Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Indian Crypto Exchan ...

 Cybersecurity News

India's cryptocurrency exchange WazirX has revealed that 43% of customer funds lost in a recent cyberattack are unlikely to be recovered, according to the company's legal advisers. In a virtual press conference on Monday, WazirX co-founder Nischal Shetty, alongside representatives from restructuring firm   show more ...

Kroll, discussed the exchange's plans to undergo a restructuring process that could take up to six months. WazirX Restructuring and Potential Recovery The restructuring will focus on creating new revenue streams, recovering stolen assets, and offering faster withdrawals for users who need quick access to their funds, the company stated. The cyberattack, which WazirX confirmed on July 18, involved the loss of over $230 million from one of its multisignature wallets. The exchange reported that the wallet was operated using Liminal's digital asset custody and wallet infrastructure. According to the company's preliminary investigation, the attack stemmed from "a discrepancy between the data displayed on Liminal's interface and the transaction's actual contents." The attack is suspected to have been carried out by the Lazarus Group, a notorious cybercriminal organization allegedly backed by North Korea. "We followed industry-best practices, maintained a cold wallet, kept hot wallets small and made sure those were secure. But this was a new kind of attack. We had a third-party (Liminal) that was also compromised," Nischal Shetty of WazirX stated. When asked about potential legal action against Binance and Liminal, whose system was allegedly compromised, WazirX representatives did not provide a clear answer. However, the company did confirm ongoing talks with a potential white knight investor, clarifying that the capital won't be raised against equity due to an ongoing dispute with Binance, the world's largest cryptocurrency exchange. Pressure Mounts on WazirX The situation has become more complicated for WazirX, as CoinSwitch, another major Indian crypto exchange, initiated legal action last week to recover approximately $9.7 million worth of assets stuck on WazirX's platform. On Tuesday, the Singapore High Court will hear WazirX's request for six months' protection while it restructures its liabilities after losing $234 million, some 45% of customers' funds, to the hack in July. Shetty said the company's objective is to reduce the gap between the potential recovery and the lost funds, but he acknowledged that the numbers are as of Monday and may change in the coming weeks as negotiations and discussions progress. "You're not in a position to see it today because we're in negotiation, in ideation stage," Shetty said. "Over the next several weeks, it will be easier and clearer on each stage where we can fill the gap," he added.

image for Security Camera Firm ...

 Cybersecurity News

The Federal Trade Commission (FTC) has taken action against US-based security camera firm Verkada, imposing a hefty fine of US$2.95 million. The action stems from allegations of a series of cybersecurity failures that led to multiple breaches of the company's network and video storage platforms. In a statement   show more ...

issued on August 28, 2024, the FTC stated that Verkada had “engaged in multiple practices that, taken individually or together, failed to provide reasonable or appropriate security for the personal information that it collected and maintained from and about customers and consumers.” The Commission alleged that Verkada failed to implement reasonable security measures to protect the sensitive information it collected and maintained from its customers. This resulted in unauthorized access to Verkada's systems by hackers, compromising the security footage of numerous organizations that rely on Verkada's security camera systems. Security Vulnerabilities Exposed Sensitive Data According to the FTC complaint, Verkada's security practices fell short of industry standards, The FTC complaint details several shortcomings in Verkada's security practices, including inadequate password security, insecure default settings, limited multi-factor authentication, and insufficient access controls. These vulnerabilities were exploited by hackers, resulting in breaches of Verkada's systems in 2020 and 2021. The compromised footage might have contained sensitive information about individuals captured on camera, raising concerns about potential privacy violations and reputational damage for affected organizations. The breaches exposed the security camera footage of hospitals, prisons, and other sensitive locations, potentially putting individuals and organizations at risk. This raises concerns about potential privacy violations and reputational damage for affected organizations. Additionally, compromised security footage could provide valuable information to criminals, potentially compromising physical security measures. Security Camera Firm Verkada's Response Following the FTC's action, Verkada issued a statement acknowledging the fine and outlining steps taken to address the identified security vulnerabilities. The company stated, "We reached a settlement with the Federal Trade Commission (the “FTC”) related to their investigation of our March 2021 data security incident, and separately, some of our e-mail marketing practices between 2019-2021. There was no fine imposed related to the security incident, but we have agreed to pay $2.95 million to resolve the FTC’s claims about our past email marketing practices. We do not agree with the FTC's allegations, but we have accepted the terms of this settlement so that we can move forward with our mission and focus on protecting people and places in a privacy-sensitive way.” The FTC's action sends a strong message to the security camera industry and all companies that handle sensitive data. Robust cybersecurity measures are no longer optional; they are a fundamental requirement. Organizations must prioritize data security by implementing strong password policies, enforcing MFA, and granting access on a least-privilege basis. Additionally, companies should remain vigilant and regularly review their security protocols to identify and address any potential vulnerabilities. Beyond the Fine: Reputational Damage and Long-Term Effects While the US$2.9 million fine is a significant financial penalty, the long-term impact of the FTC action on Verkada may be even more severe. The data breach has undoubtedly damaged Verkada's reputation and customer trust. Regaining that trust will require a sustained commitment to improving security practices and demonstrating transparency. Verkada will need to work diligently to convince customers that their security camera systems are safe and reliable.

image for Transport for London ...

 Cybersecurity News

Transport for London (TfL), the city's transportation authority, is currently facing an "ongoing cyber incident." While the incident has not yet impacted TfL's services, the agency is taking immediate steps to contain its spread and protect customer data. In a statement released today, TfL confirmed   show more ...

that they are actively working with relevant government agencies, including the National Crime Agency and the National Cyber Security Centre, to address the cyber threat. The agency emphasized that the security of their systems and customer information is a top priority. "We have implemented a series of measures to safeguard our internal systems and prevent further unauthorized access,"Shashi Verma, TfL's chief technology officer told the BBC. While TfL has not disclosed specific details about the nature of the attack, they have assured customers that there is no evidence of any personal data breaches at this time. This includes sensitive information such as banking details. Cl0p Breached Transport for London, Last Year In July 2023, Transport for London was affected by a data breach involving a third-party supplier's MOVEit managed file transfer server. The incident resulted in the theft of contact details for approximately 13,000 customers. However, TfL clarified that banking information was not compromised in that breach. TfL oversees London's extensive transportation network, including the underground, surface, and Crossrail (Elizabeth line) systems, serving millions of residents daily. This is a developing story and will be updated once more details are available.

image for Swan Bitcoin CEO Cor ...

 Cybersecurity News

Cory Klippsten, CEO of Swan Bitcoin, took to X, formerly known as Twitter, to alert followers about a new phishing scam targeting the platform's users. The warning came after multiple reports surfaced of a spoofed "Data Breach Notice" email that was sent to recipients of Swan’s marketing emails, likely   show more ...

stemming from the 2022 Klaviyo and HubSpot data breaches. Klippsten's post read: "IT'S FAKE! Don’t send anyone your Bitcoin. @Swan will never ask you to send your sats to anyone." He emphasized that Swan Bitcoin has not experienced a data breach and reiterated that any communication asking users to transfer their Bitcoin is fraudulent. Klippsten also advised caution, noting that many scams are successful because they target individuals when they are distracted or less vigilant. He added, "It's not very well done, but a good reminder to be careful out there. Most scamming succeeds when the target is drunk or high, and it is a US holiday..." [caption id="attachment_88870" align="aligncenter" width="595"] Source: X[/caption] Phishing Scam Targets Swan Bitcoin Users The Swan Bitcoin phishing email in question appears to have been crafted with the intent to trick users into sending Bitcoin to fraudulent addresses. The scam exploited previous data leaks from email marketing services Klaviyo and HubSpot in 2022, which affected numerous businesses, including Swan Bitcoin. Several Twitter users quickly reported receiving the phishing emails. Alexander Meiklejohn (@zimmer0911) tweeted, "Yep- just got this phish. Better than some I’ve seen- the branding and grammar are better than most. Email was a dead giveaway though. Wondering if @swan can block transfers to the wallet they are giving to send to. F*** these scammers." Klippsten responded to this concern by explaining that each phishing email contained a unique Bitcoin address, making it impossible to block a single destination address and prevent further scams. "It's a unique address for each email, unfortunately," he replied, highlighting the sophisticated nature of the scam in adapting to each potential victim. [caption id="attachment_88867" align="aligncenter" width="610"] Source: X[/caption] Mixed Reactions from the Community The phishing attempt has stirred up mixed reactions among the Swan Bitcoin community. User @LtCrandog tweeted, "Just got it. Weird phishing email as not even really sure what they are trying to do. Gave the keys to a random wallet," expressing confusion over the vague nature of the scam. Others, like @BitcoinGrower, appreciated the quick action taken by Swan Bitcoin. He tweeted, "I just checked my email and saw this, came right here to make sure. You posted, and as always, you already taken care of your customers well done." [caption id="attachment_88869" align="aligncenter" width="607"] Source: X[/caption] Despite the alarm caused by the phishing attempt, the Swan Bitcoin team and its CEO have been proactive in addressing the issue and reassuring their users. Several followers praised Klippsten's transparency and promptness in handling the situation. [caption id="attachment_88868" align="aligncenter" width="598"] Source: X[/caption] An Important Reminder for Cybersecurity Vigilance This incident serves as a crucial reminder for all cryptocurrency users to remain vigilant and skeptical of unsolicited communications, especially those requesting financial information or cryptocurrency transfers. Phishing attacks are a common tactic used by cybercriminals to steal sensitive information or cryptocurrency by masquerading as legitimate entities. Users are advised to verify the authenticity of emails, particularly those that claim to be from financial institutions or digital asset companies like Swan Bitcoin. Simple steps such as checking the sender's email address, looking for grammatical errors, and questioning any urgent requests for money can often reveal a phishing attempt. Steps for Protecting Your Assets To further protect themselves, users are encouraged to follow a few best practices: Enable Two-Factor Authentication (2FA): This adds an extra layer of security by requiring a second form of verification before accessing accounts. Be Skeptical of Urgent Requests: Scammers often create a sense of urgency to pressure victims into making quick decisions without verifying the source. Check Official Channels: Always cross-check with official websites or customer service to verify any suspicious emails or messages. Use Strong, Unique Passwords: Ensure all accounts are protected with strong, unique passwords that are changed regularly.

image for Cyberattack Hits Sho ...

 Firewall Daily

The Shoshone-Bannock Tribes have confirmed a cybersecurity incident that disrupted their operations on the Fort Hall Reservation in Idaho. The Shoshone-Bannock Tribes cyberattack, reported on August 22, led to a temporary shutdown of the tribal government and major interruptions in communication and network services.   show more ...

The cyberattack on the Shoshone-Bannock Tribes occurred over the weekend preceding August 19, causing severe disruptions. Phone lines, email services, computer systems, and other network operations across several tribal programs were compromised, resulting in a two-day closure of the tribal government from August 22 to August 23. This incident affected various departments, although critical services remained operational. Shoshone-Bannock Tribes Cyberattack Confirmed Tino Batt, the Interim Executive Director of the Shoshone-Bannock Tribes, provided a statement detailing the tribe's response to the Shoshone-Bannock Tribes cyberattack. The Tribes take cybersecurity and data security very seriously and are working diligently with the FBI and a Homeland Security contractor to identify the source and scope of the incident," Batt said. He emphasized that efforts are being made to assess vulnerabilities, enhance security measures, and develop comprehensive mitigation, response, and recovery plans. [caption id="attachment_88849" align="alignnone" width="611"] Shoshone-Bannock Tribes Cyberattack Statement (Source: Shoshone-Bannock Tribe)[/caption] On August 19, tribal Chairman Lee Juan Tyler informed employees and citizens via memo that personal information might have been exposed during the incident. He advised vigilance in monitoring financial accounts and credit reports for any unusual activity, expressing regret for any inconvenience caused. “We deeply regret any inconvenience this may cause and are doing everything we can to rectify the situation and prevent future occurrences,” Tyler noted. Following the cybersecurity incident, most tribal departments resumed operations on August 26. According to a social media update on August 25, several critical functions, including the tribe’s gaming enterprise, economic development, agriculture corporation, housing department, and the Fort Hall Reservation’s junior/senior high school, were unaffected as these entities operate on separate systems. However, other departments continued to face challenges, including ongoing issues with phone lines and computer systems. Response to the Shoshone-Bannock Tribes Cyberattack In response to the Shoshone-Bannock Tribes cybersecurity incident, the tribe has engaged with federal agencies to investigate and resolve the matter. The FBI and the U.S. Attorney’s Office in Idaho are actively involved in the investigation. The Federal Bureau of Investigation’s involvement highlights the seriousness of the attack and the commitment to uncovering those responsible. The Shoshone-Bannock Tribes' Information Technology Department, alongside a contracted cybersecurity firm, quickly launched an investigation upon discovering the breach on August 16. An update on August 19 confirmed the extent of the network security breach, and the tribe held meetings with employees and community members on August 20 to provide updates and address concerns. In a statement, Batt reiterated the tribe’s dedication to resolving the situation. "Tribal Government email, network, and phone systems are anticipated to be offline for a minimum of several days. Our primary focus is securing these systems and restoring services as soon as possible," Batt said. The tribe’s website, www.sbtribes.com, has been serving as a central information hub throughout the incident. The site began providing updates on August 23, with continued information available via the tribe’s Facebook page. Shoshone-Bannock Tribes Faces Several Challenges in Recovery Process As part of their response to the Shoshone-Bannock Tribes cybersecurity incident, the tribal government closed several departments temporarily, with a partial return to work scheduled for August 26. Departments that were not impacted by the cyberattack, such as the Shoshone-Bannock Casino Hotel and the tribal high school, remained functional. For those affected, operations are gradually resuming, with full departmental functionality restored on August 28. The August 27 update from the Shoshone-Bannock Tribes highlighted the challenges still faced, including downed phone lines and ongoing efforts to secure and restore computer systems. Employees were instructed to use department cell phones for communication, and a list of key numbers was provided to assist with contact during this period. The impact of the Shoshone-Bannock Tribes cybersecurity incident extends beyond immediate operational disruptions. The tribe’s economic impact study reveals that with over 6,000 enrolled members and more than 1,000 employees, the incident has implications for both the community and the local economy. As one of the largest employers in the region, the tribe’s ability to maintain operations and secure its systems is crucial for its economic stability. The incident has prompted the Shoshone-Bannock Tribes to enhance their cybersecurity measures and work closely with federal authorities to mitigate future risks. The tribe’s commitment to transparency and community communication is evident in their regular updates and efforts to educate the public about cybersecurity best practices.

image for CERT-IN Warns About ...

 Cybersecurity News

The Indian Computer Emergency Response Team (CERT-IN) has issued advisories regarding critical vulnerabilities affecting several Palo Alto Networks applications. These vulnerabilities could allow attackers to gain unauthorized access to systems, steal sensitive information, and potentially execute malicious code.   show more ...

CERT-In operates under the Ministry of Electronics and Information Technology (MeitY) in India and serves as the national agency responsible for cybersecurity. Its primary objective is to enhance the security of India's information infrastructure and coordinate efforts to respond to cybersecurity incidents. Vulnerabilities in Palo Alto Networks The agency has identified three main vulnerabilities in Palo Alto Networks products: CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege Escalation Vulnerability (CVE-2024-5915) A critical vulnerability exists in older versions of the Palo Alto Networks GlobalProtect app, a software solution that enables secure remote access to corporate networks. A Privilege Escalation (PE) vulnerability in the app on Windows devices enables a local user to execute programs with elevated privileges. [caption id="attachment_88895" align="alignnone" width="1075"] Source: Palo Alto Networks[/caption] This vulnerability, classified as CVE-2024-5915, has been addressed in app versions later than 5.4.5. Users are strongly urged to update to the latest version (as of September 3, 2024) to mitigate this risk. Privilege escalation is a serious security concern. By exploiting this vulnerability, an attacker with initial access to a system could potentially gain administrative privileges, allowing them to take full control of the system, steal sensitive data, or deploy malware. PAN-OS: Information Disclosure Vulnerability (CVE-2024-5916) Another vulnerability, identified as CVE-2024-5916, affects Palo Alto Networks PAN-OS, a network security operating system. This vulnerability is classified as an "information exposure" issue. An attacker who successfully exploits this vulnerability could potentially gain access to sensitive information, including passwords, secrets, and tokens used to access external systems. This information could be used to launch further attacks on the network or compromise external systems. [caption id="attachment_88896" align="alignnone" width="1290"] Source: Palo Alto Networks[/caption] The vulnerability reportedly allows even a read-only administrator with access to the configuration log to access these sensitive details. This highlights the importance of implementing the principle of least privilege, granting users only the minimum access level required to perform their tasks. Resolution: This issue has been fixed in PAN-OS 10.2.8, PAN-OS 11.0.4, and all later PAN-OS versions. Additionally, users should revoke compromised secrets, passwords, and tokens that are configured in all server profiles of affected PAN-OS firewalls (Device > Server Profiles) after upgrading PAN-OS. Cortex XSOAR: Command Injection Vulnerability (CVE-2024-5914) A third vulnerability, identified as CVE-2024-5914, resides within older versions of Palo Alto Networks Cortex XSOAR, a security automation platform. This vulnerability is classified as a "command injection" flaw within the CommonScripts Pack, a pre-built collection of scripts for automating security tasks. [caption id="attachment_88897" align="alignnone" width="726"] Source: Palo Alto Networks[/caption] Command injection vulnerabilities allow attackers to inject malicious code into trusted applications. In the case of Cortex XSOAR, successful exploitation could allow attackers to execute arbitrary commands within the context of an integration container. This could potentially allow attackers to move laterally within the network, steal data, or disrupt security operations. Resolution: This issue has been fixed in Cortex XSOAR CommonScripts version 1.12.33 or later. Users are strongly urged to update to the latest version to mitigate this risk. Protecting Against the Palo Alto Networks Vulnerabilities Palo Alto Networks has released patches to address these vulnerabilities. Users are strongly urged to update their affected software as soon as possible to mitigate these risks. Here are some additional security recommendations: Implement the principle of least privilege, granting users only the access level required for their tasks. Regularly review and update security configurations. Enable multi-factor authentication (MFA) wherever possible. Maintain regular isolated backups of your systems. By following these recommendations and promptly applying security patches, users can significantly reduce the risk of exploitation from these vulnerabilities.

image for Canonical Addresses ...

 Firewall Daily

Canonical has rolled out essential security updates for Ubuntu, addressing multiple Linux kernel vulnerabilities that also impact Amazon Web Services (AWS). These issues, which involve race conditions and memory management errors, pose significant risks including system crashes and unauthorized access.  The latest   show more ...

patches aim to mitigate these threats and enhance the security of both Ubuntu-based systems and AWS environments. This article shares insights into the specifics of these Linux kernel vulnerabilities, the associated risks, and the steps users have to take to secure their systems. Multiple Linux Kernel Vulnerabilities Targets AWS Users Security researchers have highlighted multiple Linux kernel vulnerabilities. A total of 6 vulnerabilities have been reported — targeting multiple flaws within the Linux ecosystem. CVE-2024-22099 Discovered by Yuxuan Hu, this vulnerability affects the Bluetooth RFCOMM protocol driver within the Linux kernel. It introduces a race condition that can lead to a NULL pointer dereference, causing a denial of service (DoS) by crashing the system. This flaw, which impacts both x86 and ARM architectures, was reported on January 25, 2024. It is associated with the /net/bluetooth/rfcomm/core.C file and affects Linux kernel versions starting from v2.6.12-rc2. CVE-2024-24860 Another race condition was found in the Bluetooth subsystem of the Linux kernel, reported on February 5, 2024. This vulnerability, found in the {min,max}_key_size_set() function, also leads to a NULL pointer dereference. Privileged local attackers could exploit this flaw to crash the system. This Linux Kernel AWS vulnerability, noted in Ubuntu Security Team's reports, is linked to the Bluetooth device driver and could lead to kernel panic or system crashes. CVE-2024-35835 This vulnerability involves a double-free error in the net/mlx5e module of the Linux kernel, reported on May 17, 2024. The issue arises when the arfs create_groups function frees resources twice if the kvzalloc allocation fails, potentially causing system instability or crashes. The Ubuntu Security Team noted that this vulnerability has been addressed with a patch that corrects the resource management error in arfs_create_groups. CVE-2024-39292 As reported on June 24, 2024, this flaw affects the Linux kernel's handling of winch interrupt requests (IRQ). The issue occurs when the winch is added to the handler list too late, making it susceptible to interruptions that can trigger system crashes. The fix involves ensuring that the winch is registered before any interrupts are processed, preventing potential system panics. CVE-2023-52760 Found in the Global File System 2 (GFS2) component, this vulnerability involves a slab-use-after-free error due to improper cleanup procedures. Discovered on May 21, 2024, this flaw can lead to unpredictable system behavior or crashes. The patch addresses the cleanup process to prevent use-after-free conditions in gfs2_qd_dealloc. CVE-2023-52806 Another vulnerability discovered on May 21, 2024, involves the Advanced Linux Sound Architecture (ALSA) component. This issue could lead to a null pointer dereference during complex audio operations. The fix ensures that audio streams are assigned correctly, avoiding crashes during audio processing. Impact on Amazon Web Services (AWS) These vulnerabilities not only affect Ubuntu systems but also have implications for Linux Kernel AWS deployments. AWS users utilizing Ubuntu-based instances need to apply these patches promptly to mitigate risks associated with these kernel vulnerabilities. The affected systems include both Ubuntu-based virtual machines and those running critical applications on AWS. Canonical has addressed these vulnerabilities with timely security patches. The updates are available for various Ubuntu releases, including: Ubuntu Bionic (4.15.0-228.240) Ubuntu Focal (5.4.0-193.213) Ubuntu Jammy (5.15.0-102.112) Ubuntu Mantic (6.5.0-41.41) These patches are designed to address the identified vulnerabilities and enhance overall system security. For users running Ubuntu on AWS, it is essential to apply these patches as soon as possible to ensure that their systems remain secure against these identified vulnerabilities. Regular updates and security patches are crucial in maintaining the integrity and stability of both local and cloud-based systems. Canonical’s latest security updates address several critical Linux kernel vulnerabilities, including those affecting Amazon Web Services. Users are advised to stay vigilant and apply these patches to protect their systems from potential exploits and ensure continued security.

image for Dutch DPA Imposes ...

 Cyber Essentials

The Dutch Data Protection Authority (DPA) has imposed a hefty fine of 30.5 million euros [approximately US$33.7 million] on Clearview AI, an American company that offers facial recognition services. The Dutch DPA also issued a warning to organizations in the Netherlands prohibiting the use of Clearview's services.   show more ...

The company has been found to have built an illegal database of billions of facial photos, including those of Dutch citizens, without their knowledge or consent. Clearview, which provides facial recognition services to intelligence and investigative agencies, has amassed a vast database of more than 30 billion photos scraped from the internet. These images are then converted into unique biometric codes, allowing customers to identify individuals based on camera footage. The Dutch DPA has deemed this practice as a serious violation of privacy laws. Why a Fine on Clearview AI is Justified "Facial recognition is a highly intrusive technology that cannot be unleashed on anyone in the world," stated Aleid Wolfsen, chairman of the Dutch DPA. "If there's a photo of you on the internet – and doesn't that apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film." While Wolfsen acknowledges the importance of safety and the detection of criminals by official authorities, he suggested that the use of such technology should be restricted to competent authorities in highly exceptional cases. Commercial businesses, like Clearview, are not authorized to build and maintain such databases. Clearview's Many GDPR Violations The Dutch DPA has accused Clearview of violating the General Data Protection Regulation (GDPR) on multiple counts, including building an illegal database and failing to provide sufficient transparency to individuals whose data is stored. The company has also been criticized for its lack of cooperation with requests for access to data. The European Data Protection Board (EDPB) listed the following violations as the basis of the fine: Unlawful Data Processing: Clearview processes personal data in the Netherlands without a legal basis, violating GDPR Articles 5(1) and 6(1). Biometric Data Violation: Clearview unlawfully processes biometric data, breaching GDPR Article 9(1). Inadequate Disclosure: Clearview fails to properly inform data subjects, violating GDPR Articles 12(1), 14(1), 14(2), and 5(1). Access Requests Ignored: Clearview did not respond to access requests, violating GDPR Articles 12(3) and 15. Lack of EU Representation: Clearview has not appointed an EU representative, breaching GDPR Articles 4(17) and 27(1). In addition to the fine, the Dutch DPA has ordered Clearview to stop its offending practices. If the company fails to comply, it could face additional penalties of up to 5.1 million euros. The Dutch DPA is also exploring ways to hold the directors of Clearview personally liable for the violations, a move that could have significant implications for the company's future. This decision by the Dutch DPA is a major setback for Clearview AI, which has faced similar legal challenges in other European countries. The fine imposed by the Dutch DPA is one of the largest ever issued for privacy violations, and sends a strong message to other companies involved in facial recognition technology. The Dutch DPA's stance on the use of facial recognition is likely to influence the development and regulation of this technology in the European Union and beyond.

image for Chinese Influence Op ...

 Cybersecurity News

As the 2024 U.S. presidential election approaches, a Chinese state-linked influence operation known as Spamouflage has become increasingly aggressive in its efforts to sway American political discourse. The group has expanded its use of personas that impersonate U.S. voters on social media, spreading divisive   show more ...

narratives about sensitive social issues. Spamouflage Masquerading as American Citizens Through intelligence reporting from Graphika's ATLAS, researchers have identified 15 Spamouflage accounts on the social media platform X and one on TikTok that claim to be U.S. citizens or advocates for peace, human rights and information integrity. These accounts frequently used relevant symbols, such as images of U.S. flags and soldiers, in their bios, usernames, and profile pictures, and repeatedly used #American and other such U.S.-related hashtags in their posts. [caption id="attachment_88919" align="alignnone" width="1534"] Source: graphika.com[/caption] Some accounts went so far as to explicitly make claims that they were American voters, soldiers, or someone who 'love(s) America' but had supposedly become disappointed at the U.S. government and the current administration. In the lead-up to the 2024 election, these accounts have seeded and amplified content denigrating Democratic and Republican candidates, casting doubt on the legitimacy of the U.S. electoral process, and disseminating divisive narratives on hot-button issues like gun control, homelessness, drug abuse, racial inequality and the Israel-Hamas conflict. Some of this content appears to have been AI-generated, targeting President Joe Biden, former President Donald Trump and Vice President Kamala Harris. [caption id="attachment_88920" align="alignnone" width="1554"] Source: graphika.com[/caption] Despite these attempts to appear authentic, the accounts bore hallmarks of Spamouflage activity, including discrepancies in bio information, frequent use of stock images as profile picture images, and coordinated attempts at amplification of the similar posts and content from accounts flagged as belonging to the campaign. These accounts were observed to have largely failed to gain traction within genuine online communities discussing the election with the exception of an inauthentic media outlet on TikTok that posted a video in July 2023 and received about 1.5 million views. China Influence Ops Expand as Election Grows Close The new report builds on previous research from the Institute for Strategic Dialogue (ISD), which in April 2024 documented four Spamouflage accounts on X posing as supporters of Trump and the Make America Great Again (MAGA) movement, suggesting that the operation's efforts are larger than previously concluded. The researchers assess that Spamouflage and other Chinese influence operation actors will almost certainly continue their attempts to sway U.S. political conversations throughout the 2024 election cycle. They are likely to leverage social divisions in the polarized information environment to portray the U.S. as a declining global power with weak leadership and a failing system of governance. Spamouflage, also known as Dragonbridge, Taizi Flood and Empire Dragon, has been monitored by these researchers since 2019. The operation is active across more than 40 online platforms, using inauthentic accounts to seed and amplify content promoting pro-China and anti-Western narratives. Over the past five years, Spamouflage's tactics have evolved, engaging with broader geopolitical topics, producing content in multiple languages, experimenting with persona building, and leveraging AI tools to create content. The operation has become markedly more aggressive in its attempts to influence online discourse about U.S. politics. While in 2020 the operation frequently criticized the U.S. political system and policies without directly referencing elections, by the months before the 2022 midterms, Spamouflage began explicitly engaging with election-related topics. It spread content criticizing the Republican and Democratic parties and their leaders, casting U.S. domestic and foreign policy 'failures' as a product of the country's political system. The researchers have observed a worrying increase in these operations since mid-2023, along with the seeding of content that denigrates U.S. election candidates such as Harris, Trump and the current president Biden, sowing doubts about the legitimacy of the electoral process, and escalating divisive narratives across the nation. Other China-linked actors are also pushing influence campaigns. Just last month, an AI-controlled X (formerly Twitter) network was reported to be amplifying divisive content.

image for CBIZ Discloses Data ...

 Cybersecurity News

CBIZ Benefits & Insurance Services (CBIZ) recently disclosed a data breach resulting from unauthorized access to client information stored in certain databases. The CBIZ data breach, which occurred between June 2, 2024, and June 21, 2024, involved a threat actor exploiting a vulnerability in one of CBIZ's web   show more ...

pages. "CBIZ’s investigation determined that an unauthorized party was able to exploit a vulnerability associated with one of its web pages, and acquired information from certain databases between June 2, 2024 and June 21, 2024," reads the official notice. Details of CBIZ Data Breach According to the official notice, on June 24, 2024, CBIZ discovered that an unauthorized party might have accessed information from specific databases. Following this discovery, the company promptly launched an investigation with the assistance of cybersecurity professionals to determine the extent of the CBIZ data breach and identify the compromised data. CBIZ conducted a review of the data acquired and determined that individuals associated with multiple CBIZ clients were impacted by the incident," reads the official notice from CBIZ. The data breach at CBIZ impacted individuals associated with multiple CBIZ clients, specifically involving data related to retiree health and welfare plans. Depending on the individual, the compromised data may have included their name, contact information, social security number, date of birth, and, in some cases, date of death. CBIZ's Response and Notification Efforts Upon identifying the breach, CBIZ conducted a thorough review of the acquired data to assess the impact on its clients. Starting on July 24, 2024, CBIZ began notifying affected clients about the incident and providing details about the compromised data specific to each client. By August 28, 2024, CBIZ had mailed letters to the affected individuals on behalf of its clients, informing them of the breach and outlining the steps being taken to protect their information. To mitigate the potential consequences of the breach, CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security numbers were involved in the incident. "CBIZ has offered two years of complimentary credit monitoring and identity theft protection services for individuals whose Social Security number was involved," informed CBIZ. Security Measures and Ongoing Investigation The company has addressed the vulnerability that allowed the breach and has implemented additional security measures to enhance the protection of its systems. Furthermore, CBIZ is working closely with law enforcement agencies to investigate the breach and bring the responsible parties to justice. Despite the seriousness of the breach, CBIZ has reported no evidence of misuse of any individual’s information resulting from the incident. However, the company continues to monitor the situation closely and is providing resources to affected individuals to help them protect their information. Advice for Affected Individuals in CBIZ Data Breach CBIZ advises all potentially affected individuals to remain vigilant against fraud or identity theft. It is recommended that individuals review their account statements and free credit reports regularly over the next 12 months to check for any unauthorized activity. Individuals can obtain a free copy of their credit report once every 12 months from each of the three nationwide credit reporting companies. As the investigation in CBIZ data breach continues, company is likely to implement further enhancements to its security infrastructure to safeguard against future breaches and maintain the trust of its clients.

image for How to export notes ...

 Tips

A corrupted hard drive no longer need lead to the loss of all your data. Today there are cloud services: mail is stored in Gmail, files in Dropbox, notes in Apple Notes, and so on. But even with cloud services theres no doing without backup. Instead of corrupted drives, they present other surprises: for example, they   show more ...

might shutter, hike subscription prices, lose your data, or use it to train AI. And if your internet ever goes down, online-only data is useless. So as not to be caught off guard by sudden unavailability or policy changes, always back up your data on your own computer and protect it against ransomware. And backups need to be both readable and usable without proprietary software. They should be able to either be exported to common standard formats (PDF, HTML), or migrated to a backup app that works offline and without a subscription. There is no universal recipe here: each online service has its own procedure. Today we look at backing up data in Notion — a knowledge base and note-taking app. Backup Notion lets you export data in one of three formats: PDF, HTML or Markdown+CSV. You can export a single note, a group of notes, or even an entire database. But only business and enterprise subscribers can do a full export to PDF format. For most apps, we recommend exporting to HTML format, as its free, saves all types of data, and can be viewed in any browser with no special software required. You can do the exporting on a desktop computer or mobile device. For small amounts of data, a ZIP-archive download is immediate; for large amounts, you receive a download link by email — which arrives with some delay. To export several notes or a subpage, press the advanced menu icon (•••), select Export, specify HTML as the export format, and include subpages and all types of content (Everything). How to export all data from Notion An entire workspace can be exported from the desktop app or web interface. Go to the settings, and under Workspace -> Settings, click Export all workspace content. In addition to the above settings, be sure to enable Create folder for subpages. Only workspace administrators have this export option. For teamspaces, the export wont include other users personal (hidden) pages created within the teamspace. Exporting a workspace from Notion Having unzipped the archive on your computer to a separate folder, you can open the index.html file in it with any browser and freely navigate through your notes. Export to Obsidian or AFFiNE To not only view saved notes but also be able to edit them without Notion, you have to migrate your data to another, similar app that works offline or on a server under your control. The list of possible alternatives to Notion warrants a long read all of its own, so here well limit ourselves to just two apps that Notion users often recommend as a substitute. Obsidian is an app for structured data storage that can work entirely offline, free of charge. Theres a paid service — Obsidian Sync — for synchronizing multiple devices, but users manage without it by placing the storage (vault) in an iCloud folder, or by using third-party plugins for synchronization with SFTP, Amazon S3, Dropbox or other services. To migrate data from Notion to Obsidian: Perform a full export of the Notion workspace as per the above instructions. Install Obsidian and the official import plugin. Create a vault in Obsidian for the migrated data. Activate the installed plugin under Settings -> Community plugins in Obsidian. Start the import via the button on the vertical command bar on the left. Select Notion (.zip) as the import file format, and in the dialog, specify the ZIP file downloaded during export. Enable Save parent pages in subfolders. Press Import. Wait for the import to finish. For very large databases, you may encounter problems with importing embedded ZIP files, in which case see the help page on the Obsidian website. Data migration from Notion to Obsidian AFFiNE is an open-source app offering a workspace with fully merged docs, whiteboards and databases, replacing, the developers say, both Notion and Miro. The business model is based on paid plans and AI assistants, but the app can work offline and even function as a standalone server wholly on your own infrastructure. Content export from Notion is built right into the AFFiNE desktop app, so the procedure is quite straightforward: Perform a full export from Notion. Unzip the file to a separate folder on your computer. Install AFFiNE and create a workspace. Run the import by going to All pages -> New Page -> More options -> Import page. Choose import from markdown files, and select the html file from the unpacked folder. Visit the AFFiNE website for a video guide to importing from Notion. And remember to protect local backups of your important data against stealers and ransomware with the help of Kaspersky Premium.

image for Transatlantic Cable ...

 News

Episode 361 of the Transatlantic Cable podcast kicks off with news around the right to switch off in Australia. From there the team talk about privacy – specifically if you should have to pay to have online privacy. To wrap up, the team discuss how and why a popular game has attracted so much online attention. If   show more ...

you liked what you heard, please consider subscribing. Australians get right to disconnect after hours Should you have to pay for online privacy? Blockbuster Chinese video game tried to police players and divided the internet

image for Sextortion Scams Now ...

 A Little Sunshine

An old but persistent email scam known as “sextortion” has a new personalized touch: The missives, which claim that malware has captured webcam footage of recipients pleasuring themselves, now include a photo of the target’s home in a bid to make threats about publishing the videos more frightening   show more ...

and convincing. This week, several readers reported receiving sextortion emails that addressed them by name and included images of their street or front yard that were apparently lifted from an online mapping application such as Google Maps. The message purports to have been sent from a hacker who’s compromised your computer and used your webcam to record a video of you while you were watching porn. The missive threatens to release the video to all of your contacts unless you pay a Bitcoin ransom. In this case, the demand is just shy of $2,000, payable by scanning a QR code embedded in the email. Following a salutation that includes the recipient’s full name, the start of the message reads, “Is visiting [recipient’s street address] a more convenient way to contact if you don’t take action. Nice location btw.” Below that is the photo of the recipient’s street address. A semi-redacted screenshot of a newish sextortion scam that includes a photo of the target’s front yard. The message tells people they have 24 hours to pay up, or else their embarrassing videos will be released to all of their contacts, friends and family members. “Don’t even think about replying to this, it’s pointless,” the message concludes. “I don’t make mistakes, [recipient’s name]. If I notice that you’ve shared or discussed this email with someone else, your shitty video will instantly start getting sent to your contacts.” The remaining sections of the two-page sextortion message (which arrives as a PDF attachment) are fairly formulaic and include thematic elements seen in most previous sextortion waves. Those include claims that the extortionist has installed malware on your computer (in this case the scammer claims the spyware is called “Pegasus,” and that they are watching everything you do on your machine). Previous innovations in sextortion customization involved sending emails that included at least one password they had previously used at an account online that was tied to their email address. Sextortion — even semi-automated scams like this one with no actual physical leverage to backstop the extortion demand — is a serious crime that can lead to devastating consequences for victims. Sextortion occurs when someone threatens to distribute your private and sensitive material if you don’t provide them with images of a sexual nature, sexual favors, or money. According to the FBI, here are some things you can do to avoid becoming a victim: -Never send compromising images of yourself to anyone, no matter who they are — or who they say they are. -Don’t open attachments from people you don’t know, and be wary of opening attachments even from those you do know. -Turn off [and/or cover] any web cameras when you are not using them. The FBI says in many sextortion cases, the perpetrator is an adult pretending to be a teenager, and you are just one of the many victims being targeted by the same person. If you believe you’re a victim of sextortion, or know someone else who is, the FBI wants to hear from you: Contact your local FBI office (or toll-free at 1-800-CALL-FBI).

 Threat Actors

The malicious DLL implant for the Cobalt Strike attack toolkit gets injected into the Windows binary "runonce.exe," giving total control to the attackers. The campaign further deploys various malicious tools for reconnaissance and data exfiltration.

 Feed

This paper is a collection of THC's favorite tricks. Many of these tricks are not from them, they merely collect them. They show the tricks as-is without any explanation why they work. You need to know Linux to understand how and why they work. This is an updated copy of their data from 09/03/2024.

 Feed

Vivavis HIGH-LEIT versions 4 and 5 allow attackers to execute arbitrary code as local system on systems where the "HL-InstallService-hlxw" or "HL-InstallService-hlnt" Windows service is running. Authentication is necessary for successful exploitation. The execution of the exploit is trivial and might   show more ...

affect other systems if the applications folder is shared between multiple systems in which case the vulnerability can be used for lateral movement.

 Feed

Ubuntu Security Notice 6973-4 - It was discovered that a race condition existed in the Bluetooth subsystem in the Linux kernel, leading to a null pointer dereference vulnerability. A privileged local attacker could use this to possibly cause a denial of service. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 6984-1 - It was discovered that WebOb incorrectly handled certain URLs. An attacker could possibly use this issue to control a redirect or forward to another URL.

 Feed

Ubuntu Security Notice 6983-1 - Zeng Yunxiang discovered that FFmpeg incorrectly handled memory during video encoding. An attacker could possibly use this issue to perform a denial of service, or execute arbitrary code.

 Feed

Red Hat Security Advisory 2024-6160-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6159-03 - An update for orc is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a buffer overflow vulnerability.

 Feed

Red Hat Security Advisory 2024-6156-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a denial of service vulnerability.

 Feed

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating system's permissions-based model, which revolves around the Transparency, Consent, and Control (TCC) framework. "If successful, the adversary could gain any privileges already granted to the affected

 Feed

A 57-year-old man from the U.S. state of Missouri has been arrested in connection with a failed data extortion campaign that targeted his former employer. Daniel Rhyne of Kansas City, Missouri, has been charged with one count of extortion in relation to a threat to cause damage to a protected computer, one count of intentional damage to a protected computer, and one count of wire fraud. He was

 Feed

In the digital realm, secrets (API keys, private keys, username and password combos, etc.) are the keys to the kingdom. But what if those keys were accidentally left out in the open in the very tools we use to collaborate every day? A Single Secret Can Wreak Havoc Imagine this: It's a typical Tuesday in June 2024. Your dev team is knee-deep in sprints, Jira tickets are flying, and Slack is

 Feed

A hacktivist group known as Head Mare has been linked to cyber attacks that exclusively target organizations located in Russia and Belarus. "Head Mare uses more up-to-date methods for obtaining initial access," Kaspersky said in a Monday analysis of the group's tactics and tools. "For instance, the attackers took advantage of the relatively recent CVE-2023-38831 vulnerability in WinRAR, which

 Feed

Cybersecurity researchers have unpacked the inner workings of a new ransomware variant called Cicada3301 that shares similarities with the now-defunct BlackCat (aka ALPHV) operation. "It appears that Cicada3301 ransomware primarily targets small to medium-sized businesses (SMBs), likely through opportunistic attacks that exploit vulnerabilities as the initial access vector," cybersecurity

 Feed

Mobile users in Brazil are the target of a new malware campaign that delivers a new Android banking trojan named Rocinante. "This malware family is capable of performing keylogging using the Accessibility Service, and is also able to steal PII from its victims using phishing screens posing as different banks," Dutch security company ThreatFabric said. "Finally, it can use all this exfiltrated

 ChatGPT

In episode 14 of "The AI Fix", Graham makes an apology, Mark wonders if suicide drones have second thoughts, people pretend to be robots, and some researchers prove that all you need for an AI to generate a somewhat usable version of the computer game Doom out of thin air is to already have a fully-working   show more ...

copy of the computer game Doom. Graham learns how to escape from a police sniffer elephant, an AI-generates a smell with no odour, and Mark explains why the world's best LLMs think there are two Rs in "strawberry". All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cybercrime , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Cryptocurrency Users Targeted in Latest Campaign Involving FudModule Rootkit Akshaya Asokan (asokan_akshaya) , Mathew J. Schwartz (euroinfosec) • September 2, 2024     North   show more ...

Korea’s “Monument to Party Founding” in Pyongyang. (Image: Peter Anta/Pixabay) A hacking group tied to […] La entrada North Korean Hackers Tied to Exploits of Chromium Zero-Day – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Brazil

Source: www.databreachtoday.com – Author: 1 Election Security , Fraud Management & Cybercrime , Geo Focus: Brazil Supreme Court Set to Review Ban, After X Failed to Appoint a Legal Representative Mathew J. Schwartz (euroinfosec) • September 2, 2024     Elon Musk silhouetted in front of the logo of X,   show more ...

the social platform he owns. […] La entrada Brazil Suspends Access to Elon Musk’s X, Including via VPNs – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA's

Source: www.databreachtoday.com – Author: 1 Election Security , Fraud Management & Cybercrime , Government CISA ‘Committing More Resources Than Ever Before’ to Election Infrastructure Chris Riotta (@chrisriotta) • September 2, 2024     The U.S. cyber defense agency has hired election   show more ...

security advisers to serve in each of its regional offices nationwide. (Image: Shutterstock) The […] La entrada Inside CISA’s Unprecedented Election Security Mission – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Ransomware Attackers Are Turning Up the Heat on Targets Who Won’t Pay Christopher Budd • September 2, 2024     In the wake of the MGM casino breach in December 2023, Sophos X-Ops began analyzing ransomware gangs’   show more ...

propensity to turn the media into a tool […] La entrada How Ransomware Groups Weaponize Stolen Data – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-09
Aggregator history
Tuesday, September 03
SUN
MON
TUE
WED
THU
FRI
SAT
SeptemberOctoberNovember