Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for FBI Establishes 24/7 ...

 Cyber News

As the United States approaches its general election on November 5, the FBI is ramping up efforts to ensure a safe and secure voting process. In Tennessee, the FBI will set up an Election Command Post, staffed around the clock, to monitor and respond to any potential US election 2024 related threats. This initiative   show more ...

reflects the FBI’s ongoing commitment to protecting voters and election workers, addressing potential risks such as voter suppression, election fraud, cyber threats, and intimidation. Ensuring the US Election 2024 Integrity Amid Heightened Security Concerns The FBI’s Election Command Post will provide a centralized location where agency personnel can assess and respond to election-related threats throughout Tennessee. This command post is part of the agency’s wider Election Day protocol, which includes partnerships with local, state, and federal agencies to respond to threats to public safety and election integrity. The FBI has outlined that its mission is to safeguard the right to a fair and safe election by planning for and mitigating a range of potential threats that could arise before, during, and after Election Day. The bureau’s responsibilities also include managing risks related to foreign interference and cybersecurity vulnerabilities that could compromise the US general election 2024 infrastructure. Election Threats Task Force: Protecting Election Workers The FBI has been the leading agency in investigating federal election crimes for decades, covering areas such as campaign finance violations, voter and ballot fraud, and civil rights violations. To enhance these efforts, the FBI partnered with the Department of Justice (DOJ) to establish the Election Threats Task Force, a team dedicated to identifying and addressing any threats directed at election workers. This task force aims to safeguard the people responsible for overseeing the voting process and maintaining order at polling locations. In recent years, election workers have faced growing levels of harassment and intimidation, making the task force’s role crucial in ensuring a secure environment for all those involved in running the election. By swiftly addressing any reported threats, the task force aims to deter potential attacks and support the mission of delivering free and fair elections. Collaborative Efforts with Federal, State, and Local Agencies The FBI highlights the importance of partnerships with various levels of government to ensure a unified approach to election security. By collaborating with law enforcement agencies across the board, the FBI enhances its capacity to respond quickly to any public safety threats. Through intelligence gathering and data analysis, the FBI aims to identify individuals who may be motivated to engage in violent acts or disrupt the voting process. The agency has also encouraged the public to remain vigilant, urging voters to report any suspicious activity they encounter. As a spokesperson noted, "It is vital that the FBI, our law enforcement partners, and the public work together to protect our communities as Americans exercise their right to vote." The DOJ’s Role in Upholding Election Law While the responsibility for administering elections primarily rests with individual states, the DOJ plays a key role in upholding federal election laws. The DOJ investigates and prosecutes violations related to federal election laws and serves as a deterrent to criminal activities that could undermine election integrity. However, the agency’s role does not extend to determining the validity of votes or overseeing the tabulation of results; these functions are the responsibility of state and local officials, with any disputes resolved through appropriate channels, including courts. The DOJ’s role complements the FBI’s mandate by providing legal oversight and accountability, ensuring that violations of federal election laws are met with appropriate consequences. The Importance of Public Vigilance With the election just days away, the FBI stresses that public awareness and vigilance are crucial to safeguarding the voting process. By encouraging the public to report any unusual or suspicious activity to law enforcement, the agency is promoting a proactive approach to election security. The FBI also emphasizes that it takes all threats of violence seriously, especially those aimed at individuals involved in administering the election. This stance aligns with the agency’s long-standing commitment to protecting citizens’ rights while ensuring that election workers can perform their duties without fear of intimidation or harm. A Growing Need for Election Security As elections face increasing scrutiny and threats, the FBI’s measures reflect an evolving approach to election security. Ransomware, phishing, and other cyber threats are prominent concerns, particularly as the public grows more reliant on electronic voting and record-keeping. Ensuring the integrity of digital systems, which manage everything from voter registration to vote tabulation, is an essential part of the FBI’s strategy. Through initiatives like the Election Command Post and the Election Threats Task Force, the FBI is adapting to new challenges in election security, highlighting the importance of vigilance, transparency, and rapid response to any attempts to interfere with the democratic process.

image for Cyble Warns of Escal ...

 Vulnerabilities

In the latest edition of Cyble’s weekly sensor intelligence report, cybersecurity experts revealed a concerning surge in attacks targeting the LightSpeed Cache and GutenKit WordPress plugins. As the report outlines, vulnerabilities in Internet of Things (IoT) devices and Virtual Network Computing (VNC) systems are   show more ...

escalating at an alarming rate, posing online risks to digital security.  According to Cyble’s sensor intelligence report, the WordPress ecosystem remains a prime target for cybercriminals. This week, two high-severity vulnerabilities were highlighted: CVE-2024-44000 affecting LightSpeed Cache and CVE-2024-9234 affecting GutenKit. These vulnerabilities highlight the ongoing appeal of content management systems (CMS) to threat actors, who exploit weaknesses to execute their malicious activities.  Cyble Sensor Intelligence Report: Vulnerabilities in WordPress Plugins  LightSpeed Cache Vulnerability: CVE-2024-44000  The first notable vulnerability, CVE-2024-44000, pertains to the LiteSpeed Cache plugin, which is designed to enhance website performance and optimization for WordPress. This vulnerability is characterized by insufficiently protected credentials, enabling potential authentication bypass that could lead to account takeover.  The vulnerability affects all versions of LiteSpeed Cache prior to 6.5.0.1. Exploitation of this flaw allows unauthenticated users to gain access to accounts of currently logged-in users, including those with administrator privileges.   GutenKit Vulnerability: CVE-2024-9234  The second vulnerability, CVE-2024-9234, affects the GutenKit Page Builder Blocks, Patterns, and Templates plugin. This flaw allows arbitrary file uploads due to a missing capability check in the install_and_activate_plugin_from_external() function. All versions up to and including 2.1.0 are vulnerable, enabling unauthenticated attackers to not only install arbitrary plugins but also upload malicious files disguised as legitimate plugins.   Cyberattacks and Phishing Attempts Cyble’s report does not stop at WordPress and IoT vulnerabilities. It also outlines persistent threats against various systems, including Linux, Java, and other programming frameworks. The attack landscape for PHP, GeoServer, and both Python and Spring Java frameworks continues to be active, posing additional risks to organizations relying on these technologies.  In addition to the plugin vulnerabilities, Cyble's sensors identified a surge in phishing campaigns, detecting thousands of new scams emails each week. In total, 385 new phishing email addresses were recorded, each linked to various scam attempts. The report provides details on several prominent scams, including fake refund claims and unrealistic investment offers, illustrating the diverse strategies employed by cybercriminals to deceive unsuspecting victims.  Conclusion  Cyble emphasizes the urgent need for organizations to adopt proactive security measures to counter the rising threats detailed in their latest sensor intelligence report. Key recommendations include prioritizing the patching of known vulnerabilities, closely monitoring network activity for unusual behavior, and implementing strong password protocols with regular updates. Additionally, organizations should block known malicious IP addresses and secure frequently targeted ports while conducting regular security audits to identify weaknesses. As cyber threats continue to evolve, maintaining vigilance and a proactive approach is essential for protecting digital assets from exploitation and breaches. By following these recommendations, organizations can enhance their defenses and protect sensitive information.

image for Dubai’s Strategic ...

 Firewall Daily

Dubai is positioning itself as a global leader in sustainability and innovation, spearheading an ambitious push to reshape the future of energy. At the center of this effort is the Mohammed bin Rashid Al Maktoum Solar Park, projected to be one of the world’s largest solar projects with an expected capacity of 5,000   show more ...

megawatts by 2030.   Alongside this significant project, the Dubai Clean Energy Strategy 2050 outlines a firm pledge: to generate 75% of the city’s energy from renewable sources by the middle of the century.   The shift toward a more sustainable future begins with embracing advanced technologies such as the Internet of Things (IoT), artificial intelligence (AI), and cloud computing. These tools are key to increasing efficiency and reducing environmental impact, but they also bring new challenges. The interconnected nature of these technologies means that cybersecurity is more crucial than ever, as vulnerabilities could affect the entire energy infrastructure.  Highlighted in the Boston Consulting Group report, the UAE is poised to invest $20 billion in digital technology over the next three years, spanning IT, telecoms, and emerging fields such as AI, IoT, blockchain, and robotics.  Dubai's expansion into renewable energy is not merely about innovation but about assuming a leadership role in global sustainability. This journey involves integrating groundbreaking technologies while ensuring the reliability and security of the city’s energy systems.   The Dubai Cyber Security Strategy 2023, with its comprehensive cybersecurity measures, stands as a pivotal element in this mission, strengthening critical infrastructure against cyber threats. By embedding these measures within its renewable energy initiatives, Dubai not only advances its infrastructure but also reinforces its commitment to a sustainable future on a global scale.  Role of Advanced Technologies in Dubai’s Energy Infrastructure  The reliance on advanced technologies such as IoT, AI, and cloud computing is transforming Dubai's energy infrastructure into a highly interconnected and intelligent network. Here’s a deeper look at how these technologies is being integrated:  Internet of Things (IoT)  Launched in October 2017 as part of the Smart Dubai initiative, Dubai's IoT strategy is more than just a plan—it's a vision for the future. This strategy aims to position Dubai as a global leader in IoT technology and rests on six strategic domains: governance, management, acceleration, deployment, monetization, and security.  Recent reports highlight the value of Dubai's IoT infrastructure at over 69.78 trillion AED, which has contributed significantly to the city's economy, boosting its GDP by 10.4 billion AED since 2021.   IoT devices play a crucial role in renewable energy systems for real-time data collection and control. In solar parks like the Mohammed bin Rashid Al Maktoum Solar Park, IoT sensors monitor and adjust panel angles in response to the sun's position to maximize energy absorption. Smart meters and grid management systems use IoT to balance supply and demand efficiently, enhancing grid stability.   Artificial Intelligence (AI)  A study conducted by the online learning platform Coursera, in collaboration with YouGov, revealed strong AI adoption among UAE businesses: 83% were prepared to integrate generative AI into their operations. Additionally, 82% of the surveyed group, which included over 500 business leaders in the UAE, had already incorporated AI into their existing offerings, with 51% reporting extensive implementation across all functions.  Undoubtedly, artificial intelligence has seen remarkable progress and is poised to be a key component of future advancements. AI's impact on predictive maintenance and operational efficiency is transformative. By employing machine learning algorithms, AI can preemptively identify potential equipment failures, significantly reducing downtime and prolonging the life of costly infrastructure.   Additionally, AI plays a crucial role in optimizing energy production from renewable sources, skillfully analyzing weather patterns to fine-tune output, ensuring maximum efficiency.   Cloud Computing  Cloud platforms support the vast data requirements of modern renewable energy systems, allowing for scalable storage and sophisticated data analytics. These platforms enable energy providers to integrate data across various sources seamlessly, leading to improved decision-making processes and operational efficiencies.  Cybersecurity Challenges in the Renewable Energy Sector  As Dubai pushes forward with its renewable energy initiatives, it's also grappling with a range of cybersecurity challenges. The shift towards more technologically advanced energy systems offers immense benefits but also opens the door to potential vulnerabilities.   From protecting critical data to integrating older systems with new technologies, here’s a breakdown of the major cybersecurity concerns Dubai must navigate as it pursues its clean energy ambitions:  Increased Attack Surface: The integration of IoT devices into renewable energy systems expands the number of vulnerable points. Sensors, smart meters, and connected devices provide essential data for optimizing energy production and distribution but can also serve as entry points for cyberattacks. Data Security and Privacy: Massive amounts of data collected from various devices are crucial for operational efficiency but pose significant risks if intercepted or tampered with. Supply Chain Vulnerabilities: Renewable energy projects often involve a complex supply chain including numerous vendors and third-party service providers.  Legacy Systems Integration: As new renewable technologies are deployed alongside existing infrastructures, the integration of legacy systems with modern, digital solutions creates compatibility issues and security gaps. These systems may not have been designed with cybersecurity in mind, making them particularly vulnerable. Innovations in Cybersecurity for Renewable Energy  Advanced Threat Detection Systems  Dubai's commitment to securing its energy sector is highlighted by its investment in sophisticated AI and machine learning technologies for threat detection. These systems are designed to handle the immense scale of data produced by the city’s renewable energy infrastructure. Leveraging AI enables predictive analytics and proactive threat detection, empowering the sector to identify and respond to potential cyber risks swiftly.  For example, the Dubai Electricity and Water Authority (DEWA) uses advanced AI algorithms that monitor and analyze data across its network to detect anomalies that could signify potential cyber threats.   These systems can process and correlate data from millions of IoT devices and sensors in real-time, offering a swift response to threats. The predictive capabilities of AI are crucial in preempting breaches before they escalate, enhancing the resilience of the energy grid.   Blockchain for Increased Transparency and Security  Blockchain technology is gaining traction in Dubai's renewable energy sector to enhance security and transparency. Its application ranges from securing transactions to managing the vast amount of data generated by IoT devices. For instance, blockchain's decentralized nature allows for the creation of a tamper-proof record of all transactions and data exchanges, making it impossible for unauthorized alterations.   Unlike centralized databases, where data is stored on a single server making it vulnerable to malicious attacks, blockchain distributes data across a network of nodes. This decentralization means that even if one part is compromised, the rest of the system remains secure, maintaining the integrity of the entire dataset.   Additionally, blockchain not only stores current data but also records a history of all transactions, enhancing transparency and traceability. By integrating blockchain technology, transparent and tamper-proof energy transactions can be established, ensuring the integrity and authenticity of data across the renewable energy supply chain.  Cybersecurity Fusion Centers  The establishment of cybersecurity fusion centers has been a strategic move for Dubai to strengthen its cyber defense capabilities. These centers are state-of-the-art facilities that merge advanced technology, expert processes, and deep human expertise, specifically designed to fortify cybersecurity across essential sectors such as energy.  The centers employ real-time threat intelligence sharing among public and private sectors, ensuring a coordinated response to cyber threats. They improve security through several critical functions such as:  Centralized Threat Management: Acting like a central nervous system for cybersecurity, these centers gather and integrate information from diverse sectors such as energy and finance. This centralized approach allows for faster and more coordinated responses to cyber threats.  Advanced Threat Analysis: These centers go beyond merely collecting data; they employ expert analysts and advanced tools to actively analyze cyber threats in real-time. This capability enables them to spot and strategize against emerging threats swiftly.  Enhanced Collaboration: Cybersecurity thrives on teamwork. Fusion centers facilitate stronger collaboration between government agencies, private companies, and key infrastructure providers, creating a more unified and effective defense network across Dubai.  Regulatory Frameworks and Compliance  Dubai’s proactive regulatory stance is evident through stringent cybersecurity standards mandated for the renewable energy sector. The Dubai Cyber Security Strategy aims to protect critical energy infrastructure from potential threats by enforcing rigorous compliance requirements.   For instance, regulations mandate regular cybersecurity assessments and audits for all energy sector entities. These assessments help identify vulnerabilities and ensure that all system components comply with the highest security standards. The strategy also includes training and awareness programs to foster a cybersecurity culture among stakeholders.  Future Directions in Cybersecurity for Dubai’s Renewable Energy Sector  Dubai's strategic approach to implementing cybersecurity technologies has significantly boosted both the security and efficiency of its renewable energy systems. The latest data highlights the impact of these initiatives. In 2022, the Dubai Electricity and Water Authority (DEWA) reported a significant 35% reduction in potential security incidents, attributed to the implementation of AI-based threat detection systems.  The integration of blockchain technology has also streamlined energy transactions, cutting down transaction times by over 40%. By combining advanced technologies like AI and blockchain with a sturdy regulatory framework, Dubai is not only strengthening its cybersecurity but also setting an international benchmark for safeguarding renewable energy infrastructures from cyber threats.  As Dubai pushes forward with its renewable energy goals, the need for enhanced cybersecurity measures grows. The sector must stay proactive and vigilant, continuously updating its defenses to keep pace with rapid technological advances and the changing landscape of cyber threats.  Looking ahead, collaboration will be key. Sharing knowledge and best practices globally will build stronger defenses and encourage innovation in cybersecurity strategies. Such international collaboration could lead to more robust frameworks that protect against current and future threats.  Dubai is also planning new projects to strengthen its leadership in renewable energy. These include expanding the Mohammed bin Rashid Al Maktoum Solar Park, which will not only boost capacity but also introduce modern technologies like energy storage solutions to improve grid stability. Furthermore, Dubai is exploring the potential of offshore wind farms to diversify its energy mix. These projects will employ innovative technologies that demand sophisticated cybersecurity protections.  In summary, the security of technological infrastructure is integral to Dubai's renewable energy strategy. Cybersecurity is not just a protective measure—it is a foundational aspect of ensuring that the city's energy sector remains resilient, efficient, and secure. Dubai's proactive, forward-thinking approach highlights its commitment to sustainability and innovation, setting the stage for a brighter and more secure energy future. 

image for Ransomware Attack Di ...

 Cyber News

Memorial Hospital and Manor in Bainbridge, Georgia, is managing the fallout from a ransomware attack that has disrupted its electronic health record (EHR) system, affecting both hospital and physician office operations. The hospital shared the news in a Facebook post, offering transparency about the issue while   show more ...

reassuring the public that patient care remains a priority. According to the post, the ransomware attack was discovered early Saturday morning when employees noticed alerts from the hospital’s virus protection software signaling potential security threats. Swift Response from Memorial Hospital and Manor Team Hospital administrators responded immediately, launching an internal investigation and working to gauge the extent of the breach. The team is now exploring restoration and recovery options to regain access to the EHR system. "While we believe this issue will not impact either the level or the quality of care we provide to our patients, we want to be fully transparent regarding this situation," the hospital stated. They emphasized that, despite operational setbacks, patient care continues to be the top priority. In response to the attack, Memorial Hospital has temporarily shifted to a paper-based system, a necessary but time-consuming alternative to maintain accurate patient records. As a result, patients visiting the hospital or its affiliated physician offices may face longer wait times. Staff members are working under difficult circumstances, manually handling patient records until the digital system can be restored. [caption id="attachment_92306" align="aligncenter" width="473"] Source: Facebook[/caption] Lack of Specifics on Ransomware Attacks Scope Hospital officials have not disclosed specific details on the scope of the ransomware attack or the ransom demand. They have assured the public, however, that the security team is focused on finding the most effective solution for recovery. Memorial Hospital’s transition to manual record-keeping underscores their commitment to patient safety despite the challenges posed by the outage. This response aligns with emergency protocols for healthcare providers handling similar incidents, enabling continuity of care even amid technological disruptions. In a message to the community, Memorial Hospital requested patience as the team works to resolve the issue as swiftly as possible. "We ask that you please bear with us as you may experience longer wait times when you come to either the hospital or physician offices as we are working on a paper-based process," the hospital noted. A Rise in Ransomware Attacks on Healthcare Facilities Ransomware attacks on healthcare facilities have become an increasingly common issue. Ransomware is a type of malware that encrypts an organization’s data and demands payment to restore access, often causing severe operational disruptions. Healthcare systems, in particular, are prime targets for cybercriminals because they rely heavily on timely access to digital records for patient care. The ransomware incident at Memorial Hospital and Manor highlights the growing cybersecurity threats facing hospitals and the critical importance of strong defenses in safeguarding patient data. Healthcare organizations should implement a multi-layered security approach, including employee training, regular system updates, and advanced threat detection software. For hospitals, routine cybersecurity assessments and preparedness drills are vital components of an effective response plan, enabling them to act quickly and minimize the impact of ransomware and other cyber threats. In the meantime, the healthcare industry as a whole continues to grapple with how best to protect sensitive patient data while ensuring that healthcare services remain accessible and reliable. As the investigation into the ransomware attack continues, Memorial Hospital and Manor is focused on restoring its digital systems and reinforcing its defenses to prevent future incidents.

image for New Vulnerabilities ...

 Firewall Daily

Cyble Research and Intelligence Labs (CRIL) has identified new IT vulnerabilities affecting Fortinet, SonicWall, Grafana Labs, and CyberPanel, among others. The report for the week of October 23-29 highlights seven IT vulnerabilities that require urgent attention from security teams, particularly given the sheer   show more ...

number of exposed devices involved.   The latest findings indicate that vulnerabilities in Fortinet, SonicWall, and Grafana Labs impact over 1 million web-facing assets. Notably, two high-severity vulnerabilities in CyberPanel have already been leveraged in widespread ransomware attacks. Organizations are urged to quickly assess their environments for these vulnerabilities and implement necessary patches and mitigations.   Major IT Vulnerabilities of the Week   Here are the top vulnerabilities detailed by Cyble's researchers, emphasizing the potential impact on IT security:   CVE-2024-40766: SonicWall SonicOS   Rated at 9.8 for severity, CVE-2024-40766 represents an improper access control vulnerability within the administrative interface of SonicWall’s SonicOS. This vulnerability has garnered the attention of managed security firms like Arctic Wolf, which report that ransomware groups such as Fog and Akira are exploiting it in SSL VPN environments to infiltrate networks.    CVE-2024-47575 and CVE-2024-23113: Fortinet FortiOS and FortiManager   Fortinet has been targeted by threat actors exploiting two vulnerabilities, both rated at 9.8. CVE-2024-47575, also known as “FortiJump,” allows attackers to execute arbitrary code through specially crafted requests in FortiManager. Concerns had arisen about Fortinet’s delay in disclosing this zero-day vulnerability prior to its public announcement on October 23. While Fortinet did notify some customers of a vulnerability in FortiManager with recommended mitigations, reports indicate that not all customers received this communication, highlighting a potential gap in the advisory process.   Furthermore, CVE-2024-23113 affects multiple versions of FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager, allowing remote, unauthenticated attackers to execute arbitrary code.    CVE-2024-9264: Grafana Labs   The vulnerability, rated at 9.4, CVE-2024-9264, concerns the SQL Expressions feature in Grafana Labs' open-source analytics and monitoring platform. This vulnerability allows for command injection and local file inclusion due to insufficient sanitization of user input in ‘duckdb’ queries.   CVE-2024-51567 and CVE-2024-51568: CyberPanel   CyberPanel has recently faced severe vulnerabilities rated at 10.0, CVE-2024-51567, and CVE-2024-51568. The first vulnerability allows attackers to bypass authentication and execute arbitrary commands, leading to significant exploitation in recent ransomware attacks. The second vulnerability involves a command injection flaw that poses serious risks to server management.    CVE-2024-46483: Xlight FTP Server   This critical integer overflow vulnerability affects the Xlight FTP Server, potentially allowing attackers to exploit packet parsing logic leading to heap overflows. With the availability of public Proof of Concepts (PoCs), this vulnerability could be weaponized in various attack campaigns.   Recommendations and Mitigations   To mitigate the risks posed by these vulnerabilities, organizations are encouraged to adopt the following best practices:   Ensure all software and hardware systems receive the latest patches from official vendors.   Implement an organized approach to inventory management, patch assessment, testing, deployment, and verification.   Isolate critical assets using firewalls, VLANs, and access controls to reduce the attack surface.   Create and maintain an incident response plan, testing it regularly to adapt to emerging threats.   Employ comprehensive monitoring solutions to detect and analyze suspicious activities in real-time.   Keep abreast of advisories from vendors, CERTs, and other sources to quickly address vulnerabilities.   Engage in vulnerability assessments and penetration testing to identify and remediate weaknesses.   Conclusion The vulnerabilities identified this week highlight the need for organizations to prioritize the patching of critical IT vulnerabilities. With the increasing chatter about these exploits on dark web forums, security teams must remain vigilant and proactive.    Implementing better security practices is essential to safeguard sensitive data and maintain the integrity of systems against online threats. The vulnerabilities in Fortinet, SonicWall, and Grafana Labs represent just a fraction of the risks that IT environments face today, making immediate action imperative. 

image for FortiManager May Sti ...

 Cyber News

The ‘FortiJump’ vulnerability in Fortinet’s FortiManager management platform may not have been completely fixed by the company’s patch issued last month. A screen recording posted to X (formerly known as Twitter) today by WatchTowr suggested that the vulnerability - CVE-2024-47575 - can still be exploited.   show more ...

Cyble threat intelligence researchers reported last week that 62,000 vulnerable FortiManager instances were exposed to the internet, indicating significant enterprise exposure to this 9.8-severity vulnerability. “[D]espite all the buzz about FortiManager - the saga is about to continue,” WatchTowr said. “Please, remove this from the Internet *even if fully patched*” The FortiJump Saga Continues Reports of an exploited zero-day vulnerability in FortiManager were circulating more than a week before the CVE was officially reported on October 23. That created confusion among security researchers and even some FortiManager customers, but Cyble noted that Fortinet had sent clients an advisory a week before the vulnerability was officially disclosed, and that communication contained recommended mitigations too. However, some FortiManager customers said they hadn’t received that communication, suggesting a need for Fortinet to revisit its advisory procedures. In a blog post that was published the same day as the CVE, Mandiant said it had been working with Fortinet on the issue and noted that the vulnerability – classified as a “missing authentication for critical function” weakness (CWE-306) – had been exploited more than 50 times since at least late June by a new threat actor dubbed “UNC5820.” “UNC5820 staged and exfiltrated the configuration data of the FortiGate devices managed by the exploited FortiManager,” Mandiant said. “This data contains detailed configuration information of the managed appliances as well as the users and their FortiOS256-hashed passwords. This data could be used by UNC5820 to further compromise the FortiManager, move laterally to the managed Fortinet devices, and ultimately target the enterprise environment.” The post noted that data sources analyzed by the investigators “did not record the specific requests that the threat actor used to leverage the FortiManager vulnerability. Additionally, at this stage of our investigations there is no evidence that UNC5820 leveraged the obtained configuration data to move laterally and further compromise the environment.” Still, a commenter on a Reddit thread discussing the latest revelation noted, “For everyone running one anyway the best solution is rebuilding it from scratch and never connect the instance to the internet, at least put something in front of it and only let trusted IPs connect.” Also read: Nearly 1 Million Vulnerable Fortinet, SonicWall Devices Exposed to the Web Fortinet Has Updated FortiJump Advisory 8 Times The Cyber Express asked Fortinet for any comment or mitigations in response to WatchTowr’s claim that FortiManager remains vulnerable, but no response had been received as of publication time. CISA issued an alert on October 30 stating that Fortinet had updated its guidance (PSIRT FG-IR-24-423) on the vulnerability, which includes a number of allowlisting and denylisting steps to prevent the addition and registration of unauthorized devices in addition to recovery methods. According to Fortinet’s timeline at the bottom of the guidance page, the most substantive changes to the document appeared to have occurred between Oct. 23-28: 2024-10-23: Add FortiManager Cloud fixes 2024-10-24: Added workarounds to block the addition of unauthorized devices via syslog or FDS 2024-10-24: Added 195.85.114.78 in IoCs 2024-10-25: Added note about log entries IoCs 2024-10-28: Added link to "Best Practices for Maintaining Secure Credentials" 2024-10-28: Added note in workaround 1. (FMG Cloud recommended workaround) 2024-10-30: Added IoCs (4 IP addresses and 1 SN) 2024-11-04: Removed duplicate IP addresses  

image for Japan’s Active Cyb ...

 Cyber Essentials

The Japanese government’s plan to introduce a cybersecurity bill focused on "active cyber defense" has hit significant delays. Originally expected to be introduced in the fall of 2024, the bill is now unlikely to reach Parliament before the end of the year. This shift follows the recent change in Japan’s   show more ...

prime minister and the defeat of the ruling Liberal Democratic Party (LDP) in the October general election, leading to a complex political landscape and growing uncertainties around the proposed bill. Stalled Momentum for Cybersecurity Bill The Japanese cybersecurity bill’s core objective is to establish Japan’s ability to defend against cyberattacks. It proposes to monitor and detect potential threats to government and critical infrastructure and, if needed, counteract by deploying computer viruses to neutralize adversary servers. However, the active defense approach has sparked concerns over privacy issues, specifically about the potential conflict with Japan’s constitutional protection of communication secrecy, which restricts government surveillance under normal circumstances. The first step in this legislative journey was an interim report from an expert panel on August 6, recommending ways to enhance Japan’s cybersecurity. However, soon after, then-Prime Minister Fumio Kishida announced he would not participate in the LDP leadership race, signaling his exit from office and halting further meetings on the bill’s development. The new prime minister, Shigeru Ishiba, now faces political challenges after the ruling LDP-Komeito coalition suffered a stinging defeat in the October elections. Without a majority, the coalition is now looking to opposition parties for support to pass key bills, including the cybersecurity legislation. As a former defense minister shared, "Coordination inside the government has not ended. The earliest possible cybersecurity bill submission is during next year's regular Diet session." In the meantime, the coalition is focused on passing the fiscal 2024 supplementary budget with help from opposition partners, which has taken priority over the cybersecurity initiative. Concerns Over ‘Active Cyber Defense’ and Communication Privacy The active cyber defense approach has raised constitutional questions. Given Japan’s strict protections on communication privacy, some government officials and legal experts have voiced concerns about surveillance potentially violating individual rights. Active monitoring of communications to detect cyber threats under this proposed bill could conflict with these protections. The LDP originally campaigned to raise Japan’s cybersecurity capabilities to match those of the U.S. and Europe. But with former LDP Secretary General Akira Amari, a major supporter of the policy, losing his seat in the recent election, enthusiasm for the active cyber defense bill has weakened, and support within the party appears less certain. Rising Cybersecurity Threats Highlight Need for Action As digital technologies increasingly become a part of daily life in Japan, cybersecurity issues have become a major concern. In recent years, Japan has witnessed a rise in cybercrimes ranging from cyberbullying to ransomware and online fraud. For instance, in 2020, cyberbullying took center stage after the tragic suicide of Hana Kimura, a young professional wrestler who was harassed online. Since then, Japan has seen a steady rise in ransomware attacks, online banking frauds, and other cybercrimes. In 2023 alone, online banking frauds resulted in losses exceeding 8.7 billion yen. Data breaches have also become more common, affecting both the public and private sectors. In July 2024, Recruit Co., Ltd., a prominent Tokyo-based company, reported a data breach involving its real estate wing, SUUMO, exposing the sensitive data of over 1,300 employees. Although customer data was not compromised, the incident brought attention to potential vulnerabilities in Japan’s corporate cybersecurity practices. A Push for Mandatory Reporting of Cyberattacks In response to rising cyber threats, the Japanese government is also exploring a mandate requiring private companies operating critical infrastructure to report any incidents of cyber damage. Until now, businesses have been hesitant to report cyberattacks, fearing the impact on stock prices and corporate reputation. This lack of transparency has made it harder to assess and contain the impact of cyber threats across sectors. Under the government’s new plan, critical infrastructure providers—including telecommunications, finance, and transportation—would be legally obligated to report cyber incidents, aiming to create a proactive culture of cybersecurity. In 2022, a voluntary action plan encouraged reporting, but compliance was limited due to its non-binding nature. By turning this recommendation into a legal requirement, officials hope to improve the rapid sharing of information, allowing other businesses to take preventive measures. The Japan Association of Corporate Executives, a key business lobby, has long advocated for mandatory reporting, highlighting that a coordinated approach is essential to counteract the rising tide of cyber threats. Designating Critical Sectors for Cybersecurity Oversight In addition to mandatory reporting, the government has designated 15 sectors as critical infrastructure. These include government and administrative services as well as essential industries like healthcare, finance, and transportation. These sectors play a vital role in national security and economic stability, and they are often targeted in cyberattacks. By classifying these industries as critical, the government aims to prioritize cybersecurity efforts in areas where an attack could have widespread effects on the public and the economy. Japan’s moves toward enhancing cybersecurity align with its goals to strengthen digital defenses amid growing technological integration in society. Cashless payments, digital health services, and remote work have become integral parts of life, and the resulting rise in cyberattacks underscores the need for comprehensive security measures. With a stronger focus on mandatory reporting, active defense, and collaboration across sectors, Japan aims to better protect its infrastructure, businesses, and citizens from cyber threats. However, political and legal challenges remain. As the government prepares to reintroduce the cybersecurity bill in 2025, finding a balance between effective defense and constitutional privacy rights will be essential. For now, Japan’s cybersecurity future depends on its ability to unite its political factions and address the public’s concerns over privacy and surveillance.

image for APT36 Refines Tools ...

 Feed

The Pakistan-based advanced persistent threat actor has been carrying on a cyber-espionage campaign targeting organizations on the subcontinent for more than a decade, and it's now using a new and improved "ElizaRAT" malware.

 Feed

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Internet. It also enables software developers to create new communication tools with built-in privacy features. It provides the foundation for a range of applications that allow organizations and individuals   show more ...

to share information over public networks without compromising their privacy. Individuals can use it to keep remote Websites from tracking them and their family members. They can also use it to connect to resources such as news sites or instant messaging services that are blocked by their local Internet service providers (ISPs). This is the source code release.

 Feed

Debian Linux Security Advisory 5802-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

IBM Security Verify Access versions prior to 10.0.8 suffer from authentication bypass, reuse of private keys, local privilege escalation, weak settings, outdated libraries, missing password, hardcoded secrets, remote code execution, missing authentication, null pointer dereference, and lack of privilege separation vulnerabilities.

 Feed

Red Hat Security Advisory 2024-8425-03 - Red Hat OpenShift Container Platform release 4.15.37 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.

 Feed

Cybersecurity researchers have discovered a new version of a well-known Android malware family dubbed FakeCall that employs voice phishing (aka vishing) techniques to trick users into parting with their personal information. "FakeCall is an extremely sophisticated Vishing attack that leverages malware to take almost complete control of the mobile device, including the interception of incoming

 Feed

Cybersecurity researchers have disclosed six security flaws in the Ollama artificial intelligence (AI) framework that could be exploited by a malicious actor to perform various actions, including denial-of-service, model poisoning, and model theft. "Collectively, the vulnerabilities could allow an attacker to carry out a wide-range of malicious actions with a single HTTP request, including

 Feed

German law enforcement authorities have announced the disruption of a criminal service called dstat[.]cc that made it possible for other threat actors to easily mount distributed denial-of-service (DDoS) attacks. "The platform made such DDoS attacks accessible to a wide range of users, even those without any in-depth technical skills of their own," the Federal Criminal Police Office (aka

2024-11
Aggregator history
Monday, November 04
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary