Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Singapore Inks Deal ...

 Business News

Singapore will now have access to high-performance, air-gapped, and secure cloud computing, data management, and artificial intelligence (AI) services of Oracle. Singapore's Ministry of Defence (MINDEF) inked a deal on Tuesday with the U.S. cloud computing giant for the use of its "Oracle Cloud Isolated Region.   show more ...

" This platform is set to strengthen Singapore's digital capabilities as part of its modernization efforts. The Defence Science and Technology Agency (DSTA), the technology arm of MINDEF, will leverage OCI to enhance operational efficiency, cybersecurity, and scalability. Enhancing National Defense with Cloud Technology DSTA's decision to integrate OCI into its digital infrastructure is aimed at supporting MINDEF’s critical functions. “The demand for secure and scalable cloud solutions is growing. It is more than just data storage and computing—it will be the foundation for a lot of innovation," said Ng Chad-Son, Chief Executive of DSTA. "Through this pilot collaboration with Oracle, we will harness advanced cloud and AI technologies to digitalise and transform our operations.” By utilizing OCI, MINDEF gains access to high-performance computing, artificial intelligence (AI), and machine learning (ML) capabilities. This will allow the ministry to improve real-time analytics, streamline decision-making, and fortify cyber resilience against evolving threats. Why Oracle Cloud? Oracle’s cloud solutions provide MINDEF with enhanced security features and data sovereignty—critical factors for government agencies handling sensitive information. The collaboration between Oracle and DSTA will ensure that defense-related workloads remain protected while benefiting from the flexibility and cost-efficiency of cloud computing. Oracle Cloud Infrastructure is designed to support mission-critical operations with built-in security, high availability, and compliance with strict regulatory requirements. Oracle Cloud Isolated Region is a sovereign, air-gapped OCI region offering the same services as public OCI regions. Fully disconnected from the internet, it provides MINDEF and SAF with a secure, scalable, and resilient environment for enhanced insights and faster decision-making. “Oracle has safeguarded the world’s most sensitive data for decades. We are pleased to bring this expertise to support the Singapore defence community’s missions,” said Rand Waldron, Global Defense CTO of Oracle. “Our air-gapped, isolated cloud regions bring the capabilities of our public cloud and defense ecosystem to the world's most secure networks. Oracle is built to deliver the highest levels of security and performance for governments around the world.” This new partnership will likely deliver next-generation cloud solutions tailored to the specific needs of Singapore’s defense sector, the authorities believe. Scalability and Future Readiness One of the key advantages of adopting OCI is its scalability. As defense operations evolve, MINDEF will require a flexible cloud infrastructure capable of adapting to emerging technologies. Oracle’s cloud solutions offer seamless integration with existing systems, ensuring that future upgrades and expansions can be implemented efficiently. Additionally, OCI’s global presence and localized data centers provide MINDEF with the ability to scale resources dynamically, optimizing performance and cost-effectiveness. This ensures that Singapore’s defense ecosystem remains agile in responding to new challenges and operational demands. Singapore’s decision to adopt Oracle Cloud Infrastructure marks a significant step toward a more advanced and resilient defense system. With OCI’s cutting-edge security, AI-driven analytics, and scalable infrastructure, MINDEF is well-positioned to navigate the complexities of modern warfare and cybersecurity challenges. The latest partnership with Singapore also comes on the heels of another major announcement from last week where Oracle launched an AI Centre of Excellence that will foster innovation across South-East Asia from Singapore. The cloud computing solutions provider has increased its focus on the region in recent times. It announced $6.5 billion investment for AI and cloud computing in Malaysia, last year, one of the biggest for the region. Also Read: Singapore Reveals Updated OT Masterplan 2024 to Strengthen Cybersecurity

image for DCCOM and SAFC4DC: A ...

 Cyber Essentials

Singapore’s armed forces officially launched two new commands on March 18, 2025, to safeguard the country’s critical digital infrastructure. The Defence Cyber Command (DCCOM) and the SAF C4 and Digitalisation Command (SAFC4DC) will operate under the Digital and Intelligence Service (DIS), Singapore’s fourth   show more ...

military service. Speaking at the inauguration ceremony of DCCOM and SAFC4DC at Hillview Camp, Singapore’s Defence Minister Dr. Ng Eng Hen stressed on the importance of the new commands in countering the rising frequency and complexity of cyber threats. He noted that digital vulnerabilities are growing exponentially, making it imperative for the Singapore Armed Forces (SAF) to step up its cyber defenses. “The SAF must rise to the challenge of protecting our digital backbone and critical IT infrastructures,” Dr. Ng stated. “We have seen an alarming increase in cyber threats—threat actors now employ advanced techniques, including artificial intelligence, zero-day exploits, and ransomware, targeting vital sectors like healthcare, energy, and government services.” DCCOM and SAFC4DC: Boosting Cyber Defense and Digital Innovation Establishing DCCOM and SAFC4DC is a proactive measure to fortify Singapore’s digital defenses. The Defence Cyber Command will focus on defending the country’s critical military networks, ensuring cybersecurity resilience in the face of evolving cyber threats. Meanwhile, the SAFC4DC will drive the SAF’s digital transformation efforts by leveraging innovative technologies, including cloud computing, 5G, and AI-driven solutions. Dr. Ng emphasized the need for SAF to integrate these digital technologies effectively. “The DIS’ role is to guide the SAF in applying the right tools for the right task. We must harness digital advancements to enhance operational efficiency and security,” he said. Collaboration with the Public and Private Sectors Beyond military applications, the newly launched commands will collaborate closely with other government agencies and the private sector. Dr. Ng highlighted the importance of industry partnerships in keeping pace with the growing IT landscape. “The IT cycle moves rapidly, and we must gain access to cutting-edge solutions and operational insights,” he remarked. “Partnering with the private sector will enable the SAF to stay ahead of cybersecurity threats and enhance digital resilience nationwide.” Singapore’s cyber defense strategy also involves tapping into the expertise of Operationally Ready National Servicemen (NSmen). Dr. Ng encouraged NSmen to contribute their knowledge and skills through advisory and technical roles within the DIS. “As cyber threats grow, more NSmen are stepping forward to build our digital defense. Their expertise is invaluable in safeguarding our national security,” he said. Recognition of Personnel and Future Commitments During the inauguration, Dr. Ng commended the personnel of DCCOM and SAFC4DC, acknowledging their crucial role in Singapore’s cyber defense strategy. He urged them to uphold their responsibilities with professionalism and dedication. “Today’s inauguration of the SAFC4DC and DCCOM is a positive and important step for the DIS and SAF,” he said. “Singaporeans have placed a heavy responsibility on you—fulfill your mission with unwavering commitment.” To mark the occasion, Dr. Ng unveiled the official logos of both commands and engaged with personnel to discuss their roles in strengthening Singapore’s cybersecurity capabilities. A Strategic Step Towards Cyber Resilience The latest findings from the Cyber Security Agency of Singapore (CSA) highlight a concerning reality—many organizations still underestimate the severity of cyber threats. A staggering 59% of businesses and 56% of non-profits cite a lack of cybersecurity knowledge and experience as their biggest barrier to adopting proper defenses. This knowledge gap is a glaring issue, especially when cybercriminals are constantly refining their attack strategies with AI-powered exploits, zero-day vulnerabilities, and ransomware. The second most common reason for inaction is the mistaken belief that "it won’t happen to us"—a mindset held by 46% of businesses and 49% of non-profits. This overconfidence is dangerous, as recent cyberattacks on healthcare, financial institutions, and government agencies have proven that no sector is immune. Other major roadblocks include limited manpower and resources (39% for businesses, 37% for non-profits), low return on investment (36% for businesses, 31% for non-profits), and budget constraints (31% for businesses, 27% for non-profits). These statistics paint a clear picture: while cybersecurity awareness is growing, tangible action is still lagging behind. As David Koh, Chief Executive of CSA, rightly pointed out, waiting for an attack to happen before investing in cybersecurity is a costly and risky gamble. The economic potential of the cybersecurity industry tells another story—one of immense growth and opportunity. By 2029, the cybersecurity market in Singapore is projected to reach a staggering US$773.23 million, growing at a CAGR of 7.72%. In 2025 alone, companies are expected to spend an average of US$154.21 per employee on cybersecurity measures. With the United States forecasted to lead the global cybersecurity market with revenues reaching US$88.2 billion, Singapore is emerging as a key player, attracting top-tier talent and investments in cutting-edge cybersecurity innovations. Against this backdrop, the launch of DCCOM and the SAF C4 & Digitalisation Command (SAFC4DC) is a game-changer for Singapore’s national defense. These new commands signify more than just an administrative restructuring—they represent a proactive and strategic approach to securing the nation’s digital infrastructure. The Singapore Armed Forces (SAF) is no longer just defending land, air, and sea; cyber is now a battlefield of its own. With cyberattacks becoming more refined, frequent, and destructive, Singapore’s decision to integrate AI-driven threat detection, cloud computing, and 5G technologies into its defense strategy is both timely and necessary. More importantly, the emphasis on public-private partnerships and leveraging Operationally Ready National Servicemen (NSmen) for cybersecurity expertise is a smart move. Given the rapid pace of technological change, working closely with industry leaders ensures that Singapore’s cyber defenses remain agile, resilient, and ahead of emerging threats. This move sets an important precedent: cybersecurity is no longer optional—it is a national priority. The creation of DCCOM and SAFC4DC is a clear message that Singapore is not waiting to be attacked; it is preparing to deter, defend, and dominate in cyberspace. This shift in mindset is what will separate nations that react to cyber threats from those that proactively neutralize them. By combining technological innovation, strong policy direction, and cross-sector collaboration, Singapore is taking a decisive and forward-thinking stance on cyber resilience. The establishment of these commands is not just about military preparedness—it is about safeguarding the nation’s digital future.

image for CISA Warns of Exploi ...

 Cyber News

A security vulnerability (CVE-2025-30066) has been identified in a widely used third-party GitHub Action, tj-actions/changed files. This security flaw exposes sensitive information, including valid access keys, GitHub Personal Access Tokens (PATs), npm tokens, and private RSA keys. The vulnerability has been patched   show more ...

in version 46.0.1, and users are urged to update immediately to protect their repositories and workflows. What is tj-actions/changed-files? tj-actions/changed-files is a popular GitHub Action that helps users track file modifications in pull requests and commits. It identifies changed files relative to a target branch, multiple branches, or specific commits, making it an essential tool for developers automating CI/CD workflows. However, due to a recent supply chain compromise, attackers exploited a security weakness in this action, leading to potential information disclosure risks. The vulnerability was discovered by StepSecurity Harden-Runner and has since been addressed in the latest patch. How Was the Action Compromised? The compromise occurred between March 14 and March 15, 2025. Originally, versions v1 through v45.0.7 were safe, but a malicious actor modified these tags to point to commit 0e58ed8, which contained a harmful updateFeatures code. This modification allowed attackers to read action logs and potentially extract sensitive credentials. Upon discovery, GitHub and the maintainer of tj-actions/changed-files took swift action to remove the compromised commit from all tags and branches. The issue was patched in version 46.0.1, and users are strongly advised to update immediately to prevent further exploitation. CISA Flags CVE-2025-30066 The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2025-30066 to its Known Exploited Vulnerabilities Catalog, emphasizing the severity of this issue. CISA strongly urges organizations to follow recommended mitigation steps to enhance security when using third-party GitHub Actions. Steps to Mitigate the Risk Users who have used tj-actions/changed-files in their workflows between March 14 and March 15 should take the following steps: 1. Review Workflows for Suspicious Activity: Examine executed workflows during the affected period. Look for unexpected output in the changed files section. If anomalies are detected, decode them using: echo 'xxx' | base64 -d | base64 -d If the output contains sensitive credentials, immediately revoke and rotate those secrets. 2. Update to the Latest Version: If your workflows reference this action by SHA, update them immediately to avoid using the compromised commit. If using tagged versions (e.g., v35, v44.5.1), no action is required, as these tags have been updated to safe versions. The latest patched version is v46.0.1. 3. Rotate Any Potentially Exposed Secrets: As an added precaution, even if no suspicious activity is found, rotate secrets to ensure continued security. 4. Enhance Security Measures for Third-Party Actions: Regularly monitor security advisories for GitHub Actions. Consider implementing GitHub’s security features, such as Dependabot alerts and workflow permissions restrictions. Restrict third-party actions to trusted sources only. The compromise of tj-actions/changed-files is a significant example of supply chain attacks targeting the open-source community. Since many developers and organizations rely on third-party GitHub Actions to automate processes, a single compromised dependency can have widespread consequences. Key Risks Posed by CVE-2025-30066 Exposure of Sensitive Credentials: Attackers could extract GitHub PATs, npm tokens, RSA private keys, and other credentials from compromised workflows. Potential for Unauthorized Access: Stolen credentials could be used to manipulate repositories, inject malicious code, or gain unauthorized access to systems. Wide-Scale Impact: Given the popularity of this action, organizations across different industries may be affected. Lessons From the Attack The tj-actions/changed-files incident serves as a wake-up call for organizations relying on third-party dependencies. To minimize risks, cybersecurity experts recommend: Regularly Audit Dependencies: Periodically review and update third-party actions and dependencies to reduce exposure to vulnerabilities. Enable GitHub’s Security Features: Features like Dependency Graph, Dependabot Alerts, and Secret Scanning can help detect security issues early. Restrict Workflow Permissions: Avoid giving excessive permissions to third-party actions. Use the principle of least privilege (PoLP). Implement Zero-Trust Principles: Treat every third-party tool with caution and verify its integrity before integrating it into workflows. Monitor Security Advisories: Subscribe to GitHub security advisories and CISA alerts to stay updated on potential threats. Conclusion The compromise of tj-actions/changed-files (CVE-2025-30066) is a critical security issue that underline the growing risks of supply chain attacks in software development. With GitHub Actions being widely used to automate processes, organizations must prioritize security by regularly updating dependencies, restricting permissions, and monitoring for vulnerabilities. By following CISA’s recommendations and implementing proactive security measures, developers and organizations can mitigate the risk of similar attacks in the future.

image for CERT NZ Warns of Cri ...

 Firewall Daily

The New Zealand Computer Emergency Response Team (CERT NZ) has issued an urgent security advisory warning of a critical vulnerability, CVE-2025-24813, that affects several versions of Apache Tomcat. This Apache Tomcat vulnerability presents serious security risks, including remote code execution (RCE), information   show more ...

disclosure, and content corruption.   The vulnerability, CVE-2025-24813, is found in Apache Tomcat versions 9.x, 10.x, and 11.x, with certain configurations making systems particularly susceptible to attack. According to the advisory, this flaw could allow an unauthenticated attacker to upload a malicious serialized payload to a vulnerable server. If specific conditions are met, the attacker can exploit this flaw to execute arbitrary code on the server.  This Apache Tomcat vulnerability is linked to the default servlet of Apache Tomcat, which handles HTTP requests. A malicious attacker could exploit improper handling of file uploads by the default servlet to execute harmful code or gain access to sensitive information. The issue is particularly concerning as it could lead to remote code execution (RCE) or allow attackers to manipulate or corrupt sensitive data.  Affected Versions due to Apache Tomcat Vulnerability  The vulnerability affects the following versions of Apache Tomcat:  Apache Tomcat 11.0.0-M1 to 11.0.2  Apache Tomcat 10.1.0-M1 to 10.1.34  Apache Tomcat 9.0.0.M1 to 9.0.98  These versions are vulnerable to CVE-2025-24813 if they meet additional conditions outlined in the vendor advisory. Applications running on these versions are at risk if they allow file uploads with partial PUT support enabled, especially if attackers can manipulate the file paths and exploit insecure configurations.  How Attackers Could Exploit CVE-2025-24813  Exploiting CVE-2025-24813 requires specific conditions. To view sensitive files or inject malicious content into these files, the following conditions must be met:  Writes enabled for the default servlet (disabled by default).  Partial PUT support enabled (enabled by default).  A target URL for sensitive uploads located within a sub-directory of public uploads.  Knowledge of the names of sensitive files being uploaded.  The vulnerable files also being uploaded via partial PUT.  For an attacker to gain remote code execution, additional conditions must be met:  The application is using Tomcat’s file-based session persistence with the default storage location.  The application includes a library that could be used in a deserialization attack.  The New Zealand CERT also noted that a proof-of-concept (PoC) and reports of active exploitation have already surfaced, making this flaw even more pressing for those using vulnerable versions. Why You Should Be Concerned  The severity of CVE-2025-24813 cannot be overstated. Given that it allows for remote code execution and information disclosure, organizations could face severe consequences, including the unauthorized execution of arbitrary code, exposure of sensitive data, or potential corruption of vital application files.  The flaw is particularly dangerous as it is relatively easy for attackers to exploit, especially when all the conditions for partial PUT support and other configurations are met. For organizations that rely on Apache Tomcat to serve Java applications, the risk of exposure is significant, and immediate action is required. How to Protect Your Systems  To mitigate the risks associated with CVE-2025-24813, Apache Tomcat users are advised to upgrade their installations to secure versions. The following versions have fixed the vulnerability:  Apache Tomcat 11.0.3 or later  Apache Tomcat 10.1.35 or later  Apache Tomcat 9.0.99 or later  Upgrading to one of these versions will ensure that systems are no longer vulnerable to this flaw. Additionally, system administrators should follow best practices for securing their Tomcat configurations, including disabling unnecessary features and ensuring that file upload capabilities are appropriately configured.  Conclusion CVE-2025-24813 is actively being exploited, with a proof of concept confirmed by the NCSC. To mitigate risks, organizations should upgrade to Apache Tomcat versions 11.0.3, 10.1.35, or 9.0.99, disable unnecessary features, monitor for suspicious activity, and apply security patches promptly. As Apache Tomcat is widely used, keeping systems updated is crucial to avoid remote code execution, information disclosure, and content corruption. 

image for New Arcane stealer s ...

 Privacy

At the end of 2024, our experts discovered a new stealer called Arcane, which collects a wide range of data from infected devices. Now cybercriminals have taken it a step further by releasing ArcanaLoader — a downloader that claims to install cheats, cracks, and other useful gaming tools, but which actually infects   show more ...

devices with the Arcane stealer. Despite their lack of creativity in naming the loader, their distribution scheme is actually quite original. Hopefully, you already know not to download random files from YouTube video descriptions. No? Then keep reading. How the Arcane stealer spreads The malicious campaign distributing the Arcane stealer was active even before the malware itself appeared. In other words, cybercriminals were already spreading other malware, eventually replacing it with Arcane. Heres how it worked. First, links to password-protected archives containing malware were placed under YouTube videos advertising game cheats. These archives always included a seemingly harmless BATCH file named start.bat. This files purpose was to launch PowerShell to download another password-protected archive containing two executable files: a miner and the VGS stealer. The VGS stealer was later replaced with Arcane. At first, the new stealer was distributed in the same way: YouTube video, first malicious archive, then second one, and bingo: Trojan on the victims device. A few months later, the criminals upgraded their approach. Under the YouTube video they started linking to ArcanaLoader — a downloader with a graphical interface, supposedly needed to install cheats, cracks, and similar software. In reality, ArcanaLoader infected devices with the Arcane stealer. Inside the client — various cheat options for Minecraft The operation didnt end with ArcanaLoader. The attackers also set up a dedicated Discord server to embellish their scheme. Among other things, this server is used to recruit YouTubers willing to post links to ArcanaLoader in their video descriptions. The requirements for recruitment are minimal: at least 600 subscribers, over 1500 views, and at least two uploaded videos with links to the downloader. In exchange, participants are promised a new role on the server, the ability to post videos in the chat, instant addition of requested cheats to the downloader, and potential income for generating high traffic. Whether any of these unwitting malware distributors actually received payments is unknown. The ArcanaLoader Discord server has over 3000 members All communication on the ArcanaLoader Discord server is in Russian, and our telemetry shows the highest number of victims are in Russia, Belarus, and Kazakhstan. We can conclude from this that Arcane primarily targets Russian-speaking gamers. How dangerous is the Arcane stealer? A stealer is a type of malware that steals login credentials and other sensitive information, sending them to attackers. This information helps cybercriminals gain access to accounts in games, social networks, and more. Regarding Arcane, its capabilities are constantly evolving, with cybercriminals actively updating the stealers code. At the time of publication of this post, Arcane could steal the golden classics: usernames, passwords, and payment card details. The main sources of information for the stealer are browsers based on Chromium and Gecko engines, which is why we recommend against storing such confidential information in browsers. Its better to use a trusted password manager. The stealer has another method for extracting cookies from Chromium-based browsers, and stolen cookies can be used for various malicious purposes, including hijacking a YouTube channel. For how exactly this works, read the Securelist study. In addition to browser data, Arcane steals configuration files, settings, and account information from the following applications: VPN clients. OpenVPN, Mullvad, NordVPN, IPVanish, Surfshark, Proton, HideMyName, PIA, CyberGhost, ExpressVPN. Network clients and utilities. Ngrok, PlayIt, Cyberduck, FileZilla, DynDns. ICQ, Tox, Skype, Pidgin, Signal, Element, Discord, Telegram, Jabber, Viber. Email clients. Game clients and services. Riot Client, Epic Games, Steam, Ubisoft Connect, Roblox, Battle.net, various Minecraft clients. Cryptocurrency wallets. Zcash, Armory, Bytecoin, Jaxx, Exodus, Ethereum, Electrum, Atomic, Guarda, Coinomi. An impressive list, right? Arcane also steals various system information. The stealer tells attackers what version of the OS is installed, when it was installed, the Windows activation key, details of the infected systems hardware, screenshots, running processes, and saved Wi-Fi passwords. How to protect yourself from Arcane The attackers started by simply placing links to malicious archives under YouTube videos, and later set up their own Discord server and created a downloader with a graphical interface. Of course, all of this was done to give the scam false credibility, luring in potential victims. From this campaign, we can see that cybercriminal groups today are highly adaptable, quickly shifting their distribution strategies and methods. Dont download any files from YouTube video descriptions. Experience shows that even trusted bloggers may sometimes unknowingly spread Trojans. Protect your device with a reliable security solution that will swiftly detect and neutralize the Arcane stealer (among others). Dont store usernames, passwords, and banking information in browsers. While convenient, this is a very risky way to store such critical data. Trust them to Kaspersky Password Manager — you just need a single master password, and well take care of the rest. Be suspicious of cheats, mods, and cracks. Especially for Minecraft and Roblox — players of these games are targeted most often. To learn more about other types of stealers and their capabilities, dont miss these posts: Beware of stealers disguised as… wedding invitations Banshee: a stealer targeting macOS users Mario Forever, malware too: a free game with a miner and Trojans inside Hacking YouTube channels with stolen cookies and many others. Subscribe to our blog and follow our Kaspersky Telegram channel to stay informed on the latest cybersecurity threats. Also, be sure to share this post with anyone who frequently plays games but may not be aware of the dangers.

image for AI Cloud Adoption Is ...

 Feed

Research finds that organizations are granting root access by default and making other big missteps, including a Jenga-like building concept, in deploying and configuring AI services in cloud deployments.

 Feed

Cybersecurity researchers have disclosed details of two critical flaws impacting mySCADA myPRO, a Supervisory Control and Data Acquisition (SCADA) system used in operational technology (OT) environments, that could allow malicious actors to take control of susceptible systems. "These vulnerabilities, if exploited, could grant unauthorized access to industrial control networks, potentially

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a vulnerability linked to the supply chain compromise of the GitHub Action, tj-actions/changed-files, to its Known Exploited Vulnerabilities (KEV) catalog. The high-severity flaw, tracked as CVE-2025-30066 (CVSS score: 8.6), involves the breach of the GitHub Action to inject malicious code that enables a remote

 Feed

Identity-based attacks are on the rise. Attackers are targeting identities with compromised credentials, hijacked authentication methods, and misused privileges. While many threat detection solutions focus on cloud, endpoint, and network threats, they overlook the unique risks posed by SaaS identity ecosystems. This blind spot is wreaking havoc on heavily SaaS-reliant organizations big and small

 Feed

The recently leaked trove of internal chat logs among members of the Black Basta ransomware operation has revealed possible connections between the e-crime gang and Russian authorities. The leak, containing over 200,000 messages from September 2023 to September 2024, was published by a Telegram user @ExploitWhispers last month. According to an analysis of the messages by cybersecurity company

 Feed

In today’s digital world, security breaches are all too common. Despite the many security tools and training programs available, identity-based attacks—like phishing, adversary-in-the-middle, and MFA bypass—remain a major challenge. Instead of accepting these risks and pouring resources into fixing problems after they occur, why not prevent attacks from happening in the first place? Our upcoming

 Feed

The threat actors behind the ClearFake campaign are using fake reCAPTCHA or Cloudflare Turnstile verifications as lures to trick users into downloading malware such as Lumma Stealer and Vidar Stealer. ClearFake, first highlighted in July 2023, is the name given to a threat activity cluster that employs fake web browser update baits on compromised WordPress as a malware distribution vector. The

 Feed

Threat actors are exploiting a severe security flaw in PHP to deliver cryptocurrency miners and remote access trojans (RATs) like Quasar RAT. The vulnerability, assigned the CVE identifier CVE-2024-4577, refers to an argument injection vulnerability in PHP affecting Windows-based systems running in CGI mode that could allow remote attackers to run arbitrary code. Cybersecurity company

 authentication

Source: www.csoonline.com – Author: AMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers. Researchers found a critical vulnerability in the AMI MegaRAC baseband management controller (BMC) used by   show more ...

multiple server manufacturers. The vulnerability could allow attackers to bypass authentication and take control […] La entrada Critical vulnerability in AMI MegaRAC BMC allows server’ takeover – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Unlocking AI’s true potential in security: Bridging the gap between high hopes and real-world impact. Insights from IDC’s Voice of Security 2025 white paper, sponsored by Tines and AWS. A new survey of security leaders has revealed a stark contrast between AI expectations   show more ...

and realities – while enthusiasm for AI’s potential […] La entrada New research reveals security’s biggest AI challenges – and two potential solutions – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.networkworld.com – Author: Cloudflare enters security posture management arena using network-based discovery. Cloudflare has been steadily expanding its portfolio of security services over the last several years. One thing that has been missing, however, is cloud security posture management (CSPM),   show more ...

which is a class of security tools that helps organizations to understand and evaluate […] La entrada Cloudflare expands security portfolio with network-powered posture management – Source: www.networkworld.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Die Gemeinde in Kirkel wurde Ziel einer Cyberattacke. Das Rathaus bleibt vorerst geschlossen. Das Rathaus in Kirkel ist aufgrund eines Cyberangriffs geschlossen. www.kirkel.de Wie der Saarländische Rundfunk (SR) berichtet, entdeckte die IT-Abteilung der Gemeindeverwaltung   show more ...

Kirkel am vergangenen Freitag (14. März) einen Sicherheitsvorfall. Demnach musste das ganze System neu aufgesetzt werden. Der […] La entrada Hacker legen Verwaltung in Kirkel lahm – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: GitHub-Konten werden mit gefälschten Sicherheitsanfragen und bösartiger OAuth-Anwendung kompromittiert. Zuerst waren nur einzelne GitHub-Repositories mit Malware infiziert. Mittlerweile geraten auch Entwickler und deren Konten direkt in das Visier von Cyberkriminellen.   show more ...

shutterstock – Stanislavskyi Die Plattform GitHub sorgt seit geraumer Zeit für negative Schlagzeilen, da ihre Repositories vermehrt mit Malware infiziert sind. […] La entrada GitHub wird immer mehr zu einem digitalen Minenfeld – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.csoonline.com – Author: News 18 Mar 20253 mins Cloud SecurityMergers and AcquisitionsTechnology Industry Wiz had rejected the previous proposal in July 2024 due to regulatory concerns. Alphabet has agreed to acquire Israeli cybersecurity firm Wiz for $32 billion, a move that will significantly   show more ...

expand its footprint in cloud security and mark its largest acquisition […] La entrada Alphabet agrees to buy Israel’s Wiz, expanding its cloud security reach – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: The vulnerability affecting Apache Tomcat can be exploited with a simple PUT request to achieve full RCE. Apache Software’s open-source web container for handling Java-based web applications, Tomcat, is under active attacks through a critical RCE flaw the company disclosed   show more ...

last week. According to API security vendor, Wallarm, threat actors are […] La entrada Tomcat PUT to active abuse as Apache deals with critical RCE flaw – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.csoonline.com – Author: News 18 Mar 20253 mins Cloud SecurityMergers and AcquisitionsTechnology Industry Wiz had rejected the previous proposal in July 2024 due to regulatory concerns. Alphabet has agreed to acquire Israeli cybersecurity firm Wiz for $32 billion, a move that will significantly   show more ...

expand its footprint in cloud security and mark its largest acquisition […] La entrada Alphabet in advanced talks to buy Israel’s Wiz, expanding cloud security reach – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 budget

Source: www.csoonline.com – Author: Security leaders must fight proposed cuts by justifying return on investments and zeroing in on the risk narrative. A recent survey of CISO peers sheds light on which cuts are more likely to result in security consequences. Inadequate security budgets to support technology   show more ...

upgrades, security training, and business initiatives have a […] La entrada Not all cuts are equal: Security budget choices disproportionately impact risk – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: With attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to accelerate detection and response. Times are tough for cyber pros, quite literally. Two common malware time scale metrics — dwell   show more ...

time and time to exploit — are rapidly shortening, making it […] La entrada Attack time frames are shrinking rapidly. Here’s how cyber teams can cope. – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko The UAC-0200 hacking group resurfaces in the cyber threat arena. CERT-UA has recently identified a surge in targeted cyber-attacks both against employees of defense industry enterprises and individual members of the Armed Forces of Ukraine leveraging DarkCrystal   show more ...

RAT (DCRAT).  Detect UAC-0200 Attacks Covered in the CERT-UA#14045 Alert Following the […] La entrada UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine Using DarkCrystal RAT – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Google’s parent company, Alphabet, has announced its acquisition of Wiz, a leading cloud and cybersecurity platform for $32 billion. This acquisition, Google’s largest to date, signals the company’s enhancement of the security capabilities of Google Cloud Platform   show more ...

(GCP). Wiz, founded in 2020, has quickly risen to prominence with its cloud-native […] La entrada Google Acquires Wiz for Record $32 Billion – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Cybersecurity researchers at Bitdefender have discovered a malicious ad fraud campaign that has successfully deployed over 300 applications within the Google Play Store. These malicious apps have collectively been downloaded over 60 million times, exposing users to invasive   show more ...

ads and phishing attempts. Malicious Apps on the Google Play Store The […] La entrada Scammers Sneak 300+ Ad Fraud Apps onto Google Play with 60M Downloads – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: bacohido By Byron V. Acohido We’ve seen this movie before. Alphabet, Google’s parent company’s, $32 billion bid for Wiz isn’t just about security and privacy. It’s the latest round in Big Tech’s long-running game of business leapfrog—where each giant keeps   show more ...

lunging into the next guy’s home turf, trying to reshape the […] La entrada My Take: Here’s why Google’s $32B Wiz grab is the latest Big Tech leap sure to further erode privacy – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: cybernewswire Palo Alto, Calif., Mar. 18, 2025, CyberNewswire — SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the “Year of Browser Bugs” (YOBB) project today, a year-long initiative to draw attention to the lack of   show more ...

security research and rigor in what remains one of the […] La entrada News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman Wednesday, March 19, 2025 Home » Security Bloggers Network » Recon Village – Maltego Community Workshop: OSINT & Custom Transforms Instructor: Carlos Fragoso Our sincere appreciation to DEF CON, and the Presenters/Authors for publishing their   show more ...

erudite []DEF CON 32]2 content. Originating from the conference’s events located at the Las […] La entrada Recon Village – Maltego Community Workshop: OSINT & Custom Transforms – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Matthew Rosenquist Cyber Crime Junkies podcast Breaking Down Risks in Cybersecurity – A great conversation on the Cyber Crime Junkies podcast with David Mauro!  We covered so many different topics that the CISOs are struggling with:          Generative vs Agentic   show more ...

AI risks and opportunities         […] La entrada Breaking Down Risks in Cybersecurity – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: securityboulevard.com – Author: Chris Needs Cyber threats are growing in sophistication, and adversaries are continually evolving their methods, targeting businesses, governments, and individuals with precision. For network defenders and fraud prevention teams, understanding this evolving landscape is   show more ...

critical to preempt attacks, mitigate risks, and protect key assets. But how do you stay ahead of […] La entrada What is Infrastructure Intelligence? – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Marc Handelman via the comic humor & dry wit of Randall Munroe, creator of XKCD Permalink *** This is a Security Bloggers Network syndicated blog from Infosecurity.US authored by Marc Handelman. Read the original post at: https://xkcd.com/3061/ Original Post URL:   show more ...

https://securityboulevard.com/2025/03/randall-munroes-xkcd-water-balloons/?utm_source=rss&utm_medium=rss&utm_campaign=randall-munroes-xkcd-water-balloons Category & Tags: Humor,Security Bloggers Network,Randall Munroe,Sarcasm,satire,XKCD – Humor,Security Bloggers […] La entrada Randall Munroe’s XKCD ‘Water Balloons’ – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Best Practices

Source: securityboulevard.com – Author: Dan Kaplan The Real-World Impact: Dollars and Disruption The financial implications of credential-related outages are staggering. According to recent 2024 data, the average cost of a single minute of downtime has increased to around $9,000. Certificate expiry, a common   show more ...

form of credential expiration, is one of the leading causes of website […] La entrada How to Stop Expired Secrets from Disrupting Your Operations – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.proofpoint.com – Author: Companies deepen technology collaboration by making Azure the platform for Proofpoint innovation, providing joint customers with more powerful, seamless human-centric security  SUNNYVALE, Calif., March 18, 2025 – Proofpoint Inc., a leading cybersecurity and compliance   show more ...

company, today announced an expanded global partnership with Microsoft that leverages Microsoft Azure’s robust AI capabilities and […] La entrada Proofpoint Establishes Global Strategic Alliance with Microsoft to Build on Azure and Strengthen Human-Centric Cybersecurity for Organizations – Source: www.proofpoint.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: bacohido By Byron V. Acohido We’ve seen this movie before. Alphabet, Google’s parent company’s, $32 billion bid for Wiz isn’t just about security and privacy. It’s the latest round in Big Tech’s long-running game of business leapfrog—where each giant keeps   show more ...

lunging into the next guy’s home turf, trying to reshape the […] La entrada My Take: Here’s why Google’s $32B Wiz grab is the latest Big Tech leap sure to further erode privacy – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.lastwatchdog.com – Author: cybernewswire Palo Alto, Calif., Mar. 18, 2025, CyberNewswire — SquareX, a pioneer in Browser Detection and Response (BDR) space, announced the launch of the “Year of Browser Bugs” (YOBB) project today, a year-long initiative to draw attention to the lack of security   show more ...

research and rigor in what remains one of the […] La entrada News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots – Source: www.lastwatchdog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Die Ransomware-Bande Quilin behauptet, an sensible Daten von SMC Europa gekommen zu sein. Der japanische Spezialist für industrielle Automatisierungstechnik SMC ist weltweit in zahlreichen Ländern vertreten – auch in Deutschland. Studio Holger Knauf, Düsseldorf – SMC   show more ...

Deutschland GmbH Der Spezialist für industrielle Automatisierungstechnik SMC wurde vermutlich von einer Ransomware-Attacke getroffen. Die […] La entrada Ransomware-Attacke auf SMC Europa – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: The average corporate user now has 146 stolen records linked to their identity, an average 12x increase from previous estimates, reflecting a surge in holistic identity exposures. SpyCloud, the leading identity threat protection company, today released its 2025 SpyCloud   show more ...

Annual Identity Exposure Report, highlighting the rise of darknet-exposed identity data as […] La entrada SpyCloud’s 2025 Identity Exposure Report Reveals the Scale and Hidden Risks of Digital Identity Threats – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News 19 Mar 20254 mins Data BreachSecurityZero-Day Vulnerabilities In letters to the affected customers, Western Alliance Bank said sensitive information including their financial account and social security numbers may have been compromised. Western Alliance Bank (WAB) has   show more ...

disclosed that a data breach at its third-party vendor’s secure file transfer software has […] La entrada About 22k WAB customers impacted by a zero-day attack on a third-party vendor – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.infoworld.com – Author: news Mar 19, 20255 mins CI/CDData BreachDeveloper CISA confirms cascading attack from reviewdog to tj-actions exposed sensitive credentials across 23,000+ repositories. A sophisticated cascading supply chain attack has compromised multiple GitHub Actions, exposing critical   show more ...

CI/CD secrets across tens of thousands of repositories. The attack, which originally targeted the widely used “tj-actions/changed-files” […] La entrada GitHub suffers a cascading supply chain attack compromising CI/CD secrets – Source: www.infoworld.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Business IT Alignment

Source: www.csoonline.com – Author: The painful duty of informing the C-suite or board how much an incident cost is critical to the CISO role, but a good response plan, tabletop exercises, and proactive engagement can smooth the process. In 2017, credit rating agency Equifax suffered a massive data breach,   show more ...

ultimately costing the company over $1.4 […] La entrada That breach cost HOW MUCH? How CISOs can talk effectively about a cyber incident’s toll – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 authentication

Source: www.csoonline.com – Author: AMI MegaRAC baseband management controller vulnerability enables attackers to bypass authentication on the Redfish API and deploy malware implants or brick servers. Researchers found a critical vulnerability in the AMI MegaRAC baseband management controller (BMC) used by   show more ...

multiple server manufacturers. The vulnerability could allow attackers to bypass authentication and take control […] La entrada Critical vulnerability in AMI MegaRAC BMC allows server takeover – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: With attackers spending far less time hidden in systems, organizations must break down security silos and increase cross-tool integration to accelerate detection and response. Times are tough for cyber pros, quite literally. Two common malware time scale metrics — dwell   show more ...

time and time to exploit — are rapidly shortening, making it […] La entrada Attack time frames are shrinking rapidly. Here’s how cyber teams can cope – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information. California Cryobank (CCB) is the largest sperm bank in the U.S., providing frozen donor sperm and reproductive services, including egg and embryo storage.   show more ...

It operates in all 50 states and over 30 countries worldwide, helping […] La entrada California Cryobank, the largest US sperm bank, disclosed a data breach – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI

Source: securityaffairs.com – Author: Pierluigi Paganini The Rules File Backdoor attack targets AI code editors like GitHub Copilot and Cursor, making them inject malicious code via a supply chain vulnerability. Pillar Security researchers uncovered a dangerous new supply chain attack vector called ‘Rules   show more ...

File Backdoor.’ Threat actors could use the technique to silently compromise AI-generated code […] La entrada Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following   show more ...

vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog: CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability CVE-2025-30066 tj-actions/changed-files GitHub Action Embedded Malicious Code […] La entrada U.S. CISA adds Fortinet FortiOS/FortiProxy and GitHub Action flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-03
Aggregator history
Wednesday, March 19
SAT
SUN
MON
TUE
WED
THU
FRI
MarchAprilMay