Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Critical Chrome Zero ...

 Firewall Daily

Google recently addressed a critical zero-day vulnerability in its Chrome browser, identified as CVE-2024-7965. This high-severity flaw, affecting versions of Chrome prior to 128.0.6613.84, has been actively exploited in the wild, urging users to update their browsers without delay. CVE-2024-7965 targets the V8   show more ...

JavaScript engine integral to Chrome. The zero-day vulnerability arises from a problematic implementation that allows attackers to exploit heap corruption via specially crafted HTML pages. With a CVSS score of 8.8, this flaw represents a severe risk, potentially compromising the confidentiality and integrity of affected systems. Google Addresses Critical Zero-Day Vulnerability (CVE-2024-7965) The issue was first reported by the security researcher known as “TheDog” on July 30, 2024. Since then, Google has released a patch in Chrome version 128.0.6613.84 for Linux and 128.0.6613.84/.85 for Windows and Mac to address this vulnerability. This latest update from Google highlights the urgency of applying the patch, especially as CVE-2024-7965 is actively exploited. Google has been vigilant in patching zero-day vulnerabilities, as evidenced by their previous work on CVE-2024-7971, another critical flaw related to a V8 JavaScript engine type confusion. To exploit CVE-2024-7965, an attacker would need user interaction, such as visiting a compromised webpage, potentially leading to unauthorized access or executing malicious code. For this reason, both organizations and individual users are strongly advised to prioritize updating their browsers to protect against potential data breaches and other security threats. This vulnerability is part of a broader set of security issues addressed in the most recent Chrome update. In total, the update includes 38 security fixes, with several high-severity vulnerabilities reported by external researchers. Google Fixes Multiple Critical Vulnerabilities  Google's swift action to address the critical Chrome zero-day vulnerability CVE-2024-7965 highlights the vital need for users to keep their software up-to-date. To protect against potential cyber threats, users should enable automatic updates or manually check for updates by going to the Chrome menu, selecting “Help,” and then “About Google Chrome” to confirm they are running the latest version. Throughout 2024, Google has patched several significant zero-day vulnerabilities in Chrome, reflecting ongoing efforts to bolster browser security. CVE-2024-0519, for example, involved an out-of-bounds memory access issue in the V8 JavaScript engine that could have led to arbitrary code execution. This flaw has been addressed with a newer version of Chrome. Another vulnerability, CVE-2024-2887, was a type confusion issue in the WebAssembly component, which could result in out-of-bounds memory access and arbitrary code execution. As demonstrated at Pwn2Own 2024, it was patched in subsequent updates. Similarly, CVE-2024-2886 involved a use-after-free condition in the WebCodecs component, which could also allow arbitrary code execution. This issue was fixed in newer updates following its highlight at Pwn2Own 2024. CVE-2024-3159, another out-of-bounds memory access flaw in the V8 JavaScript engine, and CVE-2024-4671, a use-after-free vulnerability in the Visuals component, were patched in recent Chrome updates. Additionally, CVE-2024-4947 and CVE-2024-5274 were type confusion vulnerabilities in the V8 JavaScript and WebAssembly engines, with active exploitation leading to urgent patches. Lastly, CVE-2024-7971, a type of confusion issue within the V8 JavaScript engine, also required immediate attention. These patches throughout the year emphasize the importance of maintaining up-to-date software.

image for How RBI’s ULI Will ...

 Firewall Daily

The Reserve Bank of India (RBI) will soon launch its much-anticipated Unified Lending Interface (ULI). RBI Governor Shaktikanta Das announced on August 26 that the platform promises to deliver "frictionless credit" to small and rural borrowers across India. This latest development comes after the success of   show more ...

the Unified Payments Interface (UPI), which has revolutionized digital payments in India since its inception. ULI, currently in the pilot phase that began last year in August, is designed to enhance the efficiency of the credit appraisal process. Governor Das highlighted that the full-scale launch of ULI is forthcoming, drawing parallels to the transformative impact UPI has had on the payments ecosystem.  "Just as UPI reshaped the payments landscape, we anticipate that ULI will play a pivotal role in revolutionizing the lending sector," Das remarked during his speech at the RBI@90 Global Conference on Digital Public Infrastructure and Emerging Technologies. What is the Unified Lending Interface (ULI)? Unified Lending Interface (ULI) is a technology platform that will facilitate a seamless, consent-based flow of digital information between data service providers and lenders. This includes crucial data such as land records from various states, which traditionally could delay credit approvals, especially for small and rural borrowers. By standardizing this information flow, ULI aims to significantly reduce the time and paperwork involved in securing credit. The architecture of ULI features a common and standardized application programming interface (API) designed to offer a 'plug-and-play' approach. This setup simplifies the integration process, making it easier for lenders to access diverse data sources without complex technical adjustments. This design ensures that borrowers experience a quicker turnaround time for their credit applications, reducing the need for extensive documentation. The Impact of ULI on Rural and Small Borrowers Governor Das emphasized that ULI is expected to cater to a significant unmet demand for credit, particularly in sectors such as agriculture and for micro, small, and medium enterprises (MSMEs). By digitizing access to financial and non-financial data that previously existed in separate silos, ULI aims to provide more inclusive and efficient credit solutions. This is especially crucial for borrowers in rural areas, who often face challenges in accessing timely and adequate credit. The new ULI platform aligns with India's broader Digital Public Infrastructure (DPI) strategy, which includes the JAM trinity—Jan Dhan Accounts, Aadhar, and Mobile Phones. These initiatives have laid a strong foundation for digital inclusion, with over 67% of the beneficiaries coming from rural areas and more than 55% being women. The integration of ULI into this existing framework is expected to enhance its impact further by addressing the credit needs of underserved segments. How ULI Compares to UPI The Unified Payments Interface (UPI) has set a high benchmark for digital transformation in India by streamlining the payment process. Launched in April 2016 by the National Payments Corporation of India (NPCI), UPI has facilitated real-time payments and is poised to expand into cross-border remittances, starting with small-value personal transactions. Similarly, ULI is anticipated to become a crucial component of India's digital financial ecosystem, complementing the advancements made by UPI. While UPI has revolutionized payments, ULI is set to do the same for lending by providing a more efficient, user-friendly credit system. Governor Das also highlighted the RBI's commitment to strengthening the financial system through innovative policies and technologies. "Our goal is to continuously develop approaches and platforms that enhance the resilience and responsiveness of our financial sector," he stated.

image for Sea-Tac Airport Cybe ...

 Cybersecurity News

The Seattle-Tacoma International Airport was hit by a cyberattack this weekend, causing widespread disruptions to its operations and travel plans for thousands of passengers. The Seattle-Tacoma Airport attack brought down websites, email, and phone services, and forced airport workers in some cases into manual backup   show more ...

processes. Impact on Seattle-Tacoma Airport Operations The cyberattack caused significant disruptions throughout Sea-Tac, particularly affecting the airport’s baggage handling systems. Alaska Airlines reported that over 7,000 checked bags missed their flights, forcing staff to sort them manually. Despite the challenges, most flights remained on schedule, according to officials. Lance Lyttle, the managing director of aviation for Sea-Tac Airport, confirmed during a Sunday afternoon news conference that the incident was believed to be a cyberattack. However, he could not provide details on the attackers’ motives or whether any personal data had been compromised. Security measures remained intact despite the attack, with 72,000 passengers successfully screened and processed on Sunday alone. Greg Hawko, the federal TSA security director for Washington state, assured the public that security operations continued without interruption, emphasizing the TSA’s commitment to maintaining the highest level of safety. While major airlines like Delta and Alaska Airlines, which use Sea-Tac as a hub, reported that their flight schedules were unaffected, carriers using the airport’s common use gates faced significant challenges. These airlines, including several international carriers, Frontier, Spirit, and WestJet, had to resort to manual processes like handwriting boarding passes and manually sorting baggage. Sun Country Airlines reported delays of over two hours, impacting multiple flights over the weekend. Growing Cyberattack Concerns The incident at Sea-Tac is the latest in a series of cyberattacks targeting critical infrastructure in Seattle and elsewhere. It follows a July incident where a routine software update led to a mass internet outage, grounding flights and disrupting business operations nationwide. Additionally, a malware attack on the Seattle Public Library in May and a hack at Change Healthcare in February that affected several Washington hospitals are prominent examples of the growing threat of cyberattacks on essential statewide-services. The increasing vulnerability of airline operations to such attacks has been highlighted in multiple reports, including a nearly decade-old Government Accountability Office (GAO) document warning of the risks posed by the interconnectedness of industry operations and the internet. Despite progress in addressing these vulnerabilities, Federal Aviation Administration (FAA) Chief Counsel Marc Nichols noted earlier this year that the number and diversity of cyber threats are expected to rise. As federal agencies, including the FBI’s Seattle field office, continue to investigate the Sea-Tac incident, travelers are urged to remain vigilant, pack light, and keep essential items in carry-on luggage. The full impact of the cyberattack is still being assessed, but it serves as a stark reminder of the ongoing and evolving threat that cyberattacks pose to critical infrastructure and public services.

image for About 1 Million Cust ...

 Cybersecurity News

Park’N Fly data breach has affected nearly one million customers, revealed the popular Canadian airport parking service firm. The company has warned customers in the country that their personal information might have been compromised in a data breach that took place last month. “Approximately 1 million customer   show more ...

files were accessed when a third party accessed the Park’N Fly network through unauthorized remote VPN access,” the company said in an email statement, as reported by Global News. According to Park’N Fly, the leak took place between July 11 and July 13, and may have included names, email and mail addresses, and Aeroplan and CAA numbers, but did not contain financial information. “We wish to reiterate that no passwords or credit card payment information is stored on our servers,” the firm wrote in a statement. Park’N Fly Data Breach in Detail The company sent an email on Monday notifying customers of the breach, which it discovered more than three weeks earlier. “On August 1, 2024, we determined that some of your personal information was likely affected by the incident,” read the email. “We have been diligently investigating this incident with the assistance of outside experts.” [caption id="attachment_88180" align="alignnone" width="975"] Source: X[/caption] The company said that its platforms were “fully restored within five days” and that it has since increased cyber security. “While we deeply regret any concern this incident may have caused, we want to reassure our valued customers and partners that we are taking all necessary steps to safeguard their information,” said Park’N Fly chief executive officer Carlo Marrello in the statement. The incident underscores the prevalence of data breaches and renews questions about what is being done to prevent them — and if they do happen, whether Canadians are being informed quickly enough. The head of Park’N Fly said the company is “committed to transparency.” “[We] will continue to prioritize the integrity of our systems as we navigate this situation,” Marrello said. Customer's Concerned Canadian news portal Village Media got in touch with one of the customers who received email from Park’N Fly. A resident named Don Wright told the news outlet that he hadn’t used Park’N Fly in more than two years and that his initial concern was about his credit cards. “Thankfully, the email said my credit card was not compromised, so that’s good news. But, of course, now I have to be aware of every single text and email I get for the next six months," Wright added. "It puts you in a precarious spot because I run a business off this number, so now that I am getting (fraudulent) texts … if I get texts and I don’t reply, am I going to be losing business? The company says it has been “diligently investigating” the incident with the assistance of outside experts and has increased security surveillance through its cyber-security partner, including updating the anti-virus software throughout the network. The company says they also took several technical and administrative steps to further enhance the security of its networks, explained the letter to customers. “We recommend you remain vigilant and be mindful of phishing attempts, such as emails from unknown senders, or those that contain unusual content, such as links or attachments, or being asked to provide personal information over the phone," the letter states. According to the privacy policy on the company's website, Park’N Fly "will only retain your personal information as long as is necessary for the fulfillment of the purposes for which it was collected or as required by law." The company also noted the default retention period for any information collection, unless specified differently in the fine print, is seven years "after which it is destroyed or rendered such that it is unable to identify you."

image for McLaren Health Care ...

 Cybersecurity News

McLaren Health Care has announced that, despite the disruptions caused by the recent cyberattack, its hospitals and clinics continue to operate and deliver crucial health services to their communities. The organization is actively working to restore its IT systems following the cyberattack, aiming to resume full   show more ...

functionality soon. “We remain truly grateful for the tireless effort and dedication displayed by our team members under these demanding circumstances, and we sincerely regret any impact this cyber attack may have had on our patients,” reads the McLaren Health notice. McLaren Health Cyberattack Details and Response Efforts McLaren Health Care has confirmed that the cyberattack was a ransomware incident, impacting IT infrastructure across its network of 13 hospitals, Karmanos cancer centers, surgery centers, and clinics. The cyberattack on McLaren Health has resulted in limited access to certain McLaren systems, creating longer-than-usual wait times for patients and requiring them to bring necessary information to their appointments. Cyber forensic investigations are ongoing, and the incident has been contained, but full restoration of services will take time. “If the health system identifies that any Protected Health Information (PHI) or personal information was compromised, it will contact the affected individuals directly pursuant to state and federal reporting guidelines,” stated McLaren officials. Operations and Patient Care During the Cyberattack All clinical services remain operational, and patients and residents are encouraged to continue using services as normal. The organization has implemented measures to ensure that emergency departments are open and accepting patients and that surgeries are proceeding as planned. Any postponed elective surgeries are in the process of being rescheduled. Additionally, all radiation therapy units at Karmanos Cancer Institute facilities are operational, and McLaren’s two Comprehensive Stroke Centers, located at McLaren Flint and McLaren Macomb, remain fully functional. Primary and specialty care offices are also operational, and patients are advised to show up for their scheduled appointments unless contacted otherwise by a team member. Patients in need of outpatient imaging studies can temporarily schedule their appointments through their local McLaren imaging departments. Phil Incarnati, President and CEO of McLaren Health Care, expressed his gratitude to all employees for their dedication and hard work during this challenging period. He praised the resilience and kindness displayed by McLaren teams across the state, from doctors and nurses to dietary professionals, administrative assistants, patient advocates, and all other team members who have been on the front lines ensuring the continued delivery of high-quality care. “Our employees are absolutely inspiring. Under extremely trying circumstances, McLaren teams on the frontlines and those in support roles across the state have answered the call. From doctors and nurses to dietary professionals, administrative assistants, patient advocates and all team members in between, our patients, their families, and our communities will be forever grateful for your resilience and kindness,” said Incarnati. He also urged patients and visitors to McLaren facilities to remain patient as the organization navigates this challenging situation. “Our clinical and support teams are some of the best out there, but they are working in a very challenging environment while we recover from this attack. They are the ones showing up on the frontlines every day to ensure our communities receive the care they need.” A Call for Industry-Wide Collaboration Against Cybercrime Incarnati emphasized that the cyberattack on McLaren Health Care highlights a broader issue facing the healthcare industry: the increasing threat of cybercrime. He noted that such attacks pose a significant risk not only to individual healthcare providers but also to national security. “Our experience has made clear that cyberattacks against our healthcare infrastructure are an industry-wide problem, and it’s not hyperbole to call healthcare cybercrime a national security threat,” Incarnati stated. He expressed his commitment to collaborating with fellow healthcare providers, elected officials, law enforcement, and cybersecurity experts to find effective solutions to prevent such attacks in the future and hold cybercriminals accountable. “I’m committed to working with my fellow providers, elected officials, law enforcement, and cyber experts to find ways to hold these criminals accountable and prevent their entry into our systems,” Incarnati said, emphasizing the need for a united front against cyber threats targeting critical healthcare infrastructure. While the full recovery from this cyberattack will take time, McLaren Health Care’s leadership and teams are committed to emerging stronger and more resilient.

image for Google Cloud Bucket ...

 Data Breach News

A misconfigured Google Cloud Storage bucket linked to Alice's Table, a popular virtual floral arrangement platform, has exposed the personal data of over 83,000 customers. The breach involved tens of thousands of files containing sensitive information such as names, email addresses, home addresses, and order   show more ...

details of the platform's users. In a blog post on the data leak, Cyble researchers reported that such exposures are surprisingly common. Cyble's Odin vulnerability search tool found more than 500,000 exposed cloud storage buckets between Google Cloud Storage and AWS. Exposed Cloud Storage Bucket Linked to Alice's Table Cybernews researchers first identified the exposed Google Cloud bucket in April during a routine investigation. The bucket contained 37,349 files, including 10,183 XLSX and CSV files with personally identifiable information (PII). While the majority of the exposed email addresses were personal, a significant portion were associated with corporate accounts, including those belonging to major companies like BCG, Pfizer, PwC, Charles Schwab, and government employees, the researchers said. The leak raises security concerns associated with business email addresses that can be used for phishing attacks, spamming, identity theft, and unauthorized access to confidential information. Additionally, the exposure of home addresses puts victims at risk of physical intrusions. Founded in 2015 by Boston entrepreneur Alice Lewis, Alice's Table is a subsidiary of 1-800-Flowers. The company gained widespread attention after securing a $250,000 investment on ABC's Shark Tank in 2017. In addition to floral arrangements, the platform offers live streaming experiences for culinary and cocktail workshops. Misconfigured Cloud Storage Buckets: A Common Security Risk Misconfigured cloud storage buckets are cloud storage containers that have been set up with insufficient security controls, allowing unauthorized access to their contents. This can lead to data breaches, unauthorized data exfiltration, and other serious security consequences. Common misconfiguration issues include: Publicly accessible buckets: These buckets can be accessed by anyone who knows their URL, even without authentication. Incorrect permissions: If permissions are set too broadly, unauthorized users may be able to access or modify data. Missing encryption: Data stored in unencrypted buckets can be easily intercepted and read if it is transmitted over an insecure network. Weak access controls: If access controls are weak, unauthorized users may be able to gain access to the bucket by guessing credentials or exploiting vulnerabilities. Why are misconfigured cloud storage buckets a security nightmare? Cloud storage buckets can contain sensitive and personally identifiable information (PII), leading to a number of security risks. Wide prevalence: Studies have shown that a significant number of cloud storage buckets are misconfigured. For example, one study found that millions of buckets were publicly accessible, containing more than 10 billion data files that had sensitive data such as financial information, medical records, and intellectual property. Data breaches: Misconfigured buckets have been responsible for numerous high-profile data breaches, resulting in the exposure of large amounts of sensitive information. One example: a BMW data breach. Financial losses: Data breaches caused by misconfigured buckets can lead to significant financial losses for organizations, due to fines, legal costs, and damage to reputation. How to prevent misconfigured cloud storage buckets The Cyble blog noted specific steps for securing Google Cloud Storage buckets, along with some security tools that can help secure cloud storage buckets. Here are some general controls that cloud customers should be using: Implement strong access controls: Use granular access controls to limit access to the bucket to authorized users only. Enable encryption: Encrypt data at rest and in transit to protect it from unauthorized access. Regularly review and update security settings: Regularly review and update security settings to ensure that they remain appropriate. Use cloud security tools: Consider using cloud security tools and AI-driven threat intelligence platforms like Cyble's CTI and Odin offerings to help identify and address misconfigurations. By following these best practices, organizations can help reduce the risk of misconfigured cloud storage buckets and protect their sensitive data. Neither Alice's Table nor 1-800-Flowers had responded to Cybernews' request for comment at the time of publication.

image for Securing the Cloud: ...

 Firewall Daily

By: Praveen Grover, Vice President and Managing Director, AHEAD It's crucial for safeguarding your business's integrity and earning client trust. As businesses increasingly rely on cloud services to store and manage vast amounts of data, ensuring its security becomes paramount. The rise of cloud computing has   show more ...

undoubtedly transformed how businesses operate, offering unparalleled convenience in data management. Yet, this convenience comes with a caveat: the responsibility of safeguarding data falls on both cloud service providers and their customers. This shared responsibility model dictates that while providers secure the cloud infrastructure, customers must ensure the protection of the data they store in it. Navigating this model can be complex, particularly when different service models like infrastructure-as-a-service (IaaS) or platform-as-a-service (PaaS) are involved. Understanding this division of responsibilities is crucial for effectively securing your data in the cloud. Cloud Services: Conducting a Risk Assessment Before fortifying your cloud defences, conducting a thorough risk assessment is essential. This assessment helps identify potential vulnerabilities and threats specific to your cloud environment. By gaining comprehensive insights into your cloud setup—covering data, applications, and access controls—you can develop a robust security strategy. The outcome? A detailed report pinpointing critical security risks and actionable recommendations for mitigating them. Implementing Privacy-by-Design Principles Integrating privacy-by-design principles into your cloud architecture can significantly bolster data privacy. This proactive approach ensures that privacy considerations are embedded throughout the design and implementation of your cloud systems. Key practices include robust encryption methods for data at rest and in transit, secure management of keys and certificates, and stringent access controls. By adopting these principles, organizations can elevate their overall privacy and security posture in the cloud. Choosing a Reliable Cloud Service Provider The journey to securing your data starts with selecting a trustworthy cloud service provider. Look for providers compliant with stringent security standards such as ISO 27001, HIPAA, or PCI DSS. Ensure they offer robust data encryption, secure storage, and effective access controls as part of their service offerings. Understanding Your Security Responsibilities When migrating data to the cloud, understanding who is responsible for its security is important. While cloud providers secure the infrastructure, customers retain responsibility for securing their data. This distinction becomes increasingly critical as you scale your cloud usage. Using Strong Authentication Passwords alone may not suffice in today's threat landscape. Implementing multifactor authentication (MFA) adds an extra layer of security by requiring users to verify their identity through multiple means—such as passwords combined with codes sent to mobile apps. For even stronger protection, consider password-less authentication methods like biometrics or app-based authentication. Implementing Encryption and Access Controls Encryption remains a cornerstone of cloud security, ensuring that only authorized users can access sensitive data. Deploy encryption mechanisms for both data at rest and in transit to mitigate the risk of unauthorized access and data breaches. Coupled with robust access controls based on the principle of least privilege, these measures limit access to sensitive data to only those who need it. Monitoring Cloud Activity and Conducting Regular Security Assessments Continuous monitoring of cloud activity allows for timely detection of suspicious behaviour or potential security incidents. Leverage monitoring tools provided by your cloud service provider and regularly review logs and audit trails. Additionally, conducting periodic security assessments—either internally or with third-party experts—helps identify vulnerabilities and assess the effectiveness of your security measures. Educating Your Employees Your security chain is only as strong as its weakest link—often human error. Ensure your employees are well-versed in cloud security best practices through regular training sessions. Educate them on spotting phishing attempts, understanding data protection policies, and reporting suspicious activity promptly. Implementing Zero Trust Principles Adopting a Zero Trust approach further strengthens your cloud security strategy. This methodology assumes that threats could originate from both inside and outside the network, necessitating stringent access controls and continuous verification of every device and user attempting to connect to your cloud environment. Securing data in the cloud requires a proactive, multifaceted approach that addresses both technological and human elements. As cloud technology evolves, staying informed and proactive is essential for protecting your data and maintaining the trust of your clients. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for AI vs. Counterfeiter ...

 Features

By: Padmakumar Nair, CEO & Co-founder of Ennoventure.Inc In an era of peak globalization and digital commerce, the threat of counterfeiting has reached unprecedented levels, endangering consumers, brands, and economies throughout the globe. In addition to compromising brand integrity, counterfeit goods jeopardize   show more ...

consumer safety and embezzle billions of dollars from legitimate businesses. Leveraging cutting-edge artificial intelligence (AI) technology has become crucial in combating this widespread issue, ensuring product authenticity and safeguarding consumer trust. Counterfeiting, being a global issue, has an impact on a variety of industries, including consumer goods, technology, and pharmaceuticals. The latest survey projects that by 2025, global investments in AI will amount to $200 billion. The proliferation of counterfeit products puts customers' health in grave danger and results in large financial losses, particularly in the food and pharmaceutical industries. The introduction of e-commerce has made the problem worse by giving counterfeiters additional channels for the sale of fake products. Innovative solutions are required to safeguard businesses and consumers from this growing issue. AI: The Game Changer in Anti-Counterfeiting One powerful weapon in the fight against counterfeiting is artificial intelligence. AI is a perfect tool for identifying and stopping counterfeit activity because of its fast and accurate data analysis capabilities. Innovative solutions that integrate AI with advanced digital marking techniques offer robust protection against counterfeiting. One of the key advantages of AI in anti-counterfeiting lies in its ability to adapt and learn from new data continuously. AI algorithms can detect anomalies in printing and packaging processes, distribution channels, and consumer behavior that may indicate counterfeit operations. This proactive approach enables companies to anticipate potential threats and take preemptive measures to safeguard their products and brands. AI-Driven Anti-Counterfeiting Solutions Proprietary technology combining AI algorithms with advanced digital marking techniques creates secure, invisible, and non-intrusive codes that can be embedded in products and packaging. These AI-generated codes are unique and virtually impossible to replicate, providing a strong line of defense against counterfeiters. Here’s how this technology works: Invisible Marking: Specialized AI algorithms are used to discreetly integrate distinct digital codes into product packaging. These codes preserve brand integrity by not changing the packaging's appearance or design. Verification: With a simple smartphone app, buyers and merchants may confirm a product's legitimacy. By scanning the invisible code, the software can quickly determine if a product is authentic or fake. Real-Time Tracking: Products can be tracked in real-time along the supply chain with the help of AI technology. This feature facilitates the quick identification of counterfeit goods as well as the location and mode of counterfeiting, enabling prompt corrective measures. Data analytics: The data gathered by the AI-powered platform offers insightful information on the trends and patterns of counterfeiting. Companies can utilize this data to enhance supply chain security and improve their anti-counterfeiting tactics. The Future of AI in Anti-Counterfeiting Advanced anti-counterfeiting solutions will become increasingly necessary as counterfeiters become more skilled. Continuous innovation is essential to ensure that AI technology stays ahead of the curve. Integrating AI with blockchain technology can enhance the transparency and security of these solutions further. An additional line of defense against counterfeiting can be provided by merging blockchain technology with artificial intelligence to generate an unchangeable, tamper-proof record of product authenticity. While there is still more work to be done in the fight against counterfeiting, tremendous progress is being made in safeguarding economies, customers, and brands thanks to artificial intelligence. Staying one step ahead of counterfeiters requires innovation; by utilizing artificial intelligence's transformational potential, we are not just defeating counterfeiting but also shaping a safer, more trustworthy global marketplace. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything. 

image for Top-5 leaks of all t ...

 Privacy

Recent years have seen a steady rise in the amount of compromised data out there. News reports about new leaks and hacks are an almost daily occurrence, and we at Kaspersky continue to use plenty of electronic ink to tell you about the need for robust protection — now more than ever. Today we take a dive into   show more ...

history and recall (with a shudder) the biggest and baddest data breaches (DBs) of all time. To find out how much and what kind of information was leaked, who was affected, and much more besides — read on… 1. RockYou2024 In brief: hackers collected data from past leaks, and rolled out the largest-ever compilation of real user passwords: 10 billion records! When: 2024. Who was affected: users worldwide without strong protection. RockYou2024 is the king of leaks, and a thorn in the side of anyone who thought hackers werent interested in them. In July 2024, cybercriminals leaked a gigantic collection of passwords on a hacking forum: 9,948,575,739 unique records in total. Despite being a compilation based on the old RockYou2021 leak, RockYou2024 still… rocks, so to speak. Our expert, Alexey Antonov, analyzed the breach, and found that 83% of the leaked passwords were crackable by a smart guessing algorithm in under an hour, with only 4% of them (328 million) able to be considered strong: requiring over a year to crack using a smart algorithm. For details on how smart algorithms work, see our password strength study, which, analyzing real user passwords leaked on the dark web, shows that far too many of us are still shockingly blasé about password security. In analyzing the latest leak, Alexey filtered out all non-relevant records, and worked with the remaining array of… 8.2 billion passwords stored somewhere in plaintext! 2. CAM4 In brief: a misconfigured server exposed 11 billion customer records to the public domain — sensitive information indeed given that CAM4 is… an adult site! When: 2020. Who was affected: users of the adult site CAM4. This story is of interest for two reasons: what information was leaked, and how. Among the standard leaked details (first name, last name, email address, payment logs, etc.) was information of a far more intimate nature: gender preferences and sexual orientation. Users had to give this information at signup before they could enjoy the content of the adult streaming platform. The leak was caused by an insecure Elasticsearch database. However, it didnt end so badly – and embarrassingly: if we were to compile all the reports of leaks related to this DB into a physical book, wed get quite a doorstop — within which the story of CAM4 would occupy a small but important chapter: The largest data leak in history that never was. Fortunately, the database was shut down within half-an-hour after discovering the error, and later moved to an internal local network. Users personal data was deleted. 3. Yahoo In brief: A hacker attack affected all three billion users of the platform — but Yahoo admitted this only three years later. When: 2012, 2013… or was it 2014? Even Yahoo doesnt know for sure. Who was affected: all Yahoo users. More than a decade ago now, Yahoo was hacked (it all started with a phishing email), leading to a series of news stories about a rumored data leak. Initial reports mentioned a couple of hundred million hacked accounts, then that rose to around 500 million, then, in 2017, on the eve of the companys deal with Verizon, it turned out that all three billion accounts were affected. The hackers got hold of names, email addresses, dates of birth, and phone numbers. Even worse, they had access to the accounts of users who went years without changing their passwords. Now do you see why its so important to change passwords regularly and delete old profiles? This incident is yet further proof that even tech giants sometimes fail to store user data properly. In the case of Yahoo, attackers found a database of unencrypted security questions and answers, and some accounts had no two-factor authentication at all. So, the moral of the story is: dont rely on social networks or online platforms to secure your personal accounts. Make up or generate strong passwords and store them in Kaspersky Password Manager. And if youre worried your data may already have leaked, install any of our home security solutions: Kaspersky Standard and Kaspersky Plus both let you specify all the email addresses that you and your family use to sign in to online services. The application regularly checks these addresses and reports any data breaches involving accounts linked to them. In Kaspersky Premium, in addition to an email list, you can add phone numbers — these are usually used to identify users of more sensitive online services such as banking. Our application searches for these numbers and addresses in all fresh database leaks, and, if found, warns you and advises what to do (read more about how we protect you against personal data leaks online or on the dark web). 4. UIDAI (Aadhaar) In brief: the biometric data of almost all citizens and residents of India went up for sale. When: 2018. Who was affected: 1.1 billion citizens and residents of India. The Unique Identification Authority of India (UIDAI) operates the largest bio-identification system in the world, storing the personal data, fingerprints, and iris photos of more than a billion folks in India. While many countries around the world are only planning to implement biometric identification, India has had such a system in place for over a decade already. UIDAI was set up so that every single resident of India would have a unique official state identity number, Aadhaar. But in 2018, following a string of data leaks, cybercriminals not only got their hands on the database, but sold it for as little as 500 rupees (about US$6 at todays exchange rate). Another massive data breach occurred in 2023, this time impacting 815 million Indians. Banks and law enforcement agencies continue to advise victims of the leaks to disable biometric authentication for financial services. But thats no guarantee of security, since their names, passport numbers, photos, fingerprints, and other information are likely in cybercriminal hands. 5. Facebook In brief: the company failed to notify users about a data breach it had known about for a full two years. When: 2019. Who was affected: 533 million Facebook users. No one is surprised anymore at seeing the words Facebook and leak side by side. The platform regularly falls victim to hacker attacks and internal leaks. This particular breach — the largest in the companys history — saw the names, phone numbers, and location data of 533 million users fall into the clutches of cybercriminals. They then posted the data on a hacking forum where anyone could download it all for free. And not only regular users account data, but that of public figures, including EU Justice Commissioner Didier Reynders, and then-Prime Minister (now Foreign Minister) Xavier Bettel of Luxembourg. If you suspect that you too may have been hit by the Facebook data leak, use our Password Checker tool to find out whether your password was compromised in this or other leaks. The leaked data was current for 2018–2019, although information about it appeared only in 2021. How did that happen? The fact is that hackers exploited the vulnerability in 2019, which Facebook patched straight away, but then forgot (or preferred not) to inform users of the incident. As a result, Meta faced more heavy criticism, plus a hefty €265 million fine (~US$276 million in 2021). What do these leaks teach us? The common thread linking all these stories is: Big Tech helps those who help themselves. In other words, we are primarily responsible for the security of our data; not Facebook, not Yahoo, not even governments. Look after your accounts yourself, make up or generate strong passwords, store them in a secure password manager, and take special care when it comes to biometric data. Do not reuse passwords. If youre a one password for all occasions kind of person and have been using the internet for at least a few years, weve some bad news for you (in the link). Check if your passwords have been compromised. If you have our protection, you can use our Data Leak Checker tool to enter a list of email addresses and check your user accounts. Kaspersky Premium users also have the option to check phone numbers using the Identify Theft Protection feature. The applications automatically check this information for exposure in new leaks. And in our password manager, just select Password Check from the menu, or click the key icon on the taskbar, and all stored passwords are checked for strength, uniqueness, and leaks. Everyone else can use our free Password Checker Use two-factor authentication (2FA) wherever possible. Do not store passwords in browsers. Use a password manager to generate unique, cryptographically strong passwords for all important accounts, and then you only need think up and remember just one — main — password that serves as the master key to all other passwords. This protects and encrypts your password vault and other vital data.

image for New 0-Day Attacks Li ...

 A Little Sunshine

Malicious hackers are exploiting a zero-day vulnerability in Versa Director, a software product used by many Internet and IT service providers. Researchers believe the activity is linked to Volt Typhoon, a Chinese cyber espionage group focused on infiltrating critical U.S. networks and laying the groundwork for the   show more ...

ability to disrupt communications between the United States and Asia during any future armed conflict with China. Image: Shutterstock.com Versa Director systems are primarily used by Internet service providers (ISPs), as well as managed service providers (MSPs) that cater to the IT needs of many small to mid-sized businesses simultaneously. In a security advisory published Aug. 26, Versa urged customers to deploy a patch for the vulnerability (CVE-2024-39717), which the company said is fixed in Versa Director 22.1.4 or later. Versa said the weakness allows attackers to upload a file of their choosing to vulnerable systems. The advisory placed much of the blame on Versa customers who “failed to implement system hardening and firewall guidelines…leaving a management port exposed on the internet that provided the threat actors with initial access.” Versa’s advisory doesn’t say how it learned of the zero-day flaw, but its vulnerability listing at mitre.org acknowledges “there are reports of others based on backbone telemetry observations of a 3rd party provider, however these are unconfirmed to date.” Those third-party reports came in late June 2024 from Michael Horka, senior lead information security engineer at Black Lotus Labs, the security research arm of Lumen Technologies, which operates one of the global Internet’s largest backbones. In an interview with KrebsOnSecurity, Horka said Black Lotus Labs identified a web-based backdoor on Versa Director systems belonging to four U.S. victims and one non-U.S. victim in the ISP and MSP sectors, with the earliest known exploit activity occurring at a U.S. ISP on June 12, 2024. “This makes Versa Director a lucrative target for advanced persistent threat (APT) actors who would want to view or control network infrastructure at scale, or pivot into additional (or downstream) networks of interest,” Horka wrote in a blog post published today. Black Lotus Labs said it assessed with “medium” confidence that Volt Typhoon was responsible for the compromises, noting the intrusions bear the hallmarks of the Chinese state-sponsored espionage group — including zero-day attacks targeting IT infrastructure providers, and Java-based backdoors that run in memory only. In May 2023, the National Security Agency (NSA), the Federal Bureau of Investigation (FBI), and the Cybersecurity Infrastructure Security Agency (CISA) issued a joint warning (PDF) about Volt Typhoon, also known as “Bronze Silhouette” and “Insidious Taurus,” which described how the group uses small office/home office (SOHO) network devices to hide their activity. In early December 2023, Black Lotus Labs published its findings on “KV-botnet,” thousands of compromised SOHO routers that were chained together to form a covert data transfer network supporting various Chinese state-sponsored hacking groups, including Volt Typhoon. In January 2024, the U.S. Department of Justice disclosed the FBI had executed a court-authorized takedown of the KV-botnet shortly before Black Lotus Labs released its December report. In February 2024, CISA again joined the FBI and NSA in warning Volt Typhoon had compromised the IT environments of multiple critical infrastructure organizations — primarily in communications, energy, transportation systems, and water and wastewater sectors — in the continental and non-continental United States and its territories, including Guam. “Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT [operational technology] assets to disrupt functions,” that alert warned. In a speech at Vanderbilt University in April, FBI Director Christopher Wray said China is developing the “ability to physically wreak havoc on our critical infrastructure at a time of its choosing,” and that China’s plan is to “land blows against civilian infrastructure to try to induce panic.” Ryan English, an information security engineer at Lumen, said it’s disappointing his employer didn’t at least garner an honorable mention in Versa’s security advisory. But he said he’s glad there are now a lot fewer Versa systems exposed to this attack. “Lumen has for the last nine weeks been very intimate with their leadership with the goal in mind of helping them mitigate this,” English said. “We’ve given them everything we could along the way, so it kind of sucks being referenced just as a third party.”

 Trends, Reports, Analysis

Despite law enforcement actions disrupting major ransomware operations, the long-term impact remains uncertain as groups adapt and evolve. Ransomware-as-a-Service (RaaS) collectives are facing growing competition to attract affiliates.

 Malware and Vulnerabilities

The plugin, which was added to Pidgin’s third-party plugins list on July 6th, was flagged by a user, 0xFFFC0000, on August 16th, who reported suspicious behavior, including the unauthorized capture and sharing of screenshots.

 Security Products & Services

Nuclei is an open-source vulnerability scanner known for its speed and customizable YAML-based templates. It offers flexibility in security checks by allowing customization of templates to send requests to multiple targets.

 Incident Response, Learnings

The Dutch Data Protection Authority (AP) announced the €290m ($324m) fine yesterday, claiming that it stems from the same concerns that have led to years-long legal wranglings between the EU and US.

 Trends, Reports, Analysis

India is experiencing a rise in cyberattacks on its critical infrastructure, particularly in the financial and government sectors, prompting the Reserve Bank of India to issue warnings about the need for enhanced cybersecurity measures.

 Malware and Vulnerabilities

The vulnerability, tracked as CVE-2024-7965 and reported by a security researcher known as TheDog, involved a bug in the compiler backend that could allow remote attackers to exploit heap corruption through a crafted HTML page.

 Malware and Vulnerabilities

Researchers found that attackers are leveraging PythonAnywhere cloud platform to host and distribute malicious files using Razr ransomware discreetly. The ransomware generates a unique machine ID, encryption key, and IV to begin operations.

 Trends, Reports, Analysis

Lateral movement is a key indicator of ransomware attacks, with 44% of attacks being spotted during this phase, as reported by Barracuda Networks. Additionally, file modifications and off-pattern behavior were also significant triggers for detection.

 Feed

Ubuntu Security Notice 6973-3 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Red Hat Security Advisory 2024-5882-03 - An update for the orc:0.4.28 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-5871-03 - An update for bind is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-5858-03 - An update for kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Issues addressed include code execution, denial of service, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-5856-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 7.1 for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a   show more ...

detailed severity rating, is available for each vulnerability from the CVE link in the References section. Issues addressed include HTTP request smuggling, bypass, code execution, denial of service, deserialization, and remote SQL injection vulnerabilities.

 Feed

Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information using a technique called ASCII smuggling. "ASCII Smuggling is a novel technique that uses special Unicode characters that mirror ASCII but are actually not visible in the user interface," security researcher Johann Rehberger said. "This means that an attacker

 Feed

Google has revealed that a security flaw that was patched as part of a security update rolled out last week to its Chrome browser has come under active exploitation in the wild. Tracked as CVE-2024-7965, the vulnerability has been described as an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine. "Inappropriate implementation in V8 in Google Chrome prior to

 Feed

Want to know what’s the latest and greatest in SecOps for 2024? Gartner’s recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year’s report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial

 Feed

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of the Windows version of the backdoor and differ only in the payload, which is received in the form of shell scripts from the attackers' server," Kaspersky researcher Sergey Puzan said. HZ RAT was first

 Feed

The China-nexus cyber espionage group tracked as Volt Typhoon has been attributed with moderate confidence to the zero-day exploitation of a recently disclosed high-severity security flaw impacting Versa Director. The attacks targeted four U.S. victims and one non-U.S. victim in the Internet service provider (ISP), managed service provider (MSP) and information technology (IT) sectors as early

 AI

In episode 13 of "The AI Fix", meat avatar Cluley learns that AI doesn't pose an existential threat to humanity and tells meat avatar Stockley how cybersex is about to get very, very weird. Our hosts also learn that men lie on their dating profiles, hear ChatGPT steal somebody's voice, and discover an   show more ...

AI that rick rolls its users. Graham tells Mark about AI's political ambitions and discovers what ChatGPT has in common with the reluctant ruler of the universe, while Mark introduces Graham to the Campaign to Stop Killer Robots. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybercrime , Encryption & Key Management , Fraud Management & Cybercrime Activists Raise Concerns Over Privacy and Hostility to End-to-End Encryption Akshaya Asokan (asokan_akshaya) , David Perera (@daveperera) • August 26, 2024     Telegram CEO and   show more ...

founder Pavel Durov speaks during a conference in Indonesia on April 23, 2024. […] La entrada French Prosecutors Detail Motives For Telegram CEO Arrest – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 HIPAA/HITECH , Incident & Breach Response , Security Operations Why Did it Take So Long to Notify Regulators and Affected Patients? Marianne Kolbasuk McGee (HealthInfoSec) • August 26, 2024     Medical Center Barbour in Alabama is notifying patients whose   show more ...

data was compromised in an October 2023 hack (Image: Medical […] La entrada Small Rural Alabama Hospital Reports Big 2023 Hacking Breach – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 airport

Source: www.databreachtoday.com – Author: 1 CrowdStrike Outage Updates , Incident & Breach Response , Security Operations David Perera (@daveperera) • August 26, 2024     Flying in an out of Seattle could be extra frustrating following a possible Saturday cyberattack. (Image: Shutterstock) Travelers in   show more ...

the Pacific Northwest’s busiest airport should travel light and gird for […] La entrada Seattle-Tacoma Airport IT Outages Persist Into Day 3 – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Device Identification , Endpoint Security , Government Hard Drives Slated For Destruction Kept in Open Cardboard Boxes Prajeet Nair (@prajeetspeaks) • August 26, 2024     Auditors say the FBI allowed hard drives awaiting destruction to pile up in a warehouse   show more ...

facility. (Image: Shutterstock) The FBI had a loose hard […] La entrada Auditors Uncover Lax FBI Hard Drive Disposal Practices – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Adapting

Source: www.databreachtoday.com – Author: 1 Tom Clare Product Marketing Director, Netskope Tom Clare is a product marketing director, his focus at Netskope centers on product strategy with marketing experience in web/cloud proxies, data and threat protection, behavior analytics, network traffic analysis,   show more ...

endpoint protection, endpoint detection and response, deception, and firewalls. Original Post url: https://www.databreachtoday.com/webinars/live-webinar-adapting-firewalls-proxy-gateways-in-zero-trust-era-w-5802 Category […] La entrada Live Webinar | Adapting Firewalls and Proxy Gateways in the Zero Trust Era – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-08
Aggregator history
Tuesday, August 27
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober