Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Critical WPLMS WordP ...

 Vulnerability News

A newly discovered vulnerability in the WPLMS WordPress theme threatens websites with potential Remote Code Execution (RCE) due to a critical path traversal flaw. CVE-2024-10470, a vulnerability in the WPLMS Learning Management System (LMS) theme for WordPress, allows attackers to read and delete arbitrary files on   show more ...

the server, regardless of theme activation status. The flaw, assigned a 9.8 CVSS score, stems from inadequate file path validation in functions handling file reading and deletion. Notably, this vulnerability could affect thousands of LMS-driven websites, risking unauthorized data access and complete system compromise. Vulnerability Details and Scope This path traversal vulnerability, identified by researcher Friderika Baranyai (Foxyyy), impacts all WPLMS versions up to 4.962. While not requiring authentication, attackers exploit the flaw by targeting the theme’s file handling functions. Sites operating any WPLMS version below 4.963 are vulnerable, even if the theme is inactive, leaving critical WordPress installations exposed. A crafted request, such as the one described by GitHub user RandomRobbieBF, demonstrates the exploit’s simplicity. Attackers can delete essential files like wp-config.php—a configuration file necessary for WordPress operation—potentially resulting in full server control. Also read: Top 10 Most Common WordPress Vulnerabilities to Look Out For in 2024 Exploit Mechanism and Risks An attacker could execute this vulnerability by sending crafted HTTP POST requests with the "download_export_zip" parameter, manipulating the server to delete or read critical files. For instance: POST /wp-content/themes/wplms/setup/installer/envato-setup-export.php HTTP/1.1 Host: [Target-IP] Content-Type: application/x-www-form-urlencoded Content-Length: 29 download_export_zip=1&zip_file=.htaccess This request targets sensitive files like .htaccess, potentially destabilizing the server or granting unauthorized file access. Though there’s no proof of active exploitation yet, the vulnerability remains exploitable, underscoring its critical nature. Mitigation Measures and Recommendations Administrators using the WPLMS theme should take immediate action to secure their WordPress environments. Recommended steps include: Deactivate and Remove WPLMS Theme: Temporarily disable and remove WPLMS until a patch is applied. If the theme is non-essential, permanent removal could prevent future exploits. Strengthen Access Controls: Limit access to files like wp-config.php and enforce file permissions to prevent unauthorized modification or deletion. Implement File Integrity Monitoring: Use tools to monitor and alert administrators of unauthorized file changes, enabling faster response to attacks. Regular Backups: Back up WordPress files and databases to allow swift recovery if data is compromised. Deploy a Web Application Firewall (WAF): Filter malicious requests to block potential path traversal exploits targeting WPLMS vulnerabilities. Stay Updated: Regularly monitor for WPLMS updates, as version 4.963 resolves this vulnerability. CVE-2024-10470 represents a serious threat for WPLMS users, allowing unauthenticated file deletion that risks data integrity and system control. Administrators should urgently secure their WordPress installations, apply any available patches, and enforce strong access controls. These steps will help mitigate the chances of unauthorized access and safeguard critical site functions.

image for Are You Googling Thi ...

 Cyber News

Hackers are increasingly using a new tactic to target unsuspecting internet users who search for seemingly harmless information online. In an urgent warning, cybersecurity firm SOPHOS has highlighted a specific vulnerability affecting search engine users who search for particular phrases. According to reports and   show more ...

coverage by New York Post, typing specific words into search engines could expose people to serious cyber risks, such as identity theft or even loss of financial information. The latest trend in cyberattacks, known as "SEO poisoning," has cybersecurity experts on high alert. This tactic involves cybercriminals manipulating search engine results to push their own malicious websites to the top, making it easier for unsuspecting users to click on fraudulent links. Once these links are clicked, the hackers can deploy a range of harmful software to gain access to the user’s personal information. According to the report, simply typing in six specific words, particularly “Are Bengal Cats legal in Australia?” has been linked to these malicious attacks, with search results for this phrase triggering malware that could compromise users’ devices and data. Targeting Innocent Searches For many internet users, searching for answers to general queries is part of everyday life. However, hackers have taken advantage of this habit by crafting attacks around harmless search terms. In the latest example, users looking up whether Bengal cats are legal pets in Australia were surprised to find themselves victims of a cyberattack. The report warns that this kind of search term targeting is particularly concerning because it demonstrates how criminals are using everyday interests and questions to lure in victims. “Victims are often enticed into clicking on malicious adware or links disguised as legitimate information, or, in this case, a regular Google search,” SOPHOS explained. By using SEO poisoning, hackers can make their harmful links appear credible and trustworthy, making it more likely for users to click without suspicion. Why Australians Are at a Higher Risk One of the unique factors in this recent wave of cyberattacks is the focus on users searching from Australia. According to the reprot, dangerous links and malware are more likely to appear when the search term includes the word “Australia.” This makes Australian internet users particularly vulnerable, as criminals seem to be optimizing their malicious search results specifically for those looking for information related to the country. While the exact reason behind this geographical targeting remains unclear, it is suggested that cybercriminals are using regional terms and phrases to enhance their SEO manipulation and reach a specific audience. This has left Australian users at the highest risk for potential security breaches, data theft, and other cyber threats related to this kind of search. How the Gootloader Malware Works The malicious software used in these attacks is called "Gootloader," a malware program that operates by stealing personal information and causing serious disruptions. After users click on the fraudulent search results, Gootloader can infiltrate their devices, granting hackers access to sensitive data, including bank details and login credentials. In some cases, the malware may even lock users out of their own devices, leaving them helpless without professional assistance to regain control. According to report, Gootloader is especially dangerous because it can disguise itself as a legitimate application. Many users are not even aware they have clicked on a harmful link, as the pages they are led to appear to be legitimate. But once downloaded, Gootloader quietly collects personal data from the user’s device, and the hackers can exploit this data for various purposes, such as financial theft or unauthorized access to social media and email accounts. Preventing SEO Poisoning Attacks As SEO poisoning becomes a more widely used tactic among cybercriminals, the report has emphasized the importance of preventive measures. For those who may have been affected, updating and strengthening passwords immediately is recommended, especially for sensitive accounts like banking or email. Additionally, users should avoid clicking on search results that seem overly promoted or too good to be true, particularly for niche or regional search terms that may be more susceptible to SEO manipulation. It is also essential for users to maintain reliable antivirus software and keep their devices updated with the latest security patches. Many antivirus solutions now have built-in features that can detect malicious sites before they load, adding an extra layer of protection. For those concerned about accidentally falling victim to SEO poisoning, it is advised that a bit of caution with search engine use can go a long way. Using direct URLs to trusted sites, especially for financial or personal information inquiries, may help users avoid harmful links altogether. Why Everyday Searches are Vulnerable While some people believe that cybersecurity threats are limited to high-stakes targets, the latest warning shows that anyone can become a victim. The seemingly niche search term “Are Bengal Cats legal in Australia?” appears harmless and unrelated to financial matters, yet it has become a trap for many unsuspecting users. The attack's success relies on the fact that users are not anticipating danger while searching for mundane information, thus making them more likely to click without second-guessing. This recent trend highlights the changing nature of cyber threats. Hackers are adapting to user behavior, and as more people rely on search engines for answers to daily questions, cybercriminals are capitalizing on these habits.

image for Radwan Cyber Pal Hac ...

 Firewall Daily

A new wave of cyberattacks has started targeting Israel, with an anti-Israel hacker group calling itself "Radwan Cyber Pal" claiming responsibility for a breach of the Ministry of National Security.   The hacker collective announced they had accessed sensitive data from the Ministry, including personal   show more ...

details of over 5,000 Israeli settlers and soldiers, as well as a large number of classified documents.  The Radwan Cyber Pal Attack: A Breach of National Security  In an exclusive communication with The Cyber Express, the group detailed their actions, which they described as a retaliatory strike against the "genocidal regime" of Israel. According to a statement translated into English, the hackers claimed, “Following our victories in the field of the war with the genocidal regime, we, the Radwan Cyber Pal, targeted Israel’s Ministry of National Security. We have the full data of the Occupation settlers and soldiers, in addition to many confidential documents.”  The hackers further claimed that the information they accessed includes personal data of armed settlers and Israeli soldiers, potentially exposing key details that could compromise national security. These revelations raise questions about the security measures in place within the Ministry, especially given the large volume of confidential documents that were reportedly breached.  The Scope of the Breach  The Radwan Cyber Pal attack is not isolated. Over the past few weeks, Israel has been grappling with a surge in cyberattacks. The Cyber Express previously covered data breaches directed toward critical military and national security data, including sensitive information about Israeli soldiers and settlers.   While the full extent of the breach has yet to be confirmed by Israeli officials, the hacker group claims to have obtained a treasure trove of confidential materials, adding to the ongoing concerns about the vulnerability of Israeli cyber defenses.  This incident is just one example of escalating cyber threats faced by Israel, with increasing concerns about the country’s cybersecurity infrastructure. The data breach not only exposes personal information but could also have far-reaching consequences on national security operations. As the Radwan Cyber Pal group boasts, they now could hold critical data that could potentially destabilize certain security protocols and operations.  At the time of writing, Israel’s Ministry of National Security has not officially confirmed or denied the claims made by the Radwan Cyber Pal group. The Cyber Express reached out to the Ministry for clarification, but no response has been received.   The lack of an official response from Israeli authorities highlights the seriousness of the attack and the complexity of verifying such breaches in real-time. If proven true, this attack could expose significant flaws in Israel’s cybersecurity strategies, especially concerning the protection of military and settler information.  Israel's Ongoing Struggle with Cyberattacks  This breach comes at a time when Israel is facing a heightened number of cyberattacks from various groups. Previously, The Cyber Express reported on a series of cyber incidents, including a DDoS (Distributed Denial of Service) attack that temporarily paralyzed Israeli credit card systems. That attack, which affected the payment system of a major clearing company, prevented some citizens from using their credit cards for several hours.  Interestingly, both Channel 12 News and Army Radio reported that a hacker group with links to Iran was behind the DDoS attack. These developments suggest a broader pattern of coordinated cyber aggression, with hostile actors targeting Israeli infrastructure, both military and civilian.  Conclusion  The claims made by Radwan Cyber Pal and the potential breach of Israel’s Ministry of National Security highlight the growing importance of cybersecurity in global military and national defense. This is an ongoing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information about the alleged attack by Radwan Cyber Pal or any official confirmation from the ministry Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information. 

image for TMF Group Welcomes K ...

 Appointments

TMF Group, a global leader in employee, financial, and legal administration services, has appointed Kumar Ravi as its new Chief Information Security Officer (CISO). With more than 23 years of leadership experience in Information & Cyber Security, Data Privacy, and Risk & Compliance, Kumar will lead the   show more ...

company's efforts to enhance its information security and cyber defense strategies across its global operations. TMF Group, which employs over 11,000 professionals across 125 offices in 87 jurisdictions, plays a critical role in helping firms invest and operate securely around the world. With a presence in regions covering 92% of world GDP and 95% of FDI inflow, TMF Group ensures that businesses can trust in the safety and integrity of their operations, wherever they may be. Kumar Ravi brings a wealth of experience to his new role at TMF Group. He has held key leadership positions in both India and on a global scale, and has built a solid reputation for his expertise in managing enterprise-wide information security programs. As the Global CISO for TMF Group, he will be responsible for overseeing the company’s comprehensive information security and cyber security strategy, as well as its Business Continuity Management program. Kumar Ravi: A Seasoned Cybersecurity Leader Before joining TMF Group, Kumar was the CISO for Teleperformance in India and Global Business Services. In this role, he played an instrumental part in shaping the company's information security landscape, protecting its operations and customer data across multiple regions. Kumar has also served as the Global Vice President at EXL, where he oversaw information security and disaster recovery advisory services in India and the Middle East. His experience also includes working with Wipro Consulting Services in the Governance, Risk, and Compliance (GRC) consulting practice, where he guided organizations in enhancing their security posture. Throughout his career, Kumar has worked extensively in the IT/ITeS, BPM, and insurance sectors, gaining diversified experience in leading large-scale cybersecurity initiatives. He has successfully implemented global strategies that align with industry standards and best practices. His expertise spans a wide range of critical areas, including Governance, Risk Management, Business and Third-Party Risks, Cyber Defense, Incident Response, Vulnerability Management, Application Security, Offensive Cybersecurity Testing, and Advanced Threat Detection. Cybersecurity Expertise Across Multiple Domains Kumar’s experience in managing complex cybersecurity programs is extensive. He has led organizations in developing strong information security frameworks, addressing emerging cyber threats, and mitigating risks through advanced defense mechanisms. His hands-on experience in vulnerability management, malware analysis, and incident response positions him as a highly qualified professional to safeguard TMF Group's digital infrastructure and client data. In addition to his technical expertise, Kumar has focused on enhancing user awareness programs to ensure that employees across organizations understand and mitigate the risks posed by cyber threats. His work in this area has helped businesses create a culture of security, empowering employees to become active participants in protecting sensitive information. Educational and Professional Credentials Kumar’s educational background includes a Diploma in Business Management from the Asian Institute of Management (AIM) in the Philippines. In addition, he holds several professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified Ethical Hacker (CEH), and Data Protection Law Advisor (DCPLA), among others. These certifications reflect his commitment to continuous learning and staying ahead of the curve in the fast-evolving field of cybersecurity. The appointment of Kumar Ravi as CISO reflects TMF Group's commitment to securing its operations and protecting the sensitive data of its global client base. His leadership and expertise will be crucial in further enhancing the company’s information security posture as it continues to expand its reach and services around the world.

image for How Data Breach Laws ...

 Cyber News

A recent study led by researchers from The University of Western Australia (UWA) has revealed that data breach laws are driving up the cost of private debt for businesses, though effective cybersecurity strategies can help mitigate these costs.   Published in The British Accounting Review, the study highlights how   show more ...

the US data breach notification (DBN) laws affect borrowing terms for companies, with a particular focus on the financial implications of breach disclosures.  Data breach notification laws, which require companies to notify individuals if their personal data has been compromised, are a critical part of consumer protection. While these laws serve to safeguard consumers, they also introduce financial burdens for businesses that suffer data breaches.   The research investigates the ripple effect these laws have on firms' access to credit, revealing that firms operating in states with such laws face higher borrowing costs, as lenders adjust their risk assessments.  How DBN Laws Influence Borrowing Costs  The core of the study centers around the impact of DBN laws on private debt costs. These laws, which started in California in 2002, have now been adopted in all 50 U.S. states, compelling businesses to disclose data breaches to the public.   While this practice serves consumer interests, it also increases the perceived risk associated with lending to affected companies. According to the study, when companies are required to disclose breaches, lenders anticipate higher future costs, such as litigation fees and reputational damage, which can lead to more expensive loans for these firms.  Lead author Nishant Agarwal, a lecturer at UWA’s Business School, noted that the study confirmed lenders are factoring in the added risks posed by potential future data breaches when assessing loan applications.   "Our research shows that the increase in borrowing costs is driven by lenders’ concerns over future risks, including the potential for legal repercussions and reputational harm following a data breach," Agarwal explained. This elevated risk perception results in higher interest rates for companies operating in breach-prone sectors, especially those that disclose cybersecurity risks in their filings.  However, the research also provides a silver lining: businesses that take proactive steps to address these cybersecurity concerns—by investing in robust security measures or appointing technology officers—can reduce their borrowing costs. These companies are viewed more favorably by lenders, which can translate into lower interest rates and better loan terms.  The Intersection of Cybersecurity and Finance  The study, which used data from 2002 to 2018 to assess the impact of staggered state-level adoption of DBN laws, sheds light on the relationship between cybersecurity and finance. It found that firms that have invested in strong cybersecurity infrastructure are perceived as less risky by lenders. This, in turn, can offset some of the cost increases typically associated with breach disclosures.  "Our findings suggest that businesses with a strong cybersecurity focus are better positioned to navigate the regulatory landscape created by DBN laws," said Agarwal. "Investing in cybersecurity not only protects a company’s assets but also improves its financial resilience by reducing the risk of higher borrowing costs."  The research also emphasizes the importance of forward-thinking risk management strategies in today’s increasingly digital world. Firms that integrate cybersecurity into their core business strategy, especially at the leadership level, can mitigate the negative impact of DBN laws on their financial performance.  A Closer Look at the Data  The study analyzed how the introduction of DBN laws has affected loan contracts and borrowing terms across various industries. The research revealed that firms in states with DBN laws face an average increase in loan spreads by 0.19% (approximately 39.79 basis points) compared to companies in states without such laws. The increase was particularly pronounced for firms in breach-prone industries such as technology, healthcare, and finance, where the risks associated with data breaches are inherently higher.  On the other hand, companies with strong cybersecurity measures, such as appointing dedicated technology officers or investing in advanced security technologies, saw a smaller increase in borrowing costs. This indicates that lenders recognize these companies as being proactive in mitigating risks, and as such, are more inclined to offer favorable loan terms.  One notable observation was that the increase in borrowing costs was also more significant for firms with internal control weaknesses or those that disclosed cybersecurity risks in their filings. This suggests that companies with higher exposure to data breach risks, or those perceived as poorly equipped to handle such risks, face a more substantial financial burden when borrowing.  Broader Implications for the Corporate World  The study’s results underscore a critical message for businesses operating in an increasingly digital landscape: cybersecurity preparedness is not just an IT concern, but a financial one as well. Firms that invest in robust security measures and integrate cybersecurity leadership into their corporate strategy can improve their financial resilience and avoid the costly repercussions associated with data breach disclosures.  In a statement, Agarwal added, "Our research highlights the growing intersection of cybersecurity, regulation, and finance. As data breach laws continue to evolve, firms that prioritize cybersecurity are better positioned to manage the financial challenges associated with these regulations."  Conclusion   This research, led by Nishant Agarwal from The University of Western Australia, with contributions from Chandrani Chatterjee (University of Texas) and Swetha Agarwal (Indian School of Business), provides key insights into the impact of data breach notification (DBN) laws on borrowing costs.  The study highlights how these laws can increase the financial burden on businesses, particularly those in breach-prone industries. However, the findings also emphasize that companies can mitigate these costs by prioritizing strong cybersecurity and integrating risk management strategies into their operations.   The research highlights the growing need for companies to recognize the intersection of cybersecurity and financial decision-making, reinforcing that effective cybersecurity not only protects a company’s reputation but also contributes to more favorable financial outcomes in an increasingly competitive market. 

image for D-Link to Not Fix Cr ...

 Vulnerability News

A severe security flaw in outdated D-Link network-attached storage (NAS) devices leaves over 61,000 units exposed online with no patches. Researchers have identified a command injection vulnerability in several legacy D-Link NAS models, posing a critical security risk. Tracked as CVE-2024-10914, this flaw allows   show more ...

unauthorized attackers to gain control by injecting commands through the "name" parameter in the device’s user-add command. With a critical CVSS score of 9.2, this vulnerability demands immediate mitigation efforts, especially since these devices no longer receive updates. Affected End-of-Life Devices The vulnerability impacts multiple D-Link NAS models, including DNS-320, DNS-320LW, DNS-325, and DNS-340L, all of which have reached end-of-life (EOL) status. D-Link categorizes these devices as end-of-service (EOS), meaning they no longer receive firmware updates or support, leaving users without an official patch. Due to insufficient input sanitization, attackers can manipulate the account management script to execute arbitrary commands, potentially compromising all data stored on the device. According to a FOFA platform scan by security researcher NetSecFish, over 61,000 unique IPs expose vulnerable devices, revealing the scale of potential risk. Also read: Beware of Active Exploitation: Critical Vulnerabilities in D-Link NAS Devices Exposes 92,000 Devices Exploitation and Attack Simplicity Exploiting CVE-2024-10914 requires minimal technical skills. Attackers simply send an HTTP GET request to the device’s IP address, embedding malicious code in the "name" parameter. A sample attack command could look like this: curl “http://[Target-IP]/cgi-bin/account_mgr.cgi?cmd=cgi_user_add&name=%27;<INJECTED_SHELL_COMMAND&gt;;%27” The vulnerability, classified as command injection (CWE-77), enables attackers to seize control over vulnerable NAS devices, potentially accessing stored data and infiltrating broader network areas. D-Link’s Advisory and Recommendations D-Link acknowledges the severity of this vulnerability but confirms no fix will be issued due to the EOL status of affected models. The company advises users to retire these devices or, if retirement isn’t feasible, follow certain mitigation steps: Disconnect from Public Internet: Isolate NAS devices from the public internet to prevent external exploitation. Restrict Device Access: Use firewall rules to limit access to trusted internal networks. Update Device Credentials: Regularly change and strengthen passwords, and enable encryption for wireless connections. Consider Third-Party Firmware: Advanced users can opt for third-party firmware, though this may void warranties and lacks D-Link support. Beyond D-Link’s recommendations, cybersecurity firm Cyble recommended organizations to adopt best practices like network segmentation, scheduled vulnerability scanning, and network traffic monitoring, to minimize exposure to this risk. As D-Link’s affected NAS devices will not receive patches, CVE-2024-10914 underscores the risks of using unsupported hardware. Immediate action is crucial—either retiring these devices or implementing strict access controls to secure data integrity. Upgrading to newer, supported models remains the most effective solution for safeguarding critical information. Also read: Researchers Observe Hackers Exploiting Vulnerability in End-of-Life D-Link DIR-859 Routers

image for Cyberattack Disrupts ...

 Firewall Daily

Israel has faced a series of cyberattacks targeting its critical infrastructure, including gas stations and credit card systems. The latest cyberattack occurred on Sunday when thousands of credit card readers across Israeli gas stations and retail outlets malfunctioned due to a suspected cyberattack on credit card   show more ...

systems.    The disruption, which lasted for an hour, has raised concerns about the vulnerability of Israel’s digital payment systems and the growing risks posed by gas station cyberattacks.   The cyberattack on credit card systems, which primarily affected credit card readers in Israeli gas stations and supermarkets, was attributed to a suspected DDoS (Distributed Denial of Service) cyberattack.    Hyp Credit Guard, a company responsible for ensuring the cybersecurity of payment systems in Israel, quickly addressed the issue, stating that the attack targeted the communication services used by many retailers, reported The Jerusalem Post.    Cyberattack on Credit Card and Gas Station  The company's statement clarified that it had ruled out the possibility of a broader, more severe cyberattack, attributing the malfunction to a targeted DDoS assault on telecommunications providers. Fortunately, the issue was resolved, and the systems were restored to normal operation after about an hour.   The company’s spokesperson noted, "In the last hour, we experienced a DDoS attack on some of the company's services and the communication providers connected to us. At this point, the attack was blocked, and the service returned to normal operation. We are coordinating with all security agencies to ensure continued normal operation."    While this incident was resolved relatively quickly, it highlights the growing threat posed by cyberattacks on the financial and retail sectors, especially on gas stations and stores that rely heavily on real-time payment processing.   A Pattern of Iranian Cyberattacks   This most recent cyberattack is not an isolated event. It follows a pattern of ongoing cyber hostilities between Israel and various adversarial groups, with Iranian-linked hackers often suspected in such attacks. For example, a similar cyberattack on credit card systems was reported in October, when a major Israeli payment solution company, Sheba (Automated Bank Services), was targeted. The attack caused delays in processing debit card transactions but did not affect the core operations of Israel’s national payment systems, thus preventing a wider market disruption.   Israeli cybersecurity experts believe these attacks are part of a larger strategic effort by Iran to disrupt Israel’s economy and infrastructure. Iranian-backed cyber groups have increasingly targeted Israeli civilian systems, including financial networks, communications, and government databases. These attacks come amid heightened tensions in the region, especially since the onset of the conflict in Gaza.   Gas Stations: A Growing Target   In addition to retail outlets, Israeli gas stations have also become frequent targets for cyberattacks on gas stations. Gas stations, which process numerous credit card transactions daily, are critical nodes in the financial ecosystem. A successful credit card cyberattack on these stations can not only disrupt payments but also damage public trust in the security of digital payment methods.   The latest incident in Israel underscores how vulnerable these key infrastructure points are to cyber threats. Gas stations, which rely on external payment processing services, are susceptible to disruptions caused by attacks on third-party communication providers or direct breaches of payment systems. The relatively brief nature of the attack did not cause long-term damage, but the mere fact that such an attack is possible demonstrates the risks posed by cybercriminals, especially in a region where cyber warfare is an increasingly common tactic.   A Broader Trend: Escalating Cyber Tensions in Israel   The cyberattack on gas stations and credit card systems in Israel is part of a broader trend of rising cyber conflicts in the region. Since the outbreak of the Gaza conflict, the number of cyberattacks targeting Israeli institutions has surged. The Israeli government has even established special defense mechanisms, such as the “Global Cyber Iron Dome,” aimed at defending against cyber threats from state and non-state actors.   Earlier in the year, Israeli cybersecurity services faced significant challenges as several government websites, including the Ben Gurion Airport website, were taken offline by cyberattacks on Israeli websites. Additionally, hacker groups such as Anonymous Sudan and others have launched persistent attacks against Israel’s public-facing digital infrastructure, including its emergency alert systems.   In mid-2023, a wave of cyberattacks compromised over 60 Israeli websites within a matter of days. These included not only government websites but also private organizations, illustrating the broad and indiscriminate nature of these attacks. The hacker collective Anonymous for Justice in Palestine further escalated tensions by leaking sensitive documents from Israel’s security and military ministries, continuing a pattern of using cyberattacks as a tool of political protest. 

image for CISA Warns of Critic ...

 Firewall Daily

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued multiple advisories alerting the public to critical vulnerabilities affecting industrial control systems (ICS) equipment deployed across critical infrastructure.   The vulnerabilities impact systems from prominent manufacturers, including   show more ...

Beckhoff Automation, Delta Electronics, and Bosch Rexroth. These flaws pose online risks to sectors such as energy, manufacturing, and smart machine engineering, highlighting ongoing cybersecurity challenges faced by critical infrastructure.  Beckhoff Automation Vulnerability: CVE-2024-8934  One of the most severe vulnerabilities identified by CISA is in Beckhoff Automation’s TwinCAT Package Manager, a widely used software component in the critical manufacturing sector. The flaw, identified as CVE-2024-8934, involves an improper neutralization of special elements used in an OS command injection attack.  This type of vulnerability could enable a local attacker with administrative access to execute arbitrary operating system commands, potentially compromising the integrity and security of the affected system.  The vulnerability exists in versions of TwinCAT Package Manager prior to v1.0.603.0, and CISA’s advisory notes that a successful exploit requires a local user to enter specially crafted input through the software's user interface. When exploited, this could allow malicious commands to be executed on the underlying operating system, potentially enabling attackers to gain unauthorized control of critical infrastructure systems.  The Cybersecurity and Infrastructure Security Agency assigned a CVSS v3 base score of 6.5 and a CVSS v4 score of 7.0 to this vulnerability, indicating a moderate level of risk but still a significant concern given its potential impact.  Beckhoff Automation has since released a security update, recommending users upgrade to version 1.0.613.0 to mitigate the vulnerability. CISA also advised users to take additional precautions, such as inspecting values entered by administrative users and minimizing network exposure to control systems to reduce the likelihood of exploitation.  Delta Electronics Vulnerabilities: Remote Code Execution Risks  CISA’s advisories also pointed to multiple stack-based buffer overflow vulnerabilities in Delta Electronics’ DIAScreen equipment, used primarily in smart machine engineering and integrated into the DIAStudio Smart Machine Suite.   These vulnerabilities, identified as CVE-2024-47131, CVE-2024-39605, and CVE-2024-39354, all pose serious risks of remote code execution. The affected versions are prior to v1.5.0 of DIAScreen, with successful exploitation enabling attackers to remotely execute arbitrary code.  The vulnerabilities arise when a user is tricked into opening a malicious file within DIAScreen, which then triggers a stack-based buffer overflow. This can lead to the crashing of the device and, in more severe cases, the remote execution of malicious code.   All three vulnerabilities have been assigned a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.4, reflecting their high severity. Delta Electronics has since issued v1.5.0 of DIAScreen, advising users to update to this version as soon as possible to mitigate the risks.  Bosch Rexroth IndraDrive Vulnerability: Denial of Service Threat  Another critical vulnerability disclosed by CISA affects Bosch Rexroth’s IndraDrive equipment, a key component in the critical manufacturing sector. The vulnerability, designated as CVE-2024-48989, involves uncontrolled resource consumption and can be exploited by attackers to launch denial-of-service (DoS) attacks. By sending specially crafted UDP messages to devices running the affected PROFINET stack, attackers could cause the device to become unresponsive, potentially disrupting industrial operations.  This vulnerability has been assigned a CVSS v3.1 base score of 7.5 and a CVSS v4 score of 8.7, indicating a high risk of disruption. Bosch Rexroth has not yet issued a specific update for this issue, but organizations are advised to take immediate steps to minimize exposure to these threats, including isolating control systems from internet-facing networks.  CISA’s Recommendations and Mitigation Strategies  Considering these vulnerabilities, CISA has recommended a set of best practices to help organizations defend against exploitation. These include:  Control system devices should be placed behind firewalls and isolated from business networks to reduce the risk of unauthorized access.  When remote access is necessary, organizations should employ secure methods, such as Virtual Private Networks (VPNs), to protect data transmissions. However, CISA emphasized that VPNs themselves are only as secure as the devices connected to them and should be regularly updated.  Organizations should ensure that all affected systems are updated to the latest software versions, as vendors like Beckhoff and Delta Electronics have released patches to fix the vulnerabilities.  Administrative users should adhere to best practices for access control, such as minimizing administrative privileges and closely monitoring user input. 

image for City of Sheboygan Hi ...

 Cyber News

The City of Sheboygan is responding to a serious cyberattack involving unauthorized access to its network and a ransom demand. On November 7, the city isolated its network to secure its systems, launched an investigation with cybersecurity experts, and called in law enforcement to handle the cyberattack on City of   show more ...

Sheboygan and its potential consequences. City officials initially became aware of an issue with their network late last week. An immediate assessment was conducted by the city’s internal team, alongside cybersecurity specialists brought in to analyze the incident further. The investigation quickly revealed a network breach by an external party, prompting swift action to contain the threat. The city’s network was secured, and a thorough forensic review is now underway to assess the full scope of the incident and to understand how the cyberattack on City of Sheboygan was executed. Ransom Demand and Public Assurances In the latest update, the city disclosed that, as part of the breach, an external party made a ransom demand. In response, Sheboygan’s leadership has committed to cooperating fully with law enforcement and following their guidance on the matter. “We have reported this incident to law enforcement, and while we have received a request for payment of a ransom, we are cooperating fully with law enforcement and incorporating their guidance into our response,” stated a city official. While details of the ransom demand have not been disclosed, this type of attack aligns with a troubling trend in which cybercriminals target municipal and government networks, often attempting to extort funds by threatening data exposure or prolonged system outages. Sheboygan officials are remaining cautious, focusing on containing the attack and protecting sensitive data. City of Sheboygan Protection of Personal Information City officials reassured the public that, based on current findings, there is no evidence that sensitive personal information has been compromised. The city has committed to notify any individuals should the investigation uncover that personal data has been affected. “Should we discover any impact to sensitive personal information, we will notify those individuals as soon as possible and provide them with resources to assist,” the city’s statement read. This proactive approach aligns with Sheboygan’s commitment to transparency and public trust. The city has assured residents that its services remain accessible despite the ongoing investigation and network isolation measures. City phone lines continue to operate, providing a channel for residents who need assistance or access to city services. Residents can reach out via the main city line at 920-459-4000 for any questions or support needs during this time. Strengthening Cyber Defenses Municipalities across the nation are increasingly becoming targets for cyberattacks, as they often manage valuable data and vital public infrastructure. The nature of Sheboygan’s response, involving the immediate isolation of the network and swift engagement of cybersecurity experts, highlights the city’s focus on security preparedness. Officials have emphasized the importance of public trust and assured residents that every effort is being made to uphold that trust through prompt action and transparent communication. “We understand that this incident may cause concern,” a city spokesperson noted. “We thank our employees, residents, and partners for their understanding and patience as we work through this situation. We remain committed to upholding our standards of trust and security and will provide further updates as necessary.” With cybercriminals continuing to exploit vulnerabilities in municipal networks, there is a growing need for cities to invest in strong cybersecurity infrastructure, enhance their monitoring systems, and ensure that incident response plans are in place.

 Feed

Debian Linux Security Advisory 5808-1 - Multiple security issues were discovered in Ghostscript, the GPL PostScript/PDF interpreter, which could result in denial of service and potentially the execution of arbitrary code if malformed document files are processed.

 Feed

Ubuntu Security Notice 7100-1 - Supraja Sridhara, Benedict Schlüter, Mark Kuhne, Andrin Bertschi, and Shweta Shinde discovered that the Confidential Computing framework in the Linux kernel for x86 platforms did not properly handle 32-bit emulation on TDX and SEV. An attacker with access to the VMM could use this to   show more ...

cause a denial of service or possibly execute arbitrary code. Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system.

 Feed

Ubuntu Security Notice 7099-1 - Andy Boothe discovered that the Networking component of OpenJDK 21 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 21 did not   show more ...

properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

 Feed

Ubuntu Security Notice 7098-1 - Andy Boothe discovered that the Networking component of OpenJDK 17 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 17 did not   show more ...

properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

 Feed

Ubuntu Security Notice 7097-1 - Andy Boothe discovered that the Networking component of OpenJDK 11 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 11 did not   show more ...

properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

 Feed

Ubuntu Security Notice 7096-1 - Andy Boothe discovered that the Networking component of OpenJDK 8 did not properly handle access under certain circumstances. An unauthenticated attacker could possibly use this issue to cause a denial of service. It was discovered that the Hotspot component of OpenJDK 8 did not   show more ...

properly handle vectorization under certain circumstances. An unauthenticated attacker could possibly use this issue to access unauthorized resources and expose sensitive information.

 Feed

Ubuntu Security Notice 7094-1 - It was discovered that QEMU incorrectly handled memory during certain VNC operations. A remote attacker could possibly use this issue to cause QEMU to consume resources, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS. It was discovered that QEMU incorrectly   show more ...

handled certain memory copy operations when loading ROM contents. If a user were tricked into running an untrusted kernel image, a remote attacker could possibly use this issue to run arbitrary code. This issue only affected Ubuntu 14.04 LTS.

 Feed

Debian Linux Security Advisory 5807-1 - Several vulnerabilities were discovered in NSS, a set of cryptographic libraries, which may result in denial of service or potentially the execution of arbitrary code.

 Feed

Red Hat Security Advisory 2024-8697-03 - Red Hat OpenShift Container Platform release 4.14.40 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-8692-03 - Red Hat OpenShift Container Platform release 4.12.68 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

Red Hat Security Advisory 2024-8688-03 - Red Hat OpenShift Container Platform release 4.13.53 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.

 Feed

⚠️ Imagine this: the very tools you trust to protect you online—your two-factor authentication, your car’s tech system, even your security software—turned into silent allies for hackers. Sounds like a scene from a thriller, right? Yet, in 2024, this isn’t fiction; it’s the new cyber reality. Today’s attackers have become so sophisticated that they’re using our trusted tools as secret pathways,

 Feed

In an unusually specific campaign, users searching about the legality of Bengal Cats in Australia are being targeted with the GootLoader malware. "In this case, we found the GootLoader actors using search results for information about a particular cat and a particular geography being used to deliver the payload: 'Are Bengal Cats legal in Australia?,'" Sophos researchers Trang Tang, Hikaru Koike,

 Feed

Cyber threats are intensifying, and cybersecurity has become critical to business operations. As security budgets grow, CEOs and boardrooms are demanding concrete evidence that cybersecurity initiatives deliver value beyond regulation compliance. Just like you wouldn’t buy a car without knowing it was first put through a crash test, security systems must also be validated to confirm their value.

 Feed

Cybersecurity researchers have uncovered nearly two dozen security flaws spanning 15 different machine learning (ML) related open-source projects. These comprise vulnerabilities discovered both on the server- and client-side, software supply chain security firm JFrog said in an analysis published last week. The server-side weaknesses "allow attackers to hijack important servers in the

 Feed

Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 - AOS-10.4.x.x: 10.4.1.4 and below Instant AOS-8.12.x.x: 8.12.0.2 and below Instant AOS-8.10.x.x:

 Feed

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT "provides purchases with a wide range of advanced features to remotely control computers belonging to the buyer," Fortinet FortiGuard Labs researcher Xiaopeng Zhang said in an analysis published last week. "However, threat actors have

 Data loss

SelectBlinds, a popular online retailer of blinds and shades, has disclosed a security breach that has impacted 206,238 of its customers. Hackers successfully managed to embed malware onto the company's website, capable of stealing sensitive information, including credit card details, names, addresses, phone numbers, and login credentials. Read more in my article on the Hot for Security blog.

 Alleged

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Alleged Snowflake attacker gets busted by Canadians – politely, we assume – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada NIST Updated Standards for a Secure Password – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada DEF CON 32 – SQL Injection Isn’t Dead Smuggling Queries at   show more ...

the Protocol Level – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Go Without MFA or Data Backups: Which is Worse? | Grip – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Extend ServiceNow ITSM to Manage Shadow SaaS Risk | Grip – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada DDoS Attacks Targeting ISPs are Different – Here’s How – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada The 249th United States Marine Corps Birthday: A Message From   show more ...

The Commandant Of The Marine Corps – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Montana Consumer Data Protection Act – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Tennessee Information Protection Act – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada  Delaware Personal Data Privacy Act (DPDPA) – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Access Management

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada What Is a Privileged Access Workstation? – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada What percentage of your software vulnerabilities have GDPR   show more ...

implications? – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. “Hacking the U.S. Government” was the first panel discussion at Security@ SF, and it proved to be as interesting as you would expect. Jeff John Roberts, a technology writer at Fortune, moderated a Q&A session with two groundbreaking government security leads:   show more ...

Michael Chung, Product and Technology Lead at Defense Digital […] La entrada Bringing Private-sector Security into the U.S. Government [Security@ Recaps] – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada The Importance of Effective Incident Response – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Safeguarding Those Who Served: Cybersecurity Challenges for Veterans – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Flexible Structure of Zip Archives Exploited to Hide Malware   show more ...

Undetected – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Monday, November 11
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary