for dark web threats, security officers must prioritize advanced security frameworks, harness AI-driven threat detection capabilities, and foster a pervasive culture of cybersecurity awareness. The Role of Cybersecurity Framework Frameworks such as ISO 27001 and the NIST Cybersecurity Framework offer structured approaches that telecom companies can adopt to bolster their cybersecurity measures. ISO 27001 emphasizes the management of information security risks, ensuring the confidentiality, integrity, and availability of sensitive data through a systematic approach. This framework provides a robust foundation for safeguarding critical information assets against potential threats. On the other hand, the NIST Cybersecurity Framework provides guidelines tailored to identify, protect, detect, respond to, and recover from cybersecurity incidents. By following these guidelines, telecom companies can enhance their overall resilience against evolving cyber threats. The NIST Cybersecurity Framework aids in establishing a comprehensive cybersecurity strategy that addresses the specific challenges and risks faced within the telecommunications industry. As telecom networks evolve, another crucial aspect of CTO strategies for dark web threats involves proactively investing in advanced security technologies. This includes leveraging artificial intelligence (AI) for threat detection and response capabilities to stay ahead of sophisticated cyber threats. Moreover, fostering a culture of cybersecurity awareness linked with security frameworks is crucial in mitigating human error, which remains a common vulnerability exploited by cyber attackers. Understanding Dark Web Threats The telecom industry faces a formidable challenge from dark web threats, which exploit the anonymity and encrypted nature of underground networks. Unlike the surface web, the dark web operates beyond conventional search engines, facilitating illicit activities such as the sale of stolen data, hacking tools, and specialized services aimed at exploiting vulnerabilities in telecom networks. Dark web marketplaces serve as hubs for cybercriminals to trade sensitive information relevant to the telecom sector. This includes compromised customer data, login credentials, and insider details about critical network infrastructure. The availability of such data on the dark web poses a significant risk to telecom companies, potentially leading to identity theft, financial fraud, and targeted cyber attacks against subscribers and infrastructure. A pressing concern for telecom security is the trade of telecom-specific vulnerabilities and exploits on the dark web. These include zero-day vulnerabilities in network equipment, malware crafted to compromise telecom networks, and tools enabling unauthorized access to subscriber data. The commodification of these threats highlights the urgent need for robust cybersecurity measures within the telecom industry to mitigate sophisticated cyber risks lurking in the shadows of the internet. For robust protection against dark web threats and to safeguard your telecom infrastructure, Cyble offers advanced cybersecurity solutions tailored to your needs. Leverage Cyble's AI-driven analysis and continuous threat monitoring to gain critical insights and enhance your organization’s defense. Take proactive steps with Cyble's comprehensive cybersecurity services to mitigate risks and secure your digital ecosystem effectively. Discover more by scheduling a demo today!

image for CrowdStrike Addresse ...

 Cybersecurity News

CrowdStrike is actively working to resolve a defect in a content update that struck about 8.5 million Windows machines on July 19 - and continues to disrupt many Windows hosts days later. In a recent update, the cybersecurity company said it has "tested a new technique to accelerate impacted system remediation.   show more ...

We’re in the process of operationalizing an opt-in to this technique. Customers are encouraged to follow the Tech Alerts for latest updates as they happen and they will be notified when action is needed." Microsoft has also released a fix for the faulty CrowdStrike update, which resulted in bugcheck and "blue screen of death" (BSOD) errors on millions of Windows hosts. Delta Airlines was one noteworthy company struggling to recover from the outages, and was still canceling about 20% of its flights as of early afternoon Eastern U.S. time on Monday, July 22. CrowdStrike shares (CRWD) have plunged more than 20% since the incident, erasing roughly $15 billion in market cap. CEO George Kurtz has assured customers that the faulty update was not due to a cyberattack and that Falcon platform systems remain unaffected. CrowdStrike Outage Response and Customer Support The defective update stemmed from a Windows sensor-related content deployment, specifically a channel file in the CrowdStrike directory, which has sparked widespread discussion in the cybersecurity industry about how to ensure that software updates and rollouts are safer and more reliable. CrowdStrike CSO Shawn Henry took to LinkedIn to apologize for the incident: "On Friday, though, we failed. The past two days have been the most challenging 48 hours for me over 12+ years. The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch. But this pales in comparison to the pain we've caused our customers and our partners. We let down the very people we committed to protect, and to say we’re devastated is a huge understatement. I, and the entire company, take that personally. Thousands of our team members have been working 24/7 to get our customer systems fully restored. The days have been long and the nights have been short, and that will continue for the immediate future. But that is part of the promise we made to all of you when you put your trust and protection in our hands." The company quickly mobilized its resources to assist affected customers. A new technique to accelerate system remediation was tested in collaboration with clients, with an opt-in process being implemented. CrowdStrike is providing regular updates through its support portal and social media channels, urging customers to verify communication with official representatives. Kurtz emphasized the company's commitment to transparency and customer trust. "Nothing is more important to me than the trust and confidence that our customers and partners have put into CrowdStrike," he stated. The CEO promised full disclosure on the incident's cause and preventive measures for the future. Technical Details and Remediation Steps For systems still experiencing crashes, CrowdStrike recommends rebooting to download the reverted channel file - multiple times, if necessary. If issues persist, manual or automated remediation options are available, including the use of a bootable USB key for automated fixes. In response to the widespread issues caused by the faulty update of the CrowdStrike Falcon agent on Windows-based clients and servers, Microsoft released its own recovery tool to help system administrators and IT staff. The updated Microsoft recovery tool offers two repair options - Recover from WinPE (Windows Preinstallation Environment) or Recover from Safe Mode - and also includes guidance for recovering BitLocker encryption keys, if necessary. [caption id="attachment_83163" align="aligncenter" width="300"] CrowdStrike update on Windows outage recovery[/caption] As the situation evolves, CrowdStrike continues to prioritize customer support and system restoration, even as the issue of who will pay for the restoration efforts remains unresolved. The company acknowledges the impact of the incident and says it is working tirelessly to regain customer confidence through transparent communication and effective problem-solving. Shawn stated in his post, "I know I speak for the women and men of CrowdStrike when I say thank you to every customer and partner who has also been working around the clock. You are the real heroes in all of this. We are committed to re-earning your trust by delivering the protection you need to disrupt the adversaries targeting you. Despite this setback, the mission endures."  

image for Critical Bazaar Vuln ...

 Firewall Daily

A critical security flaw, CVE-2024-40348, has emerged in Bazaar v1.4.3, posing substantial risks due to its potential for directory traversal by unauthenticated attackers. Discovered by security researcher 4rdr, this Bazaar vulnerability allows malicious actors to exploit the /api/swaggerui/static component,   show more ...

compromising system integrity and confidentiality. The vulnerability in Bazaar v1.4.3 centers around the /api/swaggerui/static component, where attackers can execute directory traversal attacks without requiring authentication. This allows them to manipulate paths improperly and gain unauthorized access to sensitive directories and files, significantly impacting system availability and confidentiality. Directory traversal (or path traversal) is a security exploit where an attacker manipulates user input to access files and directories outside the intended scope of an application's file system. By submitting crafted input that includes special characters like "../", attackers exploit vulnerabilities in the application's input validation process. This can lead to unauthorized access to sensitive files, configurations, or system files that compromise confidentiality and integrity. Understanding Bazaar Vulnerability CVE-2024-40348 and Proof of Concept (PoC) [caption id="attachment_83059" align="alignnone" width="1420"] Source: X[/caption] Security experts have developed a Proof of Concept (PoC) to demonstrate the exploitability of CVE-2024-40348. The PoC is designed to showcase how the Bazaar vulnerability can be weaponized, potentially leading to severe consequences such as ransomware deployment. By leveraging this PoC, attackers can exploit the vulnerability to execute arbitrary code and compromise targeted systems. The vulnerability manipulates user input within the /api/swaggerui/static component, facilitating the traversal of directory paths. This manipulation can be exploited to access restricted directories outside the intended scope, exposing critical system files and compromising data integrity. The Common Weakness Enumeration (CWE) categorizes this issue under CWE-22, emphasizing its severity in terms of confidentiality, integrity, and availability. CVE-2024-40348 in Action and Counter Measures The exploitation of CVE-2024-40348 has been observed in the wild, highlighting its immediate threat to systems using Bazaar v1.4.3 and earlier versions. Attackers exploit the vulnerability to access sensitive files, as demonstrated by attempts to read system files like /etc/passwd from vulnerable targets. This exploitation highlights the urgent need for mitigation strategies and security patches to protect against potential breaches. Currently, there are no known countermeasures or security patches available specifically addressing CVE-2024-40348. Security recommendations include monitoring system logs for suspicious activities, implementing stringent access controls, and conducting regular vulnerability assessments. Organizations are advised to replace or restrict the affected components until an official patch is released by Bazaar. The vulnerability assessment for CVE-2024-40348 indicates its severity based on the Common Vulnerability Scoring System (CVSS). While specific CVSS scores are pending, the nature of the vulnerability suggests high potential impact on affected systems. Organizations are encouraged to stay updated with the latest security advisories and apply patches promptly upon release. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

image for Scams at the Paris O ...

 Threats

For athletes, the Olympics are the pinnacle of a lifetimes work. Many train for decades to one day perform under their nations flag and sing its anthem far from home. For scammers, its much simpler: the Olympics are just another opportunity to cash in on unsuspecting individuals. Today we tell you how scammers have   show more ...

prepared for the Paris Olympics, how they plan to steal money and personal data from sports fans, and what you need to know to follow your favorite athletes safely. Olympic-sized data plan The Paris Olympics kick off on July 26, and French media predict a temporary population explosion with 15.3 million visitors. Naturally, tourists from other countries always want to stay connected, and who comes to their aid? Scammers, of course, armed with a too-good-to-be-true offer — 48GB of supposedly free internet, regardless of your carrier. 48GB of free cheese Lets do the math: a standard mobile plan with 40GB of internet and unlimited calls in France costs around €11 (roughly $12USD). Given the number of expected tourists, the cost of providing free internet to all would exceed €168 million (approximately $184 million USD). No telecom company is giving away that much data allowance — after all, many of these visitors will never return to France. But whos got the time to think about that when the offer is so tempting, and the Parisian atmosphere is so intoxicating? Alas, after registering and filling out all the forms, the tourist wont get a single free megabyte, and they may only realize this too late when their phone account runs out of money. At the same time, theyll have given the scammers their phone number, personal and banking details, and confirmation that theyll be far from home, watching the Olympics in Paris — and therefore probably wont be closely monitoring their banking transactions. Dont forget your ticket… and scarf! What are the first things Olympic spectators want? Tickets to the Games, of course. Just in time for the Paris Olympics, scammers have built a network of fake ticket-sales websites. Archery? You bet! Soccer? Naturally. Badminton? Dont even ask! Theyve got it all covered! To appear legitimate, the scammers have even added pop-ups requesting consent to collect personal data and use web tracking, complete with links to their own privacy policies — so the unsuspecting victim also agrees to sharing their data with the scammers! This fraudulent site selling tickets to Olympic events even asks for permission to collect personal data, and has its own privacy policy The platform offers not only to buy tickets, but also to sell them — just in case you decide to watch rhythmic gymnastics instead of soccer. This way, the scammers can extend their reach to those whove bought tickets in advance but changed their plans. But at least you can safely buy Olympic merch, right? Nope, another trap awaits there too: for fans of cheap merch, scammers have a special gift — phishing websites. Keychains, commemorative coins, magnets, and scarves — scammers offer it all, and at great prices. Fake store website saying you can return any item you dont like within 90 days — you just need to receive it first; good luck with that! Of course, no actual merch — neither official nor even counterfeit — is ever shipped. Buyers are left with nothing but empty wallets and compromised data. Dont let scammers win the gold The best way to protect yourself is a combination: Kaspersky Premium will protect you from phishing links and other online threats, while your own attentiveness, awareness of common scams, and knowledge of how to avoid them will tackle the rest. Dont buy tickets from unofficial sources. Stick to the official Olympics website. Use a virtual card with a spending limit for any online purchases — especially if youre not 100% sure of the sites legitimacy. Turn on two-factor authentication wherever possible. This helps keep your accounts and money safe — particularly if youre worried you might have entered your details on a phishing site. By the way, you can store 2FA tokens in Kaspersky Password Manager. Be wary of gifts from strangers. Getting 48GB of free internet sounds great but it really is too good to be true. Follow our Telegram channel to stay up to date on the latest cybersecurity news.

image for Security Teams Lean ...

 biomedical devices

Cybersecurity teams are turning to artificial intelligence to cover a gap in skilled cyber talent, a report from Code42 finds. The post Security Teams Lean Into AI As Cyber Worker Shortage Persists appeared first on The Security Ledger with Paul F. Roberts. Related StoriesChina Calls Out U.S. For Hacking. The Proof?   show more ...

TBD!Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT RiskEpisode 256: Recursive Pollution? Data Feudalism? Gary McGraw On LLM Insecurity

 Incident Response, Learnings

The U.S. sanctioned two members of the Russian hacktivist group Cyber Army of Russia Reborn (CARR) for carrying out cyber operations against critical U.S. infrastructure. CARR has launched low-impact DDoS attacks in Ukraine and its allies since 2022.

 Malware and Vulnerabilities

Malicious campaigns have emerged, including one targeting BBVA bank customers with a fake CrowdStrike Hotfix that installs remote access tools. Another attack involves a data wiper distributed under the guise of a CrowdStrike update.

 Malware and Vulnerabilities

Bitdefender researchers found suspicious Facebook ads promoting fake beta versions for free download on PC. These ads promise early access to a non-existent GTA VI beta with attractive features and release dates, using stolen gameplay footage.

 Malware and Vulnerabilities

Canonical released security updates to fix various vulnerabilities in the Linux kernel for Microsoft Azure Cloud systems on Ubuntu 16.04 ESM and Ubuntu 18.04 ESM. These flaws could lead to denial of service, data leakage, or arbitrary code execution.

 Incident Response, Learnings

A 17-year-old boy from Walsall has been arrested by UK police for his involvement in the 2023 MGM Resorts ransomware attack, connected to the Scattered Spider hacking group. The arrest was made with assistance from the NCA and the FBI.

