Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Top 10 Cyberattacks ...

 Firewall Daily

Cyberattacks this year have escalated into a high-stakes battle, with increasingly advanced attacks targeting critical infrastructure, personal data, and corporate systems. From state-sponsored cyberattacks to ransomware campaigns, the top cyberattacks of 2024 have proven that threat actors have been weaponizing   show more ...

advanced technologies to exploit vulnerabilities in both private and public sectors. According to the Cyble Global Cyber Threat Intelligence Overview 2024 report, ransomware attacks surged, with over 2,600 incidents across industries like healthcare, finance, and manufacturing.   Major groups like LockBit and RansomHub are pushing the frequency of attacks to new heights. Dark web activity grew, with over 700 incidents linked to data leaks and malware sales. Additionally, the first half of 2024 saw over 33 billion records leaked, which included the "Mother of All Breaches" that exposed 26 billion.   Among the top ransomware attacks of 2024, the BlackCat ransomware group played an important role in numerous breaches. Notably, groups like Volt Typhoon and Salt Typhoon, linked to China, have targeted vital U.S. infrastructure, while cybercriminals such as the BlackCat ransomware group have attacked organizations worldwide, compromising millions of sensitive records.   Companies like Change Healthcare and Dell have faced massive data leaks, affecting tens of millions, and cybercriminals have used platforms like Telegram to distribute stolen data. These incidents are among the biggest data leaks of 2024, impacting millions of users and organizations worldwide.  Meanwhile, advanced cyberattack techniques, such as exploiting vulnerabilities in legacy systems and using malware like KV Botnet, have continued to exploit weak points in global networks. Let’s look at the top cyberattacks of 2024, highlighting the most impactful incidents.  Top Cyberattacks of 2024: Looking Back at the Most Influential Attacks this Year!   The Cyber Express brings the compiled list of the top 10 cyberattacks of 2024, highlighting the most notorious attacks that affected companies, organizations, cities, individuals and governments worldwide.   1. China-Backed Volt Typhoon Hackers Target U.S. Infrastructure  [caption id="attachment_99677" align="alignnone" width="1013"] Source: Federal Agencies[/caption] Volt Typhoon, a China-backed hacker group, recently carried out one of the top cyberattacks of 2024 on critical infrastructure in the U.S. and abroad. The mode of the weapon is reported to be KV Botnet malware, which was used to conceal their cyberattacks. The group exploited vulnerable SOHO routers, particularly Cisco and NetGear devices, which had reached their "end of life" and were no longer receiving security updates.   These compromised routers allowed the hackers to target sectors like communications, energy, and transportation. In response, a court-authorized operation led by the FBI, Justice Department, and CISA successfully removed the KV Botnet malware from hundreds of infected routers and severed their connection to the botnet.  This disruption is part of ongoing efforts to protect U.S. infrastructure from state-sponsored cyber threats. Officials called for replacing outdated routers to prevent reinfection and safeguard personal and national security. The FBI also encouraged public vigilance and continued reporting of suspicious activities. This attack is one of the biggest cyberattacks of 2024, with far-reaching implications for U.S. infrastructure  2. Change Healthcare Cyberattack Exposes Personal Data of 110 Million Americans [caption id="attachment_99678" align="alignnone" width="1283"] Source: Change Healthcare[/caption] In February 2024, Change Healthcare (CHC) experienced a cyberattack, where hackers accessed sensitive data, including health insurance details, medical records, and personal information of millions of Americans.   The breach, linked to the BlackCat ransomware group, exposed up to a third of the U.S. population, with potentially 110 million individuals impacted. CHC took immediate action to shut down affected systems and launched an investigation, with support from cybersecurity experts and law enforcement.   The company confirmed that data was exfiltrated between February 17-20, 2024, and began notifying affected individuals in June. As part of its response, CHC offered two years of complimentary credit monitoring and identity protection services. They advised individuals to monitor financial statements and report any suspicious activities.  3. Snowflake Cyberattack Attack Leaks 165 Enterprises’ Data  [caption id="attachment_99679" align="alignnone" width="750"] Source: The Cyber Express[/caption] The Snowflake data breach, impacting 165 customers, is considered one of the largest breaches of 2024, potentially affecting hundreds of millions. Snowflake, a U.S.-based cloud data storage company, faced an attack in April 2024, with hackers gaining access via compromised employee credentials.   These credentials were obtained through infostealing malware targeting demo accounts that lacked multi-factor authentication (MFA). Despite no breach of Snowflake’s core systems, attackers exploited vulnerabilities in third-party accounts, leading to the compromise of sensitive data from several high-profile clients.  Companies such as Santander Group, TicketMaster, LendingTree, and Pure Storage were among those affected. For instance, TicketMaster reported the potential exposure of 560 million user details and card information. Snowflake emphasized that there were no breaches within its platform, but security flaws, including outdated credentials and lack of MFA, were key contributors.  Snowflake has since collaborated with customers to enhance security, recommending MFA enforcement, regular credential rotation, and network access restrictions.   4. Dell Data Breach  [caption id="attachment_99680" align="alignnone" width="768"] Source: Dell[/caption] Dell confirmed a data breach after a threat actor claimed to have stolen approximately 49 million customer purchase records. The breach, which affected a Dell portal containing non-financial customer data, exposed information such as names, physical addresses, order details, and warranty information, but did not include financial data, email addresses, or phone numbers.  Dell assured customers that no payment information had been compromised and was working with law enforcement and a third-party forensics firm to investigate the incident. The stolen data was later put up for sale on an underground forum by a hacker known as “Menelik,” who claimed to possess personal and company information from 7 million individual purchases and 11 million consumer business records.   While Dell did not confirm the sale, the threat actor detailed the data, which spanned from 2017 to 2024, including system shipment dates, service tags, and warranty details. Although the sale ceased, Dell warned customers about potential phishing and smishing attacks.   5. Ascension Health Faced $1.8 Billion Loss After Cyberattack Disruption  [caption id="attachment_99681" align="alignnone" width="1053"] Source: Ascension Health[/caption] In May 2024, Ascension Health, one of the largest nonprofit health systems in the U.S., experienced a massive cyberattack that disrupted its operations and hindered its financial recovery. The cyberattack severely impacted clinical operations, caused systemwide disruptions, and led to additional expenses for remediation.  As a result, Ascension’s operating loss for the fiscal year ended at $1.8 billion, a setback after its earlier recovery. The attack also disrupted services, forcing Ascension to take certain systems offline and temporarily sever connections with business partners. Despite this setback, Ascension’s overall financial performance for FY24 showed a $1.2 billion improvement over the previous year, demonstrating the strength of its recovery efforts before the cyberattack. 6. Ransomware Attack Disrupts CDK Global, Impacting 15,000 Dealerships  [caption id="attachment_99682" align="alignnone" width="750"] Source: The Cyber Express[/caption] In late June 2024, a ransomware attack on CDK Global, a key software provider for car dealerships, severely disrupted operations for major automotive retailers across North America. Companies such as Asbury Automotive, AutoNation, Lithia Motors, Penske, and Group 1 Automotive reported impacts due to the shutdown of CDK Global’s systems.  These systems, essential for managing sales, inventory, financing, and customer relationships, were temporarily halted as CDK took precautionary measures. The attack affected over 15,000 dealerships, forcing many to revert to manual processes to continue operations.  Asbury and other affected companies activated incident response plans, but the full extent of the data compromise remained unclear. Lithia Motors and Group 1 Automotive expressed concerns over the long-term financial impact, while Penske implemented contingency plans to maintain operations at its truck dealerships. CDK Global, which was negotiating with the ransomware group BlackSuit, acknowledged the attack and began working with third-party experts to assess the damage.  7. City of Columbus Cyberattack by Rhysida Ransomware  [caption id="attachment_99683" align="alignnone" width="1066"] Source: The Columbus Dispatch[/caption] The City of Columbus experienced a cyberattack by the Rhysida ransomware group, claiming to have stolen 6.5 terabytes of data, including employee passwords. However, Mayor Andrew Ginther confirmed that the stolen data was either encrypted or corrupted, making it largely unusable. He assured the public that no personal information had been leaked onto the dark web, offering some relief to residents and city employees.  The cyberattack did not involve a ransom demand, which is unusual for ransomware attacks. Despite fears of compromised data, Ginther emphasized that any subsequent theft of personal information was likely unrelated to this specific incident. To protect employees, the city offered free credit monitoring and identity theft protection services, extending this to former employees as well.  In response, the city enhanced its cybersecurity measures and increased training for employees. The attack, which stemmed from a compromised website download, led to a quick response from the city’s Department of Technology and collaboration with federal agencies.  8. Star Health Data Breach Leaked Sensitive Customer Info on Telegram  [caption id="attachment_99684" align="alignnone" width="935"] Source: Star Health[/caption] Sensitive customer information from Star Health and Allied Insurance, India’s largest health insurer, was found publicly accessible on Telegram and other websites. The breach, which surfaced in August 2024, involved millions of customers’ medical reports, policy documents, and personal details being sold online. The threat actor, known as “xenZen,” used Telegram chatbots to distribute free samples of the data, while selling bulk information on the cybercrime platform BreachForums.  The breach raised security concerns at Star Health as the data was readily accessible despite the company’s assurances. Telegram, a widely used messaging platform, was implicated for its role in facilitating the breach, as its chatbot feature was exploited by cybercriminals. Despite the platform’s efforts to remove the chatbots, new ones quickly emerged, continuing to sell the stolen data. Star Health confirmed the breach and assured customers that it was working with law enforcement to address the issue.  9. Cencora Confirms Data Breach in Patient Support Programs, Offers Free Identity Protection  [caption id="attachment_99685" align="alignnone" width="750"] Source: The Cyber Express[/caption] In February 2024, Cencora, Inc. discovered unauthorized access to its information systems, potentially exposing personal data through its Lash Group affiliate’s patient support programs for Bristol Myers Squibb. The breach was detected on February 21, 2024, and after containment and investigation, it was confirmed by April 10, 2024, that some individuals' personal information, including names, addresses, birth dates, health diagnoses, medications, and prescriptions, was involved. Cencora assured that there was no evidence of the data being misused or disclosed publicly but implemented precautionary measures, including offering free identity protection services. The company worked with cybersecurity experts, law enforcement, and outside attorneys to secure systems and prevent further incidents. Affected individuals were encouraged to enroll in Experian IdentityWorks for credit monitoring and identity restoration services, free for 24 months. 10. NHS Confirms Patient Data Stolen in June Cyberattack  [caption id="attachment_99687" align="alignnone" width="926"] Source: NHS[/caption] NHS England confirmed that patient data managed by Synnovis, a pathology testing organization, was stolen in a ransomware attack on June 3, 2024. The Russian cyber-criminal group Qilin leaked nearly 400GB of private data on the darknet, including patient names, NHS numbers, and test details. Over 3,000 appointments were disrupted by the attack, which also affected financial documents related to Synnovis and NHS trusts. The attackers encrypted Synnovis' systems and downloaded private data, demanding a ransom in Bitcoin. Qilin claimed responsibility, citing political motives related to the UK’s foreign involvement. Other Top Cyberattacks in 2024 That Shook the Horizon  EigenLayer lost $5.7 million in a cyberattack where attackers stole 1.6 million EIGEN tokens via a compromised email.  The Ticketmaster’s breach exposed 560 million customer records, including personal and credit card details. Hackers sold the data online, and affected users were warned to monitor their accounts.  A Chinese hacking group, "Salt Typhoon," stole data from eight US telecoms, compromising millions of customer records. The breach is called the worst telecom hack in US history.  Microsoft detected a nation-state attack by Midnight Blizzard on January 12, 2024, compromising some corporate email accounts. No customer data was affected by the breach.   British auction house Christie's was forced to take its website offline following a cyber-attack, which also caused a delay in one of its live auctions.   In April 2024, the City of Helsinki discovered a data breach in its education division, affecting tens of thousands. Hackers exploited an unpatched vulnerability in a remote access server to gain unauthorized access to a network drive.  Ivanti patched critical zero-day vulnerabilities in its Cloud Service Appliance (CSA) after exploitation attempts. The flaws, affecting CSA versions 5.0.1 and earlier, allowed attackers to bypass restrictions and execute remote code. Ivanti released updates in CSA 5.0.2 and urged CSA 4.6 users to upgrade.  Summing Up!  The top cyberattacks of 2024, such as the theft of 110 million records from Change Healthcare, breaches impacting major corporations like Dell, and ransomware attacks disrupting essential services, have shown how vulnerabilities in both legacy and modern systems are being exploited.   With the dark web fueling the distribution of stolen data, cybercriminals are changing their ways and adopting new technologies to target victims. To fight against such adversaries, it is more than important for organizations to adopt advanced security protocols, collaborate across sectors, and raise public awareness to protect sensitive information and infrastructure. 

image for CISA and ONCD Push C ...

 Cyber News

The Cybersecurity and Infrastructure Security Agency (CISA) and the Office of the National Cyber Director (ONCD) have jointly published a comprehensive guide aimed at embedding cybersecurity into federally funded infrastructure projects. Titled Playbook for Strengthening Cybersecurity in Federal Grant Programs for   show more ...

Critical Infrastructure, the guide offers essential tools and resources for grant-making agencies and recipients to incorporate strong cybersecurity practices into their programs and infrastructure initiatives. This cybersecurity playbook is designed to assist federal grant program managers, critical infrastructure owners and operators, and organizations such as state, local, tribal, and territorial governments that sub-award grant funds or oversee grant-funded projects. With the U.S. making historic investments in infrastructure through legislative acts such as the Infrastructure Investment and Jobs Act (IIJA), the Inflation Reduction Act (IRA), and the CHIPS and Science Act, this guidance emphasizes the critical need for cybersecurity to be integrated into the foundation of these projects. Key Features of the Cybersecurity Playbook The playbook provides a structured approach to incorporating cybersecurity into grant programs and offers: Recommended actions for integrating cybersecurity throughout the grant lifecycle. Model language for Notices of Funding Opportunity (NOFOs) and Terms & Conditions to ensure clear cybersecurity expectations for applicants. Templates for grant recipients to create Cyber Risk Assessments and Project Cybersecurity Plans. A comprehensive list of cybersecurity resources to support the execution of grant-funded projects securely. CISA Director Jen Easterly highlighted the significance of this guidance, stating, “As organizations take advantage of historic infrastructure grants, it’s critical to ensure the security and resilience of this next generation of American infrastructure in every community across our nation.” Harry Coker Jr., White House National Cyber Director, echoed these sentiments, emphasizing the importance of "cybersecurity by design" in rebuilding the nation's critical infrastructure. He noted, “We need infrastructure projects to be shovel-ready and cyber-ready. This guidance will serve as a valuable resource to ensure cybersecurity is a fundamental part of every infrastructure project from the outset.” Minimizing Burden While Maximizing Security CISA and ONCD have designed the playbook to be flexible and to minimize administrative burden while ensuring that baseline cybersecurity practices are included in federally funded projects. Federal agencies administering grants, sub-awarding organizations, and infrastructure operators are encouraged to adopt the playbook’s recommendations to safeguard projects from evolving cyber threats. Directive to Secure Cloud Services In addition to the playbook, CISA has issued Binding Operational Directive (BOD) 25-01: Implementing Secure Practices for Cloud Services. This directive mandates federal civilian agencies to strengthen the security of cloud environments by implementing assessment tools and aligning their configurations with CISA’s Secure Cloud Business Applications (SCuBA) project. Recent cybersecurity incidents have highlighted the risks posed by cloud misconfigurations, which can enable attackers to gain unauthorized access, exfiltrate data, or disrupt services. In response, BOD 25-01 requires federal agencies to: Identify cloud tenants within their scope and report this information to CISA. Deploy SCuBA assessment tools for continuous monitoring and alignment with secure configuration baselines. Implement mandatory SCuBA policies and update configurations to address evolving threats. By June 2025, federal civilian agencies must fully implement these requirements to reduce risks associated with cloud vulnerabilities. CISA Director Jen Easterly reiterated the urgency of these measures, stating, “Malicious threat actors are increasingly targeting cloud environments and evolving their tactics. These actions are a crucial step in reducing risk to the federal civilian enterprise. We urge all organizations to adopt this guidance to collectively bolster national cyber resilience.” Strengthening Cloud Security with SCuBA The SCuBA project underpins this directive by providing consistent security baselines for widely used Software-as-a-Service (SaaS) products, such as Microsoft Office 365. These baselines are complemented by assessment tools that allow agencies to monitor their cloud environments effectively and address deviations from secure configurations. CISA emphasizes the importance of keeping security configurations updated, as outdated settings can expose systems to vulnerabilities. Regular reviews and adjustments ensure agencies remain aligned with evolving best practices and emerging cyber threats. Why This Matters The guidance and directives released by CISA and ONCD mark a significant step toward safeguarding U.S. infrastructure and federal networks against cyberattacks. As the nation invests in modernizing its critical infrastructure, integrating cybersecurity from the start will not only enhance resilience but also protect public trust in these vital systems. Federal agencies, grant recipients, and infrastructure operators are encouraged to adopt the playbook and implement the required cloud security measures promptly. These actions are crucial to ensuring that the next generation of American infrastructure is not only innovative but also secure and resilient.

image for Measures for safe de ...

 Business

Today, AI-based technologies are already being used in every second company — with another 33% of commercial organizations expected to join them in the next two years. AI, in one form or another, will soon be ubiquitous. The economic benefits of adopting AI range from increased customer satisfaction to direct   show more ...

revenue growth. As businesses deepen their understanding of AI systems strengths and weaknesses, their effectiveness will only improve. However, its already clear that the risks associated with AI adoption need to be addressed proactively. Even early examples of AI implementation show that errors can be costly — affecting not only finances but also reputation, customer relationships, patient health, and more. In the case of cyber-physical systems like autonomous vehicles, safety concerns become even more critical. Implementing safety measures retroactively, as was the case with previous generations of technology, will be expensive and sometimes impossible. Just consider the recent estimates of global economic losses due to cybercrime: $8 trillion in 2023 alone. In this context, its not surprising that countries claiming 21st century technological leadership are rushing to set up AI regulation (for example, Chinas AI Safety Governance Framework, the EUs AI Act, and the US Executive Order on AI). However, laws rarely specify technical details or practical recommendations — thats not their purpose. Therefore, to actually apply regulatory requirements such as ensuring the reliability, ethics, and accountability of AI decision-making, concrete and actionable guidelines are required. To assist practitioners in implementing AI today and ensuring a safer future, Kaspersky experts have developed a set of recommendations in collaboration with Allison Wylde, UN Internet Governance Forum Policy Network on AI team-member; Dr. Melodena Stephens, Professor of Innovation & Technology Governance from the Mohammed Bin Rashid School of Government (UAE); and Sergio Mayo Macías, Innovation Programs Manager at the Technological Institute of Aragon (Spain). The document was presented during the panel Cybersecurity in AI: Balancing Innovation and Risks at the 19th Annual UN Internet Governance Forum (IGF) for discussion with the global community of AI policymakers. Following the practices described in the document will help respective engineers — DevOps and MLOps specialists who develop and operate AI solutions — achieve a high level of security and safety for AI systems at all stages of their lifecycle. The recommendations in the document need to be tailored for each AI implementation, as their applicability depends on the type of AI and the deployment model. Risks to consider The diverse applications of AI force organizations to address a wide range of risks: The risk of not using AI. This may sound amusing, but its only by comparing the potential gains and losses of adopting AI that a company can properly evaluate all other risks. Risks of non-compliance with regulations. Rapidly evolving AI regulations make this a dynamic risk that needs frequent reassessment. Apart from AI-specific regulations, associated risks such as violations of personal-data processing laws must also be considered. ESG risks. These include social and ethical risks of AI application, risks of sensitive information disclosure, and risks to the environment. Risk of misuse of AI services by users. This can range from prank scenarios to malicious activities. Threats to AI models and datasets used for training. Threats to company services due to AI implementation. The resulting threats to the data processed by these services. Under the hood of the last three risk groups lie all typical cybersecurity threats and tasks involving complex cloud infrastructure: access control, segmentation, vulnerability and patch management, creation of monitoring and response systems, and supply-chain security. Aspects of safe AI implementation To implement AI safely, organizations will need to adopt both organizational and technical measures, ranging from staff training and periodic regulatory compliance audits to testing AI on sample data and systematically addressing software vulnerabilities. These measures can be grouped into eight major categories: Threat modeling for each deployed AI service. Employee training. Its important not only to teach employees general rules for AI use, but also to familiarize business stakeholders with the specific risks of using AI and tools for managing those risks. Infrastructure security. This includes identity security, event logging, network segmentation, and XDR. Supply-chain security. For AI, this involves carefully selecting vendors and intermediary services that provide access to AI, and only downloading models and tools from trusted and verified sources in secure formats. Testing and validation. AI models need to be evaluated for compliance with the industrys best practices, resilience to inappropriate queries, and their ability to effectively process data within the organizations specific business process. Handling vulnerabilities. Processes need to be established to address errors and vulnerabilities identified by third parties in the organizations system and AI models. This includes mechanisms for users to report detected vulnerabilities and biases in AI systems, which may arise from training on non-representative data. Protection against threats specific to AI models, including prompt injections and other malicious queries, poisoning of training data, and more. Updates and maintenance. As with any IT system, a process must be built for prioritizing and promptly eliminating vulnerabilities, while preparing for compatibility issues as libraries and models evolve rapidly. Regulatory compliance. Since laws and regulations for AI safety are being adopted worldwide, organizations need to closely monitor this landscape and ensure their processes and technologies comply with legal requirements. For a detailed look at the AI threat landscape and recommendations on all aspects of its safe use, download Guidelines for Secure Development and Deployment of AI Systems.

image for How to Lose a Fortun ...

 A Little Sunshine

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over   show more ...

the account by convincing him to click “yes” to a Google prompt on his mobile device. Griffin is a battalion chief firefighter in the Seattle area, and on May 6 he received a call from someone claiming they were from Google support saying his account was being accessed from Germany. A Google search on the phone number calling him — (650) 203-0000 — revealed it was an official number for Google Assistant, an AI-based service that can engage in two-way conversations. At the same time, he received an email that came from a google.com email address, warning his Google account was compromised. The message included a “Google Support Case ID number” and information about the Google representative supposedly talking to him on the phone, stating the rep’s name as “Ashton” — the same name given by the caller. Griffin didn’t learn this until much later, but the email he received had a real google.com address because it was sent via Google Forms, a service available to all Google Docs users that makes it easy to send surveys, quizzes and other communications. A phony security alert Griffin received prior to his bitcoin heist, via Google Forms. According to tripwire.com’s Graham Cluely, phishers will use Google Forms to create a security alert message, and then change the form’s settings to automatically send a copy of the completed form to any email address entered into the form. The attacker then sends an invitation to complete the form to themselves, not to their intended victim. “So, the attacker receives the invitation to fill out the form – and when they complete it, they enter their intended victim’s email address into the form, not their own,” Cluely wrote in a December 2023 post. “The attackers are taking advantage of the fact that the emails are being sent out directly by Google Forms (from the google.com domain). It’s an established legitimate domain that helps to make the email look more legitimate and is less likely to be intercepted en route by email-filtering solutions.” The fake Google representative was polite, patient, professional and reassuring. Ashton told Griffin he was going to receive a notification that would allow him to regain control of the account from the hackers. Sure enough, a Google prompt instantly appeared on his phone asking, “Is it you trying to recover your account?” Adam Griffin clicked “yes,” to an account recovery notification similar to this one on May 6. Griffin said that after receiving the pop-up prompt from Google on his phone, he felt more at ease that he really was talking to someone at Google. In reality, the thieves caused the alert to appear on his phone merely by stepping through Google’s account recovery process for Griffin’s Gmail address. “As soon as I clicked yes, I gave them access to my Gmail, which was synched to Google Photos,” Griffin said. Unfortunately for Griffin, years ago he used Google Photos to store an image of the secret seed phrase that was protecting his cryptocurrency wallet. Armed with that phrase, the phishers could drain all of his funds. “From there they were able to transfer approximately $450,000 out of my Exodus wallet,” Griffin recalled. Griffin said just minutes after giving away access to his Gmail account he received a call from someone claiming to be with Coinbase, who likewise told him someone in Germany was trying to take over his account. Griffin said a follow-up investigation revealed the attackers had used his Gmail account to gain access to his Coinbase account from a VPN connection in California, providing the multi-factor code from his Google Authenticator app. Unbeknownst to him at the time, Google Authenticator by default also makes the same codes available in one’s Google account online. But when the thieves tried to move $100,000 worth of cryptocurrency out of his account, Coinbase sent an email stating that the account had been locked, and that he would have to submit additional verification documents before he could do anything with it. GRAND THEFT AUTOMATED Just days after Griffin was robbed, a scammer impersonating Google managed to phish 45 bitcoins — approximately $4,725,000 at today’s value — from Tony, a 42-year-old professional from northern California. Tony agreed to speak about his harrowing experience on condition that his last name not be used. Tony got into bitcoin back in 2013 and has been investing in it ever since. On the evening of May 15, 2024, Tony was putting his three- and one-year-old boys to bed when he received a message from Google about an account security issue, followed by a phone call from a “Daniel Alexander” at Google who said his account was compromised by hackers. Tony said he had just signed up for Google’s Gemini AI (an artificial intelligence platform formerly known as “Bard”), and mistakenly believed the call was part of that service. Daniel told Tony his account was being accessed by someone in Frankfurt, Germany, and that he could evict the hacker and recover access to the account by clicking “yes” to the prompt that Google was going to send to his phone. The Google prompt arrived seconds later. And to his everlasting regret, Tony clicked the “Yes, it’s me” button. Then came another call, this one allegedly from security personnel at Trezor, a company that makes encrypted hardware devices made to store cryptocurrency seed phrases securely offline. The caller said someone had submitted a request to Trezor to close his account, and they forwarded Tony a message sent from his Gmail account that included his name, Social Security number, date of birth, address, phone number and email address. Tony said he began to believe then that his Trezor account truly was compromised. The caller convinced him to “recover” his account by entering his cryptocurrency seed phrase at a phishing website (verify-trezor[.]io) that mimicked the official Trezor website. “At this point I go into fight or flight mode,” Tony recalled. “I’ve got my kids crying, my wife is like what the heck is going on? My brain went haywire. I put my seed phrase into a phishing site, and that was it.” Almost immediately, all of the funds he was planning to save for retirement and for his children’s college fund were drained from his account. “I made mistakes due to being so busy and not thinking correctly,” Tony told KrebsOnSecurity. “I had gotten so far away from the security protocols in bitcoin as life had changed so much since having kids.” Tony shared this text message exchange of him pleading with his tormentors after being robbed of 45 bitcoins. Tony said the theft left him traumatized and angry for months. “All I was thinking about was protecting my boys and it ended up costing me everything,” he said. “Needless to say I’m devastated and have had to do serious therapy to get through it.” MISERY LOVES COMPANY Tony told KrebsOnSecurity that in the weeks following the theft of his 45 bitcoins, he became so consumed with rage and shame that he was seriously contemplating suicide. Then one day, while scouring the Internet for signs that others may have been phished by Daniel, he encountered Griffin posting on Reddit about the phone number involved in his recent bitcoin theft. Griffin said the two of them were initially suspicious of each other — exchanging cautious messages for about a week — but he decided Tony was telling the truth after contacting the FBI agent that Tony said was working his case. Comparing notes, they discovered the fake Google security alerts they received just prior to their individual bitcoin thefts referenced the same phony “Google Support Case ID” number. Adam Griffin and Tony said they received the same Google Support Case ID number in advance of their thefts. Both were sent via Google Forms, which sends directly from the google.com domain name. More importantly, Tony recognized the voice of “Daniel from Google” when it was featured in an interview by Junseth, a podcaster who covers cryptocurrency scams. The same voice that had coaxed Tony out of his considerable cryptocurrency holdings just days earlier also had tried to phish Junseth, who played along for several minutes before revealing he knew it was a scam. Daniel told Junseth he was a teenager and worked with other scam callers who had all met years ago on the game Minecraft, and that he recently enjoyed a run of back-to-back Gmail account compromises that led to crypto theft paydays. “No one gets arrested,” Daniel enthused to Junseth in the May 7 podcast, which quickly went viral on social media. “It’s almost like there’s no consequences. I have small legal side hustles, like businesses and shit that I can funnel everything through. If you were to see me in real life, I look like a regular child going to school with my backpack and shit, you’d never expect this kid is stealing all this shit.” Daniel explained that they often use an automated bot that initiates calls to targets warning that their account is experiencing suspicious activity, and that they should press “1” to speak with a representative. This process, he explained, essentially self-selects people who are more likely to be susceptible to their social engineering schemes. [It is possible — but not certain — that this bot Daniel referenced explains the incoming call to Griffin from Google Assistant that precipitated his bitcoin heist]. Daniel told Junseth he and his co-conspirators had just scored a $1.2 million theft that was still pending on the bitcoin investment platform SwanBitcoin. In response, Junseth tagged SwanBitcoin in a post about his podcast on Twitter/X, and the CEO of Swan quickly replied that they caught the $1.2 million transaction that morning. Apparently, Daniel didn’t appreciate having his voice broadcast to the world (or his $1.2 million bitcoin heist disrupted) because according to Junseth someone submitted a baseless copyright infringement claim about it to Soundcloud, which was hosting the recording. The complaint alleged the recording included a copyrighted song, but that wasn’t true: Junseth later posted a raw version of the recording to Telegram, and it clearly had no music in the background. Nevertheless, Soundcloud removed the audio file. “All these companies are very afraid of copyright,” Junseth explained in a May 2024 interview with the podcast whatbitcoindid.com, which features some of the highlights from his recorded call with Daniel. “It’s interesting because copyright infringement really is an act that you’re claiming against the publisher, but for some reason these companies have taken a very hard line against it, so if you even claim there’s copyrighted material in it they just take it down and then they leave it to you to prove that you’re innocent,” Junseth said. “In Soundcloud’s instance, part of declaring your innocence is you have to give them your home address and everything else, and it says right on there, ‘this will be provided to the person making the copyright claim.'” AFTERMATH When Junseth asked how potential victims could protect themselves, Daniel explained that if the target doesn’t have their Google Authenticator synced to their Google cloud account, the scammers can’t easily pivot into the victim’s accounts at cryptocurrency exchanges, as they did with Griffin. By default, Google Authenticator syncs all one-time codes with a Gmail user’s account, meaning if someone gains access to your Google account, they can then access all of the one-time codes handed out by your Google Authenticator app. To change this setting, open Authenticator on your mobile device, select your profile picture, and then choose “Use without an Account” from the menu. If you disable this, it’s a good idea to keep a printed copy of one-time backup codes, and to store those in a secure place. You may also wish to download Google Authenticator to another mobile device that you control. Otherwise, if you turn off cloud synching and lose that sole mobile device with your Google Authenticator app, it could be difficult or impossible to recover access to your account if you somehow get locked out. Griffin told KrebsOnSecurity he had no idea it was so easy for thieves to take over his account, and to abuse so many different Google services in the process. “I know I definitely made mistakes, but I also know Google could do a lot better job protecting people,” he said. In response to questions from KrebsOnSecurity, Google said it can confirm that this was a narrow phishing campaign, reaching a “very small group of people.” “We’re aware of this narrow and targeted attack, and have hardened our defenses to block recovery attempts from this actor,” the company said in a written statement, which emphasized that the real Google will never call you. “While these types of social engineering campaigns are constantly evolving, we are continuously working to harden our systems with new tools and technical innovations, as well as sharing updated guidance with our users to stay ahead of attackers,” the statement reads. Both Griffin and Tony say they continue to receive “account security” calls from people pretending to work for Google or one of the cryptocurrency platforms. “It’s like you get put on some kind of list, and then those lists get recycled over and over,” Tony said. Griffin said that for several months after his ordeal, he accepted almost every cryptocurrency scam call that came his way, playing along in the vain hope of somehow tricking the caller into revealing details about who they are in real life. But he stopped after his taunting caused one of the scammers to start threatening him personally. “I probably shouldn’t have, but I recorded two 30-minute conversations with these guys,” Griffin said, acknowledging that maybe it wasn’t such a great idea to antagonize cybercriminals who clearly already knew everything about him. “One guy I talked to about his personal life, and then his friend called me up and said he was going to dox me and do all this other bad stuff. My FBI contact later told me not to talk to these guys anymore.” Sound advice. So is hanging up whenever anyone calls you about a security problem with one of your accounts. Even security-conscious people tend to underestimate the complex and shifting threat from phone-based phishing scams, but they do so at their peril. When in doubt: Hang up, look up, and call back. If your response to these types of calls involves anything other than hanging up, researching the correct phone number, and contacting the entity that claims to be calling, you may be setting yourself up for a costly and humbling learning experience. Understand that your email credentials are more than likely the key to unlocking your entire digital identity. Be sure to use a long, unique passphrase for your email address, and never pick a passphrase that you have ever used anywhere else (not even a variation on an old password). Finally, it’s also a good idea to take advantage of the strongest multi-factor authentication methods offered. For Gmail/Google accounts, that includes the use of passkeys or physical security keys, which are heavily phishing resistant. For Google users holding measurable sums of cryptocurrency, the most secure option is Google’s free Advanced Protection program, which includes more extensive account security features but also comes with some serious convenience trade-offs.

 Feed

Meta Platforms, the parent company of Facebook, Instagram, WhatsApp, and Threads, has been fined €251 million (around $263 million) for a 2018 data breach that impacted millions of users in the bloc, in what's the latest financial hit the company has taken for flouting stringent privacy laws. The Irish Data Protection Commission (DPC) said the data breach impacted approximately 29 million

 Feed

Threat actors are attempting to exploit a recently disclosed security flaw impacting Apache Struts that could pave the way for remote code execution. The issue, tracked as CVE-2024-53677, carries a CVSS score of 9.5 out of 10.0, indicating critical severity. The vulnerability shares similarities with another critical bug the project maintainers addressed in December 2023 (CVE-2023-50164, CVSS

 Feed

INTERPOL is calling for a linguistic shift that aims to put to an end to the term "pig butchering," instead advocating for the use of "romance baiting" to refer to online scams where victims are duped into investing in bogus cryptocurrency schemes under the pretext of a romantic relationship. "The   show more ...

term 'pig butchering' dehumanizes and shames victims of such frauds, deterring people from coming

 Feed

Having been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code. ActiveState has been helping enterprises manage open source for over a decade. In the early days, open source was in its infancy. We focused mainly on the

 Feed

The Russia-linked APT29 threat actor has been observed repurposing a legitimate red teaming attack methodology as part of cyber attacks leveraging malicious Remote Desktop Protocol (RDP) configuration files. The activity, which has targeted governments and armed forces, think tanks, academic researchers, and Ukrainian entities, entails adopting a "rogue RDP" technique that was previously

 Feed

Across small-to-medium enterprises (SMEs) and managed service providers (MSPs), the top priority for cybersecurity leaders is to keep IT environments up and running. To guard against cyber threats and prevent data breaches, it’s vital to understand the current cybersecurity vendor landscape and continually assess the effectiveness of available solutions. Luckily, the 2024 MITRE ATT&CK

 Feed

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zero trust access to on-premises and cloud resources by internal, external, and third-party users.

 Feed

Cybersecurity researchers have disclosed a new phishing campaign that has targeted European companies with an aim to harvest account credentials and take control of the victims' Microsoft Azure cloud infrastructure. The campaign has been codenamed HubPhish by Palo Alto Networks Unit 42 owing to the abuse of HubSpot tools in the attack chain. Targets include at least 20,000 automotive, chemical,

 0CISO2CISO

Source: www.techrepublic.com – Author: Megan Crouse Do the security benefits of generative AI outweigh the harms? Just 39% of security professionals say the rewards outweigh the risks, according to a new report by CrowdStrike. In 2024, CrowdStrike surveyed 1,022 security researchers and practitioners from the U.   show more ...

S., APAC, EMEA, and other regions. The findings revealed that […] La entrada CrowdStrike Survey Highlights Security Challenges in AI Adoption – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Astrill vpn

Source: www.techrepublic.com – Author: Drew Robb We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Astrill VPN is touted as one of the best VPNs around. But is it worth the extra   show more ...

[…] La entrada Astrill VPN Review: Features, Performance, and Insights – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Tara Seals, Managing Editor, News, Dark Reading Source: Kirby Lee via Alamy Stock Photo NEWS BRIEF Texas Tech University’s Health Sciences Centers (HSCs) in Lubbock and El Paso are the latest victims of a disruptive cyberattack. The incident impacted the data of 1.4   show more ...

million patients, exposing a treasure trove of valuable […] La entrada Texas Tech Fumbles Medical Data in Massive Breach – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) today issued Binding Operational Directive (BOD) 25-01, Implementing Secure Practices for Cloud Services to safeguard federal information and information systems. This Directive   show more ...

requires federal civilian agencies to identify specific cloud tenants, implement assessment tools, and align cloud environments to CISA’s Secure Cloud Business […] La entrada CISA Directs Federal Agencies to Secure Cloud Environments – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: PRESS RELEASE SAN FRANCISCO–(BUSINESS WIRE)– Delinea, a pioneering provider of solutions for securing identities through centralized authorization, today announced it has been authorized by the Common Vulnerabilities and Exposures (CVE®) Program as a CVE   show more ...

Numbering Authority (CNA). The mission of the CVE Program is to identify, define, and catalog publicly disclosed cybersecurity […] La entrada Delinea Joins CVE Numbering Authority Program – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Azure

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Source: Aleksia via Alamy Stock Photo Three flaws discovered in the way Microsoft’s Azure-based data integration service leverages an open source workflow orchestration platform could have allowed an attacker to achieve   show more ...

administrative control over companies’ Azure cloud infrastructures, exposing enterprises to data exfiltration, malware deployment, and unauthorized […] La entrada Azure Data Factory Bugs Expose Cloud Infrastructure – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 comptia

Source: www.darkreading.com – Author: PRESS RELEASE DOWNERS GROVE, Ill., Dec. 17, 2024 /PRNewswire/ — A new vendor-neutral expert-level cybersecurity certification for cybersecurity professionals continues the comprehensive efforts to strengthen today’s dynamic workforce by CompTIA, the global   show more ...

leader in IT certifications and training. CompTIA SecurityX is the second of multiple new certifications included in the CompTIA Xpert Series, which was developed for IT […] La entrada CompTIA Xpert Series Expands With SecurityX Professional Certification – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Ben Barrontine Ben Barrontine, Vice President of Executive Services & Partnerships, 360 Privacy December 17, 2024 4 Min Read Source: Igor Stevanovic via Alamy Stock Photo COMMENTARY What are cybercriminals thinking? Inside the mind of a threat actor, the devil is in   show more ...

the details. Cybersecurity is composed of so many details […] La entrada To Defeat Cybercriminals, Understand How They Think – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Fahmida Y. Rashid Source: f:nalinframe via Alamy Stock Photo NEWS BRIEF As more organizations explore ways to use AI tools such as ChatGPT, Gemini, Claude, and Llama, they are grappling with the challenge of using business information while protecting personally   show more ...

identifiable information and other confidential data. Wald.ai, which launched its data […] La entrada Wald.ai Launches Data Loss Protection for AI Platforms – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BlackBerry

Source: www.darkreading.com – Author: Fahmida Y. Rashid Source: DigtialStorm via iStock NEWS BRIEF Arctic Wolf has announced plans to acquire Cylance from its owner, BlackBerry, to add endpoint security to its Aurora Platform, which also includes managed detection and response, vulnerability management, managed   show more ...

security awareness, and cloud security capabilities. The integration addresses a growing demand […] La entrada BlackBerry to Sell Cylance to Arctic Wolf – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. The next time your friend of colleague goes on about their fantasy league, remember it’s more than just a game. FanDuel, the web-based fantasy sports game with traditional season-long fantasy sports leagues compressed into daily or weekly games of skill, is used by   show more ...

over 8 million members across the globe. […] La entrada FanDuel’s Liam Somerville on Prioritising Researchers as an Extension of the Security Team – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. Data integration, data sharing, and APIs have driven recent advances in digital innovation and customer experience. Consumers expect instantaneous response to their service requests, and leveraging multiple data sources is key to delivering the experience they demand.   show more ...

Data sharing also facilitates supplier, contractor, and subcontractor relationships.
 When not effectively governed, […] La entrada How Hacker-Powered Security Protects Your Data, Even When Third Parties Don’t – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Martijn Russchen. In December 2018 we released Hacker Dashboard, the central place for all your hacker related activities. Thanks to the community, we received great feedback on how to make this dashboard even better. Based on your feedback and the team’s insights, today,   show more ...

we’re proud to announce the release of My […] La entrada Introducing My Programs – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: Martijn Russchen. HackerOne has a long history of running Hack Days. You might still remember our recent hack day where we launched the HackerOne Alexa Skill. Earlier this month, we organized another hack day, and today, we’re launching the first results. We’re   show more ...

proud to introduce Hacker Calendar. Hacker Calendar is a […] La entrada Launching the Hacker Calendar, Never Miss a Challenge Again – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko Researchers have uncovered a new malicious campaign using voice phishing (vishing) to spread the DarkGate malware. In this attack, adversaries masqueraded themselves as the known client on a Microsoft Teams call, tricking the victims into downloading AnyDesk for   show more ...

remote access and further deploying malware.  Detect DarkGate Malware Attacks  In […] La entrada DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Oleksandr L [post-views] December 17, 2024 · 3 min read Tracking the growth or reduction in index sizes is crucial for effective cluster management in Elasticsearch. It helps administrators optimize resources, predict scaling needs, and identify anomalies. This guide outlines how   show more ...

to monitor index size trends, focusing on daily and monthly […] La entrada Monitoring Index Size Trends in Elasticsearch: Monthly and Daily Statistics – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AppOmni

Source: securityboulevard.com – Author: Rebecca Crum Business-critical SaaS applications are prime targets for cyberattacks due to the sensitive data they handle. The State of SaaS Security Report 2024 found that high-profile data breaches have shaken organizations’ confidence, moving SaaS security into one   show more ...

of the top three priorities for 67% of organizations. Join AppOmni and Forrester […] La entrada Securing SaaS – Lessons, Trends, and Strategies for 2025 with Guest Forrester – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AppOmni

Source: securityboulevard.com – Author: Rebecca Crum In today’s digital landscape, organizations rely on SaaS applications for nearly every business function. But these tools also expose sensitive data to new risks. In this 20 minute session, we’ll introduce you to AppOmni, the platform designed to reduce   show more ...

SaaS data exposure, detect threats, and prevent data breaches. Through […] La entrada Securing Your SaaS: How AppOmni Mitigates SaaS Risks and Protects Data – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Wednesday, December 18, 2024 Home » Security Bloggers Network » DEF CON 32 – HookChain A New Perspective For Bypassing EDR Solutions Authors/Presenters: Helvio Carvalho Junior Our sincere appreciation to DEF CON, and the Authors/Presenters for   show more ...

publishing their erudite DEF CON 32 content. Originating from the conference’s events located […] La entrada DEF CON 32 – HookChain A New Perspective For Bypassing EDR Solutions – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Dave Ferguson Many software development shops deliver their product releases via virtual machine (VM) disk images. Whether deployed to a cloud environment, data center, or elsewhere, delivering safe and secure images is vital. If vulnerabilities, malware, or even   show more ...

unhardened binaries are present in a disk image delivered to customers, they are […] La entrada How to Assess Virtual Machines Prior to Deployment with Spectra Assure – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.techrepublic.com – Author: Franklin Okeke We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. This is a comprehensive QRadar vs. Splunk SIEM tool comparison, covering   show more ...

their features, pricing, and more. Use […] La entrada QRadar vs Splunk (2024): SIEM Tool Comparison – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 (650) 203-0000

Source: krebsonsecurity.com – Author: BrianKrebs Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts   show more ...

directly from google.com, and ultimately seized control over the […] La entrada How to Lose a Fortune with Just One Bad Click – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-12
Aggregator history
Wednesday, December 18
SUN
MON
TUE
WED
THU
FRI
SAT
DecemberJanuaryFebruary