Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Malaysia Dodged a Bu ...

 Features

By Salleh Kodri, SE Regional Manager, Cyble 2024 wasn’t just another year in Malaysia’s digital journey — it was a wake-up call. For those of us who’ve spent decades in the trenches of cybersecurity, watching logs, tracing threats, and hardening infrastructure, the wave of cyberattacks that hit our country   show more ...

this past year wasn’t surprising. But the scale, the coordination, and the economic fallout? That was something else entirely. Let me break down what happened — not just the headlines, but what it means for our economy, and why Malaysia needs to stop treating cybersecurity as a footnote and start treating it like national infrastructure. The Breach That Broke Our Complacency By the time we hit Q3 in 2024, over 1,500 cyberattacks had been recorded against government ministries and critical infrastructure systems. These weren’t amateur phishing attempts. They were sustained, sophisticated, and clearly state-backed or state-level in complexity. A few key ministries went dark for hours. One of our public healthcare systems experienced temporary data corruption. And a utilities provider had to isolate its control systems for 36 hours to avoid a complete system compromise. And here’s the thing: not all of it made the news. Behind closed doors, systems were patched, teams scrambled, and boards panicked. The cost wasn’t just digital — it was economic. [caption id="attachment_102323" align="aligncenter" width="1024"] Source: Freepik[/caption] Counting the Economic Damage You might think, “It’s just data.” But cyberattacks bleed real money. According to IBM’s 2024 data breach report, the average cost of a breach in ASEAN rose to $3.23 million, with the financial services sector averaging over $5.57 million per incident. Malaysia wasn’t spared. Several major Malaysian firms — including one logistics giant and a digital bank — quietly shelled out millions to contain the damage, restore systems, and placate regulators and customers. Here’s where it hits the broader economy: Foreign investors began questioning the resilience of our digital infrastructure. SMEs, which make up over 97% of our businesses, lacked cyber-readiness and saw disrupted operations and lost trust. Public trust in digital government services took a hit, just when we were trying to push digital ID and e-payments deeper into daily life. A senior official in one ministry told me bluntly: “We thought we had five more years to prepare. We didn’t.” The RM60 Million Band-Aid To its credit, the government responded. Budget 2024 allocated RM60 million to strengthen cyberattack preparedness, develop local cybersecurity testing frameworks, and support 5G tech security. It’s a start — but let’s be clear. RM60 million doesn’t stretch far in cyber defense. That’s maybe a dozen enterprise-scale security upgrades or a few hundred well-trained specialists. For comparison, Singapore’s Cyber Security Agency has had an annual budget exceeding SGD 100 million since 2019. That’s the kind of investment we’re up against regionally. A Law Long Overdue What we really needed — and finally got — was the National Cyber Security Bill, passed in March 2024. It was years in the making and gives real legal backbone to our cyber defense efforts. Now, Critical National Information Infrastructure (CNII) operators are legally bound to report incidents, meet compliance standards, and undergo regular risk assessments. It’s no longer voluntary — and that’s a good thing. But enforcement will be key. We’ve seen laws on paper without bite before. The Talent Crisis Nobody’s Talking About Enough in Malaysia Let’s talk about the people behind the screens. Malaysia currently has 15,000 cybersecurity professionals, and we need at least 27,000 just to meet current demand. That’s a gap of 12,000 skilled individuals. And the attacks are only going to get more complex. This talent shortage is killing us. Many of our best minds are being poached by MNCs or lured abroad. We’ve got polytechnic grads doing L1 security ops when they could be trained into penetration testers, incident responders, and SOC analysts. If we don’t start investing in people as much as in tech, we’re going to lose this fight before it really starts. A Nation’s Resilience Is Now Digital Cybersecurity isn’t a niche IT problem anymore. It’s national security. It’s economic security. And it’s about trust. In 2024, Malaysians saw what happens when digital systems fail: queues at clinics, bank transfers on hold, GPS routes offline, and even brief water supply disruptions in a northern state. These aren’t “tech issues.” These are real-life disruptions to real people. And the knock-on effect? Delayed investments, rattled supply chains, and a hit to our digital economy ambitions. If we’re serious about being a Southeast Asian digital hub, we need to act like it, and that means building cybersecurity into every layer of our economy. Where Do We Go From Here? Here’s what needs to happen in 2025 if we want to bounce back stronger: Double our cyber workforce training pipeline – fast-track programs, sponsor certifications, retrain IT pros. Mandate cyber-readiness for all critical infrastructure operators, not just those in government. Establish a national bug bounty program – crowdsource protection with white-hat hackers. Support SMEs with affordable, shared cybersecurity services – they’re our most vulnerable segment. Treat cyber risk the same as financial risk – include it in board meetings, audits, and national economic planning. Final Word We dodged a bullet in 2024. But bullets keep coming. Malaysia has talent, drive, and potential. But in the cyber world, potential isn’t enough. Preparedness is everything. Let’s make 2025 the year we stop reacting and start leading.

image for Security Isn’t a T ...

 Features

In an engaging video podcast with Mihir Bagwe of The Cyber Express, Kapil Yewale, Head of Cybersecurity at Clearview, shared deep insights into the evolving nature of cybersecurity leadership. With over two decades of experience spanning networks, infrastructure, and applications, Kapil emphasized that cybersecurity   show more ...

should not be viewed in isolation. Instead, it must be embedded across the technology stack—from cloud to infrastructure to applications. Drawing from his journey, Kapil discussed how his broad technical understanding helped him design strong Secure-by-Design frameworks, advocating for security to be part of the system’s blueprint, not an afterthought. He stressed the importance of domain-specific risk understanding, especially in the face of emerging challenges like AI, regulatory compliance, and advanced threats. Kapil also emphasized that true cybersecurity leadership requires more than just tools and tactics—it demands a strategic grasp of the entire ecosystem, continuous learning, and cross-functional collaboration. His message was clear: to build resilient systems, security must be a mindset baked into every layer of the enterprise. Watch the full podcast to explore Kapil’s actionable insights on building resilient, future-ready cybersecurity programs.

image for What is ClickFix and ...

 Business

Attackers are increasingly using the ClickFix technique to infect Windows computers to force users to run malicious scripts manually. The use of this tactic was first seen in the spring of 2024. Since then, attackers have come up with a number of scenarios for its use. What is ClickFix? The ClickFix technique is   show more ...

essentially an attempt to execute a malicious command on the victims computer relying solely on social engineering techniques. Under one pretext or another, attackers convince the user to copy a long command line (in the vast majority of cases — a PowerShell script), paste it into the systems Run window, and press Enter, which should ultimately lead to compromising the system. The attack normally begins with a pop-up window simulating a notification about a technical problem. To fix this problem, the user needs to perform a few simple steps, which boil down to copying some object and executing it through the Run application. However, in Windows 11, PowerShell can also be executed from the search bar for applications, settings, and documents, which opens when you click on the icon with the systems logo, so sometimes the victim is asked to copy something there. ClickFix attack – how to infect your own computer with malware in three easy steps. Source This technique earned itself the name ClickFix because usually the notification contains a button, the name of which is somehow related to the verb to fix (Fix, How to fix, Fix it…), which the user needs to click to solve the alleged problem or see instructions for solving it. However, this isnt a mandatory element — the need to launch some code can be justified by the requirement to check the computers security, or, for example, to confirm that the user is not a robot. In this case, the Fix button can be omitted. An example of instructions for confirming that youre not a robot. Source The scheme may differ slightly from case to case, but attackers typically give the victim the following instructions: click the button to copy the code that solves the problem; press the key combination [Win] + [R]; press the combination [Ctrl] + [V]; press [Enter]. So what actually happens? The first action (clicking the button to copy the code that solves the problem) copies some script invisible to the user to the clipboard. The second (pressing the key combination [Win] + [R]) opens the Run window, which in Windows is designed to quickly launch programs, open files and folders, and enter commands. In the third (pressing the combination [Ctrl] + [V]), the PowerShell script is pasted into Run window from the clipboard. And finally, with the fourth action (pressing [Enter]), the code is launched with the current user privileges. As a result of executing the script, malware is downloaded and installed onto the computer — with the specific malicious payload varying from campaign to campaign. Thus, what we get is the user running a malicious script on their own system thereby infecting his own computer. Typical attacks using the ClickFix technique Sometimes attackers create their own websites and lure users to them using various tricks. Or they hack existing websites and force them to display a pop-up window with instructions. In other cases similar instructions are delivered under various pretexts via email, social networks, or even through instant-messengers. Here are some typical scenarios of using this technique in attacks: 1. Unable to display the page, need to refresh the browser A classic scenario in which the visitor doesnt see the page they expected to and is told they need to install a browser update to display it. 2. Error loading a document on a website Another standard tactic: the user isnt allowed to view a certain document in Microsoft Word or PDF format. Instead, theyre shown a notification asking to install a plugin for viewing the PDF or Word online. 3. Error opening a document from email In this case attackers substitute the file format. The victim sees a .pdf or .docx icon, but in reality clicks on the HTML file that opens in the browser. Then everything is similar to the previous case — what are needed are: a plugin, malicious instructions, and the familiar How to fix button. 4. Problems with the microphone and camera in Google Meet or Zoom A more unusual variation of the ClickFix tactic is used on fake Google Meet or Zoom websites. The user receives a link for a video call, but is not allowed to join it, because there are problems with their microphone and camera. The message explains how to fix it. 5. Prove that youre not a robot – fake CAPTCHA Finally, the most curious version of the attack using ClickFix: the site visitor is asked to complete a fake CAPTCHA to prove theyre not a robot. But the required proof is, of course, is to follow the instructions written in the pop-up window. Prove youre not a robot – to do this, run a malicious script on your computer. Source How to protect yourself from ClickFix attacks? The simplest mechanism for protecting your company from attacks using the ClickFix technique involves blocking the [Win] + [R] key combination in the system — its hardly needed at all in the day-to-day work of the typical employee. However, this isnt a panacea — as we already wrote above, in Windows 11 the script can be launched from the search bar, and some variations of this attack use more detailed instructions in which the user is told how to manually open the Run window. Therefore, protective measures, of course, should be comprehensive and primarily aimed at training employees. Its worth conveying to them that if someone seeks any manual manipulations with the system — its an extremely alarming sign. Here are some tips on how to protect your organizations employees from attacks using ClickFix tactics: Be sure to use a reliable security solution on all corporate devices, and also install protection at the mail gateway level. Raise employee awareness of cyberthreats, including new tactics, with specialized training. Organizing such training is easy – just use our automated educational Kaspersky Automated Security Awareness Platform .

 Feed

In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that's capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of a legitimate open-source word processing and spell check tool called UyghurEdit++ developed to support the use of the Uyghur

 Feed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerabilities in question are listed below - CVE-2025-1976 (CVSS score: 8.6) - A code injection flaw

 Feed

Find out how Reco keeps Microsoft 365 Copilot safe by spotting risky prompts, protecting data, managing user access, and identifying threats - all while keeping productivity high. Microsoft 365 Copilot promises to boost productivity by turning natural language prompts into actions. Employees can generate reports, comb through data, or get instant answers just by asking Copilot.  However,

 Feed

Google has revealed that it observed 75 zero-day vulnerabilities exploited in the wild in 2024, down from 98 in 2023.  Of the 75 zero-days, 44% of them targeted enterprise products. As many as 20 flaws were identified in security software and appliances. "Zero-day exploitation of browsers and mobile devices fell drastically, decreasing by about a third for browsers and by about half for

 Feed

Popular messaging app WhatsApp on Tuesday unveiled a new technology called Private Processing to enable artificial intelligence (AI) capabilities in a privacy-preserving manner. "Private Processing will allow users to leverage powerful optional AI features – like summarizing unread messages or editing help – while preserving WhatsApp's core privacy promise," the Meta-owned service said in a

 Feed

Various generative artificial intelligence (GenAI) services have been found vulnerable to two types of jailbreak attacks that make it possible to produce illicit or dangerous content. The first of the two techniques, codenamed Inception, instructs an AI tool to imagine a fictitious scenario, which can then be adapted into a second scenario within the first one where there exists no safety

 Feed

Cybersecurity company SentinelOne has revealed that a China-nexus threat cluster dubbed PurpleHaze conducted reconnaissance attempts against its infrastructure and some of its high-value customers. "We first became aware of this threat cluster during a 2024 intrusion conducted against an organization previously providing hardware logistics services for SentinelOne employees," security

 Guest blog

The FBI is set to report that ransomware was the most pervasive cybersecurity threat to US critical infrastructure during the year of 2024, with complaints of ransomware attacks against critical sectors jumping 9% over the previous year. Read more in my article on the Tripwire State of Security blog.

 Data loss

If you thought only your boss was peeking at your work screen, think again. Employee-monitoring tool Work Composer has committed a jaw-dropping blunder, leaving a treasure trove of millions of workplace screenshots openly accessible on the internet with no encryption in place, and no password required. Read more in my article on the Hot for Security blog.

 AI

In episode 48 of The AI Fix, OpenAI releases the first AI models capable of novel scientific discoveries, ChatGPT users are sick of its relentlessly positive tone, our hosts say "Alexa" a lot, OpenAI eyes a social network of its own, and some robots run a half-marathon. Graham discovers AI Jesus and a great   show more ...

offer on some Casper mattresses, and Mark wonders if the technological singularity is actually much closer than we thought. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Written by Several representatives of exiled Uyghurs have been targeted by a pervasive spear phishing campaign aimed at deploying surveillance malware, researchers at the Citizen Lab have found. In March 2025, senior World Uyghur Congress (WUC) members received   show more ...

Google notifications warning that their accounts had been the subject of government-backed attacks. […] La entrada Uyghur Diaspora Group Targeted with Remote Surveillance Malware – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Half of all mobile devices are operating on outdated operating systems, leaving them highly vulnerable to cyber-attacks, according to new research. The figure comes from the 2025 Global Mobile Threat Report by Zimperium, which also highlights a surge in   show more ...

mobile-targeted attacks and app vulnerabilities, as threat actors increasingly exploit the widespread […] La entrada Half of Mobile Devices Run Outdated Operating Systems – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A surge in automated scanning activity, increasing by 16.7% globally in 2024, has exposed massive vulnerabilities in digital infrastructure.  According to the 2025 Global Threat Landscape Report from FortiGuard Labs, threat actors are executing billions of scans   show more ...

monthly – roughly 36,000 scans per second – targeting services like SIP, RDP and […] La entrada Researchers Note 16.7% Increase in Automated Scanning Activity – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . In a new campaign detected in March 2025, senior members of the World Uyghur Congress (WUC) living in exile have been targeted by a Windows-based malware that’s capable of conducting surveillance. The spear-phishing campaign involved the use of a trojanized version of   show more ...

a legitimate open-source word processing and spell check […] La entrada Malware Attack Targets World Uyghur Congress Leaders via Trojanized UyghurEdit++ Tool – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Actively

Source: thehackernews.com – Author: . The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added two high-severity security flaws impacting Broadcom Brocade Fabric OS and Commvault Web Server to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in   show more ...

the wild. The vulnerabilities in question are listed below – CVE-2025-1976 (CVSS score: […] La entrada CISA Adds Actively Exploited Broadcom and Commvault Flaws to KEV Database – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.networkworld.com – Author: News Apr 28, 20254 mins High-Performance ComputingMainframesSecurity Information and Event Management Software IBM also pledged to invest $150 billion in the U.S. over the next five years, including spending on facilities for manufacturing mainframe and quantum computers.   show more ...

IBM has added new agentic and automation capabilities to its managed detection and response […] La entrada IBM aims for autonomous security operations – Source: www.networkworld.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.networkworld.com – Author: At RSA Conference 2025, Cisco unveiled agentic AI capabilities in Cisco XDR, the latest version of Splunk SOAR, and an open-source AI security management model. Cisco today announced a range of AI-driven security enhancements, including improved threat detection and   show more ...

response capabilities in Cisco XDR and Splunk Security, new AI agents, and integration […] La entrada Cisco automates AI-driven security across enterprise networks – Source: www.networkworld.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: Expect artificial intelligence to be the topic of the week at the RSA Conference, with a slew of product announcements, panel discussions, and conversational buzz. Thousands of delegates (41,000 attended in 2024) and around 600 exhibitors are in San Francisco to hear talks on   show more ...

the use of generative AI technologies in […] La entrada AI looms large on the RSA Conference agenda – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Application Security

Source: www.csoonline.com – Author: News Analysis Apr 28, 20256 mins GovernmentRegulationTechnology Industry CISA’s high-profile proselytizing of its Secure by Design program will likely end, but some experts think the idea still has momentum in the private sector, while others have become disillusioned   show more ...

altogether. In April 2023, the US Cybersecurity and Infrastructure Security Agency (CISA), the […] La entrada Secure by Design is likely dead at CISA. Will the private sector make good on its pledge? – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: BrandPost By Action 1 Apr 28, 20254 mins Vulnerability management isn’t about checking boxes anymore—it’s about real-time visibility, risk prioritization, and automation that keeps you one step ahead of threats. Let’s be honest folks, vulnerability management isn’t   show more ...

the same game it was five years ago. But if you’re still running periodic […] La entrada 4 big mistakes you’re probably still making in vulnerability management…and how to fix them – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Enterprise security products are a growing target for threat actors, with the number of exploited zero-day vulnerabilities increasing 19% since 2022, according to Google. A report from the tech giant’s Google Threat Intelligence Group (GTIG) released today   show more ...

revealed that it tracked 75 zero-day vulnerabilities exploited in the wild in 2024. Although […] La entrada Zero-Day Exploitation Figure Surges 19% in Two Years – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Source: www.infosecurity-magazine.com – Author: Europol has created a new operational group designed to tackle a growing problem of youngsters being recruited into criminal service provider groups that specialize in online and physical attacks. Led by Sweden, the Operational Taskforce (OTF) is known as “OTF   show more ...

GRIMM” and includes law enforcers from Belgium, Denmark, Finland, France, Germany, […] La entrada Europol Creates “Violence-as-a-Service” Taskforce – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini VeriSource breach exposed data of 4M people in Feb 2024; stolen info includes personal details from an employee benefits services provider. VeriSource is alerting 4 million people after a February 2024 breach that exposed personal information. The data   show more ...

was stolen on February 27, 2024, and the incident was discovered […] La entrada VeriSource data breach impacted 4M individuals – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency   show more ...

(CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known […] La entrada U.S. CISA adds Qualitia Active! Mail, Broadcom Brocade Fabric OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BreachForums

Source: securityaffairs.com – Author: Pierluigi Paganini The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning BreachForums, a major data leak marketplace, shut down on April 15 after a MyBB 0-day exploit allowed law enforcement infiltration. On April 15, BreachForums, one of the   show more ...

top marketplaces for stolen data, abruptly shut down, fueling widespread speculation. […] La entrada The Turmoil Following BreachForums Shutdown: Confusion, Risks, and a New Beginning – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Earth Kurma APT carried out a sophisticated campaign against government and telecommunications sectors in Southeast Asia. Trend Research exposed the Earth Kurma APT campaign targeting Southeast Asia’s government and telecom sectors. Threat actors use   show more ...

custom malware, rootkits, and cloud storage for espionage, credential theft, and data exfiltration, posing a […] La entrada Earth Kurma APT is actively targeting government and telecommunications orgs in Southeast Asia – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A large-scale phishing campaign targets WordPress WooCommerce users with a fake security alert urging them to download a ‘critical patch’ hiding a backdoor. Patchstack researchers uncovered a large-scale phishing campaign targeting WordPress   show more ...

WooCommerce users with a fake security alert. Threat actors urge recipients to download a “critical patch” that […] La entrada A large-scale phishing campaign targets WordPress WooCommerce users – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Researchers created a PoC rootkit called Curing that uses Linux’s io_uring feature to evade traditional system call monitoring. Armo researchers have demonstrated a proof-of-concept (PoC) rootkit named Curing that relies on Linux asynchronous I/O   show more ...

mechanism io_uring to bypass traditional system call monitoring. “Curing is a POC of a rootkit that uses io_uring to perform […] La entrada PoC rootkit Curing evades traditional Linux detection systems – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Each month throughout the year, we’ll be spotlighting our SWE Affinity Groups. Here, the Public Policy Affinity Group shares the story of one of their active members. Source Views: 0 La entrada SWE Community Spotlight: Public Policy Affinity Group Member Spotlight se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Get to know the leaders who will be sharing their stories in Barcelona! Source Views: 0 La entrada Meet the 2023 WE Local Barcelona Keynotes se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-04
Aggregator history
Tuesday, April 29
TUE
WED
THU
FRI
SAT
SUN
MON
AprilMayJune