 Malware and Vulnerabilities

Attackers recently abused the swap file in a Magento e-commerce site to steal credit card information. Despite multiple cleanup attempts, the malware persisted until analysts discovered it.

 Feed

This Metasploit module chains two vulnerabilities to achieve authenticated remote code execution against Softing Secure Integration Server version 1.22. In CVE-2022-1373, the restore configuration feature is vulnerable to a directory traversal vulnerability when processing zip files. When using the "restore   show more ...

configuration" feature to upload a zip file containing a path traversal file which is a dll called ......................WindowsSystem32wbemwbemcomn.dll. This causes the file C:WindowsSystem32wbemwbemcomn.dll to be created and executed upon touching the disk. In CVE-2022-2334, the planted wbemcomn.dll is used in a DLL hijacking attack when Softing Secure Integration Server restarts upon restoring configuration, which allows us to execute arbitrary code on the target system. The chain demonstrated in Pwn2Own used a signature instead of a password. The signature was acquired by running an ARP spoofing attack against the local network where the Softing SIS server was located. A username is also required for signature authentication. A custom DLL can be provided to use in the exploit instead of using the default MSF-generated one.

 Feed

This Metasploit module exploits a format string vulnerability in Ghostscript versions before 10.03.1 to achieve a SAFER sandbox bypass and execute arbitrary commands. This vulnerability is reachable via libraries such as ImageMagick. This exploit only works against Ghostscript versions 10.03.0 and 10.01.2. Some offsets adjustment will probably be needed to make it work with other versions.

 Feed

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties. This is the source code release version.

 Feed

Logwatch analyzes and reports on unix system logs. It is a customizable and pluggable log monitoring system which will go through the logs for a given period of time and make a customizable report. It should work right out of the package on most systems.

 Feed

Ubuntu Security Notice 6903-1 - Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions,   show more ...

cross-site tracing, or execute arbitrary code. Ronald Crane discovered that Thunderbird did not properly manage certain memory operations in the NSS. An attacker could potentially exploit this issue to cause a denial of service.

 Feed

Adobe Commerce and Magento Open Source are affected by an XML injection vulnerability that could result in arbitrary code execution. An attacker could exploit this vulnerability by sending a crafted XML document that references external entities. Exploitation of this issue does not require user interaction. Versions   show more ...

Affected include Adobe Commerce and Magento Open Source 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8, and earlier. This exploit uses the arbitrary file reading aspect of the issue to impersonate a user.

 Feed

Red Hat Security Advisory 2024-4672-03 - An update for containernetworking-plugins is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include a memory leak vulnerability.

 Feed

Red Hat Security Advisory 2024-4671-03 - An update for thunderbird is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

 Feed

Cybersecurity researchers have discovered a new Linux variant of a ransomware strain known as Play (aka Balloonfly and PlayCrypt) that's designed to target VMware ESXi environments. "This development suggests that the group could be broadening its attacks across the Linux platform, leading to an expanded victim pool and more successful ransom negotiations," Trend Micro researchers said in a

 Feed

The JavaScript downloader malware known as SocGholish (aka FakeUpdates) is being used to deliver a remote access trojan called AsyncRAT as well as a legitimate open-source project called BOINC. BOINC, short for Berkeley Open Infrastructure Network Computing Client, is an open-source "volunteer computing" platform maintained by the University of California with an aim to carry out "large-scale

 Feed

A Latin America (LATAM)-based financially motivated actor codenamed FLUXROOT has been observed leveraging Google Cloud serverless projects to orchestrate credential phishing activity, highlighting the abuse of the cloud computing model for malicious purposes. "Serverless architectures are attractive to developers and enterprises for their flexibility, cost effectiveness, and ease of use," Google

 Feed

The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization’s security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it. The vendor recently released their first native AI features, and security teams have already

 Feed

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, “Your First 100 Days as a vCISO – 5 Steps to Success”, which covers all the phases entailed in launching a successful vCISO engagement, along with recommended

 Feed

The relationship between various TDSs and DNS associated with Vigorish Viper and the final landing experience for the user A Chinese organized crime syndicate with links to money laundering and human trafficking across Southeast Asia has been using an advanced "technology suite" that runs the whole cybercrime supply chain spectrum to spearhead its operations. Infoblox is tracking the proprietor

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybersecurity Vendor Reports ‘A Significant Number Are Back Online and Operational’ Mathew J. Schwartz (euroinfosec) • July 22, 2024     Image: Shutterstock Microsoft said 8.5 million Windows hosts were affected by the Friday outage caused by a faulty   show more ...

CrowdStrike software content update. See Also: 5 Requirements for Modern DLP […] La entrada Microsoft Sees 8.5M Systems Hit by Faulty CrowdStrike Update – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Monday, July 22
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember