Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for How CISA Is Fighting ...

 Cyber Essentials

Schools hold a special place in our communities, serving as the foundation for a child’s development and education. Yet, today’s K-12 schools face constant threats, ranging from targeted violence to cyberattacks. Recognizing these challenges, the Cybersecurity and Infrastructure Security Agency (CISA) is leading   show more ...

the charge to enhance the safety and security of schools across the United States (U.S.). The School Safety Task Force: A Commitment to K-12 School Security CISA’s School Safety Task Force (SSTF) was established to address the unique challenges faced by K-12 schools and districts. This initiative focuses on understanding the specific needs of schools, developing actionable resources, and fostering collaboration to create safe learning environments. One of SSTF’s pivotal efforts has been the creation of the Federal School Safety Clearinghouse, a multi-agency initiative born out of the tragedy at Marjory Stoneman Douglas High School in Parkland, Florida, in 2018. The Clearinghouse, accessible through SchoolSafety.gov, serves as a one-stop hub for over 750 resources, tools, and best practices on school safety. From guidance on creating safety plans to funding opportunities, the platform is designed to empower schools to take actionable steps toward safety. Tailored Tools for Prevention and Protection To further strengthen school security, SSTF has developed specialized tools to address pressing issues: K-12 Bystander Reporting Toolkit: Encourages students and school communities to report suspicious activities or threats effectively. K-12 Anonymized Threat Response Guidance: Helps schools and law enforcement craft strategies for addressing anonymous threats. These tools aim to enhance schools’ capabilities in preventing and mitigating risks, fostering a proactive safety culture. Ongoing Outreach and Education Safety resources alone aren’t enough. Continuous outreach, training, and engagement remain central to CISA’s mission. The agency connects with K-12 stakeholders through social media, newsletters, and publications while participating in local, state, and national conferences. The annual National Summit on K-12 School Safety and Security is a highlight of these efforts, gathering thousands of stakeholders to exchange ideas, share insights, and discuss innovative strategies to address evolving threats. Cybersecurity: Building Resilience Across Communities In addition to physical safety, CISA is deeply committed to strengthening cybersecurity at all levels. Recognizing the growing dependence on technology, the agency launched several initiatives to promote cyber hygiene and resilience. Secure Our World Campaign: This public awareness program, launched in 2023, emphasizes four simple steps to improve cybersecurity: Use strong passwords and a password manager. Enable multifactor authentication. Recognize and report phishing attempts. Keep software updated. The campaign includes tipsheets, how-to guides, and animated videos designed to make cybersecurity accessible for everyone. Cyber Clinics: Modeled after free legal clinics, these initiatives pair cybersecurity students with local organizations, offering hands-on experience while supporting community cyber resilience. A recently published guide outlines CISA’s support for these clinics, including tools, grants, and partnerships. High-Risk Communities Protection Effort: This program connects expert volunteers with high-risk organizations, providing tailored cybersecurity guidance. Empowering Vulnerable Populations Through Project Upskill CISA’s Project Upskill focuses on equipping vulnerable populations with practical cybersecurity guidance. Over the past year, the program has reached communities nationwide, offering tailored support to improve cyber resilience. CISA’s efforts highlights a critical reality: no single entity can secure the nation alone. Schools, government agencies, nonprofits, industry, and individuals must work together to address today’s complex safety and security challenges. By fostering collaboration, building resources, and empowering communities, CISA is helping create a safer environment for students and teachers alike. From securing schools against violence to promoting cyber hygiene, the path forward requires vigilance and unity. By taking simple yet effective steps, such as those outlined in the Secure Our World campaign, and supporting initiatives like cyber clinics, we can collectively build a more secure future. Together, we can protect our schools, communities, and digital infrastructure, ensuring a brighter and safer tomorrow for all.

image for $12.9 Billion Opport ...

 Cyber Essentials

India is witnessing a digital revolution, but along with it comes a daunting challenge—securing its massive digital infrastructure. With over 1.2 billion connected devices and one of the fastest 5G rollouts globally, the country faces unprecedented cybersecurity threats. These challenges were at the forefront of   show more ...

discussions during FICCI’s CyberComm 2025, an event held in collaboration with the Indian Ministry of Electronics and Information Technology (MEITY) and the Department of Telecom. A Call for Industry Participation Lieutenant General M.U. Nair, National Cyber Security Coordinator highlighted the urgency of strengthening India’s cybersecurity ecosystem. Despite the rapid pace of digital adoption, corporate investment in cybersecurity remains "minimal." Nair emphasized that cybersecurity must be a top priority for businesses, calling for major industries to include cybersecurity professionals on their boards and mandate comprehensive security disclosures in annual reports. He also proposed a collaborative framework led by industry players, envisioning sector-specific cybersecurity centres of excellence. These centres would adopt a shared responsibility model, continuously monitoring and assessing risks in India’s complex digital ecosystem. "We need a commercial model where industry bodies protect key sectors through continuous risk assessment," Nair said, urging stakeholders to rethink governance strategies and prioritize cybersecurity as a service. Policy Frameworks to Address Emerging Threats The government has taken significant steps to address cybersecurity concerns. In September 2024, it clarified ministerial responsibilities for cybersecurity, and a National Security Directive now restricts telecom infrastructure procurement to trusted sources. Similar trusted-supply-chain protocols are under consideration for other critical sectors, such as power. Acknowledging the critical shortage of cybersecurity professionals, the government is also investing in education. Initiatives include integrating cybersecurity capsules into academic curriculums and introducing specialized BTech and MTech degrees focused on cybersecurity. In parallel, the Quality Council of India (QCI) has been tasked with developing minimum security standards for networked devices, a move aimed at strengthening device ecosystem security across the country. A Shift in Threat Patterns Chakravarthy T. Kannan, Secretary General of QCI, revealed an emerging trend in cyberattacks: a shift from urban centres to smaller cities. According to Kannan, 50% of cyber incidents now occur outside the top 10 metropolitan areas, compared to earlier patterns where 80% of attacks targeted 20% of key markets. Mandar Kulkarni, National Security Officer at Microsoft, added that his team monitors 600 million cyberattacks daily, with identity-based threats as the primary challenge. Simple yet effective measures like multi-factor authentication could mitigate 99% of such attacks. He also noted the evolution of Distributed Denial of Service (DDoS) attacks, which have become more sophisticated since March 2024, transitioning from volume-based to application-level threats. Cybersecurity: A Growing Market Opportunity The financial implications of cybersecurity were a key topic at CyberComm 2025. Suprakash Chaudhuri, Country Head of Digital Industries at Siemens Ltd and Co-Chair of FICCI’s Technology Committee, highlighted the substantial market opportunity in India’s cybersecurity sector. The market is projected to grow from USD 5.56 billion in 2025 to USD 12.9 billion by 2030, at a compound annual growth rate (CAGR) of 18.33%. “Cyberattacks are cheap, fast, and highly profitable for perpetrators. Yet the impact they leave on businesses and governments is devastating,” Chaudhuri remarked. He stressed the importance of proactive threat detection, strong policy frameworks, and workforce development. Businesses must leverage advanced technologies like AI-driven threat intelligence and foster cross-sector collaboration to counter increasingly sophisticated cyber threats. The Road to Data Protection India is also making strides in data protection. In January 2025, the government released draft rules under the Digital Personal Data Protection (DPDP) Act, 2023, for public consultation. Open until February 18, these rules aim to provide clear and enforceable guidelines for handling personal data. This marks a significant milestone in India’s decade-long journey toward comprehensive data protection legislation. The DPDP Act builds on recommendations made by a 2011 expert committee led by former Delhi High Court Chief Justice A.P. Shah. The draft proposes a phased rollout, with rules governing the Data Protection Board taking immediate effect, while provisions on consent management, notice requirements, and government access to data will be enforced gradually. Strengthening India’s Cybersecurity Future The cybersecurity challenges India faces are vast and multifaceted. With millions of connected devices, an expanding digital economy, and an evolving threat landscape, there is no single solution. A strong strategy requires collaboration between government, industry, and academia. From policy frameworks and trusted supply chains to educational initiatives and industry-driven solutions, India is laying the groundwork for a more secure digital future. However, the success of these efforts hinges on the active participation of all stakeholders. As Lieutenant General Nair aptly put it, “Cybersecurity is not just a technological challenge; it is a mission-critical priority that demands collective action.” The time to act is now, as India stands at the crossroads of digital innovation and cyber resilience.

image for Ransomware Gets Smar ...

 Firewall Daily

HexaLocker V2 has arrived on the market. This new version of the notorious HexaLocker ransomware has brought with it a series of improvements, including a new persistence mechanism, enhanced encryption algorithms, and an open-source stealer known as Skuld. These changes reflect the ongoing sophistication of   show more ...

cybercriminal groups and their ability to circumvent traditional cybersecurity defenses.   HexaLocker first emerged in mid-2024, quickly capturing the attention of security experts due to its aggressive tactics and effective encryption methods. Initially, it operated using the popular encryption standard TOXID for communication and a straightforward file-encrypting approach. However, by the end of 2024, a new version, HexaLocker V2, began to surface. This updated version incorporates a host of advanced features designed to enhance the ransomware's effectiveness and persistence.  The Return of HexaLocker: From Version 1 to Version 2  [caption id="attachment_100132" align="alignnone" width="671"] HexaLocker V2 login page (Source: Cyble)[/caption] According to Cyble Research and Intelligence Labs (CRIL), a major change in HexaLocker V2 is its use of Skuld Stealer, a tool that plays a critical role in the ransomware's operation. Unlike the previous version, which focused solely on file encryption, HexaLocker V2 introduces a double-extortion strategy. This method involves stealing sensitive data before encryption, thus increasing the pressure on victims to pay the ransom.  One of the standout features of HexaLocker V2 is its integration with Skuld Stealer. Skuld is an open-source tool used to harvest sensitive information from compromised systems, including credentials, browsing history, and crypto wallet details. Before encrypting files, HexaLocker V2 downloads and runs the Skuld stealer from a remote server, specifically from "hxxps://hexalocker.xyz/SGDYSRE67T43TVD6E5RD[.]exe". The stealer targets data from both Chromium and Gecko-based browsers, including popular ones like Google Chrome, Mozilla Firefox, and Opera.  [caption id="attachment_100135" align="alignnone" width="561"] Features of Skuld Stealer (Source: Cyble)[/caption] Once Skuld has gathered the data, it compresses the stolen information into a ZIP archive and transmits it to the attacker's server. This exfiltration step adds a layer of pressure on victims, as the stolen data could be used for further extortion or sold on dark web forums.  This approach highlights the growing trend of cybercriminals utilizing both encryption and data theft in tandem, making it harder for victims to recover from attacks. The integration of Skuld Stealer with HexaLocker V2 demonstrates a deliberate strategy to maximize the return on each attack.  Persistence Mechanisms and Obfuscation  HexaLocker V2’s persistence mechanisms are another key improvement over its predecessor. Upon execution, the ransomware copies itself into the “%appdata%MyApp” directory and ensures it runs after system reboots by creating an entry in the Windows registry under HKCUSoftwareMicrosoftWindowsCurrentVersionRun. [caption id="attachment_100139" align="alignnone" width="782"] Autorun Entry (Source: Cyble)[/caption] This persistence method guarantees that HexaLocker V2 can continue its operation even after a victim restarts their machine, making it much harder to remove.  [caption id="attachment_100134" align="alignnone" width="816"] String Decryption of HexaLocker V2 (Source: Cyble)[/caption] Additionally, the malware uses advanced obfuscation techniques to hide its strings and communication channels. Unlike the earlier version, where strings were static and easily identifiable, HexaLocker V2 dynamically generates critical strings during runtime. This process is supported by the use of AES-GCM encryption, which ensures that file paths, folder names, and URLs associated with the ransomware are obfuscated, making detection more difficult.  Enhanced Encryption and Exfiltration Process  HexaLocker V2’s encryption process also undergoes significant improvements. The ransomware employs a combination of several encryption algorithms to secure victims' files. For string encryption, it uses AES-GCM, while for key derivation, it relies on Argon2. The files themselves are encrypted using ChaCha20, a high-speed stream cipher. After the encryption process is completed, the ransomware appends the “.HexaLockerV2” extension to the encrypted files, rendering them inaccessible without the decryption key.  Before encrypting the files, HexaLocker V2 performs a comprehensive scan of the victim’s machine, searching for files with specific extensions. This scan includes common file types such as text documents, images, videos, audio files, and more. Once the relevant files are identified, they are bundled into a ZIP archive and sent to the attacker's remote server via the URL "hxxps://hexalocker.xyz/receive.php".  This exfiltration process ensures that even if a victim is able to recover their encrypted files, their stolen data remains in the hands of the attackers. The combination of Skuld Stealer, data exfiltration, and encryption makes HexaLocker V2 a particularly dangerous threat.  The Evolution of Ransomware Tactics: Double Extortion  HexaLocker V2 adopts a classic double extortion strategy, which has become a hallmark of modern ransomware attacks. This method involves two distinct stages of extortion: first, the attackers exfiltrate sensitive data from the victim’s machine, and second, they encrypt the victim's files. By combining these tactics, attackers increase the likelihood that victims will pay the ransom, fearing both the loss of critical data and the potential for public exposure of sensitive information.  Additionally, HexaLocker V2 replaces the communication protocol used in the previous version. Instead of the original TOXID communication method, HexaLocker V2 introduces a unique hash system. This new system allows victims to communicate directly with the attackers via a dedicated web chat interface, further streamlining the ransom negotiation process.  Conclusion  The return of HexaLocker V2, with its integration of Skuld Stealer and advanced encryption, highlights the growing threat of ransomware. To defend against these attacks, strong cybersecurity practices such as regular backups, software updates, and phishing training are essential. Proactive measures like endpoint protection and network segmentation can also reduce risk. As ransomware continues to grow in sophistication, leveraging advanced threat intelligence platforms like Cyble helps organizations protect themselves from cyber threats such as HexaLocker V2.

image for Cyble Dominates G2 W ...

 Press Release

Cupertino, California, January 10, 2025—Cyble, a global leader in cybersecurity and threat intelligence, has once again solidified its dominance in G2’s Winter 2025 Report. Retaining its leadership stature across key categories while earning 8 new recognitions, Cyble has exceeded expectations, setting new   show more ...

benchmarks in the cybersecurity domain.  G2, the world’s largest software marketplace, evaluates companies based on verified customer reviews, satisfaction scores, and market presence. Cyble’s outstanding performance reaffirms its ability to address the evolving cybersecurity challenges with innovation and client-centric solutions.  In the G2 Winter 2025 Report, Cyble reinforced its leadership across multiple cybersecurity verticals, earning prestigious recognitions that highlight its consistent performance and user-centric approach.  The company retained its "Leader" badge for Dark Web Monitoring, solidifying its reputation as a trusted solution for addressing dark web threats in Asia and Asia Pacific. Cyble also secured "Leader" status in APAC for Brand Intelligence, while holding onto the "Easiest to Use" badge, demonstrating its commitment to user-friendly and effective solutions. Cyble continues to be loved by its customers, maintaining its position as the most loved cybersecurity solution provider.  Beenu Arora, CEO of Cyble, stated, “Being recognized not only as a Leader but also for surpassing our previous achievements is a testament to our team’s relentless drive to innovate and deliver unmatched value to our clients. These accolades motivate us to continue redefining the standards in cybersecurity.”  Cyble’s Road to Excellence  Cyble’s success is built on its ability to adapt and innovate. Leveraging advanced AI and big data analytics, Cyble offers comprehensive solutions, including Threat Intelligence, Brand Monitoring, Attack Surface Management, Incident Management, Vulnerability Management, Dark Web Monitoring, Third-party Risk Management, Digital Forensics and Incident Response, Physical Security Intelligence, Executive Monitoring, Cloud Security Posture Management (CSPM), Takedown and Disruption, and BotShield.   These recognitions reflect the company’s commitment to addressing real-world cybersecurity challenges and its customer-first approach to product development.  About Cyble  .elementor-element.elementor-element-1af7af2 p{ font-size:16px; color: #333!important; font-family: Georgia, Times, "Times New Roman", serif !important; } Cyble is a next-generation cybersecurity solutions provider committed to protecting organizations against an ever-evolving threat landscape. Leveraging advanced AI, machine learning, and a global team of experts, Cyble delivers actionable threat intelligence across adversaries, vulnerabilities, and exposures. Headquartered in Cupertino, California, Cyble has a global footprint, with offices and presence in Australia, Malaysia, Singapore, Dubai, Saudi Arabia, Europe, UK, and India. Cyble’s Products  .lists li{font-size:16px; color: #333;font-family: Georgia, Times, "Times New Roman", serif !important;} Cyble Vision: Award-winning, AI-powered, cyber threat intelligence platform with 50+ use cases. Cyble Hawk: Proactive cybersecurity investigation partner built for Govts. LEA, and national security. AmIBreached: Check your dark web exposure with the click of a button. Cyble Odin: Scan 4 billion+ IPs on the internet. Meet the All-father of internet scanning. For more information, visit www.cyble.com.  Contacts:  Email: enquiries@cyble.com  Phone: +1 888 673 2067 

image for BayMark Health Servi ...

 Firewall Daily

The BayMark Health Services, Inc. has reported a data breach to the California Attorney General, revealing that an unauthorized party had accessed sensitive files within the company's computer network. The BayMark Health Services data breach follows an apparent cyberattack on BayMark's systems, which led to   show more ...

the exposure of personal information belonging to many individuals who received services through the company's network.  The BayMark Health Services data breach, which occurred between September 24, 2024, and October 14, 2024, was discovered on October 11, 2024, when BayMark first identified that certain IT systems had been disrupted. Promptly responding to the disruption, the company secured its systems and launched an investigation with the help of third-party forensic experts. Law enforcement was also notified to assist with the ongoing investigation.  Overview of the BayMark Health Services Data Breach  After a thorough review of the affected files, BayMark determined that the cyberattack compromised a range of personal and sensitive information. This included individuals' names, Social Security numbers, dates of birth, driver’s license numbers, insurance information, treatment details, and in some cases, the names of treating healthcare providers. In total, the data breach at BayMark Health Services potentially affected a large number of patients, exposing their personal information to unauthorized parties.  In response to the BayMark Health Services data breach, the authorities took immediate action to notify those impacted. The company sent out formal data breach notification letters to all affected individuals, explaining the details of the cyberattack and offering assistance to protect their identities. The notification letter emphasized the seriousness of the breach and outlined the steps BayMark has taken to enhance its security measures to prevent future incidents. As part of these efforts, the company implemented additional protection methods and technical security measures to better protect sensitive data.  Free Credit Card Monitoring and Identity Theft Protection Service  In the notice, BayMark reassured affected individuals that it was taking steps to protect their personal information moving forward. In an effort to support the victims of the BayMark Health Services data breach, the company is offering free, one-year access to Equifax Complete™ Premier, a credit monitoring and identity theft protection service. This service helps users detect any misuse of their personal information and provides tools to resolve potential identity theft issues. It also includes various features such as 3-bureau credit monitoring, fraud alerts, identity restoration services, and identity theft insurance coverage of up to $1 million.  The BayMark Health Services data breach letter provides recipients with instructions on how to activate their complimentary Equifax Complete Premier membership, which includes access to their credit reports and VantageScore credit scores, along with email alerts of any key changes to their credit. The service also offers identity restoration assistance, helping individuals recover from identity theft if their personal information is misused.  Monitoring Credit Reports BayMark has assured those affected that it is committed to protecting the confidentiality and security of patient information, while also apologizing for the distress this incident may have caused. As part of its continued response to the breach, BayMark has encouraged affected individuals to remain vigilant by reviewing their credit reports and monitoring their accounts for any signs of suspicious activity. The company has also outlined additional steps that individuals can take to safeguard their personal information, such as enrolling in the offered credit monitoring services and regularly reviewing financial statements. For more information, affected individuals can contact BayMark’s support team at 855-295-0995, available Monday through Friday, 8:00 a.m. to 8:00 p.m. Central Time, excluding holidays. 

image for BadRAM: attack using ...

 Business

Researchers from three European universities recently demonstrated the so-called BadRAM attack. This attack is made possible because of a vulnerability in AMD EPYC processors, and primarily threatens cloud-solution providers and virtualization systems. In the worst-case scenario, the vulnerability could be used to   show more ...

compromise data from highly secure virtual machines. However, implementing this scenario in practice would be quite difficult. The attack requires physical access to the server, plus the highest level of access to the software. Before discussing the BadRAM attack in detail, we should first understand the concept of a trusted execution environment (TEE). Features of TEE Software errors are inevitable. Estimates from as early as the 1990s suggest that there are between one and 20 errors for every thousand lines of code. Some of these errors lead to vulnerabilities that malicious actors can exploit to access confidential information. Therefore, when certain data or computational processes (for example, processing private encryption keys) must be highly secure, it makes sense to isolate this data — or these processes — from the rest of the code. This is the essence of the trusted execution environment concept. There are numerous TEE implementations designed for various tasks, each varying in the degree of security they provide. In AMD processors, TEE is implemented as Secure Encrypted Virtualization (SEV) — a technology that enhances the protection of virtual machines. It encrypts the data of a virtual system in memory so that other virtual systems — or even the operators of the physical server running these virtual OSs — cant access it. Secure Nested Paging, a more recent extension of this technology, can detect unauthorized attempts to access virtual system data. Consider the scenario where a financial institution uses third-party infrastructure to run its virtual systems. These virtual OSs process highly confidential data, and its essential to ensure their absolute security. While its possible to impose stringent requirements on the provider of the infrastructure, in some cases its easier to operate under the assumption that they cant be fully trusted. Secure Encrypted Virtualization, just like Intels similar Trusted Domain Extensions (TDX) technology, essentially uses a separate processor. Although its physically part of the server processor (Intel or AMD), its effectively isolated from the main processor cores. By participating in the data encryption process, this isolated module provides an additional layer of security. Details of the BadRAM attack Lets return to the BadRAM attack. It bypasses the Secure Encrypted Virtualization protection and gains access to the encrypted data of a virtual system in such a way that the Secure Nested Paging technology is also unable to detect the breach. This video shows how a malicious application on a server can read data from a protected virtual machine running on the same server. How does it work? The authors of the study used a very unusual attack method — modifying the hardware itself. Every computer has random access memory (RAM). Each memory module contains several chips for storing data, plus one service chip — known as the SPD. This chip announces the presence of the memory module in the system and transmits key parameters (such as the optimal operating frequency of the memory chips and their capacity) to the processor. It was precisely this information about the capacity that the researchers modified. This is a rather paradoxical attack method. First, the attackers take a 32GB memory module; then, they re-flash the SPD chip, setting its capacity to twice that amount — 64GB. The processor trusts this information and tries to use the memory module as if its capacity was indeed 64GB. Under normal circumstances, this would quickly lead to freezes or other failures: some data blocks would simply overwrite others, and information from various applications would get corrupted. To prevent this, the researchers restricted write-access to the modified memory module for all processes except the target virtual system. So what does this accomplish? If the processor thinks that the memory capacity is twice as large as it actually is, then each pair of virtual addresses maps to only one physical memory cell. This allows a scenario where a real memory area is simultaneously used by a protected virtual OS — and accessible to another, malicious, application. The latter wont write to the memory cells, but can read what the virtual OS writes to them. This is precisely the scenario that AMDs SEV technology is designed to prevent, but in this case it proves ineffective — both memory access protection and encryption are bypassed. Were glossing over many important details of the study, but the main takeaway is that this malicious memory module creates a situation where the supposedly highly-secure data of a virtual machine becomes accessible to an external application. Yes, this is an extremely complex attack — requiring physical access to the server in addition to hacking the servers software to gain the highest access privileges. However, compare this to a previous study, where a similar result was achieved using an extremely expensive ($170,000) hardware device that intercepted data transmission between the processor and the memory module in real time. In the BadRAM attack, the SPD chip is modified using a simple kit consisting of a microcomputer and readily available software costing around $10 in total. After modification, physical access to the server is no longer required, and all subsequent attack stages can be carried out remotely. In some memory modules, even remote rewriting of the SPD data may be possible. Fortunately, the vulnerabilities exploited in this attack have been patched in firmware updates for AMD EPYC 3rd Gen and 4th Gen processors. The protection technology now includes a mechanism capable of detecting malicious memory modules. By the way, the researchers also tested Intels TDX technology, which appears to already have a similar RAM integrity-check in place, making attacks like BadRAM impossible. The concept of a trusted execution environment is designed for work in highly hostile environments. We discussed a scenario where the owner of a virtual OS doesnt trust the hosting provider. Even under such paranoid conditions, avoiding errors remains a significant challenge — as demonstrated by the BadRAM study. The authors generally argue that TEE system developers rely too heavily on the difficulty of extracting data from RAM, and illustrate how even the most sophisticated security systems can be bypassed using relatively simple means.

 Feed

Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints – from legacy medical devices to IoT sensors – onto their production networks.

 Feed

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote

 Feed

Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an

 Feed

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said. "Victims are prompted to

 Feed

Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to

 Feed

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "

 0CISO2CISO

Source: www.techrepublic.com – Author: Luis Millares We may earn from vendors via affiliate links or sponsorships. This might affect product placement on our site, but not the content of our reviews. See our Terms of Use for details. Read our comprehensive review of IPVanish VPN. Discover its features, pricing,   show more ...

and more to determine if it […] La entrada IPVanish VPN Review: Is It Really as Secure as Claimed? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Comments Aaron • January 9, 2025 3:11 PM What does it say about the current philosophies of the corporate cyber security industry when, willfully or not, we continue to consolidate software assets under the same shrinking umbrella of protection   show more ...

products that end up leaving a larger group of […] La entrada Zero-Day Vulnerability in Ivanti VPN – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.cyberdefensemagazine.com – Author: News team In today’s hyper-connected world, supply chains are the lifeblood of industries, spanning across continents and involving numerous third-party vendors. While this interconnectedness brings unparalleled efficiency and opportunities for growth, it also   show more ...

introduces a labyrinth of cybersecurity risks. Ensuring robust cybersecurity measures within supply chains and among third-party dependencies is […] La entrada Fortifying The Links – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI-Enabled

Source: www.cyberdefensemagazine.com – Author: News team In February, the top artificial intelligence (AI) official at the Department of Defense (DoD) laid out his vision for AI-enabled warfare. “Imagine a world where combatant commanders can see everything they need to see to make strategic decisions,” he   show more ...

said, “[and] the turnaround time for situational awareness shrinks from a […] La entrada The Key to AI-Enabled Multi-Coalition Warfare – Source: www.cyberdefensemagazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: www.darkreading.com – Author: Becky Bracken, Senior Editor, Dark Reading Source: Birgit Korber via Alamy Stock Photo The National Police Agency and the National Center of Incident Readiness and Strategy for Cybersecurity warned Japanese organizations of a sophisticated Chinese state-backed   show more ...

cyber-espionage effort called “MirrorFace” to steal technology and national security secrets. Japanese authorities said the […] La entrada Chinese APT Group Is Ransacking Japan’s Secrets – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Banshee

Source: www.darkreading.com – Author: Nate Nelson, Contributing Writer Source: Charles Walker Collection via Alamy Stock Photo The macOS infostealer “Banshee” has been spotted skating by antivirus programs using a string encryption algorithm it stole from Apple. Banshee has been spreading since   show more ...

July, primarily via Russian cybercrime marketplaces, where it was sold as a $1,500 “stealer-as-a-service” […] La entrada Banshee 2.0 Malware Steals Apple’s Encryption to Hide on Macs – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Source: World History Archive via Alamy Stock Photo NEWS BRIEF The Chinese threat actor group known as “Silk Typhoon” has been linked to the December 2024 hack on an agency that’s part of the US Department of   show more ...

the Treasury. In the breach, the threat actors […] La entrada Hacking Group ‘Silk Typhoon’ Linked to US Treasury Breach – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Challenges

Source: www.darkreading.com – Author: Josh Lemos Source: marcos alvarado via Alamy Stock Photo COMMENTARY Security teams have always had to adapt to change, but new developments that will play out over the next year could make 2025 particularly challenging. The accelerating pace of AI innovation, increasingly   show more ...

sophisticated cyber threats, and new regulatory mandates will require […] La entrada New AI Challenges Will Test CISOs & Their Teams in 2025 – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. Discover how AI revolutionizes cybersecurity with real-time threat detection, adaptive protection, and advanced data protection to combat evolving cybersecurity risks. Cybersecurity threats are no longer luxuries of the big corporations and reach every part of our   show more ...

connected world making big and small businesses both vulnerable. With attacks becoming smarter […] La entrada Harnessing AI for Proactive Threat Intelligence and Advanced Cyber Defense – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese cyber espionage

Source: securityboulevard.com – Author: Jeffrey Burt Management software maker Ivanti continues to struggle with security flaws in its products – this week announcing two more vulnerabilities on appliances – and a China-linked threat group known for cyber-spying may be exploiting one of the bugs. Ivanti   show more ...

this week issued a notice about the vulnerabilities, saying that […] La entrada Chinese-linked Hackers May Be Exploiting Latest Ivanti Vulnerability – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Thursday, January 9, 2025 Home » Security Bloggers Network » DEF CON 32 – Reflections on a Decade in Bug Bounties Authors/Presenters: Nikhil Shrivastava & Charlie Waterhouse Our sincere appreciation to DEF CON, and the Authors/Presenters for   show more ...

publishing their erudite DEF CON 32 content. Originating from the conference’s events […] La entrada DEF CON 32 – Reflections on a Decade in Bug Bounties – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Martijn Russchen. Receiving invalid or unwanted reports to your bug bounty program is never desirable. These reports create a burden for programs and reduce the time that can be spent on reports that matter. In a word, it’s “noise”. We continue to work tirelessly for   show more ...

our customers on finding ways to […] La entrada Advanced triggers feature launches to further improve signal – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. Nearly 40 hackers representing 12 countries were in Amsterdam on May 26, 2018 with one focus: hacking Dropbox!  Dropbox runs a top public bug bounty program on HackerOne. The most Dropbox had ever paid in one day was $38,871, in the fall of 2017. The average bounty   show more ...

for its public […] La entrada Live-hacking Dropbox in Amsterdam for H1-3120 – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: johnk. The h1-702 2018 CTF is here! H1-702 2018 is happening in Las Vegas from Wednesday, August 8 to Sunday, August 12! HackerOne 1337 will be competing live and in-person to find bugs in top HackerOne customer’s for five consecutive days. You read that right: FIVE DAYS.   show more ...

It’s the biggest live-hacking […] La entrada Jackpot! The h1-702 2018 CTF is here! Win a Trip to the Biggest Live-hacking Event of 2018 – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: luke. GDPR is finally upon us. The onslaught of “we’ve updated our privacy policy” emails to your inbox should have been an indicator…as well as the continuing feeling that companies of all sizes are still struggling to catch up with the regulation’s specifics.   show more ...

Johan De Keulenaer is a software entrepreneur and […] La entrada Hey Startups, Check Your GDPR Progress with this GDPR Checklist – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Cody Brocious. Since January, thousands of hackers have expressed their enthusiasm for the first Hacker101 content drop (almost 80,000 total video views and more than 8,800 stars on GitHub in just five months!). Now it’s time to take things to the next level.   show more ...

We’ve prepared amazing content through the end of the […] La entrada New Hacker101 Content: Threat modeling, Burp basics, and more – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: luke. GDPR compliance is so relevant today because, well, it comes into effect starting tomorrow, May 25, 2018. The time for talking about how to prepare is over. What’s important now is dealing with the inevitable reality of GDPR, but that’s difficult given that there is   show more ...

uncertainty in some cases on exactly […] La entrada CISOs and GDPR: The Top 3 Concerns – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.hackerone.com – Author: Tiffany Long. If you’re a new hacker on HackerOne, starting from scratch can appear daunting. Perhaps you’ve looked at the long list of awesome hackers on HackerOne, looked at their rep, looked at your rep, and felt discouraged that it’ll take forever for you build up   show more ...

your rep so that you […] La entrada Introducing The 90 day Hacker Leaderboard and Revamped Invitations – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.hackerone.com – Author: luke. Harri Hursti is one of the most knowledgeable hackers of election technology. He’s most known for the eponymous hack in 2005 that exposed the near-complete lack of security on electronic voting machines. Over the course of several events, Harri and others easily   show more ...

bypassed passwords and changed voting tallies, sometimes in […] La entrada Hursti hacks, DEF CON villages, and the Dubious state of electronic voting – Source:www.hackerone.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Australia

Source: www.techrepublic.com – Author: Ben Abbott The IT sector remains a bright spot in the Australian job market heading into 2025, boasting the most positive employment outlook of any economic sector. Recruitment firm ManpowerGroup’s Employment Outlook Survey for Q1 2025 revealed that the Australian IT   show more ...

sector has a net employment outlook of +27%, leading all […] La entrada Australian IT Sector Maintains Strong Employment Outlook for 2025 – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.techrepublic.com – Author: Megan Crouse Open-source software is common throughout the tech world, and tools like software composition analysis can spot dependencies and secure them. However, working with open source presents security challenges compared with proprietary software. Chris Hughes, chief   show more ...

security advisor at open-source software security startup Endor Labs, spoke to TechRepublic about the […] La entrada What’s Next for Open Source Software Security in 2025? – Source: www.techrepublic.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Written by Cybercriminals are impersonating CrowdStrike recruiters to distribute a cryptominer on victim devices. CrowdStrike said it identified phishing campaign exploiting its recruitment branding on January 7. The campaign starts with a phishing email, which   show more ...

purports to part of the cybersecurity firm’s recruitment process. The email invites the target to schedule […] La entrada Cybercriminals Use Fake CrowdStrike Job Offers to Distribute Cryptominer – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A large-scale cyber-attack originating from outside Slovakia’s borders has hit the information system of the Office of Geodesy, Cartography and Cadastre of the Slovak Republic (UGKK). The UGKK is used by the cadastral departments to record and manage information   show more ...

about land and property. All systems have been shut down as a […] La entrada Slovakia Hit by Historic Cyber-Attack on Land Registry – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: US dental and medical billing firm Medusind is notifying over 360,000 customers that their personal, financial and medical data may have been accessed by a cybercriminal actor. The breach relates to a cyber incident that took place back on December 29, 2023, and   show more ...

was discovered later the same day. After taking […] La entrada Medusind Breach Exposes Sensitive Patient Data – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Threat actors have created a fake proof-of-concept (PoC) exploit for a critical Microsoft vulnerability, designed to lure security researchers into downloading and executing information-stealing malware, Trend Micro has reported. The fake PoC relates to a critical   show more ...

vulnerability in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP), of which a fix was released […] La entrada Fake PoC Exploit Targets Security Researchers with Infostealer – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-01
Aggregator history
Friday, January 10
WED
THU
FRI
SAT
SUN
MON
TUE
JanuaryFebruaryMarch