Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for US House to Vote on ...

 Firewall Daily

The U.S. House of Representatives is set to vote next week on a defense bill that includes a provision allocating over $3 billion to remove Chinese telecom equipment from American networks.  This action is part of ongoing efforts to address the security risks posed by Chinese-made technology, specifically equipment   show more ...

from major telecom companies from China. The initiative is a continuation of the “rip and replace” program, which aims to eliminate insecure telecom infrastructure that has been seen as a potential security threat.  The Rip and Replace Program: Funding Shortfalls and Urgent Needs  The Federal Communications Commission (FCC) has estimated that removing the Chinese equipment will cost around $4.98 billion, a figure that exceeds the $1.9 billion previously approved by Congress for the "rip and replace" program.   This shortfall has led to growing concerns about the security of U.S. networks and the potential for disruption to service, particularly in rural areas. In a recent statement, FCC Chair Jessica Rosenworcel reiterated the urgency of the situation, highlighting that the program faces a $3.08 billion funding gap.  Rosenworcel emphasized that without this additional funding, the program could stall, leaving hundreds of small rural carriers unable to fully replace the insecure equipment. She warned that this could jeopardize service in regions where these carriers are the sole providers. “If we cannot close this gap, it may lead to some rural networks shutting down, potentially eliminating the only provider in some areas and putting vital services like 911 access at risk,” she said.  The funding for the rip and replace program has been a topic of concern for several years, with many lawmakers and industry leaders calling for quick action. Tim Donovan, CEO of the Competitive Carriers Association, voiced his support for the new funding, saying, "This funding is desperately needed to fulfill the mandate to remove and replace covered equipment and services while maintaining connectivity for tens of millions of Americans."  Bipartisan Support and Funding Sources  The upcoming vote on the defense bill marks an important step toward addressing the funding gap. The bill, which has garnered bipartisan support, includes $3 billion specifically for the removal of Chinese-made telecom equipment. The bill also outlines provisions to support U.S. telecom companies as they comply with the Secure and Trusted Communications Networks Reimbursement Program, which was established under the Secure and Trusted Communications Networks Act of 2019. This law was specifically designed to help telecom providers replace equipment from Chinese companies, which are widely viewed as a national security risk.  Additionally, the bill provides up to $500 million for regional tech hubs, funded through a one-time spectrum auction by the FCC. The auction will focus on advanced wireless spectrum in the AWS-3 band, aimed at meeting the growing demands of U.S. wireless consumers. These auctions are expected to help generate the necessary funds to cover the costs of the rip and replace program and ensure that U.S. networks are secure.  The Importance of the Rip and Replace Program  The rip and replace initiative, officially known as the Secure and Trusted Communications Networks Reimbursement Program, has been critical in removing vulnerable Chinese telecom infrastructure. The program targets several Chinese companies that have been accused of posing national security threats due to their close ties to the Chinese government. The widespread use of their technology by U.S. Internet Service Providers has raised concerns, especially after Chinese telecoms were banned from providing equipment to critical networks.  Despite the progress made with the initial $1.9 billion funding, the program has struggled to meet its financial needs. The $4.98 billion estimate provided by the FCC is based on the actual costs of removing and replacing the equipment across 126 small and rural U.S. carriers. In December, Rosenworcel sent a letter to several members of Congress warning that the lack of sufficient funding could lead to more carriers withdrawing from the program and leaving rural communities without coverage.  The Role of the Federal Communications Commission (FCC)  The FCC plays a central role in administering the rip and replace program. It is responsible for overseeing the removal of insecure Chinese equipment and ensuring that eligible carriers receive the necessary funds to replace it.   However, the FCC’s authority to conduct spectrum auctions was limited in March 2023, complicating the agency’s ability to generate revenue for the program. The new defense bill seeks to address this issue by allowing the FCC to borrow $3.08 billion from the U.S. Treasury, with the understanding that it will repay the loan through proceeds from the spectrum auction.  Despite the challenges, the FCC has remained determined to push forward with the program, with Chair Rosenworcel stating, “We cannot afford to let these risks continue. Our national security and the connectivity of rural communities depend on completing this process.” 

image for FBI, DC3, and NPA Tr ...

 Cyber News

In May 2024, a cryptocurrency theft involving $308 million was linked to North Korean Hackers by the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), and the National Police Agency (NPA) of Japan. The theft targeted DMM, a Japan-based cryptocurrency company, and was part of   show more ...

ongoing illicit activities by North Korean cyber actors, who have increasingly used cybercrime to generate revenue for the regime. The cybercriminal group behind the attack has been tracked under various aliases, including TraderTraitor, Jade Sleet, UNC4899, and Slow Pisces. These actors are known for their use of targeted social engineering techniques to gain access to critical systems. In this particular case, the attackers compromised the DMM cryptocurrency wallet through a series of carefully planned actions that ultimately resulted in the theft of 4,502.9 Bitcoin (BTC), worth approximately $308 million at the time. The Attack: Social Engineering and Malware Exploitation The series of events leading up to the cryptocurrency theft began in late March 2024 when a North Korean cyber actor, posing as a recruiter, contacted an employee at Ginco, a Japan-based cryptocurrency wallet software company. This individual, who had access to Ginco’s wallet management system, was targeted with a malicious link disguised as a pre-employment test. The link led to a Python script hosted on GitHub. Believing the communication to be legitimate, the employee copied the Python code to their personal GitHub page, unknowingly setting the stage for a security breach. The malware hidden within the Python script provided the attackers with a foothold into the employee’s system. Once the malware was activated, it compromised the employee’s account, allowing the attackers to harvest sensitive data.  North Korean Hackers Gained Access to DMM's Systems By mid-May 2024, the TraderTraitor cyber actors exploited the compromised employee’s session cookie information to impersonate the victim. This granted them access to Ginco’s unencrypted communications system, which contained critical information on transactions and company operations. The actors were able to use this access to manipulate an ongoing transaction request from DMM, ultimately redirecting the cryptocurrency funds into wallets controlled by the attackers. The fraudulent transaction involved the theft of a large sum of Bitcoin—4,502.9 BTC—at the time valued at $308 million. The stolen funds were subsequently moved to wallets under the control of TraderTraitor, and their movement has been tracked by authorities, although the attackers continue to attempt to cover their tracks. Ongoing Investigations and International Collaboration The FBI, DC3, and NPA have emphasized that this incident is part of a larger pattern of illicit activities carried out by North Korean cyber actors. These actors have been known to engage in cybercrime, including cryptocurrency theft, to generate revenue that supports North Korea's regime. The investigation into this theft is ongoing, with law enforcement and cybersecurity experts working across borders to trace the stolen funds and expose the full extent of the cyber actors’ activities. The collaboration between U.S. and Japanese authorities, along with other international partners, plays a critical role in identifying and holding accountable those responsible for such large-scale thefts. Impact on the Cryptocurrency Industry While cryptocurrency transactions offer a degree of anonymity, the movement of large sums of money is still traceable, and authorities are able to track stolen funds across the blockchain. However, the challenge remains in recovering these funds and preventing further thefts. As cybercriminals continue to refine their techniques, the need for enhanced cybersecurity measures and vigilant monitoring in the cryptocurrency industry becomes even more critical. A Broader Campaign of Cybercrime North Korean cyber actors, often linked to the Lazarus Group, have a history of engaging in cybercrime to fund state operations. The group has been attributed with several high-profile cyberattacks, including cyberattacks on financial institutions, cryptocurrency exchanges, and critical infrastructure. These activities are often part of a broader strategy to circumvent international sanctions and generate illicit revenue for the regime. The attack on DMM is a prime example of how cybercriminals, backed by nation-states, can use advanced tactics like social engineering and malware to exploit vulnerabilities within organizations. In this case, the success of the attack was partly due to the ability of the cyber actors to manipulate an ongoing legitimate transaction, illustrating the risks posed to businesses operating in the financial and cryptocurrency sectors. Continued Efforts to Combat Cybercrime The FBI, DC3, NPA, and other international partners remain committed to investigating and exposing North Korea’s cyber activities. Their efforts focus on preventing future attacks, tracking stolen assets, and holding those responsible accountable. While this particular theft resulted in a significant financial loss, it also highlights the broader issue of cybercrime and the importance of continued international collaboration to combat these growing threats. As investigations continue, law enforcement agencies are urging cryptocurrency companies and other financial institutions to strengthen their cybersecurity defenses and implement more robust measures to protect against social engineering and other malicious tactics. The DMM attack serves as a stark reminder of the evolving nature of cyber threats and the need for proactive security strategies in the ever-changing digital landscape. The theft of $308 million from DMM by North Korean cyber actors is a significant reminder of the evolving threat landscape in the digital world. As investigations continue, authorities remain committed to exposing these illicit activities and preventing further attacks.

image for India’s States Col ...

 Cyber News

Indian Ministry of Electronics and Information Technology (MeitY) organized a conference at Bharat Mandapam, New Delhi, to accelerate digital transformation across India and strengthen cybersecurity measures. Chaired by MeitY Secretary S. Krishnan, the event brought together IT Secretaries and senior officials from   show more ...

34 Indian States and Union Territories (UTs), alongside high-level representatives from MeitY, to deliberate on the future of digital governance in India. This collaborative effort aimed to address key challenges in bridging the digital divide, particularly in India's North Eastern and hilly states, while fostering innovation and strengthening cybersecurity practices across the country. Focus on Digital Growth and Empowerment The conference began with a focused breakfast meeting between the Secretary, MeitY, and representatives from North Eastern and hilly states, including Arunachal Pradesh, Himachal Pradesh, Jammu & Kashmir, Ladakh, and others. Discussions centered around the development of digital infrastructure, extending Bharat Net to the block level, and adopting e-office solutions to streamline governance. Participants emphasized capacity building, entrepreneurship promotion, and infrastructure development as critical areas for empowering these regions. Strengthening Cybersecurity and Adhering to the DPDP Act A significant portion of the conference was dedicated to cybersecurity and data protection, with deliberations on adhering to the Digital Personal Data Protection (DPDP) Act of 2023. MeitY highlighted the need for states and UTs to implement strong cybersecurity measures, including mandatory audits of software and hardware, to safeguard sensitive data and ensure operational resilience. The discussions highlighted the importance of adopting standardized, machine-readable data formats for seamless and secure data exchange between government departments and stakeholders. States such as Telangana, Uttar Pradesh, and Karnataka presented innovative approaches to developing structured platforms for data exchange while maintaining strict cybersecurity protocols. Leveraging Emerging Technologies Emerging technologies took center stage during the discussions, with a particular focus on Artificial Intelligence (AI), Machine Learning (ML), Internet of Things (IoT), drones, and blockchain. These technologies were recognized as transformative tools for modernizing governance, enhancing public service delivery, and improving the quality of life for citizens. Participants explored innovative applications in healthcare, education, agriculture, and environmental sustainability. The consensus was clear: emerging technologies must be designed to cater to diverse needs and abilities, ensuring accessibility and inclusivity. States such as Andhra Pradesh, Gujarat, and Delhi highlighted their efforts to integrate these technologies into governance frameworks, emphasizing the need for collaboration and knowledge sharing to bring all states and districts onto a common digital infrastructure. Recent MeitY Initiatives The conference also featured presentations on MeitY’s recent initiatives, including: Aadhaar Expansion: Partnering with states to strengthen Aadhaar authentication and enrollment systems. IndiaAI Mission: Driving responsible, inclusive growth of the AI ecosystem. India Semiconductor Mission: Fostering the development of India’s semiconductor ecosystem. Integrated Cybersecurity Management: Assisting states in implementing comprehensive cybersecurity measures. These initiatives demonstrate MeitY’s commitment to advancing digital transformation while prioritizing data security and citizen-centric governance. Thematic Breakout Sessions The conference hosted parallel breakout sessions under three key pillars: Data Standardisation and Data Exchange Platforms Discussions focused on creating secure platforms for seamless data exchange. States were urged to adhere to the DPDP Act and prioritize data protection to enhance citizen services and operational efficiency. Strengthening State Digitalisation Efforts This session emphasized benchmarking state-level digitalization against best practices, creating family registries, and facilitating two-way data exchange between union and state governments. Regular security audits and anonymization mechanisms were recommended to safeguard data integrity. Adoption of Emerging Technologies in Public Service Delivery Participants deliberated on integrating AI, ML, IoT, drones, and blockchain into governance frameworks. The aim was to enhance citizen-government interactions, streamline operations, and ensure 24/7 access to government services. Building a Unified Digital Framework The conference concluded with a shared vision of creating a unified digital framework that seamlessly integrates with national digital infrastructure. States and UTs committed to fostering collaboration, adopting best practices, and leveraging emerging technologies to modernize governance and improve public service delivery. As India moves towards a digitally empowered governance model, the outcomes of this conference are expected to shape the nation’s digital future, ensuring that technology serves as a bridge to connect, empower, and protect its citizens. In the words of Secretary S. Krishnan, "Digital transformation is not just about technology; it is about people, collaboration, and building trust. Together, we can create a future where governance is accessible, efficient, and secure for every citizen."

image for Adobe ColdFusion Vul ...

 Firewall Daily

Adobe has issued an urgent security advisory to address a critical vulnerability in Adobe ColdFusion, affecting versions 2023 and 2021. This vulnerability, tracked as CVE-2024-53961, is linked to a path traversal weakness, which could allow attackers to exploit the flaw and gain unauthorized access to arbitrary files   show more ...

on vulnerable servers.  The flaw has been given a Priority 1 severity rating, the highest possible level, due to its potential for exploitation in the wild. Adobe has confirmed that a proof-of-concept (PoC) exploit code for this Adobe ColdFusion vulnerability is already in circulation, making the risk even more pressing. As such, Adobe has recommended that users update their systems immediately to mitigate any security risks associated with this critical flaw.  Understanding CVE-2024-53961: Path Traversal Weakness  The path traversal weakness in ColdFusion could be exploited by an attacker to perform unauthorized file system reads on affected servers. This means that an attacker could manipulate file paths to access sensitive files that are otherwise restricted. This kind of vulnerability is often dangerous because it can lead to the exposure of critical system data, such as configuration files, database credentials, and other confidential information that could be used for further attacks.  Adobe specifically pointed out that the vulnerability affects ColdFusion versions 2023 (up to Update 11) and 2021 (up to Update 17), which are the current releases. Attackers exploiting this flaw would be able to access arbitrary files across the system, causing potentially severe damage to both the application and the underlying infrastructure.  Adobe’s Response: Urgent Security Update  On December 23, 2024, Adobe released out-of-band security updates to address this Adobe ColdFusion vulnerability. These updates resolve the path traversal weakness that could allow an attacker to read files from the system arbitrarily. Adobe has highlighted the critical nature of these updates and classified the vulnerability with a CVSS base score of 7.4, signifying a threat to the security of affected systems.  The affected versions of ColdFusion, 2023 Update 11 and earlier, and 2021 Update 17 and earlier, must be upgraded to newer versions to protect against this CVE-2024-53961 flaw. Adobe has provided updated versions:  ColdFusion 2023: Update 12  ColdFusion 2021: Update 18  Both updates are considered Priority 1, meaning they should be applied without delay due to the immediate security risks they address. Users are urged to download and install the patches as soon as possible.  What is Path Traversal and Why It Matters?  Path traversal vulnerabilities, such as the one identified in ColdFusion, occur when an application fails to properly validate or sanitize input that specifies file paths. This allows attackers to "traverse" the directory structure of a server and access files outside of the intended directories.   In the case of ColdFusion, this flaw could let attackers read sensitive files that should be out of their reach, such as password files, system configuration files, or other critical data. Path traversal attacks are a common entry point for cybercriminals attempting to compromise systems, steal data, or escalate their access to more critical parts of the system.  

image for CISA Flags CVE-2021- ...

 Cyber News

The Cybersecurity and Infrastructure Security Agency (CISA) has announced the addition of a new vulnerability, CVE-2021-44207, to its Known Exploited Vulnerabilities (KEV) Catalog. This action follows evidence of active exploitation and aims to alert organizations to the potential risks posed by this vulnerability.   show more ...

Overview of CVE-2021-44207 CVE-2021-44207, identified in the Acclaim Systems USAHERDS web application version 7.4.0.1 and earlier (builds prior to November 2021), is a hard-coded credentials vulnerability. The vulnerability, classified under CWE-798, arises from the use of static ValidationKey and DecryptionKey values. These keys, which are integral to the security of the application’s ViewState, can be exploited to achieve remote code execution (RCE). A malicious actor with access to these keys can manipulate the application’s server into deserializing a maliciously crafted ViewState payload, potentially enabling unauthorized execution of code on the server hosting the application. Key Details: Published: December 21, 2021 Updated: December 21, 2021 Impact: High – Knowledge of the hard-coded keys could lead to RCE. Exploitability: Low – The hard-coded keys must first be obtained through another vulnerability or an alternate channel. Technical Breakdown of the Vulnerability The Acclaim Systems USAHERDS web application leverages ValidationKey and DecryptionKey values to ensure the integrity and confidentiality of its ViewState data. ViewState is used to persist the state of web application controls between client and server interactions. When these keys are hard-coded and become known to an attacker, the following risks emerge: Bypassing Integrity Checks: An attacker can craft a ViewState payload that bypasses the Message Authentication Code (MAC) verification process. Deserialization of Malicious Data: The crafted payload can then be deserialized by the server, potentially executing unauthorized code and compromising the application. This vulnerability's high impact rating stems from the potential consequences of a successful exploit. However, its low exploitability rating indicates that the attacker must first gain access to the hard-coded keys through a separate method, such as exploiting another vulnerability or accessing sensitive system configurations. Implications for Cybersecurity These types of vulnerabilities are common attack vectors and can pose significant risks, particularly to federal enterprises. While there is no confirmed evidence linking CVE-2021-44207 to ransomware campaigns, the possibility of its misuse cannot be discounted. Exploiting such vulnerabilities could allow malicious actors to compromise critical systems, steal sensitive data, or disrupt operations. Mitigation Actions CISA advises organizations to take immediate action to address this vulnerability. Recommended steps include: Apply Vendor Mitigations: Follow instructions provided by the vendor to secure the application. Discontinue Usage: If mitigations are unavailable, consider discontinuing the use of the vulnerable product. Contact Vendor Support: Reach out to Acclaim Systems for detailed guidance on patching or mitigating this vulnerability. CISA further urges organizations to integrate proactive measures into their vulnerability management practices by prioritizing the remediation of vulnerabilities listed in the KEV Catalog. Discovery and Acknowledgment The vulnerability was discovered and reported by Douglas Bienstock of Mandiant. His work highlights the importance of rigorous testing and reporting in identifying critical flaws that could be exploited by malicious actors. Binding Operational Directive (BOD) 22-01 The inclusion of CVE-2021-44207 in the KEV Catalog aligns with CISA’s Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities. Established to enhance federal cybersecurity, BOD 22-01 mandates the remediation of cataloged vulnerabilities within specified timelines by Federal Civilian Executive Branch (FCEB) agencies. Key Highlights of BOD 22-01: Purpose: Protect FCEB networks against active threats by addressing known vulnerabilities. Scope: Applies directly to FCEB agencies but serves as a benchmark for all organizations to follow. Call to Action: CISA strongly encourages private organizations to incorporate the KEV Catalog into their vulnerability management processes to minimize exposure to cyberattacks. Broader Recommendations for Organizations CISA’s actions serve as a reminder of the persistent threats posed by known vulnerabilities. Organizations should adopt the following cybersecurity best practices to strengthen their security posture: Regular Vulnerability Assessments: Conduct frequent assessments to identify and address vulnerabilities in your systems. Timely Patch Management: Ensure all systems are up to date with the latest security patches. Monitor Threat Intelligence: Stay informed about newly identified vulnerabilities and active exploitations. Limit Hard-Coded Credentials: Avoid using static keys or credentials within applications. Where such usage is unavoidable, implement secure key management practices. Conclusion The addition of CVE-2021-44207 to CISA’s Known Exploited Vulnerabilities Catalog highlights the importance of vigilance and timely remediation in today’s cybersecurity landscape. While this vulnerability may require specific conditions for exploitation, its potential impact on affected systems is significant. Organizations, regardless of their affiliation with federal agencies, are encouraged to take immediate steps to secure their systems against this and other cataloged vulnerabilities.

image for Patient and Employee ...

 Data Breach News

In a recent update, Ascension has provided new details regarding the cyberattack on its systems that occurred earlier this year. The Ascension data breach, which first came to light in June, was the result of a malicious file being downloaded by an employee, allowing cybercriminals to access Ascension's network.   show more ...

  Since then, the health system has been working diligently with third-party experts to investigate the scope of the data breach at Ascension and determine the extent to which patient and employee information was compromised.  New Details of June Ascension Data Breach  Ascension's latest statement confirmed that after months of thorough investigation, the review of the compromised data is now complete. In their announcement, the health system stated, "Since the May ransomware attack, we have been working with third-party experts to investigate what individuals' data may have been involved in this incident. That review of the data is now complete, and starting today, Ascension will begin the process of notifying individuals whose personal information was involved in this incident."  While the full extent of the data breach at Ascension cannot be confirmed for each individual, it is believed that various types of sensitive information were exposed. This includes medical details such as medical record numbers, dates of service, types of lab tests, procedure codes, and payment information such as credit card numbers and bank account details. Additionally, information like Medicaid/Medicare IDs, insurance policy numbers, and government identification numbers, such as Social Security numbers, were also compromised.  Protective Measures and Notifications  Ascension reassured individuals that their Electronic Health Records (EHR) and other clinical systems, which house comprehensive patient data, were not affected by the attack. Importantly, there is no evidence to suggest that full patient records were stolen from these secure platforms.  To help mitigate potential damage from the Ascension cyberattack, the health system will offer complimentary credit monitoring and identity protection services to those affected. The company confirmed that individuals will begin receiving notification letters in the coming weeks, with a timeline of 2-3 weeks for all affected individuals to be informed. These letters will outline the necessary steps to enroll in the identity protection services.  Ascension’s update also emphasized the importance of continued vigilance. A representative from Ascension stated, "We are incredibly thankful for the continued support from our patients and the communities we serve. To our dedicated clinicians, thank you for your tireless efforts and commitment to both our patients and our organization." They highlighted the collective resilience of Ascension’s employees and expressed deep gratitude for their contributions during this difficult time.  What Data Was Involved in the Ascension Cyberattack?  As Ascension continued its investigation into the cyberattack, it became clear that personal information from patients, senior living residents, and employees had been compromised. The data involved varies by individual, but it may include medical information (such as medical record number, dates of service, and procedure codes), payment information (including credit card or bank account numbers), insurance details (such as Medicaid/Medicare ID and policy numbers), and government identification (like Social Security numbers or driver’s license numbers).  Ascension has denoted that while the incident involved patient data, their core medical records, stored in Electronic Health Records (EHR), were unaffected. This detail is crucial as it ensures that patient care is not disrupted, and clinicians have continued to access medical histories and prescribe medications without interruption.  Credit Monitoring Services: How to Enroll  As part of its response to the Ascension data breach, Ascension is offering free credit monitoring services for affected individuals. Those who are notified can sign up for identity protection services through Ascension’s dedicated platform. Individuals can visit the official website or call (866) 724-3233 between 8:00 a.m. and 8:00 p.m. for assistance in enrolling.  For individuals who had previously enrolled in the credit monitoring service offered after the initial breach, Ascension confirmed that they could still take advantage of a new round of monitoring. This service will begin immediately upon enrollment and will be available for two years. 

 Feed

The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE-2024-56337, has been described as an incomplete mitigation for CVE-2024-50379 (CVSS score: 9.8), another critical security flaw in the same product that

 Feed

Japanese and U.S. authorities have formerly attributed the theft of cryptocurrency worth $308 million from cryptocurrency company DMM Bitcoin in May 2024 to North Korean cyber actors. "The theft is affiliated with TraderTraitor threat activity, which is also tracked as Jade Sleet, UNC4899, and Slow Pisces," the agencies said. "TraderTraitor activity is often characterized by targeted social

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems USAHERDS to the Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The vulnerability in question is CVE-2021-44207 (CVSS score: 8.1), a case of hard-coded, static credentials in Acclaim USAHERDS that

 Feed

Cybersecurity researchers have flagged two malicious packages that were uploaded to the Python Package Index (PyPI) repository and came fitted with capabilities to exfiltrate sensitive information from compromised hosts, according to new findings from Fortinet FortiGuard Labs. The packages, named zebo and cometlogger, attracted 118 and 164 downloads each, prior to them being taken down.

 AI

In episode 30 of The AI Fix, AIs are caught lying to avoid being turned off, Apple’s AI flubs a headline, ChatGPT is available to people who haven't left the 1970s, our hosts regret to inform you that an AI artist now has a personality, and ant-like robots join forces to lob each other over things. Graham   show more ...

discovers that Google Gemini is checking its homework by asking unskilled humans to simply take a punt at the right answer, and Mark uses an AI to reveal the devastating truth about Santa. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: www.darkreading.com – Author: Don Tait Don Tait, Senior Analyst, Omdia December 23, 2024 4 Min Read COMMENTARY The growth in systems communicating over the internet without human involvement has been dramatic in recent years. The Internet of Things (IoT) is driving more machine-to-machine (M2M)   show more ...

communications without human intervention. There is also an explosion in […] La entrada Non-Human Identities Gain Momentum, Requires Both Management, Security – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: www.darkreading.com – Author: Harold Rivas Source: Stephen Barnes via Alamy Stock Photo COMMENTARY The role of the chief information security officer (CISO) today is not the CISO’s role of the past. The ever-evolving threat landscape, adoption of new technologies like generative AI (GenAI),   show more ...

increased regulatory pace, ongoing employee education and training programs, and maintaining operational resilience have […] La entrada How CISOs Can Communicate With Their Boards Effectively – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: Skorzewiak via Alamy Stock Photo It’s been more than a year since the conflict between Hamas and Israel began, and the cyber battle between the two entities rages on, involving a variety of perpetrators and using   show more ...

playbooks of other global conflicts. Here are some […] La entrada Middle East Cyberwar Rages On, With No End in Sight – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: John Klossner Every person in this scene is just so joyful that we can’t help by wonder, what are they so happy about? Send us a cybersecurity-related caption to describe the above scene and our favorite entry will win its wordsmith a $25 gift card. Here are four   show more ...

convenient ways to […] La entrada Name That Toon: Sneaking Around – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: www.infosecurity-magazine.com – Author: A series of critical vulnerabilities affecting the widely used WPLMS and VibeBP plugins for WordPress have been identified by security researchers. These plugins are essential components of the WPLMS premium LMS theme, which counts over 28,000 sales. They are   show more ...

primarily used for creating online courses, managing students and selling educational content. […] La entrada Critical Vulnerabilities Found in WordPress Plugins WPLMS and VibeBP – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Around 5.6 million individuals have had their sensitive personal, medical and financial information breached as a result of a ransomware attack on US healthcare giant Ascension. The company shared the extent of the data breach in a filing to the Office of the   show more ...

Maine Attorney General on December 19. Following an […] La entrada Ransomware Attack Exposes Data of 5.6 Million Ascension Patients – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A series of high-profile compromises targeting popular open source packages have been uncovered, exposing the growing risk of malicious code infiltration in widely used software tools.  Threat actors implanted cryptomining malware in packages associated with   show more ...

rspack, a JavaScript bundler, and vant, a Vue UI library for mobile web apps. Together, these […] La entrada Cryptomining Malware Found in Popular Open Source Packages – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Interpol has claimed success with a new online operation designed to uncover human trafficking victims and facilitators operating in South America and Europe. The policing group teamed up with inter-governmental body the Organization for Security and Co-operation   show more ...

in Europe (OSCE), in response to a growing and concerning trend. Victims are lured […] La entrada Interpol Identifies Over 140 Human Traffickers in New Initiative – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: The UK’s data protection regulator has warned that as many as 14 million UK adults don’t know how to wipe personal data from their mobile devices, potentially putting their privacy at risk if they replace their handsets this Christmas. The Information   show more ...

Commissioner’s Office (ICO) polled over 2100 members of the public […] La entrada ICO Warns of Mobile Phone Festive Privacy Snafu – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 24, 2024 Italy’s data protection watchdog fined OpenAI €15 million for ChatGPT’s improper collection of personal data. Italy’s privacy watchdog, Garante Privacy, fined OpenAI €15M after investigating ChatGPT’s   show more ...

personal data collection practices. The Italian Garante Priacy also obliges OpenAI to conduct a six-month informational campaign over […] La entrada Italy’s data protection watchdog fined OpenAI €15 million over ChatGPT’s data management violations – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Acclaim Systems USAHERDS

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 23, 2024 U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an   show more ...

Acclaim Systems USAHERDS vulnerability, tracked as CVE-2021-44207 (CVSS score: 8.1) to its Known Exploited Vulnerabilities (KEV) catalog. […] La entrada U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 23, 2024 A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting   show more ...

a vulnerability to deliver Pegasus spyware. […] La entrada U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: securityaffairs.com – Author: Pierluigi Paganini Pierluigi Paganini December 23, 2024 North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024. Kaspersky researchers observed the North Korea-linked Lazarus Group targeting at least two employees   show more ...

associated with the same nuclear-related organization over the course of one month. The experts believe the attacks […] La entrada Lazarus APT targeted employees at an unnamed nuclear-related organization – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.securityweek.com – Author: Etay Maor Shadow IT is a fairly well-known problem in the cybersecurity industry. It’s where employees use unsanctioned systems and software as a workaround to bypass official IT processes and restrictions. Similarly, with AI tools popping up for virtually every business   show more ...

use case or function, employees are increasingly using unsanctioned or […] La entrada Beware Of Shadow AI – Shadow IT’s Less Well-Known Brother – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Ascension Health is notifying roughly 5.6 million individuals that their personal, medical, and payment information was compromised in a ransomware attack in May 2024. The incident occurred on May 8 and resulted in service disruptions that prompted hospitals   show more ...

around the country to revert to downtime procedures and divert emergency […] La entrada 5.6 Million Impacted by Ransomware Attack on Healthcare Giant Ascension – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.securityweek.com – Author: Ionut Arghire Sophos has announced patches for a critical-severity vulnerability in its firewall products that could allow remote attackers to execute arbitrary code without authentication. Tracked as CVE-2024-12727 (CVSS score of 9.8), the issue is described as an SQL   show more ...

injection bug affecting the email protection feature. The flaw enables attackers to […] La entrada Sophos Patches Critical Firewall Vulnerabilities – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 arrested

Source: www.securityweek.com – Author: Eduard Kovacs The US Department of Justice has unsealed charges against a man with dual Russian and Israeli nationality accused of being involved in the development of the LockBit ransomware. The suspect, 51-year-old Rostislav Panev, was arrested in Israel in August based   show more ...

on a request from the United States. Panev is […] La entrada LockBit Ransomware Developer Arrested in Israel at Request of US – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: www.securityweek.com – Author: Associated Press Italy’s data protection watchdog said Friday it has fined OpenAI 15 million euros ($15.6 million) after wrapping up a probe into the collection of personal data by the U.S. artificial intelligence company’s popular chatbot ChatGPT. The country’s   show more ...

privacy watchdog, known as Garante, said its investigation showed that OpenAI processed […] La entrada Italy’s Privacy Watchdog Fines OpenAI for ChatGPT’s Violations in Collecting Users Personal Data – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Apple

Source: www.securityweek.com – Author: Associated Press Apple complained that requests from Meta Platforms for access to its operating software threaten user privacy, in a spat fueled by the European Union’s intensifying efforts to get the iPhone maker to open up to products from tech rivals. The 27-nation   show more ...

EU’s executive Commission is drawing up “interoperability” guidelines […] La entrada Apple Complains Meta Requests Risk Privacy in Spat Over EU Efforts to Widen Access to iPhone Tech – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 courts

Source: www.schneier.com – Author: Bruce Schneier Menu Blog Newsletter Books Essays News Talks Academic About Me HomeBlog Criminal Complaint against LockBit Ransomware Writer The Justice Department has published the criminal complaint against Dmitry Khoroshev, for building and maintaining the LockBit ransomware.   show more ...

Tags: courts, cryptocurrency, ransomware Posted on December 23, 2024 at 12:04 PM • 0 […] La entrada Criminal Complaint against LockBit Ransomware Writer – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Android

Source: www.techrepublic.com – Author: TechRepublic Academy Published December 23, 2024 We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Trend Micro guards desktop and mobile   show more ...

devices from ransomware, phishing schemes, spam, and […] La entrada Protect 3 Devices With This Maximum Security Software – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.techrepublic.com – Author: Guest Contributor The cybersecurity landscape in 2024 was marked by unprecedented challenges, significant breaches, and evolving regulatory requirements that fundamentally reshaped how organizations approach data protection. From record-breaking incidents to stringent new   show more ...

legislation, the year provided crucial insights into cybersecurity. It highlighted critical priorities for strengthening organizational defenses in an increasingly […] La entrada Navigating the Cyber Threat Landscape: Lessons Learned & What’s Ahead – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Avast Business Patch Management

Source: www.techrepublic.com – Author: Nicole Rennolds We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Patch management software ensures that known vulnerabilities are patched   show more ...

efficiently to prevent breaches while streamlining IT workflows. […] La entrada Best Patch Management Software (2025): Compare Features & Pricing – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: US and Japanese authorities have attributed a major cryptocurrency heist worth $308m to North Korean hackers. An alert from the FBI, Department of Defense Cyber Crime Center and National Police Agency of Japan said the May 2024 theft from Japan-based crypto firm   show more ...

DMM was carried out by a North Korean threat […] La entrada US and Japan Blame North Korea for $308m Crypto Heist – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A controversial Israeli spyware maker has been found liable for the compromise of hundreds of WhatsApp users, in a historic US court ruling. Judge Phyllis Hamilton said on Friday that NSO Group broke state and federal laws and WhatsApp’s terms of service, by   show more ...

using zero-day exploits in the popular messaging tool […] La entrada Spyware Maker NSO Group Liable for WhatsApp User Hacks – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Security researchers have urged customer-facing businesses to improve their verification checks after discovering a large-scale identity farming operation on the dark web. The unnamed underground group compiled a large collection of identity documents and   show more ...

corresponding facial images in a bid to trick Know Your Customer (KYC) verification checks, according to IProov’s […] La entrada Major Biometric Data Farming Operation Uncovered – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. The below is a modified version of a blog originally posted by Martin Heiland, Security Officer at web-based communication, collaboration and office productivity software company Open-Xchange. You can read Martin’s original blog here. Back in March 2016 we started   show more ...

rolling out bug bounty programs for OX App Suite, PowerDNS and […] La entrada Open-Xchange Approaches 3 Years of Bug Bounties & 250 Valid Vulnerabilities – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. Applications have become the lifeblood of businesses in today’s connected world. Software is now the “front door” into your business for many people around the world. This helps companies to reach wider audiences and gives them the chance to grow their business   show more ...

quickly wherever their headquarters are. Caution is required, […] La entrada 5 Tips for an Effective AppSec Testing Strategy – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: johnk. “To improve the security of their connected systems, every corporation should have a vulnerability disclosure policy that allows them to receive security submissions from the outside world.” – Jeff Massimilla, Chief Product Cybersecurity Officer,   show more ...

General Motors Every organization can benefit from providing a clear, legal, and easy path for someone to […] La entrada Streamline Every Aspect of Your Responsible Disclosure Policy with HackerOne Response – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. Phishing attacks have all kinds of lures. And many are so tried and true that it makes them easy to spot. The target of a phishing attack is you. More specifically, your personal info and your money. Whether a scammer reaches out by email, with a text, or   show more ...

through […] La entrada How to Spot Phishing Lures – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. KEY SUMMARY POINTs from the article   Malicious Packages Identified: Zebo-0.1.0 and Cometlogger-0.1 are malicious Python packages discovered on PyPI. Sensitive Data Theft: These packages steal user data through keylogging, screenshot capturing, and information   show more ...

exfiltration. Persistence Mechanisms: They establish long-term control by creating startup scripts to re-execute on system reboot. […] La entrada Python Malware in Zebo-0.1.0 and Cometlogger-0.1 Found Stealing User Data – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Rob Sloan, Sam Curry Source: Alexander Yakimov via Alamy Stock Photo COMMENTARY Despite never-ending data breaches and ransomware attacks, too many companies still rely on the outdated “trust but verify” cybersecurity strategy. This approach assumes that any   show more ...

user or device inside a company’s network can be trusted once it has been […] La entrada Too Much ‘Trust,’ Not Enough ‘Verify’ – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Becky Bracken, Senior Editor, Dark Reading Abaca Press via Alamy Stock Photo Before it was subsumed by political commentary, the Cybersecurity and Infrastructure Security Agency (CISA) was a Trump accomplishment — signed into existence in 2018 during his first   show more ...

administration. But that was before accusations of dirty politics and free speech […] La entrada Trump 2.0 Portends Big Shift in Cybersecurity Policies – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-12
Aggregator history
Tuesday, December 24
SUN
MON
TUE
WED
THU
FRI
SAT
DecemberJanuaryFebruary