Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Warren Sponholtz, Ve ...

 Business News

Warren Sponholtz has been appointed as Florida’s new Chief Information Officer (CIO). A native of Tallahassee and a United States Marine Corps veteran, Sponholtz brings with him a wealth of experience in managing IT systems across various state agencies, including the Florida Department of Transportation and the   show more ...

Florida Department of Environmental Protection (FDEP). Warren Sponholtz’s career in public service spans over two decades, with more than 22 years dedicated to enhancing the technological capabilities of Florida’s state government. Warren Sponholtz, Veteran Leader with Deep Roots in State IT Warren Sponholtz's tenure at FDEP, where he served as CIO for over a decade, is particularly noteworthy. During this time, Sponholtz was instrumental in driving the department's IT strategy, overseeing infrastructure improvements, project management, application development, and cybersecurity initiatives. His leadership helped FDEP achieve significant advancements in technology that improved the agency’s efficiency and service delivery. In addition to his role at FDEP, Sponholtz also served as the deputy state Chief Information Security Officer (CISO) for nearly two years, where he played a crucial part in strengthening the state's cybersecurity posture. His background as a U.S. Marine Corps veteran further complements his leadership abilities, providing him with a disciplined and strategic approach to managing complex IT environments. Vision for Florida’s IT Future As Florida’s new CIO, Sponholtz steps into a role that is pivotal for the state’s ongoing efforts to modernize its IT infrastructure and enhance cybersecurity measures. According to a statement from the Florida Department of Management Services (DMS), Sponholtz’s appointment is a critical step in ensuring that Florida remains at the forefront of technological innovation and security. As a Marine and former agency CIO, Warren Sponholtz brings the skills and experience to lead cybersecurity, data, and technology innovation. We are excited to have him as the State’s new Chief Information Officer," the DMS statement on LinkedIn read. Sponholtz’s new role will see him driving value for both state and local governments through a range of initiatives focused on modernizing IT systems. His priorities include ensuring that data can be shared seamlessly across different government agencies, strengthening Florida’s cybersecurity defenses, and fostering partnerships that will enable the state to tackle complex challenges effectively. A Strategic Vision for IT Modernization Sponholtz’s appointment comes at a time when the state of Florida is placing increased emphasis on the modernization of its IT infrastructure. This modernization effort is essential not only for improving the efficiency of government services but also for enhancing the security and resilience of the state’s digital assets. One of the key aspects of Sponholtz’s strategy as State CIO will be the seamless integration and sharing of data across various state agencies. This will require the development and implementation of new technologies and platforms that can support the state’s growing data needs while ensuring that information remains secure and accessible to authorized users. Sponholtz is also expected to prioritize the strengthening of Florida’s cybersecurity defenses, a critical need in light of the increasing frequency and sophistication of cyberattacks targeting government entities. His experience as deputy state CISO will be invaluable in this regard, as he has a deep understanding of the threats facing state IT systems and the measures needed to mitigate them. Building Partnerships and Strengthening Community In addition to his technical expertise, Sponholtz is known for his ability to build strong partnerships and foster a collaborative IT community. His leadership style is characterized by a focus on improving organizational effectiveness and setting a strategic vision that aligns with the core mission of the organizations he serves. As Florida’s CIO, Sponholtz will be working closely with various state agencies, local governments, and private sector partners to create a more efficient, secure, and innovative government for the people of Florida. His ability to bring together diverse stakeholders and leverage their collective expertise will be critical in driving the state’s IT agenda forward. A Commitment to Service and Innovation Warren Sponholtz’s appointment as Florida’s Chief Information Officer marks the beginning of a new chapter in the state’s IT journey. His extensive experience, proven leadership, and commitment to public service make him the ideal candidate to lead Florida’s efforts in modernizing its IT infrastructure and strengthening its cybersecurity defenses. In his new role, Sponholtz will be tasked with ensuring that Florida’s IT systems are not only capable of meeting the current needs of state and local governments but are also adaptable to future challenges. His focus on fostering partnerships, improving data sharing, and enhancing cybersecurity will be key to achieving these goals. As Florida continues to evolve in the digital age, Sponholtz’s leadership will be instrumental in creating a government that is more responsive, secure, and innovative. His appointment is a testament to the state’s commitment to leveraging technology to better serve its citizens and ensure a resilient, forward-looking IT landscape.

image for CEO Playbook: Effect ...

 Firewall Daily

As the frequency and sophistication of data breaches continue to rise, the need for companies to protect sensitive data and proprietary information becomes increasingly pressing. This reality has highlighted the growing significance of threat library management strategies—a critical process for security   show more ...

professionals to develop and manage a comprehensive threat library, enabling real-time decision-making and effective risk management. The Breach Level Index highlights that approximately 5 million records are compromised or stolen daily. In 2024, the global average cost of a data breach has surged to $4.88 million, marking a 10% increase from the previous year. Such statistics emphasize the urgent need for robust threat intelligence strategies and proactive threat management strategies. Traditionally, organizations have focused on securing their systems and applications post-deployment. This reactive approach, however, places them at a disadvantage, as attackers need only identify a single weak point to exploit. In contrast, security professionals are tasked with defending against thousands of of threat-types from diverse and often sophisticated threat actors (TA). By integrating threat library management strategies, organizations can transform their security approach from a reactive stance to a proactive strategy, addressing potential threats from the design phase through production. This shift is critical for enhancing the overall security posture and mitigating risks before they manifest. Getting Started with Threat Library Management Strategies: CEO Approach to Threat Intelligence Threat library management strategies are an essential practice for C-suite professionals like CEOs, CTOs, CISOs, and information security teams. It involves identifying both internal and external threats to networks, software, and applications, and devising countermeasures to mitigate these threats. The process offers numerous benefits, including significant cost savings, improved threat classification and prioritization, and actionable insights for key stakeholders across the organization. However, to implement these threat library management strategies, a CEO must take charge and implement robust threat intelligence strategies throughout the operations, ensuring cybersecurity hygiene at all levels. As Forbes aptly notes, "The escalating frequency and severity of cyberattacks has made it clear that organizations must fortify their defenses to safeguard sensitive information and maintain the trust of customers and stakeholders. While many companies have recognized the need to invest in cybersecurity technologies and hire dedicated professionals, the crucial role of the CEO in this realm is often overlooked." This highlights the importance of the CEO's involvement in cybersecurity initiatives. Effective cybersecurity leadership must start at the top, with the CEO playing a pivotal role in shaping the organization's security posture. The CEO is not merely a passive observer but an active participant in ensuring the protection of critical assets. By engaging directly in cybersecurity efforts, CEOs can establish a culture of vigilance and accountability throughout the organization. The impact of cybersecurity incidents on CEO leadership is important. For instance, the high-profile data breach at Target led to the resignation of CEO Gregg Steinhafel, illustrating the severe repercussions a cybersecurity failure can have on a CEO's reputation and leadership. A strong cybersecurity posture brings several advantages, including protecting the company's brand reputation, ensuring customer trust, and maintaining a competitive edge. The 2017 Equifax breach highlights the potential fallout from inadequate security practices. By prioritizing cybersecurity, CEOs can guide their organizations away from such damaging outcomes. Remaining well-informed about the latest cyber threats and trends is essential for CEOs. Engaging with cybersecurity thought leaders, subscribing to industry publications, and participating in cybersecurity forums and social media groups can help CEOs protect their organizations from online threats. Good leadership involves recognizing that no one can tackle cybersecurity challenges alone. CEOs should actively engage with cybersecurity experts both within and outside their organizations. Collaborating with the Chief Information Security Officer (CISO) or external cybersecurity consultants allows CEOs to gain valuable insights into the current threat landscape and evaluate the organization's security posture. Creating a cybersecurity-focused culture within the C-suite encourages collaboration among executives and ensures that cybersecurity is integrated into strategic decision-making processes. CEOs must lead by example, demonstrating their commitment to cybersecurity through personal adherence to best practices such as good password hygiene, multi-factor authentication, and compliance with cybersecurity policies. When employees observe CEOs prioritizing cybersecurity, it reinforces the importance of these measures across the organization. CEOs must recognize that cybersecurity is not solely the responsibility of IT professionals but a strategic imperative requiring their direct involvement. By becoming knowledgeable about cybersecurity, CEOs can better protect their organizations from cyber threats, foster a culture of security, and drive business success. Robust Threat Intelligence Strategies: CEO Approach to Threat Libraries To effectively manage and mitigate cybersecurity risks, CEOs need to understand the development of threat library management strategies. The initial step in threat library management strategies is to establish a comprehensive threat library. Understanding which threats are relevant to a system and the potential impact of each threat is crucial for achieving a high level of security at a reasonable cost. While public threat libraries are available, each organization must create a customized threat library tailored to its unique applications, requirements, and targeted threats. This bespoke approach ensures that the threat library accurately reflects the specific risks facing the organization. The first step in building a threat library involves creating a threat model template. This template should consistently define threat properties, detailing how a threat could be executed, profiling hypothetical attackers, and assessing their skill levels and motivations. It should also include a risk assessment of the threat, its potential impact, and the security controls that can be implemented to mitigate it. Once the threat model template is complete, threats should be classified based on risk and impact assessments. This classification allows organizations to prioritize efforts, focusing on the highest-risk areas to maximize the return on investment and the effective use of resources. After constructing the threat library, organizations can focus on developing scalable, actionable initiatives applicable to all applications throughout the organization. An organized, indexed, and centralized repository of threat information keeps key stakeholders informed and updated on potential threats and the status of security efforts. A comprehensive threat intelligence framework is essential for addressing potential system threats. This framework involves combining technology, processes, and human expertise to gather, analyze, and act on threat intelligence. By continuously interpreting data about potential cyber adversaries and their tactics, organizations can anticipate and mitigate threats before they escalate. The increasing frequency and sophistication of cyberattacks highlight the necessity of a robust cyber threat intelligence framework. Without it, organizations often find themselves reacting to breaches and vulnerabilities, leading to immediate financial losses, eroded customer trust, and reputational damage. The repercussions of neglecting a proactive approach can be severe, including financial damages, lawsuits, fines, and even the risk of going out of business. Implementing a threat library involves a comprehensive multi-step process. It begins with the identification of potential threat vectors, such as phishing campaigns, malware distribution, and insider threats. Next, actionable data is gathered through open-source intelligence tools, industry feeds, and proprietary platforms. This data is then analyzed to identify patterns and anomalies, converting raw information into actionable insights. Based on this analysis, organizations formulate strategies by developing countermeasures and incident response plans. The next step is the implementation of these security strategies, which includes patching vulnerabilities and deploying advanced security technologies. Finally, continuous monitoring and improvement are crucial, requiring regular updates to the threat intelligence framework to adapt to new threats and changes in the threat landscape. Integrating solutions like Cyble, which provides real-time protection against website spoofing and brandjacking, further enhances cybersecurity and threat management. Conclusion Building a robust threat library is crucial for effective threat library management strategies. CEOs must actively engage in developing and maintaining this library, leveraging their position to embed cybersecurity as a fundamental priority throughout the organization. By adopting best practices for threat library management and staying informed about emerging threats, CEOs can guide their companies in enhancing their defenses and protecting critical assets. A proactive approach to threat modeling and intelligence will better position organizations for long-term success in an increasingly digital world. To further strengthen your cybersecurity efforts and effectively manage potential threats, check how Cyble’s award-winning AI-powered solutions can elevate your threat intelligence strategy. Contact Cyble to discover how advanced technology can seamlessly integrate with your existing security tools, providing you with enhanced protection against cyber threats. Schedule a Demo Today!

image for World’s largest Oi ...

 Cybersecurity News

One of the world's largest oilfield services firms, Halliburton, has reportedly been struck by a cyberattack that has disrupted its operations in the United States. The alleged Halliburton cyberattack has raised concerns about the vulnerability of critical infrastructure to cyber threats. The cyberattack on   show more ...

Halliburton appears to have impacted business operations at Halliburton's north Houston campus, as well as some global connectivity networks. A person familiar with the matter told Reuters that the company has asked some staff to refrain from connecting to internal networks. While the exact details including nature of cyberattack, name of threat actor, extent of damage, affected parties etc remains unclear, it has caused significant disruptions to the company's operations. Halliburton's Vague Response Halliburton has acknowledged the incident, stating that it is aware of an issue affecting certain company systems and is working diligently to assess the cause and potential impact. “We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact,” a Halliburton spokesperson said in an emailed statement to Reuters. The company has also confirmed that it is working with leading external experts to resolve the issue. “We have activated our pre-planned response plan and are working internally and with leading experts to remediate the issue.” Despite the tacit confirmation by Halliburton, the official website of the targeted company remains fully functional. This discrepancy has raised doubts about the authenticity of a cyberattack. To ascertain the veracity of the claims, The Cyber Express has reached out to the officials of Halliburton. As of the writing of this news report, no response has been received, leaving the cyberattack claim unverified. Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe. It had nearly 48,000 employees and operated in more than 70 countries at the end of last year. Implications of Alleged Attack on Halliburton The impact of the alleged Halliburton cyberattack is likely to be felt throughout the energy industry. The company's services are used by major oil and gas producers around the world, and any disruption to its operations could have a ripple effect on the global energy market. In addition to the potential economic consequences, the attack also raises concerns about national security. Halliburton's services are used by the U.S. military, and a successful cyberattack on the company could have serious implications for national defense. Previous Instances of Cyberattacks on Energy Sector This is not the first time the energy sector has been targeted by cyberattacks. In 2021, the Colonial Pipeline, a major fuel supply line in the United States, was hit by a ransomware attack that caused a days-long shutdown. The attack led to fuel shortages and price spikes, creating a major political headache for the Biden administration. That breach, which the FBI attributed to a gang called DarkSide, led to a spike in gasoline prices, panic buying and localized fuel shortages. The Energy Department and the American Petroleum Institute are yet to comment on the alleged attack, leaving the industry on high alert as details continue to emerge. The alleged attack on Halliburton highlights the growing threat posed by cybercriminals to critical infrastructure. As the world becomes increasingly interconnected, it is becoming increasingly difficult to protect essential services from cyberattacks. The Need for Enhanced Cybersecurity Companies in this industry must invest in robust security systems and train their employees to be aware of the latest cyber threats. The government must also play a role in protecting critical infrastructure from cyberattacks. This could include providing financial assistance to companies to help them improve their cybersecurity, as well as developing new regulations to strengthen the security of critical infrastructure.

image for Tech Giants, Google ...

 Cybersecurity News

Google and Australia’s Commonwealth Scientific and Industrial Research Organisation (CSIRO) have announced a strategic partnership to develop advanced software that can automatically detect and repair network vulnerabilities for operators of critical infrastructure. This collaboration seeks to address the growing   show more ...

threat of cyberattacks that have increasingly targeted essential services, including hospitals, defense bodies, and energy suppliers. A Proactive Response to Escalating Cyber Threats With cyberattacks on the rise globally, the need for strong cybersecurity measures has never been more critical. In Australia, recent breaches have exposed the personal information of nearly half of the country’s 26 million residents, prompting the government to impose stricter requirements on critical infrastructure operators. These regulations mandate the reporting and prevention of cyberattacks, placing significant pressure on organizations to enhance their security protocols. Recognizing the urgency of the situation, Google and CSIRO have come together to create software tailored to the specific needs of Australia’s critical infrastructure. This software will not only be aligned with Australia’s regulatory environment but will also incorporate cutting-edge technology to address the unique challenges faced by these organizations. Leveraging Google Expertise in Cybersecurity Google’s involvement in this project is part of a broader commitment the tech giant made in 2021 to invest A$1 billion (approximately $675 million) in Australia over five years. This investment comes at a time when Australia has been tightening regulations on global tech firms, a move that has, in the past, strained relationships with some of the world’s largest technology companies. Stefan Avgoustakis, head of security practice for Google Cloud in Australia and New Zealand, emphasized the importance of this collaboration. Software supply chain vulnerabilities are a global issue, and Australia has led the way in legislative measures to control and combat the risks," Avgoustakis stated. By partnering with CSIRO, Google aims to leverage its existing open-source vulnerability database and cloud storage technology to create a solution that is both effective and compliant with local regulations. Google’s track record in providing cybersecurity services is well-established, including its involvement in a $9 billion contract with the U.S. Department of Defense to supply cybersecurity services. This experience will be instrumental in developing a solution that meets the high standards required for protecting Australia’s critical infrastructure. CSIRO Role in Advancing Cybersecurity Research CSIRO, Australia’s national science agency, brings its extensive research expertise to the table. The organization has a long history of pioneering technological advancements, and its involvement in this project underscores its commitment to addressing the nation’s most pressing challenges. Ejaz Ahmed, CSIRO’s project lead, highlighted the importance of developing locally aligned cybersecurity solutions. "Locally developed cybersecurity software will be better aligned with local regulations, promoting greater compliance and trustworthiness," Ahmed said. This alignment with local laws is crucial in ensuring that the software not only meets regulatory requirements but also gains the trust of the organizations that will rely on it. The collaboration between Google and CSIRO is expected to result in software that is not only highly effective at detecting and fixing vulnerabilities but also easy to use. The project’s findings will be made publicly available, providing operators of critical infrastructure with the tools and information they need to enhance their cybersecurity measures. A Global Issue with Local Implications The partnership between Google and CSIRO highlights the global nature of cybersecurity threats and the need for localized solutions. While software supply chain vulnerabilities are a worldwide issue, the collaboration aims to develop a solution that specifically addresses the unique challenges faced by Australian critical infrastructure operators. Australia’s leadership in implementing legislative measures to control and combat cybersecurity risks has set a precedent for other nations to follow. The country’s proactive approach to cybersecurity regulation, combined with the expertise of Google and CSIRO, positions this partnership as a potential model for similar initiatives around the world. The Road Ahead As cyber threats continue to evolve, the need for innovative and effective cybersecurity solutions becomes increasingly important. The partnership between Google and CSIRO represents a significant step forward in protecting Australia’s critical infrastructure from the growing threat of cyberattacks. By combining Google’s technological expertise with CSIRO’s research capabilities, the project aims to deliver a solution that not only meets the immediate needs of Australia’s critical infrastructure but also sets a new standard for cybersecurity practices worldwide. In the coming months, the progress of this collaboration will be closely watched by both the cybersecurity community and critical infrastructure operators. The success of this project could pave the way for future partnerships and innovations, helping to ensure that critical services remain secure in the face of ever-changing cyber threats.

image for Fidelity Bank Data B ...

 Press Release

The controversy surrounding Fidelity Bank Data Breach has gone a notch higher with the Nigerian bank rejections all allegations of privacy violations. The institution, a tier-2 bank with a market capitalization of ₦323billion ($205 million), has vehemently denied allegations of a data breach and has disputed the   show more ...

₦555.8 million fine imposed on it by the Nigerian Data Protection Commission (NDPC). The bank maintains that it has not violated any data protection laws and that the NDPC's allegations are unfounded. The dispute arose after a customer claimed in April 2023 that Fidelity Bank had used their personal information without consent to open an account. The NDPC, upon investigating the matter, found evidence to support the customer's claim and issued the fine. However, Fidelity Bank has contested the NDPC's findings, asserting that an internal investigation revealed no evidence of a data breach and that the account opening process was not completed due to missing documentation. NDPC's Perspective on Data Breach In a statement issued by Babatunde Bamigboye, Head of Legal, Enforcement, and Regulations, NDPC, on August 21, 2024, the commission said that it discovered that the bank processed personal data without obtaining informed consent from data subjects. These breaches were found to involve tools such as cookies and the bank’s mobile app, which had been downloaded over one million times. [caption id="attachment_87489" align="alignnone" width="772"] Source: X[/caption] In addition to its non-compliance, Fidelity Bank was found to be relying on third-party data processors that were also not compliant with the regulations. Under the law, organizations are not only required to be compliant but must also ensure that their vendors, agents, and contractors adhere to the same standards when handling personal data. The Commission’s initial decision was issued in July 2023, followed by a directive in December 2023 to pay a remedial fee. Despite over ten correspondences and repeated warnings, the bank failed to present a satisfactory remedial plan. Fidelity Bank's Response Reacting to this, Fidelity Bank strongly denied the allegations of a data breach. In a statement released on its website, the bank emphasized that it took data privacy and protection very seriously and had implemented robust security measures to safeguard customer information. “On May 2nd 2023, we responded to the NDPC that the bank did not violate any law because there was no data breach and that the account opening process was not completed. On our part, we carried out due diligence by immediately blocking the account and subsequently closing the account when we did not receive the outstanding documents. At no point in the process was the account ever operational,” the bank said. “As a Bank, we remain in discussions with the NDPC over an amicable resolution to this matter,” it added in its statement. [caption id="attachment_87491" align="alignnone" width="1781"] Fidelity Bank's Statement on its Website[/caption] Implications of the Dispute The dispute between Fidelity Bank and the NDPC has significant implications for the banking industry in Nigeria. If the bank is found guilty of violating data protection laws, it could face additional penalties and damage to its reputation. Moreover, the outcome of this case could set a precedent for other financial institutions facing similar allegations. Other banks may be more cautious about their data handling practices to avoid facing similar legal challenges. The dispute also highlights the growing importance of data privacy and protection in Nigeria. As the country's digital economy continues to expand, it is essential for organizations to prioritize data security and comply with relevant regulations. Conclusion The dispute between Fidelity Bank and the NDPC over data breach allegations is a significant development in the Nigerian banking industry. The outcome of this case will have implications for the future of data privacy and protection in the country. It is essential for all organizations, especially financial institutions, to prioritize data security and comply with relevant regulations to avoid facing similar legal challenges.

image for European Parliament ...

 Cybersecurity News

The European Parliament is under fire following a massive data breach affecting over 8,000 current and former employees. The European Parliament data breach, which occurred in the Parliament's recruitment platform, "PEOPLE," has prompted noyb, a privacy advocacy organization, to file two complaints with   show more ...

the European Data Protection Supervisor (EDPS). The complaints highlight violations of the EU General Data Protection Regulation (GDPR) and call for corrective action and potential fines to prevent future infractions. The European Parliament Data Breach and Its Implications In early May 2024, the European Parliament notified its staff of a significant data breach in its PEOPLE platform, which is used for recruitment purposes. The European Parliament data breach compromised sensitive personal data, including ID cards, passports, criminal record extracts, and residence documents. The breach also exposed highly sensitive information such as marriage certificates, which could reveal the sexual orientation of applicants. This incident has raised serious concerns about the Parliament’s ability to safeguard the personal data of its employees and applicants. The Parliament only became aware of the European Parliament data breach months after it occurred, and the exact cause remains unknown. This delay in detection has exacerbated concerns, especially given that the Parliament had been warned about vulnerabilities in its cybersecurity systems. According to noyb, the Parliament's failure to secure such critical data is a gross violation of the GDPR, particularly Articles 4(1)(c) and (f), which pertain to data minimization and the lawful processing of personal data, as well as Article 33(1), which mandates the timely notification of data breaches. Noyb’s Response and Legal Action Noyb has taken action in response to the European Parliament data breach, filing complaints with the EDPS on behalf of four Parliament employees. The organization argues that the Parliament's actions—or lack thereof—constitute clear violations of the GDPR. In particular, noyb has criticized the Parliament for retaining personal data far beyond what is necessary, a practice that contravenes the principle of data minimization outlined in Article 4(1)(c) of the GDPR. One of the complaints also highlights the Parliament’s refusal to honor an erasure request made by an individual who had not worked for the institution for several years. Despite the individual’s concerns following the breach, the Parliament cited a 10-year retention period as the reason for denying the request. Noyb has urged the EDPS to use its corrective powers to compel the Parliament to comply with GDPR regulations and has suggested the imposition of an administrative fine to deter future violations. Known Vulnerabilities and Repeated Cybersecurity Failures The European Parliament data breach is particularly concerning given the Parliament’s prior knowledge of its cybersecurity vulnerabilities. In November 2023, the Parliament’s IT department conducted a cybersecurity review that revealed the institution’s defenses were inadequate and did not meet industry standards. The review warned that existing measures were not fully aligned with the threat level posed by state-sponsored hackers. This data breach is just one in a series of cybersecurity incidents that have plagued EU institutions in recent years. In November 2022, Russian hacking groups targeted the Parliament’s website, and in autumn 2023, multiple European governments were similarly attacked. In February 2024, a separate breach occurred in the Parliament’s security and defense subcommittee, where Israeli spyware was found on the devices of two Members of the European Parliament (MEPs) and a staff member. Lorea Mendiguren, a Data Protection Lawyer at noyb, emphasized the gravity of the situation: “This breach comes after repeated cybersecurity incidents in EU institutions over the past year. The Parliament has an obligation to ensure proper security measures, given that its employees are likely targets for bad actors.” The Broader Implications of the European Parliament Data Breach The data breach not only exposes the Parliament’s failure to protect personal data but also raises broader concerns about the vulnerability of EU institutions to cyberattacks. Max Schrems, Chairman of noyb, expressed his concern at the ongoing cybersecurity issues within EU bodies: “As an EU citizen, it is worrying that EU institutions are still so vulnerable to attacks. Having such information floating around is not only frightening for the individuals affected, but it can also be used to influence democratic decisions.” The breach has also shed light on the Parliament’s data retention practices, which appear to be excessive. The GDPR mandates that personal data should only be retained for as long as necessary for the purposes for which it was collected. However, the Parliament’s 10-year retention period for recruitment files, which contain highly sensitive information, seems to violate this principle. Schrems noted, “The breach also shows that just getting rid of personal data in time could likely have limited the impact of the breach.” Moving Forward: The Role of the EDPS As the complaints move forward, all eyes are on the EDPS to see how it will respond to this significant data protection failure. Noyb has called on the EDPS to enforce compliance with the GDPR and to impose fines that reflect the seriousness of the violations. The outcome of this case could have far-reaching implications for how EU institutions handle personal data and address cybersecurity risks. For now, the European Parliament faces the challenge of rebuilding trust and implementing stronger security measures to prevent future breaches.

image for Equiniti Trust Compa ...

 Cybersecurity News

The U.S. Securities and Exchange Commission (SEC) has announced that Equiniti Trust Company LLC, formerly known as American Stock Transfer & Trust Company LLC (AST), has agreed to settle charges related to cybersecurity failures that led to the loss of over $6.6 million in client funds. Equiniti Trust   show more ...

Company's cybersecurity failure, which occurred in 2022 and 2023, highlights the growing threat of cyber intrusions and the critical need for robust security measures in financial institutions. The Incidents: A Breakdown of the Breaches According to the SEC’s findings, Equiniti Trust Company, a registered transfer agent based in New York, fell victim to two separate cyber intrusions, both of which exposed significant weaknesses in the company’s security protocols. 1. The 2022 Email Hijacking Incident: In September 2022, an unknown threat actor managed to hijack an ongoing email conversation between AST (as the company was then known) and a U.S.-based public issuer client. Posing as an employee of the issuer, the hacker instructed AST to issue millions of new shares of the issuer’s stock, liquidate them, and transfer the proceeds to an overseas bank account in Hong Kong. Unaware of the fraud, AST followed the instructions and transferred approximately $4.78 million. The company was able to recover only about $1 million of the stolen funds. 2. The 2023 Social Security Number Exploit: In April 2023, in an unrelated cyber intrusion, a different threat actor used stolen Social Security numbers to create fraudulent accounts with AST. These fake accounts were automatically linked to legitimate client accounts based solely on matching Social Security numbers, despite discrepancies in names and other personal information. This security loophole allowed the hacker to liquidate securities from the legitimate accounts, resulting in a theft of approximately $1.9 million. AST managed to recover about $1.6 million of the stolen funds. SEC Findings and Charges The SEC’s order highlights significant lapses in Equiniti’s cybersecurity protocols, which failed to prevent these breaches and protect client assets. The Commission determined that these failures constituted violations of Section 17A(d) of the Securities Exchange Act of 1934 and Rule 17Ad-12. Specifically, these regulations require registered transfer agents to maintain adequate safeguards to protect client funds and securities from theft, loss, or misuse. Monique C. Winkler, Director of the SEC’s San Francisco Regional Office, emphasized the seriousness of these violations: “American Stock Transfer failed to provide the safeguards necessary to protect its clients’ funds and securities from the types of cyber intrusions that have become a near-constant threat to companies and the markets. As threat actors become more sophisticated in the cyber space, transfer agents must act to implement and maintain effective safeguards and procedures around client assets.” Equiniti Trust Company Response and Settlement To resolve the charges, Equiniti Trust Company agreed to pay a civil penalty of $850,000. Additionally, the company consented to a cease-and-desist order and censure. While the company has reimbursed its clients for their losses, the incidents have cast a spotlight on the vulnerabilities in financial institutions' cybersecurity measures. Equiniti’s settlement with the SEC also underscores the broader implications of cybersecurity lapses in the financial sector. The SEC’s actions signal a stringent regulatory approach to ensuring that transfer agents and other financial institutions prioritize the protection of client assets in an increasingly complex and hostile cyber environment. The Importance of Strong Cybersecurity Measures The breaches experienced by Equiniti highlight a critical lesson for the financial industry: as cyber threats evolve, so too must the security measures employed to protect sensitive client information and assets. The sophistication of the threat actors in both incidents—whether through hijacking legitimate email communications or exploiting weaknesses in account linkage processes—demonstrates the need for constant vigilance and proactive security enhancements. Financial institutions, particularly those handling large volumes of sensitive data, must ensure that their cybersecurity frameworks are not only compliant with regulatory requirements but also resilient against the latest threats. This includes regular reviews and updates of security protocols, employee training to recognize potential phishing and social engineering attacks, and the implementation of multi-factor authentication (MFA) and other advanced security measures to protect against unauthorized access. A Warning for the Industry The SEC’s action against Equiniti Trust Company serves as a warning to other financial institutions about the consequences of inadequate cybersecurity practices. In the current landscape, where cyberattacks are increasingly sophisticated and frequent, regulators are likely to take a hard line on firms that fail to protect their clients’ assets. For Equiniti Trust Company, the settlement marks a significant financial and reputational cost, but it also provides an opportunity for the company to strengthen its defenses and restore confidence among its clients. Moving forward, the entire financial industry would do well to heed the lessons from these incidents and invest in the necessary safeguards to prevent similar breaches in the future. As cyber threats continue to grow, the responsibility lies with all financial institutions to ensure that their systems are secure, their staff is trained, and their clients' assets are protected against the ever-present risk of cyber intrusions.

image for Strengthening Cybers ...

 Firewall Daily

In response to the rise of cyberattacks targeting critical infrastructure worldwide, the Central Electricity Authority (CEA) of India has put forward new regulations aimed at protecting the cybersecurity of the country’s power sector.  These proposed regulations, encapsulated in the Central Electricity Authority   show more ...

(Cyber Security in Power Sector) Regulations, 2024, reflect a comprehensive effort to enhance the cyber resilience of India's electricity system. Scheduled for enforcement six months after their publication in the Official Gazette, these regulations mark a significant step towards safeguarding India's vital energy infrastructure. Central Electricity Authority (Cyber Security in Power Sector) Regulations The foundation for these Cyber Security in Power Sector regulations is laid under Section 177 of the Electricity Act of 2003, which mandates stringent cybersecurity measures across all segments of the electricity industry. The CEA’s proposed regulations highlight the critical need for enhanced cybersecurity in generating firms, transmission and distribution licensees, and other related entities. This comprehensive approach is a proactive measure against the rising tide of cyber threats that have increasingly targeted essential services globally. One of the cornerstone elements of the proposed regulations is the establishment of a dedicated Computer Security Incident Response Team (CSIRT) specifically for the power sector. This team will be pivotal in developing security frameworks, coordinating sector-wide defense strategies, and managing incident response and recovery.  It will also be responsible for the creation of Standard Operating Procedures (SOPs), security policies, and best practices for incident response in collaboration with national cybersecurity bodies like CERT-In and NCIIPC. Chief Information Security Officer (CISO) Mandate The regulations stipulate that every organization within the power sector must designate a Chief Information Security Officer (CISO) and an alternate CISO. These senior roles must be filled by Indian nationals, ensuring that cybersecurity efforts are led by individuals with a deep understanding of local and sector-specific challenges. The CISO will report directly to the top executives of their respective organizations, emphasizing the strategic importance of cybersecurity in protecting national energy assets. Cyber Crisis Management Plans (CCMPs) Each organization is required to develop and maintain a Cyber Crisis Management Plan (CCMP). These plans, crucial for managing and coordinating responses to cyber incidents, must be approved by the organization’s highest management levels. The CCMPs will outline procedures for rapid identification, information exchange, and remediation of cyber threats impacting critical processes. The regulations outline the necessity for sophisticated security technologies, including firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to detect and mitigate abnormal behaviors. Additionally, mandatory cybersecurity training for all personnel involved in the operation and maintenance of IT and operational technology (OT) systems is emphasized to ensure a well-informed and prepared workforce. A new feature in the draft regulations is the implementation of a 'Trusted Vendor System.' This system requires that all ICT-based equipment and services be procured from verified and trusted sources. This precaution aims to prevent malware infections and maintain the integrity of the power supply system. Public Consultation and Implementation Timeline The draft regulations have been made available for public review and feedback on the CEA’s website and at the Chief Engineer (Legal) office in New Delhi. Stakeholders and the general public are invited to submit their comments by September 10, 2024. The regulations will come into force six months following their publication in the Official Gazette, with some provisions potentially being enacted sooner. Chapter I of the Central Electricity Authority (Cyber Security in Power Sector) Regulations, 2024, outlines the official title and implementation timeline for these regulations, which will take effect six months after their official publication. There may be varying commencement dates for specific regulations within this framework. Chapter II establishes the role of the Computer Security Incident Response Team (CSIRT) - Power, tasked with crucial functions including the collection and analysis of data to bolster cybersecurity and prevent cyber intrusions.  The CSIRT-Power is also responsible for developing and maintaining cybersecurity frameworks, managing incident responses in collaboration with national agencies such as CERT-In and NCIIPC, and fostering cybersecurity research through partnerships with academic institutions. Chapter III details the general cybersecurity requirements for organizations, mandating the appointment of Chief Information Security Officers (CISO) and alternate CISOs, who must be senior management employees and Indian nationals. These roles are crucial for overseeing cybersecurity initiatives and reporting to the top leadership of the organization.  The regulations require entities to maintain comprehensive cybersecurity policies and a Cyber Crisis Management Plan (CCMP), both of which must be approved by the board or head of the organization. Security measures include deploying advanced firewalls, intrusion detection and prevention systems, and ensuring that all IT and operational technology (OT) personnel undergo mandatory cybersecurity training.  Regular audits and assessments are mandated to ensure ongoing compliance. Additionally, the introduction of a Trusted Vendor System aims to safeguard the power sector by ensuring that all ICT equipment and services are procured from verified and trustworthy sources, thereby mitigating supply chain risks. Cybersecurity Program Overview The regulations mandate a comprehensive cybersecurity program, encompassing several key areas. They require ongoing cybersecurity awareness and training through regular programs, mock drills, and campaigns to keep personnel updated on risks and best practices. Incident reporting and secure data backups are essential, along with routine audits of IT and OT systems to detect and resolve vulnerabilities.  The Information Security Division (ISD), headed by the Chief Information Security Officer (CISO), must operate 24/7 with adequate resources and necessary certifications. The CISO and Alternate CISO are crucial for managing the cybersecurity framework and liaising with authorities, both needing substantial IT and cybersecurity experience. The regulations also outline strict implementation and compliance measures, including regular self-audits, third-party audits, and adherence to cybersecurity standards.

image for Researchers Uncover ...

 Cybersecurity News

Security researchers have discovered a widespread hardware backdoor in the FM11RF08S variant of the MIFARE Classic RFID smart cards manufactured by the Chinese chip company Shanghai Fudan Microelectronics. The backdoor allows instantaneous cloning of the cards, posing a major security risk for businesses and consumers   show more ...

using the affected cards. The variant had been released around 2020 and touted as resistant to all known 'card-only' attacks - attacks that can be carried out on the card itself without access to its reader. Backdoor in Chinese FM11RF08S Smart Cards Through empirical research, the researchers from Quarkslab found a hardware backdoor that enables any entity with knowledge of it to compromise all user-defined keys on these cards without prior knowledge simply by accessing the card for a few minutes. The backdoor was discovered during an investigation into the card's security features. The researchers successfully cracked the secret key, revealing that it is the same across all FM11RF08S cards. In the study, detailed in a research paper, they described steps to to successfully crack the sector keys of these cards within minutes if the same keys were reused across at least three sectors or cards. The FM11RF08S had earlier been introduced as a more secure alternative, featuring a countermeasure called 'static encrypted nonce' designed to thwart card-only attacks. The finding has significant implications for users, as it allows attackers to dump and clone these cards, even if all their keys are properly diversified. The presence of the backdoor raises several questions, particularly given that it is not limited to the Chinese market. In fact, the researchers found these cards in numerous hotels across the U.S., Europe, and India. MIFARE Classic's Legacy In addition, the researchers uncovered another hardware backdoor key that was common across several older MIFARE Classic card models from various manufacturers, including NXP and Infineon. The MIFARE Classic card standard, developed and licensed by NXP, has long been known to be insecure, with numerous attacks demonstrated over the years. However, the cards remain widely used due to business inertia and the high cost of migrating to newer, more secure systems. The researchers emphasize that migrating to more robust alternatives is crucial to ensure the security of RFID-based systems. Consumers should check their RFID infrastructure and assess such potential risks, the researchers advised, as many could be unaware that the MIFARE Classic cards they had deployed within sensitive environments could be the Fudan FM11RF08 or FM11RF08S. However, the researchers warned that most RFID cards could be susceptible to recovery-based attacks if an attacker has access to matching readers, stating that while there were many more robust alternatives on the market, they could cannot guarantee the absence of hardware backdoors.

image for ACSC, CISA, FBI and ...

 Firewall Daily

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC), in collaboration with the United States Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), and several international partners released a new guide   show more ...

titled "Best Practices for Event Logging and Threat Detection," which aims to help organizations establish a robust baseline for event logging to counteract the rise of malicious cyber threats. According to CISA, the prevalence of sophisticated attacks such as Living Off the Land (LOTL) techniques and fileless malware highlights the critical need for effective event logging. LOTL techniques involve using existing tools and processes within the system to carry out malicious activities, making them particularly challenging to detect. To address these threats, the newly released guide focuses on enhancing event logging strategies and threat detection capabilities. Importance of Event Logging and Threat Detection Event logging is essential for maintaining operational continuity and enhancing the security and resilience of critical systems. By improving network visibility through comprehensive event logging, organizations can better identify and respond to potential security incidents, including those involving LOTL techniques. The "Best Practices for Event Logging and Threat Detection" guide, crafted through a collaborative effort of prominent global cybersecurity agencies, outlines essential strategies for enhancing event logging practices.  This guide was developed by key organizations, including CISA, FBI, and NSA from the United States; the National Cyber Security Centre (NCSC-UK) from the United Kingdom; the Canadian Centre for Cyber Security (CCCS); New Zealand’s National Cyber Security Centre (NCSC-NZ) and CERT NZ; Japan's National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and JPCERT/CC; South Korea's National Intelligence Services (NIS) and NIS’s National Cyber Security Center (NCSC-Korea); Singapore's Cyber Security Agency (CSA); and the Netherlands’ General Intelligence and Security Service (AIVD) and Military Intelligence and Security Service (MIVD). The guide highlights several key objectives for effective event-logging solutions. It advocates for generating alerts for significant cybersecurity events, such as critical software changes or new deployments, to aid network defenders. It also stresses the importance of detecting potential incidents, including those involving Living Off the Land (LOTL) techniques and lateral movements within networks.  Additionally, the guide highlights the need for effective incident response by providing detailed insights into compromises, ensuring policy compliance, managing alerts to reduce noise and associated costs, and optimizing logs and logging platforms for enhanced usability and analytical performance. Best Practices for Event Logging and Threat Detection Effective event logging and threat detection are crucial for safeguarding organizational systems against cyber threats. Implementing best practices in these areas can significantly enhance an organization's ability to detect and respond to malicious activities.  Several key practices are essential for effective event logging and threat detection. First, developing a comprehensive enterprise-approved event logging policy is crucial for maintaining consistent and effective monitoring. This policy should clearly define the types of events to be logged, the facilities and methods for logging, and the procedures for monitoring these logs. It should also specify how long logs will be retained and establish regular intervals for reassessing and updating logging practices. A well-structured policy ensures that logging is thorough and uniform across the organization, which is vital for detecting and responding to security threats. Additionally, focusing on the quality of event logs is essential for accurate threat detection. High-quality logs capture relevant and actionable data, helping to distinguish true positives from false positives. For example, on Linux-based systems, logs should include common Living Off the Land (LOTL) binaries such as curl and systemctl, while on Windows systems, logs should cover tools like wmic.exe and PowerShell. High-quality logging improves the ability to detect subtle indicators of LOTL techniques and other sophisticated attacks. Event logs should also capture comprehensive details to support effective threat detection and incident response. According to the US Office of Management and Budget's M-21-31 guidelines, logs should include accurate timestamps, event types, device identifiers, source and destination IP addresses, status codes, response times, user IDs, and executed commands. Detailed logs provide a thorough view of system activities, which is crucial for identifying and analyzing potential security incidents. For Operational Technology (OT) environments, which often involve devices with limited logging capabilities, it is important to supplement logging with additional sensors or methods. Organizations should balance the volume of logged data with the performance constraints of OT devices, ensuring that critical events are captured without negatively impacting device functionality. Centralizing event logs from various systems facilitates better analysis and correlation. Employing structured log formats and maintaining consistent timestamping streamline log management, enabling more efficient data analysis and improving overall threat detection and response. Securing the storage and integrity of event logs is critical to prevent unauthorized access and tampering. Organizations should implement secure storage solutions and use robust transport mechanisms like Transport Layer Security (TLS) 1.3 to protect logs both in transit and at rest. Access to logs should be restricted to authorized personnel only, with measures in place to prevent unauthorized modifications or deletions. Timely ingestion of event logs is essential for early detection and response to cybersecurity events. Delays in log generation, collection, or ingestion can hinder the ability to identify and address security incidents promptly. Ensuring logs are ingested and analyzed promptly helps detect potential threats before they escalate. Lastly, developing a detection strategy for relevant threats by implementing user and entity behavior analytics can enhance threat detection. Comparing event logs against a baseline of normal behavior helps identify deviations that may indicate malicious activity. This approach is particularly useful for detecting anomalies and LOTL techniques, which often involve sophisticated methods to evade traditional security measures. Additional Resources and Recommendations Organizations seeking further guidance can refer to several valuable resources. The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) Information Security Manual (ISM) provides detailed recommendations on event log recording. CISA’s Guidance for Implementing M-21-31 offers insights on prioritizing log collection, while NIST’s Guide to OT Security outlines specific considerations for OT event logging.  For detection strategies, the MITRE ATT&CK framework offers useful use cases. Regularly reviewing and optimizing log storage capacities and retention periods is also recommended to support ongoing cybersecurity investigations and improve overall security posture. The "Best Practices for Event Logging and Threat Detection" guide represents a crucial step towards enhancing organizational cybersecurity. By following the recommended practices, organizations can improve their ability to detect and respond to cyber threats, including sophisticated LOTL techniques. Implementing these practices will not only help in mitigating current threats but also in building a more resilient cybersecurity posture for the future.

image for Improvements to our ...

 Business

We meticulously study the techniques most frequently used by attackers, and promptly refine or add detection logic to our SIEM system to identify those technics. Specifically, in the update to the Kaspersky Unified Monitoring and Analysis Platform released in the second quarter of 2024, we supplemented and expanded   show more ...

the logic for detecting the technique of disabling/modifying a local firewall (Impair Defenses: Disable or Modify System Firewall T1562.004 in the MITRE classification), which ranks among the top tactics, techniques, and procedures (TTPs) used by attackers. How attackers disable or modify a local firewall The T1562.004 technique allows attackers to bypass defenses and gain the ability to connect to C2 servers over the network or enable an atypical application to have basic network access. There are two common methods for modifying or disabling the host firewall: (i) using the netsh utility, or (ii) modifying the Windows registry settings. Here are examples of popular command lines used by attackers for these purposes: netsh firewall add allowedprogram netsh firewall set opmode mode=disable netsh advfirewall set currentprofile state off netsh advfirewall set allprofiles state off Example of a registry key and value added by attackers, allowing incoming UDP traffic for the application C:UsersAppDataLocalTempserver.exe: HKLMSYSTEMControlSet001servicesSharedAccessParametersFirewallPolicyFirewallRules Registry_value_name: {20E9A179-7502-465F-99C4-CC85D61E7B23} Registry_value:v2.10|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Public|App=C: UsersAppDataLocalTempserver.exe|Name=server.exe|} Another method attackers use to disable the Firewall is by stopping the mpssvc service. This is typically done with the net utility net stop mpssvc. net stop mpssvc How our SIEM solution detects T1562.004 This is achieved using the new R240 rule; in particular, by detecting and correlating the following events: Attacker stopping the local firewall service to bypass its restrictions Attacker disabling or modifying the local firewall policy to bypass it (configuring or disabling the firewall via netsh.exe) Attacker changing local firewall rules through the registry to bypass its restrictions (modifying rules through the Windows registry) Attacker disabling the local firewall through the registry Attacker manipulating the local firewall by modifying its policies With its latest update, the platform now offers more than 605 rules, including 474 containing direct detection logic. Weve also refined 20 existing rules by fixing or adjusting their conditions. Why we focus on the MITRE classification MITRE ATT&CK for Enterprise serves as the de facto industry standard guideline for classifying and describing cyberattacks and intrusions, and is made up of 201 techniques, 424 sub-techniques, and thousands of procedures. Therefore, when deciding how to further develop our SIEM platform — the Kaspersky Unified Monitoring and Analysis Platform — we rely, among other things, on the MITRE classification. As per our plan set out in a previous post, weve started labeling current rules in accordance with MITRE attack methods and tactics — aiming to expand the systems functionality and reflect the level of protection against known threats. This is important because it allows us to structure the detection logic and ensure that the rules are comprehensive — with no blind spots. We also rely on MITRE when developing OOTB (out-of-the-box) content for our SIEM platform. Currently, our solution covers 309 MITRE ATT&CK techniques and sub-techniques. Other additions and improvements to the SIEM system In addition to the detection logic for T1562.004 mentioned above, weve added normalizers to the Kaspersky Unified Monitoring and Analysis Platform SIEM system to support the following event sources: [OOTB] Microsoft Products, [OOTB] Microsoft Products for Kaspersky Unified Monitoring and Analysis Platform 3, [OOTB] Microsoft Products via KES WIN: normalizers to process some events from the Security and System logs of the Microsoft Windows Server operating system. The [OOTB] Microsoft Products via KES WIN normalizer supports a limited number of audit event types transmitted to KUMA KES WIN 12.6 through syslog. [OOTB] Extreme Networks Summit Wireless Controller: a normalizer for certain audit events from the Extreme Networks Summit wireless controller (model: WM3700, firmware version: 5.5.5.0-018R). [OOTB] Kaspersky Security for MS Exchange SQL: a normalizer for Kaspersky Security for Exchange (KSE) version 9.0 system events stored in the database. [OOTB] TIONIX VDI file: a normalizer supporting the processing of some TIONIX VDI (version 2.8) system events stored in the tionix_lntmov.log file. [OOTB] SolarWinds Dameware MRC xml: a normalizer supporting the processing of some Dameware Mini Remote Control (MRC) version 7.5 system events stored in the Windows Application log. The normalizer processes events created by the dwmrcs provider. [OOTB] H3C Routers syslog: a normalizer for certain types of events coming from H3C (Huawei-3Com) SR6600 network devices (Comware 7 firmware) through syslog. The normalizer supports the standard event format (RFC 3164-compliant format). [OOTB] Cisco WLC syslog: a normalizer for certain types of events coming from Cisco WLC network devices (2500 Series Wireless Controllers, 5500 Series Wireless Controllers, 8500 Series Wireless Controllers, Flex 7500 Series Wireless Controllers) through syslog. [OOTB] Huawei iManager 2000 file: a normalizer supporting the processing of some of the Huawei iManager 2000 system events stored in clientlogs pc and clientlogsdeployossDeployment files. Our experts have also refined the following normalizers: For Microsoft products: the redesigned Windows normalizer is now publicly available. For the PT NAD system: a new normalizer has been developed for PT NAD versions 11.1, 11.0. For UNIX-like operating systems: additional event types are now supported. For Check Point: improvements to the normalizer supporting Check Point R81. For the Citrix NetScaler system: additional events from Citrix ADC 5550 — NS13.0 are now supported. For FreeIPA: the redesigned normalizer is now publicly available. In total, we now support around 250 sources, and we keep expanding this list while improving the quality of each connector. The full list of supported event sources in the Kaspersky Unified Monitoring and Analysis Platform — version 3.2, can be found in the technical support section. Information on out-of-the-box correlation rules is also available there.

 Feed

This Metasploit module exploit a remote SQL injection vulnerability in the CBEC service of DIAEnergie versions 1.10 and below from Delta Electronics. The commands will get executed in the context of NT AUTHORITYSYSTEM.

 Feed

This Metasploit module exploits a remote code execution vulnerability in SPIP versions up to and including 4.2.12. The vulnerability occurs in SPIP's templating system where it incorrectly handles user-supplied input, allowing an attacker to inject and execute arbitrary PHP code. This can be achieved by crafting a   show more ...

payload manipulating the templating data processed by the echappe_retour() function, invoking traitements_previsu_php_modeles_eval(), which contains an eval() call.

 Feed

Ubuntu Security Notice 6972-2 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth   show more ...

subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

 Feed

Ubuntu Security Notice 6977-1 - It was discovered that QEMU did not properly handle certain memory operations, which could result in a buffer overflow. An attacker could potentially use this issue to cause a denial of service. It was discovered that QEMU did not properly handle certain memory operations, which could   show more ...

result in an out-of-bounds memory access. An attacker could potentially use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 6976-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth   show more ...

subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

 Feed

Ubuntu Security Notice 6973-1 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6972-1 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth   show more ...

subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

 Feed

Ubuntu Security Notice 6971-1 - It was discovered that the Option USB High Speed Mobile device driver in the Linux kernel did not properly handle error conditions. A physically proximate attacker could use this to cause a denial of service or possibly execute arbitrary code. A security issue was discovered in the Linux kernel. An attacker could possibly use this to compromise the system.

 Feed

Red Hat Security Advisory 2024-5444-03 - Red Hat OpenShift Container Platform release 4.13.48 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include code execution and memory exhaustion vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5442-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2024-5439-03 - Red Hat OpenShift Container Platform release 4.15.28 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2024-5436-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a memory exhaustion vulnerability.

 Feed

Red Hat Security Advisory 2024-5433-03 - Red Hat OpenShift Container Platform release 4.14.35 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and memory exhaustion vulnerabilities.

 Feed

Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under active exploitation in the wild. Tracked as CVE-2024-7971, the vulnerability has been described as a type confusion bug in the V8 JavaScript and WebAssembly engine. "Type confusion in V8 in Google Chrome prior to 128.0.6613.84 allowed a remote attacker to exploit heap

 Feed

Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit unauthenticated users to gain administrator privileges. "The plugin suffers from an unauthenticated privilege escalation vulnerability which allows any unauthenticated visitor to gain Administrator level access after which malicious plugins could be uploaded and

 Feed

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges. The most severe of the shortcomings has been assigned the CVE identifier CVE-2024-6800, and carries a CVSS score of 9.5. "On GitHub Enterprise Server instances that use SAML single sign-on (SSO)

 Feed

Cybersecurity researchers have unpacked a new malware strain dubbed PG_MEM that's designed to mine cryptocurrency after brute-forcing their way into PostgreSQL database instances. "Brute-force attacks on Postgres involve repeatedly attempting to guess the database credentials until access is gained, exploiting weak passwords," Aqua security researcher Assaf Morag said in a technical report. "

 Feed

What is Continuous Attack Surface Penetration Testing or CASPT? Continuous Penetration Testing or Continuous Attack Surface Penetration Testing (CASPT) is an advanced security practice that involves the continuous, automated, and ongoing penetration testing services of an organization's digital assets to identify and mitigate security vulnerabilities. CASPT is designed for enterprises with an

 Feed

Cybersecurity researchers have uncovered a hardware backdoor within a particular model of MIFARE Classic contactless cards that could allow authentication with an unknown key and open hotel rooms and office doors. The attacks have been demonstrated against FM11RF08S, a new variant of MIFARE Classic that was released by Shanghai Fudan Microelectronics in 2020. "The FM11RF08S backdoor enables any

 Feed

SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote unauthenticated users to gain unauthorized access to susceptible instances. "The SolarWinds Web Help Desk (WHD) software is affected by a hardcoded credential vulnerability, allowing [a] remote unauthenticated user to access internal functionality and modify data," the company

 Feed

Details have emerged about a China-nexus threat group's exploitation of a recently disclosed, now-patched security flaw in Cisco switches as a zero-day to seize control of the appliance and evade detection. The activity, attributed to Velvet Ant, was observed early this year and involved the weaponization of CVE-2024-20399 (CVSS score: 6.0) to deliver bespoke malware and gain extensive control

 Feed

As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially susceptible to a configuration-based issue that could expose them to sidestep access controls and compromise applications. That's according to findings from Israeli cybersecurity company Miggo, which dubbed the problem ALBeast. "This vulnerability allows attackers to

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Endpoint Security , Internet of Things Security Wireless Gear Shifting System Is Vulnerable to Replay Attacks Anviksha More (AnvikshaMore) • August 21, 2024     These bicycles are close enough to hack. (Image: Shutterstock) Imagine cruising down a bike path and   show more ...

having the gears suddenly shift without warning. Security researchers […] La entrada Researchers Thrust a Virtual Stick Into the Bike Spokes – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cyber

Source: www.databreachtoday.com – Author: 1 Critical Infrastructure Security , Standards, Regulations & Compliance Federal Aviation Administration Seeks Public Input on New Cyber Rules for Airplanes Chris Riotta (@chrisriotta) • August 21, 2024     The U.S. Federal Aviation Administration said it   show more ...

doesn’t intend to substantially change aircraft cybersecurity requirements. (Image: Shutterstock) Airplanes are no different […] La entrada Are the New FAA Cyber Requirements for Future Planes Enough? – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Healthcare , Industry Specific Nearly 137,000 People Affected in 2023 Ransomware Attack on Maryland-Based Hospital Marianne Kolbasuk McGee (HealthInfoSec) • August 21, 2024     Berlin, Maryland-based Atlantic General Hospital   show more ...

has agreed to pay $2.25 million to settle a proposed class action lawsuit stemming from […] La entrada $2.25M Settlement Reached in Atlantic General Hack Lawsuit – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Black Hat , Cybercrime , Events Infoblox Researchers on Links Between Human Trafficking, Cybercrime and Gambling Michael Novinson (MichaelNovinson) • August 21, 2024     Renée Burton, vice president of threat intelligence, and Maël Le Touz, senior threat   show more ...

researcher, Infoblox Illegal gambling operations rely on cybercrime and human trafficking, and […] La entrada How Cybercrime Fuels Human Trafficking and Gambling Scams – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cryptography

Source: www.databreachtoday.com – Author: 1 Thank you for registering with ISMG Complete your profile and stay up to date Need help registering? Contact Support Original Post url: https://www.databreachtoday.com/webinars/post-quantum-cryptography-here-what-are-you-waiting-for-w-5787 Category & Tags:   show more ...

– Views: 0 La entrada Post-Quantum Cryptography Is Here: What Are You Waiting For? – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Professional Certifications & Continuous Training , Training & Security Leadership Why the Benefits Far Outweigh the Risks Brandy Harris • August 21, 2024     Image: Getty Images In today’s job market, providing employees with opportunities for   show more ...

education and development is not just a perk. It’s a strategic necessity. Gen […] La entrada The Strategic Need for Employee Training and Education – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Cybersecurity

The Digital Operational Resilience Act (DORA) is set to come into effect on January 17, 2025, aiming to enhance the operational resilience of financial entities, including Asset Management Companies (AMCs). The guide outlines essential requirements and best practices for compliance with DORA, focusing on several key   show more ...

areas: The guide serves as a comprehensive resource for […] La entrada Cybersecurity – DORA Practical Guide se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - CISO Strategics - Risk & Compli

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Cybersecurity Compliance Guide se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-08
Aggregator history
Thursday, August 22
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober