Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Two Suspects Arreste ...

 Cybersecurity News

WWH-Club, a notorious cybercrime forum and stolen credit card marketplace operating since 2012, has suffered a significant blow with the arrest of its two alleged administrators in Florida. A Russian national, Pavel Kublitskii, and Alexandr Khodyrev of Kazakhstan are accused of overseeing the platform that has   show more ...

facilitated countless cases of credit card fraud and identity theft. The duo's lavish lifestyle, characterized by cash spending sprees and luxury purchases, caught the attention of the Internal Revenue Service in the U.S. Despite lacking any apparent legal income, Kublitskii and Khodyrev indulged in an opulent lifestyle, including a $50,000 cash deposit for a bank account, a luxury rental in Sunny Isles Beach, and extravagant spending on tourist attractions. Similarly, Khodyrev's $110,000 cash purchase of a 2023 Chevrolet Corvette raised eyebrows, the court documents said. About WWH-Club Marketplace and the Accused A thorough investigation linked the pair's financial activities to their alleged roles at WWH-Club. This Dark Web marketplace, with over 350,000 registered members, offers a platform for buying and selling stolen credit card data, personal information, and malicious software. It also provides training to aspiring cybercriminals and operates an escrow service to protect illicit transactions. Kublitskii and Khodyrev are accused of holding central roles within WWH-Club, managing the platform's infrastructure, enforcing rules, and guiding users in fraudulent activities. To evade law enforcement, they allegedly employed tactics like cryptocurrency mixing and decentralized server networks. The arrest warrant reveals that the pair was involved in every aspect of the WWH-Club operation, including managing Bitcoin wallets associated with membership fees and training course payments. A Bitcoin cluster linked to Kublitskii and Khodyrev received over 4,000 deposits totaling 152 Bitcoin in nine years. DigitalOcean Warrant Was a Turning Point in the Case DigitalOcean, a U.S. cloud computing provider, played a crucial role in the investigation. A search warrant compelled the company to hand over data on WWH-Club's operations, providing crucial evidence for the case. Despite the arrests, WWH-Club remains operational. However, Kublitskii and Khodyrev face serious charges, including conspiracy to commit offenses against the United States, trafficking in unauthorized access devices, and possession of multiple unauthorized access devices. Each charge carries a potential 10-year prison sentence. The arrest of these alleged WWH-Club admins marks a significant step in the ongoing fight against cybercrime. Law enforcement agencies worldwide are increasingly targeting individuals involved in operating and profiting from dark web marketplaces.

image for Sellafield Nuclear S ...

 Cybersecurity News

Sellafield nuclear facility, a nuclear waste dump and management center in Cumbria, England, has apologized for serious cybersecurity breaches and failings that put the United Kingdom's security at risk. The charges, brought by the Office for Nuclear Regulation (ONR), relate to IT security failings spanning four   show more ...

years (2019 to 2023) which prompted further investigations from both external private and public agencies. Sellafield Nuclear Site Vulnerabilities According to the sub-contractor Atos, 75% of Sellafield's computer servers were found to be vulnerable to cyber-attacks, leaving sensitive information exposed for four years. The facility's IT systems were criticized for being outdated, using obsolete operating systems such as Windows 7 and Windows 2008, which made them susceptible to hacking attempts. The severity of the situation was underscored by a report from Commissum, an external IT company, which found that a "reasonably skilled hacker or malicious insider" could access sensitive data and insert malware upon the facility's devices, raising serious concern about potential for espionage and sabotage by hostile actors. Earlier this year, the National Audit Office, a public spending audit agency within the UK, had launched an investigation into potential costs and risks of the nuclear facility. The agency stated on its website: "Sellafield is the UK’s most complex and challenging nuclear site. It holds around 85% of all the UK’s nuclear waste, much of which is stored in ageing facilities. Unlike modern nuclear facilities, many of the buildings at Sellafield were built with limited consideration of how they would ultimately be decommissioned. Cleaning up the site is a long-term endeavour, likely to last well into the next century. It is expected to cost £84 billion (in discounted prices), though this cost estimate is highly uncertain." While the company had earlier claimed to have made significant improvements to its systems and structures, the court heard that the site's operations center was unable to adequately alarm and respond to tested attacks. Apology and Sentencing Sellafield's chief executive, Euan Hutton, apologized for the failings in a written statement, stating that the issues were in the past. The company has since then taken additional steps to rectify the situation, changing IT management and creating a new secure datacentre. However, the court must weigh the costs to the taxpayer against the need to deter others in the sector from committing similar offences. The judge, Paul Goldspring, acknowledged that this is "new territory" for all parties, as no nuclear site has been prosecuted for cybersecurity breaches before. The National Audit Office has launched an investigation into costs and risks at Sellafield, and the facility has agreed to pay £53,000 in legal costs. Sentencing is expected to take place in September. The situation has garnered concern as the consequences of a successful cyber-attack on a nuclear facility could be catastrophic, and further undermines public assurance in the safety of critical nuclear infrastructure. The expected sentencing of Sellafield will likely set a new precedent upon the nuclear industry.

image for Wipro Shares Gain on ...

 Business News

Wipro Limited shares rose Aug. 9 as investors cheered the IT services company’s deal to incorporate Cyble’s AI-powered threat intelligence technology into Wipro’s cybersecurity risk management framework. Wipro shares (NYSE: WIT, BSE: 507685, NSE: WIPRO) rose 2% in initial reaction to the partnership news, Upstox   show more ...

reported, as investors responded favorably to the fourth-largest Indian IT services company’s plans to supercharge its global security and compliance business to give customer security teams the ability to make faster, better-informed decisions on threats and risk. With Wipro’s annual revenues of more than US$10 billion, the deal also significantly expands the market reach of fast-growing cyber threat intelligence leader Cyble. Attack Surface, Dark Web and Brand Monitoring Part of Cyble-Wipro Deal The partnership will integrate Cyble’s AI and machine learning-driven platforms into Wipro’s cybersecurity risk frameworks to provide real-time threat intelligence, proactive attack surface management and comprehensive risk assessments to help protect Wipro’s business customers against advanced cyber threats. The integration also brings in Cyble’s capabilities in Dark Web monitoring and brand protection, expanding Wipro customer protection into the dark corners of the internet where cybercriminals operate. Tony Buffomante, Wipro’s Senior Vice President & Global Head of Cybersecurity & Risk Services, said in a statement that the deal will give Wipro customers important protections against rapidly evolving cyber threats. “In this age of continuous disruption, enterprises must stay several steps ahead of the bad actors by implementing robust and automated threat detection platforms,” Buffomante said. “Cyble’s leadership in AI and automation perfectly complements the deep understanding of today’s risk and compliance challenges that Wipro’s expert Cybersecurists bring to the table. This reaffirms our commitment to secure the modern enterprise in a constantly evolving cybersecurity and regulatory landscape.” Cyble CEO Beenu Arora said that “Wipro’s decision to utilize Cyble’s threat intelligence platform highlights the importance of proactive cybersecurity measures in today’s digital landscape. Together, we are committed to delivering unparalleled threat intelligence and mitigation capabilities to global enterprises. Our advanced solutions offer brand monitoring and detection, data breach monitoring and cyber threat intelligence that empower organizations to stay ahead of evolving cyber threats.” Dipesh Ranjan, Chief Partner Officer at Cyble, said the two companies “are well-positioned to provide unparalleled protection to enterprises worldwide.” Bond with Wipro Deepens as Cyble’s Stature Grows The deal improves on an already strong relationship between Wipro and Cyble. Even before the new partnership announcement, Cyble had named Wipro its Global System Integrator (GSI) Partner of the Year. Cyble has received a number of cybersecurity industry accolades recently as its stature in threat intelligence and risk management grows. Frost & Sullivan named Cyble as Innovation Leader in the Frost Radar: Cyber Threat Intelligence 2024. Gartner included Cyble in two Hype Cycles for the digital risk protection services (DRPS) category, Forrester recognized Cyble in its ASM Landscape 2024 report, and G2 highlighted Cyble as a leader in the Dark Web Monitoring Providers grid. For more information on the Cyble-Wipro partnership, visit wipro.com/partner-ecosystem/cyble.

image for CFTC Secures Record ...

 Cybersecurity News

In a major victory for defrauded investors, the Commodity Futures Trading Commission (CFTC) has obtained a staggering $12.7 billion judgment against the now-bankrupt FTX group of companies and its key players. This judgment against the massive fraud orchestrated by former FTX CEO Samuel Bankman-Fried and his inner   show more ...

circle marks one of the largest recoveries in the CFTC's history. Compensating FTX Victims The U.S. District Court for the Southern District of New York entered a consent order, requiring FTX Trading Ltd. and Alameda Research LLC to pay $8.7 billion in restitution and $4 billion in disgorgement. This record-breaking monetary relief will be used to further compensate the victims who suffered losses as a result of the fraudulent activities at FTX. "FTX used age-old tactics to create an illusion that it was a safe and secure place to access crypto markets," said CFTC Chairman Rostin Behnam. "But the basic regulatory tools, like governance, customer protections, and surveillance that exist to identify misconduct and ultimately prevent collapse, were simply not there," he noted. The consent order also finds that FTX violated the Commodity Exchange Act (CEA) and CFTC regulations, and imposes injunctions against further violations, as well as trading and registration prohibitions. The court noted that FTX had misled customers, claiming that their assets were held in "custody" and segregated from the company's own funds, when in reality, customer funds were commingled and misappropriated. Division of Enforcement Director Ian McGinley made the following statements: "Not only is this multi-billion dollar recovery for victims the largest such recovery in CFTC history, we achieved it with remarkable speed. FTX’s massive fraud collapsed 21 months ago and in that time the CFTC investigated, filed a complaint, and achieved what many thought was impossible at the time of the collapse - a resolution to compensate victims for the losses they suffered. I commend our Chicago-based team for their tireless efforts on behalf of FTX’s victims." The CFTC is seeking additional restitution, disgorgement, civil monetary penalties, permanent trading and registration bans against the defendants. Collaboration with Authorities The CFTC has expressed appreciation for the assistance of various government agencies, including the U.S. Department of Justice, the U.S. Attorney's Office for the Southern District of New York, the Federal Bureau of Investigation, and the Securities and Exchange Commission. The CFTC also acknowledged the cooperation of the Justice Department's Tax Division. "This resolution with FTX is consistent with the enforcement commitments I have long made as Chairman," Behnam said. "But, as I have been saying for years, this is just the tip of the iceberg. In the absence of digital asset legislation to fill regulatory gaps, entities will continue to operate in the shadows without these basic tools of sound regulation, sharpening their deceptive practices and continuing to dupe customers," he added. The CFTC's enforcement team, led by Carlin Metzger, Nina Ruvinsky, Yusuf Capar, among others, have been commended for their tireless efforts in securing this historic victory for the victims of the FTX collapse.

 Feed

Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of sensitive information to malicious actors. The vulnerability, tracked as CVE-2024-38200 (CVSS score: 7.5), has been described as a spoofing flaw that affects the following versions of Office - Microsoft Office 2016 for 32-bit edition and 64-bit editions Microsoft

 Feed

An ongoing, widespread malware campaign has been observed installing rogue Google Chrome and Microsoft Edge extensions via a trojan distributed via fake websites masquerading as popular software. "The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches to more sophisticated malicious scripts that deliver local extensions to steal private data

 Feed

As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be assembled to trigger remote code execution (RCE) chain on systems that have the software installed. "The Quick Share application implements its own specific application-layer communication protocol to support file transfers between nearby, compatible devices,"

2024-08
Aggregator history
Saturday, August 10
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober