Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Microsoft September ...

 Firewall Daily

The second Tuesday of September has once again proven to be a significant date for cybersecurity with Microsoft’s latest Patch Tuesday update. This month’s release is dominated by a daunting array of vulnerabilities, including four zero-day flaws. The September 2024 Patch Tuesday is particularly noteworthy as it   show more ...

addresses a total of 79 vulnerabilities, among which four are zero-day threats—two of which are actively exploited and one publicly disclosed. This month, Microsoft addressed two zero-day vulnerabilities that bypass security features in Microsoft Office and Windows Mark of the Web. Both were exploited in the wild, highlighting the urgent need for remediation due to their widespread impact. Microsoft September 2024 Patch Tuesday: Critical Vulnerabilities and Zero-Day Exploits Among the list of vulnerabilities, CVE-2024-43491, a Windows Servicing Stack Remote Code Execution (RCE) vulnerability, is a significant concern due to its high CVSSv3.1 base score of 9.8. This severe risk impacts Windows 10, version 1507, specifically Windows 10 Enterprise 2015 LTSB and Windows 10 IoT Enterprise 2015 LTSB.  The flaw is a pre-authentication RCE vulnerability caused by a regression in the Windows Servicing Stack, which inadvertently rolled back fixes for multiple previous vulnerabilities. Despite its severity, Microsoft has not observed exploitation of this flaw in the wild. The issue was discovered internally by Microsoft, and patches for both the Servicing Stack and the Windows OS itself must be applied in the specified order. “CVE-2024-38226 is a flaw in Microsoft Publisher, a standalone application that is also included in some versions of Microsoft Office,” Narang added. “CVE-2024-38217 is a vulnerability in Mark of the Web, an important security feature in Microsoft Windows that flags or blocks content from files downloaded from the internet. Exploitation of both CVE-2024-38226 and CVE-2024-38217 can lead to the bypass of important security features that block Microsoft Office macros from running.” CVE-2024-38217, known as "LNK stomping," involves a security feature bypass in the Mark-of-the-Web (MotW) system. This vulnerability allows an attacker to overwrite an existing LNK file through explorer.exe, potentially bypassing security checks like SmartScreen and the Windows Attachment Services prompt. This issue has been publicly disclosed and linked to exploit code on GitHub, illustrating its long history of exploitation dating back to 2018. With a CVSSv3.1 score of 7.8, CVE-2024-38014 is classified as an Important vulnerability that allows elevation of privilege via Windows Installer. This flaw could enable code execution with SYSTEM privileges, which is highly attractive to malware authors due to its low attack complexity and privilege requirements. The flaw affects all current versions of Windows and even Server 2008, despite its end of official support. “CVE-2024-38014 is part of post-compromise activity, whereby an attacker has obtained access to a target system and will exploit these types of vulnerabilities in order to elevate privileges,” noted Narang. “Flaws like CVE-2024-38014 are highly valuable to attackers as they enable further compromise, so it is crucial for organizations to patch these flaws to cut off attack paths and prevent future compromise.” The local security feature bypass affecting Microsoft Publisher involves a flaw in Office macro policies. Exploitation requires the attacker to convince the user to open a malicious file, but they must also be authenticated on the target system. The specifics of this attack vector are not fully detailed, but it highlights the need for vigilance in managing document security settings. Critical RCE Vulnerabilities and Other Updates In addition to the zero-day fixes, September 2024 Patch Tuesday addresses six critical vulnerabilities, particularly those allowing remote code execution (RCE). These include: CVE-2024-38018: Microsoft SharePoint Server RCE CVE-2024-43464: SharePoint Server RCE CVE-2024-38119: Windows NAT RCE CVE-2024-38018 and CVE-2024-43464 are SharePoint Server vulnerabilities. CVE-2024-38018 requires Site Member permissions, while CVE-2024-43464 involves deserialization of untrusted data leading to RCE after uploading a malicious file. Both are deemed Critical due to their potential impact and exploitation likelihood. CVE-2024-38119, a critical RCE vulnerability in Windows network Address Translation (NAT), has a high attack complexity due to the need for network adjacency. Notably, Server 2012/2012 R2 does not receive a patch for this vulnerability, a peculiar decision given its severity. For Windows clients, the September 2024 Patch Tuesday updates include: KB5043076: Windows 11 versions 23H2/22H2 KB5043067: Windows 11 version 21H2 KB5043064: Windows 10 versions 22H2/21H2 KB5043050: Windows 10 version 1809 These updates primarily consist of minor patches and security fixes, rather than new features. Why Microsoft Patch Tuesday is Important Patch Tuesday refers to Microsoft's regular schedule for releasing software updates on the second Tuesday of each month. These updates are crucial for addressing security vulnerabilities and ensuring system stability. By adhering to this schedule, IT administrators can plan updates efficiently, minimizing downtime and maintaining system security. Patches released on Patch Tuesday help protect against potential cyber threats by fixing known vulnerabilities. Regular application of these updates is essential for safeguarding systems, maintaining compliance with security standards, and ensuring optimal performance. Likewise, with this Patch Tuesday, “Microsoft also fixed CVE-2024-43491, a vulnerability in its Servicing Stack that led to the rollback of fixes for specific versions of Windows 10 affecting some Optional Components,” Narang pointed out. “Exploitation of this flaw appears to be tied to previously known vulnerabilities that were reintroduced due to the rollback. Users need to apply both the September 2024 Servicing Stack Update and the September 2024 Windows Security Updates to correct this issue.” The September 2024 Patch Tuesday update highlights the ongoing efforts by Microsoft to address critical security issues and protect users from emerging threats. With four zero-day vulnerabilities and six critical issues patched, organizations and individuals must apply these updates promptly to secure their systems against potential exploits.

image for Maltese Government M ...

 Cyber News

The Maltese government is working to create a legal framework that supports ethical hacking practices, Prime Minister Robert Abela announced. Speaking on One Radio, Abela said the Cabinet will discuss a policy document to be drafted by the Malta Digital and Innovation Authority (MDIA). The document, which will be open   show more ...

for public consultation, aims to protect white hat hackers - those who identify and report security vulnerabilities to improve computer systems. Maltese Legal Restructuring Prompted By Recent Incident The proposed changes come in the wake of criminal charges filed against three University of Malta computer science students and their lecturer who discovered flaws in FreeHour, Malta's largest student application, two years ago. The students, along with their lecturer, were accused of hacking, despite their actions seeming to be in good faith and motivated by a desire to improve the system's security. The Kunsill Studenti Universitarji (KSU), the university's student council, had earlier called for "urgent legislative reform" to define and protect ethical hacking. The students and lecturer were charged by police despite disclosing the issues to FreeHour. "This situation poses a serious threat to the educational process, which is essential for training students to use their computer-related skills and knowledge for the benefit of both the community and the organizations they serve," national trade union federation Forum Unions Maltin said in a statement. In response to the charges as well as criminal proceeding set for 2025, the University stated: “These students are yet to begin their professional careers. Rather than being encouraged and properly trained as future cybersecurity experts, they are being subjected to criminal prosecution, creating unnecessary hardship at such a critical point in their studies. The state’s involvement in this case only adds to the hostility faced by these young professionals, who are merely trying to develop vital skills and knowledge in cybersecurity—a field crucial for community and organizational security.” The University of Malta Academic Staff Association also backed the lecturer, stating he acted "with academic integrity and in accordance with procedure." The proposed policy, which will be available for public consultation, will introduce clear guidelines to distinguish between malicious and well-intentioned hackers, often referred to as white hat hackers. "The government is committed to fostering a safer digital environment," Abela emphasized. He said the upcoming budget will outline a 10-year vision for Malta, including plans for the country's population, infrastructure, healthcare, transport, pensions and education. The student platform FreeHour, where the vulnerability had been discovered, had stated, "Almost two years on, FreeHour remains committed towards finding a more agreeable and positive ending to this incident.” FreeHour also acknowledged the "urgent, genuine need for more modern laws and guidelines surrounding cybersecurity practices. Budget Structured Towards Digital Future The government's vision for the next ten years, outlined in this year's budget, focuses on attracting higher-value investment that is less labor-intensive, reducing the country's reliance on foreign workers. The budget will also prioritize the development of key sectors such as education, healthcare, transport, and energy infrastructure. The prime minister emphasized the need to be selective in the investments the country accepts, prioritizing those that create high-skilled jobs with good wages. The prime minister also called on Labour delegates to support the candidacies of Ian Borg and Alex Agius Saliba as deputy leaders, stressing the importance of renewal within the party while in government. The proposed changes aim to create a more efficient economy and improved governance, aligning with the government's vision for Malta's future.

image for Ford Files Patent to ...

 Market Reports

Ford has sparked privacy concerns after filing a patent for technology that would collect a wide range of driver data, including in-vehicle conversations, to personalize in-car ads. The patent outlines a system that would leverage GPS location, driving speed, traffic conditions, historical user data, and even   show more ...

conversations within the car to target drivers with relevant advertisements. This development comes at a time of heightened scrutiny around data collection practices. While Ford emphasizes that filing a patent doesn't guarantee implementation, the news has raised concerns about the potential for intrusive advertising and the privacy implications of such technology. [caption id="attachment_89677" align="alignnone" width="758"] Source: Ford Patent Document[/caption] What Does the Ford Patent Describe? According to the patent document, the proposed system would gather data through various means: GPS Location: This would allow the system to pinpoint the vehicle's location and identify nearby businesses or landmarks. For example, when driving past a fast-food restaurant, the system could trigger an ad for that particular chain based on your location. Driving Speed and Traffic Conditions: The system could tailor ads based on whether you're stuck in rush hour traffic (promoting audiobooks or podcasts) or cruising down the highway (suggesting roadside attractions). Historical User Data: The patent mentions using previous user data, potentially including past destinations or music preferences, to further personalize ad recommendations. In-Vehicle Conversations: Perhaps the most controversial aspect, the system could analyze conversations to glean insights into what drivers are discussing – for example, if you're talking about needing groceries, a nearby supermarket ad could pop up on the infotainment screen. Privacy Concerns and Potential Backlash Privacy advocates are understandably wary of this technology. The idea of car manufacturers recording in-vehicle conversations raises concerns about security and potential misuse of the data. Critics argue that such intrusive data collection could lead to targeted advertising that feels manipulative or even creepy. They also raise concerns about who would have access to this data and how it would be secured. “We're used to seeing ads tailored to our online activity. However, having your car eavesdrop to serve ads based on your conversations and location adds a new level of intrusion. This type of system raises serious privacy concerns and could alienate a significant number of consumers who are already wary of companies collecting too much personal data,” wrote Automotive Influencer Daryl Killian. The potential for driver distraction is another concern. Constantly receiving in-car ads could divert attention from the road, potentially leading to safety hazards. Ford's Response and Industry Trends Ford has been quick to downplay the potential implementation of this technology. In a statement to Fortune, the company clarified that filing a patent is a standard practice to explore new ideas and doesn't necessarily indicate immediate plans to release such a system. However, this isn't the first time Ford has explored personalized in-car advertising. A few years ago, the company filed a patent for a system that would display digital versions of billboards on the car's display as you drive by them. Ford isn't alone in exploring data-driven in-car experiences. Other car manufacturers, like General Motors, have also shown interest in personalized advertising and data collection within vehicles. This trend highlights the growing integration of technology into our cars, raising concerns about data privacy and potential misuse. Looking Ahead: Balancing Innovation with Privacy The potential benefits of in-car technology shouldn't be dismissed entirely. Personalized navigation, real-time traffic updates, and hands-free communication all contribute to a more convenient and safer driving experience. However, these benefits must be balanced with robust privacy protections. Here are some key considerations for the future: Transparency and User Control: Drivers should have clear information about what data is being collected and how it's being used. Additionally, they should have the ability to opt-out of targeted advertising or data collection entirely. Data Security Measures: Strong data security practices are crucial. Car manufacturers should implement robust measures to protect user data from unauthorized access or breaches. Regulatory Oversight: Regulatory bodies may need to establish clear guidelines regarding data collection and advertising practices within vehicles. Ultimately, the success of in-car technology hinges on a trust between users and car manufacturers. Striking a balance between innovation and privacy is key to ensuring that new technologies enhance, rather than erode, the driving experience.

image for DragonRank Manipulat ...

 Cyber News

In a recent discovery, security experts have identified a suspicious new activity cluster they're calling "DragonRank." This activity is believed to be of Chinese origin and has been observed targeting various countries in Asia along with a few others in Europe. DragonRank operations are carried out   show more ...

through web shells used to collect system information from victims and deploy malware payloads such as PlugX and BadIIS, with the goal of compromising Windows Internet Information Services (IIS) servers hosting legitimate corporate websites and manipulating their search engine optimization (SEO) rankings. DragonRank's Modus Operandi The researchers from Cisco Talos state that the activity cluster's tactics, techniques, and procedures (TTPs) bear several similarities to hacking groups that rely on Simplified Chinese. DragonRank had used a wide-reaching and non-targeted approach to compromise over 35 IIS servers across various industries, including jewelry, media, research services, healthcare, and more. [caption id="attachment_89700" align="alignnone" width="731"] Source: https://blog.talosintelligence.com[/caption] The group's primary goal is to implant the BadIIS malware, which manipulates search engine crawlers and disrupts the SEO of affected sites. To achieve this, DragonRank exploits vulnerabilities in web application services, such as phpMyAdmin, WordPress, or similar web applications. Once they gain control, they deploy a web shell, which allows them to collect system information, launch malware, and run various credential-harvesting utilities. The group also uses PlugX as their backdoor malware, a well-known backdoor used by multiple Chinese threat actors. They utilize DLL sideloading technique, exploiting vulnerable legitimate binaries to initiate the PlugX loader. In its attack chain, the group also uses a user cloning utility tool to maintain a low profile, maintain persistence within infected networks, as well as to clone an administrator's permissions to a guest account within compromised systems. They also breach additional Windows IIS servers in the target's network, either through the deployment of additional web shells or by exploiting remote desktop logins using stolen credentials. Commercial Sale of Hacking Services DragonRank operates a commercial website, offering white hat and black hat SEO services, including cross-site ranking, single-site ranking, parasite ranking, extrapolation ranking, and search result dominance. They claim to support large amounts of industry-wide advertising, covering over 200 countries and regions worldwide. [caption id="attachment_89699" align="aligncenter" width="549"] Source: https://blog.talosintelligence.com/[/caption] The group also shares their contact information on Telegram and the QQ instant message application, allowing users to contact them and conduct underground business trades. The DragonRank hacking cluster may present a significant threat to global search engine optimization due to its wide-scale compromise of numerous IIS servers across various industries. Further, DragonRank tends to disrupt search rankings of affected companies, negatively impacting their online presence. It is essential for companies to stay aware of this threat and take necessary measures to secure their web application services and protect against these types of attacks.

image for Colorado Man Sentenc ...

 Cyber News

In a case involving cyberstalking and obstruction of justice, John B. Hart, a 54-year-old resident of Louisville, Colorado, was sentenced yesterday to eight years and one month in federal prison, followed by three years of supervised release. The sentencing comes after Hart pleaded guilty to a series of egregious   show more ...

offenses committed while he was living in Hawaii from May to August 2022. Cyberstalking Campaign Targeted Three Victims Hart’s campaign of harassment and intimidation targeted his former girlfriend, Jane Doe 1, her former partner, John Doe 1, and her then-partner, John Doe 2. Court documents reveal that Hart orchestrated a complex and malicious scheme to torment these individuals, frequently posing as John Doe 1 to further his harassment. His actions included a variety of deceptive tactics intended to cause maximum distress and confusion. According to the plea agreement, Hart utilized multiple “burner apps” to generate dozens of fake phone numbers, which he used to send threatening and disturbing messages to his victims. This elaborate strategy was designed to obscure his identity and mislead law enforcement. Hart also engaged in a false reporting scheme, attempting to divert suspicion away from himself by falsely accusing John Doe 1 of being a threat to both Hart and others. Hart's cyberstalking campaign included a range of harassing activities. Among the most alarming were communications sent to Jane Doe 1 urging her to take her own life, as well as messages accusing John Doe 2 of being involved in human trafficking and kidnapping Jane Doe 1. Additionally, Hart sent threats of violence to Jane Doe 1’s family and associates, creating a pervasive climate of fear. Fake Online Profiles and Physical Vandalism Further complicating the case, Hart created fraudulent online dating profiles in Jane Doe 1’s name, leading to numerous men arriving at her workplace under false pretenses. He also threatened to publish intimate photos and videos of Jane Doe 1, asserting that he would share them with her friends and family. In a particularly alarming act of vandalism, Hart spray-painted Jane Doe 1’s vehicle and placed metal spikes near her tires, endangering her safety. Hart’s actions extended beyond digital harassment. Following his questioning by federal agents, Hart attempted to obstruct the investigation by deleting one of his personal email accounts, a move that was intended to impede the ongoing probe into his criminal activities. Cyberstalking and Digital Privacy Concerns The case highlights the severe impact of cyberstalking and the lengths to which perpetrators will go to inflict harm and evade justice. Hart’s actions have had a profound effect on his victims, creating a climate of fear and distress that extended into their personal and professional lives. Hart has been in detention since his arrest in August 2023 in Colorado. His sentencing marks the culmination of a case that involved extensive investigation and legal proceedings. The sentence handed down reflects the seriousness of Hart’s offenses and the commitment of the justice system to addressing such severe cases of cybercrime and obstruction. As the legal process concludes, the case serves as a reminder of the dangers posed by cyberstalking and the critical importance of safeguarding digital and personal privacy.

image for India’s 5000 Cyber ...

 Press Release

A day after the Indian government unveiled a series of initiatives to combat cybercrime, cybersecurity experts and activists have welcomed the move, yet remain cautious about its practical implementation. Union Home Minister Amit Shah, on September 10, announced plans to train a special wing of 5,000 cyber commandos   show more ...

over the next five years to address rising cyber threats in India. While the move signals progress, industry experts emphasize the need for a more strong framework and focus on emerging cybercrime trends. The New Cyber Commandos Unit: A First Line of Defense At the heart of the government’s initiative is the formation of a cyber commando unit, which will consist of 5,000 commandos recruited from all police forces in each state and Union Territory. Each commando will be selected based on their expertise in IT, digital forensics, and cybersecurity. The cyber commandos will act as India’s first line of defense against domestic and international cyber threats, safeguarding IT networks and investigating cyberspace issues. [caption id="attachment_89668" align="alignnone" width="748"] Source: X[/caption] However, cybersecurity expert Srinivas Kodali believes this effort, though welcome, is overdue and insufficient. Kodali, an interdisciplinary researcher on data, cities, and the internet, expressed concerns that 5,000 cyber warriors may not be enough, given India’s pace of digitization. “There has been immense pressure on the government to implement such a program due to the rise in cybercrime. However, the number of cyber warriors is the bare minimum. This initiative is unlikely to revolutionize things, but it is a step in the right direction,” Kodali commented. Global Inspiration: Following International Cybersecurity Models India’s new cyber commandos unit appears to draw inspiration from similar government-funded cybersecurity programs in countries like the United States, Australia, China, and Russia. In these nations, cybersecurity professionals protect critical infrastructure, including power grids, transportation systems, and financial networks, from sophisticated cyberattacks. India seeks to emulate this model, with possible collaboration from Western nations for intelligence and technology development. While experts like Kodali acknowledge the necessity of this move, others, such as cybersecurity entrepreneur Nandakishore Harikumar, CEO of Technisanct, highlight additional areas of concern. Harikumar echoed similar apprehensions about the scale of the initiative, noting the need for greater resources to tackle both cybercrime and enterprise security. “We need a lot of resources to fight cybercrime and we are lacking in it. So the setting up of cyber warriors is a welcome step in that direction. I believe the government needs to focus on cybercrimes as well as enterprise security. The government should also focus on data breaches as this is the base for cybercrimes,” Harikumar emphasized. Will AI be Effective in Curbing Cybercrimes? Another key initiative announced by Shah is the establishment of the Cyber Fraud Mitigation Centre (CFMC), a national platform that will collaborate with banks, financial institutions, telecom providers, and law enforcement to counter online financial crimes. The CFMC will leverage Artificial Intelligence (AI) to analyze cyber fraud patterns and create countermeasures. However, the deployment of AI in cybersecurity raises questions about its efficiency. Kiran Chandra, General Secretary of the Free Software Movement of India (FSMI), advised caution regarding AI’s application in such a critical field. “AI is still evolving. The data set and algorithms on which AI is trained are critical. If either is biased, the outcomes will be skewed. The open-source way of doing things is not well known. The government should be transparent on its AI’s algorithmic efficiency because there are more than a billion users in the country and zettabytes of data is being generated where it becomes difficult to track information,” Chandra explained. Srinivas Kodali added that the training of law enforcement in AI technologies is critical. "Online scammers are already using AI, deepfakes, to carry out cybercrimes. It is only natural that the police will get trained on it,” Kodali stated. ‘Collating Data is Crucial’ In another significant move, Shah inaugurated the Samanvaya Platform—a centralized data repository for sharing cybercrime information among law enforcement agencies. The platform aims to streamline data sharing, crime mapping, and analytics to improve investigation efficiency. Harikumar stressed the importance of localizing data repositories to effectively combat cybercrime in India.  He emphasized the importance of localizing data repositories to effectively combat cybercrime in India. “The launch of a data-sharing platform caught my attention. India’s cybercriminals operate in highly localized ways, such as the recent ‘Fedex Courier Scam,’ where criminals target individuals within their region. Collating this data is crucial for mapping and addressing these cybercrimes,” he explained. By collecting and processing data effectively, the Indian government hopes to build a resilient ecosystem capable of fighting evolving cyber threats. However, as Harikumar noted, ensuring adequate training for the cyber commandos will be key to the platform's success. Balancing Cybercrime Prevention with Privacy Concerns The fourth major initiative by the Indian government is the creation of a national-level ‘suspect registry’ of various mule account identifiers based on the national cybercrime reporting portal, and connecting state registries with it to in strengthen the fraud risk management capabilities of the financial ecosystem. Shah said the national suspect registry will help ensure that states/UTs do not work in silos. Chandra supported this move but emphasized that the suspect registry should extend beyond financial fraud to include other cyber offenses. “The aim of threat intelligence and darkweb monitoring systems should ensure the protection of the common man undisputedly. It is the responsibility of the state to ensure that the common man does not suffer cybercrimes. So this is a welcome move.” “However protecting people from online financial frauds is one thing. But most of the people also fall victim to other online frauds such as stalking, cyberbullying and other basic issues such as drug crime mafia. The government has to look into these things too and take stringent action,” Chandra argued. He also stressed the importance of balancing cybercrime prevention with privacy rights. “Right to privacy is a fundamental right. There is a thin line between monitoring and surveillance. So what rules and procedures the government will make and how will it draw the line in public cyber space to not infringe privacy should be looked into.” The Path Forward The Indian government’s new cybersecurity initiatives are a step toward securing the nation’s rapidly expanding digital infrastructure. However, their success will depend on the careful implementation of policies, training of personnel, technological advancements, and transparency in processes such as AI deployment and data sharing. As India embarks on this journey, experts remain cautiously optimistic, urging the government to strike a balance between cybercrime prevention and safeguarding civil liberties. With vigourous planning and collaboration, India can build a secure and resilient digital ecosystem capable of addressing the challenges of an increasingly connected world.

image for Columbus City Cybera ...

 Firewall Daily

In response to the massive cyberattack that struck Columbus City in July 2024, the Columbus City Council is intensifying its focus on the ongoing fallout. The Columbus City Council has emphasized that the incident is under federal investigation. The Columbus City cyberattack has brought considerable attention from the   show more ...

FBI and Homeland Security, and the Council finds itself in a position of limited knowledge, similar to the general public. During a recent city council meeting, Nicholas Bankston, a prominent member and chair of the finance and governance committee, highlighted the importance of public vigilance. "We want to be very, very clear. It’s really simple. One, protect yourself. Stay informed and know that we are dedicated to safeguarding your interests and the interests of every resident and every employee,” Bankston stated. Addressing the Columbus City Cyberattack Despite the ongoing federal investigation, he assured residents that the cyberattack on Columbus City remains a top priority for the council. Bankston acknowledged that while the Council's hands are tied due to the ongoing investigation, cybersecurity will be a constant topic in future meetings. "Council has a long-held practice of refraining from commenting on investigations to maintain their integrity. But with that, again, we will continue to push and make sure that we are getting information that is accurate and verifiable from the administration and those involved,” he added. The Department of Technology, led by Director Sam Orth, also addressed the public during a city council meeting. Orth highlighted the rapidly evolving nature of the situation. He revealed that personal data had been compromised and posted on the dark web, prompting immediate actions to support affected individuals. As soon as we confirmed that personal data had been stolen and posted on the dark web, we took immediate action to offer support to those individuals we identified as likely having been affected,” Orth explained. Despite Columbus City’s history of dealing with cyber threats—having thwarted over 200,000 attacks in the previous year alone—the scale of this cyberattack has been unprecedented. "We have thwarted over 200,000 attacks just last year alone. We are constantly under attack every single year. This is one that our safeguards weren't able to protect us from,” Bankston noted. The city is working tirelessly to enhance its security systems and protect its data from future breaches. Columbus City Cyberattack: The Recovery Methods The Columbus City Council has advised residents to take proactive measures to protect their personal information. They recommend signing up for the free credit monitoring service provided by the city and avoiding clicking on suspicious links in emails. Additionally, the Department of Technology suggests enrolling children in credit monitoring services as well, as cyberattacks can affect anyone with a social security number. Residents who receive unusual emails or messages are encouraged to report them by sending screenshots to abuse@columbus.gov. The Columbus City cyberattack has had a profound impact on Columbus residents, as demonstrated by recent interviews conducted by 10TV. Mary B. Roletto, a longtime Columbus resident, shared her experience after discovering her information on the dark web. "I did go to all of the credit bureaus and checked my credit when it happened and checked my status,” she said. Roletto has become more cautious about her bank and credit card statements and plans to attend public meetings to stay informed. “You think you are protected, everything is good and you don't have to make the effort. But, today’s world is a different world technology-wise,” she added. Joe Motil, a former mayoral candidate, was also affected by the breach. He expressed shock upon finding his personal information online and criticized the city's practice of scanning IDs. "This is the easiest thing to remedy. Let’s not scan driver’s licenses anymore,” Motil suggested. He also called for the city to provide more transparency about the data leaked on the dark web and emphasized the importance of understanding the scope of the breach. The city has reported that approximately 13,000 residents have signed up for the free credit monitoring service. Columbus City Council is committed to holding public hearings and providing updates on the cyberattack's aftermath. A hearing is scheduled for early October, where residents will have the opportunity to voice their concerns. Investigation Continues Director Sam Orth provided further details about the ongoing situation during a public briefing. Orth acknowledged that nearly a quarter of the city’s computer systems are still down, with efforts underway to restore them. He expressed outrage over the attack and noted that despite Columbus City’s extensive efforts to monitor and block cyber threats, the attack by Rhysida was not preventable. In 2023, the City of Columbus' Department of Technology monitored 170 billion cyber events on the internet. We blocked over 200,000 attempted threats,” Orth reported. Shawn Waldman, a cybersecurity expert, has criticized the city's handling of the attack. He argues that the response could have been more effective and has called for accountability from Director Orth and his team. Waldman is concerned that the city's response and recovery efforts might be hindered by internal issues, including the potential mishandling of information and inadequate record retention policies. Columbus City Council President Shannon Hardin has voiced his frustration with the attack. He revealed that his own personal information was compromised and criticized the city’s initial response. Hardin’s comments highlight the broader impact of the cyberattack on both public confidence and personal security. As the investigation continues and recovery efforts proceed, the Columbus City Council remains committed to transparency and accountability. The public hearings and upcoming reports will provide further insights into the Columbus City cyberattack and the measures being taken to prevent future incidents.

image for Alert notification a ...

 Business

What would prompt someone to sign in to their work email account on the spot? Thats right, a warning about a hack. The first impulse of a responsible employee who receives such a security alert is to find out what happened, change their password, and maybe even notify others who may have been affected. But that   show more ...

knee-jerk reaction is in fact a reason NOT to act immediately, but rather take a deep breath and triple-check everything. Heres why. Phishing email The email that kicks off this phishing attack we recently encountered pretends to be a notification from Office 365, and it does a pretty good job. Sure, perfect it aint: the Microsoft logo is too big and looks odd without the company name; notifications of this kind usually have the Office 365 logo; and the alert itself is a bit muddled. In the second line, for example, it mentions that someone created a forwarding/redirect rule, but the Details line specifies that this alert was triggered because someone gained access to read your users email. These details will stand out to the user who gets a lot of Office 365 notifications – but most users dont. What should really catch even the untrained eye is the senders address. Genuine Office 365 notifications signed The Office 365 Team? come from, yes, Microsofts email servers, not from an administrator on an unrelated domain. The Severity line also looks odd: Informational notifications usually dont require any user action. DIY redirect Concerned recipients scared into clicking the View alert details link are taken to a page that mimics a broken redirect. In fact, a cursory check of the browser address bar, or even the name of the tab, clearly shows that this page is hosted in the Google Docs cloud. To be precise, its a single-slide presentation with a link. The purpose behind it is that the initial phishing email contains only a link to docs.google.com, which has a positive reputation in the eyes of most anti-phishing engines. Recipients are invited to follow the link because automating a redirect from a presentation slide is simply impossible, and the attackers need some way to lure them to the phishing site; the victim is asked to walk into the trap themselves. These are all clear signs of phishing that you need to watch out for every time you follow a link in a corporate email. The finale isnt hard to guess: a simple page for harvesting Office 365 credentials. The address gives it away, of course. How to protect employees from phishing We recommend regular training for employees in the art of spotting the latest cybercriminal tricks (for example, by showing them our posts dedicated to signs of phishing). Its even better to use a dedicated platform to raise cybersecurity awareness throughout the company. And to make extra sure, provide corporate users with multi-layered anti-phishing protection capable of both filtering out bulk emails at the mail gateway level and blocking redirects to dangerous web pages using security solutions on a workstation.

image for SOAR Is Dead, Long L ...

 Feed

Business intelligence firm Gartner labels security orchestration, automation, and response as "obsolete," but the fight to automate and simplify security operations is here to stay.

 Malware and Vulnerabilities

This flaw affects the browser-based web app, enabling recipients to save pictures and videos that should disappear after being viewed. While the app prohibits users from taking screenshots, this bug circumvents that protection.

 Threat Actors

The German cyber agency is investigating a phishing campaign linked to Russian state hackers APT28, who mimicked a well-known think tank's website. The hackers created a fake domain resembling the Kiel Institute for the World Economy.

 Trends, Reports, Analysis

According to an FBI report, cryptocurrency scams surged in 2023, leading to victims reporting $5. 6 billion in financial losses associated with crypto schemes, a 45% increase from the previous year.

 Malware and Vulnerabilities

Checkmarx researchers discovered two XSS vulnerabilities on Gallup's polling site, which could allow attackers to access sensitive data, execute arbitrary code, or take over accounts.

 Trends, Reports, Analysis

DDoS attacks have doubled, with governments being the most targeted sector, according to StormWall's report. The number of DDoS incidents globally increased by 102% in the first half of 2024 compared to the same period in 2023.

 Malware and Vulnerabilities

Quad7 botnet is expanding its reach by targeting additional SOHO devices with custom malware for Zyxel VPN appliances, Ruckus wireless routers, and Axentra media servers, in addition to previously reported TP-Link and ASUS routers.

 Govt., Critical Infrastructure

The DHS Cyber Safety Review Board, led by Homeland Security officials, is preparing to announce its next investigation soon, as hinted by DHS undersecretary Rob Silvers. Silvers mentioned criteria for incident review but did not reveal details.

 Expert Blogs and Opinion

By recognizing the importance of diversity in technology stacks and incorporating it into security protocols and incident response plans, companies can proactively protect their infrastructure and reduce the likelihood of catastrophic events.

 Incident Response, Learnings

The U.S. Department of Justice has distributed $18. 5m to about 3000 victims of fraud facilitated by Western Union. This is part of the second phase of the Western Union Remission program, which aims to fully compensate victims.

 Feed

An attacker with authenticated access to VICIdial version 2.14-917a as an agent can execute arbitrary shell commands as the root user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

 Feed

An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial version 2.14-917a to enumerate database records. By default, VICIdial stores plaintext credentials within the database.

 Feed

Ubuntu Security Notice 6998-1 - It was discovered that Unbound incorrectly handled string comparisons, which could lead to a NULL pointer dereference. An attacker could potentially use this issue to cause a denial of service. It was discovered that Unbound incorrectly handled memory in cfg_mark_ports, which could lead   show more ...

to a heap buffer overflow. A local attacker could potentially use this issue to cause a denial of service or execute arbitrary code.

 Feed

Red Hat Security Advisory 2024-6576-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.7 for RHEL 8. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6568-03 - An update for the redhat-ds:11 module is now available for Red Hat Directory Server 11.9 for RHEL 8.10. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6567-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include double free, out of bounds access, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-6560-03 - An update for kpatch-patch-4_18_0-477_43_1 and kpatch-patch-4_18_0-477_67_1 is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-6559-03 - An update for the postgresql:12 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-6558-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-6557-03 - An update for the postgresql:13 module is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.4 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-6536-03 - Red Hat AMQ Streams 2.5.2 is now available from the Red Hat Customer Portal. Issues addressed include bypass, denial of service, information leakage, and memory leak vulnerabilities.

 Feed

Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active exploitation as part of its Patch Tuesday update for September 2024. The monthly security release addresses a total of 79 vulnerabilities, of which seven are rated Critical, 71 are rated Important, and one is rated Moderate in severity. This is aside from 26 flaws that the tech

 Feed

Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical vulnerabilities that could result in remote code execution. A brief description of the issues is as follows - CVE-2024-29847 (CVSS score: 10.0) - A deserialization of untrusted data vulnerability that allows a remote unauthenticated attacker to achieve code execution.

 Feed

The Singapore Police Force (SPF) has announced the arrest of five Chinese nationals and one Singaporean man for their alleged involvement in illicit cyber activities in the country. The development comes after a group of about 160 law enforcement officials conducted a series of raids on September 9, 2024, simultaneously at several locations. The six men, aged between 32 and 42, are suspected of

 Feed

Imagine a world where you never have to remember another password. Seems like a dream come true for both end users and IT teams, right? But as the old saying goes, "If it sounds too good to be true, it probably is."  If your organization is like many, you may be contemplating a move to passwordless authentication. But the reality is that a passwordless security approach comes with its own

 Feed

Cybersecurity researchers have uncovered a new set of malicious Python packages that target software developers under the guise of coding assessments. "The new samples were tracked to GitHub projects that have been linked to previous, targeted attacks in which developers are lured using fake job interviews," ReversingLabs researcher Karlo Zanki said. The activity has been assessed to be part of

 Feed

The operators of the mysterious Quad7 botnet are actively evolving by compromising several brands of SOHO routers and VPN appliances by leveraging a combination of both known and unknown security flaws. Targets include devices from TP-LINK, Zyxel, Asus, Axentra, D-Link, and NETGEAR, according to a new report by French cybersecurity company Sekoia. "The Quad7 botnet operators appear to be

 Feed

A "simplified Chinese-speaking actor" has been linked to a new campaign that has targeted multiple countries in Asia and Europe with the end goal of performing search engine optimization (SEO) rank manipulation. The black hat SEO cluster has been codenamed DragonRank by Cisco Talos, with victimology footprint scattered across Thailand, India, Korea, Belgium, the Netherlands, and China. "

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Polish Deputy Prime Minister Says Russia Is Waging ‘De Facto Cyberwar’ Akshaya Asokan (asokan_akshaya) • September 10, 2024     Polish Deputy Prime Minister Krzysztof Gawkowski,   show more ...

left, speaks during a Sept. 9, 2024, press conference. (Image: Government of Poland) The Polish […] La entrada Polish Government Disrupts Russian and Belarusian Hacks – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Endpoint Security , Hardware / Chip-level Security RAM-Based Radio Signal Attack Allows Attackers to Exfiltrate Data Prajeet Nair (@prajeetspeaks) • September 10, 2024     Slap a Faraday cage around these motherboards to stop RAMBO attacks. (Image: Shutterstock) A   show more ...

novel side-channel attack exploits radio signals emitted by random access memory […] La entrada RAM Signals Expose Air-Gapped Networks to Attacks – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 collaborate

Source: www.databreachtoday.com – Author: 1 Geo Focus: The United Kingdom , Geo-Specific , Governance & Risk Management Agencies Sign Agreement to Boost Cooperation, Share Cyberthreat Information Akshaya Asokan (asokan_akshaya) • September 10, 2024     The U.K. National Crime Agency and the Information   show more ...

Commissioner’s Office will share more information on cyber incidents. (Image: Shutterstock) The […] La entrada UK ICO and NCA to Collaborate on Cyber Incident Preparedness – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 commerce

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Governance & Risk Management New Tool Uses 40 Indicators to Provide In-Depth Diagnostic Analysis, Officials Say Chris Riotta (@chrisriotta) • September 10, 2024     Commerce Department officials said the agency will release   show more ...

findings from Scale in the coming weeks and months. (Image: Shutterstock) The […] La entrada Commerce Unveils ‘Scale’ Tool to Tackle Supply Chain Risks – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cloud

Source: www.databreachtoday.com – Author: 1 Thank you for registering with ISMG Complete your profile and stay up to date Need help registering? Contact Support Original Post url: https://www.databreachtoday.com/webinars/defending-cloud-essential-strategies-for-cyber-resilience-w-5813 Category & Tags:   show more ...

– Views: 0 La entrada Defending the Cloud: Essential Strategies for Cyber Resilience – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0 - CT - SOC - CSIRT Operations - Red -

Dynamic-Link Library (DLL) hijacking has been a focal technique for adversarial operations over the years, evolving from a simple exploitation method into a sophisticated and adaptive strategy for compromising software systems. The essence of DLL hijacking lies in the ability to insert malicious code into legitimate   show more ...

processes by manipulating the DLL loading mechanism within Windows […] La entrada Adaptive DLL Hijacking se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-09
Aggregator history
Wednesday, September 11
SUN
MON
TUE
WED
THU
FRI
SAT
SeptemberOctoberNovember