Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Six Iranian Hackers ...

 Cybersecurity News

The U.S. State Department has identified six Iranian government hackers allegedly responsible for a series of cyberattacks on U.S. water utilities last fall. In response, the department has announced a substantial reward for information about these six Iranian hackers leading to their identification or location. This   show more ...

move highlights the severity of the threat posed by these cyber actors and the commitment of the U.S. government to safeguarding its critical infrastructure. State Department Reward for Six Iranian Hackers The State Department’s Rewards for Justice program is offering up to $10 million for information on individuals acting under foreign government control who engage in malicious cyber activities against U.S. critical infrastructure. This includes actions in violation of the Computer Fraud and Abuse Act. The six Iranian officials named in the advisory are linked to Iran’s Islamic Revolutionary Guard Corps (IRGC) and its Cyber-Electronic Command (IRGC-CEC). They are accused of compromising industrial control systems, specifically targeting the Vision series of programmable logic controllers (PLCs) manufactured by Israel-based Unitronics. These PLCs are widely used in various industries, including water and wastewater, energy, food and beverage, manufacturing, and healthcare. The hackers exploited default credentials in these devices, leaving messages with anti-Israel sentiments and potentially rendering the devices inoperative. The individuals identified are: Hamid Homayunfal Hamid Reza Lashgarian Mahdi Lashgarian Milad Mansuri Mohammad Bagher Shirinkar Reza Mohammad Amin Saberian [caption id="attachment_85849" align="aligncenter" width="775"] Source: rewardsforjustice.net[/caption] Profiles of Key Actors Hamid Reza Lashgarian: Head of the IRGC’s Cyber-Electronic Command and a commander in the IRGC-Qods Force. He has a history of involvement in various IRGC cyber and intelligence operations. Hamid Homayunfal, Mahdi Lashgarian, Milad Mansuri, Reza Mohammad Amin Saberian, and Mohammad Bagher Shirinkar: Senior officials within the IRGC-CEC, responsible for executing cyber activities. CyberAv3ngers: The Hackers Behind the Cyberattacks The CyberAv3ngers group, linked to the IRGC-CEC, specifically targeted the Vision series of PLCs manufactured by Israel-based Unitronics.  In October 2023, CyberAv3ngers took credit for cyberattacks against Israeli PLCs via their Telegram channel. Starting in November 2023, they compromised the default credentials in these PLCs across the U.S., leaving messages on the devices’ digital screens with anti-Israel statements. These compromises often rendered the devices inoperative. On February 2, 2024, the U.S. Department of the Treasury imposed sanctions on the six IRGC-CEC officials for their cyber activities. These individuals were designated as Specially Designated Nationals under Executive Order (E.O.) 13224, which targets leaders and officials of terrorist organizations. The sanctions block all property and interests in property of these officials within the U.S. or controlled by U.S. persons and generally prohibit U.S. persons from engaging in transactions involving these individuals. The U.S. government is urging anyone with information on CyberAv3ngers’ activities or the identified individuals to contact Rewards for Justice. Information can be reported anonymously via a Tor-based tip line accessible through the Tor browser). [caption id="attachment_85850" align="aligncenter" width="697"] Source: X[/caption] CISA’s Response and Recommendations The Cybersecurity and Infrastructure Security Agency (CISA) has been proactive in identifying US water utility operators using Unitronics devices. Throughout the fall, CISA notified these operators of the campaign, urging them to change default passwords on their devices to prevent unauthorized access. Although there was no evidence of compromised safe drinking water provision, officials expressed concern that hackers could use the compromised devices to gain deeper network access. The incident has reignited concerns about the vulnerability of the U.S. water sector to cyberattacks. These concerns were highlighted by a recent government watchdog report criticizing the Environmental Protection Agency (EPA) for not conducting a comprehensive sector-wide risk assessment or developing a risk-informed strategy to guide its actions. The U.S. government’s substantial reward for information on these Iranian hackers highlights the serious threat posed by cyberattacks on critical infrastructure. By offering up to $10 million, the State Department hopes to bring these cyber criminals to justice and bolster the security of essential services.

image for INTERPOL Authorities ...

 Cybersecurity News

In a major win for global law enforcement, authorities in Singapore and Timor-Leste, with the help of INTERPOL, have recovered over $40 million stolen in an international email scam. The incident began on July 15, 2024, when a Singapore-based commodity firm received an email from a supplier requesting a pending $42.3   show more ...

million payment be sent to a new bank account in Timor-Leste. Unaware that the email was from a fraudulent account, the firm transferred the funds as requested. Four days later, the firm discovered the deception when the genuine supplier reported not receiving the payment. The Singapore Police Force (SPF) quickly sprang into action, seeking assistance from Timor-Leste authorities through INTERPOL's Global Rapid Intervention of Payments (I-GRIP) mechanism. INTERPOL Cooperation In International Email Scam Upon receiving a police report from the Singapore firm, the Singapore Police Force quickly requested assistance from authorities in Timor-Leste through INTERPOL's Global Rapid Intervention of Payments (I-GRIP) mechanism. I-GRIP utilizes INTERPOL's vast 196-country network to expedite financial crime investigations. Within days, authorities in Timor-Leste detected and withheld US$39 million from the fake supplier's bank account. Additional investigations led to the arrest of seven suspects and the recovery of an additional US$2 million. [caption id="attachment_85815" align="aligncenter" width="535"] Source: https://www.interpol.int/[/caption] This is a great example of how cooperation between authorities can lead to significant results," said Isaac Oginni, Director of INTERPOL's Financial Crime and Anti-Corruption Centre. "Speed is of the essence in intercepting the proceeds of online scams, and we commend the swift action taken by Singapore and Timor-Leste authorities in this case." The recovery marks a notable achievement for INTERPOL's I-GRIP mechanism, which has helped law enforcement intercept hundreds of millions of dollars in illicit funds since its launch in 2022. The mechanism has proven invaluable in combating financial crime, particularly in the early years of the COVID-19 pandemic, when it played a pivotal role in recovering funds transferred to fraudsters. Preventing Future Scams The Director of the Singapore Police Force's Commercial Affairs Department,  David Chew, stated: “Scams are a global threat that requires a global response from law enforcement. Today, money moves at the click of a button, and law enforcement must be able to move as fast to protect our citizens. We commend the swift and decisive action of INTERPOL’s Financial Crime and Anti-Corruption Centre, which played a pivotal role in the prompt interception of more than USD 40 million.” While the successful recovery in this case is a significant achievement, INTERPOL is urging businesses and individuals to take proactive steps to avoid falling victim to business email compromise (BEC) and other social engineering scams. "INTERPOL is encouraging businesses and individuals to take preventative steps to avoid falling victim to business email compromise and other social engineering scams," the organization stated, directing the public to its website for more information and resources.

image for Cyble and Wipro Forg ...

 Firewall Daily

Atlanta & Bengaluru, India, August 08, 2024- Cyble, a pioneer in AI-powered threat intelligence, today announced a partnership with Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO), a leading technology services and consulting company, to enhance enterprise cybersecurity risk management through AI-driven threat   show more ...

intelligence solutions. The partnership brings together Cyble's patented artificial intelligence (AI) systems and automation capabilities with Wipro’s global security and compliance expertise to provide security teams with deeper insights and enable more informed decision-making. The collaboration integrates Cyble’s AI and machine learning-driven platforms into Wipro’s cybersecurity risk frameworks to provide real-time threat intelligence, proactive attack surface management and comprehensive risk assessments that can fortify businesses against advanced cyber threats. Cyble and Wipro's integration also enhances capabilities in Dark Web monitoring and brand protection, ensuring early threat detection with more effective responses. "The co-development between Wipro and Cyble goes beyond simply expanding our technical capabilities," said Tony Buffomante, Senior Vice President & Global Head – Cybersecurity & Risk Services, Wipro Limited. "In this age of continuous disruption, enterprises must stay several steps ahead of the bad actors by implementing robust and automated threat detection platforms. Cyble’s leadership in AI and automation perfectly complements the deep understanding of today’s risk and compliance challenges that Wipro’s expert Cybersecurists bring to the table. This reaffirms our commitment to secure the modern enterprise in a constantly evolving cybersecurity and regulatory landscape. Beenu Arora, Chief Executive Officer of Cyble, echoed Buffomante’s sentiment, stating, "Wipro's decision to utilize Cyble's threat intelligence platform highlights the importance of proactive cybersecurity measures in today's digital landscape. Together, we are committed to delivering unparalleled threat intelligence and mitigation capabilities to global enterprises. Our advanced solutions offer brand monitoring and detection, data breach monitoring and cyber threat intelligence that empower organizations to stay ahead of evolving cyber threats. Dipesh Ranjan, Chief Partner Officer at Cyble, emphasized the significance of the partnership, stating, "By combining Wipro's global reach and Cyble's expertise in threat intelligence, we are well-positioned to provide unparalleled protection to enterprises worldwide." Cyble has recently gained significant market recognition. Frost & Sullivan named Cyble as Innovation Leader in the Frost Radar™: Cyber Threat Intelligence 2024. Gartner included Cyble in two Hype Cycles™ for DRPS category, Forrester recognized Cyble in its ASM Landscape 2024 report, and G2 highlighted Cyble as a leader in the Dark Web Monitoring Providers grid. These accolades underscore Cyble’s leadership and innovative capabilities in the cybersecurity domain. The announcement comes on the heels of Wipro's recent recognition as Cyble's Global System Integrator (GSI) Partner of the Year. For more information on the Cyble/Wipro partnership, visit wipro.com/partner-ecosystem/cyble About Cyble Cyble, a trailblazer in Cyber Threat Intelligence, is committed to democratizing Dark Web Threat Intelligence through advanced AI and Machine Learning solutions. Recognized as one of the most sought-after workplaces, Cyble’s culture fosters innovation, collaboration, and professional growth. With a proven track record in delivering cutting-edge research and proactive monitoring, Cyble stands at the forefront of the cybersecurity landscape. Headquartered in Atlanta, Georgia, and with a global presence spanning Australia, Malaysia, Singapore, Dubai, Saudi Arabia, and India, Cyble is the trusted authority empowering organizations to proactively combat evolving cyber threats. About Wipro Limited Wipro Limited (NYSE: WIT, BSE: 507685, NSE: WIPRO) is a leading technology services and consulting company focused on building innovative solutions that address clients’ most complex digital transformation needs. Leveraging our holistic portfolio of capabilities in consulting, design, engineering, and operations, we help clients realize their boldest ambitions and build future-ready, sustainable businesses. With over 230,000 employees and business partners across 65 countries, we deliver on the promise of helping our customers, colleagues, and communities thrive in an ever-changing world. For additional information, visit us at www.wipro.com. Forward-Looking Statements The forward-looking statements contained herein represent Wipro’s beliefs regarding future events, many of which are by their nature, inherently uncertain and outside Wipro’s control. Such statements include, but are not limited to, statements regarding Wipro’s growth prospects, its future financial operating results, and its plans, expectations and intentions. Wipro cautions readers that the forward-looking statements contained herein are subject to risks and uncertainties that could cause actual results to differ materially from the results anticipated by such statements. Such risks and uncertainties include, but are not limited to, risks and uncertainties regarding fluctuations in our earnings, revenue and profits, our ability to generate and manage growth, complete proposed corporate actions, intense competition in IT services, our ability to maintain our cost advantage, wage increases in India, our ability to attract and retain highly skilled professionals, time and cost overruns on fixed-price, fixed-time frame contracts, client concentration, restrictions on immigration, our ability to manage our international operations, reduced demand for technology in our key focus areas, disruptions in telecommunication networks, our ability to successfully complete and integrate potential acquisitions, liability for damages on our service contracts, the success of the companies in which we make strategic investments, withdrawal of fiscal governmental incentives, political instability, war, legal restrictions on raising capital or acquiring companies outside India, unauthorized use of our intellectual property and general economic conditions affecting our business and industry. The conditions caused by the COVID-19 pandemic could decrease technology spending, adversely affect demand for our products, affect the rate of customer spending and could adversely affect our customers’ ability or willingness to purchase our offerings, delay prospective customers’ purchasing decisions, adversely impact our ability to provide on-site consulting services and our inability to deliver our customers or delay the provisioning of our offerings, all of which could adversely affect our future sales, operating results and overall financial performance. Our operations may also be negatively affected by a range of external factors related to the COVID-19 pandemic that are not within our control. Additional risks that could affect our future operating results are more fully described in our filings with the United States Securities and Exchange Commission, including, but not limited to, Annual Reports on Form 20-F. These filings are available at www.sec.gov. We may, from time to time, make additional written and oral forward-looking statements, including statements contained in the company’s filings with the Securities and Exchange Commission and our reports to shareholders. We do not undertake to update any forward-looking statement that may be made from time to time by us or on our behalf. Contacts Cyble Inc enquiries@cyble.com Ph: +1 888 673 2067 Wipro Limited media-relations@wipro.com

image for Black Hat 2024: Crow ...

 Firewall Daily

At this year's Black Hat cybersecurity conference, Jen Easterly, the Director of the Cybersecurity and Infrastructure Security Agency (CISA), drew a chilling parallel between a recent CrowdStrike Falcon update mishap and potential cyber threats from Chinese actors. During her keynote address, Easterly described   show more ...

the CrowdStrike outage as a "dress rehearsal" for the disruptive capabilities that a Chinese cyberattack, specifically linked to the group known as Volt Typhoon, might have on U.S. critical infrastructure. The CrowdStrike Falcon update, which recently caused widespread disruptions affecting millions of computers globally, was a significant incident. The faulty update led to various operational disruptions, including interrupted medical services, canceled flights, and closed retail businesses.  The CrowdStrike Outage and Potential Chinese Cyberattack Easterly remarked that the fallout from this CrowdStrike outage provided valuable insights into what a Chinese-linked cyber operation could potentially achieve. Easterly explained, “The situation we witnessed with CrowdStrike was a useful exercise for understanding the kind of chaos that Chinese cyber operations could unleash. It demonstrated exactly the kind of impact China aims to have, except in this case, we were able to mitigate the issues by rolling back the updates and rebooting our systems.” Volt Typhoon, a name assigned by Microsoft to suspected Chinese cyber activities, is believed to target critical infrastructure in the U.S. The group aims to embed itself within these crucial systems, not for espionage or data theft, but to prepare for disruptive or destructive attacks in the event of a significant geopolitical conflict, such as a military confrontation involving Taiwan. Easterly highlighted the potential severity of such threats, stating, “A conflict in Asia could lead to severe attacks on American infrastructure—think pipeline explosions, water system contamination, transportation disruptions, and communication breakdowns. These operations would aim to incite panic and undermine the U.S.'s ability to mobilize effectively", reported CyberScoop. China's Denials and the Need for Enhanced Cyber Resilience Chinese officials, however, have consistently denied involvement in such activities, dismissing claims about the Volt Typhoon as part of a U.S. disinformation campaign designed to malign China. Easterly’s remarks came during a broader discussion on election security, which also featured Felicity Oswald, head of the U.K.'s National Cyber Security Centre, and Hans de Vries, Chief Operational Officer of the European Union Agency for Cybersecurity (ENISA). The panel explored various strategies for enhancing the resilience of election systems against threats like disinformation, DDoS attacks, ransomware, and technical failures—issues exacerbated by the CrowdStrike Falcon update incident. In a follow-up conversation with reporters, Easterly emphasized that the threat from China is multifaceted and pervasive. “Volt Typhoon’s activities target various critical infrastructure sectors, and what we've seen so far may be just the beginning. There is likely much more that remains undetected,” she warned. She stressed the importance of bolstering the resilience of digital systems to better withstand such disruptions and recover more swiftly from cyber incidents. “Despite the severe impact of the CrowdStrike outage, it served as a crucial exercise—a rehearsal for the potential threats China could pose,” Easterly concluded. As cybersecurity experts and officials convene at the Black Hat conference, the conversation around mitigating threats and enhancing system resilience remains more pertinent than ever. The CrowdStrike Falcon update incident highlights the growing risks of vulnerabilities that exist and the need for robust defenses against potential cyberattacks, especially those that could emerge from state actors like China.

image for Cyber Incident Shuts ...

 Cybersecurity News

The City of North Miami has alerted the public to a possible cyber incident impacting its network systems, resulting in the closure of North Miami City Hall until further notice. The announcement of the North Miami City Hall cyber incident was made on the official City Hall website, emphasizing the ongoing   show more ...

investigation and efforts to secure the compromised systems. "Our Information Technology team, along with local and federal authorities, are actively investigating the extent of the cyber incident. We are working to secure our systems and are committed to keeping the public informed. Updates will be provided as information becomes available," reads the official notice. [caption id="attachment_85884" align="aligncenter" width="1024"] Source: North Miami City Hall Official Webiste[/caption] Mayor Addressing North Miami City Hall Cyber Incident  Despite the disruption to City Hall operations, emergency response services, including the 9-1-1 call center, remain fully operational. The city assures residents that maintaining uninterrupted emergency services is a top priority. “Ensuring the safety and well-being of our community is our foremost concern,” the statement continues, underscoring the city's commitment to public safety amid the cyber incident. Mayor Alix Desulme took to X (formerly known as Twitter) to address the situation directly with residents. "Dear North Miami Residents, We know that many of you prefer to visit City Hall to conduct city business in person. Unfortunately, due to unexpected issues with our IT infrastructure, we cannot welcome in-person visitors at this time. Rest assured, we are working hard to address and resolve these challenges. Thank you for your understanding and patience," he tweeted. [caption id="attachment_85887" align="aligncenter" width="819"] Source: X[/caption] Earlier, on August 5, Mayor Desulme informed the public via X about the initial closure of City Hall due to the unforeseen IT infrastructure issues. "North Miami City Hall is closed on Monday, August 5, 2024, due to unforeseen circumstances affecting our city's IT infrastructure. But service will be available via phone. Sorry for any inconvenience. Thank you for your understanding," his tweet read. [caption id="attachment_85886" align="aligncenter" width="639"] Source: X[/caption] For residents needing assistance, the City of North Miami has established a Community Hotline, available Monday through Friday from 8:00 AM to 5:00 PM, at 305-895-9804. Additional North Miami City Hall Cyber Incident Updates Public Meetings: The Special Magistrate Hearing scheduled for Wednesday, August 7, 2024, has been canceled due to the cyber incident. North Miami Public Library: The North Miami Public Library remains open and fully operational. Early voting activities are not affected by the incident. Development Services (Land Use Division and Building Division): The North Miami Building Division reopened to the public on Wednesday, August 7. Permit applications are being accepted, and plan reviews have resumed, except for those submitted online. Building inspections and inspection scheduling have also resumed. Land use services, including development permits, certificates of use, and business tax receipt processing and issuance, have resumed. However, application status updates for those previously submitted online are currently unavailable. Neighborhood Services Department: All current code enforcement-related deadlines, fines, and hearings are postponed until further notice. Urgent matters, such as life and safety concerns, can be reported to the Neighborhood Services Department (NSD) for case-by-case evaluation. NSD can be reached via email at NSD@NorthMiamiFL.gov. Parks and Recreation: All special events and programming facilitated by the North Miami Parks and Recreation Department will proceed as scheduled. At this time, only cash payments for Parks and Recreation programming are being accepted. Payments can be made in person at the Parks and Recreation Administrative Office (Scott Galvin Community Center) located at 1600 NE 126th Street, North Miami, FL 33181, and the Penny Sugarman Tennis Center located at 1795 San Souci Boulevard, North Miami, FL 33181. MOCA North Miami: The Museum of Contemporary Art (MOCA) North Miami's summer camp and regular operations will continue as planned. MOCA North Miami is open to the public during regular business hours. NoMi Golden Silver Seniors: NoMi Golden Silver Senior Programs and activities will continue as scheduled. NoMi Food Pantry: The operations of the NoMi Food Pantry will proceed without interruption. Passport Services: All scheduled passport services through the North Miami City Clerk’s Office are postponed until further notice. As the investigation into the cyber incident progresses, the City of North Miami remains dedicated to transparency and keeping the community informed. Regular updates will be provided as new information becomes available, ensuring that residents are kept abreast of developments and can continue to access critical services.

image for The Rising Challenge ...

 Firewall Daily

In today's interconnected business world, a company's cybersecurity posture is only as strong as its weakest link, often found among third-party vendors. Given the increasing complexity and interdependence of global supply chains, the role of Chief Financial Officers (CFOs) in managing third-party risks has   show more ...

become critical. Effective third-party risk management is not just an IT issue but a fundamental aspect of financial governance and strategic planning. The financial implications of third-party breaches are staggering. According to a report by IBM and the Ponemon Institute, the global average cost of a data breach reached $4.45 million between March 2022 and March 2023, marking a 15% increase over the previous three years. Notably, third-party breaches are a significant contributor to this rising cost. The report found that 40% of breaches were linked to third parties, with 33% identified by internal tools, and 27% disclosed by attackers as part of ransomware incidents. With the rise of cyber threats targeting organizations globally, effective CFO strategies for third-party risk management become priority. In this context, The Cyber Express brings an all-in-one guide for effective CFO risk mitigation strategies to target the lapses in the industry. An Overview of Third-party Risk Management and Lapses in the Industries A 2023 study by SecurityScorecard and the Cyentia Institute further highlights the gravity of third-party risks, revealing that 98% of organizations worldwide had interactions with at least one third-party vendor that had suffered a breach in the past two years. This data highlights the pervasive nature of third-party vulnerabilities and the urgent need for robust CFO strategies for third-party risk management. As boards of directors and CEOs become increasingly concerned about risk management, CFOs are expected to take a proactive role. The financial leadership is shifting towards a more strategic approach to risk mitigation. A recent CFO webcast sponsored by Deloitte and Coupa highlighted this shift, emphasizing that CFOs with advanced digital maturity and data visibility are achieving better outcomes in both risk management and overall performance. The webcast poll revealed that 47% of CFOs considered cyber risks their biggest risk management concern, closely followed by business environment risks such as economic changes and trade policies. Operational risks, including gaps in processes and data, also ranked high among concerns. This shift in focus signifies the growing importance of integrating CFO risk mitigation strategies into broader business practices. Marc Deluca, Senior Vice President at Coupa Software, observed a clear pattern: CFOs are increasingly aware of rising risks, with larger enterprises expressing more concern than their smaller counterparts. "Our CFOs see risks escalating over the next few years," Deluca noted, adding that many are struggling to adapt to these evolving challenges due to their relatively recent introduction to risk management responsibilities. The Challenge of Supplier Risk Assessment Operational and strategic risks are increasingly linked to third-party and supplier risks, driven by the growth of outsourcing. Deluca highlights the need for CFOs to address three crucial questions in third-party risk management: the identity of business partners, the nature of these relationships, and the inherent risks involved.  A Deloitte survey of over 1,000 CFOs across 19 countries reveals that 83% of companies encountered third-party risk incidents in the past three years. More than a third of these incidents had moderate effects on customer service, financial stability, reputation, or regulatory compliance, while 11% had severe impacts. These findings emphasize the urgent need for effective supplier risk assessment and robust vendor risk management best practices. Despite the growing recognition of risk management's importance, many organizations still underinvest in this area. According to Deloitte, fewer than 30% of organizations believe their spending on risk management is adequate. Ryan Flynn, Principal at Deloitte Consulting LLP, noted that risk management is often perceived as an insurance policy rather than a value-driving component, leading to insufficient investment. The lack of investment impacts a company’s ability to manage risks effectively. "Underinvestment in risk management weakens the ability to excel at the basics," Flynn said. A survey revealed that half of respondents did not fully understand their third-party relationships, while 43% lacked knowledge of contract terms and 41% failed to monitor third parties based on their risk profile. Act now to strengthen your third-party risk management! Discover how Cyble’s advanced solutions can enhance your risk assessment and management strategies. Schedule a free demo today to see how Cyble's next-gen technology can secure your business against third-party risks. CFO Strategies for Third-party Risk Management To address these challenges, CFOs are increasingly turning to technology. Cloud-based platforms, robotic process automation, and visualization techniques are becoming essential tools for managing third-party risks. Flynn highlighted that more than half of survey respondents are adopting cloud solutions for risk management, while 45% are using robotic process automation, and over a third are leveraging visualization techniques. Technology can enhance third-party risk management by identifying potential risks and informing better decision-making. Companies are using digital tools to assess suppliers' data security measures, review incident response processes, and ensure proper data management and access controls. The regulatory landscape around third-party risks is also evolving. President Joe Biden's Executive Order 14028, issued in May 2021, emphasizes the need for enhanced cybersecurity standards across federal vendors. This order has led to increased scrutiny of vendor risk assessments and remediation policies. Similarly, new cybersecurity rules from the Securities and Exchange Commission (SEC) require timely disclosure of significant cybersecurity incidents, including those involving third parties. The SEC’s stance reinforces the need for companies to manage and disclose risks related to third-party systems effectively. Additionally, third-party issues can impact cyber insurance. CFOs must understand their organization’s and vendors’ data management practices to navigate the complexities of cyber insurance. Demonstrating robust data handling and access management practices is crucial for maintaining manageable premiums and ensuring coverage. To effectively manage third-party risks, CFOs should conduct a thorough assessment of vendors’ data management and cybersecurity practices. This involves several key steps. First, reviewing incident response processes is crucial. CFOs should examine past breaches and the improvements made since those incidents, as well as understand the vendors' response protocols and their plans for alerting and managing future incidents. Another important step is to maintain and classify an inventory of data accessed or generated by third parties. Data should be classified based on sensitivity and regulatory requirements, with clear definitions of data access and usage rights to ensure proper management and protection. Implementing consistent identity and access management practices is also essential. CFOs should enforce strict access controls, limit data access based on the principle of least privilege, and establish procedures for the return or destruction of data upon contract termination. Finally, regularly reviewing and updating data security policies and procedures in collaboration with third parties is vital. This ensures that data handling practices remain aligned with organizational standards and can adapt to risks and regulations. Conclusion The landscape of third-party risk management is becoming increasingly complex, with rising risks in cybersecurity, supplier management, and regulatory compliance. CFOs are being called upon to step up and develop comprehensive strategies to mitigate these risks. By integrating advanced technology, strengthening supplier risk assessments, and fostering collaboration with compliance officers, CFOs can enhance their organizations' resilience and financial integrity. The shift from backward-looking activities to proactive risk management is essential for navigating today's volatile risk environment and ensuring long-term success. Ready to fortify your organization’s defenses? Discover how Cyble’s advanced threat intelligence and third-party risk management solutions can elevate your security strategy. Schedule a free demo to see how Cyble’s cutting-edge technology can help you stay ahead of cyber threats and manage your third-party risks effectively. Schedule a Demo Today!

image for How BlackSuit Ransom ...

 Cybersecurity News

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have jointly issued an advisory to alert organizations about the BlackSuit ransomware. This FBI and CISA advisory includes details on the indicators of compromise (IOCs) and tactics, techniques, and procedures   show more ...

(TTPs) associated with BlackSuit ransomware, as identified through FBI threat response activities and third-party reporting as recently as July 2024. BlackSuit ransomware is an evolution of the previously known Royal ransomware, which was active from September 2022 through June 2023. BlackSuit shares numerous coding similarities with Royal ransomware but has demonstrated enhanced capabilities. This evolution signifies a significant threat as BlackSuit continues to target organizations through sophisticated attack vectors. How BlackSuit Ransomware Operates The advisory issued by the FBI and CISA provides detailed insights into the technical mechanisms used by BlackSuit ransomware. This ransomware conducts data exfiltration and extortion prior to encryption, publishing victim data on a leak site if ransom demands are not met. The ransomware primarily gains initial access through phishing emails, where unsuspecting victims are tricked into downloading malicious attachments. Once inside a network, BlackSuit actors disable antivirus software, exfiltrate significant amounts of data, and ultimately deploy the ransomware to encrypt systems. This method helps evade detection and significantly improves encryption speed. BlackSuit actors engage in double extortion tactics, threatening to release exfiltrated data publicly if the ransom is not paid. Here is the detailed description: Data Exfiltration and Extortion: BlackSuit ransomware follows a double extortion model, where it exfiltrates data before encrypting it. If the ransom is not paid, the threat actors threaten to publish the stolen data on a leak site. This tactic increases pressure on victims to comply with ransom demands. Initial Access: Phishing emails are the primary method used by BlackSuit actors to gain initial access to victim networks. These emails often contain malicious PDF documents or links to malvertising sites. Other access methods include Remote Desktop Protocol (RDP) compromise, exploiting vulnerabilities in public-facing applications, and leveraging initial access brokers to obtain VPN credentials from stealer logs. Command and Control: After gaining access, BlackSuit actors establish communication with their command and control (C2) infrastructure using legitimate Windows software repurposed for malicious activities. Tools historically used include Chisel, Secure Shell (SSH) clients, PuTTY, OpenSSH, and MobaXterm. Lateral Movement and Persistence: BlackSuit actors move laterally within a network using RDP, PsExec, and Server Message Block (SMB). They maintain persistence through the use of legitimate remote monitoring and management (RMM) software and malware like SystemBC and Gootloader. Discovery and Credential Access: The actors utilize tools like SharpShares and SoftPerfect NetWorx to enumerate networks. Credential-stealing tools such as Mimikatz and Nirsoft's utilities have been found on compromised systems. They also use PowerTool and GMER to kill system processes. Exfiltration and Encryption: Before encryption, BlackSuit actors use tools like Cobalt Strike and malware such as Ursnif/Gozi to aggregate and exfiltrate data. They employ RClone and Brute Ratel for exfiltration. To maximize the impact, they use Windows Restart Manager to check file usage, delete volume shadow copies using vssadmin.exe, and execute batch files to manage the encryption process. BlackSuit Ransom Demands and Communication Ransom demands by BlackSuit actors typically range from $1 million to $10 million USD, with payments required to be made in Bitcoin. To date, the actors have demanded over $500 million USD collectively, with the highest individual ransom demand being $60 million. Notably, BlackSuit actors are willing to negotiate the ransom amounts. While the ransom amount is not included in the initial ransom note, victims are directed to a .onion URL (accessible via the Tor browser) for further communication and negotiation. Recently, there has been an increase in instances where victims receive direct communications from BlackSuit actors, either via phone or email, regarding the compromise and ransom demands. FBI and CISA Recommendations The FBI and CISA strongly encourage organizations to implement the following recommendations to mitigate the risk and impact of ransomware incidents: User Training and Awareness: Educate employees about phishing tactics and encourage them to report suspicious emails. Multi-Factor Authentication (MFA): Implement MFA across all user accounts, especially those with administrative privileges. Regular Backups: Ensure regular backups of critical data and store them offline to protect against ransomware attacks. Network Segmentation: Segment networks to limit the lateral movement of threat actors. Patch Management: Regularly update and patch systems, software, and applications to address known vulnerabilities. Incident Response Plan: Develop and regularly update an incident response plan that includes procedures for responding to ransomware attacks. The FBI and CISA's advisory on BlackSuit ransomware highlights the evolving nature of ransomware threats and the importance of proactive cybersecurity measures. Organizations are urged to review the detailed recommendations and implement robust security practices to defend against such attacks.

image for How to protect yours ...

 Tips

Small Bluetooth tags for finding lost items are a godsend for frequent travelers and simply forgetful people. The coin-sized devices contain a battery and a Bluetooth Low Energy (BLE) transmitter, and a smartphone app allows you to determine the beacons location to within a few centimeters. If the lost keys with the   show more ...

tag are far away from the owner and their smartphone, other peoples smartphones can help find them: both Apple and Google have deployed a global network in which every smartphone reports the location of nearby beacons to a server, and their proprietary apps (Find My for iOS, and Find my Device for Android) can locate the lost item. There just needs to be at least one smartphone nearby that has both Bluetooth switched on and an internet connection. Although the most popular beacon is Apples AirTag, there are several other accessories that work on the same principle and that are sometimes compatible with each other (Chipolo, eufy, Filo, Samsung SmartTag, Tile, and others). Sometimes tracking functions are built directly into frequently lost accessories, such as Bluetooth headsets and headphones. The possibility of remote tracking was quickly appreciated not only by the forgetful but also by scammers and stalkers. By planting an AirTag on a victim — for example, slipping it into a purse pocket or under a car license plate — one can track a persons movements without their knowledge. Thieves use this technology to steal expensive cars, and stalkers and jealous partners use it for surveillance and harassment. So how can you protect yourself from such a thing? First generation of AirTag protection As soon as the first reports of AirTags being used for tracking appeared, Apple implemented several protective measures to reduce the likelihood of stalking. First, AirTag was equipped with a speaker. If the Bluetooth tag is far away from the smartphone its linked to, it intermittently emits a loud beep. Second, iOS 14.5 introduced a feature that alerts a smartphone owner if a someone elses AirTag is detected nearby for an extended period of time and regardless of the smartphones location. If this happens, you can turn on the sound on this beacon to physically locate it, and also check the serial number of the AirTag. Sometimes, it can all be quite innocent, for example if its a tag hanging on the keys of a relative or friend youre traveling with, or a beacon parents have put in their childs backpack. In this case, the warning about the foreign AirTag can be disabled temporarily or permanently. Unfortunately, these measures were not enough. They didnt help Android owners in any way, and attackers learned to bypass the beep protection by manually disabling or damaging the speaker, or buying silent AirTags on online markets. How to protect yourself from AirTag and other Bluetooth trackers in 2024 This year, manufacturers have developed cross-platform compatibility — the ability to detect BLE beacons regardless of which smartphone theyre linked to and what kind of smartphone the tracking victim has. To achieve this, Apple and Google joined forces and implemented this functionality in both iOS 17.5 and Android (the update is available for all versions starting with Android 6). Now, warnings that someone elses tracker is being consistently detected nearby is available on either of these platforms, and the victim can see the trackers ID, turn on its speaker, and even get instructions on how to disable the beacon. The tech giants proposed the DULT (detecting unwanted location trackers) standard, which may become an industry standard in the future. For now, some tag manufacturers — Chipolo, eufy, Jio, Motorola, and Pebblebee — have said they will support the current specification. What to do if you find an unknown Bluetooth tag on your belongings? There are no hard and fast rules for this situation, as much depends on individual circumstances. Upon receiving a warning on your smartphone, the first step is to locate the tracker and carefully examine it. You can use the precision finding feature, for example by following this guide. The tag could be hidden anywhere — in the folds or pockets of your bag, in your wallet, under the wheel arch of your car, stuck to the bumper or license plate frame, and so on. If youre unsure whether its the same tracker flagged by the app, check the serial number. Some models have it printed on the casing, while others can be checked by placing them next to the smartphones NFC reader. Locating the tracker helps rule out innocent scenarios: perhaps you accidentally picked up someone elses headset instead of yours, or a colleague left their keys in your car. In such cases, simply return the lost item to its owner. Another possible legitimate tracking scenario is a tag attached to rented equipment, especially cars and expensive electronics. In this case, discuss the tracking with the rental provider and decide whether its acceptable to you. Normally, such property protection measures should be outlined in the rental agreement. The situation is more complex when it comes to malicious tracking. For victims of domestic violence, married couples going through a difficult divorce, or given other circumstances where exposing tracking might provoke aggression from the perpetrator, its recommended to remain discreet. Report the tracking to law enforcement, but avoid revealing this fact to the stalker. Its important that the tag doesnt light up at the police station. To achieve this, you can either remove the battery or arrange a meeting with the authorities at a safe location. If theres no risk of violence, you can simply hand the tag over to the police. Throwing it away or deactivating it is not enough, as the perpetrators could just start all over again. For comprehensive protection of your privacy, use our most advanced security solution — Kaspersky Premium, which not only neutralizes viruses but also provides the worlds best protection against phishing, detects intrusions into your Wi-Fi networks, protects your personal data and payment information online, alerts you to password leaks and identity theft, and offers many more features to ensure your complete security. Weve prepared a detailed step-by-step guide to help you choose the optimal subscription and quickly set everything up from scratch, or switch from other vendors to our applications — which have received more awards than any other security solutions in the world.

 Malware and Vulnerabilities

A security researcher at SafeBreach demonstrated at the Black Hat 2024 conference that two zero-day vulnerabilities can be exploited in downgrade attacks to revert fully updated Windows systems back to older versions, reintroducing vulnerabilities.

 Incident Response, Learnings

The SEC has closed its investigation into Progress Software's handling of a zero-day flaw in MOVEit Transfer. Progress Software announced in a recent SEC filing that no enforcement action will be recommended by the Division of Enforcement.

 Malware and Vulnerabilities

Symantec's Threat Hunter Team has observed various espionage operations utilizing cloud services, like the backdoors GoGra and Grager targeting organizations in South Asia, South East Asia, Taiwan, Hong Kong, and Vietnam.

 Feed

This Metasploit module exploits a Python code injection vulnerability in the Content Server component of Calibre version 6.9.0 through 7.15.0. Once enabled (disabled by default), it will listen in its default configuration on all network interfaces on TCP port 8080 for incoming traffic, and does not require any   show more ...

authentication. The injected payload will get executed in the same context under which Calibre is being executed.

 Feed

Debian Linux Security Advisory 5742-1 - A vulnerability was discovered in odoo, a suite of web based open source business apps. It could result in the execution of arbitrary code.

 Feed

Journyx version 11.5.4 has an issue where the soap_cgi.pyc API handler allows the XML body of SOAP requests to contain references to external entities. This allows an unauthenticated attacker to read local files, perform server-side request forgery, and overwhelm the web server resources.

 Feed

Ubuntu Security Notice 6947-1 - It was discovered that Kerberos incorrectly handled GSS message tokens where an unwrapped token could appear to be truncated. An attacker could possibly use this issue to cause a denial of service. It was discovered that Kerberos incorrectly handled GSS message tokens when sent a token with invalid length fields. An attacker could possibly use this issue to cause a denial of service.

 Feed

Debian Linux Security Advisory 5741-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

A guest inside a VirtualBox VM using the virtio-net network adapter can trigger an intra-object out-of-bounds write in src/VBox/Devices/Network/DevVirtioNet.cpp to cause a denial-of-service or escape the hypervisor and compromise the host. This is Google's proof of concept exploit.

 Feed

A bug in the eBPF Verifier branch pruning logic can lead to unsafe code paths being incorrectly marked as safe. As demonstrated in the exploitation section, this can be leveraged to get arbitrary read/write in kernel memory, leading to local privilege escalation and Container escape.

 Feed

The XGETBV instruction reads the contents of an internal control register. It is not a privileged instruction and is usually available to userspace. The contents is also exposed via the xstate_bv header in the XSAVE structure. The primary use of XGETBV is determining the XINUSE flags, which allows kernels and   show more ...

userthread implementations to determine what CPU state needs to be saved or restored on context switch. However, it has been observed that these flags appear to be non-deterministic on various Intel CPUs. The data here is currently research and not necessarily considered a security issue, but a reproducer has been included.

 Feed

AMD Errata 1386 1 is a flaw that affects the AMD Zen 2 family of processors. The observed result of this bug is that changes to xmm or ymm extended registers during normal program execution may be unexpectedly discarded. The implications of this flaw will vary depending on the workload. This is Google's proof of concept exploit.

 Feed

Google observed some undocumented (to the best of their knowledge) behavior of the indirect branch predictors, specifically relative to _ret_ instructions. The research they conducted appears to show that this behavior does not seem to create exploitable security vulnerabilities in the software they have tested. They   show more ...

would like to better understand the impact and implications for different software stacks, thus they welcome feedback or further research. Included is proof of concept code.

 Feed

This is a path traversal vulnerability that impacts the CreateIndexHandler and DeleteIndexHandler found within Bleve search library. These vulnerabilities enable the attacker to delete any directory owned by the user recursively, and create a new directory in any location which the server has write permissions to. This is Google's proof of concept exploit.

 Feed

Log4j 2.15.0 was released to address the widely reported JNDI Remote Code Execution (RCE) (CVE-2021-44228) vulnerability in Log4j. Shortly thereafter, 2.16.0 was released to address a Denial of Service (DoS) vulnerability (CVE-2021-45046). When examining the 2.15.0 release, Google security engineers found several   show more ...

issues with the Log4j 2.15.0 patch that showed that the severity of the issue addressed in 2.16 was in fact worse than initially understood. This is Google's proof of concept exploit.

 Feed

On Surface Pro 3 with the SHA1 and SHA256 PCRs enabled on the TPM, BIOS version 3.11.2550 and earlier, only the SHA1 PCRs are extended by the firmware. This means that an adversary can boot into an unmeasured OS and extend the PCRs with false measurements to obtain false attestations. This is a proof of concept exploit from Google.

 Feed

The ransomware strain known as BlackSuit has demanded as much as $500 million in ransoms to date, with one individual ransom demand hitting $60 million. That's according to an updated advisory from the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI). "BlackSuit actors have exhibited a willingness to negotiate payment amounts," the

 Feed

A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users move quickly to apply the latest. The vulnerability in question is CVE-2024-4885 (CVSS score: 9.8), an unauthenticated remote code execution bug impacting versions of the network monitoring application released before 2023.1.3. "The

 Feed

The Immersive Experience Happening This September in Las Vegas!In an era of relentless cybersecurity threats and rapid technological advancement, staying ahead of the curve is not just a necessity, but critical. SANS Institute, the premier global authority in cybersecurity training, is thrilled to announce Network Security 2024, a landmark event designed to empower cybersecurity professionals

 Feed

The last few years have seen more than a few new categories of security solutions arise in hopes of stemming a never-ending tidal wave of risks. One of these categories is Automated Security Validation (ASV), which provides the attacker’s perspective of exposures and equips security teams to continuously validate exposures, security measures, and remediation at scale. ASV is an important element

 Feed

Microsoft said it is developing security updates to address two loopholes that it said could be abused to stage downgrade attacks against the Windows update architecture and replace current versions of the Windows files with older versions. The vulnerabilities are listed below - CVE-2024-38202 (CVSS score: 7.3) - Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-21302 (CVSS

 Feed

Cybersecurity researchers have discovered a novel phishing campaign that leverages Google Drawings and shortened links generated via WhatsApp to evade detection and trick users into clicking on bogus links designed to steal sensitive information. "The attackers chose a group of the best-known websites in computing to craft the threat, including Google and WhatsApp to host the attack elements,

 Feed

The North Korea-linked threat actor known as Kimsuky has been linked to a new set of attacks targeting university staff, researchers, and professors for intelligence gathering purposes. Cybersecurity firm Resilience said it identified the activity in late July 2024 after it observed an operation security (OPSEC) error made by the hackers. Kimsuky, also known by the names APT43, ARCHIPELAGO,

 Feed

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky

 Business email compromise

According to the FBI, billions of dollars have been lost through Business Email Compromise (BEC) attacks in recent years, so you may well think that there is little in the way of good news. However, it has been revealed this week that police managed to recover more than US $40 million snatched in a recent BEC heist   show more ...

just two days after being told about it. Read more in my article on the Tripwire State of Security blog.

2024-08
Aggregator history
Thursday, August 08
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober