Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for South African Airway ...

 Cyber News

South African Airways (SAA), the country's flag carrier, has confirmed that it suffered a significant cyber incident on Saturday, May 3, 2025. The SAA data breach caused temporary disruptions to its website, mobile application, and certain internal systems. However, swift response measures were implemented,   show more ...

allowing the airline to restore normal operations by the end of the same day. In a statement issued by the airline, SAA noted that it had immediately activated its disaster management and business continuity protocols upon discovering the incident. These proactive measures ensured that the airline’s core flight operations remained stable and that essential customer service platforms such as contact centers and sales offices continued functioning without interruption. “Our response team acted swiftly to contain the disruption and initiate a comprehensive investigation,” said Prof. John Lamola, Group CEO of South African Airways. “The security and integrity of our systems and the protection of customer data remain our top priorities. We are working diligently to assess the impact of the incident and to reinforce our cybersecurity posture.” SAA Data Breach: Independent Investigation and Government Involvement Shortly after containing the incident, SAA brought in independent digital forensic investigators to determine the root cause and assess the full extent of the breach. While the investigation is ongoing, early indications suggest that the disruption may have been the result of external cybercriminal activity. Given its designation as a National Key Point, SAA is legally bound to follow strict protocols during such incidents. In compliance with these obligations, the airline has reported the event to the South African State Security Agency (SSA) and the South African Police Service (SAPS), which have initiated a criminal investigation. Additionally, as a precaution under the Protection of Personal Information Act (POPIA), the airline has informed the Information Regulator of South Africa. Potential Data Exposure Under Review One of the most pressing concerns following any cyberattack is whether sensitive personal or operational data was accessed or stolen. According to SAA, the current focus of the forensic investigation is to determine if any data was compromised. The airline has pledged to notify affected individuals in accordance with regulatory guidelines, should any evidence of data exfiltration come to light. As of now, there has been no confirmation that customer or employee data has been accessed. However, SAA is urging customers to remain vigilant and report any suspicious activity. Ongoing Collaboration and Commitment to Cybersecurity SAA is continuing to work closely with investigators and government authorities to understand the full scope of the incident. The airline emphasized that it is committed to enhancing its cybersecurity framework based on the lessons learned from this event. “We will leave no stone unturned in understanding what happened and how we can prevent it in the future,” said Lamola. “This includes strengthening our systems, updating protocols, and training our teams. Our goal is to deliver reliable and secure service to all our stakeholders.” A Broader Pattern of Cyber Threats in South Africa This cyberattack on SAA is the latest in a string of cyber incidents targeting major South African organizations across sectors such as healthcare, telecommunications, agriculture, and government. In March 2025, poultry producer Astral Foods reported a cyberattack that disrupted its operations and was expected to cost the company approximately 20 million rand (about $1.1 million USD) in profits for the six-month period ending March 31. The company took swift measures to mitigate the damage and resume operations. In 2024, the National Health Laboratory Service (NHLS), South Africa’s key diagnostic service provider for public health facilities, also suffered a severe cyberattack. That breach forced a full shutdown of the organization's IT systems, affecting emails, its website, and critical lab test result systems. The frequency and impact of these cyberattacks have continued to escalate. In 2023, the LockBit ransomware group was linked to attacks on organizations in South Africa, among other countries. In a particularly high-profile case that same year, a ransomware group leaked personal details of South Africa’s president and released part of the 1.6 terabytes of data allegedly stolen from the country’s defense department. Additional victims over the last two years have included a state-owned bank, a major energy company, the Government Employees Pension Fund, and various government-run laboratories. Just in the first few months of 2025, attackers have breached the country’s weather service, its largest poultry producer, and a leading telecommunications provider. Most recently, telecom giant MTN Group, Africa’s largest mobile operator, confirmed a cyberattack that exposed personal data of an undisclosed number of its customers. Government Response and New Reporting Laws Amid growing public concern over these cyber incidents, the South African government enacted a new law in April 2025 mandating that all cyberattacks be reported to the country’s Information Regulator. The regulation aims to strengthen the monitoring of security incidents involving personal information and ensure quicker, more coordinated responses to emerging threats. The new law is a significant step in reinforcing national cybersecurity and improving transparency, especially for entities that handle large volumes of sensitive data, like SAA. Ongoing Investigation and Outlook As SAA continues to investigate the SAA cyberattack, it remains focused on securing its digital infrastructure and maintaining public trust. Customers are advised to stay informed via official SAA communication channels and to follow standard online safety practices, such as monitoring their accounts for suspicious activity and avoiding phishing scams. The Cyber Express editorial team has reached out to South African Airways for further details, but no additional comment has been received as of the time of publication. While SAA’s immediate response appears to have effectively contained the disruption, the outcome of the ongoing investigation will likely shape the company’s future cyber strategy—and serve as a cautionary tale for others.

image for Nmap 7.96 Launches w ...

 Firewall Daily

The Nmap Project has officially launched the highly anticipated Nmap 7.96, bringing a wealth of new features, performance upgrades, and bug fixes to the popular network scanning tool. As a fundamental utility for network discovery and security auditing, Nmap has been a go-to solution for security professionals, and   show more ...

version 7.96 makes it even more powerful.  One of the standout features of Nmap 7.96 is the massive overhaul of its DNS resolution system. The new approach leverages parallel forward DNS lookups, speeding up the scanning process. For example, resolving one million website names to both IPv4 and IPv6 now takes just over an hour, a vast improvement from the previous method, which could take up to 49 hours. This improvement is especially beneficial when scanning large lists of hostnames, making Nmap more efficient and effective for network audits and vulnerability assessments.  In addition to DNS resolution improvements, Nmap 7.96 introduces several upgrades to its underlying libraries. The updated versions of OpenSSL 3.0.16, Lua 5.4.7, libssh2 1.11.1, libpcap 1.10.5, and libpcre2 10.45 offer enhanced performance and greater compatibility with modern systems. These updates are crucial for security professionals who rely on Nmap for network reconnaissance and vulnerability assessment tasks.  New and Improved Features with Nmap 7.96  Alongside these technical enhancements, Nmap 7.96 includes a host of new features designed to streamline the user experience and bolster its capabilities. NSE (Nmap Scripting Engine), a key part of Nmap, has received several new scripts. Notably, the mikrotik-routeros-version script queries MikroTik's WinBox router admin service to obtain RouterOS version information, while the mikrotik-routeros-username-brute script helps automate brute-force attacks against MikroTik routers using CVE-2024-54772. Another script, targets-ipv6-eui64, generates IPv6 target addresses from MAC addresses using the EUI-64 method. With these additions, the Nmap Scripting Engine continues to expand, bringing the total number of NSE scripts to 612.  The update also introduces dark mode for Zenmap, Nmap's graphical user interface. This feature allows users to toggle dark mode through the "Profile->Toggle Dark Mode" setting or by configuring the window::dark_mode parameter in the zenmap.conf file. The new theme offers improved usability in low-light environments and reduces eye strain, particularly during extended scanning sessions.  Ncat, another component of the Nmap suite, has also undergone improvements. It now features a new default mode for closing connections and introduces the "-q" option, which delays the program's exit after receiving an EOF (end of file) from standard input. Enhanced Scanning Capabilities  The core functionality of Nmap 7.96 has been bolstered with several scanning improvements that make it even more efficient for security professionals. Key highlights include:  Parallel DNS Resolution: Nmap now performs forward DNS lookups in parallel, drastically reducing scan times. This new method utilizes the same high-performance engine previously used for reverse DNS resolution.  Custom Stub Resolver: Nmap continues to use its own custom DNS resolver, allowing it to perform multiple requests in parallel instead of relying on slower system DNS libraries.  Flexible DNS Resolution Options: Users can fine-tune DNS resolution using various options such as -n (disable DNS), -R (always resolve), --system-dns (use system resolver), and --dns-servers (specify custom DNS servers).  Improved DNS Parsing: The release also enhances domain name parsing, addressing issues with recursion and enforcing name length limits to prevent stack overflow vulnerabilities.  These improvements not only speed up the scanning process but also enhance Nmap’s reliability when working with large-scale networks or domains.  Bug Fixes and Compatibility Enhancements  Nmap 7.96 also addresses several long-standing issues. Notably, it resolves problems with the IOCP Nsock engine on Windows, as well as a bug in TCP Connect scans (-sT) where ports were incorrectly labeled as "filtered" instead of "closed." Additionally, users can now scan IP protocol 255 and have the ability to specify target lists both from the command line and input files, a feature previously unavailable.  Conclusion   Nmap 7.96 introduces new improvements, offering faster scans and greater flexibility, especially for large-scale host discovery, while enhancing the functionality of the Nmap Scripting Engine (NSE) with new scripts that target specific vulnerabilities and automate tasks.   The upgraded DNS resolution and parallel query handling further solidify Nmap as one of the fastest and most reliable tools for network security. This release continues the Nmap Project’s commitment to providing essential tools for network administrators, security auditors, and ethical hackers, with the latest version available for download in various formats from the official website.  

image for Europol Issues Publi ...

 Cyber Essentials

In a warning that could not be more direct, Europol — the European Union’s law enforcement agency — has urged citizens to remain vigilant against a rising wave of phone scams, spoofed emails, and fake app downloads that fraudulently claim to be from the agency. A message posted on Europol’s official website   show more ...

reads: “Europol will not call you.” Behind this simple message lies a complex and fast-evolving scam operation that’s targeting everyday people across Europe and beyond. The Scam: Impersonating Law Enforcement In recent months, scammers have increasingly begun to impersonate Europol officials in unsolicited phone calls, text messages, and emails. Victims are falsely informed that they are either implicated in serious crimes such as money laundering, or that their identities have been stolen and are being misused. To make the fraud appear credible, the scammers use ‘phone spoofing’ — a technique where caller ID information is faked to make it look like the call is coming from a real Europol phone number. In some cases, victims are also being tricked into downloading malware-laced apps branded with the Europol logo. Once communication is established, the fraudsters pressure victims into divulging personal information, banking details, or making urgent payments. Europol has emphasized that these actions are not legitimate and under no circumstances would its staff engage with citizens in such a manner. Real Names, Fake Correspondence Europol’s name is not the only brand being exploited in this scam campaign. The fraudulent messages have invoked the names of real Europol senior officials — including Executive Director Catherine De Bolle, Deputy Executive Director Jean-Philippe Lecouffe, and Jürgen Ebner — to increase the sense of urgency and legitimacy. Scammers have even gone as far as to create falsified letters and emails in multiple languages, claiming to represent not just Europol, but also other law enforcement networks such as EMPACT (European Multidisciplinary Platform Against Criminal Threats). These elaborate scams are not just limited to emails or phone calls. Europol has confirmed that some victims received bogus legal notices from third-party companies supposedly working on behalf of the agency. A Clear Message from Europol Europol is clear in its messaging: They do not issue fines. They do not open criminal investigations via phone calls. They do not ask for personal information, banking details, or app downloads. If you receive such a message, it is fake. Citizens are urged to report such scams to their local or national police, who can then escalate the matter if Europol’s assistance is required. The agency also clarified that it does not accept direct reports from members of the public and cannot launch investigations based on individual complaints. Real Law Enforcement Efforts Continue While scammers misuse Europol’s name to fuel cybercrime, the real agency continues its work on the frontlines of international digital law enforcement. Just this week, Europol announced the success of Operation PowerOFF, a coordinated global crackdown on DDoS-for-hire services — also known as “booter” or “stresser” platforms — that allow users to pay a small fee to flood and disable targeted servers or websites. The operation involved law enforcement from the U.S., Poland, and several EU countries, and led to the arrest of four suspects in Poland and the seizure of nine illicit websites used to facilitate cyberattacks. Among the shut-down platforms were names like Cfxapi, Cfxsecurity, Neostress, Jetstress, Quickdown, and Zapcut — all of which enabled users, often with little to no technical skills, to launch millions of distributed denial-of-service (DDoS) attacks between 2022 and 2025. According to Europol, these takedowns represent a major blow to the underground ecosystem that supports entry-level cybercriminals, script kiddies, and hacktivists. Why This Matters: Public Trust and Cyber Hygiene The irony in this tale lies in the contrast: as Europol intensifies efforts to eliminate real cyber threats, fraudsters are piggybacking on the agency’s name to trick ordinary citizens. It’s a reminder of how important public awareness is in cybersecurity. The tools used by criminals — spoofing, impersonation, social engineering — rely more on psychology than technology. In the case of these scams, victims often feel threatened or panicked when they’re told they’re under investigation. The use of real officials’ names and the illusion of official channels only amplifies the fear factor. But as Europol stresses, law enforcement agencies never operate this way. They will not call, threaten, or demand immediate payments from civilians. And they certainly won’t send you links to apps claiming to be “official” tools while hiding malware under the hood. Red Flags to Watch Out For Here’s how to spot and avoid falling victim to these fake Europol scams: Unexpected phone calls from law enforcement asking for personal or financial details. Caller ID showing Europol or other official agency names — spoofing is commonly used. Emails or messages that pressure you into urgent action or payments. Fake apps or links claiming to represent law enforcement agencies. Mentions of high-ranking Europol staff in messages demanding cooperation. What to Do If You’re Targeted Do not engage with the message or caller. Do not share personal information or click on any links or download apps. Report the incident to your local police or national cybersecurity authority. If possible, take a screenshot or note the phone number/email used. Conclusion So the next time your phone rings and someone says they’re calling from Europol the internet is not just a place for services and commerce — it’s a frontline for deception, manipulation, and exploitation. By staying informed and cautious, citizens can become the first line of defense against digital fraud. While Europol handles the high-stakes international operations like Operation PowerOFF, it’s up to each individual to exercise caution and avoid getting tangled in these cyber webs.— Hang up. Because Europol will not call you.

image for At a Time of Armed E ...

 Cyber Warfare

As tensions flare and the possibility of full blown armed conflict between India and Pakistan grows, there is a need not just for restraint and awareness but also for digital discipline - a "Digital Blackout." In a hyper-connected world, social media is no longer just a place to share updates and opinions. It   show more ...

can quickly become a tool for surveillance, psychological warfare, and even targeting. What we share, tag, or livestream in real time can offer adversaries valuable insight into troop movements, locations of strikes, or emergency response coordination. This is where the idea of a digital blackout comes in—a voluntary, civic-minded effort by citizens to protect national security and human lives by limiting the spread of sensitive digital information. Here’s what that looks like in practice, and why it matters now more than ever. 1. No Livestreaming or Real-Time Posts When conflict breaks out, the instinct is to film it—to capture what’s happening and share it instantly. But real-time video content (especially geotagged) can give away locations of military units, emergency services, or critical infrastructure. Instead: Refrain from going live on Instagram, Facebook, or YouTube. Avoid uploading videos or photos during or immediately after an event. If you must post later, strip metadata (like location) before doing so. What may seem like a harmless reel can become a tactical advantage for someone watching from the other side. 2. Disable Location Services Your phone knows where you are—and if your apps do too, so might others. What to do: Turn off GPS or location permissions on apps like WhatsApp, Instagram, Snapchat, and Twitter. Don’t tag your current location in posts or stories. Avoid using check-ins, geo-filters, or maps when posting content. Even a selfie with a familiar building in the background can be triangulated by someone with bad intentions. Also read: How to Get a VPN and Secure Your Online Privacy 3. Stop Sharing Military or Rescue Movements It might feel patriotic to share a video of military vehicles passing by or aircraft flying overhead. But in times of active conflict, this can put operations at risk. What not to share: Videos of air raid sirens, missile interceptions, or troop convoys. Photos of shelters, hospitals, or critical installations. Information on how, where, or when emergency services are responding. Adversaries are watching—and open-source intelligence (OSINT) is a real, effective tool they use. 4. Avoid Speculation or Unverified News Rumours can travel faster than facts, especially during conflict. False alarms, doctored videos, AI-generated content like deepfakes and unverified claims can cause panic or worsen the situation. How to stay responsible: Share news only from credible sources--possibly government sources. Avoid resharing messages or forwards with no clear origin. Do not click on links received over messaging platforms as these could be phishing links laced with malware. Fact-check before you post and/or share. In uncertain times, calm information is a public service. Also read: How Deepfake Threats Are Reshaping Security Strategies in India 5. Switch to Secure, Encrypted Channels If you need to communicate, especially with family near affected areas, use secure platforms. Best practices: Use end-to-end encrypted apps like Signal or WhatsApp (with disappearing messages enabled). Avoid making sensitive calls over regular cellular networks. Don’t share critical info (like shelter locations) in open or public chat groups. Privacy isn’t just about personal security—it can be national security too. 6. Resist the Urge to “Chronicle” the War There will be many documenting the events—journalists, emergency personnel, and official sources. You do not need to become one yourself. In moments of high emotion, it’s tempting to show the world what’s happening around you. But that temptation needs to be weighed against the real risks. Sometimes, silence is safer. 7. Educate Others—Kindly Not everyone will know why a digital blackout matters. You may see friends or relatives posting real-time videos or tagging locations. What you can do: Send them a private message explaining why it’s dangerous. Share guidelines or government advisories when available. Encourage others to pause before they post. This isn’t about censorship—it’s about responsibility. Why a Digital Blackout Works We often think of warfare as something fought with weapons. But today, information is just as powerful. Knowing where, when, and how something happened—especially in real-time—can be the difference between success and disaster for military operations or rescue efforts. India has one of the largest internet-connected populations in the world. In times of war, that reach can either be an advantage—or a vulnerability. A digital blackout is not about silence. It’s about protection. About choosing security over virality. It’s an act of collective discipline, one that can make a real difference. In moments of national urgency, the most patriotic thing you can do might be not to post.

image for Digital Wallets at R ...

 Cyber Essentials

Imagine you're checking the Bitcoin price first thing in the morning, feeling good about your growing portfolio, when suddenly—bam! You realize your digital wallet has been hacked. Everything's gone. If you've ever worried about that nightmare scenario, you're not alone. As digital assets grow in   show more ...

popularity, more people are asking themselves: "Should I get cybersecurity insurance for my digital wallet? Or is it just overkill?" Let's dive deep into this hot debate and see if wallet insurance is truly worth your money or just an expensive false sense of security. The Rise of Digital Wallets and Their Risks These digital wallets have just made life ludicrously convenient. You can send, receive, and hold cryptocurrencies with just a few clicks, control online spending, and even make purchases from your favorite shop. No surprise, then, that trillions of dollars now lie dormant in these cyber pockets. But here's the thing: wherever there's cash, there are crooks. Hackers got smarter, faster, and a whole lot more inventive. Phishing scams, malware, SIM swapping, ransomware—you name it. If your wallet's not locked up tighter than Fort Knox, you might be next on the list. And unlike regular banks, if you misplace your crypto, there's typically no recourse for recovery. No call center to beg on the phone, no "fraud department" to bail you out. It's gone. Forever. So the question is: does cybersecurity insurance plug that gap? What Exactly Is Cybersecurity Insurance for Digital Wallets? At its core, cybersecurity insurance for digital wallets promises to cover your losses if your assets get stolen. It's similar to car insurance—you pay a monthly or yearly premium, and if something goes wrong, you file a claim. These insurance policies can cover: Stolen cryptocurrencies Hacking-related losses Ransom demands (in some cases) Restoration costs Legal fees related to breaches Sounds pretty reassuring, right? But there's a catch. Actually, there are several catches. The Fine Print: Why Cybersecurity Insurance Might Not Be the Magic Shield You Think Let's be real. Insurance companies aren't charities. They're businesses. And they love small print. Most wallet insurance policies have a laundry list of conditions: They only cover certain types of attacks. They require you to use specific wallets or follow strict security procedures. They might not pay out if your private keys were compromised due to your own negligence (like clicking a shady link). They often cap the payout amount way below the full value of your wallet. And here's something even sneakier: some insurers will refuse to cover individual users at all. They'll happily exchange insurance but leave regular folks out in the cold. So, while the idea of "total protection" sounds comforting, the reality can be way murkier. Who Should Seriously Consider Wallet Insurance? Okay, so it's not perfect. But that doesn't mean it's useless. There are people who could really benefit from cybersecurity insurance for their digital wallets. You might want to consider it if: You hold a significant amount of crypto—like, enough that losing it would devastate your finances. You're a business that accepts cryptocurrency payments. You manage other people's assets (e.g., a fund manager or custodian). You're a serious investor who treats crypto like a long-term portfolio. For these folks, extra security means sleeping easier at night. After all, insurance is about peace of mind as much as actual financial reimbursement. When Insurance Might Be Overkill For the average user—someone with a few hundred bucks worth of Bitcoin, Ethereum, or NFTs—cybersecurity insurance might be more hassle than it's worth. Here's why: Premiums can add up fast. You could end up paying more in fees than the total value of your holdings over a couple of years. Many modern wallets have excellent built-in security features (think multi-signature access, two-factor authentication, biometric locks). Practicing good "crypto hygiene" (like using hardware wallets and avoiding sketchy links) drastically reduces your risks. In simple terms, if your digital wallet is your side hustle's side hustle, insurance is probably like buying earthquake insurance for your treehouse. Nice, but not exactly necessary. Better Alternatives to Insurance If you're not keen on paying premiums but still want protection, here are smarter, cheaper alternatives: Use a hardware wallet like Ledger or Trezor. These offline devices make it almost impossible for hackers to get to your crypto. Enable multi-factor authentication (MFA) everywhere possible. Back up your seed phrases offline and keep them in multiple secure locations. Stay educated about common scams and attack methods. Trust me, knowledge is your best shield. Consider third-party custody if you're sitting on a treasure chest of crypto and don't want the responsibility of managing it yourself. Sometimes, the best defense is being a tiny bit paranoid. The Future: Will Wallet Insurance Become the Norm? As the crypto market continues to explode and regulatory bodies start stepping in, it's likely that more formal, accessible insurance options will emerge. We might even see wallet insurance bundled into crypto exchange accounts, similar to how banks offer fraud protection today. When that happens, having insurance might be less of a luxury and more of a standard feature. But until then, it's very much a "buyer beware" situation. Do your research, read every word of that policy, and don't rely on insurance as your only line of defense. Final Thoughts Cybersecurity insurance for digital wallets isn't a clear yes-or-no decision. It's personal. It depends on how much you have, how you manage it, and how comfortable you are with risk. If you've got serious money sitting in your wallet, it might be worth the extra layer of protection. But if you're just dabbling? Focus on tightening your own security habits first. In many cases, smart self-defense beats expensive safety nets. At the end of the day, owning crypto is like owning a treasure chest—you wouldn't leave it out in the open, would you? Whether you choose to add an insurance lock or just guard it fiercely yourself, just make sure you're protected.

image for CVE-2025-20188: Cisc ...

 Firewall Daily

Cisco has rolled out software patches to address a severe security vulnerability, tracked as CVE-2025-20188, in its IOS XE Wireless Controller software. The flaw, which has been assigned the highest possible CVSS score of 10.0, could allow unauthenticated remote attackers to gain full root access on affected systems.   show more ...

The issue stems from a hard-coded JSON Web Token (JWT) embedded within the IOS XE Wireless Controller, which can be exploited through specifically crafted HTTPS requests sent to the Access Point (AP) image download interface. If successful, this exploit could enable attackers to upload malicious files, conduct path traversal attacks, and execute arbitrary commands with root-level privileges. “This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an affected system,” Cisco stated in its security advisory published on May 7, 2025. “A successful exploit could allow the attacker to upload files, perform path traversal, and execute arbitrary commands with root privileges.”  Conditions for Exploitation with CVE-2025-20188  [caption id="attachment_102508" align="alignnone" width="715"] CVE-2025-20188 Details (Source: Cisco)[/caption] The critical vulnerability affects only those systems where the Out-of-Band AP Image Download feature is enabled. Fortunately, this feature is disabled by default in the IOS XE Wireless Controller configuration. However, if administrators have enabled this functionality, systems are exposed to this severe risk.  Network administrators can determine if this vulnerable feature is active by running the command:  arduino  CopyEdit  show running-config | include ap upgrade   If the output includes an upgrade method to HTTPS, the device is at risk, and immediate action is required.  Affected Cisco Products  The flaw impacts several Cisco IOS XE Wireless Controller devices, provided they are running vulnerable software versions and have the Out-of-Band AP Image Download feature enabled:  Catalyst 9800-CL Wireless Controllers for Cloud Catalyst 9800 Embedded Wireless Controllers for the 9300, 9400, and 9500 Series Switches Catalyst 9800 Series Wireless Controllers  Embedded Wireless Controller on Catalyst Access Points  Cisco clarified that devices not functioning as Wireless LAN Controllers (WLCs), as well as products running IOS, IOS XR, Meraki software, NX-OS, and AireOS, are not affected by CVE-2025-20188.  No Workarounds, Only Fixes  Unlike some security issues that can be temporarily mitigated with configuration tweaks, CVE-2025-20188 does not have any viable workarounds. That said, administrators can disable the Out-of-Band AP Image Download feature as a temporary mitigation measure. This forces the system to revert to the default CAPWAP method for AP image downloads, which is unaffected by the flaw.  However, Cisco cautions that disabling this feature might have unintended consequences in some environments. "Customers should not deploy any workarounds or mitigations before first evaluating the applicability to their own environment and any impact to such environment," the company noted.  Software Updates Now Available  Cisco has released free software updates that resolve the vulnerability. These patches are available through the company’s standard update channels for customers with valid service contracts and software licenses.  Users are advised to confirm that their devices have sufficient memory and are compatible with the new software versions before proceeding with the upgrade. The company emphasizes that security fixes do not grant access to additional features or new software licenses—customers must have appropriate entitlements for any upgrades they download. For customers unsure about their licensing status or how to obtain the correct software fix, Cisco recommends visiting the Cisco Support and Downloads portal or contacting the Cisco Technical Assistance Center (TAC).  Conclusion   The rapid identification and patching of this critical flaw—stemming from a hard-coded JWT in the IOS XE Wireless Controller—emphasizes the ongoing importance of proactive network defense, especially in systems with high privilege access.   Cisco urges administrators to promptly apply available fixes, disable the vulnerable feature where feasible, and regularly consult the full set of advisories to ensure comprehensive protection.

image for Pakistani Firm Shipp ...

 A Little Sunshine

A Texas firm recently charged with conspiring to distribute synthetic opioids in the United States is at the center of a vast network of companies in the U.S. and Pakistan whose employees are accused of using online ads to scam westerners seeking help with trademarks, book writing, mobile app development and logo   show more ...

designs, a new investigation reveals. In an indictment (PDF) unsealed last month, the U.S. Department of Justice said Dallas-based eWorldTrade “operated an online business-to-business marketplace that facilitated the distribution of synthetic opioids such as isotonitazene and carfentanyl, both significantly more potent than fentanyl.” Launched in 2017, eWorldTrade[.]com now features a seizure notice from the DOJ. eWorldTrade operated as a wholesale seller of consumer goods, including clothes, machinery, chemicals, automobiles and appliances. The DOJ’s indictment includes no additional details about eWorldTrade’s business, origins or other activity, and at first glance the website might appear to be a legitimate e-commerce platform that also just happened to sell some restricted chemicals A screenshot of the eWorldTrade homepage on March 25, 2025. Image: archive.org. However, an investigation into the company’s founders reveals they are connected to a sprawling network of websites that have a history of extortionate scams involving trademark registration, book publishing, exam preparation, and the design of logos, mobile applications and websites. Records from the U.S. Patent and Trademark Office (USPTO) show the eWorldTrade mark is owned by an Azneem Bilwani in Karachi (this name also is in the registration records for the now-seized eWorldTrade domain). Mr. Bilwani is perhaps better known as the director of the Pakistan-based IT provider Abtach Ltd., which has been singled out by the USPTO and Google for operating trademark registration scams (the main offices for eWorldtrade and Abtach share the same address in Pakistan). In November 2021, the USPTO accused Abtach of perpetrating “an egregious scheme to deceive and defraud applicants for federal trademark registrations by improperly altering official USPTO correspondence, overcharging application filing fees, misappropriating the USPTO’s trademarks, and impersonating the USPTO.” Abtach offered trademark registration at suspiciously low prices compared to legitimate costs of over USD $1,500, and claimed they could register a trademark in 24 hours. Abtach reportedly rebranded to Intersys Limited after the USPTO banned Abtach from filing any more trademark applications. In a note published to its LinkedIn profile, Intersys Ltd. asserted last year that certain scam firms in Karachi were impersonating the company. FROM AXACT TO ABTACH Many of Abtach’s employees are former associates of a similar company in Pakistan called Axact that was shut down by Pakistani authorities for fraud in 2015. Axact met its demise not long after The New York Times ran a front-page story about the company’s most lucrative scam business: Hundreds of sites peddling fake college degrees and diplomas. People who purchased fake certifications were subsequently blackmailed by Axact employees posing as government officials, who would demand additional payments under threats of prosecution or imprisonment for having bought fraudulent “unauthorized” academic degrees. This practice created a continuous cycle of extortion, internally referred to as “upselling.” “Axact took money from at least 215,000 people in 197 countries — one-third of them from the United States,” The Times reported. “Sales agents wielded threats and false promises and impersonated government officials, earning the company at least $89 million in its final year of operation.” Dozens of top Axact employees were arrested, jailed, held for months, tried and sentenced to seven years for various fraud violations. But a 2019 research brief on Axact’s diploma mills found none of those convicted had started their prison sentence, and that several had fled Pakistan and never returned. “In October 2016, a Pakistan district judge acquitted 24 Axact officials at trial due to ‘not enough evidence’ and then later admitted he had accepted a bribe (of $35,209) from Axact,” reads a history (PDF) published by the American Association of Collegiate Registrars and Admissions Officers. In 2021, Pakistan’s Federal Investigation Agency (FIA) charged Bilwani and nearly four dozen others — many of them Abtach employees — with running an elaborate trademark scam. The authorities called it “the biggest money laundering case in the history of Pakistan,” and named a number of businesses based in Texas that allegedly helped move the proceeds of cybercrime. A page from the March 2021 FIA report alleging that Digitonics Labs and Abtach employees conspired to extort and defraud consumers. The FIA said the defendants operated a large number of websites offering low-cost trademark services to customers, before then “ignoring them after getting the funds and later demanding more funds from clients/victims in the name of up-sale (extortion).” The Pakistani law enforcement agency said that about 75 percent of customers received fake or fabricated trademarks as a result of the scams. The FIA found Abtach operates in conjunction with a Karachi firm called Digitonics Labs, which earned a monthly revenue of around $2.5 million through the “extortion of international clients in the name of up-selling, the sale of fake/fabricated USPTO certificates, and the maintaining of phishing websites.” According the Pakistani authorities, the accused also ran countless scams involving ebook publication and logo creation, wherein customers are subjected to advance-fee fraud and extortion — with the scammers demanding more money for supposed “copyright release” and threatening to release the trademark. Also charged by the FIA was Junaid Mansoor, the owner of Digitonics Labs in Karachi. Mansoor’s U.K.-registered company Maple Solutions Direct Limited has run at least 700 ads for logo design websites since 2015, the Google Ads Transparency page reports. The company has approximately 88 ads running on Google as of today.  Junaid Mansoor. Source: youtube/@Olevels․com School. Mr. Mansoor is actively involved with and promoting a Quran study business called quranmasteronline[.]com, which was founded by Junaid’s brother Qasim Mansoor (Qasim is also named in the FIA criminal investigation). The Google ads promoting quranmasteronline[.]com were paid for by the same account advertising a number of scam websites selling logo and web design services.  Junaid Mansoor did not respond to requests for comment. An address in Teaneck, New Jersey where Mr. Mansoor previously lived is listed as an official address of exporthub[.]com, a Pakistan-based e-commerce website that appears remarkably similar to eWorldTrade (Exporthub says its offices are in Texas). Interestingly, a search in Google for this domain shows ExportHub currently features multiple listings for fentanyl citrate from suppliers in China and elsewhere. The CEO of Digitonics Labs is Muhammad Burhan Mirza, a former Axact official who was arrested by the FIA as part of its money laundering and trademark fraud investigation in 2021. In 2023, prosecutors in Pakistan charged Mirza, Mansoor and 14 other Digitonics employees with fraud, impersonating government officials, phishing, cheating and extortion. Mirza’s LinkedIn profile says he currently runs an educational technology/life coach enterprise called TheCoach360, which purports to help young kids “achieve financial independence.” Reached via LinkedIn, Mr. Mirza denied having anything to do with eWorldTrade or any of its sister companies in Texas. “Moreover, I have no knowledge as to the companies you have mentioned,” said Mr. Mirza, who did not respond to follow-up questions. The current disposition of the FIA’s fraud case against the defendants is unclear. The investigation was marred early on by allegations of corruption and bribery. In 2021, Pakistani authorities alleged Bilwani paid a six-figure bribe to FIA investigators. Meanwhile, attorneys for Mr. Bilwani have argued that although their client did pay a bribe, the payment was solicited by government officials. Mr. Bilwani did not respond to requests for comment. THE TEXAS NEXUS KrebsOnSecurity has learned that the people and entities at the center of the FIA investigations have built a significant presence in the United States, with a strong concentration in Texas. The Texas businesses promote websites that sell logo and web design, ghostwriting, and academic cheating services. Many of these entities have recently been sued for fraud and breach of contract by angry former customers, who claimed the companies relentlessly upsold them while failing to produce the work as promised. For example, the FIA complaints named Retrocube LLC and 360 Digital Marketing LLC, two entities that share a street address with eWorldTrade: 1910 Pacific Avenue, Suite 8025, Dallas, Texas. Also incorporated at that Pacific Avenue address is abtach[.]ae, a web design and marketing firm based in Dubai; and intersyslimited[.]com, the new name of Abtach after they were banned by the USPTO. Other businesses registered at this address market services for logo design, mobile app development, and ghostwriting. A list published in 2021 by Pakistan’s FIA of different front companies allegedly involved in scamming people who are looking for help with trademarks, ghostwriting, logos and web design. 360 Digital Marketing’s website 360digimarketing[.]com is owned by an Abtach front company called Abtech LTD. Meanwhile, business records show 360 Digi Marketing LTD is a U.K. company whose officers include former Abtach director Bilwani; Muhammad Saad Iqbal, formerly Abtach, now CEO of Intersys Ltd; Niaz Ahmed, a former Abtach associate; and Muhammad Salman Yousuf, formerly a vice president at Axact, Abtach, and Digitonics Labs. Google’s Ads Transparency Center finds 360 Digital Marketing LLC ran at least 500 ads promoting various websites selling ghostwriting services . Another entity tied to Junaid Mansoor — a company called Octa Group Technologies AU — has run approximately 300 Google ads for book publishing services, promoting confusingly named websites like amazonlistinghub[.]com and barnesnoblepublishing[.]co. 360 Digital Marketing LLC ran approximately 500 ads for scam ghostwriting sites. Rameez Moiz is a Texas resident and former Abtach product manager who has represented 360 Digital Marketing LLC and RetroCube. Moiz told KrebsOnSecurity he stopped working for 360 Digital Marketing in the summer of 2023. Mr. Moiz did not respond to follow-up questions, but an Upwork profile for him states that as of April 2025 he is employed by Dallas-based Vertical Minds LLC. In April 2025, California resident Melinda Will sued the Texas firm Majestic Ghostwriting — which is doing business as ghostwritingsquad[.]com —  alleging they scammed her out of $100,000 after she hired them to help write her book. Google’s ad transparency page shows Moiz’s employer Vertical Minds LLC paid to run approximately 55 ads for ghostwritingsquad[.]com and related sites. Google’s ad transparency listing for ghostwriting ads paid for by Vertical Minds LLC. VICTIMS SPEAK OUT Ms. Will’s lawsuit is just one of more than two-dozen complaints over the past four years wherein plaintiffs sued one of this group’s web design, wiki editing or ghostwriting services. In 2021, a New Jersey man sued Octagroup Technologies, alleging they ripped him off when he paid a total of more than $26,000 for the design and marketing of a web-based mapping service. The plaintiff in that case did not respond to requests for comment, but his complaint alleges Octagroup and a myriad other companies it contracted with produced minimal work product despite subjecting him to relentless upselling. That case was decided in favor of the plaintiff because the defendants never contested the matter in court. In 2023, 360 Digital Marketing LLC and Retrocube LLC were sued by a woman who said they scammed her out of $40,000 over a book she wanted help writing. That lawsuit helpfully showed an image of the office front door at 1910 Pacific Ave Suite 8025, which featured the logos of 360 Digital Marketing, Retrocube, and eWorldTrade. The front door at 1910 Pacific Avenue, Suite 8025, Dallas, Texas. The lawsuit was filed pro se by Leigh Riley, a 64-year-old career IT professional who paid 360 Digital Marketing to have a company called Talented Ghostwriter co-author and promote a series of books she’d outlined on spirituality and healing. “The main reason I hired them was because I didn’t understand what I call the formula for writing a book, and I know there’s a lot of marketing that goes into publishing,” Riley explained in an interview. “I know nothing about that stuff, and these guys were convincing that they could handle all aspects of it. Until I discovered they couldn’t write a damn sentence in English properly.” Riley’s well-documented lawsuit (not linked here because it features a great deal of personal information) includes screenshots of conversations with the ghostwriting team, which was constantly assigning her to new writers and editors, and ghosting her on scheduled conference calls about progress on the project. Riley said she ended up writing most of the book herself because the work they produced was unusable. “Finally after months of promising the books were printed and on their way, they show up at my doorstep with the wrong title on the book,” Riley said. When she demanded her money back, she said the people helping her with the website to promote the book locked her out of the site. A conversation snippet from Leigh Riley’s lawsuit against Talented Ghostwriter, aka 360 Digital Marketing LLC. “Other companies once they have you money they don’t even respond or do anything,” the ghostwriting team manager explained. Riley decided to sue, naming 360 Digital Marketing LLC and Retrocube LLC, among others.  The companies offered to settle the matter for $20,000, which she accepted. “I didn’t have money to hire a lawyer, and I figured it was time to cut my losses,” she said. Riley said she could have saved herself a great deal of headache by doing some basic research on Talented Ghostwriter, whose website claims the company is based in Los Angeles. According to the California Secretary of State, however, there is no registered entity by that name. Rather, the address claimed by talentedghostwriter[.]com is a vacant office building with a “space available” sign in the window. California resident Walter Horsting discovered something similar when he sued 360 Digital Marketing in small claims court last year, after hiring a company called Vox Ghostwriting to help write, edit and promote a spy novel he’d been working on. Horsting said he paid Vox $3,300 to ghostwrite a 280-page book, and was upsold an Amazon marketing and publishing package for $7,500. In an interview, Horsting said the prose that Vox Ghostwriting produced was “juvenile at best,” forcing him to rewrite and edit the work himself, and to partner with a graphical artist to produce illustrations. Horsting said that when it came time to begin marketing the novel, Vox Ghostwriting tried to further upsell him on marketing packages, while dodging scheduled meetings with no follow-up. “They have a money back guarantee, and when they wouldn’t refund my money I said I’m taking you to court,” Horsting recounted. “I tried to serve them in Los Angeles but found no such office exists. I talked to a salon next door and they said someone else had recently shown up desperately looking for where the ghostwriting company went, and it appears there are a trail of corpses on this. I finally tracked down where they are in Texas.” It was the same office that Ms. Riley served her lawsuit against. Horsting said he has a court hearing scheduled later this month, but he’s under no illusions that winning the case means he’ll be able to collect. “At this point, I’m doing it out of pride more than actually expecting anything to come to good fortune for me,” he said. The following mind map was helpful in piecing together key events, individuals and connections mentioned above. It’s important to note that this graphic only scratches the surface of the operations tied to this group. For example, in Case 2 we can see mention of academic cheating services, wherein people can be hired to take online proctored exams on one’s behalf. Those who hire these services soon find themselves subject to impersonation and blackmail attempts for larger and larger sums of money, with the threat of publicly exposing their unethical academic cheating activity. A “mind map” illustrating the connections between and among entities referenced in this story. Click to enlarge. GOOGLE RESPONDS KrebsOnSecurity reviewed the Google Ad Transparency links for nearly 500 different websites tied to this network of ghostwriting, logo, app and web development businesses. Those website names were then fed into spyfu.com, a competitive intelligence company that tracks the reach and performance of advertising keywords. Spyfu estimates that between April 2023 and April 2025, those websites spent more than $10 million on Google ads. Reached for comment, Google said in a written statement that it is constantly policing its ad network for bad actors, pointing to an ads safety report (PDF) showing Google blocked or removed 5.1 billion bad ads last year — including more than 500 million ads related to trademarks. “Our policy against Enabling Dishonest Behavior prohibits products or services that help users mislead others, including ads for paper-writing or exam-taking services,” the statement reads. “When we identify ads or advertisers that violate our policies, we take action, including by suspending advertiser accounts, disapproving ads, and restricting ads to specific domains when appropriate.” Google did not respond to specific questions about the advertising entities mentioned in this story, saying only that “we are actively investigating this matter and addressing any policy violations, including suspending advertiser accounts when appropriate.” From reviewing the ad accounts that have been promoting these scam websites, it appears Google has very recently acted to remove a large number of the offending ads. Prior to my notifying Google about the extent of this ad network on April 28, the Google Ad Transparency network listed over 500 ads for 360 Digital Marketing; as of this publication, that number had dwindled to 10. On April 30, Google announced that starting this month its ads transparency page will display the payment profile name as the payer name for verified advertisers, if that name differs from their verified advertiser name. Searchengineland.com writes the changes are aimed at increasing accountability in digital advertising. This spreadsheet lists the domain names, advertiser names, and Google Ad Transparency links for more than 350 entities offering ghostwriting, publishing, web design and academic cheating services. KrebsOnSecurity would like to thank the anonymous security researcher NatInfoSec for their assistance in this investigation. For further reading on Abtach and its myriad companies in all of the above-mentioned verticals (ghostwriting, logo design, etc.), see this Wikiwand entry.

image for Life Without CVEs? I ...

 Feed

Despite all MITRE has done for cybersecurity, it is clear we should not wait 11 months to discuss the future of the CVE database. It's simply too important for that.

 Feed

The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. "LOSTKEYS is capable of stealing files from a hard-coded list of extensions and directories, along with sending system information and running processes to the attacker," the Google Threat

 Feed

Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been rated 10.0 on the CVSS scoring system. "This vulnerability is due to the presence of a hard-coded JSON Web Token (JWT) on an

 Feed

Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. "NETXLOADER is a new .NET-based loader that plays a critical role in cyber attacks," Trend Micro researchers Jacob Santos, Raymart Yambot, John Rainier Navato, Sarah Pearl

 Feed

61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It is a configuration problem. Organizations are beginning to understand that a security control installed or deployed is not

 Feed

The nation-state threat actor known as MirrorFace has been observed deploying malware dubbed ROAMINGMOUSE as part of a cyber espionage campaign directed against government agencies and public institutions in Japan and Taiwan. The activity, detected by Trend Micro in March 2025, involved the use of spear-phishing lures to deliver an updated version of a backdoor called ANEL. "The ANEL file from

 Feed

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin. "FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io

 Feed

SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below - CVE-2025-32819 (CVSS score: 8.8) - A vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user privileges to bypass the path traversal checks and delete an

 Data loss

Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of "Malware or metal?", and we wonder just happens when you have sex on top of a piano?   show more ...

All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault. Plus! Don't miss our featured interview with Jon Cho of Dashlane.

 Cyber Security News

Source: thehackernews.com – Author: . The Russia-linked threat actor known as COLDRIVER has been observed distributing a new malware called LOSTKEYS as part of an espionage-focused campaign using ClickFix-like social engineering lures. “LOSTKEYS is capable of stealing files from a hard-coded list of   show more ...

extensions and directories, along with sending system information and running processes to […] La entrada Russian Hackers Using ClickFix Fake CAPTCHA to Deploy New LOSTKEYS Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cisco

Source: thehackernews.com – Author: . Cisco has released software fixes to address a maximum-severity security flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files to a susceptible system. The vulnerability, tracked as CVE-2025-20188, has been   show more ...

rated 10.0 on the CVSS scoring system. “This vulnerability is due […] La entrada Cisco Patches CVE-2025-20188 (10.0 CVSS) in IOS XE That Enables Root Exploits via JWT – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko According to Sophos, ransomware recovery costs surged to $2.73 million in 2024—marking a staggering 500% increase over the previous year and highlighting the growing financial impact of cyberattacks. As ransomware continues to dominate the threat landscape,   show more ...

adversaries are rapidly evolving their techniques and developing new malware variants. One of […] La entrada Gunra Ransomware Detection: New Threat Targets Various Industries Globally Using Double-Extortion Tactics and Advanced Malicious Behaviors – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Blog

Source: socprime.com – Author: Veronika Telychko Gartner projects that by 2026, 10% of large enterprises will have developed mature and measurable zero-trust programs in place, a significant rise from less than 1% today. Zero-trust architecture (ZTA) replaces implicit trust with dynamic, risk-based   show more ...

authentication and continuous verification, adapting security postures in real time. Organizations without a […] La entrada What Is Zero-Trust Security – Source: socprime.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Iain Thomson An education tech provider that paid a ransom to prevent the leak of stolen student and teacher data is now watching its school district customers get individually extorted by either the same ransomware crew that hit it – or someone connected to the crooks. In   show more ...

December, PowerSchool – whose […] La entrada PowerSchool paid thieves to delete stolen student, teacher data. Crooks may have lied – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 After

Source: go.theregister.com – Author: Thomas Claburn CrowdStrike – the Texas antivirus slinger famous for crashing millions of Windows machines last year – plans to cut five percent of its staff, or about 500 workers, in pursuit of “greater efficiencies,” according to CEO and co-founder George   show more ...

Kurtz. In a letter to staff, included in a regulatory […] La entrada After that 2024 Windows fiasco, CrowdStrike has a plan – jobs cuts, leaning on AI – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Richard Speed A federal judge has cleared the runway for a class action from disgruntled passengers against Delta Air Lines as turbulence from last year’s CrowdStrike debacle continues to buffet the carrier. Delta was one of the US airlines most severely hit by the   show more ...

outage, which was caused by a faulty […] La entrada Delta Air Lines class action cleared for takeoff over CrowdStrike chaos – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Richard Speed Mirror, mirror on the wall, who is the slurpiest mobile browser of them all? The answer, according to VPN vendor Surfshark, is Chrome. Surfshark’s research focused on the top ten browsers based on AppMagic rankings. This included Safari due to it being   show more ...

the default browser on iPhones. Between them, […] La entrada You’ll never guess which mobile browser is the worst for data collection – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Connor Jones Curl project founder Daniel Stenberg is fed up with of the deluge of AI-generated “slop” bug reports and recently introduced a checkbox to screen low-effort submissions that are draining maintainers’ time. Stenberg said the amount of time it   show more ...

takes project maintainers to triage each AI-assisted vulnerability report made via […] La entrada Curl project founder snaps over deluge of time-sucking AI slop bug reports – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Matthew Rosenquist Many don’t realize that cyberattacks against Critical Infrastructure sectors, can cause more than an inconvenience of a temporary power outage.   Critical Infrastructures are a favorite of aggressive Nation State cyber threats.  In addition to   show more ...

communications disruptions, power outages, and healthcare billing, these attacks can also seek to disrupt […] La entrada Cyberattacks on Critical Infrastructures Makes Us Very Vulnerable – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.csoonline.com – Author: The cloud has become an enterprise security soft spot, and the challenges involved in gathering activity logs from your vendor isn’t helping. Here’s how to get what you need from Microsoft. Enterprise security has never been a box-checking exercise, but the list of   show more ...

necessary protection technologies and configurations never seems to […] La entrada How to capture forensic evidence for Microsoft 365 – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 business continuity

Source: www.csoonline.com – Author: Despite escalating geopolitical conflicts, most companies have not formalized up-to-date plans on how to navigate complex scenarios that could have dire impacts on their operations and business. This week began with UK Prime Minister Sir Keir Starmer ordering government   show more ...

officials to update their contingency plans in the event of all-out war. […] La entrada India-Pakistan conflict underscores your C-suite’s need to prepare for war – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: News Analysis May 7, 20254 mins Security SoftwareWindows SecurityZero-Day Vulnerabilities Researchers found evidence that the CVE-2025-29824 privilege escalation flaw patched by Microsoft in April was known and used by the Play ransomware gang in addition to a group that   show more ...

Microsoft tracked as Storm-2460. A privilege escalation vulnerability that Microsoft patched as […] La entrada Windows flaw exploited as zero-day by more groups than previously thought – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 authentication

Source: www.csoonline.com – Author: News May 7, 20254 mins AuthenticationWindows Security Second authentication glitch in a month affects a subset of Windows Hello for Business users. A fix introduced into Windows last month to close a weakness in Kerberos authentication is causing logon failures for some   show more ...

Windows Hello for Business (WHfB) users, Microsoft has warned. […] La entrada Security update causes new problem for Windows Hello for Business authentication – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.computerworld.com – Author: news May 7, 20255 mins MalwareMessaging SecuritySurveillance The court case exposed the inner workings of the commercial surveillance industry. Israeli surveillance firm NSO Group must pay almost $168 million in damages for exploiting WhatsApp to deploy its notorious   show more ...

Pegasus spyware against users worldwide, the jury in a US court said Tuesday. […] La entrada Meta wins $168M judgment against spyware seller NSO Group – Source: www.computerworld.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Developers adept at multiple coding languages are tricked into installing a familiar-sounding package from within the Node Package Manager registry instead of the original source. Hackers are abusing the Node Package Manager (NPM) registry — a database of JavaScript   show more ...

packages — to target multi-language developers with typo-squatted packages containing stealers and […] La entrada Hackers booby trap NPM with cross-language imposter packages – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Die Großbrauerei Oettinger wurde Ziel einer Cyberattacke. Die Täter erpressen das Unternehmen nun mit verschlüsselten Daten. Cyberkriminelle haben die IT-Systeme der Brauerei Oettinger verschlüsselt. Die Produktion ist nicht betroffen. defotoberg – shutterstock.com In   show more ...

Darknet ist kürzlich ein Post der Cyberbande Ransomhouse aufgetaucht, in dem es um einen Cyberangriff auf die deutsche […] La entrada Ransomware-Bande erpresst Brauerei Oettinger – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Nicole is a Senior Process Engineer at Stryker. Learn more about her work as a Manufacturing Engineer and how you can #BeThatEngineer! Source Views: 0 La entrada A Day in the Life of a Manufacturing Engineer: Nicole Tacopina se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Maria Pritchett is a 4th year chemical engineering student at Case Western Reserve University. Learn more about Maria and her experience as a manufacturing engineering student below! Source Views: 0 La entrada Manufacturing Student Spotlight se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Co-op

Source: grahamcluley.com – Author: Graham Cluley Skip to content Brits face empty shelves and suspended meal deals as cybercriminals hit major high street retailers, and a terminated Disney employee gets revenge with a little help with Wingdings. Plus Graham challenges Carole to a game of “Malware or   show more ...

metal?”, and we wonder just happens when you […] La entrada Smashing Security podcast #416: High street hacks, and Disney’s Wingdings woe – Source: grahamcluley.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Lockbit ransomware group has been compromised, attackers stole and leaked data contained in the backend infrastructure of their dark web site. Hackers compromised the dark web leak site of the LockBit ransomware gang and defaced it, posting a message and   show more ...

a link to the dump of the MySQL database […] La entrada The LockBit ransomware site was breached, database dump was leaked online – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cisco addressed a flaw in its IOS XE Wireless Controller that could enable an unauthenticated, remote attacker to upload arbitrary files. Cisco released software updates to address a vulnerability, tracked as CVE-2025-20188 (CVSS score 10), in IOS XE   show more ...

Wireless Controller. An unauthenticated, remote attacker can exploit the flaw to load […] La entrada Cisco fixed a critical flaw in its IOS XE Wireless Controller – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds GoVision device flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Qualitia Active! Mail, Broadcom Brocade Fabric   show more ...

OS, and Commvault Web Server flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the descriptions for […] La entrada U.S. CISA adds GoVision device flaws to its Known Exploited Vulnerabilities catalog – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Polish police arrested 4 people behind DDoS-for-hire platforms used in global attacks, offering takedowns for as little as €10 via six stresser services. Polish authorities arrested 4 people linked to 6 DDoS-for-hire platforms, Cfxapi, Cfxsecurity,   show more ...

neostress, jetstress, quickdown, and zapcut, used to launch attacks worldwide for as little as […] La entrada Polish authorities arrested 4 people behind DDoS-for-hire platforms – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The Play ransomware gang exploited a high-severity Windows Common Log File System flaw in zero-day attacks to deploy malware. The Play ransomware gang has exploited a Windows Common Log File System flaw, tracked as CVE-2025-29824, in zero-day attacks   show more ...

to gain SYSTEM privileges and deploy malware on compromised systems. The vulnerability CVE-2025-29824, (CVSS score […] La entrada Play ransomware affiliate leveraged zero-day to deploy malware – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have exposed what they say is an “industrial-scale, global cryptocurrency phishing operation” engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat   show more ...

intelligence firms SentinelOne and Validin. “FreeDrain uses SEO manipulation, free-tier web services (like gitbook.io, webflow.io, and github.io […] La entrada 38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . 61% of security leaders reported suffering a breach due to failed or misconfigured controls over the past 12 months. This is despite having an average of 43 cybersecurity tools in place. This massive rate of security failure is clearly not a security investment problem. It   show more ...

is a configuration problem. Organizations […] La entrada Security Tools Alone Don’t Protect You — Control Effectiveness Does – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . SonicWall has released patches to address three security flaws affecting SMA 100 Secure Mobile Access (SMA) appliances that could be fashioned to result in remote code execution. The vulnerabilities are listed below – CVE-2025-32819 (CVSS score: 8.8) – A   show more ...

vulnerability in SMA100 allows a remote authenticated attacker with SSL-VPN user […] La entrada SonicWall Patches 3 Flaws in SMA 100 Devices Allowing Attackers to Run Code as Root – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader   show more ...

that plays a critical role in cyber attacks,” Trend Micro […] La entrada Qilin Ransomware Ranked Highest in April 2025 with Over 45 Data Leak Disclosures – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Thursday, May 08
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly