Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for WazirX Confirms INR ...

 Firewall Daily

Indian cryptocurrency exchange WazirX has issued an update in response to a recent cyberattack that saw hackers steal over $230 million from its platform. Co-founder Nischal Shetty took to social media to reassure users and outline the steps being taken to mitigate the impact of the WazirX cyberattack.  Shetty   show more ...

confirmed that while the cyberattack on WazirX targeted digital assets, Indian rupee (INR) funds remained secure and unaffected. He emphasized WazirX's commitment to restoring full functionality, including deposits, withdrawals, and trading, as part of ongoing recovery efforts. Update on WazirX Cyberattack  "We are exploring various strategies to facilitate the resumption of platform operations," Shetty stated, acknowledging the disruption caused by the attack. He highlighted ongoing collaboration with law enforcement to identify the perpetrators and recover the stolen funds swiftly. [caption id="attachment_83509" align="alignnone" width="1112"] Source: WazirX[/caption] The cyberattack did not breach WazirX's platform directly but targeted its multi-signature wallet accessed through third-party custody provider Liminal. Despite this, Liminal has assured that all WazirX-related wallets under its management remain secure, and the malicious transactions occurred outside their platform's infrastructure. In response to the incident, WazirX has launched a $23 million bounty program aimed at incentivizing the recovery of the stolen assets. The exchange has received numerous submissions and is actively reviewing them to expedite the recovery process. Bounty Program and Mitigation Strategies  As per the official announcement, the initiative presents two primary bounty programs for community participation. The first program, known as "Track & Freeze," offers rewards up to $10,000 in USDT for credible information that results in freezing the stolen funds. The second program, named "White Hat Recovery," offers a reward equivalent to 10% of the recovered amount, capped at $23 million, to ethical hackers (white hats) who contribute to retrieving the stolen assets. Shetty expressed optimism about potential resolutions to restore normalcy, stating, "We have several ideas under consideration and are evaluating their feasibility to expedite the recovery process. Our priority remains the security and trust of our users. Currently, all deposits, withdrawals, and trading activities on WazirX are temporarily paused as the investigation and recovery efforts continue. The exchange has urged users to remain patient and assured them that updates will be provided as the situation develops. WazirX remains steadfast in its commitment to transparency and user security amidst the challenges posed by the cyberattack. With ongoing efforts to collaborate with authorities and enhance security measures, the exchange aims to resume normal operations soon while safeguarding user interests and funds.

image for Venture Capital: The ...

 Cybersecurity News

The U.S. security agencies are warning technology startups to be wary of foreign venture capital investments that may be attempts to steal secrets. The warning, issued today by the Director of National Intelligence’s National Counterintelligence and Security Center (NCSC) and three other agencies, notes that concern   show more ...

about startup investments by the People’s Republic of China (PRC) has been an issue since at least 2018, but recent events have heightened concerns that the PRC is using VC investments to attempt to gain access to AI technology and other sensitive intellectual property (IP). The guidance – and the threat of lost business and deals if national security risks are later discovered – puts startups in the difficult position of judging investor ownership at the same time that they may be seeking a critical financial lifeline. The NCSC document spells out warning signs to look for in a venture investor, and also shares some horror stories of stolen startup intellectual property. IDG Capital, Other Venture Capital Threats Cited The warning from NCSC, DNI’s Office of Economic Security and Emerging Technologies (OESET), and the Air Force and Navy criminal investigative services, notes that in January 2024, the U.S. Department of Defense (DoD) added China-based private equity firm IDG Capital to its list of “‘Chinese military companies’ operating directly or indirectly in the U.S.” IDG Capital, which has invested in more than 1,600 companies, including several in the U.S., denies DoD’s claims. The agencies’ warning cites a few examples where a venture investment masked hidden national security risks. Last year, the CEO of a U.S. startup that is suing defendants in China for trade secret theft testified before Congress that some China-based VC firms may target and pay employees of U.S. startups to acquire technology, then fund competitors in China who try to monetize the stolen technology. Some U.S. and European firms have claimed that China-based investors offered them investments, then withdrew the offers after obtaining their proprietary data in the due diligence process. One U.K. firm, after agreeing to a takeover by an investor in China, began transferring technology in exchange for part of the acquisition price. The investor later abandoned the acquisition, and the U.K. firm faced bankruptcy after sharing its IP. In addition to stolen IP and lost market share, the agencies note that startups can also be denied U.S. government contracts or small business funding if foreign threat actors have been found to have a presence in their firms. Warning Signs of Foreign VC Involvement – And Defensive Steps The NCSC document acknowledges the difficulty of determining “the ownership and intent of foreign investors,” and offers some warning signs of foreign investment and some defensive steps to take. Foreign investors may structure investments to avoid scrutiny from the Committee on Foreign Investment in the United States (CFIUS), which reviews mergers, acquisitions, and investments that may have national security implications. They may route investments through intermediaries in the U.S. or other countries, and use minority and limited partner investments. Some of the tactics that could be warning signs of foreign threat actors may also be routine legal moves, complicating assessment efforts. These include complex ownership, including separate entities that share key personnel, or shell companies “with no substantive purpose.” Incorporation in offshore locations lacking transparency and oversight is another such tactic. Investments through funds, partners, or intermediaries in the U.S. or other countries can be another potential warning sign, as can Limited Partner Investments and requests for proprietary or other sensitive data. “Startups should be alert to intrusive requests for sensitive data,” the document notes. Before seeking investments, the agencies advise startups to “identify and compartmentalize your company’s ‘crown jewels’” with physical and virtual protections and access restrictions. A risk manager should be empowered to protect assets, and startups should make sure that legal and contractual agreements “are enforceable in the investor’s home country.” Startups with concerns or tips about potential foreign investments with national security implications should contact CFIUS, the FBI or DoD, the guidance notes.

image for Red Art Games Faces ...

 Firewall Daily

French publisher Red Art Games has fallen victim to a cyberattack, exposing sensitive customer information. In an official communication to its clientele, Red Art Games disclosed that the breach resulted in compromised data, including first and last names, birthdates, email addresses, shipping addresses, order   show more ...

details, and phone numbers. The Red Art Games cyberattack has prompted the company to temporarily shut down its website as a precautionary measure to safeguard its customers. The company reassured its users that financial information, such as bank details, remained secure and unaffected by the Red Art Games cyberattack. Despite this assurance, Red Art Games advised customers to change their account passwords once the website is restored and to review and update similar passwords used across other accounts for enhanced security. The Red Art Games Cyberattack Could Open Doors for Phishing Attempts A notable concern raised by Red Art Games is the possibility of phishing attempts in the aftermath of the breach. Customers were warned to remain vigilant against any communications purportedly from Red Art Games, especially requests for sensitive information or financial transactions. This precaution highlights the potential risks associated with stolen data being misused for fraudulent purposes. [caption id="attachment_83446" align="alignnone" width="1563"] Source: Red Art Games[/caption] Red Art Games, known for titles like Have A Nice Death, Lost Ruins, and Promenade, expressed regret over the incident and pledged to keep its customers informed as new developments arise. The studio did not attribute the cyberattack on Red Art Games to any specific group or entity in its initial statement. We deeply apologize for the inconvenience caused by this cyber attack," the company stated. The security and privacy of our customers are of utmost importance to us, and we appreciate your patience and continued trust during this challenging time. As investigations into the cyberattack on the gaming firm continue, Red Art Games remains committed to addressing the issue swiftly and ensuring the integrity of its systems before resuming normal operations. Customers are encouraged to monitor official communications from Red Art Games for further updates regarding the incident and the restoration of services. Cyberattacks on Gaming Companies The global gaming industry is rapidly approaching a milestone of 3 billion active gamers, a growth trajectory that has not gone unnoticed by cybercriminals. Recent reports highlight a surge in cyberattacks on gaming companies, exploiting vulnerabilities across web applications and platforms. According to Akamai, web application attacks targeting mobile games have risen by a staggering 167% year-on-year from May 2021 to April 2022. Similarly, Kaspersky Lab reported a 13% increase in malicious software attacks on games during the first half of 2022 compared to the same period in 2021. This uptick highlights a troubling trend where the gaming sector, booming amidst the pandemic-driven shift to digital lifestyles, has become a prime target for cyber threats. Various attack methods, such as phishing and ransomware, remain prevalent within the gaming ecosystem. These tactics aim to compromise user accounts, steal in-game assets, and even extort players or gaming companies for financial gain. The prevalence of counterfeit software and pirated gaming products exacerbates these risks, exposing unsuspecting users to malware and other forms of cyber exploitation. Ultimately, as gaming continues to integrate into everyday life globally, ensuring robust cybersecurity practices across all levels of engagement—from individual gamers to large-scale developers—will be essential to protect against the growing sophistication of cyber threats. Awareness and proactive measures are key in safeguarding the integrity and security of digital gaming experiences for millions worldwide.

image for India Budget 2024 Bo ...

 Budgets

The India Union Budget 2024, released yesterday by Indian Finance Minister Nirmala Sitharaman, marks the first budget under the BJP-led NDA government since its re-election in June. To gain insights into the budget's implications for cybersecurity and technology, The Cyber Express interacted with Prashant   show more ...

Warankar, CTO & CISO at Sterlington to get more insight about the Union Budget 2024. Let's delve deeper into each aspect related to the expectations for the India Union budget 2024, focusing on cybersecurity and technology. Here is what Warankar has to say about the release budget for 2024 and its impact on the cybersecurity and technology industry. Increased Budget 2024 Allocation for Cybersecurity Enhanced Cyber Defence Infrastructure: The allocation should support the development and upgrading of cybersecurity infrastructure, including advanced threat detection systems, intrusion prevention systems, and secure network architectures. This investment is crucial to fortify defences against increasingly sophisticated cyber-attacks. Government Cybersecurity Agencies: Additional funding should be directed towards strengthening government agencies responsible for cybersecurity, such as CERT-In (Computer Emergency Response Team – India). This includes enhancing their capabilities to monitor, respond to, and manage cyber incidents effectively. Public Sector Investments: Funding should also focus on improving cybersecurity for public sector organizations, including ministries, public utilities, and state governments. This will help ensure that critical services are protected against cyber threats. Priority Areas for Technology Investment Advanced Threat Detection: AI and ML can analyse vast amounts of data to identify patterns and anomalies indicative of cyber threats. Investment in AI-driven cybersecurity solutions can significantly enhance threat detection and response times. Automated Incident Response: AI can help automate responses to cyber incidents, reducing the time it takes to contain and remediate This can lead to quicker recovery from cyber-attacks and minimize damage. Quantum Computing Quantum-Resistant Cryptography: As quantum computing advances, it poses a threat to current encryption methods. Investment in quantum-resistant cryptographic techniques is essential to ensure data security in the quantum era. Research Initiatives: Supporting research in quantum computing can position India as a leader in developing new technologies and solutions to address the challenges posed by quantum advancements. IoT Security Secure IoT Ecosystems: With the proliferation of IoT devices, securing these devices and their communications is critical. Investment in IoT security solutions can help protect against vulnerabilities and prevent potential breaches. Standardization and Regulation: Funding should support the development of standards and regulations for IoT security, ensuring that manufacturers adhere to best practices in device security. Blockchain Technology Secure Transactions: Blockchain's decentralized nature can enhance the security of digital transactions and data exchanges. Investment in blockchain technology can support its adoption in various sectors, including finance, supply chain, and healthcare. Smart Contracts: Blockchain-based smart contracts can automate and secure contractual agreements. Increased funding in this area can drive innovation and adoption of smart contracts in business processes. Addressing Current Challenges Talent Development and Training Skill Development Programs: Investment should include funding for cybersecurity education programs, certifications, and workshops to address the skills gap. This will help build a skilled workforce capable of tackling evolving cyber threats. Partnerships with Educational Institutions: Collaborating with universities and technical institutions to develop specialized cybersecurity courses and training programs can help produce a steady stream of qualified professionals. Public-Private Partnerships Collaborative Cybersecurity Initiatives: Encouraging collaboration between government agencies, private sector companies, and academic institutions can lead to more effective cybersecurity solutions and innovations. Funding for joint projects and research can drive progress in this area. Information Sharing Platforms: Establishing or enhancing platforms for sharing cyber threat intelligence between various stakeholders can improve collective defence against cyber threats. Research and Development (R&D): Innovation Grants: Providing grants and incentives for research institutions and startups focused on cybersecurity innovations can drive the development of cutting-edge solutions. This includes funding for experimental projects and prototype development. Government Research Programs: Supporting government-led R&D programs focused on emerging technologies and cybersecurity challenges can lead to breakthroughs and advancements in the field. Specific Initiatives and Programs National Cybersecurity Strategy: Comprehensive Framework: The introduction or expansion of a national cybersecurity strategy should provide a clear framework for protecting national assets and responding to cyber threats. This includes setting priorities, establishing protocols, and coordinating efforts across various sectors. Incident Response Plans: Developing and funding national incident response plans to ensure a coordinated approach to managing and mitigating cyber incidents. Cybersecurity Awareness Campaigns Public Awareness Programs: Expanding initiatives to educate the public about cybersecurity best practices, such as safe online behaviour and recognizing phishing attempts. This can include media campaigns, educational materials, and community outreach programs. Business Training: Providing training and resources for businesses to improve their cybersecurity posture, including guidance on risk management and compliance with regulations. Enhanced Cyber Threat Intelligence Sharing Government-Private Sector Collaboration: Facilitating the exchange of threat intelligence between government agencies and private companies to improve situational awareness and response capabilities. International Cooperation: Strengthening partnerships with international cybersecurity organizations to share intelligence and collaborate on global cyber threats. Funding for Startups and Innovations Innovation Hubs: Establishing innovation hubs and incubators to support startups working on cybersecurity solutions. Providing funding, mentorship, and resources can help accelerate the development of new technologies. Competitive Grants: Offering competitive grants and funding opportunities for projects that address specific cybersecurity challenges or advance technological innovation. Anticipated Impacts Strengthened National Security: Increased funding and strategic initiatives will bolster India’s defences against cyber threats, enhancing national security and protecting critical infrastructure. Economic Growth and Job Creation: Investments in technology sectors will drive economic growth, create job opportunities, and stimulate innovation, contributing to overall prosperity. Enhanced Public Trust: By prioritizing cybersecurity and technological advancements, the government can build public confidence in digital services and transactions, fostering a secure and trusted digital environment. Global Competitiveness: Enhanced investment in emerging technologies and cybersecurity will position India as a global leader in tech innovation, attracting international investments and partnerships. To Warp Up The India Union Budget 2024, unveiled by Finance Minister Nirmala Sitharaman, represents a significant step in addressing the nation's cybersecurity and technology needs. As articulated by Warankar, the budget’s focus on increased funding for cybersecurity infrastructure, advanced technology investments, and strategic initiatives reflects a proactive approach to strengthening national security and fostering technological advancement. This comprehensive approach to cybersecurity and technology funding in the budget will not only address current challenges but also pave the way for a more secure and technologically advanced future for India.

image for KnowBe4 Uncovers Fak ...

 Firewall Daily

Who would have imagined that a security awareness training firm could be tricked into hiring a North Korean hacker? Yet that’s exactly what happened to KnowBe4. Leading provider of security awareness training and simulated phishing platforms, KnowBe4 recently revealed an incident where they accidentally hired a   show more ...

North Korean hacker.  KnowBe4 Hires North Korean Hacker into Team: Here’s How it Happened  The company’s internal IT team was in search of a software engineer to join their AI division. After a comprehensive hiring process that included multiple interviews, background checks, and reference verifications, the candidate was onboarded. “Our HR team conducted four video conference-based interviews on separate occasions, confirming the individual matched the photo provided on their application. Additionally, a background check and all other standard pre-hiring checks were performed and came back clear due to the stolen identity being used. This was a real person using a valid but stolen US-based identity. The picture was AI "enhanced,” stated the company’s official statement. According to the company, the subject exhibited remarkable sophistication in crafting a convincing cover identity, exploiting vulnerabilities in the hiring and background check processes, and attempting to gain access to the organization's systems. [caption id="attachment_83503" align="alignnone" width="709"] On the left is the original stock photo, while the AI-enhanced fake submitted to HR is on the right.. (Source: knowbe4/Blog)[/caption] Everything appeared standard until the new hire's Mac workstation was delivered. Upon receiving, the machine immediately began to load malware, triggering alarms.  “The EDR software detected it and alerted our InfoSec Security Operations Center.  The SOC called the new hire and asked if they could help. That's when it got dodgy fast. We shared the collected data with Mandiant, a leading global cybersecurity expert, and the FBI, to corroborate our initial findings.”  The investigation uncovered that the so-called software engineer was a North Korean operative using a stolen U.S. identity and an AI-enhanced photograph to create a convincing cover. This elaborate deception involved a fake identity and a sophisticated malware attack designed to exploit the company's systems. However, the company confirmed that no illegal access was gained, and no data was lost or compromised on any KnowBe4 systems.  KnowBe4 Fake Employee Investigation  The investigation into the employee, identified as "XXXX," revealed that the suspicious activities detected on their account were likely intentional, raising concerns that they could be an insider threat or a nation-state actor.  “On July 15, 2024, a series of suspicious activities were detected on the user beginning at 9:55pm EST. When these alerts came in KnowBe4’s SOC team reached out to the user to inquire about the anomalous activity and possible cause. XXXX responded to SOC that he was following steps on his router guide to troubleshoot a speed issue and that it may have caused a compromise,” read the company’s summary report on the incident.    The report further stated that the attacker performed various actions to manipulate session history files, transfer potentially harmful files, and execute unauthorized software.  “He used a raspberry pi to download the malware. SOC attempted to get more details from XXXX including getting him on a call. XXXX stated he was unavailable for a call and later became unresponsive. At around 10:20pm EST SOC contained XXXX's device.”  Breaking down the scam, the summary report detailed how it functions: “the fake worker asks to get their workstation sent to an address that is basically an "IT mule laptop farm. They then VPN in from where they really physically are (North Korea or over the border in China) and work the night shift so that they seem to be working in US daytime. The scam is that they are actually doing the work, getting paid well, and give a large amount to North Korea to fund their illegal programs.”  Acknowledging the Breach  KnowBe4's decision to disclose this incident is commendable. By bringing this issue to light, they not only highlight the advanced tactics employed by cybercriminals but also demonstrate a commitment to transparency and education within the cybersecurity community.  Lessons Learned and Recommendations  This incident has exposed several critical vulnerabilities in the hiring and security processes:  Vetting Procedures: The necessity of thorough background checks and identity verification cannot be overstated. The hacker utilized a stolen identity with a digitally altered photo, slipping past conventional checks.  Enhanced Monitoring: Continuous surveillance and anomaly detection are crucial. The rapid response by KnowBe4’s SOC was key to mitigating potential damage.  Improved Security Measures: Future recommendations include scanning remote devices for unauthorized access, scrutinizing resumes for inconsistencies, and employing enhanced monitoring and access controls.  Tips for Prevention  Organizations should consider the following steps to avoid similar incidents:  Scan Remote Devices: Regularly check for unauthorized remote connections.  Better Vetting: Implement rigorous verification procedures and avoid relying solely on email references.  Enhanced Monitoring: Strengthen monitoring to detect and respond to potential threats promptly.  Security Awareness: Educate employees about social engineering and sophisticated cyber threats.  This incident highlights that even the most vigilant and diligent can fall prey to social engineering attacks. It also brings attention to the prevalence of identity theft and how malicious actors can cleverly exploit it. However, due to their vigilance, KnowBe4 swiftly identified the deception and took the necessary steps to prevent a more significant breach.

image for Strategic Insights: ...

 Cybersecurity News

Security experts have stressed the importance of dark web monitoring for CEOs of businesses and enterprises of all sizes as an essential measure to prioritize the safety and integrity of their organization's digital presence. Password and data breaches shared on the dark web and in cybercriminal communities have   show more ...

become a common occurrence, leaving businesses vulnerable to severe consequences, including stolen bank accounts and identity theft. To combat this threat, dark web monitoring is a proactive option to help identify, detect and mitigate potential breaches before they escalate into embarrassing major security incidents. CEOs Guide to Dark Web Monitoring The dark web is a small part of the deep web, which is generally considered an unindexed sub-layer of the internet, ignored by or inaccessible to conventional search engines. This anonymous environment is a hub for illegal activities, including the commission and sale of sensitive data such as digital credentials and records. Dark web monitoring is a specialized process that involves searching for and monitoring the spread of records related to organization or entity information across the dark web. Using advanced algorithms and techniques, dark web monitoring tools provide enhanced detection capabilities, allowing businesses to stay ahead of cyber threats. The financial implications of a cyber attack can be severe. In 2020, DSG Retail Limited was fined £500,000 by the UK's Information Commissioner's Office after a point-of-sale system breach affected 14 million people, for example. A study conducted at King’s College London revealed that over 60% of more than 2,700 darknet sites were found to host illicit content facilitating criminal activity. It's essential for CEOs to understand the techniques and methods cybercriminals use to steal data, such as phishing, malware, and keylogging, to recognize and prevent these threats. For CEOs, the stakes are high. A single compromised password can lead to devastating consequences, from financial losses to reputational damage. With 80% of individuals reusing passwords across multiple accounts, the risk of a breach extends far beyond a single compromised system. Quick response by CEOs can be an important factor in limiting damage, and that's where dark web monitoring comes in. The Sale of Ransomware and Malware The dark web is a hub for the sale of ransomware malware that is used in threat campaigns. These attacks can be devastating for businesses, such as the 2017 WannaCry attack on the UK's NHS that reportedly led to it losing £92 million as well as the cancellation of over 19,000 appointments. In the same year, shipping giant A.P. Moller-Maersk suffered losses of between $200-$300 million due to the NotPetya ransomware attack, which rendered apps, laptops, and servers useless. Dark web monitoring can help counter threat posed by sale of such services among dark web forums. The Sale of Business Data If your business is hacked and your data stolen, it may well end up for sale on the dark web making it critical for a suitable platform providing dark web threat intelligence for corporate leaders. Hackers also sell access to breached company databases, leaving them open to the theft of everything from financial information to employees' personal details. Last year, Kaspersky researchers observed almost 40,000 dark web posts about the sale of internal corporate information, a 16% increase compared to the previous year. The Sale of Credit Card Details It's estimated that over 23 million credit cards are offered for sale on the dark web, which may have come from a variety of sources, including online stores' checkout processes. Marketplaces called Automated Vending Carts (AVCs) are used to sell credit card details without the buyer and seller needing to interact. Importance of Dark Web Monitoring for CEOs Dark web monitoring offers a strategic advantage in the ongoing battle against cybercrime. Here are some benefits of dark web monitoring for business executives. Detect breaches early: Identify compromised credentials before they're exploited. Assess vulnerabilities: Gain insights into potential weak points in security protocols. Enhance incident response: React swiftly to emerging threats with actionable intelligence. Protect executive data: Organizations can place special focus on protecting executive data through dark web monitoring tools. Implementing a robust dark web monitoring program allows CEOs to stay ahead of potential threats, protecting their company's assets and reputation. This is crucial given the rise of ransomware-as-a-service and malware-as-a-service packages on the dark web, which enable even non-technical criminals to launch sophisticated attacks. Building a Security Strategy While dark web monitoring is a powerful tool, it's just one piece of a comprehensive cybersecurity strategy. CEOs should consider: Dark Web Monitoring: Reliable dark web risks and monitoring solutions for CEOs such as Cyble Vision or Cyble Darkweb Intelligence can be integrated into broader security strategies to provide dark web threat intelligence for corporate leaders. Employee education: Train staff to recognize and report potential security threats or respond to claims of breach or compromise. Dedicated staff should feel encouraged to make reports on strategic insights on dark web threats for executives. Multi-factor authentication: Implement additional layers of security beyond passwords to protect against leaked credentials offered for sale on the Dark Web. Regular security audits: Continuously assess and improve organizational defenses. By combining dark web monitoring with these broader security measures, CEOs can create a robust defense against evolving cyber threats. Leverage AI tools in security implementation: Incorporate AI-powered dark web monitoring solutions like Cyble’s award-winning cyber threat intelligence platform to make use of rich automated feeds. These automated feeds can help in updating dark web monitoring strategies for company CEOs. In an era where data is a precious commodity, dark web monitoring can give CEOs critical insights to safeguard their organizations, and the peace of mind that rapid insight and response can give.  

image for Google Says It Will ...

 Cybersecurity News

Google won't let the cookie crumble as it is dropping its long-standing plan to phase out third-party cookies in Chrome. The dramatic U-turn, coming after years of delays and industry turmoil, marks a significant victory for advertisers and a potential setback for privacy advocates. Rather than eliminating these   show more ...

digital tracking beacons, Google will now offer users a choice to retain or reject them. While this move positions the tech giant as a champion of consumer control, critics argue it's a cynical ploy to maintain its advertising dominance. Google said, "Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing, and they’d be able to adjust that choice at any time." Privacy Sandbox Slammed by Apple The Privacy Sandbox, Google's proposed alternative to cookies, has been a tumultuous journey fraught with regulatory scrutiny and industry backlash. Its Topics API, designed to categorize user interests without revealing personal data, has faced intense criticism from Apple, which labeled it a potential tool for user fingerprinting and re-identification. "The user doesn’t get told upfront which topics Chrome has tagged them with or which topics it exposes to which parties. It all happens in the background and by default," Apple's Webkit team said earlier this month. "The intent of the API is to help advertisers target users with ads based on each user’s interests even though the current website does not necessarily imply that they have those interests." The iPhone maker also pointed out potential loopholes that could allow data brokers to amass extensive information about users' online behavior. "The data broker has been able to read your shifting interests and store them in their permanent profile of you. Now imagine what advanced machine learning and artificial intelligence can deduce about you based on various combinations of interest signals," Apple said. "What patterns will emerge when data brokers and trackers can compare and contrast across large portions of the population? Remember that they can combine the output of the Topics API with any other data points they have available, and it’s the analysis of all of it together that feeds the algorithms that try to draw conclusions about you." Third-Party Cookies Decision Criticized by Privacy Advocates The decision to retain cookies underscores the immense challenges of balancing privacy with the economic engine of targeted advertising. While Google claims to be prioritizing user choice, concerns linger about the company's ability to leverage its market power to shape the future of online tracking. Regulators, including the UK's Competition and Markets Authority (CMA) and the Information Commissioner's Office (ICO), have expressed disappointment with Google's decision and vowed to scrutinize the company's new approach. Stephen Bonner, Deputy Commissioner at the ICO said: "We are disappointed that Google has changed its plans and no longer intends to deprecate third party cookies from the Chrome Browser. “From the start of Google’s Sandbox project in 2019, it has been our view that blocking third party cookies would be a positive step for consumers. “The new plan set out by Google is a significant change and we will reflect on this new course of action when more detail is available. “Our ambition to support the creation of a more privacy friendly internet continues. Despite Google’s decision, we continue to encourage the digital advertising industry to move to more private alternatives to third party cookies - and not to resort to more opaque forms of tracking. “We will monitor how the industry responds and consider regulatory action where systemic non-compliance is identified for all companies including Google.” The CMA also shared similar views. It said, "The CMA will now work closely with the ICO to carefully consider Google’s new approach to Privacy Sandbox. We welcome views on Google’s revised approach, including possible implications for consumers and market outcomes." The industry is now bracing for a new era of uncertainty as it grapples with the implications of this far-reaching change.

image for Google Chrome’s Ne ...

 Business News

Chrome has quietly bolstered its defenses against malicious downloads, leveraging AI and user behavior insights to thwart a growing array of threats. Google's browser has introduced a more nuanced warning system, distinguishing between "suspicious" and "dangerous" files, and automating deep scans   show more ...

for enhanced protection of users. The move aims to pre-empt threats like cookie theft malware hidden within encrypted archives. The latest changes were brought in after Chrome recently updated its user interface. "Taking advantage of the additional space available in the new downloads UI, we have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Google's security team said. [caption id="attachment_83625" align="aligncenter" width="500"] Differentiation between "Suspicious" and "Dangerous" warnings (Source: Google Security Blog)[/caption] By leveraging AI and machine learning, Chrome offers more granular warnings, automatic deep scans, and protections against encrypted archive-based attacks. The redesigned download experience offers more than just aesthetic improvements. It’s a tactical shift in Google’s defense strategy. By providing detailed warnings, Chrome hopes to empower users to make informed decisions about file downloads. The two-tier warning system, backed by AI-powered malware verdicts from Google Safe Browsing, adds granularity to threat assessments. The results are tangible: fewer ignored warnings and quicker responses to threats. A particularly intriguing development is the expansion of automatic deep scans for Enhanced Protection users. While this might sound like a minor tweak, it's a significant step forward. By proactively scanning suspicious files, Chrome can catch never-before-seen malware and disrupt attack chains early. The claim that files sent for deep scanning are over 50 times more likely to be flagged as malware underscores the efficacy of this approach. However, attackers are not standing still. A disturbing trend involves packaging malware in encrypted archives, a technique that evades traditional detection methods. Chrome counters this by prompting users to enter passwords for suspicious archives. While this adds a layer of complexity, it's a necessary evil to prevent the spread of concealed threats. [caption id="attachment_83624" align="aligncenter" width="500"] Prompt to enter a file password to send an encrypted file for a malware scan (Source: Google Security Blog)[/caption] For users on the default Standard Protection mode, Chrome offers a more limited, but still valuable, defense. It prompts password entry for suspicious encrypted archives, but instead of sending the file for deep scanning, it merely checks the archive's metadata against known threats. While this approach is less robust, it provides a baseline of protection for the majority of users. Chrome’s enhanced download protections represent a significant stride in the ongoing battle against malware. By combining AI-driven analysis, user education, and proactive defense, Google has created a formidable barrier against malicious downloads. While these enhancements are commendable, the evolving threat landscape demands continuous innovation. As Google's Threat Analysis Group and security researchers worldwide uncover new tactics, Chrome must adapt accordingly. The success of these new defenses will ultimately be determined by their ability to stay ahead of a relentless adversary.

image for FTC Fires Warning Sh ...

 Compliance

In a move that could reshape the digital advertising landscape, the Federal Trade Commission has issued orders to eight major companies involved in surveillance pricing. These firms - which include tech giants and financial institutions leveraging advanced algorithms, AI, and troves of personal data - are accused of   show more ...

creating a shadowy ecosystem where consumers may be charged different prices based on their digital footprints. The FTC’s action shines a spotlight on a growing concern: that personal data, once thought to be a digital currency, is now being weaponized for profit. By demanding detailed information about these practices, the commission aims to understand how deeply surveillance pricing has penetrated the market and its potential impact on consumers. Why FTC is Looking into Surveillance Pricing Surveillance pricing is a practice where companies use personal data to set individualized prices for products and services. FTC's latest move signals a major escalation in the agency’s battle against not just surveillance pricing, but the overall ecosystem of data brokers and digital surveillance. Eight companies - Mastercard, Revionics, Bloomreach, JPMorgan Chase, Task Software, PROS, Accenture, and McKinsey & Co. - have been served with orders demanding detailed information about their surveillance pricing models. The FTC is seeking to understand how these companies collect, process, and utilize personal data to determine prices, and whether this practice is harming consumers. “Firms that harvest Americans’ personal data can put people’s privacy at risk. Now firms could be exploiting this vast trove of personal information to charge people higher prices,” said FTC Chair Lina Khan. “Americans deserve to know whether businesses are using detailed consumer data to deploy surveillance pricing, and the FTC’s inquiry will shed light on this shadowy ecosystem of pricing middlemen.” The FTC’s inquiry focuses on four key areas: Product and Service Offerings: The types of surveillance pricing products and services developed or licensed by each company, including technical details and intended uses. Data Collection: Information on data sources, collection methods, and platforms used to gather personal information. Customer and Sales Information: Details about who the products and services were offered to and their intended use. Consumer Impact: Information on how surveillance pricing affects consumers, including potential price disparities. FTC Aims to Protect Consumers The FTC is wielding its 6(b) authority, which allows for broad investigations without a specific law enforcement purpose, to gather the necessary data. The agency believes that by understanding how surveillance pricing operates, it can better protect consumers and ensure fair competition. While the full extent of surveillance pricing remains unclear, the FTC’s action sends a strong message to the industry: the era of unchecked data exploitation may be drawing to a close. FTC's orders come a day after Google said it was abandoning its long-standing plan to phase out third-party cookies in Chrome, which privacy advocates think will favor advertisers and data brokers more. Rather than eliminating these digital tracking beacons, Google will now offer users a choice to retain or reject them under its Privacy Sandbox initiative.

image for CrowdStrike Blames T ...

 Cybersecurity News

CrowdStrike Holdings Inc has attributed the global IT outage last week to a bug in its test software. The CrowdStrike outage affected 8.5 million Windows systems mostly used by airports, hospitals and large tech firms on July 19, 2024. The cybersecurity company’s latest revelation came from a Preliminary Post   show more ...

Incident Review (PIR) included in its updated remediation guide, explaining the series of events that led to the disruption. The PIR update on Wednesday mentioned that the core of the issue was in the "Sensor Content" shipped with CrowdStrike's Falcon Sensor, which defines its capabilities and is updated via "Rapid Response Content" to address new threats. This software relies on "Template Types" and "Template Instances" to map specific behaviors for the sensor software to detect or prevent threats. CrowdStrike Outage Investigation in Detail In February 2024, CrowdStrike said that it introduced a new "InterProcessCommunication (IPC) Template Type" that the vendor designed to detect “novel attack techniques that abuse Named Pipes”. Following successful testing on March 5, 2024 multiple IPC Template Instances were released between April and July. “Subsequently, three additional IPC Template Instances were deployed between April 8, 2024 and April 24, 2024. These Template Instances performed as expected in production,” the PIR said. The July 19 release, however, contained "problematic content data" due to a bug in the Content Validator, leading to an out-of-bounds memory read that triggered system crashes. CrowdStrike's PIR revealed that the assumption of the July 19 release's stability, based on prior successful tests, was flawed. The unanticipated exception caused widespread Windows OS crashes, affecting critical operations globally, from airlines and banks to stock exchanges. The incident report includes promises to test future Rapid Response Content more rigorously, stagger releases, offer users more control over when to deploy it, and provide release notes. The fiasco prompted an apology from Shawn Henry, CrowdStrike’s Chief Security Officer, who acknowledged the failure in a LinkedIn post, stating, "The confidence we built in drips over the years was lost in buckets within hours, and it was a gut punch." What’s Next for CrowdStrike? The US-based cybersecurity company is now undertaking a comprehensive review to understand the full extent of the incident, which brought down operations across various sectors, including emergency services and banking, particularly in Hong Kong and the UK. Microsoft and CrowdStrike have since rolled out fixes, restoring many systems. CrowdStrike regularly makes security content configuration updates to observe, detect, or prevent malicious activity. The problematic update, however, carried an undetected error, leading to the crashes. The company has pledged to enhance its testing protocols for future Rapid Response Content. This includes implementing a new check to fix the faulty Content Validator and adopting staggered deployments, known as canary deployments, to ensure updates are tested piecemeal before widespread rollout. Additionally, CrowdStrike plans to give customers more control over content delivery, allowing them to choose when and where updates are deployed. This move aims to prevent similar incidents and rebuild customer trust. The fallout from the outage was significant, with CrowdStrike’s shares plummeting nearly 30%, erasing billions from its market value. The US House Committee on Homeland Security has requested an appearance from CEO George Kurtz to explain the measures the company will take to mitigate future risks. Henry reiterated CrowdStrike's commitment to learning from this incident and improving its processes to ensure such a failure does not recur. The company is determined to restore its reputation and customer confidence by addressing the root causes and implementing robust safeguards. The CrowdStrike incident underscores the critical importance of rigorous testing and validation in cybersecurity software. The global disruption caused by a single faulty update highlights the potential widespread impact of such vulnerabilities. Moving forward, CrowdStrike’s efforts to improve its testing and deployment processes will be crucial in preventing similar incidents and maintaining the integrity of their cybersecurity solutions.

image for CISA Leadership Chan ...

 Firewall Daily

Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly acknowledged significant leadership changes within the agency. This CISA leadership change marks the departure of Brandon Wales, who has served admirably as Executive Director for several pivotal years. Taking this place is Bridget Bean,   show more ...

serving as the next director of the agency.  Reflecting on Wales's tenure, Director Easterly expressed deep gratitude, stating, "Brandon has guided CISA through some of the most serious threats facing our Nation." With over two decades of federal service, Wales played a crucial role in shaping CISA into its current form, navigating challenges such as the SolarWinds breach and the Colonial Pipeline ransomware attack. His departure, planned collaboratively, ensures a seamless transition to new leadership. CISA Leadership Change: Bridget Bean Takes Over as the New Executive Director [caption id="attachment_83474" align="alignnone" width="1200"] Source: CISA[/caption] Stepping into the role of Executive Director in August is Bridget Bean, currently serving as Assistant Director for Integrated Operations. Bean brings over thirty years of federal government experience to her new position. Director Easterly highlighted Bean's exceptional leadership qualities, emphasizing her pivotal role in fostering a unified team within CISA. "We thank Brandon for his dedicated service and welcome Bridget as she assumes this critical role," Director Easterly remarked, highlighting the CISA leadership change and the agency’s commitment to continuity and operational excellence. This leadership change at CISA follows other recent leadership appointments within CISA, including Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement. Director Easterly expressed confidence in these appointments, noting their extensive backgrounds in cybersecurity policy and stakeholder collaboration, respectively. More Leadership Changes at CISA Jeff Greene, previously Senior Director at the Aspen Institute and Chief for Cyber Response & Policy at the National Security Council, emphasized the importance of CISA's cybersecurity mission. "I'm honored to join Team CISA," Greene remarked, highlighting the agency's pivotal role in safeguarding national cybersecurity. Trent Frazier, who transitioned from Deputy Assistant Director for Stakeholder Engagement, spoke enthusiastically about his new role. "I look forward to continuing our strategic collaboration efforts," Frazier stated, emphasizing the importance of engaging both governmental and industry partners in CISA's initiatives. As CISA continues to evolve under new leadership, Director Easterly reaffirmed the agency's commitment to enhancing national cybersecurity and resilience. The agency's ability to attract top talent highlights its critical role as America's Cyber Defense Agency. The changes in CISA's leadership signal a proactive approach to addressing evolving cybersecurity challenges, ensuring continuity in strategic initiatives, and reinforcing collaborative efforts across sectors essential to national security.

image for Bullhorn Refutes Dat ...

 Cybersecurity News

Threat actors known as "wonder" and "almighty4444" have claimed to breach Bullhorn, a leading provider of cloud-based software for the staffing and recruitment industry. The alleged Bullhorn data breach, which reportedly occurred in May 2024, involves more than 3 million records. According to reports   show more ...

circulating on various cybersecurity forums, the database of Bullhorn is now purportedly up for sale. However, the company has denied the claims, stating that the Bullhorn systems are secure and were not impacted. Alleged Bullhorn Data Breach Claimed by the Hackers: The compromised data in alleged Bullhorn data breach includes: 2 million records of users associated with companies using Bullhorn’s infrastructure. 1 million records of the companies themselves. Personal information of individuals actively seeking employment. The threat actors have claimed that the data is available for purchase, with the price negotiable through private message offers. The Cyber Express team reached out to Bullhorn officials for verification of the breach claims. In response, a Bullhorn spokesperson told TCE, "We are aware of reports concerning a data security incident allegedly involving the Bullhorn database. After completing an assessment, we found that the incident did not involve Bullhorn." The spokesperson clarified that the threat actor's claim was false and did not impact Bullhorn systems. "We want to emphasize that this incident did not affect our systems or data in any way." Bullhorn informed TCE that the incident involved another business that integrates with Bullhorn. "There was an incident involving another business that integrates with Bullhorn. The company has acknowledged the incident, is actively addressing the situation, and will notify firms if their data was impacted. We have notified the appropriate authorities and are cooperating fully with any inquiries. As always, we remain committed to the security and privacy of our data." [caption id="attachment_83070" align="aligncenter" width="1024"] Source: X[/caption] Bullhorn's Industry Standing According to the official website of Bullhorn, for the past 25 years, the company has established itself as a cornerstone in the staffing and recruitment industry. The company, which generated an annual revenue of $750 million as of May 2024, prides itself on delivering industry-leading, cloud-based software solutions. Bullhorn’s clientele includes 10,000 customers worldwide, supported by a global workforce of 1,400 employees across 14 countries. Headquartered in Boston and founder-led, Bullhorn has built a reputation for excellence in customer service and deep domain expertise in recruitment best practices. Cybersecurity Landscape in the Recruitment Industry The recruitment and staffing industry has become a prime target for cybercriminals due to the valuable personal and professional data it handles. Recent statistics indicate a worrying trend: Increased Phishing Attacks: The industry has seen a 35% rise in phishing attacks over the past year. Inadequate Cybersecurity Measures: Only 25% of businesses in the beauty industry, which shares similar vulnerabilities with the staffing sector, have dedicated cybersecurity teams. Growing Concern Among Executives: 55% of industry executives believe cyber threats will significantly impact future business growth. Frequent Data Breaches: 45% of companies in related industries experienced a data breach in the last year, with an average cost of $3.86 million per breach. With the response from Bullhorn officials sent to TCE, the claims regarding a Bullhorn data breach have been confirmed as false. The Cyber Express team continues to monitor the situation closely and will provide updates as more information becomes available.  

image for Anujh Tewari Takes H ...

 Business News

Microsoft has appointed Anujh Tewari as the Chief Cybersecurity Advisor for India and South Asia. Tewari announced his new role on LinkedIn, expressing his enthusiasm and vision for the transformative potential of artificial intelligence (AI) in cybersecurity. “I am thrilled to share that I have started my role in   show more ...

Microsoft as the Chief Cybersecurity Advisor for India and South Asia,” Tewari wrote. He further elaborated on his passion for AI and its impact on cybersecurity, stating, “I am passionate about the transformative power of AI. I fundamentally believe that AI will transform how the world’s largest and most complex organizations keep their digital systems secure and resilient. Looking forward to learning, collaborating, and contributing meaningfully to this dynamic and critical field.” Anujh Tewari Distinguished Career in Cybersecurity Before joining Microsoft, Tewari had an illustrious career with several leading technology firms, where he held pivotal roles in cybersecurity and risk management. Anujh Tewari had a distinguished career in cybersecurity, holding pivotal roles at leading technology firms like DXC Technology, HCL Technologies, and TMF Group. At DXC Technology, he served as the Practice Head for Cybersecurity Services and Risk Management Services, overseeing a large team and ensuring compliance with standards such as ISAE3402, SOC1, SOC2, and more. At HCL Technologies, Tewari was the Group Global Chief Information Security Officer (CISO), leading risk and compliance frameworks and advising senior leadership on comprehensive risk management programs. At TMF Group, he was the Group Global CISO, managing the firm's technology risk and cybersecurity program, emphasizing a unique culture and service excellence. From leading cybersecurity service delivery to overseeing risk and compliance committees, Tewari has a proven track record of success in protecting organizations from digital threats. Looking Ahead at Microsoft In his new role at Microsoft, Tewari is poised to leverage his extensive experience and passion for AI to drive cybersecurity innovation and resilience in India and South Asia. His appointment comes at a crucial time as organizations in the region face increasingly sophisticated cyber threats. Tewari’s vision for the future of cybersecurity is rooted in the belief that AI will play a transformative role in protecting digital systems. By harnessing the power of AI, he aims to help organizations stay ahead of cyber threats, ensuring the security and resilience of their digital infrastructure. With his proven track record and commitment to excellence, Anujh Tewari is set to make a significant impact at Microsoft, contributing to the company’s mission of empowering every person and organization on the planet to achieve more securely. The Cyber Express team will continue to monitor and report on Tewari's contributions to the cybersecurity landscape in the region, providing updates as more information becomes available.

image for Paris Wi-Fi Security ...

 Threats

The upcoming Paris Olympics — the worlds biggest sporting event since pandemic restrictions were lifted — are expected to attract over 15 million tourists to Paris — which is something scammers are already actively preparing for. Almost certainly, each of these tourists/spectators will need access to the   show more ...

internet, and this is where public Wi-Fi hotspots come to the rescue. However, this approach has its risks: cybercriminals may use public access points to intercept your data. On the eve of the Olympics, our researchers have mapped and assessed the security of the open Wi-Fi networks that visitors might use. Weve analyzed around 25,000 public Wi-Fi hotspots in Paris, and found that every fourth one is unsafe — making their users vulnerable to personal and banking data theft. For how to safely use Wi-Fi during the Paris Olympics — read on Heat map of all the examined public access points in Paris. Red indicates a high concentration of hotspots; green — a low concentration What we found out In total, we recorded 47,891 signal records from 24,766 unique Wi-Fi access points across popular locations and Olympic venues in Paris. Around 25% (6083) of the examined Wi-Fi hotspots turned out to have serious security weaknesses — such as weak or nonexistent encryption, use of outdated devices and protocols, or misconfiguration — making them vulnerable to interception, decryption, or cracking attacks. Not all of these hotspots are accessible to all passersby; to connect to some, you need to enter a password or PIN. However, in general, we classified as unsafe both completely open networks without any protection (we found 3176 of them), as well as those that are either misconfigured or use compromised protocols and are easily hacked using widely-known algorithms. This means that when using such access points, users are at great risk: without reliable protection, cybercriminals can steal passwords, banking data and other personal information of users. How many Wi-Fi points use WPS and WPA3? Approximately 20% (4864) of the public Wi-Fi access points we investigated in Paris use the notoriously vulnerable WPS protocol, which is outdated and easily compromised. This makes them susceptible to WPS attacks, which can lead to data loss. And below just 6% (1373) of all the hotspots are protected by the modern WPA3 security protocol, which has built-in protection against brute-force attacks, individual data encryption, and other features that make Wi-Fi access points secured by this protocol safe. This result is disappointing. The main problems we found are either the incorrect configuration of access points (making them vulnerable to attacks), or the use of outdated equipment that doesnt support modern security standards and protocols. How we researched Experts from Kasperskys GReAT (Global Research and Analysis Team) swapped their office chairs for benches, cafes, parks, and other public spaces in Paris for several days — all to study the most popular places in the city that Olympic spectators are likely to visit: Arc de Triomphe Champs-Élysées The Louvre The Eiffel Tower Notre-Dame The Seine River embankments The Trocadéro Stade de France Heat map showing the distribution of both safe and unsafe public access points in Paris. Red indicates a high concentration of unsafe hotspots; green — safe ones From a Wi-Fi security standpoint, leading the way are the embankments along the Seine. However, in and around the Trocadéro, its better to walk around without connecting to public Wi-Fi. The same goes for the Champs-Élysées and the Arc de Triomphe, where there are usually a great many folks milling about — even without the Olympics being on — so its worth keeping an eye on both your digital and physical safety (for the latter — e.g., against pickpocketing). We, of course, will help maintain the confidentiality of your digital identity, but we can do nothing if someone tries to steal your smartphone. Although with the help of Kaspersky: Antivirus & VPN its easy to find a lost Android smartphone. The Olympics will start at the Stade de France, where there are also many unsafe Wi-Fi access points. There are unprotected networks both right next to the stadium and in the surrounding area, so be careful whenever you want to post something directly from the stadium. Connecting to Wi-Fi near the stadium is likely unsafe Whats the result Thus, 25% of (central) Parisian Wi-Fi access points are unsafe — including both open ones and those that require a password or PIN to connect. Moving around the city, youll be constantly switching between available hotspots. So how can you use public Wi-Fi and not worry about your digital security? Its difficult to determine on your own how dangerous a particular Wi-Fi access point is — of course, except for open hotspots without any protection, connecting to which is definitely unsafe. Therefore, when using any public access point, its necessary to protect your Wi-Fi connection with a VPN. If youre in dire need of a VPN service to protect your connection but dont want to pay for one, consider using the free version of Kaspersky VPN Secure Connection. Free mode wont allow you to select a server, plus theres a traffic limit of 300 MB per day, but both your traffic and your device are fully secure. The better option of course is to buy a subscription; after all, a reliable VPN is a must-have app for absolutely everyone — and has been for some time. Premium access to Kaspersky VPN Secure Connection — available as a standalone purchase or as part of our Kaspersky Plus and Kaspersky Premium subscriptions — grants you access to one of the fastest VPNs in the world across all your devices, along with top-rated protection against phishing and other threats, as verified by independent researchers. Best of all, you can enjoy a 30-day free trial of these subscriptions and experience the full functionality of our protection and VPN for free during the Olympics. Of course, its better to download the applications in advance over a secure connection. If your device doesnt have a VPN installed and youre forced to connect to public Wi-Fi in Paris (or any other city), follow these rules: Do not pay for purchases online: your banking data can be intercepted Do not transmit any important information without a secure connection Do not log into personal accounts that arent protected by two-factor authentication (2FA) Use only strong passwords and store them securely Disable file sharing and AirDrop (if you have it) on your devices to prevent unauthorized access to your files Enable the firewall on your laptop Regularly update the operating system and applications on all your devices to patch new vulnerabilities But its much easier to use maximum protection on all your devices, which will keep your digital identity safe even in another country. And dont forget to subscribe to our blog and/or Telegram channel: take care of your digital safety today!

 Incident Response, Learnings

Verizon Communications has agreed to pay a $16 million settlement to the FCC for three data breaches at TracFone Wireless, a subsidiary acquired in 2021. TracFone provides services under brands like Total by Verizon Wireless and Straight Talk.

 Threat Actors

The leak comes from a backup allegedly sold by Conor Fitzpatrick, also known as Pompompurin. Following the seizure of RaidForums in 2022, Fitzpatrick launched BreachForums v1, which was later seized by the FBI and linked to his arrest.

 Malware and Vulnerabilities

The Daolpu malware collects account credentials, browser history, and cookies from Chrome, Edge, Firefox, and other browsers. It is spread through malicious document attachments in phishing emails that contain malicious macros.

 Trends, Reports, Analysis

The Department of Health and Human Services is facing cloud security issues, with weaknesses in security controls and inventories of cloud systems. Over 30% of their systems are in the cloud, putting them at risk of compromise.

 Companies to Watch

Alphabet's planned $23 billion acquisition of cybersecurity firm Wiz has fallen through, leading Wiz to pursue its own path toward an IPO and aiming for $1 billion in annual recurring revenue (ARR).

 Trends, Reports, Analysis

RMM tools have become essential in managing remote devices, but they also pose risks if exploited by threat actors. Attackers can gain remote access to devices, exfiltrate data, and remain undetected.

 Computer, Internet Security

Google has decided to continue supporting third-party cookies, instead proposing a new approach that allows users to opt-in to their Privacy Sandbox. This comes after criticism and regulatory pressure over privacy concerns and competition issues.

 Companies to Watch

Protexxa, a Toronto-based B2B SaaS cybersecurity company founded by Claudette McGowan, has secured $10 million in Series A funding from various investors including Bell Ventures and private investors like Sonia Baxendale and Annette Verschuren.

 Malware and Vulnerabilities

Threat actors are targeting Hamster Kombat's 250 million players with fake Android and Windows software that install spyware and malware. The clicker mobile game allows players to earn fictional currency by completing simple tasks.

 Trends, Reports, Analysis

The Philippines has decided to shut down its online gambling industry to tackle illegal activities such as financial scams and human trafficking. President Ferdinand Marcos Jr instructed PAGCOR to cease operations of POGOs by the end of the year.

 Feed

Ubuntu Security Notice 6912-1 - James Henstridge discovered that provd incorrectly handled environment variables. A local attacker could possibly use this issue to run arbitrary programs and escalate privileges.

 Feed

Gentoo Linux Security Advisory 202407-27 - Multiple vulnerabilities have been discovered in ExifTool, the worst of which could lead to arbitrary code execution. Versions greater than or equal to 12.42 are affected.

 Feed

Ubuntu Security Notice 6906-1 - It was discovered that python-zipp did not properly handle the zip files with malformed names. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6910-1 - Chess Hazlett discovered that Apache ActiveMQ incorrectly handled certain commands. A remote attacker could possibly use this issue to terminate the program, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS. Peter Stoeckli discovered that Apache ActiveMQ   show more ...

incorrectly handled hostname verification. A remote attacker could possibly use this issue to perform a person-in-the-middle attack. This issue only affected Ubuntu 16.04 LTS.

 Feed

Ubuntu Security Notice 6530-2 - Seth Manesse and Paul Plasil discovered that HAProxy incorrectly handled URI components containing the hash character. A remote attacker could possibly use this issue to obtain sensitive information, or to bypass certain path_end rules.

 Feed

Ubuntu Security Notice 6907-1 - Joshua Rogers discovered that Squid did not properly handle multi-byte characters during Edge Side Includes processing. A remote attacker could possibly use this issue to cause a memory corruption error, leading to a denial of service.

 Feed

Ubuntu Security Notice 6911-1 - Arnaud Morin discovered that Nova incorrectly handled certain raw format images. An authenticated user could use this issue to access arbitrary files on the server, possibly exposing sensitive information.

 Feed

Ubuntu Security Notice 6908-1 - It was discovered that the Tomcat SSI printenv command echoed user provided data without escaping it. An attacker could possibly use this issue to perform an XSS attack. It was discovered that Tomcat incorrectly handled certain uncommon PersistenceManager with FileStore configurations. A remote attacker could possibly use this issue to execute arbitrary code.

 Feed

Ubuntu Security Notice 6909-1 - It was discovered that Bind incorrectly handled a flood of DNS messages over TCP. A remote attacker could possibly use this issue to cause Bind to become unstable, resulting in a denial of service. Toshifumi Sakaguchi discovered that Bind incorrectly handled having a very large number   show more ...

of RRs existing at the same time. A remote attacker could possibly use this issue to cause Bind to consume resources, leading to a denial of service.

 Feed

Cybersecurity firm CrowdStrike on Wednesday blamed an issue in its validation system for causing millions of Windows devices to crash as part of a widespread outage late last week. "On Friday, July 19, 2024 at 04:09 UTC, as part of regular operations, CrowdStrike released a content configuration update for the Windows sensor to gather telemetry on possible novel threat techniques," the company

 Feed

A now-patched security flaw in the Microsoft Defender SmartScreen has been exploited as part of a new campaign designed to deliver information stealers such as ACR Stealer, Lumma, and Meduza. Fortinet FortiGuard Labs said it detected the stealer campaign targeting Spain, Thailand, and the U.S. using booby-trapped files that exploit CVE-2024-21412 (CVSS score: 8.1). The high-severity

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerabilities are listed below - CVE-2012-4792 (CVSS score: 9.3) - Microsoft Internet Explorer Use-After-Free Vulnerability CVE-2024-39891 (CVSS score: 5.3) - Twilio Authy Information Disclosure

 Feed

Security questionnaires aren’t just an inconvenience — they’re a recurring problem for security and sales teams. They bleed time from organizations, filling the schedules of professionals with monotonous, automatable work. But what if there were a way to reduce or even altogether eliminate security questionnaires? The root problem isn’t a lack of great questionnaire products — it’s the

 Feed

A zero-day security flaw in Telegram's mobile app for Android called EvilVideo made it possible for attackers to malicious files disguised as harmless-looking videos. The exploit appeared for sale for an unknown price in an underground forum on June 6, 2024, ESET said. Following responsible disclosure on June 26, the issue was addressed by Telegram in version 10.14.5 released on July 11. "

 Feed

There is one simple driver behind the modern explosion in SaaS adoption: productivity. We have reached an era where purpose-built tools exist for almost every aspect of modern business and it’s incredibly easy (and tempting) for your workforce to adopt these tools without going through the formal IT approval and procurement process. But this trend has also increased the attack surface—and with

 Feed

The threat actor known as Patchwork has been linked to a cyber attack targeting entities with ties to Bhutan to deliver the Brute Ratel C4 framework and an updated version of a backdoor called PGoShell. The development marks the first time the adversary has been observed using the red teaming software, the Knownsec 404 Team said in an analysis published last week. The activity cluster, also

 CrowdStrike

Source: www.databreachtoday.com – Author: 1 Endpoint Protection Platforms (EPP) , Endpoint Security , Governance & Risk Management Cybersecurity Vendor’s Preliminary Review Details Problems, Promises Improvements Mathew J. Schwartz (euroinfosec) • July 24, 2024     CrowdStrike has blamed internal   show more ...

testing failures, including buggy testing software, for failing to prevent the faulty “rapid content update” Friday […] La entrada CrowdStrike Says Code-Testing Bugs Failed to Prevent Outage – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Critical Infrastructure Security , Governance & Risk Management , Operational Technology (OT) ICS-Specific Malware Uses Modbus Protocol for Disruptive Attacks Prajeet Nair (@prajeetspeaks) • July 23, 2024     Undated file photo of Lviv, Ukraine, in winter   show more ...

(Image: Shutterstock) Hackers used novel malware to knock out the heating system for […] La entrada Hackers Froze Ukrainian Heating Systems in Winter – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Business Continuity Management / Disaster Recovery , Governance & Risk Management , Video Claroty CEO Vardi on Compensating Controls, Segmentation and Secure Remote Access Michael Novinson (MichaelNovinson) • July 23, 2024     Yaniv Vardi, CEO, Claroty   show more ...

(Image: Claroty) The recent CrowdStrike outage highlighted the need for organizations to shift […] La entrada Proactive Network Security: Lessons From CrowdStrike Outage – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cloud Security , Healthcare , Industry Specific Inspector General Says HHS Cloud Systems Are Potentially at Risk of Compromise Marianne Kolbasuk McGee (HealthInfoSec) • July 23, 2024     A new audit report indicates that the U.S. Department of Health and Human   show more ...

Services is facing some of the same cloud […] La entrada Report: HHS Needs to Beef Up Cloud Security and Skills – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-07
Aggregator history
Wednesday, July 24
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember