Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Swedish Data Protect ...

 Cybersecurity News

The Swedish Data Protection Authority (IMY) is being taken to court by the privacy advocacy group noyb for its alleged failure to properly investigate and address complaints from data subjects, in violation of EU law. According to the complaint filed by noyb, the IMY allegedly routinely refuses to fully process   show more ...

complaints, instead simply forwarding them to the companies accused of illegally processing personal data and then immediately closing the cases without further investigation. Swedish Data Protection Authority Alleged to Improperly Implement GDPR noyb states that the General Data Protection Regulation (GDPR) is clear: data protection authorities have a duty to actively enforce the fundamental right to data protection, investigate every complaint, and take measures to remedy the situation. However, the privacy advocacy group alleges that the IMY seems to be operating under a different set of rules, one that prioritizes its own convenience over the rights of citizens. The noyb cited an instance where the Supreme Administrative Court of Sweden had previously ruled that individuals have the right to appeal IMY's decisions. The case in question revolves around a data subject who filed a complaint regarding a recorded phone call, only to have the IMY forward the issue to the respondent without conducting a thorough investigation. Max Schrems, a recognized figure in the data protection community, weighed in with his personal statement on the matter, claiming that the IMY seems to confuse its role with that of a postal service, simply forwarding documents without taking any meaningful action. "Six years after the introduction of the GDPR, we continue to see authorities acting as if they can pick and choose whether citizens have their rights enforced," said Schrems, founder of noyb. "EU law requires every complaint to be investigated and every GDPR violation to be remedied. The IMY seems to forget that it's an enforcement authority." Challenging the IMY's Interpretation of EU Law The noyb appeal could draw significant attention toward IMY's alleged failure to follow EU law, which the advocacy group feels has been consistently reaffirmed by the European Court of Justice. “The EU Court of Justice has clearly stated that every national DPA must fully investigate complaints and take the necessary steps to stop the violation. There is no reason why people in Sweden should not have the same rights as everyone else in the EU.” - Max Schrems In several cases, the court has emphasized the importance of data protection authorities investigating complaints with due diligence and taking corrective measures to address any violations. The IMY's practice of sending information letters, rather than conducting a thorough investigation, is seen as a clear disregard for these guidelines. In its appeal, noyb is asking the Administrative Court of Appeal to clarify the importance of Swedish preparatory works and supervisory tradition when interpreting EU regulations. The group argues that while Swedish preparatory works may provide context, they should not take precedence over EU law. The principle of autonomous interpretation of EU law, established in several case law judgments, emphasizes that EU regulations should be interpreted within the context of EU law, not national tradition. The outcome of this case could have significant implications for data protection in Sweden and beyond, serving as a test of whether EU law will be enforced uniformly.

image for SAP Update Addresses ...

 Vulnerability News

A recent surge in critical vulnerabilities has prompted SAP to release its August 2024 security patch update. The SAP update addresses 17 new vulnerabilities that could allow attackers to bypass authentication altogether and gain complete control of affected systems. These vulnerabilities, identified as CVE-2024-41730   show more ...

and CVE-2024-29415, are rated 9.8 and 9.1, respectively, on the CVSS (Common Vulnerability Scoring System) scale, indicating a severe risk of exploitation. SAP Update in Detail According to SAP's official security notes (August 2024 update), CVE-2024-41730 affects SAP BusinessObjects Business Intelligence Platform versions 430 and 440. This vulnerability stems from a "missing authentication check" within a REST endpoint. If a system with Single Sign-On (SSO) enabled is exploited, an unauthorized user could potentially obtain a valid login token, granting them full access to the system. "In SAP BusinessObjects Business Intelligence Platform, if Single Signed On is enabled on Enterprise authentication, an unauthorized user can get a logon token using a REST endpoint," reads the vendor's description of the flaw. "The attacker can fully compromise the system resulting in High impact on confidentiality, integrity and availability." Meanwhile, CVE-2024-29415 poses a threat to applications built with SAP Build Apps (versions older than 4.11.130). This vulnerability is classified as a server-side request forgery (SSRF) flaw and originates from a weakness in the 'IP' package for Node.js. A successful exploit could allow attackers to execute arbitrary code on the targeted system, potentially leading to complete system takeover. Any organization using SAP BusinessObjects Business Intelligence Platform versions 430 or 440, or applications built with SAP Build Apps older than version 4.11.130, are at risk. It's crucial to identify the specific versions of these products used within your organization to determine vulnerability. High Severity SAP Vulnerabilities Of the remaining fixes listed in SAP's bulletin for this month, the four that are categorized as "high severity" (CVSS v3.1 score: 7.4 to 8.2) are summarized as follows: CVE-2024-42374 – XML injection issue in the SAP BEx Web Java Runtime Export Web Service. It affects versions BI-BASE-E 7.5, BI-BASE-B 7.5, BI-IBC 7.5, BI-BASE-S 7.5, and BIWEBAPP 7.5. CVE-2023-30533 – Flaw related to prototype pollution in SAP S/4 HANA, specifically within the Manage Supply Protection module, impacting library versions of SheetJS CE that are below 0.19.3. CVE-2024-34688 – Denial of Service (DOS) vulnerability in SAP NetWeaver AS Java, specifically affecting the Meta Model Repository component version MMR_SERVER 7.5. CVE-2024-33003 – Vulnerability pertaining to an information disclosure issue in SAP Commerce Cloud, affecting versions HY_COM 1808, 1811, 1905, 2005, 2105, 2011, 2205, and COM_CLOUD 2211. Recommendations for Businesses Here's what you can do to protect your systems: Update Immediately: SAP has released patches to address both vulnerabilities. The highest priority should be updating all affected systems to the latest versions as soon as possible. Review Security Configurations: Double-check your security configurations, particularly those related to Single Sign-On (SSO) and access controls. Stay Informed: Subscribe to security advisories from SAP and relevant cybersecurity publications to stay updated on the latest threats and vulnerabilities. Consider Additional Security Measures: Implementing multi-factor authentication (MFA) and network segmentation can add further layers of protection to your systems. The vulnerabilities in SAP Build Apps demonstrate the importance of supply chain security. Businesses should consider the security posture of third-party software vendors and implement measures to mitigate risks associated with integrated solutions. These recent vulnerabilities serve as a stark reminder of the ever-evolving cyber threat landscape. By prioritizing timely patching, implementing strong security controls, and fostering a culture of cybersecurity awareness within the organization, businesses can significantly reduce their risk of falling victim to these attacks. Patching vulnerabilities is just one piece of the puzzle; a comprehensive security strategy is essential to protect your valuable data and critical systems.

image for NIST’s Shield Agai ...

 Cybersecurity News

The U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has taken a step forward in securing the future of digital communications by finalizing its primary set of encryption algorithms designed to withstand the unprecedented challenges posed by quantum cyberattacks. This move marks a   show more ...

milestone in NIST's post-quantum cryptography (PQC) standardization project, an initiative that has been in development for nearly a decade. Quantum Computing Threat to Encryption Quantum computing, a technology that operates on principles radically different from those of classical computers, has the potential to revolutionize various fields, from weather forecasting and drug design to fundamental physics. However, with its immense computational power, quantum computing also poses a serious threat to the security infrastructure that underpins much of our digital world. Current encryption methods, which protect everything from personal emails to national security secrets, could be rendered obsolete by a sufficiently advanced quantum computer. This is where NIST’s new encryption standards come into play. The three newly finalized standards are built with the future in mind, anticipating the rapid development of quantum computing technology. Some experts predict that within a decade, quantum computers could be powerful enough to break existing encryption methods, potentially compromising the security and privacy of individuals, organizations, and even nations. Recognizing this looming threat, NIST has been working diligently to develop cryptographic algorithms that can resist quantum attacks. “These new standards are a testament to America’s commitment to maintaining its status as a global technological leader and securing our economic future,” said Deputy Secretary of Commerce Don Graves. “NIST’s efforts are crucial in addressing the challenges posed by quantum technology, and these standards will help organizations safeguard their data as we move into a post-quantum world.” The Role of Encryption in Modern Society The finalized standards are the result of an extensive eight-year effort that saw NIST rally cryptography experts from around the globe to conceive, submit, and rigorously evaluate potential algorithms. These experts were tasked with developing cryptographic solutions that could withstand the unique threats posed by quantum computers. The outcome is a set of standards that include detailed computer code, implementation instructions, and guidelines for their intended use. NIST’s PQC project reflects the agency’s longstanding role in developing encryption standards, which are vital for protecting electronic information in our increasingly digital society. Encryption ensures that data sent across public networks remains unreadable to all but its intended recipients, safeguarding everything from personal communications to critical national security information. The Quantum Computing Challenge Traditional encryption methods rely on complex mathematical problems that are currently difficult or impossible for classical computers to solve. However, a sufficiently advanced quantum computer could potentially solve these problems in a fraction of the time, rendering traditional encryption useless. To counter this threat, the algorithms NIST has standardized are based on different mathematical problems, ones that are resistant to both classical and quantum computational attacks. “These finalized standards provide the tools necessary for general encryption and digital signature protection,” said Dustin Moody, a NIST mathematician and head of the PQC standardization project. “We strongly encourage system administrators to begin integrating these standards into their systems immediately, as full integration will take time.” Moody emphasized that while these standards are the primary tools for securing data against quantum threats, NIST is also working on additional sets of algorithms that could serve as backup standards in the future. One of these additional sets consists of three algorithms designed for general encryption, based on a different type of mathematical problem than those in the current standards. NIST plans to announce its selection of one or two of these algorithms by the end of 2024. Expanding Digital Signature Options Another set under evaluation includes a larger group of algorithms designed specifically for digital signatures. In 2022, NIST invited the public to submit additional algorithms for consideration, and the agency is now in the process of evaluating these submissions. In the near future, NIST expects to announce about 15 algorithms from this group that will proceed to the next round of testing and evaluation. While NIST continues its work on these additional sets of algorithms, Moody reassured that the three algorithms announced today are robust and ready for immediate use. “There is no need to wait for future standards,” he said. “These new standards are the main event, and we need to be prepared for any potential quantum threats that might emerge.” In conclusion, the finalization of these encryption standards represents a critical advancement in the field of cybersecurity. As quantum computing technology continues to evolve, the need for robust, future-proof encryption will only become more pressing. NIST’s efforts to develop and standardize these algorithms are a vital step toward ensuring the security and privacy of our digital world in the face of emerging quantum threats.

image for Revealing the UTG-Q- ...

 Firewall Daily

Cybersecurity researchers have uncovered a sophisticated campaign attributed to the UTG-Q-010 group, targeting entities within the cryptocurrency sector. This campaign, marked by the use of advanced tactics and tools, notably features the open-source Pupy RAT and a newly updated DLL loader.  Cyble Research and   show more ...

Intelligence Labs (CRIL) published an in-depth report today about the the UTG-Q-010 group, a financially driven Advanced Persistent Threat (APT) actor originating from East Asia. This group is known for its methodical and strategic operations aimed at specific industries. The latest campaign, which emerged in May 2024, highlights UTG-Q-010’s adaptability. Overview of the UTG-Q-010 Campaign and Pupy RAT The UTG-Q-010 campaign primarily targets cryptocurrency enthusiasts and human resources (HR) departments, reflecting a strategic approach to exploit these groups’ vulnerabilities. By focusing on these sectors, the threat actors demonstrated a sophisticated understanding of their targets' interests and potential high-value returns. Spear phishing emerged as the initial attack vector, with the threat actors using emails that appeared to be related to cryptocurrency events or job resumes. This strategy of embedding malicious content in enticing lures indicates a high level of planning and sophistication aimed at increasing the success rate of their phishing attempts. A significant component of the campaign involves the use of a Windows shortcut (LNK) file, which, when executed, triggers a sequence of malicious actions. The LNK file is crafted to exploit a DLL loader, specifically an updated version designed to bypass traditional security measures. Technical Execution: DLL Loader and Pupy RAT Here are some of the technical details of the campaign. Malicious LNK File and DLL Loader: The campaign utilized a ZIP file named "MichelinNight.zip," which contained a malicious LNK file disguised as a PDF. This LNK file was designed to execute several commands, ultimately leading to the download and execution of a loader DLL. The loader, named "faultrep.dll," is notable for its advanced evasion techniques, including checks for sandbox environments and virtual machines. [caption id="attachment_86815" align="alignnone" width="752"] PDF file embedded within faultrep.dll (Source: Cyble)[/caption] Loader DLL’s Evasion Techniques: The loader DLL is programmed to detect whether it is running in a sandbox or virtual environment. It does this by checking for common sandbox-related usernames, MAC address prefixes associated with virtual environments, and specific virtualization-related artifacts. Additionally, the loader verifies the presence of an active internet connection before downloading the final payload. In-Memory Execution and Reflective DLL Loading: Once the loader DLL confirms its operational environment, it downloads and decrypts the final payload—a Pupy RAT DLL file. This payload is executed in memory using reflective DLL loading, a technique that significantly reduces the likelihood of detection and minimizes the malware’s footprint on the host system. Pupy RAT: The Core of the Campaign Pupy RAT, a potent and versatile remote access tool, plays a crucial role in the UTG-Q-010 campaign. Developed in Python, it operates stealthily through an in-memory execution model, which helps it evade detection by traditional security systems. Pupy RAT is notable for its cross-platform compatibility, in-memory execution that avoids leaving traces on disk, and reflective process injection that enhances its stealth by executing within legitimate processes. Additionally, it supports dynamic capability expansion by loading and executing remote code directly from memory without requiring disk writes. Historically, the UTG-Q-010 group has engaged in sophisticated phishing campaigns targeting sectors such as pharmaceuticals and gaming. Their recent focus on cryptocurrency, leveraging advanced tools like Pupy RAT, signifies an evolution in their tactics as they adapt to exploit new high-value targets. Defensive Recommendations To defend against sophisticated campaigns like those from UTG-Q-010, organizations should implement several key measures. These include Advanced email filtering to detect spear phishing and malicious attachments, especially LNK files; Training employees, particularly in cryptocurrency and HR departments, to recognize and avoid phishing attempts; Deploying Endpoint Detection and Response (EDR) solutions to identify abnormal behaviors such as unauthorized DLL sideloading and in-memory execution.  Additionally, setting up rules to detect sandbox evasion and reflective DLL loading, managing administrative privileges to limit unauthorized access, segmenting the network to contain potential breaches, and staying updated with threat intelligence are crucial steps.

image for Malware Payloads, Ta ...

 Cybersecurity News

On June 20, 2024, security researchers identified multiple intrusion attempts by threat actors utilizing techniques, tactics, and procedures (TTPs) consistent with an ongoing social engineering campaign, with AnyDesk and Microsoft Teams tools playing central roles in the hacking scheme. These researchers observed   show more ...

significant evolution in the tools and payloads used by the threat actors during investigations of the aggressive campaign. AnyDesk and Microsoft Teams Misused By Hackers Researchers from Rapid7 observed that the campaign begins with an email bomb, followed by a phone call to the victim using Microsoft Teams. The threat actor then convinces the user to download and install AnyDesk, a remote access tool that allows the adversary to take control of the user's computer. Once control is established, the threat actor executes payloads on the system and exfiltrates stolen data. In some cases, the adversary has used credential harvesting scripts, such as a 32-bit .NET executable called AntiSpam.exe. This application pretends to be a spam filter updater, prompting the user to enter their credentials into a pop-up window. The entered credentials are saved to disk, along with system enumeration information. The executable has undergone changes across versions, indicating active development. Following the credential harvesting, threat actors executed a series of binaries and PowerShell scripts to attempt to establish a connection with their command and control (C2) servers. Researchers had observed follow-on payloads with names like update1.exe, update4.exe, and update7.ps1, all of which stay consistent with the social engineering lure. Payloads and Technical Analysis These payloads include SystemBC malware, which acts as a dropper and socks proxy; Golang HTTP beacons, which seem to serve as a C2 framework; socks proxy beacons, which can route connections; and a Beacon Object File (BOF) that was converted from a Cobalt Strike module to a standalone executable. Of note, the payload update6.exe will attempt to exploit CVE-2022-26923 to add a machine account, which can then be used by the threat actor for Kerberoasting. In addition, the researchers had observed the use of reverse SSH tunnels and the Level Remote Monitoring and Management (RMM) tool to facilitate lateral movement and retain access within compromised environments. Researchers have analyzed several of the compiled payloads, revealing that many have been signed with the same certificate. The analysis of AntiSpam.exe, update1.exe, update2.dll, and update4.exe provides valuable insights into the techniques employed by the threat actors. AntiSpam.exe: This payload allocates a console window to display messages to the user, printing a fake loop 1023 times to the console window. The program then prompts the user to enter their credentials, which are validated using the ValidateCredentials method. The payload also executes enumeration commands via cmd.exe and saves the output to a file. update1.exe: This payload pretends to be an installer for Yandex Disk, but in reality, it loads, decrypts, and executes a second executable from an embedded resource using local PE injection. update2.dll: This payload presents itself as a fake AMD DirectX driver library, loading a second-stage executable payload via local PE injection. The second-stage payload reaches out to several C2 addresses using a Golang HTTP library. update4.exe: This payload appears to be a copy of APEX Scan, an antivirus scanner created by Trend Micro. Conclusion The threat actors behind this ongoing social engineering campaign have demonstrated a willingness to adapt their techniques, shifting from credential harvesting batch scripts to a .NET executable. The following practices outlined by Cyble researchers can help in the first line of control against attackers. Prevent the execution of any unapproved RMM solutions within the environment. Block domains associated with all unapproved RMM solutions. Organizations should regularly conduct security awareness and information security training to identify and prevent common social engineering attacks. Keep your devices, operating systems, and applications updated. Use a reputable antivirus and internet security software package on your system.

image for New Cybersecurity Co ...

 Firewall Daily

The Kamala Harris presidential campaign has recently been thrust into the spotlight following reports of foreign influence in the 2024 United States presidential election. This targeted threat comes on the heels of similar cyberattacks against Donald Trump’s campaign, believed to involve Iranian operatives. The FBI   show more ...

has confirmed that Harris's campaign was warned about these malicious efforts, reigniting concerns over foreign interference in U.S. elections. Kamala Harris Presidential Campaign Targeted by Hackers According to NBC News, the Kamala Harris presidential campaign has reassured the public that its cybersecurity measures have successfully thwarted any actual breaches. The campaign stated, "We have robust cybersecurity measures in place, and are not aware of any security breaches of our systems resulting from those efforts. This confirmation from Harris’s team is significant as it evokes memories of the 2016 presidential election when Russia was believed to have hacked the Democratic National Committee (DNC) to destabilize Hillary Clinton’s campaign and bolster Donald Trump’s bid for the presidency. The stolen files were subsequently leaked by WikiLeaks, influencing the election's narrative. This time, the FBI's investigation into the Kamala Harris presidential campaign and other political entities reveals a larger threat on the US elections. Reports from the Washington Post indicate that the Biden-Harris campaign, before Joe Biden's withdrawal and Harris's subsequent nomination as the Democratic presidential candidate, also faced phishing attempts.  The emails targeted three Biden-Harris staff members and were designed to appear legitimate to gain unauthorized access to email communications. In contrast, recent reports suggest that the Trump campaign suffered a more substantial breach. The Washington Post, Politico, and the New York Times have all reported receiving files allegedly stolen from the Trump campaign.  Cyberattack on Trump Campaign by Iranian Hackers A Trump campaign spokesperson confirmed the hack occurred in June but did not initially report the incident to the FBI, citing mistrust of the agency. The Trump campaign's spokesperson stated, “The documents were illegally obtained by foreign sources hostile to the United States.” Despite this, Iranian officials have denied any involvement, and the U.S. government has yet to formally accuse Iran of orchestrating the attack, reported BBC.  Iranian hackers were also reported to have targeted Roger Stone, a longtime ally of Trump, as part of the phishing scheme. Stone disclosed to the Washington Post that his personal email accounts had been compromised and he was cooperating with authorities. Adding complexity to the situation, U.S. intelligence officials have linked Iran to broader efforts to disrupt Trump's re-election campaign. Speculation suggests that these activities might be in response to heightened tensions, such as recent geopolitical conflicts involving Iran and Israel. The FBI’s investigation into these hacking attempts was reportedly initiated in early summer, following the attacks on both Trump and Biden-Harris campaigns. Microsoft's Threat Analysis Center (MTAC) confirmed that an unnamed U.S. presidential campaign was targeted by Iranian hackers with a spear-phishing email in June. Democratic lawmakers, including Congressman Adam Schiff and Congressman Eric Swalwell, have called for a swift and transparent investigation into these incidents. Schiff criticized the intelligence community's delayed response to the 2016 Russian hacking and urged quicker action this time around. Swalwell echoed similar sentiments, emphasizing that regardless of past actions or affiliations, the U.S. must not tolerate foreign interference in its democratic processes.

image for From Celebrations to ...

 Firewall Daily

As India prepares to celebrate its 78th Independence Day on August 15, 2024, with nationwide festivities marking the end of nearly 200 years of British colonial rule, the spirit was dampened somewhat by a widespread hacktivism attack targeting the Independence Day cybersecurity measures. The day, which honors the   show more ...

sacrifices of those who fought for India's freedom and reflects the government's vision of a developed nation by 2047, has become a prime target for cyberattacks. This year, both India and Pakistan have seen a troubling surge in cyber incidents, revealing the darker side of digital activism. The theme for this year's Independence Day, ‘Viksit Bharat,’ highlights the country's ambitious plans to achieve developed status by the centennial of its independence. However, amid the celebrations, the digital infrastructure of both India and Pakistan is under assault. Hacktivist groups, exploiting the festive atmosphere, have launched a series of coordinated cyberattacks aimed at disrupting and defacing online platforms, stealing data, and spreading propaganda. The Great Independence Day Cybersecurity Threat [caption id="attachment_86805" align="alignnone" width="712"] Cyble Vision excerpt on hacktivism incidents targeting India (Source: Cyble)[/caption] Cybersecurity firm Cyble has reported a significant uptick in hacktivist activities coinciding with Independence Day celebrations. According to the new report, the first signs of these attacks emerged at midnight on August 14, with various groups claiming responsibility for targeting over 100 websites. These attacks range from Distributed Denial of Service (DDoS) to website defacements and data leaks, reflecting an ongoing threat targeting Independence Day cybersecurity. Several hacktivist groups have recently gained attention for their Independence Day cyberattacks. Team Insane Pakistan, a pro-Pakistan faction, launched the '#OpIndia' campaign, focusing on defacing Indian websites and breaching data. [caption id="attachment_86806" align="alignnone" width="292"] Team Insane Pakistan announces the OpIndia campaign (Source: Cyble)[/caption] Similarly, Team Azrael – Angel of Death, a pro-Palestinian group, has targeted a Rajasthan state government department’s mail server, posting videos of compromised email panels and phishing attempts. They also struck local news channels in Punjab and a defense sector public unit. SILENT CYBER FORCE has attacked 25 Indian websites, leaking login credentials for unauthorized access. Moroccan Soldiers and the Moroccan Black Cyber Army have defaced numerous Indian websites across the education, travel, and entertainment sectors. Additionally, THE ANONYMOUS BANGLADESH, a pro-Bangladeshi group, breached an Indian Law Association, granting illicit backdoor access to other attackers. The Massive Retaliatory Operation and Previous Cybersecurity Instances In response to these  Independence Day cybersecurity threats, pro-Israeli and pro-Indian hacktivist groups are gearing up for retaliation. Anonymous Israel, breaking a year-long silence since April 2023, has announced ‘#PAYBACK 2024’. This retaliatory campaign aims to target entities in Bangladesh, Pakistan, Indonesia, Malaysia, Morocco, and Palestine, in collaboration with pro-Indian hacktivists. [caption id="attachment_86809" align="alignnone" width="552"] Pro-Israeli hacktivist groups announce the retaliatory campaign 'PAYBACK 2024' (Source" Cyble)[/caption] Hacktivist Escalation Part of Broader Trend The escalation of hacktivist activities reflects a broader trend observed in recent years. For instance, last year’s Independence Day saw thousands of Indian websites targeted as part of a coordinated campaign. The methods used included DDoS attacks, website defacements, and user account takeovers, demonstrating the widespread nature of these cyber operations. The history of hacktivism on Independence Day is marked by recurring themes of defacement and data breaches. In 2022, for example, the campaign known as OpsPatuk, initiated by DragonForce Malaysia, was a prominent example. Although DragonForce Malaysia distanced itself from the campaign in June 2022, the hacktivist activities continued under the name OpIndia. On February 5, 2023, Team Insane PK revived the OpIndia campaign on Kashmir Solidarity Day, targeting Indian websites and leaking sensitive documents. Team Insane PK, known for its wide-reaching cyberattacks, has also targeted government websites in Pakistan, justifying their actions with religious motives. In March 2023, Mysterious Team Bangladesh launched ‘Operation Payback,’ targeting Indian websites and leaking files from previous security breaches. This group, active since 2012, has been involved in various campaigns, including OpIndia, OpsPatuk, and OpIsrael. Their activities illustrate the long-standing nature of cyber conflicts in the region. For both India and Pakistan, the Independence Day cyberattacks highlight the geopolitical nature of cybersecurity actors, including those who hold grudges against nations and those attempting to spread propaganda. With each year bringing new tactics and more aggressive campaigns, the focus on cybersecurity must remain a priority.

image for Enzo Biochem to Pay ...

 Cybersecurity News

Enzo Biochem, Inc., a biotechnology company providing diagnostic testing services, has agreed to pay $4.5 million to resolve regulatory charges that its lax security protocols contributed to a cyberattack in April 2023. The Enzo Biochem data breach compromised the personal and private health information of   show more ...

approximately 2.4 million patients, including Social Security numbers, health histories, and other sensitive data. This settlement by Enzo Biochem announced on Tuesday, was secured by attorneys general of New York, New Jersey, and Connecticut, following investigations that uncovered severe lapses in the company's data security practices. New York Attorney General Letitia James, in partnership with her counterparts in Connecticut and New Jersey, emphasized the gravity of Enzo’s failure to protect patient data. "Getting blood work or medical testing should not result in patients having their personal and health information stolen by cybercriminals," Attorney General James stated. Healthcare companies like Enzo that do not prioritize data security put patients at serious risk of fraud and identity theft. Data security is part of patient safety, and my office will continue to hold companies accountable when they fail to protect New Yorkers. Details of the Enzo Biochem Data Breach and Lapses The Enzo Biochem cyberattack in question occurred in April 2023, when attackers were able to gain access to Enzo's systems using two employee login credentials. An investigation by the Office of the Attorney General (OAG) revealed that these credentials were shared among five employees, and one of them had not been updated in over a decade, creating a significant vulnerability. Once inside the system, the attackers installed malicious software across several of Enzo's systems, allowing them to steal vast amounts of data unnoticed. One of the most important aspects of Enzo Biochem data breach was the lack of a proper monitoring system. Enzo was unaware of the unauthorized access for several days, a delay that enabled the attackers to extract sensitive patient information, including names, addresses, dates of birth, phone numbers, Social Security numbers, and medical treatment or diagnosis details. The Enzo Biochem data breach affected 2.4 million patients, with 1,457,843 of them residing in New York. Settlement and Future Obligations As part of the settlement, Enzo Biochem has agreed to a series of stringent measures to enhance its cybersecurity protocols. These measures are aimed at preventing future breaches and ensuring that the company complies with the highest standards of data protection. The key provisions of the settlement include: Comprehensive Information Security Program: Enzo is required to maintain a robust information security program designed to protect the security, confidentiality, and integrity of private information. Access Control Policies: The company must implement and maintain policies and procedures that limit access to personal information, ensuring that only authorized personnel can access sensitive data. Multi-Factor Authentication (MFA): Enzo is mandated to implement and maintain MFA for all individual user accounts, adding an extra layer of security to prevent unauthorized access. Password Management: The settlement requires the establishment and maintenance of policies that enforce the use of strong, complex passwords and regular password rotation to mitigate the risk of credential-based attacks. Data Encryption: All personal information, whether stored or transmitted, must be encrypted to protect it from unauthorized access. Annual Risk Assessments: Enzo must conduct and document annual risk assessments to identify and address potential security vulnerabilities. Incident Response Plan: The company is also required to develop, implement, and maintain a comprehensive incident response plan to address any future data security issues promptly. New York will receive $2.8 million of the $4.5 million penalty, while the remaining amount will be distributed between New Jersey and Connecticut. This settlement by Enzo Biochem not only holds Enzo accountable but also serves as a stern warning to other companies in the healthcare industry about the critical importance of robust cybersecurity measures. Ongoing Efforts to Enhance Data Security This Enzo Biochem data breach case is part of a broader effort by Attorney General James to improve data security practices across various industries. In recent months, her office has taken several actions to hold companies accountable for poor cybersecurity and to provide guidance on best practices. These efforts include launching privacy guides for businesses and consumers, issuing alerts on identity theft protection services, and leading a coalition to address the rise of social media account takeovers. Earlier this year, Attorney General James released a comprehensive data security guide aimed at helping companies strengthen their data protection practices. James also issued a business guide on preventing credential stuffing attacks, which are increasingly being used by cybercriminals to gain unauthorized access to user accounts.

image for Russia Spreading Dee ...

 Deepfake

Deepfakes and Misinformation: Russia's old but renewed playbook! As Ukraine continues to bomb the Russian border region of Kursk in a "surprise incursion" with missiles and drones to move deeper into the mainland, the Kremlin is not just using its military might but also its specialized psychological   show more ...

operations juggernaut to push back and attempt to demoralize Ukrainian forces and allies by discrediting and accusing them of war crimes. The Federal Security Service of the Russian Federation (FSB) is using Ukraine's Kursk operation to "baselessly accuse" Kyiv's soldiers of committing war crimes, the Security Service of Ukraine (SBU) said in a Telegram post. "For this purpose, the Russian side creates and distributes various fakes and misinformation that have nothing to do with reality," the SBU said. Disinformation and PsyOps is employed as a last resort when the probability of countering the offensive actions of the enemy's armed forces diminishes, the Ukrainian defenders said. [caption id="attachment_86840" align="aligncenter" width="600"] Source: The Center for Countering Disinformation[/caption] Russia's Propaganda Playbook: Fake Testimonies and Staged War Crimes According to Andriy Kovalenko, head of the Center for Countering Disinformation and an officer in the Ukrainian Defense Forces, the deepfakes and misinformation created by Russia includes visuals and claims of the Ukrainian military allegedly killing civilians, intimidating them, looting, and committing other serious war-time crimes. These fakes are based on made up "testimonies of local witnesses" and interrogations of "Ukrainian prisoners of war," Kovalenko said. "The enemy has no evidence to support these claims and resorts to manipulation and lies." The SBU expects the Russian special services to stage war crime acts in coming days, in particular against the civilian population of the Kursk region, in order to later accuse the Ukrainian side of committing them. A UN-backed investigation had earlier accused Russia of war crimes in Ukraine, but Putin had vehemently refuted these claims even after a Russian soldier confessed to executing a civilian. Kyiv claimed to have evidence of Moscow using creative agencies and theater studios - that are secretly funded by the Russian Ministry of Defense - to produce fake content supposedly from Ukrainian-occupied territories. CCD has previously documented multiple fake videos involving actors posing as Ukrainian soldiers, produced by the "Krylya" studio, which it links to the Russian Ministry of Defense. PsyOps Objectives The objective of these PsyOps of the Russian propaganda engine is to distract the international community from Russian crimes in Ukraine and provide a basis for new accusations against Kyiv, Kovalenko said. One of the deepfakes spread across various channels in Russia is about NATO troops participating in the combat operations at Kursk. This deepfake is used as scare tactics to further intimidate Russians with a "western threat" sentiment and spreading disinformation in the South-Asian countries, Kovalenko stated. Another fake news report that Russia was found spreading on Wednesday, according to the CCD, is that of Ukrainians targeting churches in Kursk region. [caption id="attachment_86841" align="aligncenter" width="600"] Source: The Center for Countering Disinformation[/caption] These claims are solely based on statements from the clergy of the remarkably pro-Kremlin Russian orthodox church, who alleged that Ukrainian forces destroyed the Church of the Ascension and the Gornal St. Nicholas Belogorskiy Monastery. "There is no credible evidence to back up these accusations," the CCD said. "In reality, Ukrainian forces strictly follow international law and do not commit acts of violence against non-combatants. The enemy’s daily accusations against the Ukrainian Armed Forces are pure disinformation and manipulation aimed at discrediting Ukraine on the world stage." - Center for Countering Disinformation But why spread disinformation about destruction of churches, one may wonder. Well, this is to incense Russia's right-wing supporters in the West, according to the CCD. "The fakes about Ukrainians destroying churches are mainly aimed at a Western audience, especially in the U.S., where religious persecution is a particularly sensitive issue ahead of the presidential election," the CCD explained. The Security Service of Ukraine warns that such attempts are futile and will not affect either the offensive actions of the Armed Forces or the opinion of the country's international partners. Meanwhile, on the battlefield in Kursk, Ukraine has further advanced into Russia, Zelensky said, as his troops offensive entered second week. Russia seems to be caught off guard and sent scrambling as another Russian border region, Belgorod, declared a regional emergency. Russia made claims of retaliation but with nearly 200,000 Russians evacuated, the Kremlin has much to worry about "one of the biggest incursions into Russia in decades."

image for Columbus Mayor Confi ...

 Cybersecurity News

Columbus Mayor Andrew Ginther addressed the public on the recent City of Columbus cyberattack that targeted the city’s IT infrastructure in July 2024, confirming that the data stolen by the overseas ransomware organization Rhysida was ultimately unusable. The mayor assured that no personal information was leaked on   show more ...

the dark web, offering some relief to city employees and residents concerned about the security of their sensitive data. Details of the City of Columbus Cyberattack The July 2024 City of Columbus cyberattack was a strange incident, as Rhysida, a notorious overseas ransomware group, claimed responsibility for the data breach. The group asserted that they had stolen 6.5 terabytes of city data, including employee passwords and login information. However, Mayor Ginther stated that the data stolen by the attackers was either encrypted or corrupted, rendering it largely unusable. “Sensitive files were either encrypted or failed to make them usable,” said Ginther. “The personal data that the threat actor published to the dark web was either encrypted or corrupted, and the majority of the data posted by the actor was unusable.” This was the first time the mayor publicly confirmed that Rhysida was behind the City of Columbus cyberattack, which had sparked fears among city employees, including police and fire personnel, that their personal information had been compromised. However, Ginther was quick to clarify that any thefts of personal information that occurred after the City of Columbus cyberattack were likely linked to other cybercriminals and not the direct result of the ransomware attack. “That’s not related to this cyberattack; it’s other criminals and bad actors that are taking advantage of the cyber threat, based on what we know,” Ginther emphasized, distancing the incident from broader concerns about widespread data leaks. No Ransom Demanded, City Takes Precautionary Measures One of the notable aspects of this City of Columbus  cyberattack was the absence of a ransom demand. Typically, ransomware attacks involve hackers encrypting a victim’s data and demanding payment in exchange for the decryption key. In this case, however, no such demand was made, adding a layer of complexity to the situation. Despite the hackers’ claims of accessing a large volume of city data, Ginther reiterated that no taxpayer or employee personal information was made available on the dark web. However, he acknowledged that employee records were accessible during the ransomware attack, which has led to concerns about potential long-term risks. To address these concerns and protect its employees, the city initially offered free credit monitoring and identity theft protection services to all current city employees. In a recent update, this offer has been extended to all former employees as well, ensuring that everyone potentially affected by the breach has access to these vital protective measures. Financial Impact and Cybersecurity Enhancements The financial implications of the City of Columbus cyberattack are significant, with Mayor Ginther estimating that the city will have spent several million dollars dealing with the aftermath. These costs include not only the immediate response to the breach but also the ongoing efforts to prevent future attacks. In response to the City of Columbus cyberattack, City is taking decisive action to bolster its cybersecurity defenses. The city’s Department of Technology, which played a crucial role in identifying and mitigating the threat, is now focused on implementing enhanced cybersecurity measures and increasing technology training for city employees. These steps are aimed at preventing a recurrence of such incidents and ensuring that the city’s IT infrastructure is better equipped to handle potential threats. Incident Response and Collaboration with Federal Agencies The July 2024 City of Columbus data breach initially raised concerns that it was caused by a city employee inadvertently clicking on a malicious link in an email. However, further forensic investigation revealed that the threat actor gained access to the city’s system through a website download. Upon detecting the breach, the city’s Department of Technology quickly severed internet connectivity to limit the potential exposure and prevent the encryption of additional data. The city also engaged federal agencies, including the FBI and Homeland Security, as well as cybersecurity experts, to eradicate the threat and ensure compliance with applicable laws. “We appreciate the grace our residents have offered us amidst service delays and the dedication of our employees working to keep our city running,” said Ginther, acknowledging the challenges faced by both residents and city workers during this period. Commitment to Data Security The City of Columbus is committed to the safety and security of its employees and residents, particularly in the wake of this cyberattack. In addition to offering Experian credit monitoring services, which include credit monitoring by all three major bureaus, identity theft restoration services, and dark web monitoring for two years, the city is also enhancing its overall cybersecurity posture. Moving forward, the focus will be on increasing cyber awareness and ensuring that all city employees are equipped with the knowledge and tools needed to prevent future breaches.

image for Ensuring Compliance: ...

 Business News

In today's hyper-connected world, businesses rely heavily on third-party vendors, suppliers, and partners to deliver a wide range of services. While these partnerships create opportunities for growth and efficiency, they also introduce a new layer of risk – third-party risk management. Third-party risk   show more ...

encompasses a broad spectrum of potential threats. These include cyberattacks facilitated through vulnerable vendor systems, data breaches caused by lax data security practices in the supply chain, operational disruptions due to third-party failures, and even reputational damage if a partner is involved in ethical misconduct. For Chief Financial Officers (CFOs), managing third-party risk has become a critical aspect of ensuring compliance and safeguarding the financial health of the organization. Here's a closer look at the challenges and opportunities faced by the modern CFO surrounding third-party risk management. Third-Party Risk Management Compliance Regulatory landscapes are constantly evolving, and compliance with data privacy regulations like GDPR and CCPA adds another dimension to third-party risk management. These regulations hold companies accountable for the data security practices of their vendors, making it crucial for CFOs to ensure their third-party ecosystem adheres to these standards. A 2019 Deloitte report highlights the increasing pressure on CFOs to address third-party risk. The report states, "Many risks arise from suppliers and third parties, and that threat is increasing as companies continually look to outsource to curtail expenses and boost profitability. CFOs play a pivotal role in driving compliance within the organization. Partnering with the Chief Compliance Officer (CCO) and leveraging technology solutions for vendor risk assessments and continuous monitoring are some key strategies CFOs can employ to maintain compliance in the third-party landscape. CFO Strategies for Third-Party Risk CFOs are uniquely positioned to champion robust third-party risk management practices. Here are some key strategies they can implement: Cost-Benefit Analysis: CFOs can lead the charge in conducting thorough cost-benefit analyses when evaluating potential third-party partnerships. This analysis should not only consider the financial benefits but also factor in the potential risks associated with each vendor. Standardized Onboarding Process: Implementing a standardized onboarding process for third-party vendors ensures consistency and reduces the risk of overlooking critical security checks. This process should include thorough due diligence, robust cybersecurity assessments, and the establishment of clear contractual terms regarding data security and risk management. Continuous Monitoring: A "set it and forget it" approach to third-party risk management is a recipe for disaster. CFOs should advocate for continuous monitoring of third-party vendors. This includes tracking changes in their security posture, monitoring data breaches, and ensuring they remain compliant with relevant regulations. A recent article on Security Magazine emphasizes the importance of collaboration. The article states, "CFOs are uniquely positioned to bridge the gap between cybersecurity and business operations." By fostering a culture of collaboration between finance, IT security, and procurement teams, CFOs can create a more holistic approach to managing third-party risk. Compliance in Third-Party Risk Management Compliance within third-party risk management goes beyond just ticking regulatory boxes. It's about establishing a proactive approach that identifies and mitigates potential risks before they materialize. Here are some key aspects of achieving compliance: Vendor Contracts: Strong vendor contracts with clear language outlining data security expectations, breach notification protocols, and risk mitigation responsibilities are essential for compliance. Data Sharing Agreements: Clear data sharing agreements with third-party vendors ensure that data is handled responsibly and in accordance with regulations. Incident Response Planning: Having a well-defined incident response plan in place allows for a swift and coordinated response in the event of a data breach or other security incident involving a third party. A CFO's Guide to Governance, Risk, and Compliance, a whitepaper by Scrut.io, highlights the importance of a risk-based approach. The paper states, "A risk-based approach to compliance focuses on identifying and prioritizing the most significant risks to the organization, and then allocating resources accordingly." By adopting a risk-based approach, CFOs can ensure they are focusing their compliance efforts on the areas that pose the greatest potential threat. Managing Third-Party Risk CFO Insights CFOs can leverage their financial expertise and strategic thinking to gain valuable insights into third-party risk management. Here are some key considerations: Financial Impact of Third-Party Risk: Quantifying the potential financial impact of a third-party risk incident can help prioritize resources and secure buy-in from other stakeholders within the organization. Cost Optimization in Risk Management: CFOs can play a key role in finding cost-effective solutions for third- party risk management. This includes leveraging technology to automate processes, negotiating favorable contract terms with vendors, and exploring risk transfer options like insurance. Risk-Based Approach: A risk-based approach to third-party risk management allows CFOs to prioritize resources and allocate them effectively to address the most critical risks. By focusing on high-impact areas, CFOs can optimize their risk management efforts. Third-Party Risk Management Best Practices CFO To effectively manage third-party risk, CFOs should consider implementing the following best practices: Vendor Risk Assessment Frameworks: Developing a comprehensive vendor risk assessment framework that aligns with the organization's risk appetite is crucial. This framework should include factors such as industry, location, data sensitivity, and contract terms. Regular Vendor Reviews: Conducting regular reviews of existing vendors to assess their ongoing performance and compliance with security standards is essential. This helps identify potential risks early on. Incident Response Plan: Having a well-defined incident response plan in place for third-party-related incidents is crucial for mitigating damage and restoring operations quickly. Data Privacy and Protection: Ensuring that third-party vendors have robust data privacy and protection measures in place is paramount. CFOs should collaborate with the data privacy officer to establish clear guidelines and monitor compliance. Emerging Risk Monitoring: Staying informed about emerging threats and vulnerabilities in the third-party ecosystem is essential. CFOs should encourage their teams to attend industry conferences, webinars, and training sessions to stay updated on the latest trends. By implementing these best practices and fostering a culture of risk awareness within the organization, CFOs can significantly reduce the impact of third-party risks and protect the company's bottom line. Third-party risk management is a complex and evolving challenge for CFOs. By understanding the risks, implementing effective strategies, and fostering collaboration across departments, CFOs can play a pivotal role in safeguarding their organization's financial health and reputation. Ready to fortify your organization’s defenses? Discover how Cyble’s advanced threat intelligence and third-party risk management solutions can elevate your security strategy. Schedule a free demo to see how Cyble’s cutting-edge technology can help you stay ahead of cyber threats and manage your third-party risks effectively. Cyble has also issued a case study report on ‘Supply Chain Attacks and 3rd Party Risk Management’ which can be downloaded at this link. Schedule a Demo Today!

image for Critical Vulnerabili ...

 Cybersecurity News

The Azure Health Bot Service, a cloud platform designed for healthcare organizations to create and deploy AI-powered virtual health assistants, has been found vulnerable to multiple privilege-escalation issues. Researchers discovered a server-side request forgery (SSRF) vulnerability (CVE-2024-38109) that allowed   show more ...

access to cross-tenant resources within the service, potentially enabling lateral movement to other resources. Privilege Escalation Flaw in Azure Health Bot Service The Azure Health Bot Service enables healthcare providers to create patient-facing chatbots that interact with external data sources, such as patient information portals or medical reference databases. Tenable researchers discovered that the "Data Connections" feature, designed to allow bots to interact with external data sources, could be exploited through a server-side request forgery (SSRF) attack. [caption id="attachment_86636" align="alignnone" width="1338"] Source: https://www.tenable.com/blog/[/caption] By exploiting the Data Connections and third-party request APIs, the researchers performed various test connections and discovered that common endpoints, like Azure's Internal Metadata Service (IMDS), were initially inaccessible. However, by configuring a data connection to an external host under their control and exploiting redirect responses (301/302 status codes), the researchers were able to bypass server-side mitigations and gain access to Azure's Internal Metadata Service (IMDS). With a valid metadata response, researchers obtained an access token for management.azure.com and subsequently listed the subscriptions they had access to via an API call. This led to a list of hundreds of resources belonging to other customers, indicating cross-tenant information. Responsible Disclosure and Microsoft Follow-up After reporting the initial findings to Microsoft's Security Response Center (MSRC), the researchers confirmed that the issue had been resolved. Microsoft's MSRC acknowledged the report as well as the researcher findings and began investigating the issue on June 17, 2024. Within a week, fixes were rolled out to all regions, and by July 2, MSRC confirmed that all affected environments had been patched. According to Microsoft's security update guide for the CVE-2024-38109 flaw, "The vulnerability documented by this CVE requires no customer action to resolve." The researchers retested the original proof-of-concepts and found that the fix simply rejected redirect status codes for data connection endpoints, eliminating the attack vector. However, a second vulnerability had been discovered in the validation mechanism for FHIR (Fast Healthcare Interoperability Resources) endpoints during testing. While this issue had a limited impact, researchers immediately halted their investigation and reported the finding to Microsoft, opting to respect MSRC's guidance regarding accessing cross-tenant resources. Fixes for this issue were available by July 12. The researchers clarified that the vulnerabilities they had discovered involved weaknesses in the underlying architecture of the AI chatbot service rather than the AI models themselves.

image for Microsoft Tackles 9 ...

 Cybersecurity News

Microsoft has released its August 2024 Patch Tuesday update, addressing multiple vulnerabilities across its software ecosystem. This month’s update features fixes for a total of 90 vulnerabilities, including nine classified as zero-day exploits. Notably, six of these zero-day vulnerabilities are actively exploited,   show more ...

while three have been publicly disclosed.  Compared to the previous month’s release, which tackled 142 vulnerabilities, this update is notably smaller. The vulnerabilities addressed this month are primarily categorized as follows: 41% are related to elevation of privilege (EoP) issues, while 33% involve remote code execution (RCE).  Key Highlights of Microsoft August 2024 Patch Tuesday Update Among the nine zero-day vulnerabilities addressed this month, six are actively exploited. Notable vulnerabilities include CVE-2024-38202, an elevation of privilege (EoP) issue in the Windows Update Stack; CVE-2024-21302, an EoP flaw affecting the Windows Secure Kernel; CVE-2024-38200, a spoofing vulnerability in Microsoft Office; CVE-2024-38109, an EoP vulnerability in Azure Health Bot; and CVE-2024-38206, an information disclosure flaw in Microsoft Copilot Studio.  Scott Caveza, Staff Research Engineer at Tenable, highlights the urgency of addressing these vulnerabilities. He points out that CVE-2024-38202 and CVE-2024-21302, if exploited together, could allow attackers to reverse software updates and undo previous fixes, thus broadening the attack surface. Additionally, CVE-2024-38200 could expose NTLM hashes to remote attackers, potentially facilitating further attacks like NTLM relay or pass-the-hash, which have been previously used by threat actors such as APT28. Caveza emphasizes the importance of addressing EoP vulnerabilities, which attackers commonly exploit to escalate privileges within a network. "With numerous zero-days in this Patch Tuesday release, prioritizing remediation of these vulnerabilities is crucial," he adds. Caveza also highlights two critical vulnerabilities uncovered by Tenable Research. CVE-2024-38206, discovered by Tenable researcher Evan Grant, impacts Microsoft Copilot Studio and allows authenticated attackers to bypass server-side request forgery (SSRF) protections, potentially leaking sensitive information; Microsoft has patched this issue. Additionally, CVE-2024-38109 is a critical elevation of privilege (EoP) vulnerability in Azure Health Bot with a CVSSv3 score of 9.1. This flaw could be exploited to escalate privileges, but users of Azure Health Bot need not take further action as the issue has been resolved in the update. Breakdown of Vulnerabilities in August 2024 Patch Tuesday The August 2024 Patch Tuesday update addresses a range of vulnerabilities categorized as follows: 36 are related to elevation of privileges, 28 involve remote code execution, 8 pertain to information disclosure, 7 are related to spoofing, 6 involve denial of service, 4 are security feature bypasses, and 1 is a tampering issue. This update includes several critical vulnerabilities affecting various Windows services and Microsoft applications.  Notable among these are CVE-2024-38109, which allows attackers with valid authentication to escalate privileges in Azure Health Bot; CVE-2024-38206, which enables authenticated attackers to bypass SSRF protections in Microsoft Copilot Studio; CVE-2024-38166, a cross-site scripting vulnerability in Microsoft Dynamics; CVE-2024-38140, which permits unauthenticated attackers to execute remote code via specially crafted packets in the Reliable Multicast Transport Driver (RMCAST); CVE-2024-38159 and CVE-2024-38160, which could lead to critical guest-to-host escapes through remote code execution in Windows Network Virtualization; CVE-2022-3775 and CVE-2023-40547, affecting secure boot features due to vulnerabilities in the Linux Shim bootloader; and CVE-2024-38063, which allows remote code execution through specially crafted IPv6 packets in Windows TCP/IP. Moreover, in this month’s Patch Tuesday update, several vulnerabilities have been publicly disclosed, including CVE-2024-21302, which is an elevation of privilege (EoP) flaw allowing attackers to replace Windows files with outdated versions. Another critical issue is CVE-2024-38199, affecting the deprecated Windows Line Printer Daemon (LPD) service; while its exploitation is considered unlikely due to LPD's obsolescence, it remains notable. Additionally, CVE-2024-38200 is a medium-severity spoofing vulnerability in Microsoft Office that impacts NTLM authentication.

 Identity Theft, Fraud, Scams

Orion SA recently disclosed to US regulators that it fell victim to a criminal wire fraud scheme resulting in a $60 million loss. The incident, possibly a BEC scam, involved fraudulent wire transfers to unknown third-party accounts by an employee.

 Malware and Vulnerabilities

During a recent security audit by Laburity researchers, an application with a vulnerability related to pfblockerNG was identified. Attempts using default credentials failed, but an exploit from exploit-db was unsuccessful.

 Malware and Vulnerabilities

A vulnerability in the Windows CLFS.sys driver, identified as CVE-2024-6768, allows an unprivileged user to crash the system, leading to a Blue Screen of Death. The flaw is due to improper input validation and affects Windows 10 and 11.

 Trends, Reports, Analysis

C-suite executives face the challenge of balancing technological innovation with cybersecurity resilience. A report by LevelBlue highlighted the complexities of their roles and the need for strategic cybersecurity approaches.

 Malware and Vulnerabilities

Microsoft released its August 2024 Patch Tuesday updates, fixing 89 vulnerabilities, including nine zero-days. Among these, six zero-days were actively exploited, while three others were publicly disclosed. A tenth zero-day still remains unpatched.

 Malware and Vulnerabilities

Promoted through Telegram and other underground forums, DeathGrip RaaS offers aspiring threat actors on the dark web sophisticated ransomware tools, including LockBit 3.0 and Chaos builders.

 New Cyber Technologies

The finalized post-quantum cryptography standards are Module-Lattice-Based Key-Encapsulation Mechanism Standard (FIPS 203), Module-Lattice-Based Digital Signature Standard (FIPS 204), and Stateless Hash-Based Digital Signature Standard (FIPS 205).

 Security Culture

DARPA has awarded $14 million to seven teams in the AI Cyber Challenge (AIxCC) at DEFCON 32. The competition aims to find a cyber reasoning system to identify and fix vulnerabilities in open-source software.

 Feed

The openscap project is a set of open source libraries that support the SCAP (Security Content Automation Protocol) set of standards from NIST. It supports CPE, CCE, CVE, CVSS, OVAL, and XCCDF.

 Feed

In K7 Ultimate Security versions prior to 17.0.2019, the driver file (K7RKScan.sys - this version 15.1.0.7) allows local users to cause a denial of service (BSOD) or possibly have unspecified other impact because of a null pointer dereference from IOCtl 0x222010 and 0x222014. At the same time, the drive is accessible to all users in the "Everyone" group.

 Feed

Debian Linux Security Advisory 5748-1 - Several vulnerabilities have been discovered in the FFmpeg multimedia framework, which could result in denial of service or potentially the execution of arbitrary code if malformed files/streams are processed.

 Feed

Red Hat Security Advisory 2024-5365-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and null pointer vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5364-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free, memory leak, and null pointer vulnerabilities.

 Feed

CVE-2024-6768 is a vulnerability in the Common Log File System (CLFS.sys) driver of Windows, caused by improper validation of specified quantities in input data. This flaw leads to an unrecoverable inconsistency, triggering the KeBugCheckEx function and resulting in a Blue Screen of Death (BSoD). The issue affects all   show more ...

versions of Windows 10 and Windows 11, Windows Server 2016, Server 2019 and Server 2022 despite having all updates applied. This Proof of Concept (PoC) shows that by crafting specific values within a .BLF file, an unprivileged user can induce a system crash.

 Feed

Ubuntu Security Notice 6959-1 - It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages.

 Feed

Red Hat Security Advisory 2024-5329-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5328-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5327-03 - An update for firefox is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5326-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5325-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5323-03 - An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include bypass, out of bounds read, and use-after-free vulnerabilities.

 Feed

Ubuntu Security Notice 6952-2 - Benedict Schlüter, Supraja Sridhara, Andrin Bertschi, and Shweta Shinde discovered that an untrusted hypervisor could inject malicious #VC interrupts and compromise the security guarantees of AMD SEV-SNP. This flaw is known as WeSee. A local attacker in control of the hypervisor could   show more ...

use this to expose sensitive information or possibly execute arbitrary code in the trusted execution environment. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Microsoft on Tuesday shipped fixes to address a total of 90 security flaws, including 10 zero-days, of which six have come under active exploitation in the wild. Of the 90 bugs, seven are rated Critical, 79 are rated Important, and one is rated Moderate in severity. This is also in addition to 36 vulnerabilities that the tech giant resolved in its Edge browser since last month. The Patch Tuesday

 Feed

Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an authentication bypass and create rogue administrative users. The vulnerability, tracked as CVE-2024-7593, has a CVSS score of 9.8 out of a maximum of 10.0. "Incorrect implementation of an authentication algorithm in Ivanti vTM other than versions 22.2R1 or 22.7R2

 Feed

The China-backed threat actor known as Earth Baku has diversified its targeting footprint beyond the Indo-Pacific region to include Europe, the Middle East, and Africa starting in late 2022. Newly targeted countries as part of the activity include Italy, Germany, the U.A.E., and Qatar, with suspected attacks also detected in Georgia and Romania. Governments, media and communications, telecoms,

 Feed

Monitoring evolving DDoS trends is essential for anticipating threats and adapting defensive strategies. The comprehensive Gcore Radar Report for the first half of 2024 provides detailed insights into DDoS attack data, showcasing changes in attack patterns and the broader landscape of cyber threats. Here, we share a selection of findings from the full report. Key Takeaways The number of DDoS

 Feed

A coalition of law enforcement agencies coordinated by the U.K. National Crime Agency (NCA) has led to the arrest and extradition of a Belarussian and Ukrainian dual-national believed to be associated with Russian-speaking cybercrime groups. Maksim Silnikau (aka Maksym Silnikov), 38, went by the online monikers J.P. Morgan, xxx, and lansky. He was extradited to the U.S. from Poland on August 9,

 Feed

Simply relying on traditional password security measures is no longer sufficient. When it comes to protecting your organization from credential-based attacks, it is essential to lock down the basics first. Securing your Active Directory should be a priority – it is like making sure a house has a locked front door before investing in a high-end alarm system. Once the fundamentals are covered,

 Feed

An ongoing social engineering campaign with alleged links to the Black Basta ransomware group has been linked to "multiple intrusion attempts" with the goal of conducting credential theft and deploying a malware dropper called SystemBC. "The initial lure being utilized by the threat actors remains the same: an email bomb followed by an attempt to call impacted users and offer a fake solution,"

 Guest blog

An investigation dating back almost ten years has seen the extradition this week to the United States of a man suspected to be the head of one the world's most prolific Russian-speaking cybercriminal gangs. The UK's National Crime Agency (NCA) says it has been investigating a cybercriminal using the online   show more ...

handle "J P Morgan" since 2015, alongside parallel investigations run by the United States FBI and Secret Service. Read more in my article on the Tripwire State of Security blog.

 deepfake

Scammers are once again using deepfake technology to dupe unwary internet Facebook and Instagram users into making unwise cryptocurrency investments. AI-generated videos promoting fraudulent cryptocurrency trading platform Immediate Edge have used deepfake footage of British Prime Minister Sir Keir Starmer and His   show more ...

Royal Highness Prince William to reach an estimated 890,000 people via Meta's social media platforms. Read more in my article on the Hot for Security blog.

 0 - CT - Cybersecurity Architecture - De

DevSecOps is a practice and methodology that seeks to make shifting left a reality by integrating security into every step of the software development lifecycle (SDLC).At its core, DevSecOps works to align security work, and in some cases, engineering and security roles that historically would be done separately,   show more ...

directly into the DevOps workfow.As a result, […] La entrada The enterprise guide toAI-powered DevSecOps se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada A complete guide toImplementingDevSecOps in AWS se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

If you’re reading this ebook, you’re well aware of how much more decentralized and complex software development has become over the last decade or two. You’re also aware that the speed in which organizations build and deploy modern applications exposes them and their users to a wide range of security and   show more ...

compliance risks. As a […] La entrada Definitive Guide to Secure Software Delivery se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Information S

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Disk Group Privilege Escalation se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - IA

Leveraging AI to Advance the DHS Mission Committed to safeguarding the American people, our homeland and our values, DHS continues to innovate in support of its missions.While it is now frequently in the news, the concept of AI has been around since the 1950s. Initially understood as a machine’s ability to perform   show more ...

tasks that would […] La entrada DEPARTMENT OF HOMELAND SECURITY ARTIFICIAL INTELLIGENCE ROADMAP 2024 se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Tools - DLP

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Data LossPrevention(DLP) se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

In the rapidly evolving landscape of cybersecurity, DevSecOps Security Architecture emerges as a critical framework that integrates security practices within the DevOps process, ensuring that security is a shared responsibility throughout the entire development lifecycle. This holistic approach encompasses various   show more ...

facets, including account security, application security, big data protection, and CAPTCHA security. By embedding security […] La entrada DevSecOps Security Architecture se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Tools - IAM - Ide

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Digital identity – Deutsche Bank Corporate Bank se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

It is a crucial guide designed to help organizations fortify their DevSecOps practices by implementing robust security measures across a wide array of tools and platforms. The document delivers comprehensive, actionable checklists tailored for technologies such as Apache, AWS, Docker, Git, and others. Central to its   show more ...

recommendations are strategies for enforcing encryption, like SSL/TLS, enhancing […] La entrada DevSecOps Security Architecture se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - Cybersecurity Architecture - De

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada The Six Pillars of DevSecOps:Collaboration andIntegration se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-08
Aggregator history
Wednesday, August 14
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober