Oktacron - Cyber Security RSS Feeds History

Cyble’s Beenu Arora Weighs In on Mastercard’s Acquisition and Shift in Threat Intelligence Market

cyberexpress Sep 13, 2024 Business News

In the latest episode of Security Pill, The Cyber Express explored a significant shakeup in the cybersecurity industry sparked by Mastercard's acquisition of Recorded Future, one of the pioneers in threat intelligence. The discussion, featuring Beenu Arora, CEO and Co-Founder of Cyble, examined the potential show more ...

impact of this acquisition on businesses and industries across various sectors. As cybersecurity became more integrated with business strategies, Arora highlighted the importance of threat intelligence and how these changes may affect security priorities. He also discussed the broader implications of acquisitions like this, offering insights into navigating the evolving cybersecurity landscape. Watch the Video Here: https://youtu.be/Fm8cmLy-s8A?si=6qFuMRL8Q098UGRq Mastercard's Acquisition Mastercard's acquisition of Recorded Future stands out as a landmark deal in the cybersecurity industry, with many experts, including Arora, labeling it as historic. "This is one of the largest cybersecurity deals we have seen recently," said Arora. Recorded Future, known for providing real-time threat intelligence, analytics, and insights on cyber threats, has been a leader in its field for over 15 years. Arora elaborated on the implications of this acquisition, stating, "I can only imagine the possibilities, ranging from real-time threat detection for Mastercard’s ecosystem of merchants and partners to potentially improving fraud detection capabilities." He highlighted that the deal strengthens Mastercard's position in the cybersecurity space while expanding its reach beyond payment processing. The Role of Threat Intelligence Traditionally, threat intelligence has been viewed as a highly technical component of cybersecurity operations. However, with Mastercard's acquisition of Recorded Future, threat intelligence is moving from a niche technology to a central part of a company’s security and business strategy. Arora emphasized that threat intelligence should no longer be considered a "siloed technical capability" but a crucial element of broader business strategy. "Threat intelligence sits at the heart of designing business strategies," said Arora, pointing out that the acquisition reinforces the notion that threat intelligence can be a powerful tool for businesses looking to grow securely. This shift in perspective, from viewing threat intelligence as a purely technical function to integrating it into strategic decision-making, is a trend that many businesses are beginning to recognize. Paul, a co-host of the Security Pill podcast, noted that threat intelligence has become "a central component of a security plan," marking a significant shift in how businesses approach cybersecurity. He suggested that Mastercard's acquisition of Recorded Future would serve to drive this point home, further embedding threat intelligence into day-to-day operations. Navigating the Cybersecurity World As organizations increasingly prioritize cybersecurity in their business strategies, the question arises: Will acquisitions like Mastercard’s shift focus away from industries outside of its core business? Paul raised this concern during the discussion, asking whether industries such as healthcare and energy should worry about losing attention from Recorded Future, now that it is part of Mastercard’s ecosystem. Arora acknowledged that such concerns are valid but suggested that they are typical of any acquisition. "With any acquisition, the acquirer generally has their own DNA and focus," he said, explaining that Mastercard’s focus on the banking and payments sector may influence how Recorded Future operates. However, Arora pointed out that this also offers Recorded Future significant leverage by gaining access to Mastercard's extensive network of merchants and partners. While there is potential for some industries to feel neglected, Arora believes that the cybersecurity ecosystem is robust enough to fill any gaps. "If in case some vacuum gets created, there are other players who would step up to fill that vacuum," he said, mentioning Cyble’s role as one of the largest competitors to Recorded Future in mature markets. Cyble works with over 500 organizations globally, spanning both private and government sectors, positioning itself as a key player in the threat intelligence market. The Future of Threat Intelligence Looking ahead, Arora is optimistic about the growth and evolution of threat intelligence as an industry. "There’s no doubt that this industry is going to expand further," he said, noting that threat intelligence is becoming increasingly important in business strategy discussions. He emphasized that threat intelligence is now a key factor in safeguarding intellectual property, preventing cyberattacks, and mitigating risks. Moreover, as cyberattacks grow more sophisticated, threat intelligence plays a critical role in protecting businesses from both external and internal threats. State-sponsored actors, organized criminals, and financially motivated attackers are constantly seeking sensitive information, making threat intelligence indispensable for businesses looking to defend against such threats. Arora concluded by reinforcing his belief in the power of threat intelligence to drive business growth while maintaining security. "Threat Intel can be a really powerful aspect when you are intending to grow your business securely," he said, aligning with Cyble’s mission of "creating a better world for everyone." Conclusion The acquisition of Recorded Future by Mastercard marks a pivotal moment in the cybersecurity industry, further cementing the role of threat intelligence in business strategies. While there are concerns about how this acquisition may affect industries outside of Mastercard's core focus, Beenu Arora remains confident that the cybersecurity ecosystem is resilient enough to adapt. As businesses continue to prioritize cybersecurity, the integration of threat intelligence into strategic decision-making will only become more critical in safeguarding against evolving threats. This episode of Security Pill highlights the importance of staying informed about industry trends and exploring potential alternatives to ensure that organizations across all sectors can navigate the changing cybersecurity landscape.

Stealthy Fileless Attack Targets Attendees of US-Taiwan Defense Industry Conference

cyberexpress Sep 13, 2024 Firewall Daily

Cyble Research and Intelligence Labs (CRIL) has recently uncovered a sophisticated cyber campaign aimed at attendees of the upcoming US-Taiwan Defense Industry Conference. This stealthy fileless attack utilizes a malicious file to carry out an in-memory attack, evading traditional detection methods while exfiltrating show more ...

sensitive data from targeted systems. The fileless campaign detected by CRIL involves a malicious ZIP archive disguised as a legitimate registration form for the conference. This deceptive tactic is designed to trick users into executing a harmful LNK file that appears to be a PDF document. When executed, the LNK file initiates a series of covert actions to establish persistence and execute further malicious activities. Overview of the Stealthy Fileless Attack Campaign [caption id="attachment_89888" align="aligncenter" width="513"] Infection Chain (Source: Cyble)[/caption] Upon execution of the LNK file, it extracts a lure PDF and a base64-encoded executable. This executable, protected by the .NET Confuser tool, is placed in the startup folder to ensure it runs every time the system reboots. Once the executable is activated, it downloads additional malicious content, including an encrypted DLL file from a remote server. This DLL is then decrypted and loaded directly into memory, avoiding detection by conventional security tools. The campaign’s stealthiness is further enhanced by the second-stage loader, which dynamically compiles and executes C# code entirely in memory. This technique, known as in-memory execution, prevents the creation of traceable files on disk, making detection significantly more challenging. Technical Analysis CRIL's investigation revealed that the initial infection vector remains unclear, though the lure document suggests that spam emails might be used to distribute the malicious archive. The ZIP file, named "registration_form.pdf.zip," contains an LNK file with a dual extension (.pdf.lnk), misleading users into believing it is a harmless PDF document. [caption id="attachment_89890" align="alignnone" width="811"] Contents of registration_form.pdf.lnk (Source: Cyble)[/caption] When the LNK file is opened, it executes a series of commands in the background. It decodes embedded base64 content, saving the lure PDF and executable to the system. The executable is then placed in the startup folder to ensure persistence. Following this, the lure PDF is opened with the system’s default PDF viewer. The first-stage loader, "updater.exe," is designed to run from the startup directory. It sends a POST request to a compromised site, revealing the victim's machine information. The loader then retrieves additional content from a URL controlled by the attackers, including a base64-encoded and XOR-encrypted DLL file. This DLL file is dynamically loaded and executed in memory using .NET's “Assembly.Load” function. The second-stage loader follows a similar process, downloading encrypted C# code, which is compiled and executed entirely in memory. This approach effectively evades detection by traditional security measures. Data Exfiltration and Network Communication Once the compiled code is executed, it initiates the exfiltration of sensitive data. The data is sent to the attacker's server using web requests that mimic normal traffic, further complicating detection efforts. The "WebClient" object is employed to upload data in a format that resembles standard web form submissions, with the "ContentType" set to "application/x-www-form-urlencoded" and the "UserAgent" header altered to simulate a web browser. The attackers also leverage a compromised website to host and manage malicious content. This includes storing exfiltrated data and additional payloads on an exposed open directory. CKFinder, a PHP-based file management framework, is used to facilitate the upload and management of these files. The sophisticated nature of this fileless attack and its timing suggest that it is likely conducted by threat actors with geopolitical interests. Historically, Chinese threat actors have targeted Taiwan around significant political events, as evidenced by increased cyberattacks during Taiwan’s recent presidential election. While this pattern aligns with the current attack's context, the specific threat actor behind this campaign has not been identified. No direct links have been established to known advanced persistent threat (APT) groups or other threat actors. Conclusion This fileless attack exemplifies a high level of sophistication in both its execution and evasion techniques. By disguising the initial payload as a legitimate conference registration document and employing advanced in-memory execution methods, the attackers can steal sensitive information without leaving traditional traces on the disk. The timing of the attack, coinciding with the US-Taiwan Defense Industry Conference, underscores its potential intent to target valuable defense-related information. As the campaign progresses, vigilance and advanced detection strategies will be crucial in defending against such stealthy fileless attacks.

Meta Set to Un-Pause its AI Training in the UK

cyberexpress Sep 13, 2024 Business News

After months of regulatory discussions, Meta is pushing forward with its generative AI plans, leveraging public content from UK Facebook and Instagram users. The company is eager to resume AI training in the UK—though not without fresh oversight and transparency measures. The UK Information Commissioner’s Office show more ...

(ICO) has been closely watching Meta’s efforts. In June, Meta paused its AI training plans after a request from the ICO. The company has since modified its approach, streamlining its objection form and extending the time frame for users to opt out. The move reflects the complex interplay between tech giants and data privacy regulators as AI models evolve. While Meta touts its transparent approach to AI, privacy concerns remain at the forefront. Meta's Push for AI Training in the UK Meta’s latest statement shows the tech giant's intent to build AI products that mirror British culture, idioms, and history. By incorporating public content shared by adult users on its platforms, Meta hopes to tailor its generative AI models for the UK market. These models won’t just serve everyday users—they’re designed to enhance AI products for businesses and institutions across the region. By using public posts, comments, and captions, Meta said, it intends to ensure that its AI better reflects the diversity of the UK. It’s not just the technology that has evolved, but the process behind it. Meta incorporated feedback from the ICO to make its operations more transparent. The company will now notify users via in-app alerts, providing an option to object to their data being used. Regulatory Approval Awaited Since pausing its AI training earlier this year, Meta has engaged in extensive discussions with the ICO. In response, the company has improved its user-facing transparency measures. Meta’s approach—while already more transparent than that of other industry counterparts, according to its June statement—now includes a simplified, easily accessible objection form. “We’ve incorporated feedback from the ICO to make our objection form even simpler, more prominent and easier to find,” Meta said, pledging to honor all objections previously submitted. This move aligns with Meta’s broader strategy to maintain compliance with the UK’s data protection framework while continuing to develop cutting-edge AI. But despite these updates, the ICO has yet to grant regulatory approval, signaling that the tech giant remains under the watchful eye of data protection authorities. Legitimate Interests: The Legal Foundation One of the core issues that emerged during Meta’s dialogue with the ICO was the legal basis for using UK user data. The company has opted to rely on "Legitimate Interests" under UK General Data Protection Regulation (GDPR) as the legal foundation for its AI data processing. Legitimate Interests allows organizations to use personal data without explicit user consent, provided that it meets a set of criteria. According to Meta, this legal pathway strikes the right balance between innovation and user rights, particularly when using publicly available data. It’s a common method for processing large-scale data while respecting individual privacy. Still, privacy activists have voiced concerns about this approach. They argue that the nature of AI models—trained on vast datasets—could undermine individual privacy, even if the data used is technically “public.” Broader Context: Meta’s AI Strategy in Europe Meta’s AI push in the UK mirrors its broader strategy in Europe. In a June statement, the company expressed frustration with regulatory delays across the continent, particularly in Ireland, where Meta has paused AI training for the European Union. “Our approach is more transparent and offers easier controls than many of our industry counterparts already training their models on similar publicly available information,” Meta said at the time. “We remain highly confident that our approach complies with European laws and regulations... This is a step backwards for European innovation, competition in AI development and further delays bringing the benefits of AI to people in Europe.” This tension between regulation and innovation is playing out across the tech industry. Google, OpenAI, and other major players have similarly faced challenges navigating Europe’s stringent data protection rules. On the same day that Meta announced its resumption of AI training in the UK, the Irish data regulator launched an investigation to determine Google's compliance with a European privacy law. The Irish Data Protection Commission on Thursday said it is probing whether Google assessed privacy risks ahead of developing the Pathways Language Model. Google launched the PaLM multilingual generative AI model last year. The model can reason and code and is integrated with 25 Google products. Meta, however, frames its efforts as vital for European innovation. “Without including local information we’d only be able to offer people a second-rate experience,” the company explained. It stressed that AI built without European input would fall short in recognizing local languages, humor, and cultural references. The ICO's Position The ICO’s stance on AI model training has been clear: transparency and user control must come first. Stephen Almond, the ICO’s Executive Director of Regulatory Risk, reiterated this after Meta’s latest statement. “Any organisation using its users’ information to train generative AI models needs to be transparent about how people’s data is being used,” Almond said. The ICO said that it had not granted formal approval for Meta’s resumed AI training and would continue to monitor the situation closely. Meta has responded by asserting that its latest adjustments, including more robust notifications and a streamlined objection process, address these regulatory concerns. The company remains optimistic about its prospects in the UK, believing it has struck the right balance between innovation and compliance. Looking Ahead As Meta resumes AI training in the UK, the move sets the stage for a larger conversation about AI governance, privacy, and the role of regulatory bodies. Will the UK’s cautious but progressive approach serve as a model for other countries navigating the delicate balance between AI development and privacy? For Meta, the stakes are high. If successful, its AI products could reshape how businesses and individuals interact with technology. If not, the company may face further regulatory roadblocks, both in the UK and across Europe. With AI shaping up to be the next frontier of technological innovation, how companies like Meta navigate these challenges will be crucial. And as regulators keep a close eye on these developments, the future of AI—and data privacy—remains uncertain.

UK Data Centers Gain Critical National Infrastructure Status Amid £4Bn Investment

cyberexpress Sep 13, 2024 Cyber Essentials

UK data centers are now critical assets, at power with electricity grids and water supply systems. In a landmark move, the UK government has classified data centers as Critical National Infrastructure (CNI) for the first time in nearly a decade. This designation, announced by Technology Secretary Peter Kyle on show more ...

Thursday, aligns data centers with energy and water systems in terms of national importance. Statistically, UK houses more than 500 data centers. The latest change in government's stance reflects growing recognition of the sector's vital role in powering the digital economy and securing sensitive data. This new CNI status will provide data centers with enhanced government support during emergencies, including cyberattacks and adverse weather events. The designation ensures that the data held in these facilities—ranging from personal photos to critical NHS records—will be better protected and less susceptible to disruptions. "CNI designation will, for example, see the setting up of a dedicated CNI data infrastructure team of senior government officials who will monitor and anticipate potential threats, provide prioritised access to security agencies including the National Cyber Security Centre, and coordinate access to emergency services should an incident occur." Data Centers Engines of Digital World The move comes as the government also backs a significant investment in the sector. A proposed £3.75 billion development for Europe’s largest data center, planned by DC01UK in Hertfordshire, is set to create over 700 local jobs and support nearly 14,000 positions across the UK. Kyle said, "Data centers are the engines of modern life, they power the digital economy and keep our most personal information safe. Bringing data centers into the Critical National Infrastructure regime will allow better coordination and cooperation with the government against cyber criminals and unexpected events. Under the new CNI status, data centers will benefit from a dedicated infrastructure team composed of senior government officials. This team will focus on monitoring and anticipating threats, ensuring prioritized access to security agencies such as the National Cyber Security Centre (NCSC), and coordinating emergency responses. These measures aim to mitigate the risk of data breaches and other disruptions that could impact essential services and public trust. This development also marks a shift in how the UK views digital infrastructure. The CNI designation shows the critical nature of data centers in safeguarding public and private sector information. It also aims to deter cybercriminals by enhancing security measures and providing more robust protection against attacks targeting vital health and financial data. Critical National Infrastructure Status will Heighten Trust In addition to improving security, the CNI status is expected to boost business confidence in investing in UK data centers. The sector, which already generates approximately £4.6 billion annually, will benefit from greater stability and support, potentially attracting more international investment and fostering economic growth. The announcement follows recent incidents that reflects the sector’s vulnerabilities. For instance, the CrowdStrike incident earlier this summer disrupted 60% of GP practices, affecting patients’ appointment details and health records. Such events have highlighted the need for enhanced protection and the critical role of data centers in maintaining service continuity. Equinix UK Managing Director Bruce Owen welcomed the decision, emphasizing the integral role of digital infrastructure in modern life. The internet, and the digital infrastructure that underpins it, has rapidly grown to be as fundamental to each one of our daily lives as water, gas, and electricity," Owen said. "We are pleased to see the government recognize this and take steps to safeguard the industry." Matthew Evans, Director of Markets and COO at techUK, also supported the move. "Data centers are fundamental to our digitizing economy and are a key driver of growth," Evans said. "We look forward to collaborating closely with the government to ensure the successful implementation of these new measures." The introduction of Critical National Infrastructure status for data centers reflects a broader strategy to enhance the UK's cyber resilience and support technological advancements. With the introduction of the Cyber Security and Resilience Bill and other initiatives, the government aims to strengthen the country’s defenses against cyber threats and bolster economic growth through increased investment in digital infrastructure. As the UK continues to position itself as a leader in data security and digital innovation, the new CNI designation for data centers represents a significant step in ensuring the stability and resilience of its critical infrastructure.

FBI & CISA Address Voter Hacking Disinformation: Protecting U.S. Election 2024 Integrity

cyberexpress Sep 13, 2024 Firewall Daily

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have highlighted a growing concern about the spread of false claims related to voting. The announcement, titled "Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U. show more ...

S. Elections," aims to educate the public on how disinformation tactics are being used to manipulate perceptions and undermine trust in the U.S. electoral process. The announcement comes amid increasing concerns over cybersecurity and the integrity of elections, particularly with the 2024 election cycle approaching. Both the FBI and CISA have observed a troubling trend where foreign actors and cybercriminals propagate misleading information about alleged breaches in U.S. voter registration databases. These claims often exaggerate or fabricate details about voter information hacking to discredit the electoral system and erode public trust. FBI and CISA Stresses Upon Voting Disinformation [caption id="attachment_89844" align="alignnone" width="1003"] Announcement of Just So You Know: False Claims of Hacked Voter Information Likely Intended to Sow Distrust of U.S. Elections (Source: CISA)[/caption] CISA Senior Advisor Cait Conley emphasized the importance of skepticism regarding such claims. This PSA is designed to inform the public that reports of compromised election infrastructure, such as a hacked voter registration database, should be scrutinized. These allegations are frequently used by foreign entities to influence public opinion and disrupt confidence in our democratic institutions," Conley stated. The FBI, through its Cyber Division, has been actively investigating attempts by malicious actors to interfere with U.S. elections. Deputy Assistant Director Cynthia Kaiser explained, "Our investigations have shown that these actors often attempt to undermine public trust by exaggerating claims about obtaining U.S. voter information. We urge the public to critically assess any reports of hacked voter information and understand that much of the voter registration data is publicly accessible. The issue of voter information hacking has become a significant point of concern, especially as misinformation campaigns progresses. The FBI and CISA work collaboratively with federal, state, local, and territorial election officials to safeguard the voting process and enhance the resilience of U.S. elections. Their efforts include providing support, sharing critical information, and debunking false claims related to voting hacking. Disinformation and Personal Agendas The rise of disinformation regarding voter information hacking has prompted both agencies to increase their outreach and educational efforts. They stress that while voter registration information is indeed public, the integrity and security of the election process remain intact. The goal is to prevent misinformation from gaining traction and to ensure that the American public maintains a robust confidence in the democratic system. As the 2024 elections draw nearer, the vigilance of both the FBI and CISA underscores their commitment to protecting electoral integrity. By informing the public about the tactics used by disinformation agents and encouraging a critical approach to sensational claims, they aim to fortify the trust in the U.S. election process. The joint public service announcement (PSA) from the FBI and CISA is an important reminder for the public to critically assess any claims of election-related hacking. This PSA highlights the necessity of skepticism towards unverified allegations, especially those alleging breaches of voter information. Both agencies emphasize their ongoing commitment to addressing and debunking false narratives about voting hacking. Their work is focused on safeguarding the security and integrity of U.S. elections. For the public, it is crucial to stay well-informed and discerning about the sources of information related to election security. As misinformation can easily spread, relying on verified and authoritative sources is essential for understanding the true state of U.S. elections. The FBI and CISA's efforts are aimed at ensuring that the electoral process remains transparent and secure, reinforcing public confidence and countering disinformation campaigns effectively. Role of the FBI and CISA in Elections The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) play critical roles in ensuring the security and integrity of U.S. elections. Their coordinated efforts involve working closely with federal, state, local, and territorial election officials to provide essential services and information aimed at enhancing the security of election processes and maintaining the resilience of the electoral system. To support their mission, both the FBI and CISA encourage the public to report any suspicious or criminal activities, such as ransomware attacks, to the FBI Internet Crime Complaint Center (IC3) at www.ic3.gov. Cyber incidents can also be reported directly to CISA by calling 1-844-Say-CISA (1-844-729-2472), emailing report@dhs.cisa.gov, or reporting online at cisa.gov/report. For additional assistance and resources, individuals can visit CISA’s Stop Ransomware page for guidance on tackling ransomware, explore the CISA #Protect2024 initiative for protection against various election-related risks, and utilize Protected Voices for resources on defending against online foreign influence operations, cyber threats, and federal election crimes. These resources are designed to help individuals and organizations stay informed and prepared against potential threats to election security.

India Ascends to Tier 1 Rank in Global Cybersecurity Index (GCI 2024)

cyberexpress Sep 13, 2024 Research

India has claimed a spot in the Tier-1 category in the latest Global Cybersecurity Index (GCI) 2024, released by the International Telecommunication Union (ITU). With a rank of 98.49, India is one of the 47 countries that has been adjudged as a leading nation which has demonstrated commitment to robust cybersecurity show more ...

practices. The GCI conducts a comprehensive assessment of national cybersecurity preparedness annually. It evaluates countries across five key pillars: legal, technical, organizational, capacity development, and cooperation. In its fifth annual report, the GCI found India taking strong actionable cybersecurity measures in all these crucial areas. Legal Measures Boosts India's Rank in Global Cybersecurity Index According to the GCI 2024 report, India excelled in the legal pillar, establishing a robust framework of laws and regulations to govern cybersecurity. The Information Technology Act (2000) and its amendments hold significant weight in this regard, outlining measures to combat cybercrime, protect critical infrastructure, and ensure data privacy. Additionally, the passage of the Digital Personal Data Protection Bill (2022) further strengthens India's legal framework, providing enhanced safeguards for citizen data. [caption id="attachment_89896" align="alignnone" width="1050"] Source: GCI 2024[/caption] Technical Prowess and Capacity Building India's technical prowess also contributed to its Tier 1 placement. The country has witnessed a surge in initiatives promoting secure infrastructure and technology adoption. This includes the establishment of the Indian Computer Emergency Response Team (CERT-In), a national body dedicated to cyber incident response and threat mitigation. Additionally, various government programs promote capacity building through training and awareness initiatives across diverse sectors. The GCI report underscores the importance of international cooperation in the fight against cybercrime. India has actively participated in global efforts, fostering collaboration with international organizations and other nation-states. This includes participation in forums like the Budapest Convention on Cybercrime and joint cybersecurity exercises with partner countries. Ranking of Other Countries, Challenges As many as 47 countries out of 194 made it to the Tier 1 of the GCI report. Among the countries in the category, 12 received a perfect score of 100 including Korea, the U.K., Denmark, Italy, Finland and the United Arab Emirates. [caption id="attachment_89897" align="alignnone" width="962"] Source: GCI 2024[/caption] Worrisome threats highlighted in the report included ransomware attacks targeting government services and other sectors, cyber breaches affecting core industries, costly system outages, and breaches of privacy for individuals and organizations. “Building trust in the digital world is paramount," said Doreen Bogdan-Martin, ITU Secretary-General. “The progress seen in the Global Cybersecurity Index is a sign that we must continue to focus efforts to ensure that everyone, everywhere can safely and securely manage cyberthreats in today's increasingly complex digital landscape." Most countries are either “establishing" (Tier 3) or “evolving" (Tier 4) in terms of cybersecurity. The 105 countries in these tiers have largely expanded digital services and connectivity but still need to integrate cybersecurity measures. A "cyber capacity gap" – characterized by limitations in skills, staffing, equipment and funding – was evident in many countries and across all regional groups, according to the report. Legal measures are the strongest cybersecurity pillar for most countries: 177 countries have at least one regulation on either personal data protection, privacy protection, or breach notification in force or in progress, it added. Challenges Remain While India's ascension to Tier 1 is a cause for celebration, challenges still remain. The ever-evolving cyber threat landscape demands continuous vigilance and adaptation. Bridging the digital divide and ensuring equitable access to cybersecurity resources across all segments of society is crucial. Additionally, fostering a culture of cyber hygiene and raising public awareness about online threats remain key priorities. India's placement in Tier 1 presents an opportunity to build upon its achievements. Continuous improvement in legal frameworks, investment in cutting-edge technology, and fostering a collaborative environment both within and across borders will be critical for maintaining its leadership position. By prioritizing cybersecurity, India can pave the way for a more secure and resilient digital future for its citizens and businesses.

Fortinet Confirms Data Breach After Hacker Claims 440GB Heist

cyberexpress Sep 13, 2024 Press Release

Cybersecurity giant Fortinet, known for its firewalls and network security solutions, has confirmed a cybersecurity incident affecting its systems. The Fortinet data breach confirmation comes following a hacker's claim of stealing a massive 440 gigabytes of files from the company’s Microsoft SharePoint server. show more ...

Apart from selling secure networking products, the company also offers SIEM, network management, and EDR/XDR solutions, as well as consulting services. While the exact details of the Fortinet data breach remain unclear, the incident raises concerns about the security of sensitive information entrusted to the company. Analyzing the Fortinet Data Breach On September 12, 2024, a threat actor surfaced on dark web marketplace Breachforums, boasting about accessing a significant amount of data from Fortinet's Microsoft Azure SharePoint server. The stolen files reportedly included credentials for an S3 storage bucket, potentially containing sensitive user information. The bad actor, operating under the alias "Fortibitch", claimed to have also reached out to Fortinet's founder Ken Xie who allegedly abandoned ransom negotiations. The hacker also questioned why Fortinet had not yet filed an 8-K disclosure at the U.S. Securities and Exchange Commission (SEC), which is a mandatory disclosure for security incidents affecting publicly traded companies. Fortinet Downplays Data Breach Fortinet quickly responded by acknowledging the unauthorized access. In a statement on its website, the company disclosed, "An individual gained unauthorized access to a limited number of files stored on Fortinet’s instance of a third-party cloud-based shared file drive, which included limited data related to a small number (less than 0.3%) of Fortinet customers." According to Fortinet, it has more than 755,000 customers, which means approximately 2,265 customers could be impacted. The company denied claims of any malware attack on its systems. “To-date there is no indication that this incident has resulted in malicious activity affecting any customers. Fortinet’s operations, products, and services have not been impacted, and we have identified no evidence of additional access to any other Fortinet resource. The incident did not involve any data encryption, deployment of ransomware, or access to Fortinet’s corporate network,” the statement read. Throwing light on its internal investigation, Fortinet said, "Given the limited nature of the incident, we have not experienced, and do not currently believe that the incident is reasonably likely to have a material impact to our financial condition or operating results." The company added that it has already contacted those who were potentially impacted. However, the exact nature of the stolen data and the potential consequences for affected customers remain ambiguous. Fortinet hasn't explicitly confirmed or denied the hacker's claim of stealing 440GB of data. Additionally, details regarding the type of information compromised like contact details and financial information are scarce. This lack of transparency leaves many customers feeling uncertain about the extent of the breach and the potential risks involved. This incident highlights the growing threats faced by cybersecurity companies themselves. As companies like Fortinet become the guardians of sensitive data, they become prime targets for hackers seeking valuable information. The Way Forward Following the breach, it's crucial for Fortinet to prioritize transparency and customer communication. The company should outline the specific data compromised and the steps affected customers can take to mitigate any potential risks. Additionally, a thorough investigation into the breach is necessary to identify vulnerabilities and prevent similar incidents in the future. In the meantime, customers can take proactive measures to protect themselves. It's advisable to change passwords associated with any accounts potentially linked to Fortinet. Implementing multi-factor authentication (MFA) for added security is also recommended. The Fortinet data breach serves as a stark reminder of the ever-present threat of cyberattacks. By prioritizing transparency, robust security practices, and customer communication, cybersecurity companies can build trust and mitigate the impact of such incidents. *Update September 13, 11:30 AM: Based on the customer count that Fortinet has on its website, included an approximate number of customers impacted in the Fortinet data breach.

Transatlantic Cable podcast episode 363 | Kaspersky official blog

kaspersky Sep 13, 2024 News

Episode 363 kicks off with a discussion around moderation on the popular messaging service, Telegram. From there the team move to discuss how one person managed to siphon off over $10 million from the likes of Spotify and Apple using bots to stream music. To wrap up the team discuss two stories, the first looking at show more ...

how the Democrats in America are using brain rot videos, and the second looks at the seedy underworld of stolen mobile phones. If you like what you heard, please consider subscribing. Telegram reportedly inundated with illegal and extremist activity Musician charged with $10M streaming royalties fraud using AI and bots Kamala Harris Campaign Experiments With Ads for an Audience With Brain Rot Thieves snatched his phone in London it was in China a month later

The Dark Nexus Between Harm Groups and ‘The Com’

krebsonsecurity Sep 13, 2024 Breadcrumbs

A cyberattack that shut down two of the top casinos in Las Vegas last year quickly became one of the most riveting security stories of 2023. It was the first known case of native English-speaking hackers in the United States and Britain teaming up with ransomware gangs based in Russia. But that made-for-Hollywood show more ...

narrative has eclipsed a far more hideous trend: Many of these young, Western cybercriminals are also members of fast-growing online groups that exist solely to bully, stalk, harass and extort vulnerable teens into physically harming themselves and others. Image: Shutterstock. In September 2023, a Russian ransomware group known as ALPHV/Black Cat claimed credit for an intrusion at the MGM Resorts hotel chain that quickly brought MGM’s casinos in Las Vegas to a standstill. While MGM was still trying to evict the intruders from its systems, an individual who claimed to have firsthand knowledge of the hack contacted multiple media outlets to offer interviews about how it all went down. One account of the hack came from a 17-year-old in the United Kingdom, who told reporters the intrusion began when one of the English-speaking hackers phoned a tech support person at MGM and tricked them into resetting the password for an employee account. The security firm CrowdStrike dubbed the group “Scattered Spider,” a recognition that the MGM hackers came from different cliques scattered across an ocean of Telegram and Discord servers dedicated to financially-oriented cybercrime. Collectively, this archipelago of crime-focused chat communities is known as “The Com,” and it functions as a kind of distributed cybercriminal social network that facilitates instant collaboration. But mostly, The Com is a place where cybercriminals go to boast about their exploits and standing within the community, or to knock others down a peg or two. Top Com members are constantly sniping over who pulled off the most impressive heists, or who has accumulated the biggest pile of stolen virtual currencies. And as often as they extort victim companies for financial gain, members of The Com are trying to wrest stolen money from their cybercriminal rivals — often in ways that spill over into physical violence in the real world. CrowdStrike would go on to produce and sell Scattered Spider action figures, and it featured a life-sized Scattered Spider sculpture at this year’s RSA Security Conference in San Francisco. But marketing security products and services based on specific cybercriminal groups can be tricky, particularly if it turns out that robbing and extorting victims is by no means the most abhorrent activity those groups engage in on a daily basis. KrebsOnSecurity examined the Telegram user ID number of the account that offered media interviews about the MGM hack — which corresponds to the screen name “@Holy” — and found the same account was used across a number of cybercrime channels that are entirely focused on extorting young people into harming themselves or others, and recording the harm on video. HOLY NAZI Holy was known to possess multiple prized Telegram usernames, including @bomb, @halo, and @cute, as well as one of the highest-priced Telegram usernames ever put up for sale: @nazi. In one post on a Telegram channel dedicated to youth extortion, this same user can be seen asking if anyone knows the current Telegram handles for several core members of 764, an extremist group known for victimizing children through coordinated online campaigns of extortion, doxing, swatting and harassment. People affiliated with harm groups like 764 will often recruit new members by lurking on gaming platforms, social media sites and mobile applications that are popular with young people, including Discord, Minecraft, Roblox, Steam, Telegram, and Twitch. “This type of offence usually starts with a direct message through gaming platforms and can move to more private chatrooms on other virtual platforms, typically one with video enabled features, where the conversation quickly becomes sexualized or violent,” warns a recent alert from the Royal Canadian Mounted Police (RCMP) about the rise of sextortion groups on social media channels. “One of the tactics being used by these actors is sextortion, however, they are not using it to extract money or for sexual gratification,” the RCMP continued. “Instead they use it to further manipulate and control victims to produce more harmful and violent content as part of their ideological objectives and radicalization pathway.” The 764 network is among the most populated harm communities, but there are plenty more. Some of the largest such known groups include CVLT, Court, Kaskar, Leak Society, 7997, 8884, 2992, 6996, 555, Slit Town, 545, 404, NMK, 303, and H3ll. In March, a consortium of reporters from Wired, Der Spiegel, Recorder and The Washington Post examined millions of messages across more than 50 Discord and Telegram chat groups. “The abuse perpetrated by members of com groups is extreme,” Wired’s Ali Winston wrote. “They have coerced children into sexual abuse or self-harm, causing them to deeply lacerate their bodies to carve ‘cutsigns’ of an abuser’s online alias into their skin.” The story continues: “Victims have flushed their heads in toilets, attacked their siblings, killed their pets, and in some extreme instances, attempted or died by suicide. Court records from the United States and European nations reveal participants in this network have also been accused of robberies, in-person sexual abuse of minors, kidnapping, weapons violations, swatting, and murder.” “Some members of the network extort children for sexual pleasure, some for power and control. Some do it merely for the kick that comes from manipulation. Others sell the explicit CSAM content produced by extortion on the dark web.” KrebsOnSecurity has learned Holy is the 17-year-old who was arrested in July 2024 by the U.K.’s West Midlands Police as part of a joint investigation with the FBI into the MGM hack. Early in their cybercriminal career (as a 15-year-old), @Holy went by the handle “Vsphere,” and was a proud member of the LAPSUS$ cybercrime group. Throughout 2022, LAPSUS$ would hack and social engineer their way into some of the world’s biggest technology companies, including EA Games, Microsoft, NVIDIA, Okta, Samsung, and T-Mobile. JUDISCHE/WAIFU Another timely example of the overlap between harm communities and top members of The Com can be found in a group of criminals who recently stole obscene amounts of customer records from users of the cloud data provider Snowflake. At the end of 2023, malicious hackers figured out that many major companies have uploaded massive amounts of valuable and sensitive customer data to Snowflake servers, all the while protecting those Snowflake accounts with little more than a username and password (no multi-factor authentication required). The group then searched darknet markets for stolen Snowflake account credentials, and began raiding the data storage repositories used by some of the world’s largest corporations. Among those that had data exposed in Snowflake was AT&T, which disclosed in July that cybercriminals had stolen personal information and phone and text message records for roughly 110 million people — nearly all its customers. A report on the extortion group from the incident response firm Mandiant notes that Snowflake victim companies were privately approached by the hackers, who demanded a ransom in exchange for a promise not to sell or leak the stolen data. All told, more than 160 organizations were extorted, including TicketMaster, Lending Tree, Advance Auto Parts and Neiman Marcus. On May 2, 2024, a user by the name “Judische” claimed on the fraud-focused Telegram channel Star Chat that they had hacked Santander Bank, one of the first known Snowflake victims. Judische would repeat that claim in Star Chat on May 13 — the day before Santander publicly disclosed a data breach — and would periodically blurt out the names of other Snowflake victims before their data even went up for sale on the cybercrime forums. A careful review of Judische’s account history and postings on Telegram shows this user is more widely known under the nickname “Waifu,” an early moniker that corresponds to one of the more accomplished SIM-swappers in The Com over the years. In a SIM-swapping attack, the fraudsters will phish or purchase credentials for mobile phone company employees, and use those credentials to redirect a target’s mobile calls and text messages to a device the attackers control. Several channels on Telegram maintain a frequently updated leaderboard of the 100 richest SIM-swappers, as well as the hacker handles associated with specific cybercrime groups (Waifu is ranked #24). That leaderboard has long included Waifu on a roster of hackers for a group that called itself “Beige.” Beige members were implicated in two stories published here in 2020. The first was an August 2020 piece called Voice Phishers Targeting Corporate VPNs, which warned that the COVID-19 epidemic had brought a wave of voice phishing or “vishing” attacks that targeted work-from-home employees via their mobile devices, and tricked many of those people into giving up credentials needed to access their employer’s network remotely. Beige group members also have claimed credit for a breach at the domain registrar GoDaddy. In November 2020, intruders thought to be associated with the Beige Group tricked a GoDaddy employee into installing malicious software, and with that access they were able to redirect the web and email traffic for multiple cryptocurrency trading platforms. The Telegram channels that Judische and his related accounts frequented over the years show this user divides their time between posting in SIM-swapping and cybercrime cashout channels, and harassing and stalking others in harm communities like Leak Society and Court. Mandiant has attributed the Snowflake compromises to a group it calls “UNC5537,” with members based in North America and Turkey. KrebsOnSecurity has learned Judische is a 26-year-old software engineer in Ontario, Canada. Sources close to the investigation into the Snowflake incident tell KrebsOnSecurity the UNC5537 member in Turkey is John Erin Binns, an elusive American man indicted by the U.S. Department of Justice (DOJ) for a 2021 breach at T-Mobile that exposed the personal information of at least 76.6 million customers. Binns is currently in custody in a Turkish prison and fighting his extradition. Meanwhile, he has been suing almost every federal agency and agent that contributed investigative resources to his case. In June 2024, a Mandiant employee told Bloomberg that UNC5537 members have made death threats against cybersecurity experts investigating the hackers, and that in one case the group used artificial intelligence to create fake nude photos of a researcher to harass them. ViLE In June 2024, two American men pleaded guilty to hacking into a U.S. Drug Enforcement Agency (DEA) online portal that tapped into 16 different federal law enforcement databases. Sagar “Weep” Singh, a 20-year-old from Rhode Island, and Nicholas “Convict” Ceraolo, 25, of Queens, NY, were both active in SIM-swapping communities. Singh and Ceraolo hacked into a number of foreign police department email accounts, and used them to make phony “emergency data requests” to social media platforms seeking account information about specific users they were stalking. According to the government, in each case the men impersonating the foreign police departments told those platforms the request was urgent because the account holders had been trading in child pornography or engaging in child extortion. Eventually, the two men formed part of a group of cybercriminals known to its members as “ViLE,” who specialize in obtaining personal information about third-party victims, which they then used to harass, threaten or extort the victims, a practice known as “doxing.” The U.S. government says Singh and Ceraolo worked closely with a third man — referenced in the indictment as co-conspirator #1 or “CC-1” — to administer a doxing forum where victims could pay to have their personal information removed. The government doesn’t name CC-1 or the doxing forum, but CC-1’s hacker handle is “Kayte” (a.k.a. “KT“) which corresponds to the nickname of a 23-year-old man who lives with his parents in Coffs Harbor, Australia. For several years (with a brief interruption), KT has been the administrator of a truly vile doxing community known as the Doxbin. A screenshot of the website for the cybercriminal group “ViLE.” Image: USDOJ. People whose names and personal information appear on the Doxbin can quickly find themselves the target of extended harassment campaigns, account hacking, SIM-swapping and even swatting — which involves falsely reporting a violent incident at a target’s address to trick local police into responding with potentially deadly force. A handful of Com members targeted by federal authorities have gone so far as to perpetrate swatting, doxing, and other harassment against the same federal agents who are trying to unravel their alleged crimes. This has led some investigators working cases involving the Com to begin redacting their names from affidavits and indictments filed in federal court. In January 2024, KrebsOnSecurity broke the news that prosecutors in Florida had charged a 19-year-old alleged Scattered Spider member named Noah Michael Urban with wire fraud and identity theft. That story recounted how Urban’s alleged hacker identities “King Bob” and “Sosa” inhabited a world in which rival cryptocurrency theft rings frequently settled disputes through so-called “violence-as-a-service” offerings — hiring strangers online to perpetrate firebombings, beatings and kidnappings against their rivals. Urban’s indictment shows the name of the federal agent who testified to it has been blacked out: The final page of Noah Michael Urban’s indictment shows the investigating agent redacted their name from charging documents. HACKING RINGS, STALKING VICTIMS In June 2022, this blog told the story of two men charged with hacking into the Ring home security cameras of a dozen random people and then methodically swatting each of them. Adding insult to injury, the men used the compromised security cameras to record live footage of local police swarming those homes. McCarty, in a mugshot. James Thomas Andrew McCarty, Charlotte, N.C., and Kya “Chumlul” Nelson, of Racine, Wisc., conspired to hack into Yahoo email accounts belonging to victims in the United States. The two would check how many of those Yahoo accounts were associated with Ring accounts, and then target people who used the same password for both accounts. The Telegram and Discord aliases allegedly used by McCarty — “Aspertaine” and “Couch,” among others — correspond to an identity that was active in certain channels dedicated to SIM-swapping. What KrebsOnSecurity didn’t report at the time is that both ChumLul and Aspertaine were active members of CVLT, wherein those identities clearly participated in harassing and exploiting young teens online. In June 2024, McCarty was sentenced to seven years in prison after pleading guilty to making hoax calls that elicited police SWAT responses. Nelson also pleaded guilty and received a seven-year prison sentence. POMPOMPURIN In March 2023, U.S. federal agents in New York announced they’d arrested “Pompompurin,” the alleged administrator of Breachforums, an English-language cybercrime forum where hacked corporate databases frequently appear for sale. In cases where the victim organization isn’t extorted in advance by hackers, being listed on Breachforums has often been the way many victims first learned of an intrusion. Pompompurin had been a nemesis to the FBI for several years. In November 2021, KrebsOnSecurity broke the news that thousands of fake emails about a cybercrime investigation were blasted out from the FBI’s email systems and Internet addresses. Pompompurin took credit for that stunt, and said he was able to send the FBI email blast by exploiting a flaw in an FBI portal designed to share information with state and local law enforcement authorities. The FBI later acknowledged that a software misconfiguration allowed someone to send the fake emails. In December, 2022, KrebsOnSecurity detailed how hackers active on BreachForums had infiltrated the FBI’s InfraGard program, a vetted network designed to build cyber and physical threat information sharing partnerships with experts in the private sector. The hackers impersonated the CEO of a major financial company, applied for InfraGard membership in the CEO’s name, and were granted admission to the community. The feds named Pompompurin as 21-year-old Peekskill resident Conor Brian Fitzpatrick, who was originally charged with one count of conspiracy to solicit individuals to sell unauthorized access devices (stolen usernames and passwords). But after FBI agents raided and searched the home where Fitzpatrick lived with his parents, prosecutors tacked on charges for possession of child pornography. DOMESTIC TERRORISM? Recent actions by the DOJ indicate the government is well aware of the significant overlap between leading members of The Com and harm communities. But the government also is growing more sensitive to the criticism that it can often take months or years to gather enough evidence to criminally charge some of these suspects, during which time the perpetrators can abuse and recruit countless new victims. Late last year, however, the DOJ signaled a new tactic in pursuing leaders of harm communities like 764: Charging them with domestic terrorism. In December 2023, the government charged (PDF) a Hawaiian man with possessing and sharing sexually explicit videos and images of prepubescent children being abused. Prosecutors allege Kalana Limkin, 18, of Hilo, Hawaii, admitted he was an associate of CVLT and 764, and that he was the founder of a splinter harm group called Cultist. Limkin’s Telegram profile shows he also was active on the harm community Slit Town. The relevant citation from Limkin’s complaint reads: “Members of the group ‘764’ have conspired and continue to conspire in both online and in-person venues to engage in violent actions in furtherance of a Racially Motivated Violent Extremist ideology, wholly or in part through activities that violate federal criminal law meeting the statutory definition of Domestic Terrorism, defined in Title 18, United States Code, § 2331.” Experts say charging harm groups under anti-terrorism statutes potentially gives the government access to more expedient investigative powers than it would normally have in a run-of-the-mill criminal hacking case. “What it ultimately gets you is additional tools you can use in the investigation, possibly warrants and things like that,” said Mark Rasch, a former U.S. federal cybercrime prosecutor and now general counsel for the New York-based cybersecurity firm Unit 221B. “It can also get you additional remedies at the end of the case, like greater sanctions, more jail time, fines and forfeiture.” But Rasch said this tactic can backfire on prosecutors who overplay their hand and go after someone who ends up challenging the charges in court. “If you’re going to charge a hacker or pedophile with a crime like terrorism, that’s going to make it harder to get a conviction,” Rasch said. “It adds to the prosecutorial burden and increases the likelihood of getting an acquittal.” Rasch said it’s unclear where it is appropriate to draw the line in the use of terrorism statutes to disrupt harm groups online, noting that there certainly are circumstances where individuals can commit violations of domestic anti-terrorism statutes through their Internet activity alone. “The Internet is a platform like any other, where virtually any kind of crime that can be committed in the real world can also be committed online,” he said. “That doesn’t mean all misuse of computers fits within the statutory definition of terrorism.” The RCMP’s advisory on sexual extortion of minors over the Internet lists a number of potential warning signs that teens may exhibit if they become entangled in these harm groups. The FBI urges anyone who believes their child or someone they know is being exploited to contact their local FBI field office, call 1-800-CALL-FBI, or report it online at tips.fbi.gov.

Microsoft VS Code Undermined in Asian Spy Attack

darkreading Sep 13, 2024 Feed

A technique to abuse Microsoft's built-in source code editor has finally made it into the wild, thanks to China's Mustang Panda APT.

Compliance Automation Pays Off for a Growing Company

darkreading Sep 13, 2024 Feed

In this case study, a CISO helps a B2B marketing automation company straighten out its manual compliance process by automating it.

Malicious Actors Sow Discord With False Election Compromise Claims

darkreading Sep 13, 2024 Feed

The FBI and CISA are warning citizens of attempts to convince voters that US election infrastructure has been compromised. (It hasn't been.)

Over a Third of Cyberattacks Result in Job Losses

darkreading Sep 13, 2024 Feed

99% of Business Leaders Have Concerns About the Trustworthiness of Internal Data

darkreading Sep 13, 2024 Feed

Cloud-Native Network Security Up 17%, Hardware Down 2%

darkreading Sep 13, 2024 Feed

Hardware Supply Chain Threats Can Undermine Endpoint Infrastructure

darkreading Sep 13, 2024 Feed

To prevent this, organizations should focus on developing secure hardware and firmware foundations, enabling them to manage, monitor, and remediate hardware and firmware security.

NFL Teams Block & Tackle Cyberattacks in a Digital World

darkreading Sep 13, 2024 Feed

As the 104th season of the National Football League kicks off, expect cyberattacks aimed at its customers, players, and arenas.

Fortinet Confirms Customer Data Breach via Third Party

darkreading Sep 13, 2024 Feed

The incident is a reminder why organizations need to pay attention to how they store and secure data in SaaS and cloud environments.

Adobe Completes Fix for Reader Bug with Known PoC Exploit

cyware Sep 13, 2024 Malware and Vulnerabilities

Adobe has completed a fix for a critical bug in Reader with a known Proof of Concept (PoC) exploit for CVE-2024-41869. The update also addresses another critical flaw, CVE-2024-45112, in various versions of Acrobat and Reader.

New Linux Malware "Hadooken' Targets Oracle WebLogic Applications

cyware Sep 13, 2024 Malware and Vulnerabilities

A new Linux malware named Hadooken is targeting Oracle WebLogic servers, dropping Tsunami malware and deploying a cryptominer. WebLogic servers are vulnerable to cyberattacks due to flaws like deserialization and weak access controls.

SolarWinds Reveals RCE Flaw in Access Rights Manager

cyware Sep 13, 2024 Malware and Vulnerabilities

SolarWinds has disclosed two vulnerabilities in their Access Rights Manager (ARM) software: CVE-2024-28990 (CVSS 6. 3) allows for a hardcoded credential authentication bypass, while CVE-2024-28991 (CVSS 9. 0) enables remote code execution.

Fake Recruiter Coding Tests Target Developers With Malicious Python Packages

cyware Sep 13, 2024 Threat Actors

The Lazarus Group has been targeting developers in a new VMConnect campaign, using fake job interviews to trick them into downloading malicious software packages from open-source repositories.

Update: Hackers Target Apache OFBiz RCE Flaw CVE-2024-45195 After PoC Exploit Released

cyware Sep 13, 2024 Malware and Vulnerabilities

Hackers are targeting an RCE vulnerability (CVE-2024-45195) in Apache OFBiz after the release of a Proof of Concept (PoC) exploit. Malicious requests have been detected, with attacks focusing on the financial services industry and business sectors.

Chinese-speaking Hackers Linked to DragonRank SEO Manipulator Service

cyware Sep 13, 2024 Threat Actors

By exploiting web app services, the attackers deploy a web shell to launch malware and gather credentials, compromising IIS servers to spread the BadIIS malware. The malware facilitates proxy ware and SEO fraud by manipulating search engine rankings.

Two Critical RCE Flaws Discovered in Docker Desktop

cyware Sep 13, 2024 Malware and Vulnerabilities

Two critical remote code execution (RCE) flaws, identified as CVE-2024-8695 and CVE-2024-8696, have been uncovered in Docker Desktop, a popular tool for containerized application development.

Iranian APT Hackers Target Iraqi Government in New Espionage Campaign

cyware Sep 13, 2024 Threat Actors

The group deployed sophisticated malware named Veaty and Spearal against Iraqi targets, using distinctive command and control mechanisms, including a custom email-based channel identified within the Veaty malware.

Critical Severity Flaw Exposes Siemens Industrial Systems

cyware Sep 13, 2024 Malware and Vulnerabilities

This flaw, tracked as CVE-2024-35783 and with a CVSS score of 9.4, affects SIMATIC Process Historian, PCS 7, and WinCC, allowing attackers to gain elevated privileges and execute arbitrary commands.

New Hadooken Linux Malware Targets WebLogic Servers

packetstormsecurity Sep 13, 2024 headline,malware,linux

Apple Patches Vision Pro Vuln To Prevent GAZEploit Attacks

packetstormsecurity Sep 13, 2024 headline,flaw,patch,apple

Fortinet Admits Miscreant Got Hold Of Customer Data In The Cloud

packetstormsecurity Sep 13, 2024 headline,hacker,privacy,data loss

20 Gigs Of Data Supposedly Stolen From Capgemini

packetstormsecurity Sep 13, 2024 headline,hacker,privacy,data loss

Old WHOIS Domain Could Have Issued Fraudulent TLS/SSL Certs

packetstormsecurity Sep 13, 2024 headline,dns,cybercrime,fraud,cryptograp