Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cybersecurity Firm W ...

 Firewall Daily

Wiz, the Israeli cybersecurity firm, has made a strategic decision to reject a staggering $23 billion acquisition offer from Google's parent company, Alphabet Inc. Wiz rejecting Google's offer marks a pivotal moment in the firm’s trajectory, as it opts instead to pursue its original plan of going public. In   show more ...

an internal memo viewed by various media outlets, Wiz CEO Assaf Rappaport conveyed the company's shift in strategy. "Let me cut to the chase: our next milestones are $1 billion in ARR and an IPO," Rappaport wrote, highlighting the firm's ambitious goals amidst the backdrop of tempting acquisition offers.  This decision, he emphasized, was not an easy one, highlighting the confidence in Wiz's team and its potential to thrive independently. Wiz Rejects Google in $23 Billion Acquisition Deal The proposed acquisition would have been Google's largest-ever purchase, positioning Wiz as a flagship addition to its cybersecurity portfolio. However, Wiz's leadership, buoyed by recent successes and market validation, sees the path to an IPO as pivotal for solidifying its position as a leading force in cloud security. The reasons behind Wiz rejecting Google remain undisclosed, though industry analysts speculate that recent market dynamics, including a global cybersecurity incident involving a competitor, may have influenced their decision.  Founded in 2020, Wiz has rapidly ascended in the industry, bolstered by strategic acquisitions and robust financial backing. Earlier this year, the company raised $1 billion at a valuation of $12 billion, with significant contributions from prominent investors. This funding round, a record-breaking feat in Israeli tech history, highlighted investor confidence in Wiz's innovative cloud-based security solutions. Wiz’s Trajectory into the Cybersecurity Domain The firm's journey to prominence has been steered by a seasoned team, including co-founders with deep industry roots. CEO Assaf Rappaport, alongside CTO Ami Luttwak and others, has cultivated a company ethos focused on innovation and customer-centricity. Their collective vision has propelled Wiz to secure over 40% of the Fortune 100 as clients, marking it as one of the fastest-growing cybersecurity firms.  Wiz rejects Google and is now preparing for the new phase of its growth trajectory. All eyes are on its pursuit of a public listing, expected to further elevate its profile and expand its market influence. The decision to spurn Google's overtures highlights the dynamics of the cybersecurity domain.  Wiz's strategic pivot away from a monumental acquisition deal with Google towards an IPO reflects not only its confidence in future growth but also its steadfast commitment to shaping the future of cybersecurity on its terms. This decision positions Wiz as a formidable player in the global cybersecurity arena, poised to unlock new opportunities and deliver sustained value to its stakeholders. The Cyber Express has reached out to Wiz for more details about their decision to reject Google's offer. However, as of now, no official statement or response has been received. This is an ongoing story, and we will be closely monitoring the situation. We will update this post with more information or any official statements from the company as they become available.

image for Philips Vue PACS Vul ...

 Firewall Daily

Philips has disclosed multiple vulnerabilities within its Vue Picture Archiving and Communication System (PACS), posing risks to the healthcare sector globally. This system, utilized extensively in hospitals and diagnostic centers, plays a crucial role in managing and transmitting medical images such as X-rays, MRI   show more ...

scans, and CT scans, integrating seamlessly with Electronic Medical Records (EMR) and Radiology Information Systems (RIS). On July 18, 2024, Philips issued a security advisory highlighting vulnerabilities present in versions of the Vue PACS preceding 12.2.8.410. These Vue PACS vulnerabilities, categorized as High and Critical severity, expose the system to potential cyberattacks.  These Philips vulnerabilities range from deserialization of untrusted data to out-of-bounds writes and uncontrolled resource consumption, as detailed in the advisory. Advisory on Philips Vue PACS Vulnerabilities The risks associated with these vulnerabilities are substantial. Exploitation could lead to unauthorized access to sensitive patient data, disruption of medical services, and even manipulation of diagnostic information. Such outcomes not only jeopardize patient privacy but also undermine the trust and operational integrity of healthcare institutions. [caption id="attachment_83283" align="alignnone" width="664"] Screenshot showing VUE PACs usage in healthcare facilities (Source: Cyble)[/caption] To mitigate these risks, Philips has recommended immediate actions for healthcare facilities using affected versions of Vue PACS. This includes upgrading to the latest secure versions, such as 12.2.8.410 released in October 2023, and implementing specific configuration guidelines outlined in their security advisories. A concerning finding from Cyble Research and Intelligence Labs (CRIL) reveals that a significant number of Philips Vue PACS systems are accessible via the Internet. This exposure increases the vulnerability of these systems to remote exploitation. Countries such as Brazil and the United States are particularly affected, hosting a notable portion of these internet-exposed systems. Protecting Healthcare Systems: A Call to Action The Philips Vue PACS vulnerabilities highlight the critical need for robust cybersecurity measures within the healthcare sector. Regular software updates, implementation of network segmentation strategies, and adoption of incident response plans are crucial steps in safeguarding patient data and maintaining operational continuity. Healthcare providers should prioritize implementing robust cybersecurity measures to address vulnerabilities in Philips Vue PACS. Key recommendations include ensuring timely patch management by applying software updates and security patches promptly.  Enhancing network security through segmentation and access controls is crucial to minimize the exposure of critical assets. Developing comprehensive incident response plans to detect, respond to, and recover from cybersecurity incidents is essential. Regular audits, including vulnerability assessments and penetration testing, help identify and mitigate security gaps proactively.  These proactive steps are vital to mitigate risks, maintain patient trust, and uphold the integrity of healthcare services amidst cybersecurity threats.

image for Dark Web’s ‘Vigo ...

 Firewall Daily

A new dark web threat has emerged on the market, leveraging football sponsorship controversies to deploy "Vigorish Viper," a sophisticated Chinese cybercrime syndicate deeply embedded in the global illegal gambling economy, estimated at a staggering $1.7 trillion. This syndicate, controlled by the notorious   show more ...

Yabo Group, has been implicated in extensive money laundering and human trafficking activities across Southeast Asia. The findings shed light on Vigorish Viper's pivotal role in a sponsorship controversy engulfing prominent European football clubs, including those in the English Premier League.  The syndicate exploited these sponsorships to promote illicit gambling sites primarily targeting Greater China, leveraging the clubs' prestige to attract unsuspecting bettors. Researchers Highlight Dark Web's Vigorish Viper Campaign Dr. Renée Burton, Vice President of Infoblox Threat Intel, highlighted the significance of this threat: "Vigorish Viper represents one of the most sophisticated threats we've encountered. Our DNS-based research uncovered their intricate infrastructure, including traffic distribution systems, encrypted communications, and custom applications, making them exceptionally elusive." The term "Vigorish Viper" derives from the gambling world's vigorish fees and the syndicate's complex web of operations. Their technology suite encompasses DNS configurations, website hosting, payment systems, and mobile apps, facilitating a vast network of over 170,000 active domain names. Central to Vigorish Viper's strategy is its association with European football clubs through controversial sponsorships. These partnerships allow them to broadcast illegal gambling advertisements during matches and on club jerseys, exploiting the clubs' global fan bases for illicit gain. Vigorish Viper Links to Yabo Group The syndicate's ties to Yabo Group, previously known for extensive illegal gambling operations and alleged involvement in human trafficking, highlight the global reach and criminal nature of their activities. Despite strict gambling regulations in Greater China, the region sees nearly $850 billion in annual bets, illustrating the scale and complexity of Vigorish Viper's operations. "DNS analytics have been instrumental in tracking Vigorish Viper's infrastructure," added Dr. Burton. "Stopping them requires leveraging DNS technologies due to their rapid adaptation and evasion tactics." In 2021, China imposed strict penalties of up to 10 years in prison for gambling. By May 2022, they identified 90,000 individuals crossing borders for gambling, dismantling 260 facilitating gangs. Operation Chain Break led to charges against Suncity Holdings for organized criminal gambling and money laundering. Suncity's CEO, Alvin Chau, received an 18-year prison sentence in January 2023. Investigations revealed ties between Chau and TGP Europe, involved in controversial English Premier League sponsorships. These sponsorships, including with Manchester United, prominently featured Chinese-language gambling advertisements. Despite crackdowns, these operations persist across European and Asian sports leagues, supported by Vigorish Viper's intricate network.

image for Ransomware Recovery ...

