Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for What It Takes to Def ...

 Cybersecurity News

The dark web, emerging cyber threats, and the race to stay ahead in a rapidly evolving digital landscape—are just some of the topics Saket Verma, Cybersecurity India Practice Leader at Kyndryl India, navigates daily. In an exclusive interview with The Cyber Express (TCE), Saket shares his remarkable career journey,   show more ...

detailing how he has shaped the future of cybersecurity with a keen focus on business growth and innovative security solutions. Before joining Kyndryl, Saket was the President of Aujas Cybersecurity, where he honed his skills in strategy and client satisfaction. With a career spanning over 25 years at leading companies like IBM and HP/HPE, he has successfully managed multimillion-dollar business units and led diverse teams across the Asia-Pacific region. Outside of his professional life, Saket is passionate about exploring new tech trends, delving into Vedantic philosophy, and enjoying the timeless adventures of Tintin. TCE: With your extensive experience across multiple organizations, how has the approach to cybersecurity evolved over the years, especially in the Indian context? Do you believe that Indian organizations are genuinely committed to cybersecurity, or is it more of a compliance checkbox for many? What is your assessment of the current state of cybersecurity in India, particularly in terms of incidents, vulnerabilities, and recent attacks?  Cybersecurity has evolved dramatically from a mere checkbox item to a critical priority for organizations across sectors. As a global IT hub, India faces unique challenges. The advancements in IoT, machine learning, and 5G, combined with hybrid work environments, have expanded the digital footprint leading to new sophisticated cyber threats. According to a 2023 DSCI report, Indian respondents detected more than 400 million cyber threats across 8.5 million endpoints, averaging 761 detections per minute. Furthermore, the evolution of AI has pushed the world to move away from legacy tech solutions, rendering traditional security perimeters obsolete. As a result, the focus has shifted from mere safeguarding to developing effective methods for identifying, detecting, and managing risks. Although India has advanced from a primary reliance on antivirus software and firewalls to utilizing high-tech tools like Cloud Access Security Brokers (CASB) and behavioral analytics, vulnerable gaps still remain which cybercriminals exploit.  TCE: Attack Surface Management (ASM) is critical for identifying and mitigating potential vulnerabilities. How do you approach ASM in your strategy, and what technologies or methodologies do you find most effective in managing an organization's attack surface?  Attack Surface Management (ASM) involves the continuous process of identifying, analyzing, and reducing an organization's attack surface. This process covers network infrastructure, software applications, cloud services, endpoints, and even human factors like social engineering.  Our zero-trust framework prioritizes securing the most critical and risky elements, selecting use cases aligned with business objectives, and leveraging established zero-trust public frameworks.   TCE: Threat Intelligence is often cited as essential for proactive defense. Can you also share how you have integrated threat intelligence into your cybersecurity strategy, and how do you ensure that the intelligence gathered is actionable and relevant to your specific threat domain?  To tackle a problem, you need to understand it first, and the same applies to protecting against cyberattacks. When integrating threat intelligence into your cybersecurity strategy, focus on gathering relevant data, identifying and monitoring threats in real time, and automating its use in security tools. Prioritize high-fidelity threat feeds, contextualize the data, and continuously update mechanisms to adapt to evolving threats. TCE: Dark Web Monitoring is becoming increasingly important as cybercriminals operate in hidden online spaces. How do you conduct dark web monitoring effectively, and what are the challenges you face in tracking and responding to threats that emerge from these environments?   Dark web activity can alert businesses to ongoing or past attacks or threats linked to partner breaches. As an early warning system, dark web monitoring helps detect data breaches and classify risks from unknown sources, enabling faster responses. Companies can track these activities using advanced tools like keyword searches, pattern recognition, and machine learning algorithms. However, the dark web’s clandestine nature and vast volume of information make tracking difficult. Its encrypted, pseudonymous communications further complicate assessing credibility.  TCE: The cybersecurity skills gap is a global issue, yet many argue that the industry is not doing enough to create accessible pathways for new talent, especially for underrepresented groups. What are your thoughts on this, and how can the industry better address these concerns?   India's digital economy could generate up to $1 trillion by 2025, with half of this coming from new digital ecosystems. However, the country faces a significant cybersecurity skills gap. The industry must create more inclusive and accessible opportunities for new talent by collaborating with educational institutions, businesses, and government agencies. Developing low-cost or free training programs, offering scholarships, and fostering community-based learning can help close the gap. Our company is addressing this issue through initiatives like the Cyber Rakshak program, which trains women in rural areas in essential technology skills, aiming to create 100,000 Cybersecurity Ambassadors in three years. Additionally, company's Cyber Sainik program, in collaboration with the Data Security Council of India (DSCI), aims to train 25,000 students in cybersecurity to defend against cyber threats like bullying and online exploitation.  TCE: You’ve led large cross-industry sales teams and driven consulting businesses across various organizations. In your experience, have you seen a genuine alignment between business leaders and cybersecurity priorities, or do you find that cybersecurity often takes a backseat to business goals? There’s a growing debate around the effectiveness of traditional cybersecurity measures versus newer, more innovative solutions. Some believe that traditional methods are outdated and inadequate for today’s threats. Where do you stand on this, and do you think organizations are too slow to adapt to new technologies?   When we talk about the changing cybersecurity landscape, we’re referring to a shift with far-reaching implications. As the landscape has evolved, security has become a top strategic priority for business leaders across all industries. This evolution has also made the role of the Chief Information Security Officer (CISO) increasingly critical and complex. While many experts argue that traditional cybersecurity methods are becoming outdated, it’s important to recognize that this is not about following trends—it’s about adapting to a constantly evolving threat environment.   Indian organizations are adapting to this rapid pace of change. For example, while perimeter security and basic antivirus solutions were once sufficient, the rise of AI-driven scams has forced defenders to also adopt AI and machine learning to enhance threat detection and response capabilities. In our company’s State of IT Risk Survey 2023 survey, 84% of global respondents confirmed that their organization relies heavily on IT systems to run critical business processes and 71% had experienced a cybersecurity-related event. To effectively navigate these changes and improve responsiveness, collaboration among CISOs, CIOs, leaders, and stakeholders is crucial in today’s digital economy.   TCE: What emerging trends have you observed in the evolution of cybercrime, particularly in the tactics and sophistication of ransomware and phishing attacks? How are these threats evolving, and what new strategies are cybercriminals using to bypass traditional security measures?  AI plays a significant role in cybersecurity, acting both as a tool for defenders and a weapon for scammers. Phishing and ransomware have surged as the most prevalent cybercrimes, posing a growing threat to organizations.  Ransomware has evolved from simple encryption-based attacks to more sophisticated forms like "double extortion," or even “triple extortion” where attackers steal data and threaten to leak it if ransoms aren't paid. Recently, some ransomware operators have shifted tactics, bypassing encryption to focus on stealing sensitive data and threatening to expose it on shame sites to pressure victims. In India, a ransomware attack recently shut down payment systems across nearly 300 local banks, impacting 0.5% of the country's payment volumes. To combat these threats, strong authentication measures like multi-factor authentication (MFA), regular vulnerability management, timely patching, continuous security monitoring, incident response, employee training, and endpoint monitoring and protection.  Phishing remains the most common form of social engineering, tricking users into compromising security. India recorded 79 million phishing attacks in 2023, according to a recent report. To combat phishing, the focus should be on employee awareness training and implementing advanced email security solutions to filter out malicious content. With the rise of cloud services and personal devices, endpoint monitoring and protection are critical to detecting and responding to breaches.

image for Researchers Reveal t ...

 Firewall Daily

In the ongoing conflict between Russia and Ukraine, the latter has launched the Kursk Offensive, a major military operation that combined traditional warfare with sophisticated cyber strategies. This offensive marked a significant shift in Ukraine's approach, showcasing their ability to conduct well-coordinated,   show more ...

high-impact operations. Despite receiving considerable backing, Ukraine confronts an environment of diminishing patience from the international community, exacerbated by reduced U.S. aid and gaps in European support amidst global distractions. This operation saw Ukrainian forces push 25 miles into the Kursk Oblast region, ultimately claiming control over more than 450 miles of territory within three weeks. Cyble's research indicates that the Kursk Offensive was not an impromptu move but the culmination of meticulous preparation. Since early 2023, Ukrainian forces have conducted extensive surveillance and preparatory actions. Volunteer units and specialized reconnaissance teams operated discreetly, gathering intelligence and conducting preliminary raids to disrupt Russian operations. Strategic Overview of the Kursk Offensive From early 2023, Ukraine's activities reflected a strategic buildup leading to the Kursk Offensive. In February 2023, Ukrainian Grad missiles targeted Shebekino, leading to intermittent shelling and drone strikes throughout the month. By March 2023, drone attacks were launched against key infrastructure in Belgorod Oblast, including the Transneft-Druzhba oil pipeline, signaling a broader escalation. [caption id="attachment_88411" align="aligncenter" width="606"] Ukrainian Advances in Kursk Region and Force Status as of August 27, 2024 (Source: Cyble)[/caption] The summer of 2023 saw further aggression when, in August, Ukrainian drone strikes hit the Kursk Railway Station and various government buildings. This pattern of increasing attacks continued into September, with intensified artillery fire and drone strikes along the Kursk border. October 2023 brought more disruptions, as drone strikes targeted electrical facilities across several towns in the Kursk region, causing widespread blackouts. December 2023 witnessed continued disruptions with drone attacks targeting public areas and utilities in the Dmitrievsky and Zheleznogorsk districts. In 2024, Ukrainian operations escalated significantly. February 2024 saw the Legion of Freedom of Russia posting on Telegram to solicit assistance for operations near the Kursk and Belgorod borders. March 2024 brought coordinated raids by Ukrainian groups, resulting in the capture of the village of Novaya Tavolzhanka. The offensive momentum continued in April with drone attacks on the Fatezhsky district in Kursk, followed by a broader expansion in May, targeting various villages and checkpoints in the region. The Kursk Offensive Cyber Campaign The Kursk Offensive, launched in August 2024, was significantly bolstered by a coordinated cyber campaign led by Ukrainian military intelligence (HUR). Ukrainian cyber units executed strategic operations aimed at disrupting Russian military capabilities through targeted cyber-attacks. These attacks focused on critical infrastructure, such as electrical and water utilities, effectively hampering Russian military logistics. Additionally, malware and ransomware campaigns, notably by groups like PhantomCore and BlackJack, were employed to gather intelligence and destroy crucial data. The offensive also featured a series of notable cyber incidents, including attacks by the Lifting Zmiy group on Russian IT infrastructure from September 2023 to June 2024, and BlackJack's ransomware attacks in December 2023 that severely disrupted water utilities. By January 2024, PhantomCore and BlackJack had escalated their attacks, impacting various sectors and causing operational disruptions. In retaliation, Russia launched counter-cyber operations. On August 12, 2024, Ukraine’s CERT-UA reported a wave of malicious emails that compromised over 100 computers, including those within Ukrainian state institutions. The cyber conflict continued to escalate with subsequent attacks involving malware disguised as information about prisoners of war, intensifying the ongoing digital confrontation.

image for Dick’s Sporting Go ...

 Firewall Daily

Dick's Sporting Goods, the leading retailer for outdoor enthusiasts in the United States, has disclosed that it experienced a cyberattack last week. The Dick's Sporting Goods cyberattack announcement came through an SEC Form 8-K filing dated August 21, 2024, revealing that an unnamed third party had gained   show more ...

unauthorized access to the company’s information systems. The SEC filing indicates that the cyberattack on Dick's Sporting Goods involved access to confidential information, although specific details regarding the targeted data remain unclear. Despite the intrusion, Dick's Sporting Goods reported that there has been no apparent disruption to its business operations.  Decoding Dick's Sporting Goods Cyberattack  The company’s response to Dick's Sporting Goods cyberattack stated that it had activated its cybersecurity response plan immediately upon discovering the data breach and has since been working with external cybersecurity experts to investigate and contain the threat. Additionally, federal law enforcement has been notified of the incident. The official SEC filing shares a brief glimpse into the cyberattack on Dick's Sporting Goods. "On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information," reads the company's response.  In response to the cyberattack, "the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat. The company has also notified federal law enforcement”, concludes the cyberattack response.  Ongoing Investigation The filing emphasizes that, based on current knowledge and ongoing investigation, the company does not consider the cyberattack material, meaning it does not believe the data breach will significantly impact its financial status or operations. Should new information arise that alters this assessment, Dick's Sporting Goods has pledged to reassess and update its disclosures as necessary. While the specifics of the cyberattack on Dick's Sporting Goods remain under investigation, the absence of operational disruption suggests that ransomware was not employed in the incident. Modern cybercriminals often opt to steal sensitive information and use threats of exposure as leverage rather than shutting down systems with ransomware. As the investigation continues, stakeholders and customers alike will be keenly watching for updates on the extent of the data breach and the company’s measures to prevent future incidents. For now, Dick's Sporting Goods continues to focus on securing its systems and ensuring that any potential threats are managed effectively. 

image for Cybersecurity Spendi ...

 Research

Global cybersecurity spending is projected to reach a staggering $212 billion in 2025, reflecting a 15 per cent growth from the estimated $183.9 billion spent in 2024. This upward trend highlights the growing importance of robust cybersecurity measures for businesses of all sizes. As cyberattacks become more   show more ...

sophisticated and targeted, organizations can ill-afford to neglect their digital defenses. These forecasts were made by Gartner in its report released on August 28, 2024 which serves as a stark reminder that investing in cybersecurity is no longer an option, but a necessity. Factors Driving Cybersecurity Spending Several key factors are contributing to the projected surge in cybersecurity spending. Here's a closer look at some of the most significant: The Rising Threat Landscape: Cybercriminals are constantly developing new methods to exploit vulnerabilities, making it more crucial than ever for companies to stay ahead of the curve. The increased adoption of cloud computing, internet of things (IoT) devices, and remote work models further expands the attack surface for malicious actors. The Impact of AI-powered Threats: The emergence of artificial intelligence (AI) presents a double-edged sword for cybersecurity. While AI can be leveraged to automate security tasks and identify patterns in malicious activity, cybercriminals are also increasingly using AI to launch more targeted and effective attacks. This necessitates investments in AI-powered security solutions to counter these evolving threats. The Global Skills Shortage: The cybersecurity industry continues to face a significant talent shortage, making it challenging for organizations to find and retain qualified security professionals. To address this gap, companies may be forced to invest in upskilling existing employees or outsource security services, leading to increased spending. Regulatory Compliance: Data privacy regulations like GDPR and CCPA are prompting businesses to invest in security measures to ensure compliance and avoid hefty fines. Additionally, critical infrastructure sectors face increasingly stringent regulations requiring them to bolster their cybersecurity defenses. “The continued heightened threat environment, cloud movement and talent crunch are pushing security to the top of the priorities list and pressing chief information security officers (CISOs) to increase their organization’s security spend,” said Shailendra Upadhyay, Senior Research Principal at Gartner. “Furthermore, organizations are currently assessing their endpoint protection platform (EPP) and endpoint detection and response (EDR) needs and making adjustments to boost their operational resilience and incident response following the CrowdStrike outage.” Breakdown of Security Spending The report further breaks down the projected spending growth across different security segments: Security Software: Expenditure on security software is expected to rise by 15.1% in 2025, reaching $100.7 billion. This growth can be attributed to the increasing demand for solutions like endpoint security, network security, and cloud security tools. Security Services: Spending on security services is anticipated to experience the fastest growth, rising by 15.6% to reach $88.1 billion in 2025. This surge reflects the aforementioned skills shortage and the growing need for managed security services, security consulting, and threat intelligence. Network Security: The network security market is projected to reach $24.8 billion in 2025, representing a growth of 13.1%. This segment includes firewalls, intrusion detection and prevention systems (IDS/IPS), and secure access service edge (SASE) solutions. [caption id="attachment_88426" align="alignnone" width="1053"] Source: Gartner Report[/caption] Recommendations for Businesses In light of these trends, businesses are advised to take a proactive approach to cybersecurity by: Conducting a thorough security risk assessment: This will help identify vulnerabilities in your systems and infrastructure. Developing a comprehensive cybersecurity strategy: This strategy should outline your security goals, policies, and procedures to mitigate identified risks. Investing in a layered security approach: This includes deploying security software, implementing security awareness training for employees, and establishing a robust incident response plan. Staying informed about the latest threats: Regularly update your security software and educate employees on emerging cyber threats. Considering outsourcing security services: Managed security service providers (MSSPs) can offer invaluable expertise and resources to businesses struggling with the cybersecurity skills gap.

image for CrowdStrike’s Sale ...

 Cybersecurity News

CrowdStrike (CRWD) reported better than expected sales and earnings for the quarter that ended July 31 late today, but the company’s lower full-year revenue guidance suggests that the July 19 global Windows outage caused by a faulty CrowdStrike update may be having at least a near-term effect on business.   show more ...

CrowdStrike’s quarterly revenue of $963.9 million and earnings of $1.04 a share were both better than Wall Street analysts expected, but annual revenue guidance of $3.89 to $3.9 billion was below expectations of $3.98 to $4.01 billion, and the company substantially lowered its earnings outlook too. CrowdStrike’s Cloudy Sales Outlook On a conference call following the earnings release, CrowdStrike CFO Burt Podbere cited a few reasons for the cloudy outlook. For one, the company paused prospecting operations immediately after the outage, but they’ve now resumed. Another reason for the “less than typical” visibility into financial forecasts is uncertainty about any legal costs that may arise from the outage. But the biggest hit – nearly $70 million – will come from “incentives related to our customer commitment package” as the company tries to get customers to buy into a more comprehensive platform purchase, an approach that’s also being pursued by rivals like Palo Alto Networks (PANW). Podbere said CrowdStrike is “expecting extended sales cycles” and more time spent convincing executives to close deals in the months ahead. CEO George Kurtz also said he’s expecting “headwinds” for the next year before sales reaccelerate, including some deals delayed by the outage, but he nonetheless struck an upbeat tone on the call. Kurtz said the company has closed one “7-figure” and one “8-figure” deal since the outage, among some other wins. Long-Term CrowdStrike Sales Outlook Drifts Lower But despite the upbeat earnings call – and the congratulatory tone of some of the Wall Street analysts on the call – those same analysts appear to hold plenty of doubts about CrowdStrike’s long-term prospects. At least a half dozen analysts have lowered their earnings and sales estimates for CrowdStrike for the next 18 months since the outage, and the five-year expected revenue growth rate has dropped even more dramatically, from roughly a 28% annual expected growth rate to under 19%, according to analyst estimate services. That’s still an enviable growth rate for most companies, but it suggests that analysts are concerned that CrowdStrike’s competitors may get more attention from competitors in the wake of the outage. Security Deals Get More Scrutiny The CrowdStrike outage changed the calculus for endpoint detection and response (EDR) buyers in particular, after a security tool that was supposed to save users trouble created a bigger cyber incident than any cyberattack ever. For those who can get by with less, something like Microsoft’s free Defender endpoint security tool may be good enough. For everyone else, security tools that integrate deeply with users’ environments could get a lot more scrutiny from buyers going forward.

image for Google Chrome Bug Bo ...

 Bug Bounty & Rewards

To incentivize deeper research and attract top security talent, Google has significantly increased the rewards offered through its Chrome Vulnerability Reward Program (VRP). The Chrome Bug Bounty program, launched in 2010, has become a vital tool in Google's ongoing quest to fortify Chrome's security and make   show more ...

it the most secure browser available. The updated reward structure, announced on August 28, 2024, offers researchers the potential to earn a staggering $250,000 for uncovering and reporting critical vulnerabilities. This represents a substantial increase from the previous maximum reward of roughly $115,000. Targeting the Most Critical Flaw The most significant reward hikes target vulnerabilities that have the potential to cause the most damage. Google is particularly focused on identifying and patching memory corruption bugs in non-sandboxed processes. These vulnerabilities, if exploited, could allow attackers to execute malicious code directly on a user's system, bypassing Chrome's security measures. For successfully uncovering such a vulnerability, researchers can now earn a record-breaking $250,000 reward. This figure can climb even higher if the exploit bypasses additional security layers within Chrome's renderer process. [caption id="attachment_88396" align="alignnone" width="1216"] Chart describing new bounties. Source: Google Bug Hunters Website[/caption] Rewarding In-Depth Research While the headline-grabbing maximum reward is sure to attract attention, Google emphasizes a broader objective with the updated VRP. The increased rewards are also designed to encourage researchers to delve deeper into the potential consequences of identifying vulnerabilities. By offering higher payouts for reports that include a thorough analysis of the exploit's potential impact, Google aims to empower researchers to not only identify the flaw but also provide valuable insights into how it could be leveraged by attackers. This additional information is crucial for Google's security teams as they work to develop robust patches and mitigate the risks associated with the vulnerability. Beyond Memory Corruption The revamped VRP reward structure extends beyond memory corruption vulnerabilities. Google is offering increased rewards across various categories of security flaws, with payouts tailored to the severity and potential impact of the exploit. For instance, researchers uncovering high-quality reports detailing client-side vulnerabilities that could lead to cross-site scripting (XSS) attacks or bypass site isolation mechanisms can earn up to $30,000. [caption id="attachment_88398" align="alignnone" width="1207"] Table of non-memory vulnerability issue payments. Source: Google's Bug Hunters Website[/caption] Furthermore, Google has placed a specific focus on vulnerabilities that could compromise the integrity of the MiraclePtr technology, a key component in Chrome's defense against use-after-free exploits. Researchers successfully identifying a bypass for MiraclePtr can now claim a reward of $250,128, a significant increase from the previous amount. Google also categorizes and will reward reports for other classes of vulnerabilities depending on their quality, impact, and potential harm to Chrome users as: Lower impact: low potential for exploitability, significant preconditions to exploit, low attacker control, low risk/potential for user harm Moderate impact: moderate preconditions to exploit, fair degree of attacker control High impact: straight-forward path to exploitability, demonstrable and significant user harm, remote exploitability, low preconditions to exploit A Growing Trend in Bug Bounties By attracting top security researchers and incentivizing in-depth analysis of vulnerabilities, Google aims to stay ahead of the curve in the ongoing battle against cyber threats. Google's increased VRP rewards are part of a broader trend within the cybersecurity industry. As cyber threats become more sophisticated, companies are increasingly turning to bug bounty programs to identify and address vulnerabilities before they can be exploited by malicious actors. By offering lucrative rewards, these programs attract skilled security researchers who dedicate their time and expertise to uncovering critical flaws. This collaborative approach to security helps companies like Google stay ahead of the evolving threat landscape and ensure the safety of their users.

image for Russian State Hacker ...

 Cybersecurity News

Google has identified a connection between Russian state hackers and exploits that bear an “identical or strikingly similar” resemblance to those created by spyware companies NSO Group and Intellexa, raising concerns about the spread of commercial spyware into the hands of state-backed threat actors. In a blog   show more ...

post, Google revealed its discovery of these exploits, but admitted uncertainty about how the Russian government acquired them. This incident, according to Google, illustrates the risks when spyware developed by private companies falls into the hands of highly “dangerous threat actors.” The hackers, known as APT29, have been linked to Russia's Foreign Intelligence Service (SVR). This group has a well-documented history of conducting cyber-espionage and data theft operations against high-profile targets, including tech companies like Microsoft and SolarWinds, as well as various government entities. Watering Hole Attacks on iPhones, Android Devices Google's investigation found that the malicious code had been planted on Mongolian government websites from November 2023 to July 2024. During this period, visitors to these sites using iPhones or Android devices could have had their devices compromised and personal data, such as passwords, stolen in a type of attack known as a “watering hole.” Watering hole attacks are a tactic where attackers compromise legitimate websites to infect site visitors. The attackers exploited vulnerabilities in the Safari browser on iPhones and Google Chrome on Android—both of which had been patched before the Russian campaign began. However, devices that hadn’t been updated remained vulnerable. The iPhone exploit was particularly concerning, as it was designed to capture cookies from Safari, specifically targeting accounts hosted by online email providers used by Mongolian government officials. With access to these cookies, attackers could potentially infiltrate these accounts. Similarly, the attack on Android devices employed two separate exploits to extract cookies stored in the Chrome browser. Brief Overview of the Mongolian Campaign The watering hole attacks compromised the Mongolian government websites cabinet[.]gov[.]mn and mfa[.]gov[.]mn. These sites loaded a hidden iframe from attacker-controlled domains. The campaigns targeted: iOS Users between November 2023 & February 2024: A WebKit exploit (CVE-2023-41993) affecting devices running iOS versions older than 16.6.1. This exploit delivered a cookie stealer framework observed by TAG in a suspected APT29 campaign in 2021. The targeted websites included webmail services and social media platforms. Android Users with Google Chrome (July 2024): A Chrome exploit chain targeting vulnerabilities CVE-2024-5274 and CVE-2024-4671. This chain included a sandbox escape exploit to bypass Chrome's Site Isolation protection, allowing attackers to steal a broader range of data beyond cookies. Exploit Similarities The iOS exploit used in the watering hole attacks mirrored one used by Intellexa in September 2023. Both exploits shared the same trigger code and exploitation framework, suggesting a potential common source. Additionally, the Chrome exploit chain incorporated techniques similar to those observed in a sandbox escape exploit used by Intellexa in 2021. 'Strikingly Similar' Spyware Exploits a Mystery Clement Lecigne, the Google security researcher who authored the blog post, explained that while the exact targets of the Russian hackers are not fully known, the location of the exploit and typical visitors suggest that Mongolian government employees were likely in the crosshairs. Lecigne, a member of Google’s Threat Analysis Group, which specializes in investigating state-sponsored cyber threats, pointed out that the exploit code reuse points to Russian involvement. The same cookie-stealing code was observed in a previous campaign by APT29 in 2021. The mystery behind how Russian hackers initially gained access to the exploit code remains unresolved, however. Google reported that the code used in both Mongolian attacks closely matched the exploits developed by NSO Group and Intellexa, companies recognized for creating spyware capable of breaching even fully updated iPhones and Android devices. Google emphasized that the Android exploit shared a "very similar trigger" with one from NSO Group, while the iPhone exploit used "the exact same trigger" as one from Intellexa, strongly suggesting a link between the exploit authors or providers and the Russian hackers. 'NSO Does Not Sell to Russia' While the claims from Google shows an overlap of exploits and potential links between Russia and private spyware vendors, the NSO Group has denied these links. Gil Lainer, Vice President for Global Communications at NSO Group, told The Cyber Express, "NSO does not sell its products to Russia." "Our technologies are sold exclusively to vetted US and Israel-allied intelligence and law enforcement agencies. Our systems and technologies are highly secure and are continuously monitored to detect and neutralize external threats." Both the U.S. and Israel have previously investigated NSO group's clientele and kept a close eye on it.

image for Deep-TEMPEST: image ...

 Business

Thanks to scientists at the University of the Republic (Uruguay), we now have a much better understanding of how to reconstruct an image from spurious radio emissions from monitors; more specifically — from signals leaked during data transmission via HDMI connectors and cables. Using state-of-the-art   show more ...

machine-learning algorithms, the Uruguayan researchers demonstrated how to use such radio noise to reconstruct text displayed on an external monitor. What, no ones done it before? Sure, its not the first attempt at a side-channel attack aimed at reconstructing an image from radio signal emissions. A method of intercepting radio noise from a display in a neighboring room — known as a certain TEMPEST attack — was described in a study published in… 1985! Back then, Dutch researcher Wim van Eck demonstrated that its possible to intercept a signal from a nearby monitor. In our post about the related EM Eye attack, we talked extensively about these historical studies, so we wont repeat ourselves here. However, van Ecks experiment has lost much of its usefulness today. It used a monitor from 40 years ago with a cathode-ray tube and analog data transmission. Also, the captured image back then was easy to analyze, with white letters on a black background and no graphics. Today, with a digital HDMI interface, its much more difficult to intercept the image, and, more importantly, to restore data. But thats precisely what the Uruguayan team has managed to do. How does the modern-day van Eck-like interception work? Data is transmitted digitally to the monitor via an HDMI cable. The volume of data involved is vast. The computer transmits 60 or more frames to the monitor every second, with each frame containing millions of different-colored dots. Using a software-defined radio (SDR), we can intercept signals generated by this data stream. But can we then extract useful information from this extremely weak noise? Schematic of the new spying method proposed by the Uruguayan team. Source The authors called this attack Deep-TEMPEST — a nod to the use of deep-learning AI. The diagram clearly shows how noisy the intercepted data is before processing: we see a discolored shadow of the original image, in which only the location of the main elements can be guessed (a browser window with an open Wikipedia page was used for the experiment). Its just about possible to distinguish the navigation menu at the top and the image in the center of the screen, but absolutely impossible to read the text or make out the image. Image captured and processed by Deep-TEMPEST. Source And heres the result after processing. The picture quality hasnt improved, so making out the image is no easier. But the text was recognized in its entirety, and even if the machine-learning algorithm tripped up on a couple of letters, it doesnt greatly affect the final result. Lets look at another example: Deep-TEMPEST attack result in detail. Source Above is the captured image. Some letters are distinguishable, but the text is basically unreadable. Below is the original image a screenshot fragment. In the middle is the image after processing by the machine-learning algorithm. Some adjacent letters are hard to discern, but overall the text is quite easy to read. How did the researchers get this result? The Uruguayan teams main achievement is that they developed their own method of data analysis. This was partly due to enhanced neural network training, which allowed text recognition from a rough image. To do this, the team needed pairs that consisted of an original screenshot and the corresponding SDR-captured image. Building a dataset big enough for training (several thousands of pairs) is a difficult, time-consuming task. So the researchers took a slightly different path: about half of the dataset they obtained by displaying an image on the screen and intercepting the signal; the other half they simply generated using a self-written algorithm that gives a reliable picture of the captured information based on the relevant screenshot. This proved sufficient to train the machine-learning algorithm. The teams second stroke of genius was the use of a neural network that delivered high-quality results without much expense. The test bed was created from relatively affordable radio-data interception tools; open-source software was used. As we said, HDMI carries vast amounts of data to the connected monitor. To analyze spurious radio emissions during such transmission, its important to intercept a large spectrum of radio frequencies — the bigger the band, the better the result. Ideally, whats needed is a high-end SDR receiver capable of capturing a frequency band of up to 3200 megahertz — a piece of kit that costs about US$25 000. In this case, however, the researchers got by with a USRP 200-mini receiver (US$1500) — capable of analyzing a much narrower frequency band of up to 56 megahertz. But thanks to the enhanced neural network trained to recognize such partial information, they could compensate for the lack of raw data. Deep-TEMPEST attack test bed. On the left is the target computer connected to a monitor. Key: (1) antenna, (2) radio signal filters and amplifier, (3) SDR receiver, (4) laptop for intercepting radio emissions and analyzing the data. Source Open-source software and libraries were used to process the data. Code, screenshots and other resources have been made available on GitHub, so anyone who wishes to can reproduce the results. Limited scope of application In the 1999 novel Cryptonomicon by Neal Stephenson, one of the characters, upon discovering that hes being monitored by van Eck phreaking, starts making things difficult for those spying in him by changing the color of letters and replacing the monochrome text background with a video clip. Generally speaking, the countermeasures against TEMPEST-type attacks described by Stephenson a quarter century ago are still effective. You can add noise to an image such that the user wont even notice — and interception is impossible. Naturally, the question arises: is the juice worth the squeeze? Is it really necessary to defend against such highly specialized attacks? Of course, in the vast majority of practical cases, theres nothing to fear from this attack – much better to focus on guarding against real threats posed by malware. But if you work with super-valuable data that super-professionals are after, then it might be worth considering such attacks as part of your threat model. Also, dont disregard this study out of hand just because it describes interception from an external monitor. Okay, you might use a laptop, but the image is sent to the built-in display using roughly the same principles — only the transmission interface may be slightly different, while the radiation level will be slightly lower. But this can be addressed by refining the algorithms and upgrading the test equipment. So hats off to the Uruguayan researchers — for showing us once again just how complex the real world is beyond software and operating systems.

image for When Get-Out-The-Vot ...

 A Little Sunshine

Multiple media reports this week warned Americans to be on guard against a new phishing scam that arrives in a text message informing recipients they are not yet registered to vote. A bit of digging reveals the missives were sent by a California political consulting firm as part of a well-meaning but potentially   show more ...

counterproductive get-out-the-vote effort that had all the hallmarks of a phishing campaign. Image: WDIV Detroit on Youtube. On Aug. 27, the local Channel 4 affiliate WDIV in Detroit warned about a new SMS message wave that they said could prevent registered voters from casting their ballot. The story didn’t explain how or why the scam could block eligible voters from casting ballots, but it did show one of the related text messages, which linked to the site all-vote.com. “We have you in our records as not registered to vote,” the unbidden SMS advised. “Check your registration status & register in 2 minutes.” Similar warnings came from an ABC station in Arizona, and from an NBC affiliate in Pennsylvania, where election officials just issued an alert to be on the lookout for scam messages coming from all-vote.com. Some people interviewed who received the messages said they figured it was a scam because they knew for a fact they were registered to vote in their state. WDIV even interviewed a seventh-grader from Canada who said he also got the SMS saying he wasn’t registered to vote. Someone trying to determine whether all-vote.com was legitimate might visit the main URL first (as opposed to just clicking the link in the SMS) to find out more about the organization. But visiting all-vote.com directly presents one with a login page to an online service called bl.ink. DomainTools.com finds all-vote.com was registered on July 10, 2024. Red flag #1. The information requested from people who visited votewin.org via the SMS campaign. Another version of this SMS campaign told recipients to check their voter status at a site called votewin.org, which DomainTools says was registered July 9, 2024. There is little information about who runs votewin.org on its website, and the contact page leads to generic contact form. Red Flag #2. What’s more, Votewin.org asks visitors to supply their name, address, email address, date of birth, mobile phone number, while pre-checking options to sign the visitor up for more notifications. Big Red Flag #3. Votewin.org’s Terms of Service referenced a California-based voter engagement platform called VoteAmerica LLC. The same voter registration query form advertised in the SMS messages is available if one clicks the “check your registration status” link on voteamerica.org. VoteAmerica founder Debra Cleaver told KrebsOnSecurity the entity responsible for the SMS campaigns telling people they weren’t registered is Movement Labs, a political consulting firm in San Francisco. Cleaver said her office had received several inquiries about the messages, which violate a key tenet of election outreach: Never tell the recipient what their voter status may be. “That’s one of the worst practices,” Cleaver said. “You never tell someone what the voter file says because voter files are not reliable, and are often out of date.” Reached via email, Movement Labs founder Yoni Landau said the SMS campaigns targeted “underrepresented groups in the electorate, young people, folks who are moving, low income households and the like, who are unregistered in our databases, with the intent to help them register to vote.” Landau said filling out the form on Votewin.org merely checks to see if the visitor is registered to vote in their state, and then attempts to help them register if not. “We understand that many people are jarred by the messages – we tested hundreds of variations of messages and found that these had the largest impact on someone’s likelihood to register,” he said. “I’m deeply sorry for anyone that may have gotten the message in error, who is registered to vote, and we’re looking into our content now to see if there are any variations that might be less certain but still as effective in generating new legal registrations.” Cleaver said Movement Labs’ SMS campaign may have been incompetent, but it wasn’t malicious. “When you work in voter mobilization, it’s not enough to want to do good, you actually need to be good,” she said. “At the end of the day the end result of incompetence and maliciousness is the same: increased chaos, reduced voter turnout, and long-term harm to our democracy.” To register to vote or to update your voter registration, visit vote.gov and select your state or region.

image for Episode 258: Broken ...

 Companies

Lawrence Gentilello, the co-founder and CEO of Optery talks about the growing scandal around breaches at data brokers that have exposed the sensitive data on hundreds of millions of Americans to cyber criminals and how firms like Optery are helping people fight back. The post Episode 258: Broken Brokers –   show more ...

Optery’s Fight To Claw Back...Read the whole entry... » Click the icon below to listen. Related StoriesChina Calls Out U.S. For Hacking. The Proof? TBD!A Digital Lock Maker Tried To Squash A DEF CON Talk. It Happened Anyway. Here’s Why.Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

 Threat Actors

CrowdStrike researchers have uncovered the identity of the hacker USDoD, also known as EquationCorp, responsible for multiple high-profile data breaches. According to a report from TecMundo, USDoD is a man named Luan BG from Brazil.

 Feed

pgAdmin versions 8.4 and below are affected by a remote code execution vulnerability through the validate binary path API. This vulnerability allows attackers to execute arbitrary code on the server hosting PGAdmin, posing a severe risk to the database management system's integrity and the security of the underlying data.

 Feed

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. This is the source code release.

 Feed

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use the available tools in the community to take advantage of them in a multiuser way.

 Feed

Ubuntu Security Notice 6972-4 - Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service. It was discovered that a race condition existed in the Bluetooth   show more ...

subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service.

 Feed

Red Hat Security Advisory 2024-6028-03 - An update for git is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-6027-03 - An update for git is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

French prosecutors on Wednesday formally charged CEO Pavel Durov with facilitating a litany of criminal activity on the popular messaging platform and placed him under formal investigation following his arrest Saturday. Russian-born Durov, who is also a French citizen, has been charged with being complicit in the spread of child sexual abuse material (CSAM) as well as enabling organized crime,

 Feed

U.S. cybersecurity and intelligence agencies have called out an Iranian hacking group for breaching multiple organizations across the country and coordinating with affiliates to deliver ransomware. The activity has been linked to a threat actor dubbed Pioneer Kitten, which is also known as Fox Kitten, Lemon Sandstorm (formerly Rubidium), Parisite, and UNC757, which it described as connected to

 Feed

Attackers are increasingly using new phishing toolkits (open-source, commercial, and criminal) to execute adversary-in-the-middle (AitM) attacks. AitM enables attackers to not just harvest credentials but steal live sessions, allowing them to bypass traditional phishing prevention controls such as MFA, EDR, and email content filtering. In this article, we’re going to look at what AitM phishing

 Feed

A years-old high-severity flaw impacting AVTECH IP cameras has been weaponized by malicious actors as a zero-day to rope them into a botnet. CVE-2024-7029 (CVSS score: 8.7), the vulnerability in question, is a "command injection vulnerability found in the brightness function of AVTECH closed-circuit television (CCTV) cameras that allows for remote code execution (RCE)," Akamai researchers Kyle

 Feed

A non-profit supporting Vietnamese human rights has been the target of a multi-year campaign designed to deliver a variety of malware on compromised hosts. Cybersecurity company Huntress attributed the activity to a threat cluster known as APT32, a Vietnamese-aligned hacking crew that's also known as APT-C-00, Canvas Cyclone (formerly Bismuth), Cobalt Kitty, and OceanLotus. The intrusion is

 Feed

Cybersecurity researchers have flagged multiple in-the-wild exploit campaigns that leveraged now-patched flaws in Apple Safari and Google Chrome browsers to infect mobile users with information-stealing malware. "These campaigns delivered n-day exploits for which patches were available, but would still be effective against unpatched devices," Google Threat Analysis Group (TAG) researcher Clement

 Guest blog

Who doesn't fancy earning US $2.5 million? That's the reward that's on offer from US authorities for information leading to the arrest and/or conviction of the man who allegedly was a key figure behind the development and distribution of the notorious Angler Exploit Kit. Read more in my article on the Tripwire State of Security blog.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Next-Generation Technologies & Secure Development Security Researcher Uncovered the Flaw, Which Allowed System Takeover Akshaya Asokan (asokan_akshaya) • August 28, 2024     Image: Shutterstock Microsoft said   show more ...

it fixed a security flaw in artificial intelligence chatbot Copilot that enabled attackers to steal multifactor authentication […] La entrada Microsoft Copilot Fixes ASCII Smuggling Vulnerability – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Zero Trust August 28, 2024     It’s now clear that remote and hybrid work environments are here to stay—but so are the headaches caused by legacy VPN, which grants network-wide access that can lead to security vulnerabilities,   show more ...

rising costs, and poor user experience. By […] La entrada True Zero Trust Should Mean VPN Retirement – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 bolsters

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Network Detection & Response , Next-Generation Technologies & Secure Development Acquisition Underscores the Importance of AI Security in Modern IT Infrastructure Michael Novinson (MichaelNovinson) • August   show more ...

28, 2024     Cisco plans to purchase a startup led by a former Harvard computer science and […] La entrada Cisco Bolsters AI Security by Buying Robust Intelligence – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybercrime , Fraud Management & Cybercrime , Healthcare Over 1.2 Million Patients’ Sensitive Data Exposed So Far This Year Marianne Kolbasuk McGee (HealthInfoSec) • August 28, 2024     Image: Getty Images Some dentists don’t have much to smile   show more ...

about these days when it comes to cyberattacks. More than 1.2 […] La entrada Nothing to Smile About: Hacks on Dental Practices Swell – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Anti-Phishing, DMARC , Fraud Management & Cybercrime , Recruitment & Reskilling Strategy Learn How to Recognize Fraudulent Job Postings and Avoid Becoming a Scam Victim Brandy Harris • August 28, 2024     Image: Getty Images The demand for job candidates   show more ...

is at an all-time high. Unfortunately, this demand, coupled […] La entrada Seeking a Job in Cybersecurity? Protect Yourself From Scams – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-08
Aggregator history
Thursday, August 29
THU
FRI
SAT
SUN
MON
TUE
WED
AugustSeptemberOctober