Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for One of the Largest C ...

 Cyber News

It started with a phishing scam targeting Swiss citizens, but what authorities uncovered led them to one of the largest cybercrime operations in West Africa. Eight arrests in Côte d’Ivoire and Nigeria mark the success of INTERPOL's latest cybercrime crackdown, Operation Contender 2.0. Aimed at combating the   show more ...

rising tide of cyber-enabled crimes in West Africa, the operation highlights how global law enforcement collaboration is key to disrupting organized cybercriminal networks. Phishing Scam Hit Swiss Citizens Côte d'Ivoire authorities, working closely with Swiss police and INTERPOL, dismantled the large-scale phishing scam that defrauded Swiss citizens out of more than $1.4 million. The scam, active between August 2023 and April 2024, involved fraudsters posing as buyers on small advertising websites. They duped victims by sending QR codes that led to fake websites mimicking legitimate payment platforms. Once victims entered sensitive information, like their login details and card numbers, cybercriminals impersonated customer service agents to reinforce their deception. With over 260 reports of the scam in Switzerland, investigators linked the cybercriminals back to Côte d’Ivoire, where INTERPOL’s intelligence helped local authorities track and arrest the operation’s ringleader. [caption id="attachment_90783" align="aligncenter" width="600"] One of the many arrests in Operation Contender(Source: Interpol)[/caption] The arrest revealed further details of the suspect’s illicit activities, including financial gains totaling over $1.9 million. Forensic analysis of seized digital devices is ongoing, and more arrests are expected as investigators widen their net to recover stolen funds and identify other victims. Romance Scams and Business Email Compromise: A Broader Threat INTERPOL’s African Joint Operation against Cybercrime (AFJOC), which began in 2021, was instrumental in facilitating these arrests. Its mission extends beyond phishing, targeting a range of cybercrimes that plague both individuals and businesses globally. One significant focus is business email compromise (BEC), a sophisticated form of phishing where cybercriminals trick executives into transferring large sums of money or divulging sensitive information by exploiting trust and authority. Romance scams, another common tactic, also draw AFJOC’s attention. In these schemes, criminals create fake online identities to build relationships with their victims, often to swindle them out of money or digital assets, such as cryptocurrency. One recent case involved a Finnish victim who was defrauded by a Nigerian cybercriminal. The Nigerian Police Force, using intelligence provided by INTERPOL and its private-sector partners, arrested the scammer in April 2024. Further investigations linked the individual to other romance fraud cases. Leveraging Global Cooperation to Combat Cybercrime The success of Operation Contender 2.0 emphasizes the critical role of international cooperation in fighting cybercrime. Law enforcement agencies from various countries, supported by organizations like INTERPOL and private-sector companies like Trend Micro and Group-IB, combined their resources and intelligence to effectively dismantle these criminal networks. Neal Jetton, Director of INTERPOL’s Cybercrime Directorate, noted, “Leveraging the increased reliance on technology in every aspect of our daily lives, cybercriminals are employing a range of techniques to steal data and execute fraudulent activities.” As cybercriminals become more sophisticated, the need for collaboration between public and private sectors continues to grow. The AFJOC initiative, funded by the UK’s Foreign, Commonwealth & Development Office, aims to keep West African countries at the forefront of combating cyber-enabled crimes by integrating cutting-edge technology, intelligence sharing, and international partnerships. A Growing Threat in West Africa The cybercrime threat in West Africa is becoming increasingly complex. Criminals in this region are no longer just targeting local victims; they are branching out to defraud individuals and businesses worldwide. The use of advanced phishing techniques, BEC scams, and romance fraud highlights how quickly cybercriminals are evolving their tactics. Operations like Contender 2.0 not only shine a spotlight on these crimes but also demonstrate the tangible results that global law enforcement can achieve when they pool their resources. The seizure of digital devices during these arrests has opened the door to new investigations, with experts hoping that further analysis will reveal the full scope of these criminal operations. Looking Ahead: More Operations, More Arrests While Operation Contender 2.0 has made significant strides in combatting cybercrime in West Africa, this is just one part of a much larger global effort to curtail cyber threats. Ongoing investigations by local authorities in Côte d’Ivoire, Nigeria, and other countries involved in AFJOC will likely lead to additional arrests and the recovery of more stolen funds. Authorities are confident that dismantling these cybercriminal networks will help deter other syndicates operating in the region. As INTERPOL continues to enhance its intelligence-sharing capabilities and forge new partnerships, the global fight against cybercrime remains relentless. Every successful operation weakens the foundation of cybercriminal organizations, bringing law enforcement one step closer to reducing the financial and emotional toll these crimes have on victims.

image for Critical Vulnerabili ...

 Firewall Daily

A new vulnerability in NVIDIA’s software impacts over 35% of cloud environments. The NVIDIA vulnerability, designated as CVE-2024-0132, is linked to the NVIDIA Container Toolkit, a widely utilized framework that provides AI applications access to GPU resources in containerized environments. This vulnerability in   show more ...

NVIDIA poses serious risks to organizations running AI applications, whether hosted in the cloud or managed on-premises. Understanding the NVIDIA vulnerability The crux of the issue lies in the ability of an attacker to control a malicious container image to escape from the confines of that container, gaining unrestricted access to the underlying host system. This breach could expose sensitive data and critical infrastructure, presenting a grave security threat to organizations relying on NVIDIA’s technology.   The NVIDIA vulnerability is particularly concerning for environments that permit the use of third-party container images or AI models, as these settings are at a higher risk of exploitation through compromised images. According to Wiz Research, several scenarios illustrate the potential impact of the NVIDIA AI vulnerability:   Single-Tenant Compute Environments: In cases where a user downloads a malicious container image from an untrusted source—perhaps as a result of social engineering—an attacker could gain control over the user's workstation, leading to severe data breaches. Orchestrated Environments: In shared setups like Kubernetes, an attacker with permission to deploy containers could escape from their container, accessing sensitive data from other applications running on the same node or cluster. The implications of such a breach extend beyond individual organizations. If an attacker deploys a malicious container in a shared environment, they could leverage the host machine’s secrets to infiltrate cloud service control systems, potentially accessing sensitive information such as source code and customer data.   Background on NVIDIA Container Toolkit   The NVIDIA Container Toolkit plays a crucial role in the modern computing, particularly in the realm of AI. It enables seamless GPU access from within container environments, allowing multiple workloads to share a single GPU. The toolkit has become the industry standard, particularly as the demand for AI and container technologies has surged.   The toolkit is pre-installed in many AI platforms and virtual machine images, reinforcing its status as a vital component for organizations leveraging AI applications. Its widespread adoption, particularly in GPU-enabled Kubernetes environments, means that the footprint of the NVIDIA Container Toolkit is vast, making the NVIDIA vulnerability more critical to address.   Affected Components and Mitigation Strategies The NVIDIA vulnerability has been identified in the NVIDIA Container Toolkit and NVIDIA GPU Operator, affecting all versions up to v1.16.1 and 24.6.1, respectively. Notably, this issue does not impact systems utilizing the Container Device Interface (CDI). In response to the vulnerability, NVIDIA issued a security bulletin on September 26, 2024, urging organizations to upgrade to version 1.16.2 of the NVIDIA Container Toolkit and version 24.6.2 of the GPU Operator. Patching is essential for any container hosts running vulnerable toolkit versions, particularly those using untrusted container images. Organizations should prioritize runtime validation to effectively focus their patching efforts on affected instances. Interestingly, the urgency of addressing this vulnerability is not significantly influenced by the level of Internet exposure; compromised hosts can be accessed through various methods, including social engineering and supply chain attacks. The exploitation of this vulnerability generally follows three key phases: creating a malicious image, gaining access to the host system, and achieving complete control over it. An attacker can design a harmful image to exploit CVE-2024-0132, run it on a target platform, and then access the host's file system, leading to exposure to sensitive information. With control over critical Unix sockets, attackers can execute arbitrary commands, compromising the host machine.

image for Iran-linked Threat G ...

 Cyber News

Iran-linked threat actors have become increasingly active in 2024, but one such group has so far gone relatively unnoticed. Handala has landed on our radar twice this year, in a hack of Zerto in June and a mass text campaign sent to Israeli citizens in April. The pro-Palestinian group has recently stepped up its   show more ...

campaign in actions documented by cybersecurity researcher Kevin Beaumont in a blog post and a long-running thread on Mastodon. Handala’s most dramatic claim – that they’ve discovered a backdoor in widely used Vidisco security scanners that allowed explosives used in pager attacks in Lebanon last month to go undetected – remains unconfirmed, but Beaumont said he has confirmed that a breach of Vidisco did occur. “I have confirmed with sources that the hack of Vidisco is real,” Beaumont wrote on Sept. 23. “They have a significant cybersecurity incident running, which includes data exfiltration.” Handala claimed that they also breached Israeli Industrial Batteries (IIB) and that contaminated IIB materials were also used in the pager attack, but Beaumont said he hasn’t seen evidence for that claim either. “As far as I’m aware there is nothing linking either Vidisco or IIB to battery attacks — however it is clear Handala have gained access to Vidisco’s network,” he wrote. Handala Linked to Iran Handala has previously been linked to Iran, and Beaumont confirmed that connection, noting, “their prior web domains had early network traffic originating from Iranian IP addresses. Their talking points in their writing overlap with Iran government talking points.” The group has also defaced websites and claims to have hacked Israeli politicians Gabi Ashkenazi, Benny Gantz, Ehud Barak and Ron Prosor, and Israel’s Soreq Nuclear Research Center. Emma Best, co-founder of Distributed Denial of Secrets, noted that "a good bit of their data is years old/recycled. They also seem to be tied to Iranian intelligence and share significant but not wholly unique markers with 'Anonymous For Justice', which recently went silent." Handala’s post on Soreq two days ago referenced the recent assassination of Hezbollah leader Hassan Nasrallah (source: Kevin Beaumont): While Handala’s claims have gone largely unnoticed and uncorroborated, the threat group’s websites, social media and Telegram accounts have been repeatedly taken down quickly. Iran’s Growing Cyber Campaigns Iran has recently stepped up its cyberattacks and influence campaigns heading into the U.S. presidential election, including a high-profile breach and data exfiltration of the Trump campaign, data that has so far gone unpublished by U.S. news media – in contrast to the widespread publication of Democratic National Committee emails stolen by Russian hackers in 2016. Iranian threat actors have also targeted critical infrastructure in the U.S. and elsewhere, and Iran has also become a target of attacks, including an attack on the country’s banking system in mid-August. Russia and China have also been active in cyber threats and influence operations heading into the U.S. elections, and the campaign of Vice President Kamala Harris has also been targeted. Despite the significant cyber threats, U.S. cyber and national security officials say election infrastructure is secure, and the bigger threat is disinformation – a view confirmed by Cyble threat intelligence researchers in an exhaustive look at the U.S. election and related dark web activity.

image for Cyble Researchers Un ...

 Cyber News

Cyble Research and Intelligence Lab (CRIL) researchers have uncovered a sophisticated campaign that starts with a suspicious .LNK file and uses Visual Studio Code (VSCode) to establish persistence and remote access – and installs the VSCode command line interface (CLI) if VSCode isn’t found on the victim machine.   show more ...

The attack method “mirrors tactics previously observed in campaigns by the Stately Taurus Chinese APT group,” the researchers wrote, noting that they also found Chinese language elements in the campaign. VSCode Campaign May Start with Social Engineering The .LNK file that serves as the initial attack vector is “potentially delivered via spam emails,” the Cyble researchers noted. The .LNK file downloads a Python distribution package that is used to execute an obfuscated Python script retrieved from a paste site. At the time Cyble published the research, the script had no detections on VirusTotal, making it difficult to identify through standard security tools. The Python script establishes persistence by creating a scheduled task with system privileges and high priority, said the CRIL researchers. It checks to see if VSCode is installed on the victim’s machine, and downloads the standalone VSCode CLI if it’s not found. The script then creates a remote tunnel using VSCode, sending an activation code to the threat actor that facilitates unauthorized remote access to the machine. The Cyble researchers illustrated the infection chain in the graphic below: Attack Starts with a .LNK File, Python Script The .LNK file masquerades as an installer and displays a fake “Successful installation” message in Chinese. “However, in the background, it silently downloads additional components using the curl utility, including a Python distribution package named ‘python-3.12.5-embed-amd64.zip’,” they wrote. The .LNK file then creates a directory at %LOCALAPPDATA%MicrosoftPython and extracts the contents of the zip archive using tar.exe. It then downloads a malicious script from a paste.ee site via the URL “hxxps[:]//paste[.]ee/r/DQjrd/0” and saves it as “update.py” in the same location, where it is executed using “pythonw.exe” without showing a console window. The script checks if VSCode is already installed on the system by looking for the directory at “%LOCALAPPDATA%microsoftVScode.” If the directory isn’t found, the script downloads the VSCode Command Line Interface (CLI) from a Microsoft source: “hxxps://az764295.vo.msecnd.net/stable/97dec172d3256f8ca4bfb2143f3f76b503ca0534/vscode_cli_win32_x64_cli[.]zip.” Once downloaded, the file is extracted, and the executable file “code.exe” is placed into the “%LOCALAPPDATA%microsoftVScode” directory. A scheduled task named “MicrosoftHealthcareMonitorNode” ensures persistence and is designed to execute the “update.py” script using “pythonw.exe,” which runs without showing a console window so the malicious activity can stay hidden. It is scheduled to run every four hours for non-admin users beginning at 8:00 a.m. For admin users, the task is configured to trigger at logon, running with elevated SYSTEM privileges and high priority, “which grants it more control and less likelihood of being interrupted.” The script then checks to see if “code.exe” is already running in the background by inspecting the output of the “tasklist” command. If not, it executes “code.exe” to log out of any active remote sessions. “This step is crucial for the TA, as it allows them to establish a fresh remote tunnel for future interactions with the victim’s system,” the researchers wrote. Once communication is established, exfiltration steps can then begin. Cyble Recommendations Cyble researchers said the campaign “demonstrates the growing sophistication of TAs in leveraging legitimate tools like VSCode to establish unauthorized access to victim systems. By utilizing a seemingly harmless .LNK file and an obfuscated Python script, the Threat Actor can effectively bypass detection measures.” Cyble’s recommendations include: Advanced endpoint security solutions that use behavioral analysis and machine learning capabilities Reviewing scheduled tasks on all systems regularly Limiting user software installation permissions Deploying advanced monitoring tools that can detect unusual network traffic, unauthorized access attempts, and abnormal behavior The Cyble blog also covers MITRE ATT&CK techniques, indicators of compromise (IoCs) and more.

image for UK, US, Australia Sa ...

 Cyber Essentials

Cyber and law enforcement agencies from the U.K., U.S., and Australia have come together to expose the Russian cybercriminal empire of Evil Corp and its affiliation with the LockBit ransomware operators. Sanctions, seizures and arrests followed in at least eight announcements from the various agencies. The joint   show more ...

international effort led to a fresh wave of sanctions against individuals associated with the notorious cybercrime group Evil Corp and exposed its affiliate ties to LockBit. Sixteen individuals have been sanctioned, including high-profile members with connections to Russian state entities and the ransomware group LockBit. Evil Corp, long regarded as one of the most sophisticated cybercrime organizations, has seen its operations disrupted. However, the group's criminal influence continues to reverberate across the globe, specifically through its role in developing ransomware strains like BitPaymer and its evolution to using LockBit ransomware. A Deep-Rooted Cybercrime Legacy Evil Corp's history is intertwined with both financial crime and nation-state interests, according to an investigation led by the UK's National Crime Agency (NCA). Initially a Moscow-based financial crime outfit, it later transformed into a full-fledged cybercrime syndicate, amassing over $300 million from healthcare, critical infrastructure, and government victims globally. The group's leader, Maksim Yakubets, and his close associate Igor Turashev, were indicted by the U.S. in 2019 for their role in orchestrating attacks using Dridex malware—a tool designed to steal banking credentials and deliver ransomware payloads. [caption id="attachment_90770" align="aligncenter" width="600"] Source: FBI[/caption] This week’s sanctions target an additional seven members - apart from the seven already indicted by the U.S. in 2019, including Yakubets’ father, Viktor Yakubets, and Aleksandr Ryzhenkov, a key figure behind LockBit ransomware. Ryzhenkov has been identified as a pivotal operator responsible for some of the most damaging ransomware attacks facilitated by LockBit. He was also charged by the US Department of Justice for his role in deploying BitPaymer ransomware to extort American organizations. [caption id="attachment_90774" align="aligncenter" width="600"] Left to Right: Dmitriy Slobodskoy, Maksim Yakubets, Artem Yakubets, Kirill Slobodskoy (Source: NCA)[/caption] Evolving Tactics Amid Sanctions In response to the 2019 sanctions, Evil Corp adjusted its methods, adopting tighter security measures and shifting from high-volume ransomware attacks to more targeted strikes against high-revenue businesses. This evolution allowed the group to continue its operations under the radar of law enforcement. The group was forced to innovate after its original tools, like BitPaymer and Dridex, became well-known and defendable by security systems. [caption id="attachment_90772" align="aligncenter" width="600"] Source: NCA[/caption] LockBit's rise has offered former Evil Corp members a lucrative alternative. Developed under the ransomware-as-a-service model, LockBit allows cybercriminals to rent the ransomware infrastructure, which helps shield the creators from direct involvement in attacks. The connection between Evil Corp and LockBit shows the shifting trend in the cyber underworld—where major ransomware groups often cooperate, despite claims of separation. The Global Pushback The latest phase of Operation Cronos—an international law enforcement effort—continues to erode LockBit’s capabilities. France, Spain, and the UK coordinated a series of arrests targeting LockBit affiliates, including a developer and bulletproof hosting infrastructure facilitator. Those arrests, coupled with the seizure of nine key servers used by LockBit, mark a significant setback for the group. In the last two years, LockBit has emerged as the most active ransomware group globally, targeting sectors ranging from finance to energy. Its infrastructure and attack model have been resilient, with law enforcement facing challenges in fully disrupting its operations. However, as the NCA tightens the noose around Evil Corp and its LockBit affiliates, the frequency and intensity of ransomware incidents have started to wane. 'No More Ransom' Initiative Gains Momentum The takedown of ransomware groups is only one part of the global effort to combat cyber extortion. Europol, in collaboration with Japan’s cybersecurity teams, has advanced its efforts in developing decryption tools for ransomware victims. Over 6 million users have accessed these tools via the “No More Ransom” portal, saving billions in potential damages. Europol also continues to provide critical support in tracing cryptocurrency transactions linked to ransomware operations. Through seven dedicated technical sprints, Europol has traced key financial exchanges, helping to identify LockBit and Evil Corp actors. Strong Message from World Leaders UK Foreign Secretary David Lammy emphasized the impact of these sanctions on Russia’s cybercriminal ecosystem. “Putin’s corrupt regime cannot continue its malign influence through criminal networks. Today’s action sends a strong message that we will use every tool at our disposal to stop cyber attacks against our allies.” In Washington, the Treasury’s Office of Foreign Assets Control (OFAC) reiterated its commitment to safeguarding critical infrastructure against cyber threats. Acting Under Secretary Bradley T. Smith noted that the sanctions underscore collective international resolve to thwart ransomware actors. “Our coordinated efforts with the UK and Australia aim to dismantle the economic framework that allows these criminal groups to thrive.” A Critical Turning Point? While Evil Corp’s influence has diminished since 2019, its shadow still looms large over the global ransomware landscape. Investigators believe that many of its top operators continue to collaborate with other crime syndicates, creating complex webs of cybercriminal activity. LockBit’s developers have publicly distanced themselves from Evil Corp, but the sanctions and arrests suggest otherwise. The arrest of a LockBit developer in France, along with the seizure of servers used to facilitate ransomware attacks, are signs that the walls are closing in on these criminal networks. Still, with ransomware being a multi-billion-dollar industry, it’s unlikely that either Evil Corp or LockBit will disappear overnight. Their evolution reflects the adaptability of cybercriminal organizations—a cat-and-mouse game where the stakes grow higher with each move. Moving Forward As cybersecurity practitioners and law enforcement agencies collaborate across borders, ransomware attackers are increasingly finding fewer places to hide. The collaborative efforts seen in Operation Cronos offer a glimpse into the future of cyber defense—where governments, private companies, and international organizations work in unison to thwart cybercrime at every level. For CISOs, network engineers, and security practitioners, the takeaways from this operation are clear: ransomware is not just a technological threat, but a global geopolitical weapon. Preparing for these evolving threats requires not just technical defenses, but a deep understanding of the global cyber landscape. This story will continue to evolve, as Operation Cronos and its counterparts say the operation is still ongoing.

image for Cybersecurity Awaren ...

 Firewall Daily

October is Cybersecurity Awareness Month, a time dedicated to enhancing the understanding of digital security among individuals and organizations alike. In a world where technology permeates every aspect of our lives, from personal devices to enterprise systems, the need for cybersecurity awareness cannot be   show more ...

overlooked.    Cyber threats can emerge from a multitude of sources, and the repercussions of security breaches can be devastating, affecting not just the targeted organizations but also individuals, families, and entire communities. This year’s theme, "Secure Our World," emphasizes that cybersecurity is not solely the responsibility of IT departments; it is a collective effort that involves every individual.   Cybersecurity Awareness Month 2024: The Growing Importance of Cybersecurity   The year 2024 saw the rise of cyber threats becoming more sophisticated and pervasive. Organizations face a myriad of risks ranging from phishing attacks and ransomware to data breaches and insider threats. According to industry reports, cybercrime is projected to cost the global economy over $10 trillion annually by 2025.    Irene Corpus, Co-Founder of Women in CyberSecurity Middle East, aptly states, “Cybersecurity awareness goes beyond mere knowledge; it’s about cultivating a mindset of constant vigilance and responsibility. In today's hyper-connected world, a single oversight can lead to catastrophic breaches.”     The Role of Individuals   In the age of digital connectivity, every employee, from the CEO to entry-level staff, plays a vital role in the cybersecurity framework. Everyone has a unique responsibility to protect their organization against potential threats. One of the most effective ways to start is by educating oneself.    Knowledge serves as the first line of defense. Understanding common types of cyber threats—such as phishing, malware, and social engineering—can significantly reduce the risk of falling victim to an attack. Organizations should prioritize regular training sessions to keep employees informed about the latest threats and best practices.   Jennifer Cox, Director for Ireland at Women in CyberSecurity (WiCyS) UK & Ireland, emphasizes the importance of this education, stating, “To build a culture of cybersecurity awareness, organizations can implement regular training sessions that cover the latest threats and best practices, ensuring that all employees understand their role in protecting the organization.”   Another crucial aspect of cybersecurity is practicing good password hygiene. Weak passwords are often the easiest gateways for cybercriminals to access sensitive information. Employees should be encouraged to create complex passwords that incorporate a mix of letters, numbers, and special characters. Utilizing password managers can also assist in maintaining strong, unique passwords across different accounts.   In addition to these practices, fostering a culture of open communication about cybersecurity issues is essential. Employees should feel empowered to report suspicious activities without fear of reprisal. Cox highlights the value of this approach, noting that “encouraging open communication about cybersecurity issues and creating a no-blame culture can also foster vigilance and prompt reporting of suspicious activities.” Staying informed about the constantly changing landscape of cyber threats is also vital. Following reputable cybersecurity news sources and participating in webinars can help individuals and organizations remain up to date with the latest trends and tactics employed by cybercriminals.   Lastly, engaging in continuous learning is paramount in the rapidly changing field of cybersecurity. Regular training and education enable employees to adapt to new threats effectively. Organizations can further encourage this growth by promoting participation in online courses and certifications to enhance employees’ skills. Together, these actions empower individuals to take an active role in strengthening their organization's cybersecurity posture.   The Organizational Commitment   While individual efforts in cybersecurity are critical, organizations must recognize cybersecurity awareness as an integral part of their internal systems. Implementing actionable steps can significantly enhance overall security.   Conducting regular training sessions and cybersecurity drills is essential for preparing employees to respond effectively to cyber threats. These activities not only improve awareness but also foster a proactive security culture within the organization. By making training a routine part of the work environment, organizations can ensure that employees remain vigilant and equipped to handle potential incidents.   Integrating cybersecurity into the core values of an organization sends a clear message about its significance. When cybersecurity is viewed as a fundamental aspect of the business, it encourages everyone to take it seriously. This cultural shift can lead to a collective commitment to protecting sensitive information and assets. Furthermore, organizations should develop and regularly update security policies that clearly outline the expectations and responsibilities of all employees. These policies must be communicated effectively and reinforced through ongoing training. As Bradley Schaufenbuel, Vice President and Chief Information Security Officer at Paychex, notes, “While it's reassuring to see the majority of business owners are taking the appropriate steps—from employee training to software investments—to defend against the threat of a cyberattack or data breach, it's not a once-and-done commitment.” This highlights the necessity of a continuous approach to cybersecurity.   Recognizing and rewarding employees who demonstrate good cybersecurity practices can also play a pivotal role in encouraging others to follow suit. Implementing an incentive program can motivate staff to prioritize security and actively participate in creating a safer work environment.   Building a Cybersecurity Culture   Creating a culture of cybersecurity awareness involves much more than just training sessions and policies; it necessitates a fundamental mindset shift throughout the organization. Leaders play a crucial role in this transformation by modeling the importance of cybersecurity and integrating it into everyday operations.   To begin with, leadership should lead by example. By actively participating in training sessions and promoting awareness initiatives, leaders can demonstrate their commitment to cybersecurity. When employees observe their leaders prioritizing these practices, they are more likely to adopt similar attitudes and behaviors.   Additionally, establishing open lines of communication is essential. Employees should feel comfortable discussing cybersecurity concerns without fear of repercussions. This openness fosters a vigilant workforce and encourages collaboration among departments to address potential threats collectively.   Moreover, organizations must utilize technology wisely to enhance their cybersecurity posture. Implementing advanced security measures, such as multi-factor authentication and endpoint protection, provides an additional layer of defense against cyber threats. By integrating these technologies thoughtfully, organizations can bolster their overall security efforts and create a more resilient environment.   The Future of Cybersecurity Awareness   As we progress through Cybersecurity Awareness Month 2024, it’s essential to recognize that cybersecurity is a shared responsibility. Everyone has a role to play, from understanding risks and practicing safe online behavior to fostering an organizational culture that prioritizes security.   By prioritizing cybersecurity awareness, we not only protect our organizations but also contribute to a safer digital world for everyone. Let us embrace this month not just as a time for awareness, but as a call to action. Together, we can secure our world and ensure a safer digital future for generations to come. 

 Malware and Vulnerabilities

Researchers disclosed a critical privilege escalation vulnerability, CVE-2024-26808, in the Linux kernel affecting versions from v5.9 to v6.6. The flaw is in the Netfilter component, allowing root access by manipulating memory allocation.

 Identity Theft, Fraud, Scams

Mimecast highlighted a noticeable increase in the use of Atlassian to evade detection. The attackers utilized postmark URLs to gather data intelligence, including location and browser details.

 Malware and Vulnerabilities

This malware, known as "PdiddySploit," poses serious security threats to individuals and organizations. The attackers are luring the public with promises of revealing deleted X posts related to Combs on social media platforms.

 Malware and Vulnerabilities

Fake ads are spreading Lumma Stealer malware, targeting fans of the League of Legends World Championship. Cybercriminals are capitalizing on the event hype to trick unsuspecting gamers into downloading a malicious game version.

 Malware and Vulnerabilities

The group’s persistence is ensured by creating scheduled tasks and employing encryption methods like SHA256 hashing and the Salsa20 algorithm to transmit sensitive data to a command and control server named iceandfire[.]xyz.

 Malware and Vulnerabilities

The flaw allows attackers to execute code remotely by injecting a malicious PHP object due to improper handling of input during deserialization. This flaw is similar to CVE-2024-5932 but bypasses certain checks, making it even more dangerous.

 Companies to Watch

Logpoint, a SIEM company based in Copenhagen, acquired Muninn, an AI-powered NDR startup, to enhance threat detection capabilities. Muninn's AI technology is designed to detect complex attacks in environments where traditional methods fall short.

 Feed

This archive contains all of the 522 exploits added to Packet Storm in September, 2024. Please note the increase in size for this month is due to a massive backlog of older exploits being added to the archive and is not representative of an uptick in new issues being discovered.

 Feed

The Nitro PDF Pro application uses a .msi installer file (embedded into an executable .exe installer file) for installation. The MSI installer uses custom actions in repair mode in an unsafe way. Attackers with low-privileged system access to a Windows system where Nitro PDF Pro is installed, can exploit the cached   show more ...

MSI installer's custom actions to effectively escalate privileges and get a command prompt running in context of NT AUTHORITYSYSTEM. Versions prior to 14.26.1.0 and 13.70.8.82 and affected.

 Feed

An attacker with authenticated access to VICIdial as an "agent" can execute arbitrary shell commands as the "root" user. This attack can be chained with CVE-2024-8503 to execute arbitrary shell commands starting from an unauthenticated perspective.

 Feed

Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about Falco as a mix between snort, ossec and strace.

 Feed

Ubuntu Security Notice 7048-1 - Suyue Guo discovered that Vim incorrectly handled memory when flushing the typeahead buffer, leading to heap-buffer-overflow. An attacker could possibly use this issue to cause a denial of service.

 Feed

Ubuntu Security Notice 7015-3 - USN-7015-1 fixed several vulnerabilities in Python. This update provides the corresponding updates for CVE-2023-27043 for python2.7 in Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS, and for python3.5 in Ubuntu 16.04 LTS. It was discovered that the Python   show more ...

email module incorrectly parsed email addresses that contain special characters. A remote attacker could possibly use this issue to bypass certain protection mechanisms. It was discovered that Python allowed excessive backtracking while parsing certain tarfile headers. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python email module incorrectly quoted newlines for email headers. A remote attacker could possibly use this issue to perform header injection. It was discovered that the Python http.cookies module incorrectly handled parsing cookies that contained backslashes for quoted characters. A remote attacker could possibly use this issue to cause Python to consume resources, leading to a denial of service. It was discovered that the Python zipfile module incorrectly handled certain malformed zip files. A remote attacker could possibly use this issue to cause Python to stop responding, resulting in a denial of service.

 Feed

Ubuntu Security Notice 7046-1 - It was discovered that Flatpak incorrectly handled certain persisted directories. An attacker could possibly use this issue to read and write files in locations it would not normally have access to. A patch was also needed to Bubblewrap in order to avoid race conditions caused by this fix.

 Feed

Red Hat Security Advisory 2024-7441-03 - A security update is now available for Red Hat JBoss Enterprise Application Platform 8.0. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System base score, which gives a detailed severity rating, is   show more ...

available for each vulnerability from the CVE link in the References section. Issues addressed include an information leakage vulnerability.

 Feed

Red Hat Security Advisory 2024-7436-03 - The components for Red Hat OpenShift for Windows Containers 10.17.0 are now available. This product release includes bug fixes and security updates for the following packages: windows-machine-config-operator and windows-machine-config-operator-bundle.

 Feed

Red Hat Security Advisory 2024-7433-03 - An update for kpatch-patch-4_18_0-372_118_1 and kpatch-patch-4_18_0-372_91_1 is now available for Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-7429-03 - An update for kpatch-patch-4_18_0-553 and kpatch-patch-4_18_0-553_16_1 is now available for Red Hat Enterprise Linux 8. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-7428-03 - An update for kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions.

 Feed

Red Hat Security Advisory 2024-7427-03 - An update for kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include code execution and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-7421-03 - An update for python-gevent is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include a privilege escalation vulnerability.

 Feed

Red Hat Security Advisory 2024-7418-03 - An update for linux-firmware is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Red Hat Security Advisory 2024-7417-03 - An update for python3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service.

 Feed

Cybersecurity researchers have uncovered a new cryptojacking campaign targeting the Docker Engine API with the goal of co-opting the instances to join a malicious Docker Swarm controlled by the threat actor. This enabled the attackers to "use Docker Swarm's orchestration features for command-and-control (C2) purposes," Datadog researchers Matt Muir and Andy Giron said in an analysis. The attacks

 Feed

The U.S. Department of Justice (DoJ) has charged a 39-year-old U.K. national for perpetrating a hack-to-trade fraud scheme that netted him nearly $3.75 million in illegal profits. Robert Westbrook of London was arrested last week and is expected to be extradited to the U.S. to face charges related to securities fraud, wire fraud, and five counts of computer fraud. According to the court

 Feed

More than 140,000 phishing websites have been found linked to a phishing-as-a-service (PhaaS) platform named Sniper Dz over the past year, indicating that it's being used by a large number of cybercriminals to conduct credential theft. "For prospective phishers, Sniper Dz offers an online admin panel with a catalog of phishing pages," Palo Alto Networks Unit 42 researchers Shehroze Farooqi,

 Feed

Since its emergence, Generative AI has revolutionized enterprise productivity. GenAI tools enable faster and more effective software development, financial analysis, business planning, and customer engagement. However, this business agility comes with significant risks, particularly the potential for sensitive data leakage. As organizations attempt to balance productivity gains with security

 Feed

The threat actors behind the Rhadamanthys information stealer have added new advanced features to the malware, including using artificial intelligence (AI) for optical character recognition (OCR) as part of what's called "Seed Phrase Image Recognition." "This allows Rhadamanthys to extract cryptocurrency wallet seed phrases from images, making it a highly potent threat for anyone dealing in

 AI

In episode 18 of "The AI Fix" our hosts discover that OpenAI's Advanced Voice mode is too emotional for Europeans, a listener writes a Viking saga about LinkedIn, ChatGPT is a terrible doctor, and the voice of Meta AI takes to Meta's platforms to complain about Meta AI reading things people post on   show more ...

Meta's platforms. Mark discovers what Darth Vader really said on Cloud City, Graham rummages through ChatGPT's false memories, and our hosts find out why AIs need an inner critic. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Threat Lab

From the apps on our smartphones to chatbot assistant services, artificial intelligence (AI) is transforming our lives in both big and small ways. But as exciting as AI can be, it’s also important to understand its potential risks. October is Cybersecurity Awareness Month, making it the perfect time to become more   show more ...

cyber-savvy about AI. Let’s dive in. What is AI? AI is a technology that enables machines to perform tasks that typically require human intelligence, such as understanding language, recognizing patterns, and making decisions. In everyday life, AI is behind many of the technologies we use. It powers recommendations on streaming TV services like Netflix, improves photo quality on your smartphone, and even aids in driving cars. AI is like having a smart assistant that can process information quickly, automate daily tasks, and make technology more intuitive. What are the benefits for everyday life? AI offers plenty of benefits that can make our lives easier—often without us even realizing it. Here are a few everyday examples: Smart shoppingEver notice how your online shopping recommendations seem to know exactly what you want? That’s the power of AI at work analyzing your preferences and making product suggestions that match your tastes. Virtual assistantsAlexa, Siri, and Google Assistant are some of the most popular examples of AI-powered virtual assistants that simplify daily tasks through voice commands. These assistants can do things like set reminders, send texts, play music, and even provide weather updates.. Personalized contentWhether you’re binge-watching a new TV show or scrolling through social media, AI algorithms like Netflix’s recommendation system tailor content based on your interests, ensuring you see things you’re likely to enjoy. The drawbacks of AI The convenience AI offers can be amazing, but with great power comes great responsibility. As AI becomes more sophisticated, criminals are finding ways to exploit it, particularly in the area of identity theft and misinformation. One of the biggest concerns today is the rise of deepfakes. What are deepfakes? Deepfakes are media—like photos, videos, and audio clips—created using AI to manipulate real footage or voices. These can be highly realistic, which makes it difficult to tell what’s genuine and what’s fake. For example, imagine seeing a video of a public figure saying something controversial. At first glance, it might look entirely believable. However, with deepfake technology, their face, voice, and even gestures could have been artificially generated. Chances are, you’ve already encountered content created by AI—whether it’s in the form of fake social media posts or altered videos. Cybercriminals can use deepfakes for malicious intent to spread misinformation, ruin reputations, or commit fraud. Criminals can also use them to impersonate individuals in video calls or to fake authority figures to carry out scams. How to be savvy with AI Since AI deepfakes are so lifelike, they pose a threat to our ability to trust digital content, especially as the technology continues to improve. So, how can you protect yourself from AI-driven scams like deepfakes? It’s all about becoming more aware and taking the time to analyze what you see online. One useful approach to help you sort truth from fiction is to use the SIFT method: Stop – Take a moment to pause before you react to information. Investigate the source – Is the information coming from a reliable and trustworthy source? Find better coverage – Look for other news outlets or websites that cover the same topic. Do they all report the same thing? Trace the original context – Make sure the story or video hasn’t been taken out of context or manipulated. The overall idea is to slow down and do your research before accepting information as true. By applying the SIFT model, you can spot deepfakes more easily and avoid falling for misleading content. Protecting your identity from AI-driven threats As AI technology advances, so do the tactics used by cybercriminals. They can use deepfakes to trick you into revealing sensitive information or falling for scams that seem remarkably genuine. To safeguard your identity from these AI-driven threats, here are four essential tips: Shield your computer and smartphoneMake sure your devices are protected with antivirus software and firewalls. Also, always update your operating systems and apps to close security gaps that hackers could exploit. Use identity protection servicesServices like Webroot’s identity protection help you monitor for suspicious identity theft activity, keeping an eye on things like the Dark Web, financial transactions, and credit bureau data. You’ll get an alert if there’s any unusual activity so you can act quickly before any serious damage is done. Polish your password practicesUsing weak or repetitive passwords makes it easier for hackers to break into your accounts. Use strong, unique passwords for each account, and consider using a password manager to help you keep track of them. Don’t overshare on social mediaThe more personal information you share online, the more cybercriminals have to work with. Avoid posting things like your full name, birthdate, and home address. Cyber thieves can use these details to steal your identity or gain access to your accounts. Final thoughts AI has the power to make our lives easier, but it also opens the door to new kinds of threats. By becoming more cyber-savvy, you can enjoy the benefits of AI while staying safe from its risks. This Cybersecurity Awareness Month, take the time to protect yourself and your identity from the growing influence of AI. After all, in today’s digital world, a little extra caution can go a long way in keeping you and your personal information secure. The post AI and deepfakes: How to be AI-savvy appeared first on Webroot Blog.

 Threat Lab

October is the month for pumpkin spice and all things spooky. But protecting your personal information online doesn’t need to be scary. For more than 20 years now, October has also been recognized as Cybersecurity Awareness Month. In our digitally connected world, apps and online accounts can make our lives much   show more ...

more convenient. Sadly, they can also make our personal data more vulnerable to cyber threats. Each year, a shocking number of people become victims of sophisticated cyberattacks. In one recent data breach, 2.9 billion people had their social security numbers and other personal information hacked, and all that stolen data ended up for sale on the dark web. Created by the National Security Division within the Department of Homeland Security and the National Cyber Security Alliance, Cyber Security Awareness Month promotes online safety and security for both individuals and small businesses. Its theme is Secure Our World, and its mission is to raise awareness about the importance of cybersecurity and showcase some of the easy ways we can all become more cyber resilient. By safeguarding our information from cyber threats, we can all help keep the digital world we live in more secure. Password best practices One of the best ways to keep your personal data out of the hands of hackers is also one of the simplest. Create strong passwords. Here are some tips for creating unbreakable passwords. Keep it complicatedWe juggle so many passwords, it’s tempting to use something easy to remember. Unfortunately, using “12345” or “Password” just doesn’t cut it anymore. Each of your passwords needs to incorporate numbers, symbols and capital letters, use at least 16 characters. Do not use your pet’s name! Use a password managerKeeping track of complex passwords for each of your accounts can seem overwhelming, but a password manager offers a simple and safe solution. Quality password managers like the one included with Webroot Premium will generate, store and encrypt all your passwords, requiring you to only remember one password. Turn on multi-factor authenticationUsing multi-factor authentication adds a layer of security to your passwords by having you prove your identity in multiple ways. This means getting a text or email with a security code or answering a security question. Identifying phishing scams Phishing scams appear in our email inboxes, text messages and even voicemails on a daily basis. Designed to trick you into giving up your personal and financial information, knowledge is power when identifying what is real and what is in fact, fake. Research from Deloitte found that 91% of all cyber attacks begin with a phishing email.  Urgent requestsBeware of messages that demand immediate action and threaten consequences if you don’t respond. Suspicious email domainsIf an email is really from your bank, the address should contain the official domain name (e.g., noreply@yourbank.com.) Authentic company emails do not usually come from addresses like @gmail.com. Poor grammarIf an email contains awkward phrases, misspellings, and grammatical errors, it probably didn’t come from a legitimate company. Generic greetingsYour bank is probably never going to address you as “Dear Customer”. They know your name, and if they’re really trying to contact you, they’re going to use it. If you think you’ve been a target of phishing, you can report it at reportphishing@apwg.org. For added safety, products Webroot Premium will protect you from identity theft and keep your personal and financial data out of the hands of cyber thieves. Keeping technology up to date Another simple weapon in the war on cybercrime – keeping your devices, software and apps up to date. When you install the latest updates you receive all the newest features, as well as the latest security upgrades. Here are some easy tips to stay continuously up-to-date. Enable automatic updatesAdjust the settings on your apps, software and devices to automatically update. You can schedule updates to happen overnight, so they never interrupt your screen time. Verify your sourcesDownload software from known sources and only download apps from your device’s official app store. Pirated or unlicensed software can spread dangerous malware and viruses to your devices. Avoid software updates in pop-up windowsPop-up windows that demand a software update may be phishing scams. Close your browser and don’t take the bait. Because we’re all connected to multiple software services, apps and devices, it’s easy to forget all the updates you need to make on a regular basis. Don’t forget to add your smart TVs, streaming services, routers and gaming devices to your update checklist. If you’re using products like Apple Watch, Google Nest or a Ring doorbell, you need to keep them updated as well. Identity protection Cybercriminals relentlessly scour the internet in search of leaked personal data. Guarding your personal data, especially financial details, is crucial. Here are some more steps you can take to protect your online identity. Invest in the latest antivirus protectionReliable antivirus software acts like an anti-missile shield, keeping hackers from attacking your devices, including PCs, Macs, phones and tablets. Beware of public Wi-FiUsing public Wi-Fi networks is convenient, but not necessarily safe. Always confirm your connection is encrypted when you’re out and about, and don’t make any financial transactions unless you’re on a private Wi-Fi network. Use a VPNA virtual private network (VPN) protects your online privacy and helps keep your information safe. A trusted VPN encrypts your internet connection, which masks your IP address and keeps hackers away. Keep data private when using AIWith AI so prevalent it’s important to understand how it works, be aware of how vendors handle your data, and avoid entering private data into AI apps. Don’t let your browser store your login detailsIt certainly makes life easier when you let your browser remember your passwords for you, but that can backfire if your devices fall into the wrong hands. It’s always safest to enter your passwords each time you log in. Use automatic backupIndividuals and businesses alike can keep digital information secure by enabling automatic backup. Consider using a service like Carbonite, which offers encrypted cloud backup. If your data is ever lost, a backup solution provides an extra layer of safety, offering seamless recovery of all your files and other information. World Economic Forum estimated that 95% of cybersecurity breaches are due to human error, making it more important than ever to take steps to protect yourself online and build more cyber resilience. So, grab a pumpkin spice latte and let’s work together to create a safer online environment. October is the perfect time to make sure you don’t get spooked by cybercrime. Looking for more information and solutions? Cyber Security Awareness Month Info from CISA 2024 Cyber Security Awareness Month Guide Webroot Premium, all-in-one device, privacy, and identity protection Carbonite, continuous and unlimited cloud backup The post Cyber Security Awareness Month: Cyber tune-up checklist appeared first on Webroot Blog.

 Threat Lab

As October rolls around, it’s time to focus on cybersecurity. After all, it’s Cybersecurity Awareness Month—a perfect reminder to check in on the safety of your identity. If you’ve ever had your identity stolen or know someone who has, you understand how serious the problem is. From text scams to   show more ...

stolen passwords, criminals are finding new ways to steal personal information. So, how can you protect yourself and your loved ones? Follow these four identity protection strategies, and you’ll be in a good position to keep your digital identity safe and sound. 1. Get informed! Learn about scamsIdentity thieves use various tactics to trick people. Some of the most common scams include phishing emails where criminals pretend to be a trusted organization like your bank, and phone calls or texts from fake customer service representatives asking for personal details. Being aware of these tactics is your first line of defense. Check with your bankMost financial institutions have strict policies in place to protect your account. Get familiar with what your bank and credit card companies do to prevent identity theft. For example, many banks will never ask for your password or request sensitive information through email or text messages. Knowing their security protocols can help you spot a scam. 2. Know the warning signs Cybercriminals are clever, and new scams pop up all the time. Here are a few things you should always be cautious about: Unsolicited messagesBe wary of unexpected emails, phone calls, and text messages that ask for your personal information or password details. Scammers often impersonate legitimate companies to make their requests seem official. If you receive a suspicious communication, always reach out to the company directly through their official website or customer service line. Too-good-to-be-true offersIf something sounds too good to be true, it probably is. Handle these communications with a healthy amount of skepticism. Offers like “free money” or “prizes” that require you to share your personal information are almost always scams. Look out for common warning signs, such as a sense of urgency. Scams will often pressure you to act quickly to claim your “reward.” When in doubt, pause and investigate the offer before responding. You can search online for the company or offer name to confirm its legitimacy. 3. Know what not to share Social security numberKeep this number private. Only share it when absolutely necessary, such as with your employer or financial institutions. PasswordsNever share your passwords with anyone. No legitimate company will ask for them. Full date of birthWhile some websites and services require your date of birth for verification, sharing it publicly—especially on social media—can increase your risk of identity theft. Consider only sharing part of the date, such as the month and day, and leave the year off your public profiles. Credit card detailsBe extra careful with your credit card information. Don’t email your credit card number or input it on suspicious-looking websites. Make sure you’re on a secure site (look for the padlock symbol in the address bar) before making any online purchase transactions. 4. Get proactive with your identity protection Monitor your creditOne of the best ways to catch identity theft early is by keeping a close eye on your credit reports. Services like AnnualCreditReport.com let you monitor your credit activity for free. If you see any unfamiliar accounts or activities, report them immediately. Invest in identity protection servicesCompanies like Webroot offer services that monitor your personal information for any suspicious activity. These services can alert you if there’s a suspicious financial transaction on your accounts or if your data is found on the dark web. Freeze your creditIf you’re not planning on applying for new credit anytime soon, consider freezing your credit. This prevents anyone from opening new accounts in your name. You can unfreeze your credit at any time, and it’s free to do so through major credit bureaus like Experian, TransUnion, and Equifax. As cyber threats grow more sophisticated, protecting your identity has never been more important. While October is Cybersecurity Awareness, it serves as a year-long reminder to remain vigilant about your personal information. By staying informed, recognizing potential threats, and using the right tools and services, you can safeguard yourself against identity theft. Remember, the best defense is a proactive one! The post Protecting your identity: Stay one step ahead of cybercriminals appeared first on Webroot Blog.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Fraud Management & Cybercrime , Healthcare , Industry Specific Nearby College’s Health Sciences Center Is Also Experiencing an IT Outage Marianne Kolbasuk McGee (HealthInfoSec) • September 30, 2024     Image: UMC Health System University Medical Center   show more ...

– a Lubbock, Texas-based public health system that includes a level-one trauma center […] La entrada Texas Hospital Diverting Ambulances in Wake of Attack – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Attack Surface Management , Security Operations Kia Website Vulnerabilities Allowed Remote Car Control Prajeet Nair (@prajeetspeaks) • September 30, 2024     A security researcher could remotely start and stop Kia autos through now-patched vulnerabilities in the   show more ...

carmaker’s smartphone app and website. (Image: Shutterstock) Now-patched vulnerabilities in online services from […] La entrada Gone in 30 Seconds: Kia Hack Unveiled – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime Attackers Embrace Dating Sites and Encrypted Messaging Apps for Social Engineering Mathew J. Schwartz (euroinfosec) • September 30, 2024     Light in one window in apartment building during a   show more ...

rolling blackout in Kyiv after Russian shelling of power plants in […] La entrada Russian Hackers Increase Attacks on Ukraine’s Energy Sector – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Governance & Risk Management , Identity & Access Management , Managed Security Service Provider (MSSP) “Shark Tank” Star on Decision to Leave Cyderes CEO Post and Future of Cybersecurity Michael Novinson (MichaelNovinson) • September 30, 2024   show more ...

    Robert Herjavec, outgoing CEO, Cyderes The fall of the perimeter has driven […] La entrada Robert Herjavec on Managed Services, Identity and CEO Change – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.databreachtoday.com – Author: 1 Endpoint Detection & Response (EDR) , Endpoint Protection Platforms (EPP) , Endpoint Security Healthcare Providers Must Revisit Endpoint Security to Mitigate Cyberthreats Andrey Pozhogin • September 30, 2024     Image: CyberArk Ransomware attacks have   show more ...

far-reaching consequences on healthcare organizations, extending well beyond financial losses. A University of Minnesota School […] La entrada How Overreliance on EDR Is Failing Healthcare Providers – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-10
Aggregator history
Tuesday, October 01
TUE
WED
THU
FRI
SAT
SUN
MON
OctoberNovemberDecember