Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Philippines Prepares ...

 Firewall Daily

The Commission on Elections (COMELEC) has teamed up with leading technology firms, including Microsoft, to ensure that the upcoming Philippine elections are protected from cyber threats and misinformation. According to the latest Microsoft report, in the past 18 months, over two billion people around the world have   show more ...

participated in national elections, but the security is increasingly under threat.  The 2025 Philippine general election is being held in May 2025, to elect all 317 House members and 12 Senate seats. Local elections are also taking place nationwide. The Bangsamoro Parliament’s first regular election, postponed in 2022, is set for October 13, 2025. This is the first automated election overseen by Miru Systems after the COMELEC disqualified Smartmatic. Microsoft is working with election commissions and world governments to protect elections globally. In the Philippines, the tech giant has provided the COMELEC with Microsoft’s AccountGuard, a cybersecurity tool designed to protect political parties and campaigns from cyberattacks. This partnership follows Microsoft’s promises made during the US Presidential Trade Mission and builds on previous initiatives, such as collaboration with media organizations like CNN to counter misinformation.  The Rising Threat of AI and Deepfakes  The adoption of the digital ecosystem has brought with it a new breed of threats, particularly in the form of AI-driven disinformation campaigns. In the Philippines, foreign influence actors and domestic troll farms are using AI-generated videos, images, and text to sway public opinion about political candidates and issues, including sensitive matters like the South China Sea territorial disputes. These AI-generated deepfakes—manipulated media designed to deceive and manipulate—pose cybersecurity risks to the electoral process.  With the ability to convincingly alter appearances and voices, deepfakes can be used to spread misleading information, undermine trust in political candidates, and disrupt the democratic process. In response to these threats, Philippine legislators have created a National Deepfake Task Force, aiming to regulate the use of such technologies and mitigate their impact.  A Multi-Layered Approach to Combat Deepfakes  To address this threat of deepfakes, Microsoft has implemented a strategy to combat manipulated media. Drawing from its experience in Canada, Microsoft is using advanced AI tools to detect and mitigate deepfake content. Additionally, the company works closely with experts, policymakers, and the Philippine government to develop regulations and standards to prevent the misuse of AI.  Microsoft’s deepfake detection technology is an essential tool in maintaining the integrity of people's choices. By providing political parties and the public with the knowledge and tools to identify and report suspicious media, the tech giant is helping to create a more informed electorate. The goal is to empower citizens to discern between real and fake content, ensuring that voters have access to reliable, accurate information.  Microsoft’s approach to protecting the Philippine elections goes beyond technology; it also includes education and awareness. The company offers training sessions to political parties, explaining the dangers of deepfakes and providing them with the tools to protect their campaigns. These sessions also offer guidance on how to recognize manipulated media and how to respond to such threats.  The Democracy Forward initiative, launched by Microsoft, seeks to preserve and advance democracy by combating the deceptive use of AI. This initiative promotes a healthy information ecosystem, ensures open and secure democratic processes, and encourages corporate civic responsibility. The company’s commitment to promoting transparency and accountability is central to its mission of protecting the Philippine elections.  Key Tools and Strategies to Protect the Philippine Elections  To provide protection, Microsoft offers a range of tools and services. These include indexed media repositories, Defender for Office 365, and secure content management systems for credentialing. Microsoft’s AccountGuard service adds a layer of protection for high-risk organizations such as political campaigns and media outlets.  In addition to these services, the company has also developed a Deepfake Reporting Tool, which allows users to flag AI-generated media on any Microsoft platform or service that may be used to manipulate electoral campaigns. This tool is essential for fighting against the spread of false information and ensuring that political campaigns can focus on engaging with voters rather than battling disinformation.  Conclusion   Microsoft’s efforts to protect the Philippine elections are part of a global initiative to preserve electoral integrity through collaboration with election officials, media, and political parties. By using tools like AccountGuard and the Election Communications Hub, Microsoft ensures a coordinated approach to fight cyber threats and misinformation.  

image for Türkiye-linked Hack ...

 Espionage

When a zero-day flaw surfaces in an enterprise tool that no one talks about publicly, it's tempting to write it off as niche. But Marbled Dust’s recent campaign exploiting CVE-2025-27920 in Output Messenger is anything but. Microsoft Threat Intelligence has linked a string of targeted cyberattacks to Marbled   show more ...

Dust, a Türkiye-affiliated threat actor, using a previously unknown vulnerability in Output Messenger—a self-hosted enterprise chat app. The campaign, ongoing since April 2024, targeted Kurdish military-linked users in Iraq and reflects a growing shift in how regionally motivated cyber-espionage unfolds. Output Messenger: The Tool You Didn’t Expect to Matter Output Messenger isn’t WhatsApp or Slack. It’s a low-profile, multiplatform chat tool often used by organizations looking for on-prem communication. That makes it a perfect blind spot—not widely scrutinized, but widely trusted within internal networks. Marbled Dust saw the opportunity and pounced. The attackers used CVE-2025-27920—a directory traversal flaw in Output Messenger Server Manager—to plant malicious scripts in the startup folder. From there, they executed a stealthy multi-stage backdoor deployment, with exfiltration domains and C2 infrastructure cleverly masked under seemingly benign domains like api.wordinfos[.]com. Microsoft credits Srimax, Output Messenger’s vendor, for releasing timely patches (v2.0.62+), but many organizations are still unpatched. That’s where Marbled Dust gets its access. Inside the Marbled Dust Attack Chain The campaign starts with Marbled Dust gaining authenticated access to Output Messenger’s Server Manager. Microsoft isn’t entirely sure how those credentials are initially harvested, but suspects DNS hijacking and typo-squatted login portals—tactics the group has used before. [caption id="attachment_102636" align="aligncenter" width="600"] Marbled Dust Attack Chain (Source: Microsoft Threat Intelligence)[/caption] Once in, the threat actor uploads a malicious VBS file to the Windows startup folder, exploiting the directory traversal bug. This script launches OMServerService.exe, a GoLang backdoor disguised as a legitimate service file. GoLang offers a bonus: platform agnosticism and fewer signature-based detections. The backdoor connects to Marbled Dust’s C2 domain, checks connectivity, sends host data, and then executes further commands based on what the attacker sends back. In one case, a victim’s device was seen uploading sensitive files packaged in a RAR archive using PuTTY’s command-line client, plink.exe, as the data exfiltration vehicle. On the client side, users who downloaded infected Output Messenger installers got more than they expected. The installer bundled the legit OutputMessenger.exe with a secondary payload—OMClientService.exe, another GoLang backdoor pinging the same C2 endpoint. Who Is Marbled Dust? Microsoft links Marbled Dust to past DNS hijacking and credential-harvesting campaigns. The group overlaps with activity known as Sea Turtle (APT) and UNC1326, and has been observed targeting organizations with interests adverse to Ankara’s. Their focus areas include the Middle East and Europe, with recent emphasis on telecom and government sectors. This campaign signals a shift. While earlier Marbled Dust activity relied on known vulnerabilities, the use of a true zero-day suggests either growing internal capabilities or increased urgency in their operational objectives. Why The Output Messenger Exploit Matters This is a lesson in how fringe enterprise tools can become high-value targets. While most security teams are busy patching the usual suspects (Office macros, web proxies, VPNs), tools like Output Messenger quietly hum along in the background—until someone like Marbled Dust takes interest. And let’s be clear: this isn’t a commodity threat. It’s regional espionage with carefully picked targets and minimal noise. The entire campaign operated with precision, focused on credential theft, internal surveillance, and quiet access—not ransomware or mass disruption. What You Should Do Now Microsoft urges immediate patching of Output Messenger to versions 2.0.62 (server) and 2.0.63 (client). Organizations using this app should: Audit all current installations for signs of the exploit (look for unusual VBS and EXE files in startup directories) Monitor outbound connections to api.wordinfos[.]com Check for unauthorized use of plink.exe or outbound SSH sessions Isolate any systems communicating with suspicious C2 infrastructure Marbled Dust’s campaign isn’t about splashy headlines. It’s quiet, focused, and a warning shot to organizations using obscure enterprise software without hardening them. Zero-days don’t just live in browsers and VPNs anymore. They live in your internal chat apps, your ticketing systems, your software you forgot to watch. And attackers? They’re watching all of it.

image for Texas AG Paxton Take ...

 Firewall Daily

Texas Attorney General Ken Paxton has reached a $1.375 billion settlement with tech giant Google, marking the largest amount ever recovered by a single state in a data privacy lawsuit. This historic agreement comes in response to allegations that Google unlawfully tracked and harvested sensitive user data, violating   show more ...

Texans' rights.  Originally filed in 2022, the lawsuit accused Google of secretly collecting user information related to geolocation tracking, private "incognito" searches, and even biometric identifiers such as voiceprints and facial geometry. According to the complaint, these actions were carried out without proper consent or transparency, putting millions of users’ private data at risk.  General Ken Paxton emphasized that the settlement sends a powerful message to technology companies that operate in Texas. “In Texas, Big Tech is not above the law,” said Paxton. “For years, Google secretly tracked people’s movements, private searches, and even their voiceprints and facial geometry through their products and services. I fought back and won.”  Largest State-Led Recovery in a Privacy Case  The scale of this settlement far surpasses any similar resolution achieved by other states. For comparison, the highest settlement reached by any individual state before this was $93 million. A 40-state coalition managed to secure $391 million collectively—almost $1 billion less than what Texas accomplished independently. This extraordinary result highlights Paxton’s aggressive strategy in enforcing state privacy laws and defending the rights of Texans. General Paxton’s office has led several notable enforcement actions targeting Big Tech’s misuse of personal data. In July, he secured a $1.4 billion settlement with a social media company over its unlawful use of facial recognition technology—the largest settlement ever achieved by a single state in a biometric data case. Previously, Texas had also reached $700 million and $8 million settlements with Google concerning anticompetitive conduct and deceptive trade practices, respectively.  Shaping the Future of Data Privacy and Big Tech Accountability  “This $1.375 billion settlement is a major win for Texans’ privacy and tells companies that they will pay for abusing our trust,” said Paxton. “I will always protect Texans by stopping Big Tech’s attempts to make a profit by selling away our rights and freedoms.”  The case may influence how other states pursue tech companies under their own state privacy laws, with growing momentum nationwide for better protections. Legal experts see this as a turning point that could inspire tighter enforcement and clearer legislation around data use.  General Ken Paxton extended his gratitude to Norton Rose Fulbright, which served as outside counsel for the Office of the Attorney General during the litigation. As concerns about digital surveillance and consumer privacy mount, this record-setting agreement marks a new era in the fight for these rights. 

image for CVE-2024-26809: Crit ...

 Firewall Daily

A critical security flaw has been discovered in the Linux kernel's nftables subsystem, which is responsible for packet filtering in modern Linux distributions. This flaw, a double-free vulnerability, allows local attackers to escalate their privileges and execute arbitrary code. Nftables serves as the successor to   show more ...

the legacy iptables framework, providing a unified interface for network packet filtering. It operates through components such as tables, sets, chains, and rules, utilizing a "Packet Processing Pipeline" for efficient rule matching. The flaw resides in the nft_set_pipapo implementation, specifically within the nft_pipapo_destroy() function. When a set is marked as "dirty" (modified but not committed), the function attempts to destroy all its elements. However, an element may exist in both the match and clone structures simultaneously, leading to a double-free scenario when the set is destroyed, thereby corrupting memory and enabling potential exploitation.  Exploitation Mechanics of CVE-2024-26809  An attacker can exploit CVE-2024-26809 by performing the following steps:  Create a pipapo set (Set A).  Add elements (B and C) to Set A.  Mark Set A as dirty by adding a third element (D).  Delete Set A, triggering the nft_pipapo_destroy() function. This sequence results in the double-free of elements B and C, allowing the attacker to manipulate the heap and potentially execute arbitrary code. The flaw arises because the nft_pipapo_destroy() function does not properly handle the destruction of elements in the match and clone structures when the set is dirty. This oversight leads to the double-free condition, which can be exploited to achieve privilege escalation.  Mitigation and Fixes  The Linux kernel development community has addressed the vulnerability by implementing several fixes:  Ensuring that the cloning process always provides a current view of the lookup table.  Integrating nft_set_pipapo into the commit protocol to prevent double-free occurrences.  Releasing elements in the clone structure only from the destroy path. These changes were introduced in commit 212ed75dc5fb, following the earlier commit 9827a0e6e23b, which addressed related issues. Users are advised to update their systems to kernel versions that include these fixes to mitigate the risk associated with this flaw. Conclusion  This flaw highlights the importance of rigorous memory management in kernel development. The double-free vulnerability in the nftables subsystem highlights the potential security risks inherent in complex packet filtering mechanisms. System administrators and users are strongly encouraged to apply the necessary patches to protect against potential exploitation of this flaw.

image for The ransomware lands ...

 Business

May 12 is World Anti-Ransomware Day. On this memorable day, established in 2020 by both INTERPOL and Kaspersky, we want to discuss the trends that can be traced in ransomware incidents and serve as proof that negotiations with attackers and payments in cryptocurrency are becoming an increasingly  bad idea. Low   show more ...

quality of decryptors When a companys infrastructure is encrypted as a result of an attack, the first thing a business wants to do is to get back to normal operations by recovering data on workstations and servers as quickly as possible. From the ransom notes, it may seem that, after paying the ransom, the company will receive a decryptor app that will quickly return all the information to its original state and allow resuming work processes almost painlessly. In practice, this almost never happens. First, some extortionists simply deceive their victims and dont send a decryptor at all. Such cases became widely known, for example, thanks to the leak of internal correspondence of the Black Basta ransomware group. Second, the cybercriminals specialize in encryption, not decryption, so they put little effort into their decryptor applications; the result is that they work poorly and slowly. It may turn out that restoring data from a backup copy is much faster than using the attackers utility. Their decryptors often crash when encountering exotic file names or access-rights conflicts (or simply for no apparent reason), and they do not have a mechanism for continuing decryption from the point where it was interrupted. Sometimes, due to faulty logic, they simply corrupt files. Repeated attacks Its common knowledge that a blackmailer will always be able to keep on blackmailing; blackmailing with ransomware is just the same. Cybercriminal gangs communicate with each other, and affiliates switch between ransomware-as-a-service providers. In addition, when law enforcement agencies successfully stop a gang, theyre not always able to arrest all of its members, and those whove evaded capture take up their old tricks in another group. As a result, information about someone successfully collecting a ransom from a victim becomes known to the new gang, which tries to attack the same organization – often successfully. Tightening of legislation Modern attackers not only encrypt, but also steal data, which creates long-term risks for a company. After a ransomware attack, a company has three main options: publicly report the incident and restore operations and data without communicating with the cybercriminals; report the incident, but pay a ransom to restore the data and prevent its publication; conceal the incident by paying a ransom for silence. The latter option has always been a ticking time bomb – as the cases of Westend Dental and Blackbaud prove. Moreover, many countries are now passing laws that make such actions illegal. For example: the NIS2 (network and information security) directive and DORA (Digital Operational Resilience Act) adopted in the EU require companies in many industries, as well as large and critical businesses, to promptly report cyber incidents, and also impose significant cyber resilience requirements on organizations; a law is being discussed in the UK that would prohibit government organizations and critical infrastructure operators from paying ransoms, and would also require all businesses to promptly report ransomware incidents; the Cybersecurity Act has been updated in Singapore, requiring critical information infrastructure operators to report incidents, including ones related to supply-chain attacks and to any customer service interruptions; a package of federal directives and state laws in the U.S. prohibiting large payments (more than $100,000) to cybercriminals, and also requiring prompt reporting of incidents is under discussion and has been partially adopted in the United States. Thus, even having successfully recovered from an incident, a company that secretly paid extortionists risks receiving unpleasant consequences for many years to come if the incident becomes public (for example, after the extortionists are arrested). Lack of guarantees Often, companies pay not for decryption, but for an assurance that stolen data wont be published and that the attack will remain confidential. But theres never any guarantee that this information wont surface somewhere later. As recent incidents show, disclosure of the attack itself and stolen corporate data can be possible in several scenarios: As a result of an internal conflict among attackers. For example, due to disagreements within a group or an attack by one group on the infrastructure of another. As a result, the victims data is published in order to take revenge, or its leaked to help in destroying the assets of a competing gang. In 2025, victims data appeared in a leak of internal correspondence of the Black Basta gang; another disclosure of victims data was made when the DragonForce group destroyed and seized the infrastructure of two rivals, BlackLock and Mamona. On May 7, the Lockbit website was hacked and data from the admin panel was made publicly available – listing and describing in detail all the groups victims over the past six months. During a raid by law enforcement agencies on a ransomware group. The police, of course, wont publish the data itself, but the fact that the incident took place would will be disclosed. Last year, Lockbit victims became known like this. Due to a mistake made by the ransomware group itself. Ransomware groups infrastructure is often not particularly well protected, and the stolen data can be accidentally found by security researchers, competitors, or just random people. The most striking example was a giant collection of data stolen from five large companies by various ransomware gangs, and published in full by the hacktivist collective DDoSecrets. Ransomware may not be the main problem Thanks to the activities of law enforcement agencies and the evolution of legislation, the portrait of a typical ransomware group has changed dramatically. The activity of large groups typical of incidents in 2020-2023 has decreased, and ransomware-as-a-service schemes have come to the fore, in which the attacking party can be very small teams or even individuals. An important trend has emerged: as the number of encryption incidents has increased, the total amount of ransoms paid has decreased. There are two reasons for this: firstly, victims increasingly refuse to pay, and secondly, many extortionists are forced to attack smaller companies and ask for a smaller ransom. More detailed statistics can be found in our report on Securelist. But the main change is that thereve been more cases where attackers have mixed motives; for example, one and the same group conducts espionage campaigns and simultaneously infects the infrastructure with ransomware. Sometimes the ransomware serves only as a smokescreen to disguise espionage, and sometimes the attackers are apparently carrying out someones order for information extraction, and using extortion as an additional source of income. For business owners and managers, this means that in the case of a ransomware incident, its impossible to fully understand the attackers motivation or check its reputation. How to deal with a ransomware incident The conclusion is simple: paying money to ransomware operators may be not the solution, but a prolongation and deepening of the problem. The key to a quick business recovery is a response plan prepared in advance. Organizations need to implement detailed plans for IT and infosec departments to respond to a ransomware incident. Special attention should be given to scenarios for isolating hosts and subnets, disabling VPN and remote access, and deactivating accounts (including primary administrative ones), with a transition to backup accounts. Regular training on restoring backups is also a good idea. And dont forget to store those backups in an isolated system where they cannot be corrupted by an attack. To implement these measures and be able to respond ASAP while an attack has not yet affected the entire network, its necessary to implement a constant deep monitoring process: large companies will benefit from a XDR solution, while smaller businesses can get high-quality monitoring and response by subscribing to an MDR service.

 Feed

Threat actors have been observed leveraging fake artificial intelligence (AI)-powered tools as a lure to entice users into downloading an information stealer malware dubbed Noodlophile. "Instead of relying on traditional phishing or cracked software sites, they build convincing AI-themed platforms – often advertised via legitimate-looking Facebook groups and viral social media campaigns,"

 Feed

What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now quietly taking over the overlooked: outdated software, unpatched IoT devices, and open-source packages. It's not just clever—it’s

 Feed

Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian's State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority of exposed company secrets discovered in public repositories remain valid for years after detection, creating an expanding attack

 Feed

ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that's designed to automatically detect the motherboard model of a computer and display necessary driver updates for subsequent installation by communicating with a

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45  |  Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION  |  Ascension reveals personal data of 437,329 patients exposed in cyberattack  |  Operation   show more ...

Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services  |  A cyber attack briefly disrupted South African […] La entrada SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 45 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free in your email box. Enjoy a new round of the weekly SecurityAffairs newsletter, including the international press. Ascension   show more ...

reveals personal data of 437,329 patients exposed in cyberattack Operation Moonlander […] La entrada Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Google will pay the U.S. state of Texas $1.4B to settle lawsuits over unauthorized location tracking and facial recognition data retention. Google will pay nearly $1.4 billion to the state of Texas to settle two lawsuits over tracking users’ locations   show more ...

and storing biometric data without consent. The $1.375 billion […] La entrada Google will pay Texas $1.4 billion over its location tracking practices – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 2009

Source: securityboulevard.com – Author: Tom Eston Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal   show more ...

Canadian privacy ruling involving Facebook. Gain insights into social media […] La entrada Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009 – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: securityboulevard.com – Author: Alison Mack Are Your Investments in Cloud-Native NHIs Justified? A new hero has emerged, capable of handling complex security threats to cloud. Meet Non-Human Identities (NHIs), the machine identities that have revolutionized cybersecurity operations. Understanding the   show more ...

Essential Role of Non-Human Identities NHIs, the unsung heroes in the cybersecurity ecosystem, play a […] La entrada Justify Your Investment in Cloud-Native NHIs – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Alison Mack Secrets management can be likened to a well-kept vault of confidential data, critical to the security and performance of any system. Where data breaches are prevalent, effective secrets management is vital. Such a strong stance on security underscores the   show more ...

necessity for Non-Human Identities (NHIs) and their secrets to be […] La entrada Achieve Stability with Streamlined Secrets Management – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 BSides Las Vegas 2024

Source: securityboulevard.com – Author: Marc Handelman Home » Security Bloggers Network » BSidesLV24 – Proving Ground – The Immortal Retrofuturism Of Mainframe Computers And How To Keep Them Safe Author/Presenter: Michelle Eggers Our sincere appreciation to BSidesLV, and the Presenters/Authors for   show more ...

publishing their erudite Security BSidesLV24 content. Originating from the conference’s events located at the […] La entrada BSidesLV24 – Proving Ground – The Immortal Retrofuturism Of Mainframe Computers And How To Keep Them Safe – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: psilva Has the notorious LockBit ransomware gang finally met its end? In a shocking turn of events, LockBit, one of the most notorious ransomware groups, has had its own site defaced and a massive amount of data dumped. LockBit’s own leak site was defaced with a bold   show more ...

message: “Do not crime. […] La entrada Did LockBit Just Get Locked Out? The Walmart of Ransomware’s Massive Leak – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: Lohrmann on Cybersecurity Lohrmann on Cybersecurity Most governments struggle with replacing legacy systems for a variety of reasons. But some people claim legacy mainframes can be just as secure as modern ones. So how big is the legacy cyber threat? May 11, 2025 •    show more ...

Dan Lohrmann Adobe Stock/golda2025 An important but often […] La entrada The Legacy Cyber Threat: Why We Must Prioritize Modernization – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability High CVE-2025-20140 CWE-789 Download CSAF Email Summary A vulnerability in the Wireless Network Control daemon (wncd) of Cisco IOS XE Software for Wireless LAN Controllers (WLCs) could   show more ...

allow an unauthenticated, adjacent wireless attacker to cause a denial […] La entrada Cisco IOS XE Software for WLC Wireless IPv6 Clients Denial of Service Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 'Cyber

Source: sec.cloudapps.cisco.com – Author: . Cisco IOx Application Hosting Environment Denial of Service Vulnerability Medium CVE-2025-20196 CWE-307 Download CSAF Email Summary A vulnerability in the Cisco IOx application hosting environment of Cisco IOS Software and Cisco IOS XE Software could allow an   show more ...

unauthenticated, remote attacker to cause the Cisco IOx application hosting environment to stop […] La entrada Cisco IOx Application Hosting Environment Denial of Service Vulnerability – Source:sec.cloudapps.cisco.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0CISO2CISO

Honor STEM leaders within the Asian American, Native Hawaiian, and Pacific Islander communities with this compilation of online stories and resources from SWE. Source Views: 0 La entrada Celebrate Asian American, Native Hawaiian, and Pacific Islander Heritage Month se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Danny Mitchell In NHS cybersecurity, one problem keeps security teams up at night: the gap between spotting issues and actually fixing them. If you work in healthcare IT, you know this headache all too well. Legacy systems that can’t be easily patched, security teams   show more ...

stretched too thin, and the constant balancing […] La entrada When Visibility Meets Action in NHS Cybersecurity – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A wave of hacktivist claims of attacks against Indian digital infrastructure has sparked alarm in recent weeks, with over 100 purported breaches across government, educational and critical sectors amid geopolitical tensions between India and Pakistan.  However, a   show more ...

new investigation by CloudSEK suggests that the real damage is minimal, with many assertions […] La entrada Hacktivist Attacks on India Overstated Amid APT36 Espionage Threat – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Criminal

Source: www.infosecurity-magazine.com – Author: Written by A criminal proxy network has been found infecting thousands of Internet of Things (IoT) and end-of-life (EoL) devices, converting them into part of a botnet that provides anonymity for malicious users online. The network, tracked over the past year by   show more ...

Lumen’s Black Lotus Labs in cooperation with the US […] La entrada Criminal Proxy Network Infects Thousands of IoT Devices – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: The vendor supply chain is complex and sprawling with organizations often working with hundreds, if not thousands, of third-party suppliers. This vast ecosystem brings inevitable cybersecurity risks into organizations.   Half of all breaches last year came   show more ...

through third-party vulnerabilities, according to SecurityScorecard’s 2024 Threat Intelligence Report.   Steve Cobb, CISO […] La entrada #Infosec2025: Experts to Shine Light on Vendor Supply Chain Resilience Against Third-Party Risks – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A new EU-funded beginner cybersecurity training program has launched enrolment, with a particular focus on women and other underrepresented groups. She@Cyber training is designed to help address the cyber skills gap and disparity in the sector by providing   show more ...

foundational knowledge and industry-recognized credentials to help participants get their first cyber role. […] La entrada EU Launches Free Entry-Level Cyber Training Program – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: A sophisticated phishing scheme, comprising a network of fake websites, has been targeting web3 projects and draining cryptocurrency wallets at scale for years. First detected by Validin as a simple network of crypto phishing websites in April 2024, it soon became   show more ...

apparent that the scheme may be much more sophisticated and […] La entrada FreeDrain Phishing Scam Drains Crypto Hobbyists’ Wallets – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Japan’s financial regulator has warned of a surge in the number of account takeovers in its securities market, with hackers making illegal trades of over 304 billion yen ($2bn). In an updated statement, the Financial Services Agency (FSA) warned that there had   show more ...

been a “sharp increase” in the number of cases […] La entrada Japanese Account Hijackers Make $2bn+ of Illegal Trades – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: German police claim to have seized tens of millions of euros and server infrastructure associated with notorious crypto-swapping service eXch. The Federal Criminal Police Office (BKA) said in a statement that the €34m ($38m) haul of Bitcoin, Ether, Litecoin   show more ...

and Dash was the third largest in its history. Available on the surface and dark […] La entrada German Police Shutter “eXch” Money Laundering Service – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . ASUS has released updates to address two security flaws impacting ASUS DriverHub that, if successfully exploited, could enable an attacker to leverage the software in order to achieve remote code execution. DriverHub is a tool that’s designed to automatically detect   show more ...

the motherboard model of a computer and display necessary driver […] La entrada ASUS Patches DriverHub RCE Flaws Exploitable via HTTP and Crafted .ini Files – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . What do a source code editor, a smart billboard, and a web server have in common? They’ve all become launchpads for attacks—because cybercriminals are rethinking what counts as “infrastructure.” Instead of chasing high-value targets directly, threat actors are now   show more ...

quietly taking over the overlooked: outdated software, unpatched IoT devices, and […] La entrada ⚡ Weekly Recap: Zero-Day Exploits, Developer Malware, IoT Botnets, and AI-Powered Scams – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Detecting leaked credentials is only half the battle. The real challenge—and often the neglected half of the equation—is what happens after detection. New research from GitGuardian’s State of Secrets Sprawl 2025 report reveals a disturbing trend: the vast majority   show more ...

of exposed company secrets discovered in public repositories remain valid for […] La entrada The Persistence Problem: Why Exposed Credentials Remain Unfixed—and How to Change That – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Monday, May 12
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly