Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for U.S. Banking Associa ...

 Firewall Daily

Five major banking associations have formally petitioned the U.S. Securities and Exchange Commission (SEC) to repeal a rule that mandates public companies to disclose material cybersecurity incidents within four business days. The organizations argue that the rule, particularly the reporting requirement under Form 6-K   show more ...

for foreign issuers and Form 8-K Item 1.05 for domestic issuers, poses unnecessary risks and fails to serve its intended purpose of investor protection.  The petition, submitted under Rule 192 of the SEC’s Rules of Practice, was jointly signed by the American Bankers Association (ABA), Bank Policy Institute (BPI), Securities Industry and Financial Markets Association (SIFMA), Independent Community Bankers of America (ICBA), and the Institute of International Bankers (IIB). Together, these organizations represent the vast majority of the U.S. and global financial services sector, including firms that collectively manage trillions in assets and employ millions across the country.  The Case Against the SEC Rule  The SEC’s Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure rule, which went into effect in 2023, includes controversial disclosure mandates. These requirements oblige companies to publicly announce material cybersecurity breaches within a tight, four-day timeframe—even if the incident is still under investigation or not fully remediated.  "Premature disclosure has harmed registrants and, at the same time, failed to provide the market with meaningful or actionable information upon which to make investment decisions," the petition asserts. The banking groups further argue that the rule increases confusion in the market. Companies often struggle to decide whether to report under Item 1.05, Item 8.01, or whether to report at all. This confusion has persisted despite multiple SEC-issued Compliance & Disclosure Interpretations, commissioner statements, and comment letters.  The banking groups also highlight that the Form 6-K disclosure requirement for foreign private issuers mirrors the same problems as Form 8-K Item 1.05, adding unnecessary complexity for globally operating institutions.  Real-World Consequences  The petitioners point to tangible impacts already observed since the rule took effect. For example, they cite that registrants have been forced into disclosure before fully understanding the scope or implications of a breach. This, they argue, not only undermines their cybersecurity response efforts but also misleads investors with incomplete information. One consequence noted is the weaponization of the disclosure rule by threat actors. In 2023, the hacking group AlphV filed an SEC complaint against MeridianLink, alleging it failed to report a data breach as required. Incidents like this suggest that criminals are exploiting the regulatory framework to exert additional pressure during ransomware attacks. The financial groups warn that such misuse of the rule could expose companies to greater cybersecurity risks, increased insurance liabilities, and greater financial harm due to premature or unclear disclosures.  Conflict with National Security and Law Enforcement  Another key argument is that the rule directly conflicts with other regulatory efforts aimed at national cybersecurity. Mandatory public disclosures may interfere with confidential incident reporting required under other federal programs and hinder law enforcement investigations.  “The complex and narrow disclosure delay mechanism interferes with incident response and law enforcement investigations,” the petition explains. Furthermore, the public nature of the disclosures may discourage candid internal communications and limit collaboration within companies during incident response efforts.  A Call for a Better Alternative  The petitioners argue that the existing disclosure framework, which already requires the reporting of all material information, including cybersecurity incidents, offers adequate investor protection without the added risks imposed by the current rule.  They emphasize that the SEC’s own staff has had to create a “patchwork” of guidance and comment letters in an attempt to clarify the rule, reflecting the fundamental problems in its design. The banking groups have urged the SEC to fully rescind Form 8-K Item 1.05 and the corresponding Form 6-K requirement.  Conclusion   The petition to rescind the SEC’s cybersecurity incident disclosure rule represents a unified and forceful stance from some of the most influential voices in the financial services industry. Led by the American Bankers Association, which represents a $24.1 trillion industry, along with the Bank Policy Institute, a leader in cybersecurity and risk management advocacy, the coalition also includes SIFMA, representing one million capital markets employees, the Independent Community Bankers of America, which champions the role of community banks, and the Institute of International Bankers, representing U.S. operations of banks from over 35 countries. Together, these organizations are urging the SEC to reconsider the rapid disclosure mandates under Form 6-K and Form 8-K Item 1.05, citing operational risks, national security concerns, and inadequate investor benefit.  

image for No Power Outage, Jus ...

 Firewall Daily

Nova Scotia Power has confirmed it was the victim of a ransomware attack, weeks after initially alerting customers to a cybersecurity breach. The utility, owned by Emera Inc., revealed that the attack resulted in a data breach impacting approximately 280,000 customers—but emphasized it has not paid the ransom   show more ...

demanded by the attackers.  The Nova Scotia cyberattack, which began around March 19, 2025, was first made public on April 28. Since then, the utility has issued a series of updates to keep the public informed as its investigation unfolded. In its most recent statement on May 23, Nova Scotia Power confirmed the nature of the incident, stating, “We are confirming we have been the victim of a sophisticated ransomware attack.” A Timeline of the Nova Scotia Cyberattack  On April 25, the company detected unusual activity within its network, prompting the activation of its incident response protocols. Immediate steps were taken to contain the situation and to bring in external cybersecurity experts to help assess the breach. Law enforcement was also notified.  By May 1, the company admitted that certain customer information had been accessed by an unauthorized third party. While the full scope was still under review at that point, Nova Scotia Power began preparing notifications for those affected.  On May 14, the company provided an update on the Nova Scotia data breach, confirming that hackers had stolen a range of customer data. The exposed information includes names, dates of birth, email addresses, phone numbers, mailing and service addresses, customer account histories, power consumption details, service requests, payment and billing histories, and credit histories. More sensitive data, such as driver’s license numbers, Social Insurance Numbers (SIN), and bank account details (for those using pre-authorized payments), were also compromised. Ransom Not Paid  Despite the severity of the attack, the company has stood firm on one key point: no payment has been made to the attackers. “This decision reflects our careful assessment of applicable sanctions laws and alignment with law enforcement guidance,” the company said in its May 23 statement. The firm continues to work with cybersecurity experts to determine the full extent of the breach and to evaluate the nature of the stolen data, which has now been published online by the attackers.  To help mitigate potential harm, Nova Scotia Power has partnered with consumer credit reporting agency TransUnion to offer a two-year subscription to its credit monitoring service, myTrueIdentity, free of charge to those affected. Notification letters have been mailed to impacted individuals, containing instructions on how to enroll in the service and tips for protecting personal information.  The company has urged customers to remain vigilant. “Please be cautious about unsolicited communications, especially messages that appear to come from Nova Scotia Power requesting personal information,” officials advised. Customers are reminded not to click on suspicious links or download attachments from unverified sources.  Systems Restored, No Impact on Power Supply  Nova Scotia Power has assured the public that, despite the data breach in Nova Scotia, there has been no impact on electricity generation, transmission, or distribution systems. The utility continues to operate normally, with its critical infrastructure unaffected. “There remains no disruption to Nova Scotia Power’s generation, transmission, and distribution facilities, and the incident has not impacted our ability to safely and reliably serve customers,” the company reiterated. The parent company, Emera Inc., confirmed that the incident has not materially impacted its financial performance and is proceeding with its scheduled quarterly financial disclosure. Conclusion  The organization continues to investigate the full scope of the cyberattack while working closely with cybersecurity experts to restore and strengthen its systems. With over 280,000 customers affected, the Nova Scotia data breach stands out as one of the most serious cyber incidents in recent Canadian history. 

image for How scammers exploit ...

 Business

For an email attack to succeed, the first thing cybercriminals need to do is get their messages in front of potential victims. In a recent post, we covered how scammers leveraged notifications from GetShared — a fully legitimate service for sharing large files. Today, we examine another method for delivering   show more ...

malicious emails. The operators behind this scam have learned to insert custom text into genuine thank-you messages sent by Microsoft 365 to its new business subscribers. A genuine Microsoft email with a nasty surprise inside The attack kicks off with a legitimate email in which Microsoft thanks the recipient for purchasing a Microsoft 365 Apps for Business subscription. The email does, in fact, arrive from the Redmond tech giants legitimate address: microsoft-noreply@microsoft.com. One would be hard-pressed to imagine an email address with a more trusted reputation, so the message easily gets past any email server filters. One more time, just so were clear: this is an honest-to-goodness email from Microsoft. The contents match a typical purchase confirmation. In the screenshot below, the company thanks the recipient for buying 55 Microsoft 365 Apps for Business subscriptions worth a total of $587.95. Example of a Microsoft business notification where attackers inserted their message in the Billing information section The crux of the scam lies in the text attackers add to the Billing information section. Typically, this section contains the subscriber companys name and the billing address. However, the scammers swap out that information for their own phone number, plus a note encouraging the recipient to call Microsoft if they need any assistance. The types of purchased subscriptions suggest that the scammers are targeting company employees. They prey on a common employee fear: making an expensive, unnecessary purchase could cause trouble at work. And since resolving the issue by email isnt an option (the message comes from a no-reply address), the victim is left with little choice but to call the phone number provided. Who answers the calls, and what happens next? If the victim takes the bait and decides to call to inquire about the subscriptions theyve supposedly purchased, the scammers deploy social engineering tricks. A Reddit user, whod received a similar email and called the number, shared their experience. According to the victim, the person who answered the call insisted on installing some support software, and sent an EXE file. The subsequent conversation suggests that the file contained a RAT of some kind. The victim didnt suspect anything was amiss until the scammer promised to refund money to their bank account. That was a red flag, as they shouldnt have had access to the victims banking details. The scammer went on to ask the victim to sign in to their online banking to check if the transaction had gone through. The victim believes that the software installed on their computer was malware that would have allowed the attackers to intercept their login credentials. Fortunately, they recognized the danger early enough and hung up. Within the same thread, other Reddit users reported similar emails containing various contact details. How scammers send phishing emails from a genuine Microsoft address How, exactly, the attackers manage to send Microsoft notifications to their victims is still something of a mystery. The most plausible explanation came from another Reddit user, who suggested that the scam operators were using stolen credentials or trial versions to access Microsoft 365. By using BCC or simply entering the victims email address when purchasing a subscription, they can send messages like the one shown in the screenshot above. An alternative theory is that the scammers gain access to an account with an active Microsoft 365 subscription and then use the billing-information resend feature — specifying the target user as the recipient. Whichever is true, the attackers goal is to replace the billing information — the only part of the Microsoft notification they can alter — with their own phone number. How to protect yourself against such attacks Malicious actors keep finding new loopholes in well-known, perfectly legitimate services to use for phishing campaigns and scams. Thats why, to keep an organization secure, you need not only technical protections but also administrative controls. Heres what we recommend: Train your employees to spot potential threats early. This process can be automated with an e-learning tool like Kaspersky Automated Security Awareness Platform. Install a robust security solution on every corporate device to fend off spyware, remote access Trojans, and other malware.

 Feed

Cyber threats don't show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This update is designed to deliver clear, accurate insights based on real patterns and changes we can verify. With today’s complex systems, we

 Feed

Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal Requirement to Business Essential As regulators ramp up enforcement and users grow more privacy-aware, CISOs face a mounting

 Feed

As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts, come with an install‑time script that's triggered during npm install, Socket security researcher Kirill Boychenko said in a

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. The FBI has issued a warning to US law firms about a rising cyber threat targeting the legal sector. A group known as Silent Ransom Group (SRG), also called Luna Moth or Chatty Spider, has been focusing its attacks on law firms since early 2023, using a combination of   show more ...

phishing […] La entrada FBI Warns of Silent Ransom Group Targeting Law Firms via Scam Calls – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 authentication

Source: securityboulevard.com – Author: Dev Kumar One-time-password (OTP) delivery remains the work-horse of passwordless and multi-factor authentication flows. Yet the 2025 market has fractured into two camps: CPaaS giants (Twilio, Sinch) that monetise every SMS/WhatsApp event. Identity platforms (Auth0, Okta,   show more ...

Stytch, Descope) that bundle OTP into broad CIAM suites. MojoAuth positions itself in a third […] La entrada OTP Authentication in 2025: How MojoAuth Stacks Up Against Twilio Verify, Auth0, Stytch & Descope – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: The US National Institute of Standards and Technology (NIST) has launched a new metric to assess the likelihood that a vulnerability is being exploited. In a technical white paper, published on May 19, NIST introduced a new metric called Likely Exploited   show more ...

Vulnerabilities (LEV) to help organizations determine if a product vulnerability […] La entrada NIST Introduces New Metric to Measure Likelihood of Vulnerability Exploits – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . As many as 60 malicious npm packages have been discovered in the package registry with malicious functionality to harvest hostnames, IP addresses, DNS servers, and user directories to a Discord-controlled endpoint. The packages, published under three different accounts,   show more ...

come with an install‑time script that’s triggered during npm install, Socket security […] La entrada Over 70 Malicious npm and VS Code Packages Found Stealing Data and Crypto – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISOs

Source: thehackernews.com – Author: . Are your web privacy controls protecting your users, or just a box-ticking exercise? This CISO’s guide provides a practical roadmap for continuous web privacy validation that’s aligned with real-world practices. – Download the full guide here. Web Privacy: From Legal   show more ...

Requirement to Business Essential As regulators ramp up enforcement and […] La entrada CISO’s Guide To Web Privacy Validation And Why It’s Important – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cyber threats don’t show up one at a time anymore. They’re layered, planned, and often stay hidden until it’s too late. For cybersecurity teams, the key isn’t just reacting to alerts—it’s spotting early signs of trouble before they become real threats. This   show more ...

update is designed to deliver clear, accurate insights […] La entrada ⚡ Weekly Recap: APT Campaigns, Browser Hijacks, AI Malware, Cloud Breaches and Critical CVEs – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0day

Source: hackread.com – Author: Deeba Ahmed. Cisco Talos warns of active exploitation of a zero-day vulnerability (CVE-2025-0994) in Cityworks supposedly by Chinese hackers from the UAT-6382 threat group. Learn about the malware, affected organizations, and critical security patches. Cisco Talos researchers have   show more ...

issued a critical alert regarding active cyberattacks targeting Trimble Cityworks, a widely used […] La entrada Chinese Hackers Exploit Cityworks 0-Day to Hit US Local Governments – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products like FortiMail and FortiCamera. This stack-based buffer overflow allows unauthenticated remote code execution. A security vulnerability   show more ...

tracked as CVE-2025-32756 is currently being actively used by attackers, affecting several Fortinet products. The […] La entrada Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: New research shows that RSA-2048 encryption could be cracked using a one-million-qubit system by 2030, 20x faster than previous estimates. Here’s what it means for enterprise security. A quantum computer with one million noisy qubits running for one week can theoretically   show more ...

crack RSA-2048 bit encryption, representing twenty times fewer qubits than […] La entrada Breaking RSA encryption just got 20x easier for quantum computers – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Threat actors exploited the Commvault flaw to access M365 secrets, allowing further breaches of SaaS applications. The US Cybersecurity and Infrastructure Security Agency (CISA) has warned about threat actors abusing Commvault’s SaaS cloud application, Metallic, to access   show more ...

its clients’ critical application secrets. According to a CISA advisory, threat actors may have […] La entrada CISA flags Commvault zero-day as part of wider SaaS attack campaign – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Monday, May 26
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly