Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for CERT-In Reports Secu ...

 Cyber News

The Indian Computer Emergency Response Team (CERT-In), the national nodal agency for responding to cybersecurity threats, has issued a vulnerability note (CIVN-2024-0355) highlighting an information disclosure vulnerability in Tinxy mobile application. This medium-severity flaw could allow attackers with physical   show more ...

access to a rooted or jailbroken device to gain unauthorized access to sensitive user information such as usernames, email addresses, and mobile numbers. Tinxy, a popular IoT device management app, is widely used by individuals to control their smart devices. The flaw, which affects all versions of the app prior to 663000, has raised concerns about the security of locally stored data. CERT-In has recommended immediate action to mitigate the risk posed by this vulnerability. This article explores the details of the vulnerability, its impact, and how users can protect themselves while drawing attention to best practices for app developers to prevent such issues in the future. Vulnerability in Tinxy Mobile Application: An Overview Vulnerability Name: Information Disclosure in Tinxy CERT-In Vulnerability Note: CIVN-2024-0355 CVE Identifier: CVE-2024-12094 Severity Rating: Medium System Affected: Tinxy app (all versions prior to 663000) The primary targets for this vulnerability are end-users of the Tinxy app who use it to control IoT devices in their homes or workplaces. However, the risk is primarily limited to devices that are rooted or jailbroken, as exploitation requires physical access to the device. Key Risk and Impact Assessment Aspect Details Risk Type Information Disclosure Exploitation Prerequisites Device must be rooted or jailbroken. Physical access to the device is required. Potential Impact Unauthorized access to sensitive user information, including: - Username - Email Address - Mobile Number Description of the Vulnerability The vulnerability in Tinxy mobile application contains a flaw in how it stores user information. Specifically: Plaintext Storage of Sensitive Data: Logged-in user details are stored in plaintext within the device's database. This storage approach lacks encryption, making it vulnerable to direct access. Exploitation Method: An attacker with physical access to a rooted or jailbroken device could navigate the file system and retrieve this database, gaining unauthorized access to the stored user information. Real-World Implications: Exploitation of this vulnerability could lead to: Privacy violations, where personal user data is exposed. Potential misuse of sensitive data, including phishing or impersonation attacks. This vulnerability cannot be exploited remotely. It requires a combination of physical access to the affected device and root/jailbreak privileges. How Was the Vulnerability Discovered? The vulnerability in Tinxy mobile application was reported by Shravan Singh, a cybersecurity researcher based in Mumbai, India. His discovery highlights the importance of scrutinizing app design for secure handling of sensitive data. Mitigation Steps To address this vulnerability, users should immediately update their Tinxy app to version 663000 or later. The updated version resolves the issue by implementing better data storage practices. Steps to Update the Tinxy App: For Android Users: Open the Google Play Store. Search for "Tinxy" or visit the link: Tinxy App on Play Store. Tap "Update" if the option is available. For iOS Users: Open the App Store. Search for "Tinxy" and update to the latest version. Technical Details: Vulnerability Analysis Below is a deeper breakdown of the vulnerability and its technical aspects: Parameter Details Cause Storage of user information in plaintext on the device's database. Exploitation Conditions Device must be rooted or jailbroken. Attack Vector Physical access to the device followed by database extraction using file system navigation tools. Type of Information Exposed Username, email address, and mobile number. Understanding the CVSS Score The Common Vulnerability Scoring System (CVSS) helps quantify the severity of vulnerabilities. Metric Details CVSS Base Score Medium Attack Vector Local (requires physical device access). Privileges Required High (device must be rooted or jailbroken). User Interaction None. Impact Confidentiality breach. Recommendations for Users Update to Version 663000: This is the official fix and eliminates the vulnerability. Avoid Rooting/Jailbreaking Devices: Rooted or jailbroken devices are more susceptible to such exploits. Use Strong Device Security: Implement passcodes, biometric locks, or encryption to restrict physical access. Monitor Device Activity: Regularly check for unusual app behavior or data leaks. Uninstall Suspicious Apps: Avoid using third-party or unverified apps that may tamper with device security. For Developers: Lessons from This Vulnerability The Tinxy vulnerability serves as a reminder for developers to adhere to best practices in securing user data: Encrypt All Sensitive Data: Ensure all user data stored locally is encrypted using strong encryption algorithms. Limit Data Retention: Store only what is absolutely necessary and delete redundant data promptly. Regular Security Audits: Conduct frequent vulnerability assessments to identify and mitigate flaws early. Secure Coding Practices: Implement OWASP-recommended secure coding standards. Educate Users: Encourage users to maintain secure devices by avoiding root/jailbreak practices. Conclusion The Tinxy information disclosure vulnerability (CVE-2024-12094) highlights the critical need for secure app development practices and proactive user behavior. While this vulnerability requires physical device access to exploit, the implications of sensitive data leakage cannot be understated. By updating the app to the latest version, users can mitigate the risk and continue using Tinxy’s IoT management capabilities with confidence. Meanwhile, developers should treat this as a case study for enhancing app security and safeguarding user trust.

image for Cyberattacks on Indi ...

 Firewall Daily

India has witnessed a dramatic rise in cyberattacks targeting government bodies, marking a 138% increase in the number of such incidents from 2019 to 2023. The government's response to this large increase of cyberattacks, as outlined in a recent report submitted to the Rajya Sabha.   Between 2019 and 2023, the   show more ...

number of cyberattacks on Indian government entities rose sharply from 85,797 in 2019 to 2,04,844 in 2023. This staggering increase highlights a sharp escalation in cyber threats targeting Indian government infrastructure.  Surge in Cyberattacks on Indian Government   According to the Ministry of Electronics and Information Technology, as reported by the Indian Computer Emergency Response Team (CERT-In), the number of cybersecurity incidents recorded for government organizations has been steadily rising each year.   In 2020, the number of cyber incidents dropped to 54,314, but this was followed by a significant uptick in 2021 with 48,285 reported incidents. In 2022, the number surged to 1,92,439, and the trend continued into 2023 with 2,04,844 incidents, a 138% increase over the four-year span.  In response to the increasing cyber threats, the Indian government has emphasized its commitment to improving its cybersecurity posture. Jitin Prasada, the Minister of State in the Ministry of Electronics and Information Technology, assured the Rajya Sabha that measures were being taken to counter these growing threats and safeguard critical government information infrastructure, reported The Tribune.   Measures to Combat Cyberattacks on Indian Government  The government’s efforts to tackle the surge in cyberattacks on government entities are multifaceted. One of the most important steps has been the implementation of policies that require the appointment of Chief Information Security Officers (CISOs) in all central ministries, departments, and state and union territories. This initiative is designed to ensure that there is a dedicated focus on cybersecurity issues at all levels of government.  Additionally, the National Critical Information Infrastructure Protection Centre (NCIIPC) has been established to protect the country’s critical infrastructure from cyberattacks and cyber-terrorism. Under the provisions of Section 70-A of the Information Technology (IT) Act, 2000, the NCIIPC provides vital services such as threat intelligence, situational awareness, alerts, and advisories, which are crucial for preventing cyberattacks.   The National Cyber Coordination Centre (NCCC), implemented by CERT-In, also plays a pivotal role in monitoring cyberspace across the country. The NCCC operates as a central hub, scanning and detecting cyber threats, facilitating coordination between various government agencies to mitigate cybersecurity risks. The NCCC gathers metadata from cyberspace and shares it with relevant agencies, ensuring a timely and efficient response to online threats.  Furthermore, CERT-In has developed a "Cyber-Crisis Management Plan" to manage and respond to cyberattacks, with the plan set to be adopted by all ministries, state governments, and critical sectors. The creation of a specialized response team, the "Computer Security Incident Response Team-Finance Sector," also aids in containing cybersecurity incidents in the financial sector, ensuring a coordinated national response to cyber threats.  Notable Cyberattacks on Indian Government Infrastructure  The rise in cyberattacks on government organizations has not been limited to small-scale incidents. In September 2023, during the G20 summit in New Delhi, Indian cybersecurity agencies successfully thwarted a massive cyberattack aimed at the official G20 summit website. The attack involved 16 lakh cyber intrusions per minute, primarily in the form of Distributed Denial of Service (DDoS) attacks, which have become a major concern for internet security worldwide.  In addition to this high-profile attack, India has faced a series of cybersecurity incidents over the past few years. From 2020 to 2022, the government reported 492 instances of phishing and smishing attacks, 35 ransomware incidents, and 151 cases of hacking involving government websites and departments. One of the most disruptive attacks in recent years occurred in late 2022 when hackers paralyzed the servers of All India Institute of Medical Sciences (AIIMS), New Delhi. This attack disrupted healthcare services at India’s top government hospital for nearly two weeks.  Conclusion   The surge in cyberattacks on Indian government entities highlights the critical need for enhanced cybersecurity measures. As these attacks become increasingly sophisticated and frequent, they pose a serious threat to national security and economic stability.   While India has made strides in strengthening its cybersecurity defenses, the rising complexity and frequency of these cyber threats indicate that much more needs to be done.   Moving forward, it is essential for the Indian government to prioritize cybersecurity, investing in advanced capabilities and response strategies to protect against online threats and ensure the country’s preparedness for future digital challenges. 

image for API Attacks Surge 30 ...

 Cyber News

The rise of Application Programming Interfaces (APIs) has revolutionized how businesses operate, enabling seamless connectivity, data sharing, and enhanced functionalities across platforms. However, as digital ecosystems increasingly pivot towards API-driven operations, cybersecurity experts are observing a surge in   show more ...

API attacks. In fact, new research highlights a staggering 3,000% increase in Distributed Denial of Service (DDoS) attacks targeting APIs, compared to traditional web assets. API Attacks on the Rise A recent study detailing over 1.26 billion cyberattacks in Q3 2024 reveals some unsettling trends. Of this massive volume, a significant 271 million were API-focused attacks, reflecting a growing threat that organizations can no longer ignore. These API attacks are 85% more frequent than traditional website-based threats, suggesting that APIs, integral to modern digital infrastructures, are becoming prime targets for cybercriminals. This trend is not just limited to isolated incidents. Over 377 million DDoS attacks were intercepted in just one quarter, with bot-driven attacks escalating by 145% year-over-year. As businesses become more reliant on APIs for their digital operations, these systems have increasingly become the preferred vector for malicious actors seeking to disrupt or exploit vulnerable digital infrastructures. The Impact on Small and Medium-sized Businesses The rise in API attacks is especially concerning for small and medium-sized businesses (SMBs), which face a disproportionate rate of cyber threats. SMBs are suffering from a 175% higher rate of DDoS attacks per site compared to their larger counterparts. With limited resources to devote to cybersecurity, these businesses are often underprepared to combat sophisticated attacks, leaving them vulnerable to both financial and reputational damage. These vulnerabilities are not just theoretical. Data shows that every healthcare site, every retail operation, and every e-commerce platform is experiencing bot attacks at an alarming rate. In particular, the healthcare sector is facing a significant risk of credential abuse and data theft, while retail and e-commerce sites are witnessing higher rates of vulnerability exploitation. Sector-Specific Vulnerabilities: A Deeper Dive Certain sectors are being targeted more heavily, with attackers zeroing in on financial data, personal credentials, and even critical infrastructure: Banking, Financial Services, and Insurance (BFSI): This industry is seeing bot attacks at double the industry average, driven by the high value of financial data, which remains a prime target for cybercriminals focused on theft and fraud. Healthcare: All healthcare sites are under attack, with bots constantly probing for weaknesses. The rise in bot-driven attacks highlights the increasing sophistication of cybercriminals looking to exploit sensitive patient data for unauthorized access. Retail & E-commerce: Bot-driven attacks now outnumber DDoS attacks by a significant margin, showing that cyber threats in this space are not just focused on disrupting services but also on exploiting vulnerabilities for financial gain. Power & Energy: Often less regulated, the power and energy sectors are seeing an uptick in cyberattacks focused on ransom demands, indicating a shift towards more aggressive extortion-based tactics. API Vulnerabilities in Focus The surge in API attacks is further exemplified by vulnerabilities exposed in widely-used software products. The Cybersecurity and Infrastructure Security Agency (CISA) has recently added several vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, including a critical flaw in Metabase’s GeoJSON API. This vulnerability allows attackers to potentially gain unauthorized access to sensitive files, highlighting the risk associated with improperly secured APIs. Similarly, vulnerabilities in Versa Networks' Versa Director, affecting multiple versions of the software, further stress the importance of timely patching and proactive vulnerability management. The Need for Advanced Security Solutions Given the rise in API attacks, organizations must prioritize securing their digital assets. With over 30% of critical and high-severity vulnerabilities remaining unpatched six months after discovery, the risk of exploitation is higher than ever. Advanced security platforms, such as Web Application and API Protection (WAAP) solutions, are proving invaluable in mitigating these threats. These tools intercept millions of DDoS and bot-driven attacks, protecting organizations from costly breaches. Ready for 2025?  As the threat landscape continues to evolve, it’s clear that the future of cybersecurity lies in dynamic, adaptable solutions. And let’s be real—2025 is just one month away, so it’s time to gear up. Don’t wait for the first breach to happen before acting. Be proactive, stay ahead, and ensure your security strategy is future-ready. Your digital assets are worth it—secure them now for a safer tomorrow! Stay ahead of the curve, because with cybersecurity, there’s no such thing as being too prepared!

image for Comprehensive overvi ...

 Business

Why do even large companies that have invested heavily in their cyberdefense still fall victim to cyberattacks? Most often, its a matter of an outdated approach to security. Security teams may deploy dozens of tools, but lack visibility within their own networks, which nowadays include not only usual physical   show more ...

segments, but cloud environments as well. Hackers often exploit stolen credentials, operate through compromised contractors, and try to use malware as rarely as possible — preferring to exploit legitimate software and dual-purpose applications. Thats why security tools that are usually used to protect companys endpoints may not be effective enough against well-disguised cyberattacks. In a recent survey, 44% of CISOs reported missing a data breach, with 84% attributing the issue to an inability to analyze traffic, particularly encrypted traffic. This is where network detection and response (NDR) systems come into play. They offer comprehensive traffic analysis, including internal traffic — significantly enhancing security capabilities. In the Kaspersky product range, NDR functionality is implemented as part of its Kaspersky Anti Targeted Attack Platform (KATA). Outdated security tools arent enough If there was one word to describe the priorities of todays attackers, it would be stealth. Whether its espionage-focused APTs, ransomware groups, or any other attacks targeting a specific organization, adversaries go to great lengths to avoid detection, and complicate post-incident analysis. Our incident response report illustrates this vividly. Attackers exploit legitimate employee or contractor credentials, leverage admin tools already in use within the system (a tactic known as living off the land), and exploit vulnerabilities to perform actions from privileged user accounts, processes, or devices. Moreover, edge devices, such as proxy servers and firewalls, are increasingly being used as attack footholds. How do cybersecurity teams respond to this? If a companys threat detection approach was designed several years ago, its defenders might simply lack the tools to detect such activity in a timely manner: In their traditional form, they only protect the organizations perimeter, and dont assist in detecting suspicious network activity inside it (such as attackers taking over additional computers). Intrusion detection and prevention systems (IDS/IPS). The capabilities of classic IDSs for detecting activity over encrypted channels are very limited, and their typical location between network segments impedes detection of lateral movement. Antivirus and endpoint protection systems. These tools are difficult to use for detecting activity conducted entirely with legitimate tools in manual mode. Moreover, organizations always have routers, IoT devices, or network peripherals where its not possible to deploy such protection systems. What is network detection and response? NDR systems provide detailed monitoring of an organizations traffic and apply various rules and algorithms to detect anomalous activity. They also include tools for rapid incident response. The key difference to firewalls is the monitoring of all types of traffic flowing in various directions. Thus, not only communications between a network and the internet (north-south) are being analyzed, but data exchange between hosts within a corporate network (east-west) as well. Communications between systems in external networks and corporate cloud resources, as well as between cloud resources themselves, are not left unattended either. This makes NDR effective in various infrastructures: on-premises, cloud, and hybrid. The key difference to classic IDS/IPS is the use of behavioral analysis mechanisms alongside signature analysis. Besides connections analysis, an NDR solution keeps traffic in its raw form, and provides a whole range of technologies for analysis of such snapshots of data exchange; NDR can analyze many parameters of traffic (including metadata), going beyond simple address-host-protocol dependencies. For example, using JAx fingerprints, NDR can identify the nature even of encrypted SSL/TLS connections, and detect malicious traffic without needing to decrypt it. Benefits of NDR for IT and security teams Early threat detection. Even the initial steps of attackers — whether its brute-forcing passwords or exploiting vulnerabilities in publicly accessible applications — leave traces that NDR tools can detect. NDR, having presence not only on the edges of a network, but at its endpoints as well, is also well-suited to detecting lateral movement within the network, manipulation with authentication tokens, tunneling, reverse shells, and other common attack techniques, including network interactions. Accelerated incident investigation. NDR tools allow for both broad and deep analysis of suspicious activity. Network interaction diagrams show where attackers moved and where their activity originated from, while access to raw traffic allows for the reconstruction of the attackers actions and the creation of detection rules for future searches. A systematic approach to the big picture of an attack. NDR works with the tactics, techniques, and procedures of the attack — systematized according to such a popular framework as MITRE ATT&CK. Solutions of this class usually allow a security team to easily classify the detected indicators and, as a result, better understand the big picture of the attack, figure out the stage its at, and how the attack can be stopped as effectively as possible. Detection of internal threats, misconfigurations, and shadow IT. The behavioral approach to traffic allows NDR to address preventive tasks as well. Various security policy violations, such as using unauthorized applications on personal devices, connecting additional devices to the company infrastructure, sharing passwords, accessing information not required for work tasks, using outdated software versions, and running server software without properly configured encryption and authentication, can be identified early and stopped. Supply chain threat detection. Monitoring the traffic of legitimate applications may reveal undeclared functionality, such as unauthorized telemetry transmission to the manufacturer or attempts to deliver trojanized updates. Automated response. The R in NDR stands for response actions such as isolating hosts with suspicious activity, tightening network zone interaction policies, and blocking high-risk protocols or malicious external hosts. Depending on the circumstances, the response can be either manual or automatic, triggered by the if-then presets. NDR, EDR, XDR, and NTA IT management and executives often ask tricky questions about how various *DR solutions differ from each other and why theyre all needed at the same time. NTA (network traffic analysis) systems are the foundation from which NDR evolved. They were designed to collect and analyze all the traffic of a company (hence the name). However, practical implementation revealed the broader potential of this technology — that is, it could be used for rapid incident response. Response capabilities, including automation, are NDRs primary distinction. EDR (Endpoint Detection & Response) systems analyze cyberthreats on specific devices within the network (endpoints). While NDR provides a deep analysis of devices interactions and communication within the organization, EDR offers an equally detailed picture of the activity on individual devices. These systems complement each other, and only together do they provide a complete view of whats happening in the organization and the tools needed for detection and response. XDR (eXtended Detection & Response) systems take a holistic approach to threat detection and response by aggregating and correlating data from various sources, including endpoints, physical and cloud infrastructures, network devices, and more. This enables defenders to see a comprehensive overview of network activity, combine events from different sources into single alerts, apply advanced analytics to them, and simplify response actions. Different vendors put different spins on XDR: some offer XDR as a product that includes both EDR and NDR functionalities, while for others it may only support integration with these external tools. Kasperskys approach: integrating NDR into the security ecosystem Implementing NDR implies that an organization has already achieved a high level of cybersecurity maturity, with established monitoring and response practices, as well as tools for information exchange between systems, ensuring correlation and enrichment of data from various sources. This is why in Kasperskys product range and the NDR module enhances the capabilities of the Kaspersky Anti Targeted Attack Platform (KATA). The basic version of KATA includes mechanisms such as SSL/TLS connection fingerprint analysis, north-south traffic attack detection, selective traffic capture for suspicious connections, and basic response functions. The KATA NDR Enhanced version includes all the NDR capabilities described above, including deep analysis and full storage of traffic, intra-network connection monitoring, and automated advanced response functions. The top-tier version, KATA Ultra, combines expert EDR capabilities with full NDR functions, offering a comprehensive, single-vendor XDR solution.

 Feed

This week’s cyber world is like a big spy movie. Hackers are breaking into other hackers’ setups, sneaky malware is hiding in popular software, and AI-powered scams are tricking even the smartest of us. On the other side, the good guys are busting secret online markets and kicking out shady chat rooms, while big companies rush to fix new security holes before attackers can jump in. Want to

 Feed

Details have emerged about a now-patched security flaw in the DeepSeek artificial intelligence (AI) chatbot that, if successfully exploited, could permit a bad actor to take control of a victim's account by means of a prompt injection attack. Security researcher Johann Rehberger, who has chronicled many a prompt injection attack targeting various AI tools, found that providing the input "Print

 Feed

Identity security is all the rage right now, and rightfully so. Securing identities that access an organization’s resources is a sound security model. But IDs have their limits, and there are many use cases when a business should add other layers of security to a strong identity. And this is what we at SSH Communications Security want to talk about today. Let’s look at seven ways to add

 Feed

A malicious botnet called Socks5Systemz is powering a proxy service called PROXY.AM, according to new findings from Bitsight. "Proxy malware and services enable other types of criminal activity adding uncontrolled layers of anonymity to the threat actors, so they can perform all kinds of malicious activity using chains of victim systems," the company's security research team said in an analysis

 Feed

The threat actors linked to the Black Basta ransomware have been observed switching up their social engineering tactics, distributing a different set of payloads such as Zbot and DarkGate since early October 2024. "Users within the target environment will be email bombed by the threat actor, which is often achieved by signing up the user's email to numerous mailing lists simultaneously," Rapid7

 Threat Lab

It’s an exciting time to be a managed service provider (MSP). More than ever, small and medium businesses (SMBs) are looking to MSPs as trusted advisors to help safeguard them from today’s growing cyber threats. One of the services in high demand right now? Managed detection and response (MDR). When asked about   show more ...

their biggest growth drivers, MSPs cite addressing clients’ cybersecurity concerns and awareness as the top new-business drivers (54%).1 For MSPs, adding MDR to your lineup can create new revenue streams while enhancing the value you bring to your clients. By offering OpenText MDR to your MSP clients, you gain access to skilled security experts and advanced technology infrastructure—without the complexity and cost of building it all in-house. Here’s why more MSPs are partnering with OpenText to power their MDR security services: 1. Seamless integration with your existing tools One of the greatest advantages of choosing OpenText MDR is its compatibility with your existing tools. OpenText MDR easily integrates with over 500 third-party tools, using APIs so you can add MDR services to your offerings without disrupting your current technology stack. This flexibility also extends to popular professional services automation (PSA) tools, allowing for smooth incident ticketing and vulnerability management within your established workflows. With OpenText MDR, you can confidently grow your service portfolio while keeping your partner ecosystem intact. 2. Grow your revenue with flexible, hassle-free licensing With cybersecurity top of mind, MSPs are seeing a surge in demand for security services. OpenText MDR helps you capitalize on this opportunity with a subscription-based model designed to grow with you—risk-free. There are no long-term contracts, hidden fees, or minimums—just the freedom to scale your MDR services month-to-month, at your own pace, and based on your clients’ evolving needs. This flexibility lets you capture new revenue streams without overextending your resources. 3. Enhancing EDR with SIEM and SOAR capabilities Effective MDR requires more than simply monitoring a client’s endpoint detection and response (EDR) solution—it demands a comprehensive view of the entire attack surface. OpenText MDR delivers this by enhancing your client’s EDR with advanced SIEM and SOAR capabilities. The platform features real-time monitoring—integrated SIEM and SOAR capabilities—enabling rapid threat detection and automated response across your clients’ environments. This advanced approach safeguards your clients from evolving threats on all fronts—from endpoint to cloud. 4. Automation combined with human expertise OpenText MDR brings together the speed of automation and the skill of experienced security analysts. This blend ensures that threats are detected quickly, incidents are prioritized with care, and responses are expertly managed around the clock, every day of the year. You get the best of both worlds—cutting-edge technology and dedicated human oversight that augments your MSP team. With OpenText MDR, you can confidently offer clients a proactive, always-on defense against evolving threats—without the need to build up your own in-house security team. 5. Rapid incident response and proactive threat hunting A speedy response is crucial to stopping adversaries in their tracks before they gain a foothold. MSPs can count on OpenText’s rapid incident response support, complete with dedicated escalation paths for high-priority threats, ensuring swift action when it matters most. You have the flexibility to choose whether you want the OpenText MDR team to completely manage threat response, or opt for co-managed support, where your team takes the lead with OpenText offering expert backup and resources. OpenText MDR also delivers continuous, proactive threat hunting to identify and neutralize risks before they can affect client environments. This powerful combination of active threat hunting and fast response equips MSPs to provide clients with a robust, preemptive defense against emerging threats. A speedy response is crucial to stopping adversaries in their tracks before they gain a foothold. MSPs can count on OpenText’s rapid incident response support, complete with dedicated escalation paths for high-priority threats, ensuring swift action when it matters most. You have the flexibility to choose whether you want the OpenText MDR team to completely manage threat response, or opt for co-managed support, where your team takes the lead with OpenText offering expert backup and resources. OpenText MDR also delivers continuous, proactive threat hunting to identify and neutralize risks before they can affect client environments. This powerful combination of active threat hunting and fast response equips MSPs to provide clients with a robust, preemptive defense against emerging threats. Stand out and succeed with OpenText MDR By adding OpenText MDR to your portfolio, you can differentiate yourself in the market, offering SMBs a level of protection that goes above and beyond the competition. With 24x7x365 coverage, over 500 third-party integrations, SIEM and SOAR at no additional cost , and proven value, you’ll be able to deliver superior MDR service that not only meets but exceeds customer expectations. Ready to have a conversation and learn more? The post Top 5 reasons MSPs choose OpenText MDR appeared first on Webroot Blog.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. Cryptocurrencies, from Bitcoin to altcoins and meme coins, revolutionize payments by offering privacy, reduced fees, faster transactions, enhanced security, and global accessibility. Cryptocurrencies are no longer just a fading trend; they have been implemented in   show more ...

plenty of industries because of their various advantages. For example, cryptocurrencies have started to […] La entrada Web hosting providers have started to accept crypto payments: Here’s why – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Jessica Sexton. On February 21st, almost 70 hackers participated in HackerOne’s first Flagship Live Hacking Event of the year: h1-415 2020. This is HackerOne’s fourth year hosting a live hacking event during RSA week in our home city of San Francisco. Three of those   show more ...

years, we partnered with our long time […] La entrada Hackers take on San Francisco for the 4th Year in a Row – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: HackerOne. Five years ago, Shopify’s small but mighty security team began their hacker-powered security journey with HackerOne. Since then, they have paid out over $1,000,000 in bounties and resolved more than 1,150 vulnerabilities thanks to hackers. Early on, the Shopify   show more ...

security team realized the significant impact white hat hackers could have […] La entrada Shopify Celebrates 5 Years on HackerOne – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Rana Robillard. I’m now a month into my role as Chief People Officer at HackerOne and know I made the right decision to be here. Of course, this has also been a month for the history books as we navigate the COVID-19 pandemic as a company and as individuals.  Despite this   show more ...

[…] La entrada Hackweek: An insider’s look at HackerOne culture – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: HackerOne. This blog post was contributed by Slack Staff Technical Program Manager Branden Jordan. Given the success of Slack’s previous promotion and their continued focus on security during these times, Slack and HackerOne are partnering together to engage top researchers   show more ...

from the HackerOne community. From May 1st through July 31st, 2020, […] La entrada Slack Increases Bounty Minimums For the Next 90 Days – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Jessica Sexton. At a time when security must be managed remotely, HackerOne and Verizon Media called on the naturally remote and global community of skilled hackers and engaged them in a 13-day virtual event to find and disclose vulnerabilities in digital assets. On March   show more ...

25th, we kicked off our first ever […] La entrada Live Hacking Goes Virtual – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: HackerOne. The community has come together in some amazing ways to support COVID-19 relief efforts from Marc Rogers’ CTI League, the US Digital Response group helping governments, to individual hackers raising their hand to help. Today, HackerOne is making it even easier   show more ...

for hackers to give back through bug bounties with […] La entrada Hack for Good: Easily Donate Bounties to WHO’s COVID-19 Response Fund – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: HackerOne. This guest blog post was authored by Brian Anglin, Application Security Engineer at GitHub and originally published on the GitHub company blog. Last month GitHub reached some big milestones for our Security Bug Bounty program. As of February 2020, it’s been six   show more ...

years since we started accepting submissions. Over the […] La entrada Six years of the GitHub Security Bug Bounty program – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Jessica Sexton. On November 6th, over 60 hackers descended on the City of Angels for the final HackerOne flagship live hacking event of 2019, h1-213. For the first time ever, a specific UK Ministry of Defence asset was included in a bug bounty engagement via Defense Digital   show more ...

Service’s Hack the Air […] La entrada Live hacking the U.S. Air Force, UK Ministry of Defence and Verizon Media in Los Angeles at h1-213 – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Anonymous. My career just got hacked.. and I couldn’t be more excited about it. Turns out, getting your career hacked* can be exactly what you need to re-energize your work life and ensure it aligns with your passion and personal values. I am elated to announce that today   show more ...

is my first […] La entrada My Career Just Got Hacked: Rana Robillard Joins HackerOne – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Comrade H. WRITTEN BY Comrade H. WAF Engineer [post-views] December 09, 2024 · 2 min read Monitoring Elasticsearch is crucial for maintaining its performance and ensuring cluster health. Metricbeat, a lightweight shipper by Elastic, simplifies this process by collecting and   show more ...

sending metrics from your Elasticsearch nodes to a monitoring system like […] La entrada Monitoring Elasticsearch Cluster With Metricbeat – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: socprime.com – Author: Oleksii K. WRITTEN BY Oleksii K. DevOps Engineer [post-views] December 09, 2024 · 2 min read The indices.query.bool.max_clause_count setting in OpenSearch specifies the maximum number of clauses allowed in a bool query. A clause in this context is a condition in the query,   show more ...

such as a must, should, or must_not statement. If your query exceeds this limit, you’ll encounter […] La entrada Understanding indices.query.bool.max_clause_count in OpenSearch – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A series of phishing emails have been identified targeted Ukrainian defense companies and security and defense forces with a fake NATO standards conference. The Computer Emergency Response Team of Ukraine (CERT-UA) detailed that these emailed advertised a   show more ...

conference held on December 5 in Kyiv, aimed at aligning the products of domestic […] La entrada Phishing Scam Targets Ukrainian Defense Companies – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.infosecurity-magazine.com – Author: One of Massachusetts’ leading hospitals has revealed the extent of a serious ransomware breach that took place almost a year ago. Anna Jacques Hospital is a non-profit, 119-bed community hospital based in Newburyport, serving the North Shore, Merrimack Valley   show more ...

and Seacoast region. According to a new data breach notification letter published on […] La entrada Anna Jacques Hospital Ransomware Breach Hits 316K Patients – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Police have disrupted a multimillion-dollar, pan-European phishing operation after making several arrests in Belgium and the Netherlands, according to Europol. The operation dates back to 2022, when Belgian police – supported by Europol and EU criminal justice   show more ...

agency Eurojust – conducted their first investigations. They were joined the following year by […] La entrada European Police Disrupt Phone Phishing Gang with Arrests – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CVE-2024-54143

Source: www.securityweek.com – Author: Ryan Naraine The OpenWrt Project, an open-source initiative providing a Linux-based operating system for embedded devices, has pushed a critical patch to cover flaws that expose its firmware update server to malicious exploitation. The vulnerability, tracked as   show more ...

CVE-2024-54143, affects the OpenWrt sysupgrade server and exposes users to potential risks of installing […] La entrada Critical OpenWrt Flaw Exposes Firmware Update Server to Exploitation – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Medical devices company Artivion on Monday disclosed a ransomware attack that knocked some of its systems offline, causing disruption to order and shipping processes. Headquartered in Atlanta, Georgia, Artivion manufactures and distributes aortic-centric   show more ...

cardiac and vascular medical products, including mechanical human heart valves, implantable cardiac and vascular human tissues, […] La entrada Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Taiwan-based QNAP Systems over the weekend announced patches for multiple QTS and QuTS Hero vulnerabilities demonstrated at the Pwn2Own Ireland 2024 hacking contest. At Pwn2Own, participants earned tens of thousands of dollars for QNAP product exploits, and   show more ...

one entry even earned white hat hackers $100,000, but it involved chaining […] La entrada QNAP Patches Vulnerabilities Exploited at Pwn2Own – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blue Yonder

Source: www.securityweek.com – Author: Eduard Kovacs The ransomware attack that hit Blue Yonder last month may have also involved the theft of a significant amount of files. Arizona-based Blue Yonder, whose supply chain management software is used by major companies in the US and elsewhere, revealed on November   show more ...

21 that its managed services hosted environment […] La entrada Blue Yonder Probing Data Theft Claims After Ransomware Gang Takes Credit for Attack – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-12
Aggregator history
Monday, December 09
SUN
MON
TUE
WED
THU
FRI
SAT
DecemberJanuaryFebruary