Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for The Biggest Global D ...

 Data Breach News

The previous year will mark one of the most destructive ones for global cybersecurity. Hackers targeted industries at all levels of the spectrum: healthcare, telecom, defense and even entertainment. In unprecedented sophistication, hackers exploited weaknesses in these places. These hacks not only showed sensitive   show more ...

data, but also showed the world what it needs: a stronger cybersecurity framework. The Cyber Express brings to you the most outstanding hacks of 2024, the biggest global data breaches and lessons they taught us.  1. The Mother of All Breaches  The year opened with a seismic breach impacting both social media platforms and financial institutions. Dubbed the "Mother of All Breaches," the attack exposed billions of personal records. The root cause? A firewall failure at Leak Lookup, a data leak search engine.  Lessons learned:  Vet third-party systems: Organizations must rigorously evaluate and monitor third-party vendors' security practices.  Improve network segmentation: Secure sensitive information, which in turn minimizes leakage if there's a breach.  Enhance incident response plans: The better-defined response plans prevent the spread of damage and ensures easy communication while crisis management.  2. National Public Data's Billion-Record Leak  Hackers stole 2.9 billion records from a company called National Public Data, a background check service. It has full names, addresses and Social Security numbers, mostly of people who do not know that this company had even collected information from them. The cause of this may be due to weak encryption, according to some critics.  Lessons learned:  Apply advanced encryption standards: Good encryption could minimize the use of stolen data.  Increase transparency: Companies should make sure that people know what data is being collected and how it is protected.  Regular audits: Continuous vulnerability scanning can detect weaknesses before attackers exploit them.  3. Change Healthcare's Ransomware Nightmare  A ransomware attack on Change Healthcare shut down medical services across the country, impacting 100 million users. The hackers were identified as the BlackCat group, who took advantage of the fact that multi-factor authentication was not enabled on employee systems.  Lessons learned:  Implement MFA: Every access point must be protected with multiple ways of authentication.  Prepare for downtime: Create continuity plans that ensure minimum disruption of critical services.  Regular training: Equip employees to recognize phishing attempts and other attacks.  4. AT&T's Dual Data Breaches  AT&T had two significant data breaches in 2024. The first had the information of 73 million account holders, and the second had nearly all its customers, which adds up to 110 million. Hackers accessed the data using third-party platforms, which includes Snowflake.  Lessons learned:  External third-party access needs to be very secure  Encrypting sensitive metadata and other sensitive information  Proactive surveillance: Early detection and response in accordance with the treatment of small breaches.  5. North Korean Cyber Farms  A North Korean cell infiltrated the United States through fake remote worker profiles. Utilizing phony identities and hacked corporate laptops, the North Koreans laundered money for the North Korean nuclear program.  Lessons learned:  Onboard securely: Background check thoroughly, identity verification should be complete.  New hire access control: Minimize access to key systems while onboard.  Monitor remote devices: Have a strict policy for the security of the remote working station and monitor all activities.  6. Ticketmaster's Supply Chain Hack  Hackers accessed 560 million customer records by breaching Ticketmaster, exploiting third-party integration vulnerabilities. The hackers affiliated with the ShinyHunters group hacked into customers' payment data and access credentials.  Lessons learned:  Check third-party supply chains: Monitor and ensure that the third-party suppliers or integrations they use have up-to-date security.  Secure financial information: Reinforce payment account encryption and detection mechanisms to minimize fraud attacks on financial data.  Third-party contract safeguards: Have an iron-clad security contract in the third-party engagement.  7. Synnovis Pathology Lab Ransomware Hack  Qilin ransomware attackers have stolen information from Synnovis, a U.K. pathology lab, containing sensitive patient information including test results for cancer and HIV. This attack affected over 300 million records and is the latest attack on the healthcare industry.  Lessons learned:  Secure sensitive data: Use advanced encryption for sensitive medical records.  Invest in cyber resilience: Invest in infrastructure that will be able to quickly recover after attacks.  Train the healthcare staff on identifying cybersecurity threats and how to react.  8. U.K. Ministry of Defence Payroll Breach  The breach of the payroll system at the U.K. Ministry of Defence exposed sensitive personal data relating to military staff. The third-party contractor managing the payroll had exploited vulnerabilities within its system.  Lessons learned:  Insulate core operations: Process sensitive data internally whenever possible.  Strengthen encryption: Protect sensitive data through encryption, end-to-end.  Periodic penetration testing: Conduct mock attacks to find vulnerabilities before bad guys do.  9. CDK Global Automotive Industry Disruption  A cyberattack on CDK Global halted business operations for thousands of car dealerships in North America. The attack showed how poor employee education and security policies can cause devastating problems.  Lessons learned:  Security education: Train employees on what to look for and how to stop the bad guys.  Manage vendor security: Make sure vendors maintain a good level of cybersecurity.  Strengthen incident response: Quick responses can limit operational disruptions and financial losses.  The breaches this year highlighted a worrying reality: no organization is immune to cyberattacks. As we enter 2025, it is imperative for businesses to adopt proactive measures-from strengthening encryption and implementing MFA to training employees and securing third-party integrations. By learning from these incidents, organizations can bolster their defenses and mitigate the risks of future attacks. 

image for U.S. Army Soldier Ar ...

 A Little Sunshine

Federal authorities have arrested and indicted a 20-year-old U.S. Army soldier on suspicion of being Kiberphant0m, a cybercriminal who has been selling and leaking sensitive customer call records stolen earlier this year from AT&T and Verizon. As first reported by KrebsOnSecurity last month, the accused is a   show more ...

communications specialist who was recently stationed in South Korea. One of several selfies on the Facebook page of Cameron Wagenius. Cameron John Wagenius, 20, was arrested near the Army base in Fort Hood, Texas on Dec. 20, after being indicted on two criminal counts of unlawful transfer of confidential phone records. The sparse, two-page indictment (PDF) doesn’t reference specific victims or hacking activity, nor does it include any personal details about the accused. But a conversation with Wagenius’ mother — Minnesota native Alicia Roen — filled in the gaps. Roen said that prior to her son’s arrest he’d acknowledged being associated with Connor Riley Moucka, a.k.a. “Judische,” a prolific cybercriminal from Canada who was arrested in late October for stealing data from and extorting dozens of companies that stored data at the cloud service Snowflake. In an interview with KrebsOnSecurity, Judische said he had no interest in selling the data he’d stolen from Snowflake customers and telecom providers, and that he preferred to outsource that to Kiberphant0m and others. Meanwhile, Kiberphant0m claimed in posts on Telegram that he was responsible for hacking into at least 15 telecommunications firms, including AT&T and Verizon. On November 26, KrebsOnSecurity published a story that followed a trail of clues left behind by Kiberphantom indicating he was a U.S. Army soldier stationed in South Korea. An 18-year-old Cameron Wagenius, joining the U.S. Army. Ms. Roen said Cameron worked on radio signals and network communications at an Army base in South Korea for the past two years, returning to the United States periodically. She said Cameron was always good with computers, but that she had no idea he might have been involved in criminal hacking. “I never was aware he was into hacking,” Roen said. “It was definitely a shock to me when we found this stuff out.” Ms. Roen said Cameron joined the Army as soon as he was of age, following in his older brother’s footsteps. “He and his brother when they were like 6 and 7 years old would ask for MREs from other countries,” she recalled, referring to military-issued “meals ready to eat” food rations. “They both always wanted to be in the Army. I’m not sure where things went wrong.” Immediately after news broke of Moucka’s arrest, Kiberphant0m posted on the hacker community BreachForums what they claimed were the AT&T call logs for President-elect Donald J. Trump and for Vice President Kamala Harris. “In the event you do not reach out to us @ATNT all presidential government call logs will be leaked,” Kiberphant0m threatened, signing their post with multiple “#FREEWAIFU” tags. “You don’t think we don’t have plans in the event of an arrest? Think again.” Kiberphant0m posting what he claimed was a “data schema” stolen from the NSA via AT&T. On that same day, Kiberphant0m posted what they claimed was the “data schema” from the U.S. National Security Agency. On Nov. 5, Kiberphant0m offered call logs stolen from Verizon’s push-to-talk (PTT) customers — mainly U.S. government agencies and emergency first responders. On Nov. 9, Kiberphant0m posted a sales thread on BreachForums offering a “SIM-swapping” service targeting Verizon PTT customers. In a SIM-swap, fraudsters use credentials that are phished or stolen from mobile phone company employees to divert a target’s phone calls and text messages to a device they control. The profile photo on Wagenius’ Facebook page was deleted within hours of my Nov. 26 story identifying Kiberphant0m as a likely U.S. Army soldier. Still, many of his original profile photos remain, including several that show Wagenius in uniform while holding various Army-issued weapons. Several profile photos visible on the Facebook page of Cameron Wagenius. November’s story on Kiberphant0m cited his own Telegram messages saying he maintained a large botnet that was used for distributed denial-of-service (DDoS) attacks to knock websites, users and networks offline. In 2023, Kiberphant0m sold remote access credentials for a major U.S. defense contractor. Allison Nixon is chief research officer at the New York-based cybersecurity firm Unit 221B who helped track down Kiberphant0m’s real life identity. Nixon was among several security researchers who faced harassment and specific threats of violence from Judische and his associates. “Anonymously extorting the President and VP as a member of the military is a bad idea, but it’s an even worse idea to harass people who specialize in de-anonymizing cybercriminals,” Nixon told KrebsOnSecurity. She said the investigation into Kiberphant0m shows that law enforcement is getting better and faster at going after cybercriminals — especially those who are actually living in the United States. “Between when we, and an anonymous colleague, found his opsec mistake on November 10th to his last Telegram activity on December 6, law enforcement set the speed record for the fastest turnaround time for an American federal cyber case that I have witnessed in my career,” she said. Nixon asked to share a message for all the other Kiberphant0ms out there who think they can’t be found and arrested. “I know that young people involved in cybercrime will read these articles,” Nixon said. “You need to stop doing stupid shit and get a lawyer. Law enforcement wants to put all of you in prison for a long time.” The indictment against Wagenius was filed in Texas, but the case has been transferred to the U.S. District Court for the Western District of Washington in Seattle.

image for Managing Cloud Risks ...

 Feed

The results of Dark Reading's 2024 Strategic Security survey suggest that security teams continue to grapple with the challenges that come with increased cloud adoption such as data visibility and loss of controls. Managing cloud risks will be a focus for security teams in 2025.

 Feed

The United States Treasury Department said it suffered a "major cybersecurity incident" that allowed suspected Chinese threat actors to remotely access some computers and unclassified documents.  "On December 8, 2024, Treasury was notified by a third-party software service provider, BeyondTrust, that a threat actor had gained access to a key used by the vendor to secure a cloud-based

 Feed

Cybersecurity researchers have uncovered three security weaknesses in Microsoft's Azure Data Factory Apache Airflow integration that, if successfully exploited, could have allowed an attacker to gain the ability to conduct various covert actions, including data exfiltration and malware deployment. "Exploiting these flaws could allow attackers to gain persistent access as shadow administrators

 Feed

The U.S. Department of Justice (DoJ) has issued a final rule carrying out Executive Order (EO) 14117, which prevents mass transfer of citizens' personal data to countries of concern such as China (including Hong Kong and Macau), Cuba, Iran, North Korea, Russia, and Venezuela. "This final rule is a crucial step forward in addressing the extraordinary national security threat posed of our

 CVSS

Source: news.sophos.com – Author: Matt Wixey In the first part of this series, we took a close look at CVSS and how it works, concluding that while CVSS may offer some benefits, it’s not designed to be used as a sole means of prioritization. In this article, we’ll cover some alternative tools and systems   show more ...

for […] La entrada Prioritizing patching: A deep dive into frameworks and tools – Part 2: Alternative frameworks – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. SUMMARY Large-Scale Breach: Over 16 Chrome extensions were compromised, exposing 600,000+ users to data and credential theft. Phishing Attack: Developers were tricked into granting access to a malicious OAuth app via fake Chrome Web Store emails. Cyberhaven Impact:   show more ...

Attackers used admin credentials to deploy a malicious update stealing sensitive […] La entrada 16 Chrome Extensions Hacked in Large-Scale Credential Theft Scheme – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China

Source: www.schneier.com – Author: Bruce Schneier lurker • December 30, 2024 12:40 PM Neuberger said the episode highlighted the need for required cybersecurity practices in the telecommunications industry, … We know that voluntary cyber security practices are inadequate to protect against [insert adversary   show more ...

here] Whether it’s done by slack security practice, or deliberate backdoors, it […] La entrada Salt Typhoon’s Reach Continues to Grow – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Automotive

Source: securityboulevard.com – Author: Richi Jennings Car and truck dealers fall back on pen and paper as huge SaaS provider gets hacked  (again). CDK Global, by far the biggest provider of dealer management software for the U.S. auto trade, has suffered two crippling hacks in the same week. The services   show more ...

are down again and its customers […] La entrada Best of 2024: 30,000 Dealerships Down — ‘Ransomware’ Outage Outrage no. 2 at CDK Global – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Monday, December 30, 2024 Home » Security Bloggers Network » DEF CON 32 – Warflying in a Cessna Authors/Presenters: Matt Thomassen, Sean McKeever Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32   show more ...

content. Originating from the conference’s events located at the Las […] La entrada DEF CON 32 – Warflying in a Cessna – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink *** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://xkcd.com/3029/ Original Post URL:   show more ...

https://securityboulevard.com/2024/12/randall-munroes-xkcd-sun-avoidance/ Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers […] La entrada Randall Munroe’s XKCD ‘Sun Avoidance’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: securityboulevard.com – Author: Richi Jennings Cariad, VW Group’s software arm, made this classic  error. Personal data from hundreds of thousands of cars sat unsecured for about six months. Volkswagen was keeping it in an Amazon cloud storage instance, but didn’t secure the keys. The big German   show more ...

firm ist sehr verlegen. In today’s SB  Blogwatch, we hope […] La entrada VW Cars Leak Private Data of 800,000 — ‘Volksdaten’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Tuesday, December 31, 2024 Home » Security Bloggers Network » EF CON 32 – Winning the Game of Active Directory Authors/Presenters: Brandon Colley Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32   show more ...

content. Originating from the conference’s events located at the Las […] La entrada EF CON 32 – Winning the Game of Active Directory – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: www.darkreading.com – Author: Becky Bracken, Senior Editor, Dark Reading Source: trekandshoot via Alamy Stock Photo UPDATE: This story was updated on Dec. 30 to include a statement from a BeyondTrust spokesperson. The US Department of the Treasury alerted lawmakers on Monday that Chinese state-backed   show more ...

threat actors were able compromise its systems and steal data […] La entrada Chinese State Hackers Breach US Treasury Department – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: HackerOne. Over the past 12 months, HackerOne’s flagship conference, Security@, has been on the road! We wanted to meet you where you are and share with you the latest stories from our researcher community, advice and guidance from tenured customers, and a first look at our   show more ...

biggest announcements.  If you weren’t […] La entrada 5 Insights Attendees Gained from the Security@ World Tour – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Andrew Pratt. The injection classification is broad in scope and includes attack vectors such as: cross-site scripting (XSS) SQL injection (SQLi) carriage return/line feed injection (CRLF) server-side template injection (SSTI) header injection command injection directory   show more ...

traversal Cross-Site Scripting (XSS) Cross-site scripting is a type of injection attack in which a malicious attacker is able to […] La entrada Breaking Down the OWASP Top 10: Injection – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: debbie@hackerone.com. During HackerOne’s second Day of Service in September, employees from across our organization participated in the community volunteer event. During this biannual initiative, we call on our global team to take action and contribute positively to our   show more ...

communities, reflecting our value of respect all people. Employees had the chance to connect over shared goals and […] La entrada HackerOne’s Fall Day of Service – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Ian Melven. At HackerOne, we’re incredibly proud of our wide range of human-powered security testing solutions and continuously use them for our internal security, including running highly focused tests through Spot Checks. When a potential multi-factor authentication risk   show more ...

was identified, we knew exactly which tool to use within the HackerOne Platform. […] La entrada How HackerOne Disproved an MFA Bypass With a Spot Check – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Pamela Greenberg. HackerOne knows that asking employees for feedback is a crucial metric for assessing organizational health and success. By implementing biannual anonymous employee engagement surveys, HackerOne gains insights into employee satisfaction and commitment, which,   show more ...

with the right action, leads to transformative results. Since 2018, HackerOne has maintained an employee engagement […] La entrada Unlocking Engagement with Employee Feedback – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2024-12
Aggregator history
Tuesday, December 31
SUN
MON
TUE
WED
THU
FRI
SAT
DecemberJanuaryFebruary