Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Microsoft Patch Tues ...

 Cyber News

Microsoft’s Patch Tuesday March 2025 update includes fixes for six actively exploited zero-days and an additional 10 vulnerabilities at higher risk of attack. In all, the Patch Tuesday March 2025 update fixes 57 Microsoft CVEs and republishes an additional 10 non-Microsoft CVEs, including nine Chrome vulnerabilities   show more ...

and one from Synaptics. Here’s a breakdown of the higher-risk vulnerabilities included in the Microsoft report, plus additional updates from other vendors issuing patch Tuesday fixes. Zero Days: Patch Tuesday March 2025 The six zero-day vulnerabilities range in severity from 4.6 to 7.8 (CVSS:3.1). They include: CVE-2025-24983 is a 7.0-severity Windows Win32 Kernel Subsystem Elevation of Privilege/Use After Free vulnerability. The vulnerability, reported by Filip Jurčacko of ESET, requires an attacker to win a race condition in order to gain SYSTEM privileges. CVE-2025-24984 is a 4.6-rated Windows NTFS Information Disclosure/ Insertion of Sensitive Information into Log File vulnerability. Reported anonymously, the vulnerability requires physical access to the target computer to plug in a malicious USB drive to potentially read portions of heap memory. CVE-2025-24985 is a 7.8-severity Windows Fast FAT File System Driver Remote Code Execution (RCE) vulnerability. Reported anonymously, the vulnerability requires an attacker to trick a local user on a vulnerable system into mounting a specially crafted virtual hard disk (VHD) to trigger the vulnerability. CVE-2025-24991 is a 5.5-rated Windows NTFS Information Disclosure/Out-of-bounds Read vulnerability. Also requiring a local user on a vulnerable system to mount a specially crafted VHD, the vulnerability could potentially allow an attacker to read small portions of heap memory. CVE-2025-24993 is a 7.8-rated Windows NTFS RCE/Heap-based Buffer Overflow vulnerability. Reported anonymously, the vulnerability also requires a local user on a vulnerable system to mount a specially crafted VHD to execute code locally. CVE-2025-26633 is a 7.0-severity Microsoft Management Console Security Feature Bypass/Improper Neutralization vulnerability. Reported by Aliakbar Zahravi of Trend Micro, the vulnerability requires that a user open a specially crafted file sent by email or via a compromised website. CISA followed by adding the six Microsoft zero-days to its Known Exploited Vulnerabilities (KEV) catalog. Other High-Risk Microsoft Vulnerabilities In addition to the six zero-days under active attack, Microsoft reported that an additional 10 vulnerabilities are “more likely” to be exploited. These vulnerabilities range in severity from 4.3 to 8.1 and include: CVE-2025-21180, a Windows exFAT File System Remote Code Execution vulnerability CVE-2025-21247, a MapUrlToZone Security Feature Bypass vulnerability CVE-2025-24035, a Windows Remote Desktop Services Remote Code Execution vulnerability CVE-2025-24044, a Windows Win32 Kernel Subsystem Elevation of Privilege vulnerability CVE-2025-24045, a Windows Remote Desktop Services Remote Code Execution vulnerability CVE-2025-24061, a Windows Mark of the Web Security Feature Bypass vulnerability CVE-2025-24066, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability CVE-2025-24067, a Windows Kernel Streaming Service Driver Elevation of Privilege vulnerability CVE-2025-24992, a Windows NTFS Information Disclosure vulnerability CVE-2025-24995, a Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability Other Vendors with Patch Tuesday Updates Other vendors releasing updates on March 2025 Patch Tuesday include: Adobe (Acrobat and Reader and InDesign) Apple Fortinet Ivanti SAP

image for X’s ‘Massive Cyb ...

 DDoS Attacks News

Elon Musk's social media platform X (formerly Twitter) faced a major outage on March 10, following what Musk claimed was a "massive cyberattack" targeting the platform's infrastructure. The billionaire suggested the attack originated from IP addresses traced back to Ukraine, triggering a wave of   show more ...

speculation online. Musk made the claim during an interview with Fox News, stating the platform's infrastructure suffered a coordinated disruption. While the exact details remained unclear at the time, he mentioned that the attackers aimed to bring down X’s systems. The platform experienced widespread service disruptions, leaving millions of users unable to access their accounts. According to Musk, the X DDoS attack appeared to be sophisticated, with multiple IP addresses linked to the Ukraine region. However, he refrained from directly accusing the Ukrainian government or any specific threat group. He believed a "large, coordinated group and/or a country" was behind the attack. "We are still investigating, but the source of the attack points to Ukraine," Musk said in the interview. Dark Storm Team Claims Credit for X DDoS Attack The claim ignited debates in the cybersecurity and geopolitical communities. Some experts expressed caution, emphasizing that IP addresses do not always reflect the origin of an attack. Threat actors often use compromised servers in different regions to mask their true identity. A CNN report noted that the outage, which began around 6 a.m. ET, peaked when nearly 40,000 users reported issues with accessing X. The disruptions slowly subsided around 2 p.m. ET. Musk stated in a Fox interview that the platform was operational again. Meanwhile, a pro-Palestinian hacking group called Dark Storm Team allegedly claimed responsibility for the outage. Some claimed the group, known for launching Distributed Denial of Service (DDoS) attacks, targeted X due to Musk's perceived bias in content moderation related to the Israel-Palestine conflict. However, independent digital creator Ed Krassenstein, who allegedly spoke with the leader of the Dark Storm group, tweeted that the attack was "just a demonstration of our strength," with no political motives. [caption id="attachment_101326" align="aligncenter" width="400"] Message from alleged Dark Storm leader to Ed Krassenstein. (Source: X)[/caption] Krassenstein added that the DDoS operators said the IPs did not originate from Ukraine, and that Musk "must provide evidence for his claim," as they adamantly deny this to be the case. The attackers also warned  they "can attack again. A stronger attack this time." Dark Storm also revealed their other targets - possibly for some media attention - which include: the wallet application of private banks "SEDAD Wallet" (BMI[.]MR) and "GBM Banque" (gbm-banque[.]com), stating the banks claimed their services couldn't be stopped, thus issuing a direct challenge to the hackers. Cybersecurity Analysts Skeptical; Ukraine Pushes Back Cybersecurity analysts are examining whether Dark Storm Team was genuinely behind the attack or if it was a smokescreen to obscure a more coordinated state-sponsored campaign. Given the geopolitical implications, the attack has sparked concerns about further escalation in the ongoing Ukraine-Russia conflict. Dark Storm Team has previously targeted entities in Israel, NATO-aligned nations, and Western companies. Their claim, made via Telegram, included screenshots and technical details, though no concrete evidence has yet been provided. This has led some experts to question whether Dark Storm was acting alone or as part of a broader coordinated effort. X was previously targeted in a DDoS attack in August last year when the tech billionaire was about to start a live streaming of an interview with the then Republican presidential candidate Donald Trump. Musk initially called the downtime a technical glitch but soon attributed the glitches to a DDoS attack. Also Read: DDoS Attack Behind Glitches in Musk-Trump Interview on X, Claims Tesla CEO Musk's statements drew criticism from Ukrainian officials. Ukraine has reportedly dismissed the claim, stating that it had no involvement in the cyberattack. Officials said such allegations could inadvertently benefit Russia's ongoing information warfare. The incident has renewed discussions around social media platforms’ resilience to large-scale cyberattacks. Security experts call for the need for X to strengthen its infrastructure, given its significant influence on public discourse. While investigations are ongoing, the attack showed how state and non-state actors target influential platforms to disrupt communication channels or advance geopolitical agendas. Musk said X’s security team was working around the clock to prevent further incidents.

image for U.S. Fraud Losses So ...

 Cyber News

Even though U.S. fraud complaints declined slightly in 2024, fraud victims lost a lot more money than they did in 2023. That’s one of the takeaways from the FTC’s annual fraud report released yesterday. So while fraud complaints in 2024 dipped to 2.6 million from 2023’s 2.62 million, U.S. fraud losses soared by   show more ...

25% to $12.5 billion. More people lost money in 2024 too. One in three (33%) of those 2.6 million complaints involved financial loss, compared to one in four (25%) in 2023. Part of the reason for the growing fraud losses could be that AI and deepfakes have made scam tactics more convincing, as they have with phishing and spoofing attacks. Below is a deeper look at the FTC fraud report via the data found on the agency’s public Tableau page. FTC Fraud Report: ID Theft, Other Complaints Rise While fraud complaints declined slightly, identity theft complaints increased to 1.14 million in 2024 from 1.04 million in 2023. The category of “other” saw the biggest increase, from 1.91 million reports in 2023 to 2.76 million in 2024. The image below summarizes the FTC findings. [caption id="attachment_101311" align="aligncenter" width="550"] 2024 FTC fraud data (source: FTC)[/caption] The “other” category includes credit bureaus, banks and lenders, debt collection, auto-related, credit cards and other business and financial services. Investment Fraud Remains Most Costly – and Growing Investment-related fraud remains by far the most costly, with 79% of the 118,960 complainants reporting financial loss, with a median loss of $9,196, up from 2023’s $8,000 median loss. In all, complainants lost $5.7 billion to investment scams. In 2020, investment-related fraud totaled $424 million on 29,070 complaints, for a median loss of $1,545, so losses in that category have soared since the start of the COVID-19 pandemic. Over the 2020-2024 time period, investment-related fraud has grown from number 10 on the FTC fraud report list to number 4. After investment-related fraud, business and job-related fraud were the next most costly in 2024, with a median loss of $2,250, up $90 from 2023. Business and job-related fraud has also grown dramatically, vaulting from eight place to third since 2020, and the number of complaints have doubled during that time period. The next three most costly fraud types in 2024 were mortgage foreclosure relief and debt management; prizes, sweepstakes and lotteries; and travel, vacation and timeshare plans. Imposter scams were by far the biggest source of fraud complaints at nearly 846,000, but complainants only lost money an average of 22% of the time, and the median loss was $800, so perhaps people are getting better at recognizing fraud. Among all payment methods, people lost more money through bank transfers or payments ($2 billion), followed by cryptocurrency at $1.4 billion – not surprising, as such payments can be difficult to reverse. People reported losing money more often when they were contacted through social media, the FTC said. The report also shows that fraud can hit anyone. People aged 20-29 reported losing money more often than people 70 and above – but losses were highest when older adults lost money. Avoiding Scams as U.S. Fraud Losses Soar Growing U.S. fraud losses show that it’s more important than ever to avoid getting scammed, and AI and deepfakes will continue to make scams more convincing. To minimize your chances of getting scammed or defrauded, block unwanted calls and texts and report them as spam. And if you weren’t expecting a request for money or financial or personal information, assume it’s a scam. Trustworthy organizations likely won’t be asking for personal information or money via text, email or phone call. Don’t respond to pressure tactics or urgency, which is a common scammer tactic. And report fraud attempts to the FTC.

image for How to store cryptoc ...

 Threats

February 21 was a dark day for the crypto market as it suffered the largest heist in its history. Attackers made off with around $1.5 billion from Bybit, the worlds second-largest crypto exchange, with experts citing it as the biggest theft – of anything – of all time. Although neither this loss nor the withdrawal   show more ...

of a further $5 billion by panicked investors were fatal for Bybit, the incident underscores the fundamental flaws in the modern crypto ecosystem, and serves up some valuable lessons for regular users. How Bybit was robbed Like all major crypto exchanges, Bybit secures stored cryptocurrency with multi-layered protection. Most funds are stored in cold wallets disconnected from online systems. When current assets need topping up, the required sum is manually moved from the cold wallet to the hot one, and the operation is signed by several employees at once. For this, Bybit uses a multi-signature (multisig) solution from Safe{Wallet}, and each employee involved in the transaction signs it using a private Ledger hardware cryptokey. The attackers studied the system in detail and, according to independent researchers, compromised a Safe{Wallet} developer machine. Presumably, malicious modifications were made to the code for displaying Safe{Wallet} web application pages. But the logic bomb inside it was triggered only if the transaction source matched the Bybit contract address — otherwise Safe{Wallet} worked as usual. Having conducted their own investigation, the owners of Safe{Wallet} rejected the findings of the two independent information security companies, insisting that their infrastructure had not been hacked. So what happened? During a routine top-up of $7 million to a hot wallet, Bybit employees saw on their computer screens this exact amount and the recipients address, which matched the hot wallet address. But other data got sent for signing instead! For regular transfers, the recipients address can (and should!) be checked on the screen of the Ledger device. But when signing multisig transactions, this information isnt displayed — so Bybit employees essentially made a blind transfer. As a result, they inadvertently green-lighted a malicious smart contract that moved the entire contents of one of Bybits cold wallets to several hundred fake wallets. As soon as the withdrawal from the Bybit wallet was complete, it appears that the code on the Safe{Wallet} website reverted to the harmless version. The attackers are currently busy layering the stolen Ethereum — transferring it piecemeal in an attempt to launder it. By the looks of it, Bybit and its clients were the victims of a targeted supply-chain attack. The Bybit case is no one-off The FBI has officially named a North Korean group codenamed TraderTraitor as the perpetrator. In information-security circles, this group is also known as Lazarus, APT38, or BlueNoroff. Its trademark style is persistent, sophisticated and sustained attacks in the cryptocurrency sphere: hacking wallet developers, robbing crypto exchanges, stealing from ordinary users, and even making fake play-to-earn games. Before the Bybit raid, the groups record was the theft of $540 million from the Ronin Networks blockchain, created for the game Axie Infinity. In that 2022 attack, hackers infected the computer of one of the games developers using a fake job offer in an infected PDF file. This social engineering technique remains in the groups arsenal to this day. In May 2024, the group pulled off a smash-and-grab of over $300 million from Japanese crypto-exchange DMM Bitcoin, which went bankrupt as a consequence. Before that, in 2020, more than $275 million was siphoned off the KuCoin crypto exchange, with a leaked private key for a hot wallet cited as the reason. Lazarus has been honing its cryptocurrency theft tactics for over a decade now. In 2018, we wrote about a string of attacks on banks and crypto exchanges using a Trojanized cryptocurrency trading app as part of Operation AppleJeus. Experts at Elliptic estimate that North-Korea-linked actors total criminal earnings amount to around $6 billion. What crypto investors should do In the case of Bybit, clients were lucky: the exchange promptly serviced the wave of withdrawal requests that ensued, and promised to compensate losses from its own funds. Bybit remains in business, so clients dont need to take any particular action. But the hack demonstrates once again just how hard it is to secure funds flowing through blockchain systems, and how little can be done to cancel a transaction or refund money. Given the unprecedented scale of the attack, many have called for the Ethereum blockchain to be rolled back to its pre-hack state, but Ethereum developers consider this technically intractable. Meanwhile, Bybit has announced a bounty program for crypto exchanges and ethical researchers to the tune of 10% of any funds recovered, but so far only $43 million has materialized. This has caused some crypto industry experts to speculate that the main fallout from the hack will be a rise in self-custody of crypto assets. Self-custody shifts the responsibility for secure storage from the shoulders of specialists to your own. Therefore, only go down this route if you have total confidence in your abilities to master all security measures and follow them rigidly day by day. Note that regular users without cryptowallet millions are unlikely to face a sophisticated attack targeted specifically at them, while generic mass attacks are easier to deflect. So, what do you need for secure self-custody of cryptocurrency? Buy a hardware wallet with a screen. This is the most effective way to protect crypto assets. Do a little research first, and be sure to buy a wallet from a reputable vendor — and directly: never second-hand or from a marketplace. Otherwise, you might get a pre-hacked wallet that swallows up all your funds. When using a wallet to sign transfers, always check the recipients address on both the computer screen and the wallet screen to rule out its substitution by a malicious smart contract or a clipper Trojan that replaces cryptowallet addresses in the clipboard. Never store wallet seed phrases in electronic form. Forget about using files on your computer and photos in your gallery for that — modern Trojans have learned to infiltrate Google Play and the App Store and recognize data in photos stored on your smartphone. Only paper records (or metal engravings, if you prefer) kept inside a safe or in another physically secure place, protected from both unauthorized access and natural disasters, will do. You might consider multiple storage locations, as well as splitting your seed phrase into parts. Dont keep all your eggs coins in one basket. For holders of large amounts or different types of crypto assets, it makes sense to use multiple wallets. Small amounts for transactional needs can be stored on a crypto exchange, while the bulk can be divided among several hardware cryptowallets. Use a dedicated computer. If possible, dedicate a computer for cryptocurrency transactions. Physically restrict access to it (e.g., put it in a safe, a locked cupboard or locked room), use disk encryption and password login, and have a separate account with its own passwords (i.e., different to those on your main computer). Install reliable protection and enable maximum security settings on your crypto-computer. Connect it to the internet only for transactions, and use it solely for operations with wallets. Playing games, reading crypto news, and chatting with friends are for another device. If dedicating a computer is impractical or uneconomical, maintain strict digital hygiene on your main computer. Set up a separate account with low privileges (non-administrator) for crypto operations, and another account — also non-administrator — for work, chat and games. Theres no need to work in administrator mode at all, except to update the system software or significantly reconfigure the computer. Sign in to your dedicated crypto account only for operations with wallets, and sign out immediately afterward. Dont give outsiders access to the computer, and dont share admin passwords with anyone. Take care when choosing cryptowallet software. Carefully study the softwares description, make sure that the application has been on the market for a long time, and check that youre downloading it from the official website, and that the digital signature of the distribution corresponds to the website and the name of the vendor. Perform a deep scan of your computer with an up-to-date security solution before installing and running cryptowallet software. Be careful with updates. While we usually recommend updating all software right away, in the case of cryptocurrency applications, its worth adjusting this policy a little. After the release of a new version, wait about a week and read the reviews before installing it. This will give the community time to catch any bugs or Trojans that may have sneaked into the update. Follow the enhanced computer security measures described in our post Protecting crypto investments: four key steps to safety, which include installing a powerful security solution, such as Kaspersky Premium, on your computer and smartphone, regularly updating your operating system and browsers, and using strong, unique passwords. Expect phishing. Cryptocurrency fraud can be both multifaceted and sophisticated, so any unexpected messages by email, messenger app and the like should be seen as the start of a scam. Keep on top of all the latest crypto scams by following our blog or Telegram channel, as well as other reputable cybersecurity sources. Read more about crypto scams and ways to protect yourself in our dedicated posts: Eight of the most daring crypto thefts in history The top-5 biggest cryptocurrency heists ever Case study: fake hardware cryptowallet Pig butchering: large-scale cryptocurrency fraud and other articles about cryptocurrency.

image for Alleged Co-Founder o ...

 Ne'er-Do-Well News

Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations. Sources close to the investigation told KrebsOnSecurity   show more ...

the Lithuanian national Aleksej Besciokov, 46, was apprehended while vacationing on the coast of India with his family. Aleksej Bešciokov, “proforg,” “iram”. Image: U.S. Secret Service. On March 7, the U.S. Department of Justice (DOJ) unsealed an indictment against Besciokov and the other alleged co-founder of Garantex, Aleksandr Mira Serda, 40, a Russian national living in the United Arab Emirates. Launched in 2019, Garantex was first sanctioned by the U.S. Treasury Office of Foreign Assets Control in April 2022 for receiving hundreds of millions in criminal proceeds, including funds used to facilitate hacking, ransomware, terrorism and drug trafficking. Since those penalties were levied, Garantex has processed more than $60 billion, according to the blockchain analysis company Elliptic. “Garantex has been used in sanctions evasion by Russian elites, as well as to launder proceeds of crime including ransomware, darknet market trade and thefts attributed to North Korea’s Lazarus Group,” Elliptic wrote in a blog post. “Garantex has also been implicated in enabling Russian oligarchs to move their wealth out of the country, following the invasion of Ukraine.” The DOJ alleges Besciokov was Garantex’s primary technical administrator and responsible for obtaining and maintaining critical Garantex infrastructure, as well as reviewing and approving transactions. Mira Serda is allegedly Garantex’s co-founder and chief commercial officer. Image: elliptic.co In conjunction with the release of the indictments, German and Finnish law enforcement seized servers hosting Garantex’s operations. A “most wanted” notice published by the U.S. Secret Service states that U.S. authorities separately obtained earlier copies of Garantex’s servers, including customer and accounting databases. Federal investigators say they also froze over $26 million in funds used to facilitate Garantex’s money laundering activities. Besciokov was arrested within the past 24 hours while vacationing with his family in Varkala, a major coastal city in the southwest Indian state of Kerala. An officer with the local police department in Varkala confirmed Besciokov’s arrest, and said the suspect will appear in a Delhi court on March 14 to face charges. Varkala Beach in Kerala, India. Image: Shutterstock, Dmitry Rukhlenko. The DOJ’s indictment says Besciokov went by the hacker handle “proforg.” This nickname corresponds to the administrator of a 20-year-old Russian language forum dedicated to nudity and crudity called “udaff.” Besciokov and Mira Serda are each charged with one count of conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison. Besciokov is also charged with one count of conspiracy to violate the International Economic Emergency Powers Act—which also carries a maximum sentence of 20 years in person—and with conspiracy to operate an unlicensed money transmitting business, which carries a maximum sentence of five years in prison.

 Cybercrime

Sean Plankey, who served in cybersecurity roles in the first Trump administration, has been officially nominated to run the Cybersecurity and Infrastructure Security Agency (CISA), according to posting of nominations.

 Feed

Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt, the United Arab Emirates, and Vietnam. Other targets of interest include nuclear power plants and nuclear energy

 Feed

Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out of a maximum of 10.0. "Multiple Moxa PT switches are vulnerable to an authentication bypass because of flaws in their

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild. The list of vulnerabilities is as follows - CVE-2024-57968 - An unrestricted file upload vulnerability in Advantive VeraCore

 Feed

Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. "The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread itself automatically over the Internet," security researchers Ofek Vardi and Matan Mittelman said in a technical report shared with

 Feed

In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different story. In the real world, checking the right boxes doesn’t equal being secure. As Sun Tzu warned, “Strategy without tactics is

 Feed

Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal data, execute malware, and take over your system without a trace. This is steganography, a cybercriminal’s secret weapon for

 Feed

The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. "The monitored campaigns targeted Colombian judicial institutions and other government or private organizations, with high infection rates," Check Point said in a new analysis. "More than 1,600 victims were affected during one of

 AI

In episode 41 of the AI Fix, our hosts learn that society needs to be completely reordered by December, Grok accuses Trump of being a Russian asset, Graham discovers that parents were wrong about computer games all along, and Mark wonders if a kung-fu kicking robot from Unitree is the hero that we need. Graham gives   show more ...

an AI a Rorschach test and learns about "Norman" the psychopathic AI, and Mark discovers why we should actually be optimistic about AI. Plus - don’t miss our featured interview with Marc Beckman, the author of “Some future day: How AI is going to change everything.”

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. International law enforcement disrupts Garantex, a multi-billion-dollar cryptocurrency exchange used for money laundering. Two individuals, Aleksej Besciokov and Aleksandr Mira Serda, face charges. Learn about the operation and its impact. A cryptocurrency exchange,   show more ...

Garantex, suspected of facilitating significant financial crimes, has been dismantled by law enforcement agencies from the […] La entrada Garantex Crypto Exchange Seized, Two Charged in Laundering Scheme – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Muhammad Adeel Niazi. The telecom industry is at a major turning point. With 5G, IoT, and AI reshaping global connectivity, the need for scalable, secure, and smart networks is higher than ever. Cloud IMS is stepping up as a game-changer, combining the flexibility of cloud   show more ...

technology with the reliability of traditional […] La entrada Cloud IMS: The Confluence of Innovation and Security in Modern Telecommunications – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. Over 1,000 malicious packages found using low file counts, suspicious installs, and hidden APIs. Learn key detection methods from FortiGuard Labs’ analysis. Since November 2024, Fortinet’s FortiGuard Labs has monitored and analysed malicious software packages and   show more ...

techniques employed by cybercriminals to compromise systems. The company managed to identify key […] La entrada Over 1000 Malicious Packages Found Exploiting Open-Source Platforms – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A surge in SIM swapping fraud across the Middle East has exposed new tactics used by cybercriminals to exploit victims. According to a new report by Group-IB, fraudsters are increasingly leveraging phishing websites and social engineering to bypass security   show more ...

measures, allowing them to hijack mobile numbers and access sensitive accounts. How […] La entrada SIM Swapping Fraud Surges in the Middle East – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jai Vijayan, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the   show more ...

security solution. There are several actions that could […] La entrada ‘SideWinder’ Intensifies Attacks on Maritime Sector – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada Google Pays Out Nearly $12M in 2024 Bug Bounty Program – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blind

Source: www.darkreading.com – Author: Alexander Culafi, Senior News Writer, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just   show more ...

performed triggered the security solution. There are several […] La entrada APT ‘Blind Eagle’ Targets Colombian Government – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada Ex-Employee Found Guilty in Revenge Kill-Switch Scheme – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Jérôme Meyer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada When Seconds Count: How to Survive Fast-and-Furious DDoS Microbursts – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Elizabeth Montalbano, Contributing Writer Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions that could […] La entrada GitHub-Hosted Malware Infects 1M Windows Users – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Actively

Source: thehackernews.com – Author: . The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting Advantive VeraCore and Ivanti Endpoint Manager (EPM) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation in the wild.   show more ...

The list of vulnerabilities is as follows – CVE-2024-57968 – An unrestricted […] La entrada CISA Adds Five Actively Exploited Vulnerabilities in Advantive VeraCore and Ivanti EPM to KEV List – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud-Native Security

Source: securityboulevard.com – Author: Amy Cohn Can a Holistic Approach to Machine Identities and Secret Level Up Your Data Protection? Every organization needs a sophisticated security strategy to defend against cyber threats. But does your approach address the critical area of Non-Human Identities (NHIs) and   show more ...

their secrets? By placing a spotlight on this niche, we […] La entrada How can I implement NHI access controls in containerized systems? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud-Native Security

Source: securityboulevard.com – Author: Amy Cohn Are Your Machine Identities Adequately Protected During Rapid Deployment Cycles? Organizations across industries are leveraging the unprecedented benefits of the cloud. Financial services, healthcare, travel, and tech-driven sectors like DevOps and SOC teams are   show more ...

especially invested. However, this adoption isn’t without its unique set of challenges. One pertinent question […] La entrada How can I secure NHIs during rapid deployment cycles? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following   show more ...

vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-25181 Advantive VeraCore SQL Injection Vulnerability CVE-2024-57968 Advantive VeraCore Unrestricted File Upload Vulnerability CVE-2024-13159 Ivanti Endpoint […] La entrada U.S. CISA adds Advantive VeraCore and Ivanti EPM flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cross-border data transfers enable global business but face challenges from varying cybersecurity laws, increasing risks of cyberattacks and data breaches. The digital revolution has enabled organizations to operate seamlessly across national boundaries,   show more ...

relying on cross-border data transfers to support e-commerce, cloud computing, artificial intelligence, and financial transactions. However, as […] La entrada Cybersecurity Challenges in Cross-Border Data Transfers and Regulatory Compliance Strategies – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityaffairs.com – Author: Pierluigi Paganini Elon Musk said that the global outages impacting its platform X during the day are being caused by a cyberattack. A major cyber attack appears to be the root cause of the global outage on X, according to its CEO Elon Musk. About 40,000 users reported   show more ...

issues accessing Twitter, […] La entrada Elon Musk blames a massive cyberattack for the X outages – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Thomas Claburn AI models with memory aim to enhance user interactions by recalling past engagements. However, this feature opens the door to manipulation. This hasn’t been much of a problem for chatbots that rely on AI models because administrative access to the   show more ...

model’s backend infrastructure would be required in previously proposed […] La entrada MINJA sneak attack poisons AI models for other chatbot users – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Allstate

Source: go.theregister.com – Author: Jessica Lyons New York State has sued Allstate Insurance for operating websites so badly designed they would deliver personal information in plain-text to anyone that went looking for it. The data was lifted from Allstate’s National General business unit, which ran a   show more ...

website for consumers who wanted to get a quote […] La entrada Allstate Insurance sued for delivering personal info on a platter, in plaintext, to anyone who went looking for it – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson Google’s second-generation Chromecast and its Chromecast Audio are suffering a major ongoing outage, with devices failing to cast due to an expired security certificate. The web giant is aware of the breakdown and says a fix is in the works. On Sunday,   show more ...

many users of these gadgets encountered an […] La entrada Google begs owners of crippled Chromecasts not to hit factory reset – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Researchers say the Sidewinder offensive cyber crew is starting to target maritime and nuclear organizations. Kaspersky described Sidewinder as a “highly prolific” advanced persistent threat (APT) group whose previous prey were mostly government and   show more ...

military instituions in China, Pakistan, Sri Lanka, and parts of Africa. Its recent wider expansion […] La entrada Sidewinder goes nuclear, charts course for maritime mayhem in tactics shift – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Break-ins to systems hosting the data of two US healthcare organizations led to thieves making off with the personal and medical data of more than 300,000 patients. Kansas-based Sunflower Medical Group and Rhode Island’s Community Care Alliance (CCA) both   show more ...

disclosed separate attacks. Sunflower said in a letter to affected […] La entrada Rhysida pwns two US healthcare orgs, extracts over 300K patients’ data – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Consumer

Source: go.theregister.com – Author: Thomas Claburn Four out of six companies offering AI voice cloning software fail to provide meaningful safeguards against the misuse of their products, according to research conducted by Consumer Reports. The nonprofit publication evaluated the AI voice cloning services from   show more ...

six companies: Descript, ElevenLabs, Lovo, PlayHT, Resemble AI, and Speechify. It […] La entrada Consumer Reports calls out slapdash AI voice-cloning safeguards – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Feature Experiencing a ransomware infection or other security breach ranks among the worst days of anyone’s life — but it can still get worse. Like if you completely and utterly stuff up the incident response investigation and that snafu adds millions   show more ...

of dollars more in damages costs to the […] La entrada How NOT to f-up your security incident response – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 backdoor

Source: securelist.com – Author: AMR Since the beginning of the year, we’ve been tracking in our telemetry a new wave of DCRat distribution, with paid access to the backdoor provided under the Malware-as-a-Service (MaaS) model. The cybercriminal group behind it also offers support for the malware and   show more ...

infrastructure setup for hosting the C2 servers. Distribution […] La entrada DCRat backdoor returns – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Aleksandr Mira Serda

Source: krebsonsecurity.com – Author: BrianKrebs Authorities in India today arrested the alleged co-founder of Garantex, a cryptocurrency exchange sanctioned by the U.S. government in 2022 for facilitating tens of billions of dollars in money laundering by transnational criminal and cybercriminal organizations.   show more ...

Sources close to the investigation told KrebsOnSecurity the Lithuanian national Aleksej Besciokov, 46, was […] La entrada Alleged Co-Founder of Garantex Arrested in India – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blind

Source: thehackernews.com – Author: . The threat actor known as Blind Eagle has been linked to a series of ongoing campaigns targeting Colombian institutions and government entities since November 2024. “The monitored campaigns targeted Colombian judicial institutions and other government or private   show more ...

organizations, with high infection rates,” Check Point said in a new analysis. “More […] La entrada Blind Eagle Hacks Colombian Institutions Using NTLM Flaw, RATs and GitHub-Based Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Ballista

Source: thehackernews.com – Author: . Unpatched TP-Link Archer routers have become the target of a new botnet campaign dubbed Ballista, according to new findings from the Cato CTRL team. “The botnet exploits a remote code execution (RCE) vulnerability in TP-Link Archer routers (CVE-2023-1389) to spread   show more ...

itself automatically over the Internet,” security researchers Ofek Vardi and […] La entrada Ballista Botnet Exploits Unpatched TP-Link Vulnerability, Infects Over 6,000 Devices – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . In cybersecurity, confidence is a double-edged sword. Organizations often operate under a false sense of security, believing that patched vulnerabilities, up-to-date tools, polished dashboards, and glowing risk scores guarantee safety. The reality is a bit of a different   show more ...

story. In the real world, checking the right boxes doesn’t equal being […] La entrada Your Risk Scores Are Lying: Adversarial Exposure Validation Exposes Real Threats – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Inside the most innocent-looking image, a breathtaking landscape, or a funny meme, something dangerous could be hiding, waiting for its moment to strike. No strange file names. No antivirus warnings. Just a harmless picture, secretly concealing a payload that can steal   show more ...

data, execute malware, and take over your system without […] La entrada Steganography Explained: How XWorm Hides Inside Images – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Maritime and logistics companies in South and Southeast Asia, the Middle East, and Africa have become the target of an advanced persistent threat (APT) group dubbed SideWinder. The attacks, observed by Kaspersky in 2024, spread across Bangladesh, Cambodia, Djibouti, Egypt,   show more ...

the United Arab Emirates, and Vietnam. Other targets of interest […] La entrada SideWinder APT Targets Maritime, Nuclear, and IT Sectors Across Asia, Middle East, and Africa – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Taiwanese company Moxa has released a security update to address a critical security flaw impacting its PT switches that could permit an attacker to bypass authentication guarantees. The vulnerability, tracked as CVE-2024-12297, has been assigned a CVSS v4 score of 9.2 out   show more ...

of a maximum of 10.0. “Multiple Moxa PT […] La entrada Moxa Issues Fix for Critical Authentication Bypass Vulnerability in PT Switches – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Hacking group Dark Storm claimed the DDoS attacks that took down X on Monday and said they were not from Ukraine. Elon Musk owned X experienced a flurry of outages on Monday, even as the Dark Storm hacking group claimed DDoS attacks on the text-heavy social media giant. The   show more ...

pro-palestinian hacktivist […] La entrada Musk links cyberattack on X to Ukraine without evidence – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-03
Aggregator history
Tuesday, March 11
SAT
SUN
MON
TUE
WED
THU
FRI
MarchAprilMay