Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for T-Mobile Also Hit in ...

 Cyber News

T-Mobile has confirmed that it was hit during a recent wave of telecom network breaches attributed to a China-linked threat group. The Chinese threat group Salt Typhoon was behind earlier confirmed breaches of AT&T, Verizon and Lumen Technologies, using that access to infiltrate the U.S. court wiretap system and   show more ...

target the phone data of top U.S. officials, including President-elect Donald Trump, VP-elect JD Vance, top congressional and government officials, and the campaign of Vice President Kamala Harris. T-Mobile confirmed to the Wall Street Journal that it too was hit in the attacks, but said the breach had limited impact. "T-Mobile is closely monitoring this industry-wide attack, and at this time, T-Mobile systems and data have not been impacted in any significant way, and we have no evidence of impacts to customer information," T-Mobile told the Journal. Cisco Routers Said to Be Targeted in T-Mobile, Telecom Hacks Salt Typhoon, also known as Ghost Emperor and UNC2286, accessed U.S. telecom infrastructure through vulnerabilities that included Cisco Systems routers, the WSJ said. The paper said incident investigators suspect the hackers used artificial intelligence or machine learning to further their espionage operations. Some of the targeted networks had been breached for eight months or more in attacks that accessed “call logs, unencrypted texts and some audio from targets,” the Journal said, citing unnamed sources familiar with the matter. Foreign telecom firms were also compromised in the attacks, including in countries that maintain close intelligence ties to the U.S. T-Mobile has now been breached at least nine times in the last six years, according to some counts, leading to huge legal settlements and security and compliance fines. China a Growing Cyber Threat In a statement last week, the FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) provided an update on their investigation into the telecom network breaches. The agencies said their ongoing investigation into the People's Republic of China (PRC) attacks on commercial telecommunications infrastructure "has revealed a broad and significant cyber espionage campaign." “Specifically, we have identified that PRC-affiliated actors have compromised networks at multiple telecommunications companies to enable the theft of customer call records data, the compromise of private communications of a limited number of individuals who are primarily involved in government or political activity, and the copying of certain information that was subject to U.S. law enforcement requests pursuant to court orders. We expect our understanding of these compromises to grow as the investigation continues.” The agencies said they continue to provide technical assistance, share information to help other potential targets, “and work to strengthen cyber defenses across the commercial communications sector.” China has been aggressively targeting the U.S. in disinformation campaigns and critical infrastructure compromises. At a MITRE conference last month, CISA Threat Branch Chief Mark Singer said the agency considers China to potentially be a bigger threat than Russia. “The types of incidents that we’ve responded to, the types of intrusions that we’re seeing, this is getting more and more concerning as time goes on,” Singer told conference attendees, calling the threat “a bigger risk” than Russia posed in the leadup to the Ukraine war.

image for U.S. Extradites and ...

 Hacker News

The United States secured the extradition of a Russian national from South Korea who is allegedly the mastermind behind the notorious Phobos ransomware. Evgenii Ptitsyn, 42, is accused of administering the Phobos ransomware operation, a malware strain responsible for victimizing over 1,000 public and private entities   show more ...

globally. The ransomware attacks stemming from this malware strain extorted more than $16 million in ransom payments, targeting diverse sectors such as healthcare, education, critical infrastructure, and government services. Ptitsyn, a Russian national arrested in South Korea, made his first appearance in the U.S. District Court for the District of Maryland on November 4. A 13-count indictment charges him with conspiracy, wire fraud, computer hacking, and extortion. Alleged Role in the Phobos Ransomware Scheme The Phobos ransomware model operated as a “ransomware-as-a-service” (RaaS) platform. According to the Department of Justice (DOJ), Ptitsyn functioned as an administrator, facilitating ransomware sales, distribution, and support for affiliates. These affiliates used Phobos ransomware to infiltrate victims' networks, encrypt sensitive data, and extort payments. Each attack left a ransom note on compromised systems, demanding cryptocurrency payments in exchange for decryption keys. Affiliates were also known to escalate threats, warning victims that stolen data would be published or shared with customers and clients if the ransom wasn’t paid. Ptitsyn and his co-conspirators allegedly operated a darknet platform where affiliates purchased decryption keys, paid fees, and coordinated ransomware attacks. The DOJ identified Ptitsyn’s aliases as “derxan” and “zimmermanx,” which he reportedly used to advertise and facilitate illicit services on underground forums. Arrest and Extradition The indictment and extradition were made possible through an international collaboration involving law enforcement agencies across South Korea, Europe, Japan, and the United States. The FBI’s Baltimore Field Office led the investigation, supported by Europol and the Department of Defense Cyber Crime Center. Deputy Attorney General Lisa Monaco praised the multinational effort that not only led to the dismantling of Phobos ransomware networks but also the arrest of Ptitsyn. “Together with our partners across the globe, we will continue to hold cybercriminals accountable and protect innocent victims,” she said. Principal Deputy Assistant Attorney General Nicole M. Argentieri called out the devastation caused by the global scale of the Phobos operation. She noted that the ransomware targeted not only corporations but also schools, hospitals, and nonprofits, demonstrating the indiscriminate nature of these attacks. Technical Details of Phobos Ransomware Phobos, first observed in 2019, is often deployed against small to medium-sized organizations lacking robust cybersecurity defenses. The ransomware exploits common vulnerabilities, such as stolen credentials and unpatched systems, to gain unauthorized access. Once inside, it encrypts files and appends extensions like .phobos or .adame to affected data. The RaaS model allowed affiliates to share profits with administrators like Ptitsyn, who provided operational support and decryption tools. Cryptocurrency transactions were tracked, with affiliates paying administrators for decryption keys, ensuring a steady revenue stream. Cyber threat intelligence company Cyble told The Cyber Express that they had observed the Phobos ransomware being deployed using another tactic. It was "commonly distributed through hacked Remote Desktop (RDP) connections, taking advantage of the accessibility and cost efficiency of this dissemination vector," Cyble said. One of the most prominent examples of Phobos' lasting impact was a ransomware attack on Romanian healthcare. "Motivated by financial gains, threat actors infected the Hipocrate Information System with Phobos ransomware, which then spread to over 100 hospitals and healthcare centers in Romania," Cyble stated. A joint federal advisory from February found similar exploitation of exposed RDP connections to gain initial access by the Phobos ransomware operators. The advisory added that Phobos is likely linked to several other variants including Elking, Eight, Devos, Backmydata and Faust ransomware. They were often also observed deploying the SmokeLoader malware before deploying the Phobos variant, likely for reconnaissance. Charges and Legal Ramifications Ptitsyn faces charges of wire fraud, conspiracy to commit computer fraud, intentional damage to protected computers, and extortion. If convicted, he could receive up to 20 years in prison for each wire fraud count and 10 years for each computer hacking offense. U.S. Attorney Erek L. Barron reiterated the government’s commitment to pursuing cybercriminals, stating, “It’s only a matter of time; cybercriminals will be caught and brought to justice.” Impact on Victims and Mitigation Efforts Phobos ransomware’s reach extended across various sectors, disrupting essential services and endangering sensitive data. Victims included healthcare facilities, educational institutions, and critical infrastructure operators. These attacks often forced organizations to pay ransoms to avoid prolonged downtime or public exposure of sensitive information. To counter such threats, the DOJ encourages organizations to adopt proactive cybersecurity measures, including regular backups, strong access controls, and timely software updates. Additional resources for mitigating ransomware attacks are available on StopRansomware.gov, offering guidance from the Cybersecurity and Infrastructure Security Agency (CISA).

image for Palo Alto Reports Tw ...

 Vulnerability News

An alarming set of chained vulnerabilities in Palo Alto Networks' PAN-OS software has sparked concerns that attackers could seize administrator privileges through an authentication bypass. The first vulnerability, identified as CVE-2024-0012, is a flaw that allows unauthenticated users with network access to the   show more ...

management interface to escalate their privileges, tamper with configurations, or exploit other privilege escalation vulnerabilities, including the second bug, CVE-2024-9474. CVE-2024-9474 is a critical part of the exploit operation, potentially contributing to a chained attack scenario. While Palo Alto Networks has acknowledged the CVE, it has not yet provided in-depth technical details about the vulnerability's mechanics, leaving room for speculation. Palo Alto Networks has confirmed the availability of patches to address these issues and said it is "tracking a limited set of exploitation activity" and is "working with external researchers, partners, and customers to share information transparently and rapidly." The Scope of the Threat to PAN-OS Palo Alto Networks disclosed that the main vulnerability in the exploit chain - CVE-2024-0012 - affects PAN-OS versions 10.2, 11.0, 11.1, and 11.2. Notably, Cloud NGFW and Prisma Access remain unaffected. The exploitation risk significantly decreases when organizations limit access to the management interface to trusted internal IP addresses as per best practices. Despite these measures, Palo Alto Networks Unit 42 researchers have identified limited exploitation attempts. Dubbed "Operation Lunar Peek," these attacks involve adversaries executing commands interactively and deploying malware, including webshells, on compromised firewalls. Also read: Palo Alto Networks Warns Customers of Actively-Exploited PAN-OS vulnerability PAN-OS Attack Origins and Indicators Threat actors have primarily targeted exposed management web interfaces using IP addresses linked to anonymous VPN services. Palo Alto Networks has published a detailed list of suspicious IPs and associated indicators of compromise (IOCs), enabling organizations to monitor and mitigate potential threats. The list includes IPs such as 91.208.197[.]167 and 136.144.17[.]146, among others. Some post-exploitation payloads, including a PHP webshell (SHA256 hash: 3C5F9034C86CB1952AA5BB07B4F77CE7D8BB5CC9FE5C029A32C72ADC7E814668), have also been detected. Patching Reduces Risk Palo Alto Networks has released patches to address CVE-2024-0012 and CVE-2024-9474 and strongly recommends updating affected devices immediately. Organizations should ensure the management interface is accessible only from trusted internal IPs to block unauthorized external access. For organizations needing further assistance, Palo Alto Networks provides support services. Unit 42 retainer customers can directly contact the threat intelligence team for incident response guidance. Mitigations Beyond Patching Securing the management interface is essential. Palo Alto Networks advises implementing best practice deployment guidelines, which include: Restricting access to trusted internal IP addresses. Avoiding direct exposure of the management interface to the internet. Continuously monitoring for IOCs using threat intelligence feeds. Palo Alto Networks has shared intelligence with the Cyber Threat Alliance (CTA) to strengthen collective defense measures against this exploit. CTA members have leveraged this data to deploy protections and disrupt threat actors systematically. Organizations should act promptly to apply patches, implement network segmentation, and adopt recommended security configurations. For ongoing updates and technical details, refer to the Palo Alto Networks Security Advisory here. Ensure your defenses remain robust as attackers evolve their tactics.

image for Black Friday or Blac ...

 Firewall Daily

As Black Friday approaches, shoppers eagerly anticipate major discounts and deals, hoping to snag a bargain. However, the surge in online shopping comes with a darker side: an increase in fraud and cyberattacks. The UK’s National Cyber Security Centre (NCSC) has issued a warning on the rise of hackers on Black   show more ...

Friday, which is increasingly being dubbed “Black Fraud Day.” According to recent data from Action Fraud, UK consumers lost over £11.5 million to online scams during the holiday period last year, with the vast majority of these incidents linked to fraudulent purchases made during Black Friday and Cyber Monday. This represents an alarming increase of nearly £1 million compared to the previous year. The statistics underline the growing sophistication of scammers, including Black Friday hackers who are exploiting online shopping platforms to target unsuspecting shoppers.  Cybersecurity experts have highlighted how fraudsters are using advanced techniques, including artificial intelligence (AI), to craft highly convincing scams. These AI-driven attacks can be difficult to detect, making it even more crucial for shoppers to be vigilant during the Black Friday sale. Fraudsters may use fake websites, social media ads, or phishing emails to lure victims into entering sensitive personal and financial information.  The Role of Hackers on Black Friday  With so much of the population shopping online for Black Friday deals, it’s no surprise that hackers are eager to capitalize on this lucrative time. A key tactic used by cybercriminals is to create a false sense of urgency, enticing shoppers with limited-time offers or extremely low prices. This strategy plays on consumers' fear of missing out, driving them to make quick, unwise decisions that put them at risk of fraud.  The NCSC's Richard Horne emphasized that cyber criminals often target the eagerness of consumers during the Black Friday rush, utilizing both traditional methods and more sophisticated AI-driven attacks to catch people off guard. “Unfortunately, this is also prime time for cyber criminals, who exploit bargain hunters with increasingly sophisticated scams,” Horne stated.  In addition to phishing scams, Black Friday hackers often take advantage of unsecured websites and online marketplaces to carry out their attacks. Whether it's a fake listing on a social media platform or a malicious link sent via email, these attacks can leave shoppers vulnerable to identity theft, financial loss, or worse.  Tips to Stay Safe During the Black Friday Sale  To help shoppers avoid falling victim to Black Friday cyberattacks, the NCSC and Action Fraud have provided a set of practical tips. First and foremost, experts recommend enabling two-factor authentication (2FA) on all important online accounts. This added layer of security can help prevent unauthorized access, even if a hacker has obtained your password.  Another crucial piece of advice is to avoid clicking on links or offers from unverified sources. Scammers often use social media platforms and messaging apps to promote deals that seem too good to be true. Before making a purchase, always take the time to research the company or seller, checking reviews on trusted websites and ensuring that their website is secure (look for “https” in the URL).  Fraud Minister Lord Hanson also weighed in on the importance of vigilance, urging shoppers to trust their instincts. “If something doesn’t feel right, stop what you’re doing, break contact, and do not click any links,” he advised.  Avoiding the Pitfalls of Social Media and Online Marketplaces  Online marketplaces and social media platforms have become a significant source of fraudulent activity during the Black Friday sale. In fact, 43% of fraud reports last year mentioned social media platforms, and nearly 19% of cases were linked to online marketplaces. Shoppers should be especially cautious when making purchases through these channels.  Adam Mercer, Deputy Head of Action Fraud, cautioned consumers to avoid feeling pressured into making impulsive purchases. “A false sense of urgency is a tell-tale sign of a fraudster,” he said. If something seems too good to be true, it probably is. Mercer also recommended using credit cards instead of bank transfers for online purchases, as credit cards typically offer fraud protection. 

image for APT Group DONOT Laun ...

 Firewall Daily

A new hacker collective, known as the APT group DONOT, has targeted critical sectors of Pakistan’s economy, specifically the maritime and defense manufacturing industries.  By leveraging advanced malware and targeted social engineering strategies, the DONOT hacker group has successfully compromised sensitive   show more ...

infrastructure.    As per reports by Cyble Research and Intelligence Labs (CRIL), the APT group DONOT, also known as APT-C-35, has been active since 2016 and is primarily recognized for its persistent cyber espionage activities. Historically, this hacker group has focused on government agencies, military entities, and diplomatic missions, with particular emphasis on countries in South Asia. Its operations are characterized by a high degree of stealth, using sophisticated malware and custom-built tools to infiltrate target networks.   The Rise of APT Group DONOT [caption id="" align="alignnone" width="934"] Cyble Vision Threat Library (Source: Cyble)[/caption] The DONOT hacker group has previously attacked organizations by exploiting vulnerabilities in government and military systems, often using phishing emails and malicious attachments as initial infection vectors. This time, however, their focus has shifted to Pakistan’s critical manufacturing sectors, which support the country’s maritime and defense industries. Given the sensitive nature of these sectors, the attack has profound implications for both economic stability and national security.   The recent cyberattack, which Cyble researchers first identified in a report, centers on a campaign targeting the manufacturing facilities that supply equipment for Pakistan’s defense and maritime sectors. This targeted approach suggests that the DONOT hacker group is not just interested in gaining general access to systems, but rather in obtaining specific industrial and military intelligence.   The initial infection vector in this campaign was a malicious LNK (shortcut) file, which was sent in a spam email disguised as a legitimate Rich Text Format (RTF) document. This LNK file was designed to appear as though it contained encrypted data, enticing the victim to open it. Once clicked, the file triggered several PowerShell commands that downloaded additional malware, including a DLL file that acted as a "stager" for further exploits.   Upon execution, the malicious LNK file activated a series of commands that used PowerShell scripts to download and decrypt further payloads. These payloads were then deployed onto the compromised system, establishing a foothold that allowed the malware to persist on the infected machine. To maintain access to the network, the malware scheduled a task to execute the payload every five minutes.   Advanced Malware and Persistence Mechanisms   The malware employed by the DONOT hacker group in this attack is highly advanced, utilizing multiple encryption techniques to avoid detection by traditional security systems. The group introduced a new method of Command and Control (C&C) server communication. The malware uses AES encryption and Base64 encoding to obfuscate its communications, making it more difficult for security software to identify malicious activity.   Once the malware established its presence, it initiated a POST request to the primary C&C server, transmitting a unique device ID to authenticate the compromised machine. If the C&C server responded positively, the malware would download further payloads, configure the system for persistence, and prepare for additional stages of the attack.   In addition to encrypting communication between the victim machine and the C&C server, the hacker group DONOT also employed random domain generation for backup C&C servers. This strategy ensures that, even if the primary server is taken down, the malware can continue to operate through secondary, dynamically generated domains.   Technical Analysis: How the Attack Unfolded   [caption id="" align="alignnone" width="604"] Infection Chain of APT Group DONOT (Source: Cyble)[/caption] The malicious process begins with the execution of a PowerShell script hidden inside the LNK file. This script decrypts both the lure RTF file and the DLL payload using a simple XOR operation. The files are then extracted to the victim's temporary directory. Following extraction, the malware deletes the PowerShell script and opens the lure document to further entice the victim.   The lure document itself was linked to Karachi Shipyard & Engineering Works (KS&EW), a prominent Pakistani defense contractor. This suggests that the attacker’s primary objective was to infiltrate the defense sector by exploiting industry-specific targets.   Once the DLL is executed, it initiates a process that extracts critical configuration data, including server addresses, encryption keys, and other task parameters, from an embedded JSON file. The malware then uses this information to communicate securely with the C&C server, requesting further instructions on how to proceed with the attack.   The stager malware also checks for the existence of a scheduled task named "Schedule." If this task is absent, the malware creates it, ensuring that the malicious DLL is executed every five minutes, thereby maintaining persistence on the compromised system. This tactic is part of a broader strategy to ensure the malware continues to run undetected for as long as possible.   Random Domain Generation for Backup C&C Servers   A particularly notable feature of this attack is the use of random domain generation. The DONOT hacker group has taken extra precautions to avoid detection by generating backup domains for its C&C servers. These domains are created by concatenating words from a hardcoded array of values, followed by the selection of a random top-level domain (TLD). This dynamic method of domain generation makes it harder for cybersecurity teams to shut down the C&C infrastructure, even if some of the domains are blacklisted.   The configuration file also includes fallback server URLs that are periodically updated in response to changes in the primary C&C server's status. This flexibility ensures that the hacker group can maintain control over compromised systems, regardless of disruptions to their communication infrastructure.   New Encryption Methods and Payload Delivery  In this campaign, the DONOT hacker group introduced a more sophisticated approach to payload delivery. Unlike previous campaigns where the decryption key was hardcoded into the configuration file, this time, the decryption key was embedded within the binary itself, making it harder for analysts to detect.   The malware's ability to download, decrypt, and execute additional payloads represents a more advanced and nuanced approach to cyber espionage. Once the payload is successfully decrypted, the malware creates a scheduled task to execute the final payload, which could range from data exfiltration tools to additional malicious code capable of causing long-term damage to the compromised systems.   The recent cyberattack by the DONOT APT group marks a significant escalation in their tactics, using advanced methods like PowerShell exploitation, dynamic domain generation, and enhanced encryption to evade detection. This attack, targeting Pakistan's sensitive maritime and defense sectors, highlights the growing threat posed by such sophisticated groups.    To counter this, organizations must strengthen cybersecurity defenses by deploying robust endpoint detection, conducting regular audits, and training employees to recognize phishing attempts. Proactive threat hunting and a clear incident response plan are essential to defending against future attacks. Vigilance and preparedness remain critical in mitigating the risks from advanced persistent threats like DONOT. 

image for Distributor of ANOM ...

 Cyber News

A critical player in one of the world’s largest law enforcement sting operations has been sentenced to 63 months in prison. Osemah Elhassen, an Australian national residing in Colombia, admitted to participating in a global conspiracy to distribute hardened encrypted communication devices - called ANOM - to criminal   show more ...

organizations, facilitating large-scale drug trafficking and money laundering. This sentencing is a significant milestone in "Operation Trojan Shield," a covert international law enforcement initiative that turned the tools of criminals against them. The Trojan Shield Sting The operation, spearheaded by the FBI, involved secretly infiltrating and intercepting an encrypted messaging platform known as ANOM. Marketed as a secure communications tool, ANOM became popular among criminal enterprises seeking to evade law enforcement. However, what its users didn’t know was that FBI had gained backdoor access to it. Over three years, law enforcement agencies intercepted more than 27 million messages between criminal operatives worldwide. These communications provided real-time insights into drug trafficking, arms deals, and other illicit activities, resulting in the arrests of hundreds of individuals globally when the platform was dismantled in June 2021. [caption id="attachment_93021" align="aligncenter" width="700"] ANOM encrypted device's usage worldwide. (Source: FBI)[/caption] Elhassen’s Role in the ANOM Enterprise Elhassen, one of 17 defendants indicted in the U.S. for their involvement in the scheme, pleaded guilty in May 2024 to racketeering conspiracy. Court records detail how Elhassen acted as a key distributor of ANOM devices, targeting criminal syndicates operating across the globe. His actions facilitated the importation and distribution of at least 15 kilograms of cocaine and the laundering of proceeds from illegal activities. According to prosecutors, Elhassen joined the ANOM enterprise in November 2019. Operating out of Colombia, he actively participated in drug trafficking and money laundering while aiding the enterprise’s other illegal objectives, including obstruction of justice. His distribution of ANOM devices played a pivotal role in enabling criminal organizations to coordinate illicit activities securely—or so they thought. A Warning to Criminal Enterprises, But... Law enforcement officials have lauded Operation Trojan Shield as a game-changer in combating organized crime. “This case demonstrates that no criminal network is beyond the reach of international cooperation,” said federal prosecutors. By flipping encrypted communication tools into surveillance assets, law enforcement agencies dismantled numerous criminal enterprises that relied on the illusion of secure communications. The operation also shows the risks criminals face when placing blind trust in technology. Tools like ANOM, which were specifically designed to cater to illicit activities, ultimately became a liability for their users. The success of Operation Trojan Shield raises broader questions about the use of encryption in facilitating crime. While encryption remains a cornerstone of cybersecurity and data privacy, its misuse for illicit purposes complicates the debate over government backdoors and the extent of law enforcement’s reach into encrypted platforms. Critics argue that such operations could set a precedent for governments to exploit encryption technologies, potentially undermining the privacy and security of legitimate users. However, proponents contend that targeted operations like this demonstrate the effectiveness of using innovative methods to tackle organized crime without compromising broader encryption standards. Elhassen’s sentencing sends a clear message to those who profit from enabling criminal enterprises. By participating in the ANOM enterprise, he not only facilitated drug trafficking but also helped perpetuate an ecosystem of crime that endangered communities worldwide. While the dismantling of ANOM and the sentencing of its facilitators represent significant victories for law enforcement, the battle against encrypted criminal networks is far from over. As technology evolves, so do the tactics of criminal enterprises. The challenge for law enforcement will be to stay one step ahead, ensuring that the tools designed to protect privacy are not weaponized for harm. Also read: U.S. Extradites and Charges Alleged Phobos Ransomware Admin

image for Simple tips for a sa ...

 Tips

From kids to retirees, no one is safe from cybercrooks. And if youre always putting cybersecurity on hold because it all seems so daunting, our five dead-simple tips are just the ticket. Each of them will greatly beef up your protection against the most common cyberthreats. We compiled this post as part of INTERPOLs   show more ...

#ThinkTwice global information campaign to raise awareness of the main cybercrime vectors plus simple but effective ways to counter them. Automate your passwords Make all your passwords for both websites and apps long enough (at least 12 characters) and unique (that is, never use them more than once). No one can think up and memorize so many passwords, so use a password manager to create, store and enter them. Youll only need to come up with and memorize just one (long!) main password for it; everything else — from generating to entering passwords — will be done automatically. Keep in mind: you need to install the password manager on all your devices to enter passwords easily and safely everywhere. The data will be synched across all your devices. So, having saved a password on your smartphone, youll be able to automatically enter it on your desktop, and vice versa. Note that the password manager will let you store in encrypted form not only passwords, but also PINs, full credit card details, addresses, notes, and even document scans. Pro level: for maximum security, disable biometric login to the password manager — this way youll have to enter the main password every time you use the app, but no one will be able to access all your data without knowing the main password (dont write it on a sticky note, by the way). Enable double checking Double checking, or two-factor authentication, protects you from password-stealing hackers who break into your accounts using leaked credentials. Besides the password, theyll need to enter a one-time code sent to you via a text or an authenticator app. Although banks enable two-factor authentication (2FA) automatically, in many other online services it remains optional. Wherever your data is even a tiny bit confidential (social networks, messengers, government services, email), we recommend enabling 2FA in the settings, if available. Keep in mind: Theres usually a choice of how to get one-time codes: by email or text, or by generating them in a special authenticator app on your smartphone. Of these methods, the safest is to use the latter; next come codes via text (they can be intercepted), and the least secure option is codes via email. With an authenticator app, the only risk is if you lose your smartphone, in which case youll also lose access to accounts protected by one-time codes. Here again, Kaspersky Password Manager comes to the rescue: not only does it securely store authentication tokens and generate one-time codes, it also synchronizes them across all your devices. So, if your smartphone is lost or broken, you can easily generate a verification code on any of your other devices, as well as restore all your Kaspersky Password Manager data to a new phone. Pro level: get yourself a FIDO U2F hardware key — this dongle looks like a tiny flash drive and offers the best protection against hackers. Double-check links and attachments Never follow links or open files sent via messenger or email if you dont recognize the sender or arent expecting any messages. If a friend, colleague or acquaintance writes you a message, but it looks even a little strange, call them, or reply via another communication channel to make sure it really is them and not a scammer. Keep in mind: use two layers of defense! The first layer is your vigilance; the second is a comprehensive security solution. This will keep you away from phishing sites looking to extract passwords and money, as well as stop malware in its tracks. Incidentally, if a message or website asks you to turn off your antivirus – 99% of the time its an attempt to infect you. Pro level: sign in to email, banking and other accounts only from browser bookmarks or by entering the address manually, and never open links in messages, emails or notifications — it might be phishing. Enable automatic updates This is to prevent cybercriminals from infecting you by exploiting bugs in your operating system, browser, office applications or other software. They can all update themselves — you just need to not postpone this action when prompted to restart the program or computer. Keep in mind: sometimes updates are offered on websites. You go to the site, which says you need to update the browser, or video player, or Windows — and invites you to download an update on the spot. Stop! Its a trick to sneak a virus into your device or computer. Genuine update prompts appear right in an applications menu or as operating system notifications. Pro level: Kaspersky Premium can monitor all your installed programs and notify you whenever an update becomes available. One click or tap, and everythings up-to-date! Think twice before sharing online Photos sent to a stranger or scanned documents posted on social media can come back to bite you. You or family members might become victims of extortion, or scammers might use such information to create a convincing cover story to extract money from you or your friends. Therefore, only send and post things that you wouldnt mind showing on a billboard outside your home. What gets posted online can be very difficult, if not impossible, to remove. Keep in mind: social networks and messengers have privacy settings to adjust the visibility of your posts. Go there and change as many settings as possible from Visible to everyone to Friends only. To find out how to best configure privacy for operating systems, browsers, social networks and other programs, visit our Privacy Checker site. Pro level: use a tool to monitor online leaks of personal information. A free option is to create a Google Alert for your name; a more powerful alternative is to go for a premium service. For example, Kaspersky Premium monitors leaks of personal data linked to all phone numbers and email addresses used by you and your loved ones as a standard feature. How to automate protection These tips are much easier to follow with an app that automates each aspect of security. Kaspersky Premium includes a password and one-time 2FA code manager, anti-phishing and anti-malware protection, update management and leak monitoring — all this and much more is available for both computers and smartphones. Join the club of savvy users who enjoy robust protection for next-to-no effort!

image for Palo Alto Networks P ...

 Feed

The security vendor's Expedition firewall appliance's PAN-OS interface tool has racked up four critical security vulnerabilities under active attack in November, leading tit to advise customers to update immediately or and take them off the Internet.

 Feed

CVE-2024-28397 is a sandbox escape in js2py versions 0.74 and below. js2py is a popular python package that can evaluate javascript code inside a python interpreter. The vulnerability allows for an attacker to obtain a reference to a python object in the js2py environment enabling them to escape the sandbox, bypass   show more ...

pyimport restrictions and execute arbitrary commands on the host. At the time of this writing no patch has been released and version 0.74 is the latest version of js2py which was released Nov 6, 2022. CVE-2024-39205 is a remote code execution vulnerability in Pyload versions 0.5.0b3.dev85 and below. It is an open-source download manager designed to automate file downloads from various online sources. Pyload is vulnerable because it exposes the vulnerable js2py functionality mentioned above on the /flash/addcrypted2 API endpoint. This endpoint was designed to only accept connections from localhost but by manipulating the HOST header we can bypass this restriction in order to access the API to achieve unauthenticated remote code execution.

 Feed

Gentoo Linux Security Advisory 202411-9 - Multiple vulnerabilities have been discovered in Perl, the worst of which can lead to arbitrary code execution. Versions greater than or equal to 5.38.2 are affected.

 Feed

Gentoo Linux Security Advisory 202411-8 - A vulnerability has been discovered in the Xorg Server and XWayland, the worst of which can result in privilege escalation. Versions greater than or equal to 21.1.14 are affected.

 Feed

Debian Linux Security Advisory 5813-1 - Moritz Rauch discovered that the Symfony PHP framework implemented persisted remember-me cookies incorrectly, which could result in authentication bypass.

 Feed

Debian Linux Security Advisory 5812-1 - Multiple security issues were discovered in PostgreSQL, which may result in the execution of arbitrary code, privilege escalation or log manipulation.

 Feed

Ubuntu Security Notice 7108-1 - Fabian Bäumer, Marcus Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the extension info message. An attacker able to intercept communications could possibly use this issue to downgrade the algorithm used for client authentication. Fabian Bäumer, Marcus   show more ...

Brinkmann, and Joerg Schwenk discovered that AsyncSSH did not properly handle the user authentication request message. An attacker could possibly use this issue to control the remote end of an SSH client session via packet injection/removal and shell emulation.

 Feed

Ubuntu Security Notice 7106-1 - It was discovered that Tomcat did not include the secure attribute for session cookies when using the RemoteIpFilter with requests from a reverse proxy. An attacker could possibly use this issue to leak sensitive information. It was discovered that Tomcat had a vulnerability in its FORM   show more ...

authentication feature, leading to an open redirect attack. An attacker could possibly use this issue to perform phishing attacks.

 Feed

Red Hat Security Advisory 2024-9680-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-9654-03 - An update for libsoup is now available for Red Hat Enterprise Linux 7 Extended Lifecycle Support. Issues addressed include a HTTP request smuggling vulnerability.

 Feed

Red Hat Security Advisory 2024-9653-03 - An update for webkit2gtk3 is now available for Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.6 Telecommunications Update Service. Issues addressed include code execution, out of bounds read, and use-after-free vulnerabilities.

 Feed

Red Hat Security Advisory 2024-9624-03 - An update for the squid:4 module is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Issues addressed include a denial of service vulnerability.

 Feed

Cable is a simple post-exploitation tool used for enumeration and further exploitation of Active Directory environments. This tool was primarily created to learn more about .NET offensive development in an Active Directory context.

 Feed

Legal documents released as part of an ongoing legal tussle between Meta's WhatsApp and NSO Group have revealed that the Israeli spyware vendor used multiple exploits targeting the messaging app to deliver Pegasus, including one even after it was sued by Meta for doing so. They also show that NSO Group repeatedly found ways to install the invasive surveillance tool on the target's devices as

 Feed

A critical authentication bypass vulnerability has been disclosed in the Really Simple Security (formerly Really Simple SSL) plugin for WordPress that, if successfully exploited, could grant an attacker to remotely gain full administrative access to a susceptible site. The vulnerability, tracked as CVE-2024-10924 (CVSS score: 9.8), impacts both free and premium versions of the plugin. The

 Feed

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid

 Feed

What do hijacked websites, fake job offers, and sneaky ransomware have in common? They’re proof that cybercriminals are finding smarter, sneakier ways to exploit both systems and people. This week makes one thing clear: no system, no person, no organization is truly off-limits. Attackers are getting smarter, faster, and more creative—using everything from human trust to hidden flaws in

 Feed

Google appears to be readying a new feature called Shielded Email that allows users to create email aliases when signing up for online services and better combat spam. The feature was first reported by Android Authority last week following a teardown of the latest version of Google Play Services for Android. The idea is to create unique, single-use email addresses that forward the messages to

 Feed

IT leaders know the drill—regulators and cyber insurers demand regular network penetration testing to keep the bad guys out. But here’s the thing: hackers don’t wait around for compliance schedules. Most companies approach network penetration testing on a set schedule, with the most common frequency being twice a year (29%), followed by three to four times per year (23%) and once per year (20%),

 Feed

A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season. "The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products

 Feed

Cybersecurity researchers have shed light on a new stealthy malware loader called BabbleLoader that has been observed in the wild delivering information stealer families such as WhiteSnake and Meduza. BabbleLoader is an "extremely evasive loader, packed with defensive mechanisms, that is designed to bypass antivirus and sandbox environments to deliver stealers into memory," Intezer security

 Feed

According to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year's report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects of this report is that over 90% of valid

 0CISO2CISO

Source: cyble.com – Author: daksh sharma. Overview The Cybersecurity and Infrastructure Security Agency (CISA) has officially added two high-severity vulnerabilities affecting Palo Alto Networks Expedition to its Known Exploited Vulnerability (KEV) Catalog. The two Palo Alto Networks vulnerabilities, which are   show more ...

actively being targeted by cybercriminals, are identified as CVE-2024-9463 and CVE-2024-9465; both have critical severity […] La entrada CISA Adds Two Critical Palo Alto Networks Vulnerabilities to Known Exploited Catalog – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada H1-212 CTF results – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Hack your way to NYC this December for h1-212 – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Hack The Pentagon Turns One on HackerOne – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Hacker-Powered Pen Tests and The Power of More – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. Open source models are the backbone of the modern internet. Therefore, it’s our duty to defend them. That’s why HackerOne has joined the Node.js Foundation as a member and CEO Marten Mickos has joined its board. Node.js Foundation sat down with Marten to learn more   show more ...

about his vision, mission and […] La entrada HackerOne CEO joins Node.js Foundation Board – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada DEF CON 32 – Process Injection Attacks With ROP – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Connecting, Collaborating, and Celebrating: Our Global Team   show more ...

Seminar in the South of France – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Advances

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. Username or E-mail Password Remember Me     Forgot Password La   show more ...

entrada How Advances in Cloud Security Help Future-Proof Resilience – Source: www.govinfosecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada How to Be Your Family’s Digital IT Hero for the Holidays – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Battling Teen Sextortion on the Net – Source:davinciforensics.co.za se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada PXA Stealer Detection: Vietnamese Hackers Hit the Public and   show more ...

Education Sectors in Europe and Asia – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada CERT-In Flags Two High-Risk Cisco Vulnerabilities Targeting Key   show more ...

Infrastructure – Source:cyble.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSO and CISO

The content you are trying to access is private only to member users of the site. You must have a free membership at CISO2CISO.COM to access this content. You can register for free.       Thank you. The CISO2CISO Advisors Team. La entrada Musk’s anticipated cost-cutting hacks could weaken American   show more ...

cybersecurity – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-11
Aggregator history
Monday, November 18
FRI
SAT
SUN
MON
TUE
WED
THU
NovemberDecemberJanuary