 Cybersecurity News

A Suffolk County ransomware attack has left a lasting impact on the community, with the county approving over $25 million in spending to recover from the devastating effects of the cyberattack. The attack, which took place on September 8, 2022, exposed the personal information of about 470,000 residents and 26,000   show more ...

past and current employees of the Long Island, New York community, crippled police dispatch services for weeks, and shut down the county's main website for months. Staggering Price of Recovery for Suffolk County The $25.7 million figure, which includes multiyear contracts through the end of this year, dwarfs the $5.4 million officials frequently cited in the attack's immediate aftermath. This substantial sum doesn't even account for thousands of hours of employee overtime or additional non-technology expenses related to the incident, such as legal fees. County officials have defended the spending, citing the need to secure county documents and information, and to prevent future attacks. However, critics have raised concerns about the lack of transparency and oversight in the spending process. Suffolk County Comptroller John Kennedy, a Republican and longtime political rival of former County Executive Steve Bellone, has called for a review of the spending and accused the Bellone administration of spending $13.8 million on products that either were not needed or never deployed. Key expenditures in the Bellone administration's recovery efforts include: $8.1 million to California-based security vendor Palo Alto Networks $3.18 million for an "umbrella" support agreement through 2025 $1.67 million for forensic investigation and remediation efforts The attack's impact was far-reaching, shutting down the county's main website for months and affecting payment systems, public records access, and online testing systems. Controversy and Calls for Investigation First-year Suffolk County Executive Edward P. Romaine has also called for a review of the spending and has asked for a select committee to investigate how the money was spent. Romaine stated, "I wish I had that $26 million to spend on hardening the current county network." The county is now working to improve its cybersecurity posture to qualify for cyber insurance for the first time in its history. Romaine claimed that assessing the actual cost of the cyberattack may be difficult, stating that his administration's investigation was hampered by lack of records maintained during the course of the recovery of efforts. Romaine alleged that some of these records had been removed or destroyed before his administration had taken over. Romaine stated, “When I heard they had spent $27 million between September of 2022 and December of 2023, I said, 'Well, what did you get for your money? Where is it?' He added, “It’s hard to find because a lot of the records were erased.” As Suffolk County continues to grapple with the fallout and costs associated with the ransomware attack as well as the subsequent controversy on spending, the incident serves as a stark reminder of the potentially astronomical costs and long-lasting impacts of cybersecurity breaches on local governments.

image for Researchers Observe ...

 Cybersecurity News

As the world prepares for the start of the Paris Olympics later this week, athletes and spectators alike are filled with excitement and anticipation. However, amidst the thrill of competition and camaraderie, researchers have observed various Paris Olympic scams that aim to cash in on unsuspecting visitors and   show more ...

internet users that seek to obtain event-related tickets and merchandise. The researchers have described various tactics involved in these scams, as well as ways to identify them and protect yourself. Paris Olympic Scams 48GB Mobile Data Scam With the expected influx of an estimated 15.3 million visitors to Paris, scammers are capitalizing on the huge numbers of tourists in a foreign environment by preying on their excitement and enthusiasm to steal personal and banking data through various fraudulent deals and services that are 'too good to be true. [caption id="attachment_83209" align="alignnone" width="1280"] Source: www.kaspersky.com[/caption] Researchers from Kaspersky observed various kinds of scams, with one of them involving fake mobile plans that promise 48GB of free internet to visiting tourists. Victims who fall for this scam may find themselves unable to obtain a single free megabyte after registering and filling out these forms. These forms typically collect phone numbers, personal and bank details to steal money from bank accounts. Tourists may realize potential theft very late, as they remain too preoccupied with watching Olympics events to scrutinize bank transactions. Since a 40GB mobile data plan in France costs around €11 ($12 U.S.), such giveaways remain highly implausible. Successfully scammed victims may compromise their personal information along with the stolen money. Ticketing and Merchandise Scams Scammers have also targeted Olympic ticket and merchandise sales. Fake ticketing websites offer a range of events, from archery to badminton, and even request personal data and consent to collect information. [caption id="attachment_83210" align="alignnone" width="1280"] Source: www.kaspersky.com[/caption] Several phishing websites were observed claiming to sell Olympics merchandise under great deals while actually attempting to steal money and personal information. To avoid falling victim to these scams, researchers recommend sticking to the official Olympics website for ticket purchases and be wary of suspicious sites such as strangers[.]ope, which offers cheap merch such as keychains, commemorative coins, magnets, and scarves at significantly discounted prices. [caption id="attachment_83212" align="alignnone" width="1280"] Source: www.kaspersky.com[/caption] These sites often appear legitimate, with integrated pop-ups that request visitor consent to collect personal data and use web tracking cookies. These sites often link to their own “privacy policies,” which lead the unsuspecting victim to unwittingly share sensitive data with scammers. Protecting Yourself from Olympic Scams To stay safe during the Olympics and avoid ticketing, merchandise and giveaway scams, the researchers recommend the following tips: Use a virtual card with a spending limit for online purchases Turn on two-factor authentication wherever possible Be cautious of 'too good to be true' offers and gifts from strangers Stick to official sources for ticket purchases and merchandise Use of a reputable antivirus software protection. Security researchers expected a rise in scams as the Olympic events got nearer, with one Russian AI-powered disinformation campaign attempting to tarnish the image of the Olympic events starting almost a year before before the games began.

image for Russia-Linked Frosty ...

 Cybersecurity News

A Russia-linked malware dubbed 'FrostyGoop' is raising alarm in the cybersecurity world due to the severe risks it poses to critical infrastructure across multiple sectors globally. FrostyGoop, which had been discovered by researchers in April 2024, has been deployed in a devastating attack on a district   show more ...

energy company in Ukraine, leading to the disruption of the power supply to heating services for hundreds of apartment buildings. FrostyGoop is the first ICS-specific malware with the ability to use Modbus TCP communications to directly impact operational technology, allowing its operators to potentially disrupt both legacy and modern systems. Researchers are urging enhanced ICS network visibility and monitoring to counter the malware. FrostyGoop's Capabilities Researchers from Dragos noted that the FrostyGoop malware had been written in Golang and compiled for Windows systems, and is able to read and write to ICS devices that often hold various registers containing crucial input, output, and configuration data with the use of the Modbus TCP protocol. A real-world incident of FrostyGoop was observed in Ukraine, where a cyberattack disrupted heating services to over 600 apartment buildings in Lviv during sub-zero temperatures. The Cyber Security Situation Center of Ukraine shared data with the researchers, reporting that attackers had sent Modbus commands to ENCO controllers, causing system malfunctions that took nearly two days to remediate. [caption id="attachment_83338" align="alignnone" width="1332"] Source: hub.dragos.com[/caption] The malware reads and writes data, while logging this output to a console or storing it in a JSON file. FrostyGoop also accepts a JSON-formatted configuration file containing information used to execute Modbus commands on a target device. Researchers had discovered a sample of the configuration file named task_test.json, with FrostyGoop accepting separate command-line arguments and distinct configuration files to specify target IP addresses and Modbus commands. The IP address in the identified sample configuration file had belonged to an ENCO control device. ENCO control devices are typically used "for process control in district heating, hot water, and ventilation systems” to monitor sensor parameters such as temperature, pressure, and insulation. The other fields within FrostyGoop malware configuration files are described below: [caption id="attachment_83337" align="alignnone" width="1856"] Source: hub.dragos.com[/caption] Modbus protocol-ready devices are widely used across all industrial sectors and organizations worldwide, making this malware a significant threat to critical infrastructure. FrostyGoop Implications and Recommendations Given the widespread usage of the Modbus protocol in industrial environments, the emergence of the FrostyGoop malware raises concerns across all industrial sectors. The malware's ability to evade detection from antivirus vendors demand the need for specialized OT security measures to protect against its spread. The researchers recommend implementing the following measures based on the  SANS 5 Critical Controls for World-Class OT Cybersecurity, which include: ICS INCIDENT RESPONSE: Researchers stressed the need for incident response plans to incorporate specialized responses for OT environments, such as special procedures to quickly isolate affected devices, analyze network traffic for unauthorized Modbus commands, and restoration of usual system operations. DEFENSIBLE ARCHITECTURE:  A lack of adequate network segmentation and the presence of internet-exposed controllers can leave systems vulnerable to threats like FrostyGoop. To bolster defensible architecture, industrial environments can implement industrial demilitarized zones (DMZs) and enforce strict access controls between the corporate IT network and OT environments. ICS NETWORK VISIBILITY & MONITORING: Persistent monitoring of network traffic such as communications over the Modbus protocol is an essential measure of detecting and responding to anomalies and suspicious behavior such as unauthorized access or unusual traffic over port 502. SECURE REMOTE ACCESS: Previous deployments of FrostyGoop have exploited vulnerabilities within remote access points. Remote access points can be secured through multi-factor authentication (MFA), logging/monitoring of remote connections, and implementation of virtual private networks (VPNs) to encrypt data in transit, along with regular audits to review access rights and privileges of remote access over a need-to-use basis. RISK-BASED VULNERABILITY MANAGEMENT: Active vulnerability management tailored to the risks associated with ICS components through regular assessments can help mitigate vulnerabilities with evidence of active exploitation. The broad applicability of the threat presented by the FrostyGoop malware demands stronger implementations to secure critical infrastructure and industrial environments worldwide.

image for Budget 2024: A Boon ...

 Budgets

Indian Finance Minister Nirmala Sitharaman presented a record seventh consecutive Budget on July 23 for the fiscal year 2024-25, surpassing the previous best of former Prime Minister Morarji Desai. This Budget 2024 is the first under the BJP-led NDA government since its re-election in June. The Union Budget 2024-25   show more ...

outlined nine priorities aimed at generating ample opportunities and fostering growth across various sectors: Productivity and Resilience in Agriculture, Employment and Skilling, Inclusive Human Resource Development and Social Justice, Manufacturing and Services, Urban Development, Energy Security, Infrastructure, Innovation, Research and Development, and Next Generation Reforms. Key Priorities of the Union Budget 2024 Productivity and Resilience in Agriculture Employment and Skilling Inclusive Human Resource Development and Social Justice Manufacturing and Services Support for the Promotion of MSMEs Urban Development Energy Security Infrastructure Innovation, Research and Development Understanding the Union Budget 2024 The Union Budget 2024 is a comprehensive financial statement presented annually by the Indian government. It outlines the government's revenue and expenditure for the upcoming fiscal year and sets the economic agenda. The India Budget 2024 plays a crucial role in shaping the country's economic policies, addressing key areas such as taxation, infrastructure development, social welfare, and national priorities. It is a pivotal event that impacts various sectors and the overall economic trajectory of the country. The comprehensive measures and incentives introduced aim to address current economic challenges and lay the foundation for a resilient and prosperous future. The abolition of the angel tax underscores the government's commitment to supporting startups and creating a dynamic business environment, playing a crucial role in the present budget 2024. Budget 2024-2025: Abolition of Angel Tax A major highlight of the Budget 2024 was the announcement that the angel tax would be abolished for all investors. This tax, imposed on the funding startups receive from angel investors when the investment exceeds the fair market value of the startup's shares, was introduced in 2012 to prevent money laundering through investments in unlisted companies at inflated valuations. The difference between the amount received and the fair market value was considered as income and taxed accordingly. For startups, this tax posed significant challenges, as early-stage investments are often based on future potential rather than current value, making it difficult to justify the valuations. Consequently, startups faced substantial tax liabilities, which could hinder their growth and deter investors. The removal of the angel tax has been a longstanding demand from venture capitalists and industry experts who argued that its abolition would foster a more conducive environment for startups in India. Benefits of Abolishing Angel Tax The scrapping of the angel tax will come as a relief for investors and startups alike. By eliminating this tax, the government aims to: Encourage Investment in Startups: Removing the angel tax will attract more investments into startups, providing them with the necessary capital to innovate and grow. Boost Entrepreneurial Ecosystem: This move is expected to stimulate the entrepreneurial ecosystem in India, making it easier for startups to secure funding and scale their operations. Promote Economic Growth: By fostering a vibrant startup culture, the abolition of the angel tax will contribute to job creation, technological advancements, and overall economic development. India Budget 2024 for Women Sitharaman also announced that the government is allocating over ₹3 lakh crore for schemes benefiting women and girls. This allocation aims to enhance women's participation in the workforce and drive inclusive growth. As part of this initiative, the government will set up women-specific skilling programs designed to equip women with the necessary skills to thrive in various sectors. India's female labor force participation rate climbed to 24 percent in Q2FY24, and these measures are expected to further boost this upward trend. These initiatives are anticipated to create more opportunities for women, fostering an environment where they can contribute significantly to the nation's growth and prosperity. The 2024 budget speech by India's Finance Minister, Nirmala Sitharaman, outlines several initiatives that could impact the cybersecurity sector: Innovation and R&D: Increased funding for research and development, including a new financing pool of ₹1 lakh crore, encourages advancements in technology, potentially benefiting cybersecurity innovations. Digital Public Infrastructure: Development of applications for credit, e-commerce, education, health, law and justice, logistics, MSMEs, services delivery, and urban governance, enhances digital security needs across sectors. Employment and Skilling: Schemes focusing on skilling and internships in top companies can produce a more cybersecurity-aware workforce. Next Generation Reforms: Emphasis on improving productivity through technology and digitalization, which can bolster the cybersecurity infrastructure. Expert Opinions on the Overall Budget 2024-2025 Experts have praised Finance Minister Nirmala Sitharaman's Union Budget 2024-25 for its comprehensive approach and strategic focus on key sectors. Economists and industry leaders commend the emphasis on inclusive growth, infrastructure development, and innovation. “The Union Budget 2024-2025 demonstrates a forward-thinking approach by the Indian government, particularly in its focus on skilling and employment, which is crucial for the rapidly evolving cybersecurity sector.” - Mandar Patil, SVP - META, SAARC, and ASEAN, Cyble Inc. "The emphasis on digital public infrastructure and support for MSMEs aligns perfectly with the needs of the cybersecurity industry, fostering innovation and resilience. The significant tax reforms and relief measures are also commendable, as they will attract more investments and boost the startup ecosystem, further driving growth in cybersecurity. Cyble welcomes these initiatives and looks forward to contributing to a more secure and digitally empowered India,” Patil added. _______________________________________________________________________________________________________________ Analyzing the budget, Rohit Shinde, Business Head - Cyber SecurityBusiness Head – PetaDot said, "My analysis of the Union Budget 2024 reveals several key points. MeitY's budget has increased by 40% to ₹21,000 crore, with a significant rise in cybersecurity funding, doubling by ₹750 crore. This boost underscores the emphasis on enhancing cybersecurity to support growth, job creation, and skill development. There is also a focus on grassroots training and awareness around data protection and cyber fraud risks. The budget recognizes the impact of startups and the need for collaborative initiatives between public and private sectors, covering technology areas such as AI, IoT, and blockchain. Support for "DeepTech" innovations highlights the need for robust cybersecurity solutions to protect these technologies. Overall, there is optimism that the budget will drive industrial growth and job opportunities, with a strong emphasis on education and foundational training to build a resilient digital infrastructure." _________________________________________________________________________________________________________________ "India's Union Budget 2024 underscores a strong commitment to cybersecurity under the "Viksit Bharat Vision." Key highlights include a significant increase in the cybersecurity budget to ₹750 crore, reflecting a focus on protecting critical infrastructure and advancing technologies like AI. The budget promotes the development of indigenous cybersecurity solutions to reduce dependence on foreign technologies, enhancing national security and minimizing risks. Strategic initiatives such as the National Cyber Coordination Centre and Cyber Surakshit Bharat are bolstered to improve internal and external security measures. Recent cyberattacks on critical infrastructure emphasize the need for robust protection. Overall, the budget demonstrates India's dedication to securing cyberspace, fostering innovation, and strengthening critical infrastructure," Santosh Tripathi, Director - Information Security & Compliance, Virsec. _____________________________________________________________________________________________________________________ "We at Indusface commend the government for recognizing the critical role of technology and innovation in driving economic growth. The budget's emphasis on the development of Digital Public Infrastructure applications across various sectors such as credit, e-commerce, education, health, law and justice, logistics, MSME services delivery, and urban governance demonstrates a forward-thinking approach. However, while these initiatives are promising, we believe that a more pronounced focus on cybersecurity is essential. As digital transformation accelerates, robust cybersecurity measures are crucial to safeguard our nation's digital infrastructure. We urge the government to allocate dedicated resources and policies to bolster our cybersecurity framework, ensuring that our technological advancements are secure and resilient,” Ashish Tandon, Founder and CEO, Indusface. ________________________________________________________________________________________________________________ “We are pleased with the Union Budget 2024's focus on digitalization and data governance. The substantial investment in digital infrastructure and encouraging private sector involvement presents exciting opportunities. At Fulcrum Digital, we are committed to leveraging our expertise in AI and emerging technologies to support these initiatives. The emphasis on improving data collection, processing, and governance aligns perfectly with our commitment to helping businesses make more informed decisions. Our work across various industries, including financial services, insurance, and education, positions us well to contribute to these efforts. By utilizing sectoral databases under the Digital India mission, we aim to enhance access to resources and services for everyone. We also applaud the government's initiative to set up working women hostels and the allocation of over Rs 3 lakh crore for schemes benefiting women and girls. This is a notable step towards promoting gender diversity and inclusion, as these efforts are crucial in creating a more diverse industry. The budget's focus on easing business operations and incentivizing states for business reforms is a welcome move. We look forward to playing a part in driving innovation and efficiency, helping India move towards a more digital and data-driven future,” Sachin Panicker, Chief AI Officer, Fulcrum Digital. __________________________________________________________________________________________________________________ “One of the biggest challenges that organizations face from a cybersecurity perspective is skilling of resources. It is reassuring to see the Government’s commitment to developing a skilled workforce with a provision of Rs 1.48 lakh crore being made for education, employment, and skilling. With this, we are confident that we will be able to create a pool of talented resources that can address India’s growing cybersecurity challenges. At the same time, the Union Budget 2024 emphasized stepping up of adoption of technology towards digitalization of the economy. Having the right talent, to be able to support this vision will be critical to enabling the Government to achieve its goal of ViksitBharat @2047. Additionally, the Government has also taken a positive step towards increasing the presence of women in the workforce. Through their various initiatives, we are hopeful of seeing a reimagined industry, one driven by diversity and inclusion,” Sunil Sharma, Vice President-Sales, Sophos India & SAARC. _____________________________________________________________________________________________________________________ "The Union Budget 2024 marks a significant step forward in shaping India’s future, and at Magellanic Cloud, we are truly inspired by the bold measures outlined to drive innovation, create jobs, and strengthen infrastructure. The proposed schemes to incentivize hiring first-time employees and the introduction of a new credit guarantee scheme for MSMEs are steps in the right direction. These initiatives will not only bolster the manufacturing sector but also enable MSMEs to thrive without the constraints of collateral, thereby fueling innovation and job creation. The increase in Basic Customs Duty (BCD) on telecom equipment, particularly PCBA, presents a challenge for the drone manufacturing industry. However, this shift underscores the need for us to intensify our focus on local sourcing and innovation to mitigate cost impacts and ensure sustainable growth. Additionally, the ₹11 lakh crore allocation for infrastructure development and investment-ready industrial parks will enhance our operational efficiencies and capabilities. The support for R&D through the Anusandhan National Research Fund further aligns with our commitment to innovation and growth. Moreover, the allocation for employment and skilling under the PM Package and the comprehensive internship scheme will nurture the next generation of talent, which is vital for sustaining our industry’s growth. As we navigate these changes, Magellanic Cloud remains committed to leveraging these opportunities to drive excellence and contribute to India's technological and economic advancement. In alignment with the vision of a “Viksit Bharat,” we are dedicated to playing our part in building a developed and prosperous India,” Joseph Sudheer Reddy Thumma, MD & CEO, Magellanic Cloud. _____________________________________________________________________________________________________________________ “We welcome the Union Budget FY25 announcement by Finance Minister Nirmala Sitharaman, which presents a holistic approach to boosting employment, skilling, and infrastructure development. The allocation of ₹2 lakh crore towards employment and skilling schemes, coupled with groundbreaking initiatives for women empowerment and an ambitious internship program, will create a robust talent pipeline vital for the industry. The reduction in corporate tax rates, alongside the substantial ₹11 lakh crore allocation for capital expenditure, reflects a favourable pro-business environment that will drive innovation and attract investments. As an ER&D services company, we are particularly excited about the focus on digital public infrastructure and the establishment of the Anusandhan National Research Fund. These initiatives will foster a culture of innovation and elevate India's position in the global R&D landscape. Additionally, the development of investment-ready industrial parks promises to create new opportunities for technological advancements. I am confident that these measures will significantly contribute to India's journey towards becoming Viksit Bharat,” Amit Chadha, CEO and Managing Director, LTTS. __________________________________________________________________________________________________________________ "The 2024 budget speech by India's Finance Minister, Nirmala Sitharaman, outlines several initiatives that could impact the cybersecurity sector. Increased funding for research and development, including a new financing pool of ₹1 lakh crore, encourages advancements in technology, potentially benefiting cybersecurity innovations. The development of applications for credit, e-commerce, education, health, law and justice, logistics, MSMEs, service delivery, and urban governance enhances digital security needs across sectors. Schemes focusing on skilling and internships in top companies aim to produce a more cybersecurity-aware workforce. Emphasis on improving productivity through technology and digitalization can bolster the cybersecurity infrastructure. Overall, the budget aims to create a robust digital ecosystem with a focus on research, innovation, and skill development, indirectly boosting the cybersecurity sector," Col Subhajeet Naha, Retd, Co-Founder and CTO, Protecte Technologies. __________________________________________________________________________________________________________________ "The government's commitment to energy security and sustainability is evident in today's announcements. They are focusing on employment and sustainability with a policy document on energy transition pathways. The auction of offshore mineral blocks will leverage existing exploration efforts, providing essential metals like lithium, crucial for reducing carbon footprints. Introducing green hydrogen into our manufacturing processes will significantly lower our carbon impact. Since hydrogen is part of our raw materials, this change is vital. Coal gasification will enhance self-sustainability and reduce import dependency. We are committed to ensuring that all our practices support a reliable and eco-friendly mining supply chain. These initiatives collectively demonstrate our dedication to a sustainable and resilient future for India," Sanjay Choudhari, Chairman at SBL Energy Limited. ___________________________________________________________________________________________________________________ Overall, the budget aims to create a robust digital ecosystem with a focus on research, innovation, and skill development, indirectly boosting the cybersecurity sector.

image for Early Detection, Few ...

 Cybersecurity News

In today's digital age, the dark web has emerged as a notorious underworld of the internet, accessible only through specialized software, where cybercriminals thrive, trading stolen credentials, intellectual property (IP), and financial information with alarming frequency. Dark web monitoring for CFO is not just a   show more ...

technical necessity but a crucial aspect of safeguarding an organization’s financial integrity and reputation.  For Chief Financial Officers, understanding and mitigating these risks is paramount to protecting their company’s assets and ensuring long-term stability. As stewards of their organization's financial health, CFOs must recognize the significant threat posed by the dark web and implement strategies to stay one step ahead of potential breaches and fraud.   This article delves into the critical role of dark web monitoring for CFOs, exploring why it is essential and how it can be effectively integrated into broader risk management frameworks.  Critical Role of CFO in Cybersecurity: Balancing Risk and Protection  CFOs might not be cybersecurity experts, but their expertise in risk management makes them essential allies to the Chief Information Security Officer (CISO), who safeguards the organization’s data and systems. Dark Web Monitoring for CFOs becomes vital as CFOs need to ensure cybersecurity plans align with the company’s financial risk profile.   They must evaluate whether these plans adequately protect sensitive systems and data and empower employees to recognize and respond to fraudulent activities. Given the top risk management role, the CFO must confidently assess and accept the organization's cyber risk level.  Cybersecurity is crucial for CFOs due to the significant financial impact of cyberattacks. For example, a 2023 study by IBM and the Ponemon Institute revealed that the average cost of a data breach was $4.45 million globally.   The 2023 Verizon Data Breach Investigations Report highlighted that nearly 95% of attacks are financially motivated, targeting confidential data such as customer credit card numbers, employee passwords, and direct financial assets through schemes like phony invoices and ransomware. With nearly half of senior executives predicting worsening attacks on accounting and finance and considering the reputational damage from breaches, the financial stakes are high.  Moreover, new regulations, like those from the U.S. Securities and Exchange Commission (SEC), demand public companies provide investors with detailed cybersecurity incident reports and periodic updates on cybersecurity programs. The SEC requires notification within four days if a cybersecurity incident is deemed "material."   Additionally, compliance with laws like the Federal Information Security Management Act (FISMA) requires CFOs in government agencies to stay aware of security measures. All these factors underscore why CFOs must prioritize cybersecurity to protect their organizations' financial health and regulatory compliance.  So, What is The CFO's Role in Dark Web Monitoring  The CFO's role in dark web monitoring is pivotal in ensuring that an organization’s financial assets and sensitive information are safeguarded against emerging cyber threats. Dark Web Monitoring for CFOs involves several key responsibilities:  Strategic Oversight: The CFO must ensure that dark web monitoring services like Cyble Vision or Cyble Darkweb Intelligence are integrated into the company’s broader cybersecurity strategy. For instance, if a company’s financial data is discovered on the dark web, the CFO needs to be informed promptly to mitigate potential financial damage and address any breaches.  Risk Assessment: CFOs must evaluate how well these monitoring services detect and address threats. This involves assessing the effectiveness of dark web monitoring tools in identifying stolen credentials or leaked financial information that could impact the organization.  Financial Management: Allocating a budget for dark web monitoring is another crucial aspect. For example, if a company experiences a data breach due to a lack of monitoring, the financial implications could be severe, as evidenced by a 2023 study showing the average breach cost of $4.45 million. The CFO must ensure that investments in dark web monitoring are justified and aligned with the company’s risk profile.  Collaboration with IT: The CFO should work closely with the Chief Information Security Officer (CISO) to understand the specific threats identified through dark web monitoring. For example, if the dark web monitoring service uncovers that company’s proprietary financial information is being traded, the CFO will need to coordinate with IT to enhance security measures and prevent further exposure.  Therefore, dark web monitoring for Chief Financial Officers is crucial for protecting financial data, managing risk, and ensuring that the organization's cybersecurity strategy is both effective and financially sound.  Benefits of Dark Web Monitoring for CFO Dark Web Monitoring for CFOs offers several key benefits that enhance financial and operational security. Here’s how it can be advantageous:  Early Threat Detection: Dark Web Monitoring Services can identify stolen credentials or leaked financial data before it impact the organization. For example, if a company’s customer credit card information is found on the dark web, early detection allows the CFO to act swiftly to mitigate potential fraud and prevent significant financial losses.  Enhanced Risk Management: By integrating Dark Web Monitoring for Chief Financial Officers, CFOs gain insights into potential risks related to financial and intellectual property theft. This proactive approach enables them to implement stronger safeguards and adjust their financial strategies accordingly, reducing overall risk exposure.  Regulatory Compliance: Effective dark web monitoring supports compliance with regulations by ensuring that sensitive information is protected. For instance, if a financial services company discovers compromised data linked to a breach, timely dark web monitoring helps meet reporting requirements and avoid regulatory fines.  Improved Decision-Making: Dark Web Monitoring for CFOs provides valuable intelligence that aids in making informed decisions about cybersecurity investments. For example, if monitoring reveals that a company's proprietary financial data is being targeted, the CFO can justify increased investment in cybersecurity measures to protect against potential threats.  Dark Web Monitoring for CFOs helps safeguard against financial losses, supports regulatory compliance, and enhances decision-making processes by providing critical insights into potential threats.  What Are Dark Web Monitoring Services That CFO Can Use  Dark Web Monitoring for CFOs is crucial for mitigating cyber risks and safeguarding sensitive financial information. Several Dark Web Monitoring Services provide tools that can be particularly valuable.   Utilizing dark web monitoring services, like those provided by cybersecurity firms such as Cyble, enables CFOs to proactively manage and mitigate risks associated with financial data breaches. AI-Powered Cyber Threat Intelligence company Cyble offers a comprehensive dark web monitoring solution designed to help CFOs identify and respond to threats quickly. Key features include:  Real-Time Alerts: Cyble provides immediate notifications if sensitive information, such as financial records or personal data, is detected on dark web forums.  Threat Intelligence: The platform delivers in-depth analysis of emerging threats and compromised data, offering actionable insights into potential risks.  Data Exposure Reports: Cyble generates detailed reports on data exposure, helping CFOs understand the scope and impact of a breach.  For instance, if a CFO uses Cyble’s services and discovers that their company's financial data is being sold on dark web marketplaces, Cyble’s real-time alerts will notify them of the breach. This allows the CFO to coordinate with cybersecurity teams to implement immediate remediation measures, such as securing compromised accounts or enhancing security protocols.  To Wrap Up  As cyber threats become increasingly sophisticated, the need for vigilant monitoring and rapid response grows. By integrating dark web monitoring services into their overall risk management framework, CFOs can better safeguard their organization’s sensitive financial data and enhance their defense against potential breaches.  As we look ahead, the landscape of dark web monitoring will continue to evolve with advancements in artificial intelligence and machine learning. These technologies promise to enhance the accuracy and efficiency of threat detection and response.   Additionally, the growing complexity of cyber threats will likely drive further innovations in monitoring solutions, making it crucial for CFOs to stay informed about emerging trends and technologies.   Staying proactive and embracing these advancements will be key to maintaining a strong defense against the ever-changing threats of the dark web.  CFOs should prioritize dark web monitoring as a crucial element of their risk management strategy. Services like Cyble offer real-time alerts and comprehensive threat intelligence, helping you stay ahead of potential breaches and protect your organization's financial assets effectively. Consider integrating Cyble’s solutions strengthening your cybersecurity defenses.  Discover more by scheduling a demo today!

image for Cloud Security: How ...

 Cybersecurity News

The cloud has become an essential component of modern technology, storing everything from photos to important files. While it offers a convenient and reliable way to manage data, its widespread use also makes it a potential target for vulnerabilities. As technology advances, so do the associated risks. Cloud security,   show more ...

if missed, can become an attractive target for hackers looking to steal your data. Vulnerabilities can stem from weak passwords or inadequate security measures, underscoring the importance of robust protection.  To keep your data secure, several measures must be implemented to create layers of defense that hackers cannot penetrate. Some of these measures depend on your knowledge and actions, while others are automated and technology-driven. Keep reading to discover these essential security practices.  Cloud Security Essentials: Strategies to Protect Your Data from Cyber Threats 1. Implementing Authentication and Access Regulations  Robust authentication mechanisms and access controls are critical for cloud security. These include multi-factor authentication (MFA) to ensure there is more security beyond just entering your username and password.   The principle of least privilege can be employed to ensure that users have only the access necessary to perform their tasks. This reduces the risk of unauthorized access, making it easier to spot suspicious activity. Regularly updating permission roles is also crucial for maintaining controlled access and quickly identifying unknowns.  Data Encryption  Encrypting data that is both moving, and stationary is essential to ensure it isn’t being apprehended by cybercriminals. By using strong encryption protocols, the hackers are unable to gather the true data as they are unable to read it without decrypting it.   So, it is important that encryption keys are managed securely, using a hardware security module (HSM) if possible. Regularly rotating encryption keys helps to lower the risk of the key being compromised and keeps the data safer.  Regular Security Audits and Penetration Testing  Ensure that you are conducting regular security audits and penetration testing to identify and take care of vulnerabilities and other issues within your cloud infrastructure. These audits should be performed by qualified professionals who can provide an insightful assessment of your security posture. This allows you to follow up on the audit findings with a clear action plan to address any identified issues.  Secure Configuration Management  Make sure to ensure that cloud resources are configured securely from the outset. Using configuration management tools and practices to maintain a consistent and secure state across all environments is a great way to keep your data safe on the cloud.   Regularly reviewing and updating your configurations to align with security policies and best practices is crucial. Additionally, utilizing automated tools to detect and address configuration issues can be highly effective.  Data Backup and Recovery Planning  Implementing a comprehensive data backup and recovery plan to protect against data loss due to accidental deletion, corruption, or cyberattacks may come in handy. It works especially well in ensuring a quick response when something goes wrong to reduce as much fallout as possible.  Ensure that your backups are stored securely and are regularly checked for integrity and recoverability. Recovery planning should include establishing a clear recovery point objective and recovery time objective to help you start on your backup strategy.  Monitoring and Logging  Continuous monitoring and logging of cloud resources to detect and respond to security incidents promptly would be a strong way to securely protect your data. Using tools that provide real-time visibility into your cloud environment, and then setting up alerts for suspicious activities reinforces security greatly.   Ensure logs are securely stored and protected against tampering. Regularly review these logs to identify and investigate potential security issues.  Network Security  Secure your cloud network by segmenting it using either virtual private clouds (VPCs), subnets, or network access control lists (ACLs). Implementing security groups and firewalls to control inbound and outbound traffic adds an essential layer of security.   Using VPNs or direct connections for secure communication between your on-premises infrastructure and the cloud helps in protecting your data from being located and attacked as VPNs work to disguise them and keep them safe from unauthorised access.  Patch Management  Another great way to maintain your data’s security is to keep all cloud resources, including virtual machines, containers, and applications, up to date with the latest security patches.   Implementing an automated patch management process to ensure timely updates helps with ensuring there aren’t vulnerabilities. Patches should be regularly reviewed and tested t before deploying to minimise the risk of disruptions.  User Training and Awareness  Educating users and employees about the best practices surrounding cloud cyber security and the importance of knowing to keep up with and follow these security policies is essential.   It is advised that regular training sessions and awareness programs are conducted to keep users informed about the latest threats and the steps needed to be taken to mitigate them. This significantly reduces the risk of human error when it comes to data being befallen into the wrong hands as they know better.  Third-Party Risk Management  Evaluate the security practices of third-party vendors and service providers that have access to your cloud environment. Conducting thorough assessments with due diligence before engaging with them, and establishing clear security requirements and expectations in contracts, is emphatically essential.   Third-party vendors can create significant vulnerabilities where data may be intercepted. It's crucial for both you and your vendors to stay updated with the latest security requirements. Regularly reviewing and monitoring third-party security practices ensures they comply with your stringent security standards.  In conclusion, keeping your data secure in the cloud is essential in today’s digital world. By putting strong security measures in place, such as encryption, regular audits, secure configurations, and thorough third-party risk management, you can significantly reduce the risk of data breaches. Ensuring continuous monitoring, effective network security, and comprehensive user training further fortifies your defenses.   Additionally, managing third-party risks and maintaining a proactive stance against potential vulnerabilities are crucial for comprehensive cloud security. Remember, the cloud holds some of our most vital information. By adopting these best practices and maintaining vigilance, you not only protect your own data but also contribute to a safer digital environment for everyone. Taking cybersecurity seriously is not just a necessity; it is a responsibility that we all share in our interconnected world. Stay informed, stay secure, and keep your data safe in the digital sky. 

image for Impact of Microsoft ...

 Business

Throughout May and June, the IT world watched the unfolding drama of Copilot+ Recall. First came Microsofts announcement of the memory feature named Recall that takes screenshots of everything happening on a computer every few seconds and extracting all useful information into a shared database. Then, cybersecurity   show more ...

researchers criticized Recalls implementation by exposing security flaws and demonstrating the potential for data exfiltration — including of the remote kind. This forced Microsoft to backpedal: first stating the feature wouldnt be enabled by default and promising improved encryption, and then delaying the mass rollout of Recall entirely — opting to first test it in the Windows Insider Program beta. Despite this setback, Redmond remains committed to the project and plans to launch it on a broad range of computers — including those with AMD and Intel CPUs. Within the context of devices in the workplace — especially if a company allows BYOD — Recall clearly violates corporate data retention policies and significantly amplifies potential damage if a network is compromised by infostealers or ransomware. Whats more concerning is the clear intention of Microsofts competitors to follow this trend. The recently announced Apple Intelligence is still shrouded in marketing language, but the company claims that Siri will have onscreen awareness when processing requests, and text-handling tools available across all apps will be capable of both local or ChatGPT-powered processing. While Googles equivalent features remain under wraps, the company has confirmed that Project Astra — the visual assistant announced at Google I/O —  will eventually find its way onto Chromebooks, utilizing screenshots as the input data stream. How should IT and cybersecurity teams prepare for this deluge of AI-powered features? Risks of visual assistants We previously discussed how to mitigate the risks of unchecked ChatGPT and other AI assistants usage by employees in this article. However, there we focused on the deliberate adoption of additional apps and services by employees themselves — a new and troublesome breed of shadow IT. OS-level assistants present a more complex challenge: The assistant can take screenshots, recognize text on them, and store any information displayed on an employees screen — either locally or in a public cloud. This occurs regardless of the informations sensitivity, current authentication status, or work context. For instance, an AI assistant could create a local, or even cloud-based, copy of an encrypted email requiring a password. Captured data might not adhere to corporate data-retention policies; data requiring encryption might be stored without it; data scheduled for deletion might persist in an unaccounted copy; data meant to remain inside the companys perimeter might end up in a cloud — potentially under an unknown jurisdiction. The problem of unauthorized access is exacerbated since AI assistants might bypass additional authentication measures implemented for sensitive services within an organization. (Roughly speaking, if you need to view financial transaction data, even after being authorized in the system you need to enable RDP, raise a certificate, log in to the remote system, and enter the password again — or you could simply view it through an AI assistant such as Recall.) Control over the AI assistant by the user and even IT administrators is limited. Accidental or deliberate activation of additional OS functions at the manufacturers command is a known issue. Essentially, Recall, or a similar feature, could appear on a computer unexpectedly and without warning as part of an update. Although all the tech giants are claiming to be paying close attention to AI security, the practical implementation of security measures must stand the test of reality. Microsofts initial claims about data being processed locally and stored in encrypted form proved inaccurate, as the encryption in question was in fact a simple BitLocker, which effectively only protects data when the computer is turned off. Now we have to wait for cybersecurity professionals to assess Microsofts updated encryption and whatever Apple eventually releases. Apple claims that some information is processed locally, some within their own cloud using secure computing principles without storing data post-processing, and some — transmitted to OpenAI in anonymized form. While Googles approach remains to be seen, the companys track record speaks for itself. AI assistant implementation policies Considering the substantial risks and overall lack of maturity in this domain, a conservative strategy is recommended for deploying visual AI assistants: Collaboratively determine (involving IT, cybersecurity, and business teams) which employee workflows would benefit significantly from visual AI assistants to justify the introduction of additional risks. Establish a company policy and inform employees that the use of system-level visual AI assistants is prohibited. Grant exceptions on a case-by-case basis for specific uses. Take measures to block the spontaneous activation of visual AI. Utilize Microsoft group policies and block the execution of AI applications at the EDR or EMM/UEM level. Keep in mind that older computers might not be able to run AI components due to technical limitations, but manufacturers are working to expand their reach to previous system versions. Ensure that security policies and tools are applied to all devices used by employees for work — including personal computers. If the first-stage discussion identifies a group of employees that could significantly benefit from visual AI, launch a pilot program with just a few of these employees. IT and cybersecurity teams should develop recommended visual assistant settings tailored to employee roles and company policies. In addition to configuring the assistant, implement enhanced security measures (such as strict user authentication policies and more stringent SIEM and EDR monitoring settings) to prevent data leaks and protect the pilot computers from unwanted/malicious software. Ensure that the available AI assistant is activated by an administrator using these specific settings. Regularly and thoroughly analyze the pilot programs group performance compared to a control group, along with the behavior of company computers with the AI assistant activated. Based on this analysis, decide whether to expand or discontinue the pilot program. Appoint a dedicated resource to monitor cybersecurity research and threat intelligence regarding attacks targeting visual AI assistants and their stored data. This will allow for timely policy adjustments as this technology evolves.

image for Phish-Friendly Domai ...

 A Little Sunshine

The Chinese company in charge of handing out domain names ending in “.top” has been given until mid-August 2024 to show that it has put in place systems for managing phishing reports and suspending abusive domains, or else forfeit its license to sell domains. The warning comes amid the release of new   show more ...

findings that .top was the most common suffix in phishing websites over the past year, second only to domains ending in “.com.” Image: Shutterstock. On July 16, the Internet Corporation for Assigned Names and Numbers (ICANN) sent a letter to the owners of the .top domain registry. ICANN has filed hundreds of enforcement actions against domain registrars over the years, but this is thought to be the first in which ICANN has singled out a domain registry responsible for maintaining an entire top-level domain (TLD). Among other reasons, the missive chided the registry for failing to respond to reports about phishing attacks involving .top domains. “Based on the information and records gathered through several weeks, it was determined that .TOP Registry does not have a process in place to promptly, comprehensively, and reasonably investigate and act on reports of DNS Abuse,” the ICANN letter reads (PDF). ICANN’s warning redacted the name of the recipient, but records show the .top registry is operated by a Chinese entity called Jiangsu Bangning Science & Technology Co. Ltd. Representatives for the company have not responded to requests for comment. Domains ending in .top were represented prominently in a new phishing report released today by the Interisle Consulting Group, which sources phishing data from several places, including the Anti-Phishing Working Group (APWG), OpenPhish, PhishTank, and Spamhaus. Interisle’s newest study examined nearly two million phishing attacks in the last year, and found that phishing sites accounted for more than four percent of all new .top domains between May 2023 and April 2024. Interisle said .top has roughly 2.76 million domains in its stable, and that more than 117,000 of those were phishing sites in the past year. Source: Interisle Consulting Group. ICANN said its review was based on information collected and studied about .top domains over the past few weeks. But the fact that high volumes of phishing sites are being registered through Jiangsu Bangning Science & Technology Co Ltd. is hardly a new trend. For example, more than 10 years ago the same Chinese registrar was the fourth most common source of phishing websites, as tracked by the APWG. Bear in mind that the APWG report excerpted below was published more than a year before Jiangsu Bangning received ICANN approval to introduce and administer the new .top registry. Source: APWG phishing report from 2013, two years before .top came into being. A fascinating new wrinkle in the phishing landscape is the growth in scam pages hosted via the InterPlanetary File System (IPFS), a decentralized data storage and delivery network that is based on peer-to-peer networking. According to Interisle, the use of IPFS to host and launch phishing attacks — which can make phishing sites more difficult to take down — increased a staggering 1,300 percent, to roughly 19,000 phishing sites reported in the last year. Last year’s report from Interisle found that domain names ending in “.us” — the top-level domain for the United States — were among the most prevalent in phishing scams. While .us domains are not even on the Top 20 list of this year’s study, “.com” maintained its perennial #1 spot as the largest source of phishing domains overall. A year ago, the phishiest domain registrar by far was Freenom, a now-defunct registrar that handed out free domains in several country-code TLDs, including .tk, .ml, .ga and .cf. Freenom went out of business after being sued by Meta, which alleged Freenom ignored abuse complaints while monetizing traffic to abusive domains. Following Freenom’s demise, phishers quickly migrated to other new low-cost TLDs and to services that allow anonymous, free domain registrations — particularly subdomain services. For example, Interisle found phishing attacks involving websites created on Google’s blogspot.com skyrocketed last year more than 230 percent. Other subdomain services that saw a substantial growth in domains registered by phishers include weebly.com, github.io, wix.com, and ChangeIP, the report notes. Source: Interisle Consulting. Interisle Consulting partner Dave Piscitello said ICANN could easily send similar warning letters to at least a half-dozen other top-level domain registries, noting that spammers and phishers tend to cycle through the same TLDs periodically — including .xyz, .info, .support and .lol, all of which saw considerably more business from phishers after Freenom’s implosion. Piscitello said domain registrars and registries could significantly reduce the number of phishing sites registered through their services just by flagging customers who try to register huge volumes of domains at once. Their study found that at least 27% of the domains used for phishing were registered in bulk — i.e. the same registrant paid for hundreds or thousands of domains in quick succession. The report includes a case study in which a phisher this year registered 17,562 domains over the course of an eight-hour period — roughly 38 domains per minute — using .lol domains that were all composed of random letters. ICANN tries to resolve contract disputes privately with the registry and registrar community, and experts say the nonprofit organization usually only publishes enforcement letters when the recipient is ignoring its private notices. Indeed, ICANN’s letter notes Jiangsu Bangning didn’t even open its emailed notifications. It also cited the registry for falling behind in its ICANN membership fees. With that in mind, a review of ICANN’s public enforcement activity suggests two trends: One is that there have been far fewer public compliance and enforcement actions in recent years — even as the number of new TLDs has expanded dramatically. The second is that in a majority of cases, the failure of a registry or registrar to pay its annual ICANN membership fees was cited as a reason for a warning letter. A review of nearly two dozen enforcement letters ICANN has sent to domain registrars since 2022 shows that failure to pay dues was cited as a reason (or the reason) for the violation at least 75 percent of the time. Piscitello, a former ICANN board member, said nearly all breach notices sent out while he was at ICANN were because the registrar owed money. “I think the rest is just lipstick to suggest that ICANN’s on top of DNS Abuse,” Piscitello said. KrebsOnSecurity has sought comment from ICANN and will update this story if they respond.

 Malware and Vulnerabilities

FrostyGoop can disrupt industrial processes by altering values on ICS devices. The malware exploited the Modbus protocol to directly affect industrial control systems, posing a significant threat to OT environments globally.

 Malware and Vulnerabilities

RA World’s attack methods, mapped to MITRE ATT&CK, include exploiting vulnerable servers for initial access, using tools like PsExec and Impacket for credential dumping and lateral movement, and executing ransomware payloads in safe mode.

 Feed

Ubuntu Security Notice 6905-1 - It was discovered that Rack incorrectly handled certain regular expressions. A remote attacker could possibly use this issue to cause Rack to consume resources, leading to a denial of service. It was discovered that Rack incorrectly handled Multipart MIME parsing. A remote attacker   show more ...

could possibly use this issue to cause Rack to consume resources, leading to a denial of service. This issue only affected Ubuntu 20.04 LTS and Ubuntu 22.04 LTS.

 Feed

Ubuntu Security Notice 6904-1 - It was discovered that PyMongo incorrectly handled certain BSON. An attacker could possibly use this issue to read sensitive information or cause a crash.

 Feed

tc is a low-tech free software to chat anonymously and ciphered over Tor circuits in PGP. Use it to protected your communication end-to-end with RSA/DSA encryption and keep yourself anonymously reachable by anyone who only knows your .onion address and your public key. All this and more in 3278 lines of C code that   show more ...

compile and run on BSD and Linux systems with an IRC like GUI. As this is a rolling release and does not have an official build yet, the prior version on Packet Storm was replaced with this updated code base.

 Feed

Ubuntu Security Notice 6898-4 - Ziming Zhang discovered that the DRM driver for VMware Virtual GPU did not properly handle certain error conditions, leading to a NULL pointer dereference. A local attacker could possibly trigger this vulnerability to cause a denial of service. Gui-Dong Han discovered that the software   show more ...

RAID driver in the Linux kernel contained a race condition, leading to an integer overflow vulnerability. A privileged attacker could possibly use this to cause a denial of service.

 Feed

Ubuntu Security Notice 6893-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel when modifying certain settings values through debugfs. A privileged local attacker could use this to cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6896-5 - It was discovered that the ATA over Ethernet driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. It was discovered that the Atheros 802.11ac wireless   show more ...

driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.

 Feed

Google on Monday abandoned plans to phase out third-party tracking cookies in its Chrome web browser more than four years after it introduced the option as part of a larger set of a controversial proposal called the Privacy Sandbox. "Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web

 Feed

Organizations in Taiwan and a U.S. non-governmental organization (NGO) based in China have been targeted by a Beijing-affiliated state-sponsored hacking group called Daggerfly using an upgraded set of malware tools. The campaign is a sign that the group "also engages in internal espionage," Symantec's Threat Hunter Team, part of Broadcom, said in a new report published today. "In the attack on

 Feed

Cybersecurity researchers have discovered what they say is the ninth Industrial Control Systems (ICS)-focused malware that has been used in a disruptive cyber attack targeting an energy company in the Ukrainian city of Lviv earlier this January. Industrial cybersecurity firm Dragos has dubbed the malware FrostyGoop, describing it as the first malware strain to directly use Modbus TCP

 Feed

The initial onboarding stage is a crucial step for both employees and employers. However, this process often involves the practice of sharing temporary first-day passwords, which can expose organizations to security risks. Traditionally, IT departments have been cornered into either sharing passwords in plain text via email or SMS, or arranging in-person meetings to verbally communicate these

 Feed

Threat actors have been observed using swap files in compromised websites to conceal a persistent credit card skimmer and harvest payment information. The sneaky technique, observed by Sucuri on a Magento e-commerce site's checkout page, allowed the malware to survive multiple cleanup attempts, the company said. The skimmer is designed to capture all the data into the credit card form on the

 Feed

Meta has been given time till September 1, 2024, to respond to concerns raised by the European Commission over its "pay or consent" advertising model or risk-facing enforcement measures, including sanctions. The European Commission said the Consumer Protection Cooperation (CPC) Network has notified the social media giant that the model adopted for Facebook and Instagram might potentially violate

 Feed

The Computer Emergency Response Team of Ukraine (CERT-UA) has alerted of a spear-phishing campaign targeting a scientific research institution in the country with malware known as HATVIBE and CHERRYSPY. The agency attributed the attack to a threat actor it tracks under the name UAC-0063, which was previously observed targeting various government entities to gather sensitive information using

 Podcast

In episode eight of “The AI Fix”, our hosts tackle the latest news from the world of AI and learn about two important medical breakthroughs, Mark coughs, Graham ruins “Killing me softly”, and neither shows their junk to an AI. Graham explains humour to Mark and shares a donkey story he learned from a   show more ...

Bulgarian, … Continue reading "The AI Fix #8: Emergence, a rancid donkey, and the world’s funniest joke"

 Chinese

Source: www.databreachtoday.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: Asia Symantec Traces 2021 Hong Kong Waterhole Attacks to Daggerfly Prajeet Nair (@prajeetspeaks) • July 23, 2024     A mass protest in Hong Kong on Jan. 1, 2020. (Image:   show more ...

Shutterstock) Security researchers say they’ve traced a spate […] La entrada Chinese Cyberespionage Group Expands Malware Arsenal – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CrowdStrike's

Source: www.databreachtoday.com – Author: 1 Business Continuity Management / Disaster Recovery , Endpoint Security , Governance & Risk Management Technical Analysts Emphasize Need for Enhanced Security Testing, Quality Assurance Michael Novinson (MichaelNovinson) • July 22, 2024     One of the more   show more ...

extreme customer reactions to the CrowdStrike global IT outage came on Friday from […] La entrada CrowdStrike’s Response to Outage Will Minimize Lost Business – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Geo Focus: Australia , Geo-Specific MediSecure Data Theft Has an Impact on Nearly Half of Australia’s Population Marianne Kolbasuk McGee (HealthInfoSec) • July 22, 2024     A hack on e-prescription vendor MediSecure has   show more ...

affected 12.9 million people – nearly half of Australia’s population. (Image: […] La entrada E-Prescription Vendor Breach Affects 12.9 Million Aussies – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CrowdStrike

Source: www.databreachtoday.com – Author: 1 Endpoint Detection & Response (EDR) , Incident & Breach Response , Next-Generation Technologies & Secure Development Microsoft’s Tool Requires Physical Access, a ‘Time-Consuming and Laborious Task’ Mathew J. Schwartz (euroinfosec) •   show more ...

July 22, 2024     A “blue screen of death” at New York’s LaGuardia Airport on July 19, 2024 […] La entrada CrowdStrike Disruption Restoration Is Taking Time – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Tuesday, July 23
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember