Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for He Hacked Servers, N ...

 Cyber News

For years, he stayed under the radar. No ransomware, no flashy data leaks, no digital fingerprints loud enough to cause alarm. Just a quiet tapping of server power, thousands of machines working overtime, all without their owners knowing. Now, that silence has been broken. Cyber police in Ukraine’s Zaporizhzhia   show more ...

region say they have exposed a 35-year-old man from Poltava behind a cryptocurrency mining scheme that compromised over 5,000 customer accounts of a major international hosting provider. His goal wasn’t to steal data. It was to steal computing power, and he did it well. Authorities say the operation caused more than $4.5 million in losses and involved a web of forged credentials, remote-access tools, crypto wallets, and hacked virtual machines quietly mining digital currency across servers that didn’t belong to him. A Long Game, Played Quietly This wasn’t a smash-and-grab. It was slow, careful, and calculated. According to Ukraine’s Cyber Police Department, the suspect had been collecting intelligence since 2018, scanning the internet for exposed systems, unpatched servers, and any hint of weakness that could be exploited. When he found one, he’d move in quietly, no warnings triggered, no obvious breach. Eventually, he found a goldmine, a hosting company with global reach. The firm isn’t being named, but investigators say its services powered thousands of websites, apps, and digital platforms. More importantly, it provided rented server space to customers, space the hacker would soon make his own. Virtual Machines, Real Money With access to over 5,000 customer accounts, the man started deploying unauthorized virtual machines, digital computers within computers, on those servers. These machines were programmed for one thing: mining cryptocurrency. On paper, it’s not the kind of cybercrime that makes headlines. No one’s identity was sold, no ransomware splash screen popped up. But behind the scenes, the servers were working overtime, burning electricity and resources for a criminal’s payday. By the time investigators caught on, the damage was done. The hosting company reported losses nearing $4.5 million, money lost to unauthorized computing, bandwidth strain, and inflated infrastructure costs. And while the victims were companies, not individuals, the scale and stealth of the crime drew international attention. Zaporizhzhia Cyber Police Takedown The takedown wasn’t easy. The suspect didn’t stay in one place. He moved around between Poltava, Odessa, Dnipro, and Zaporizhzhia, regions across Ukraine, making it harder to trace him. But eventually, police locked in. With support from Europol and the Department of International Police Cooperation, cyber police raided multiple locations tied to the suspect. What they found confirmed everything. Among the evidence seized: Computer equipment used for mining and remote access Phones and bank cards linked to crypto transactions Email credentials are used to compromise accounts Custom mining scripts and hacker tools Crypto wallets holding proceeds from the illegal mining Investigators also found active profiles on underground forums where the man had engaged in cybercrime discussions, bought tools, and likely sold access or services. What Happens Next The suspect is now facing serious charges under Part 5 of Article 361 of Ukraine’s criminal code — unauthorized interference in information systems. If convicted, he could face up to 15 years in prison, along with a ban on working in tech-related roles for at least three years. The pre-trial investigation is still ongoing, and authorities say more charges could follow depending on what additional digital evidence reveals. Conclusion Cryptojacking, the act of hijacking machines to mine crypto, often flies under the radar. It doesn’t trigger panic like a data breach, and victims often don’t even realize it’s happening. But as this case shows, the impact is real, the losses are massive, and the technology is increasingly easy to abuse. This incident also highlights a truth: cybercrime doesn’t always come with drama. Sometimes, it’s just one man with a laptop, patience, and access. And sometimes, that’s all it takes.

image for Leadership, Trust, a ...

 Cyber News

The UK’s National Cyber Security Centre (NCSC) has introduced a set of six core principles to help organizations embed strong cybersecurity practices into their everyday operations. Developed in collaboration with government and industry leaders, this guidance aims to instill a lasting culture of security—one that   show more ...

prioritizes both technical controls and human behaviors to achieve sustainable cyber resilience.  Rather than focusing solely on compliance or isolated training efforts, the NCSC’s approach encourages organizations to foster a mindset of cyber hygiene, awareness, and responsibility at all levels. These core principles provide a flexible framework to guide cultural transformation and are tailored to suit organizations of all sizes and industries.  Why Culture Matters in Cybersecurity  Cybersecurity culture encompasses the collective values, behaviors, and norms that shape how individuals think about and respond to security risks. According to the NCSC, successful outcomes are not just the result of technological defenses but emerge when secure behaviors are routinely understood, encouraged, and practiced across the workforce.  The guidance is especially valuable for both cybersecurity professionals and leadership teams. While security teams may define strategies and implement controls, long-term cultural change requires buy-in from leadership—those who shape priorities, influence workplace norms, and model secure behaviors.  The Six Core Principles from NCSC  Frame Cybersecurity as an Enabler Organizations should align cybersecurity with their mission and objectives. Instead of viewing security as a hindrance, leaders must integrate it as a function that supports productivity, innovation, and trust. For example, framing secure practices as essential to protecting customer trust can create alignment between operational goals and cyber hygiene. When leadership communicates the value of security, it fosters a sense of shared purpose.  Encourage Openness Through Trust and Safety Creating psychological safety is key to encouraging secure behavior. Employees should feel comfortable reporting incidents, admitting mistakes, or asking questions, without fear of blame. Organizations that foster open communication and transparent incident handling are more agile and responsive to threats. “When people don’t fear punishment for reporting errors, they are more likely to contribute to organizational learning,” says the NCSC.  Adapt to Change to Improve Resilience Cyber threats evolve quickly, and security must evolve too. This principle encourages organizations to treat change as an opportunity for progress, not a threat. Whether updating policies or introducing new tools, the process should include collaboration across departments. Routine threat monitoring and employee feedback loops can help identify areas for improvement. Importantly, organizations must avoid "change fatigue" by ensuring that updates serve meaningful, strategic purposes.  Acknowledge the Role of Social Norms Informal behaviors often shape security more than formal rules. Social norms—like sharing passwords or circumventing protocols—can undermine well-intentioned policies if left unchecked. The NCSC recommends identifying both helpful and harmful norms and using positive peer influence to encourage secure behavior. For example, newcomers who see colleagues practicing good cyber hygiene are more likely to adopt those habits themselves.  Recognize Leadership’s Role in Cultural Change Leadership plays a crucial role in cultivating a secure culture. Leaders must model secure behavior, communicate its value, and build trust. When senior staff demonstrate openness about past mistakes or security challenges, they normalize learning and reduce fear. In contrast, when leadership ignores or bypasses policies, it sets a dangerous precedent. “Leadership sets the tone for the organization and can drive alignment between business and security objectives,” the NCSC notes.  Maintain Accessible and Clear Security Guidance  Security policies must be practical, understandable, and accessible. Overly complex or outdated guidelines not only confuse employees but also increase vulnerability. Policies should be written in plain language, tested in real-world scenarios, and regularly updated. Embedding these rules into onboarding and ongoing training helps reinforce good practices. Clear signage, simple language, and timely updates all contribute to effective governance.  Putting the Principles into Practice  Each principle is accompanied by real-world examples and practical suggestions. For instance:  Principle 1: Instead of security blocking sales efforts, sales and IT teams collaborate to create secure, efficient workflows.  Principle 2: Employees are encouraged to flag suspicious activity without fear of repercussions.  Principle 3: Cross-functional teams work together to find secure alternatives to unauthorized tools.  Principle 4: Guests are directed to a secure Wi-Fi network instead of being granted internal access.  Principle 5: Executives avoid excessive permissions, reinforcing best practices in access control.  Principle 6: Outdated pandemic-era policies are reviewed, updated, and clearly communicated.  Tools to Support Cultural Change  [caption id="" align="alignnone" width="960"] NCSC Cyber Security Culture Iceberg[/caption] The NCSC also offers the "Cyber Security Culture Iceberg" infographic, illustrating the visible and hidden elements that influence behavior. Surface-level actions—like following password policies—are supported by deeper organizational values, leadership practices, and team dynamics.  To reinforce these core principles, organizations are encouraged to:  Establish clear feedback mechanisms to evaluate current practices.  Bring together diverse stakeholders to collaboratively develop or refine policies.  Align rules with business goals and ensure they are user-friendly.  Celebrate secure behavior and use incentives to reinforce good habits. 

image for CISA Issues 7 ICS Ad ...

 Firewall Daily

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has released seven new ICS advisories, each highlighting cybersecurity vulnerabilities in key Industrial Control Systems across energy, communications, emergency response, and manufacturing sectors.   The alerts shed light on remotely exploitable flaws   show more ...

discovered in devices and software produced by CyberData, Hitachi Energy, and Mitsubishi Electric—names synonymous with modern operational technology (OT).   A Breakdown of the Latest ICS Advisories  The first advisory, ICSA-25-155-01, addresses multiple high-impact issues in CyberData’s 011209 SIP Emergency Intercom. With a CVSS v4 severity score of 9.3, this vulnerability, reported by Claroty researcher Vera Mens, enables authentication bypass, SQL injection, and path traversal. Affected systems using firmware versions prior to 22.0.1 are vulnerable to remote code execution and denial-of-service attacks. CISA recommends upgrading to version 22.0.1 and advises isolating the intercoms from public networks using firewalls and VPNs.  The second alert, ICSA-25-155-02, involves a critical integer overflow in Hitachi Energy’s Relion 670, 650 series, and SAM600-IO devices. The flaw resides in the VxWorks OS memory allocator and holds a CVSS v3 score of 9.8. Exploitation could lead to memory corruption, potentially crippling protective relays in power systems. Multiple firmware subversions across series 1.1 to 2.2.5 are affected. Mitigation entails upgrading to version 2.2.5.2 or applying interim workarounds provided by Hitachi.  ICSA-21-049-02 (Update H) highlights vulnerabilities in Mitsubishi Electric’s broad range of FA Engineering Software, such as GX Developer, GT Designer3, and RT ToolBox2. With a CVSS v4 score of 8.7, attackers can exploit heap-based buffer overflows to crash the software or interfere with PLC diagnostics in factory automation environments. Users are advised to install the latest updates—e.g., GX Developer version 8.507D+ and RT ToolBox2 version 3.74C+.  Continued Focus on Hitachi Energy’s Industrial Control Systems  CISA’s June release includes updates to prior ICS advisories concerning Hitachi Energy’s Relion products and IEC 61850 MMS Server implementations. Notable among them:  ICSA-25-133-02 details CVE-2023-4518, where malformed GOOSE messages could cause vulnerable Relion firmware versions to reboot, creating a denial-of-service condition. Firmware series 2.2.0.x to 2.2.5.6 are affected, and the agency recommends upgrading to secure versions such as 2.2.2.6 or 2.2.3.7.  ICSA-23-068-05 (CVE-2022-3864) uncovers weaknesses in firmware signature validation. If exploited by an authenticated attacker, this vulnerability could lead to unauthorized firmware uploads. Affected firmware spans across versions 2.2.0 to 2.2.5.5.  ICSA-21-336-05 is about outdated VxWorks boot components in the Relion series. CVE-2021-35535, with a CVSS v4 score of 8.9, references known “Urgent/11” vulnerabilities that could allow TCP session hijacking or packet injection. Users must patch to at least version 2.2.2.5 or apply physical and network isolation strategies.  ICSA-23-089-01 points to a medium-severity issue (CVE-2022-3353) in Hitachi’s IEC 61850 MMS Server, where malformed client requests can block new connections. Though scoring a 5.9, it could still disrupt operations under targeted conditions.  Conclusion   CISA’s latest ICS advisories highlight the urgent need for critical infrastructure operators to secure vulnerable systems against remote exploitation. With many legacy ICS components lacking basic protections, the risks are growing, but so are the tools. CISA’s guidance offers a clear roadmap: patch systems, segment networks, restrict access, monitor threats, and train staff.  

image for Can the EU Lead the ...

 Firewall Daily

The European Commission and the High Representative for Foreign Affairs and Security Policy have jointly launched the European Union’s International Digital Strategy, laying out a comprehensive framework to guide the EU’s external digital engagement. The EU International Digital Strategy comes at a time when the   show more ...

global digital model is increasingly shaped by rapid technological advances and geopolitical challenges.  Framed as a roadmap for international cooperation and governance in the digital age, the strategy outlines the EU’s commitment to promoting secure, inclusive, and rules-based digital transformation around the world. It also reaffirms the alliance’s aim to position itself as a reliable and stable digital partner for both established allies and emerging economies.  EU International Digital Strategy: A Three-Pronged Strategic Framework  The EU’s new digital strategy is structured around three core objectives:  Expanding International Partnerships The EU aims to broaden its global digital footprint by deepening existing Digital Partnerships and Dialogues, initiating new alliances, and launching a Digital Partnership Network. This network will support bilateral and multilateral cooperation while also enhancing both the EU’s and its partners' digital resilience and competitiveness.  Deploying the EU Tech Business Offer A cornerstone of the strategy is the deployment of a tailored EU Tech Business Offer, a collaborative public-private initiative to support digital transformation in partner countries. This package will incorporate investments in AI, cybersecurity, digital public infrastructure, secure connectivity, and other critical technologies. The effort will be coordinated through the Team Europe approach, integrating Member State participation and financial instruments.  Strengthening Global Digital Governance The EU reaffirms its intention to lead in shaping a global, rules-based digital order. This includes advancing governance frameworks for emerging technologies, updating internet governance structures in line with developments like Web 4.0, and promoting human rights, democracy, and online safety standards globally.  Focus Areas for International Collaboration  Under the strategy, the EU will work with partner countries across several priority areas:  Secure and Trusted Digital Infrastructure Investments will support infrastructure critical to sectors such as health, finance, energy, and transport, aimed at fostering safe and dependable digital ecosystems.  Emerging Technologies Cooperation will include joint efforts on next-generation technologies, including artificial intelligence, 5G/6G networks, quantum computing, and advanced semiconductors.  Digital Governance The strategy places strong emphasis on regulatory models that uphold democratic values, social cohesion, and the protection of individual rights in digital environments.  Cybersecurity Efforts will focus on boosting the cyber defence capabilities of partner countries, which the EU sees as integral to its own digital security landscape.  Digital Identity and Public Infrastructure The EU seeks to advance interoperable digital identity systems and establish mutual recognition agreements to simplify cross-border interactions for businesses and citizens.  Online Platforms Ongoing priorities include safeguarding freedom of expression, ensuring online child protection, and supporting transparent digital ecosystems.  Expanding a Network of Digital Cooperation  The EU has already built a foundation for external digital engagement through a variety of platforms, including:  Over 30 digital and regional partnerships, Trade and Technology Councils, and thematic dialogues.  A strong digital trade ecosystem, with digital services trade valued at €3 trillion in 2024.  Major infrastructure projects like the 7,100 km-long Medusa cable across the Mediterranean, enhancing secure connectivity between Europe and North Africa.  The strategy’s public-private cooperation model aims to expand this existing infrastructure and strengthen regional connectivity.  Towards Rules-Based Digital Governance  One of the key messages of the strategy is the EU’s intent to uphold and promote a global digital environment anchored in democratic principles and international law. This includes:  Promoting regulatory standards for key digital technologies.  Advancing internet governance mechanisms to accommodate emerging technologies such as Web 4.0.  Supporting frameworks that ensure the global availability and integrity of the internet.  The EU’s vision emphasizes governance models that integrate both technological innovation and legal safeguards to protect users and institutions alike.  Background and Consultation Process  The strategy follows the European Council’s April 2024 directive calling for stronger EU leadership in digital affairs. In preparation, the European Commission issued a public call for evidence in May 2024, inviting feedback from a broad spectrum of stakeholders, including tech firms, civil society, academic institutions, trade bodies, and EU Member States.  This consultative approach aimed to incorporate diverse perspectives on how the EU can align its international digital policies with evolving geopolitical and technological trends.  Next Steps  Following today’s announcement, the Commission and the High Representative plan to present the strategy in a series of stakeholder events across EU institutions and partner countries. These sessions will serve as platforms to discuss implementation frameworks and mobilize the necessary public and private support to operationalize the proposed initiatives.  Implementation is expected to begin immediately after these consultations, with a focus on translating policy into practical cooperation projects and regulatory models. 

image for New Pressures, Old S ...

 Cyber News

In a time when digital transformation is the backbone of public services, Chief Information Security Officers (CISOs) in government and public sector (Gov/PS) organizations are being stretched thin. Charged with safeguarding the integrity of systems that support national security, emergency services, and citizen   show more ...

welfare, these leaders face mounting pressure in an increasingly volatile cyber threat landscape. But it’s more than just about attacks. The responsibility they shoulder affects everyone, from ensuring water flows safely through municipal pipes to keeping communication networks alive during a national emergency. The Complexity of the Modern Threat Landscape Over the past five years, rapidly shifting geopolitical dynamics have escalated cyberattacks on critical infrastructure. Adversaries are capitalizing on outdated IT systems, underfunded cyber defenses, and unclear governance models. Many Gov/PS institutions operate on legacy infrastructures, some decades old, making them vulnerable to exploits that modern enterprises have long outgrown. Despite efforts to modernize, CISOs report feeling overwhelmed. According to KPMG, 65% of public sector organizations hesitate to invest in new cyber technologies due to a lack of understanding or trust. It’s a paradox: the need for innovation is urgent, but trust in emerging tools remains elusive. Budget Gaps and Brain Drains Adding to the burden is the scarcity of resources. Budget constraints, coupled with a shortage of skilled professionals, hinder effective cyber defense strategies. With private-sector salaries often outpacing what governments can offer, attracting top-tier cybersecurity talent becomes a losing game. Even as emerging technologies like artificial intelligence (AI), blockchain, and quantum computing promise improvements in efficiency and resilience, they also bring new attack surfaces. Managing these innovations requires skills and resources that many public sector entities simply do not have. Regulatory Tensions: Compliance vs. Capacity In Europe alone, frameworks like the Digital Operational Resilience Act (DORA), the NIS2 Directive, and the Cyber Resilience Act are set to affect thousands of public organizations. While well-intentioned, these regulations can contribute to "compliance fatigue," stretching already limited teams to their breaking points. In this climate, a shift in mindset is essential. Cybersecurity in the public sector is no longer about preventing every incident; it’s about being able to detect, respond, and recover when (not if) a breach occurs. Building Resilience By Design The public sector runs on critical infrastructure, power grids, transport systems, water treatment plants. A single cyberattack on any of these can paralyze essential services. As threats grow more advanced, resilience needs to be designed into the system, not bolted on as an afterthought. That means identifying and securing all assets, including operational technology (OT) that lives outside traditional IT environments. Third-party risk is another growing concern. As public organizations rely more on external vendors, each new partnership potentially expands the attack surface. Strong incident response plans, realistic drills, and cross-functional collaboration can minimize the impact of attacks. More importantly, fostering a culture of resilience empowers every employee to become an active line of defense. The AI Dilemma: Trust vs. Innovation AI is fast becoming a staple in the Gov/PS toolkit, used in everything from traffic flow management to fraud detection. Yet, its adoption has outpaced discussions around trust and security. Poor-quality training data, opaque algorithms, and bias risks all threaten the credibility of AI systems. CISOs need to embed trust across the AI lifecycle, from data sourcing and model design to deployment and monitoring. This involves close collaboration with governance, IT, and business stakeholders to ensure data integrity and algorithmic transparency. Interestingly, there is progress. KPMG reports that 76% of public sector CISOs are now involved early in tech investment discussions. This early involvement enables the development of proactive, not reactive, AI security frameworks. Threats to AI: Model Poisoning and Beyond AI systems are increasingly being targeted by cybercriminals using techniques like adversarial attacks and model poisoning. These tactics can manipulate outputs, leading to decisions that may harm public safety or violate privacy regulations. Real-time monitoring, anomaly detection, and adaptive risk assessment must become standard practice. By embedding security throughout the AI development pipeline, CISOs can reduce the need for costly retrofits later. The Digital Identity Imperative With governments pushing digital-first strategies, secure digital identity systems are crucial. These systems underpin access to services like healthcare, banking, and social security. However, they are now facing attacks including deepfakes and automated credential theft. Machine identities, particularly those used in IoT systems, are also becoming a critical blind spot. These non-human service accounts often have elevated privileges, making them prime targets. CISOs must take the lead in developing transparent and secure identity frameworks. This means accounting for everything from biometric data protections to compliance with frameworks like GDPR and eIDAS. Trust and Public Expectation Public trust in digital systems is fragile. Any breach can quickly erode confidence and create long-term reputational damage. CISOs must prioritize privacy by design and actively communicate how citizen data is being used, stored, and protected. Collaboration is essential. Governments must work with private sector technology companies to develop interoperable, secure identity solutions. These partnerships can help bridge gaps in standards, regulation, and innovation. What Lies Ahead Most government and public sector organizations acknowledge the growing cyber risk, yet many remain underprepared. Legacy systems, funding shortages, and slow innovation adoption create a high-risk environment. Bridging the gap between recognition and action is no longer optional—it’s critical. CISOs must push for better funding, make cyber hygiene a boardroom issue, and promote a security-first culture across their organizations. By shifting focus from mere compliance to true resilience, they can ensure their institutions are not only secure but trusted by the communities they serve. As technology continues to evolve, so too must the strategies for securing it. The path forward requires courage, collaboration, and a renewed commitment to protecting the digital foundations of our public life.

image for $17 Million Black Ma ...

 Firewall Daily

The U.S. government has seized approximately 145 domains associated with the BidenCash marketplace and other criminal marketplaces, effectively dismantling one of the most notorious darknet operations for trafficking stolen credit card data and personal information.  Announced by the U.S. Attorney’s Office for the   show more ...

Eastern District of Virginia, this sweeping operation targeted both darknet and surface web domains. According to court records, the U.S. also obtained authorization to seize cryptocurrency wallets used by BidenCash to process illicit payments, further choking off the revenue stream that sustained its criminal operations.  BidenCash Marketplace: A Hub for Cybercrime  Launched in March 2022, the BidenCash marketplace quickly gained notoriety in the criminal underworld. Operating as a one-stop shop for stolen financial data, the marketplace offered credit card numbers, expiration dates, CVV codes, and even personal identification details such as names, addresses, phone numbers, and emails. For each transaction facilitated on the site, BidenCash administrators collected a fee.  Over time, the platform grew to serve more than 117,000 users and facilitated the trafficking of over 15 million payment card records. In just under two years, it generated over $17 million in revenue.  To boost their visibility and expand their user base, BidenCash operators engaged in marketing strategies more often seen in legitimate businesses, such as promotional giveaways. Between October 2022 and February 2023, they released 3.3 million stolen credit card records for free, hoping to attract more buyers to their services.  The BidenCash marketplace wasn't limited to payment card data. It also offered stolen credentials to access computers, effectively enabling a range of unauthorized and potentially destructive cyber intrusions.  Beyond BidenCash: Ongoing Crackdown on Cybercrime Syndicates  This isn’t the first time federal authorities have disrupted cybercrime infrastructures. In a related case, the Department of Justice previously seized four domains tied to a crypting service—a software-based method for concealing malware from antivirus detection. These crypting and counter-antivirus (CAV) services allowed cybercriminals to deploy more advanced and undetectable malicious software, often linked to ransomware attacks.  According to an affidavit, undercover agents made purchases from the seized sites and traced connections to known ransomware groups operating in the U.S. and abroad, including in Houston. “Modern criminal threats require modern law enforcement solutions,” said U.S. Attorney Nicholas J. Ganjei. “This investigation struck at the infrastructure enabling cybercriminals, not just the end users.”  FBI Houston Special Agent in Charge Douglas Williams echoed the sentiment: “Cybercriminals don’t just create malware; they perfect it for maximum destruction.”  Operation Endgame: A Global Effort  These seizures were part of Operation Endgame, a multi-national law enforcement initiative focused on dismantling malware and cybercriminal services worldwide. On May 27, coordinated actions by U.S., Dutch, Finnish, German, French, and Danish authorities led to the takedown of several domain infrastructures supporting criminal activity.  The FBI Houston Field Office, along with the U.S. Secret Service and international partners, played a pivotal role in this effort. Assistant U.S. Attorneys Shirin Hakimzadeh and Rodolfo Ramirez are leading the prosecution, with AUSA Kristine Rollinson overseeing the seizures.  Earlier in May, another operation saw the seizure of nine DDoS-for-hire sites, commonly known as booter or stresser services. These services allow paying users to launch Distributed Denial-of-Service (DDoS) attacks, disrupting internet access for individuals, schools, government agencies, and gaming platforms.  The FBI and Poland’s Central Cybercrime Bureau, which arrested four site administrators, discovered that these sites had facilitated hundreds of thousands of DDoS attacks globally. While the services claimed to be for “network testing,” evidence showed they were routinely used to attack third-party systems.  Assistant U.S. Attorney Bill Essayli for the Central District of California stated, “Booter services facilitate cyberattacks that harm victims and compromise everyone’s ability to access the internet.” 

image for Proxy Services Feast ...

 A Little Sunshine

Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and   show more ...

anonymity services that are nested at some of America’s largest Internet service providers (ISPs). The findings come in a report that examines how the Russian invasion has affected Ukraine’s domestic supply of Internet Protocol Version 4 (IPv4) addresses. Researchers at Kentik, a company that measures the performance of Internet networks, found that while a majority of ISPs in Ukraine haven’t changed their infrastructure much since the war began in 2022, others have resorted to selling swathes of their valuable IPv4 address space just to keep the lights on. For example, Ukraine’s incumbent ISP Ukrtelecom is now routing just 29 percent of the IPv4 address ranges that the company controlled at the start of the war, Kentik found. Although much of that former IP space remains dormant, Ukrtelecom told Kentik’s Doug Madory they were forced to sell many of their address blocks “to secure financial stability and continue delivering essential services.” “Leasing out a portion of our IPv4 resources allowed us to mitigate some of the extraordinary challenges we have been facing since the full-scale invasion began,” Ukrtelecom told Madory. Madory found much of the IPv4 space previously allocated to Ukrtelecom is now scattered to more than 100 providers globally, particularly at three large American ISPs — Amazon (AS16509), AT&T (AS7018), and Cogent (AS174). Another Ukrainian Internet provider — LVS (AS43310) — in 2022 was routing approximately 6,000 IPv4 addresses across the nation. Kentik learned that by November 2022, much of that address space had been parceled out to over a dozen different locations, with the bulk of it being announced at AT&T. IP addresses routed over time by Ukrainian provider LVS (AS43310) shows a large chunk of it being routed by AT&T (AS7018). Image: Kentik. Ditto for the Ukrainian ISP TVCOM, which currently routes nearly 15,000 fewer IPv4 addresses than it did at the start of the war. Madory said most of those addresses have been scattered to 37 other networks outside of Eastern Europe, including Amazon, AT&T, and Microsoft. The Ukrainian ISP Trinity (AS43554) went offline in early March 2022 during the bloody siege of Mariupol, but its address space eventually began showing up in more than 50 different networks worldwide. Madory found more than 1,000 of Trinity’s IPv4 addresses suddenly appeared on AT&T’s network. Why are all these former Ukrainian IP addresses being routed by U.S.-based networks like AT&T? According to spur.us, a company that tracks VPN and proxy services, nearly all of the address ranges identified by Kentik now map to commercial proxy services that allow customers to anonymously route their Internet traffic through someone else’s computer. From a website’s perspective, the traffic from a proxy network user appears to originate from the rented IP address, not from the proxy service customer. These services can be used for several business purposes, such as price comparisons, sales intelligence, web crawlers and content-scraping bots. However, proxy services also are massively abused for hiding cybercrime activity because they can make it difficult to trace malicious traffic to its original source. IPv4 address ranges are always in high demand, which means they are also quite valuable. There are now multiple companies that will pay ISPs to lease out their unwanted or unused IPv4 address space. Madory said these IPv4 brokers will pay between $100-$500 per month to lease a block of 256 IPv4 addresses, and very often the entities most willing to pay those rental rates are proxy and VPN providers. A cursory review of all Internet address blocks currently routed through AT&T — as seen in public records maintained by the Internet backbone provider Hurricane Electric — shows a preponderance of country flags other than the United States, including networks originating in Hungary, Lithuania, Moldova, Mauritius, Palestine, Seychelles, Slovenia, and Ukraine. AT&T’s IPv4 address space seems to be routing a great deal of proxy traffic, including a large number of IP address ranges that were until recently routed by ISPs in Ukraine. Asked about the apparent high incidence of proxy services routing foreign address blocks through AT&T, the telecommunications giant said it recently changed its policy about originating routes for network blocks that are not owned and managed by AT&T. That new policy, spelled out in a February 2025 update to AT&T’s terms of service, gives those customers until Sept. 1, 2025 to originate their own IP space from their own autonomous system number (ASN), a unique number assigned to each ISP (AT&T’s is AS7018). “To ensure our customers receive the best quality of service, we changed our terms for dedicated internet in February 2025,” an AT&T spokesperson said in an emailed reply. “We no longer permit static routes with IP addresses that we have not provided. We have been in the process of identifying and notifying affected customers that they have 90 days to transition to Border Gateway Protocol routing using their own autonomous system number.” Ironically, the co-mingling of Ukrainian IP address space with proxy providers has resulted in many of these addresses being used in cyberattacks against Ukraine and other enemies of Russia. Earlier this month, the European Union sanctioned Stark Industries Solutions Inc., an ISP that surfaced two weeks before the Russian invasion and quickly became the source of large-scale DDoS attacks and spear-phishing attempts by Russian state-sponsored hacking groups. A deep dive into Stark’s considerable address space showed some of it was sourced from Ukrainian ISPs, and most of it was connected to Russia-based proxy and anonymity services. According to Spur, the proxy service IPRoyal is the current beneficiary of IP address blocks from several Ukrainian ISPs profiled in Kentik’s report. Customers can chose proxies by specifying the city and country they would to proxy their traffic through. Image: Trend Micro. Spur’s Chief Technology Officer Riley Kilmer said AT&T’s policy change will likely force many proxy services to migrate to other U.S. providers that have less stringent policies. “AT&T is the first one of the big ISPs that seems to be actually doing something about this,” Kilmer said. “We track several services that explicitly sell AT&T IP addresses, and it will be very interesting to see what happens to those services come September.” Still, Kilmer said, there are several other large U.S. ISPs that continue to make it easy for proxy services to bring their own IP addresses and host them in ranges that give the appearance of residential customers. For example, Kentik’s report identified former Ukrainian IP ranges showing up as proxy services routed by Cogent Communications (AS174), a tier-one Internet backbone provider based in Washington, D.C. Kilmer said Cogent has become an attractive home base for proxy services because it is relatively easy to get Cogent to route an address block. “In fairness, they transit a lot of traffic,” Kilmer said of Cogent. “But there’s a reason a lot of this proxy stuff shows up as Cogent: Because it’s super easy to get something routed there.” Cogent declined a request to comment on Kentik’s findings.

image for SecOps Need to Tackl ...

 Feed

AI is increasingly embedded into threat detection and response tools, but hallucinations can lead to false positive and inaccurate guidance. The AI-associated risk can't be completely eradicated, but SecOps teams can take steps to at least limit the effects.

 Feed

A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. "The attack was instrumented via a legitimate endpoint administration framework, indicating that the attackers likely had access to the administrative console, that was then used to issue malicious commands and deploy PathWiper across

 Feed

When generative AI tools became widely available in late 2022, it wasn’t just technologists who paid attention. Employees across all industries immediately recognized the potential of generative AI to boost productivity, streamline communication and accelerate work. Like so many waves of consumer-first IT innovation before it—file sharing, cloud storage and collaboration platforms—AI landed in

 Feed

India's Central Bureau of Investigation (CBI) has revealed that it has arrested four individuals and dismantled two illegal call centers that were found to be engaging in a sophisticated transnational tech support scam targeting Japanese citizens. The law enforcement agency said it conducted coordinated searches at 19 locations across Delhi, Haryana, and Uttar Pradesh on May 28, 2025, as part of

 Feed

Cybersecurity involves both playing the good guy and the bad guy. Diving deep into advanced technologies and yet also going rogue in the Dark Web. Defining technical policies and also profiling attacker behavior. Security teams cannot be focused on just ticking boxes, they need to inhabit the attacker’s mindset. This is where AEV comes in. AEV (Adversarial Exposure Validation) is an advanced

 Feed

Cybersecurity researchers are alerting to a new malware campaign that employs the ClickFix social engineering tactic to trick users into downloading an information stealer malware known as Atomic macOS Stealer (AMOS) on Apple macOS systems. The campaign, according to CloudSEK, has been found to leverage typosquat domains mimicking U.S.-based telecom provider Spectrum. "macOS users are served a

 Guest blog

Over Easter, retail giant Marks & Spencer (M&S) discovered that it had suffered a highly damaging ransomware attack that left some shop shelves empty, shut down online ordering, some staff unable to clock in and out, and caused some of its major suppliers to resort to pen and paper. In a gloating   show more ...

abuse-filled email to M&S CEO Stuart Machin, the DragonForce hacker group claimed responsibility for the attack. Read more in my article on the Hot for Security blog.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally   show more ...

transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the […] La entrada Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hardcoded Credentials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The threat actor known as Bitter has been assessed to be a state-backed hacking group that’s tasked with gathering intelligence that aligns with the interests of the Indian government. That’s according to new findings jointly published by Proofpoint and   show more ...

Threatray in an exhaustive two-part analysis. “Their diverse toolset shows consistent […] La entrada Researchers Detail Bitter APT’s Evolving Tactics as Its Geographic Scope Expands – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Security teams face growing demands with more tools, more data, and higher expectations than ever. Boards approve large security budgets, yet still ask the same question: what is the business getting in return? CISOs respond with reports on controls and vulnerability counts   show more ...

– but executives want to understand risk in […] La entrada Redefining Cyber Value: Why Business Impact Should Lead the Security Conversation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . An Iran-aligned hacking group has been attributed to a new set of cyber attacks targeting Kurdish and Iraqi government officials in early 2024. The activity is tied to a threat group ESET tracks as BladedFeline, which is assessed with medium confidence to be a sub-cluster   show more ...

within OilRig, a known Iranian […] La entrada Iran-Linked BladedFeline Hits Iraqi and Kurdish Targets with Whisper and Spearal Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Arielle Waldman Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security   show more ...

solution. There are several actions that could trigger this […] La entrada SecOps Need to Tackle AI Hallucinations to Improve Accuracy – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Alexander Culafi, Senior News Writer, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just   show more ...

performed triggered the security solution. There are several […] La entrada Digital Forensics Firm Cellebrite to Acquire Corellium – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Rob Wright Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada ‘PathWiper’ Attack Hits Critical Infrastructure In Ukraine – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cisco

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada Cisco Warns of Credential Vuln on AWS, Azure, Oracle Cloud – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Backdoored

Source: www.darkreading.com – Author: Kristina Beek, Associate Editor, Dark Reading Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed   show more ...

triggered the security solution. There are several actions […] La entrada Backdoored Malware Reels in Newbie Cybercriminals – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: Rob Wright Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Questions Swirl Around ConnectWise Flaw Used in Attacks – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.darkreading.com – Author: John Hurley Please enable cookies. Sorry, you have been blocked You are unable to access darkreading.com Why have I been blocked? This website is using a security service to protect itself from online attacks. The action you just performed triggered the security solution.   show more ...

There are several actions that could trigger this […] La entrada Finding Balance in US AI Regulation – Source: www.darkreading.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 A Little Sunshine

Source: krebsonsecurity.com – Author: BrianKrebs Image: Mark Rademaker, via Shutterstock. Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet   show more ...

address space are now in the hands of shadowy proxy and […] La entrada Proxy Services Feast on Ukraine’s IP Address Exodus – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs at risk, reveals a report from vpnMentor. Cybersecurity expert Jeremiah Fowler uncovered an unsecured database containing a whopping 12.2 terabytes of   show more ...

sensitive data, linked to an app-building platform. The exposed database, […] La entrada Unsecured Database Exposes Data of 3.6 Million Passion.io Creators – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: securityboulevard.com – Author: FireMon Skybox is gone, but your compliance deadlines, audit obligations, and security risks are very much alive. Here’s why EMEA organisations must act now, and how FireMon helps make the move fast, secure, and future-ready. When Skybox shut down operations, it   show more ...

didn’t just end a product lifecycle, it left hundreds of […] La entrada Skybox Is Gone. The Risk of Waiting Isn’t. – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . A critical infrastructure entity within Ukraine was targeted by a previously unseen data wiper malware named PathWiper, according to new findings from Cisco Talos. “The attack was instrumented via a legitimate endpoint administration framework, indicating that the   show more ...

attackers likely had access to the administrative console, that was then used to […] La entrada New PathWiper Data Wiper Malware Disrupts Ukrainian Critical Infrastructure in 2025 Attack – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have flagged several popular Google Chrome extensions that have been found to transmit data in HTTP and hard-code secrets in their code, exposing users to privacy and security risks. “Several widely used extensions […] unintentionally   show more ...

transmit sensitive data over simple HTTP,” Yuanjing Guo, a security researcher in the […] La entrada Popular Chrome Extensions Leak API Keys, User Data via HTTP and Hard-Coded Credentials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier HomeBlog Friday Squid Blogging: Squid Run in Southern New England Southern New England is having the best squid run in years. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Tags: squid Posted   show more ...

on June 6, […] La entrada Friday Squid Blogging: Squid Run in Southern New England – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier Hearing on the Federal Government and AI On Thursday I testified before the House Committee on Oversight and Government Reform at a hearing titled “The Federal Government in the Age of Artificial Intelligence.” The other speakers mostly talked about how cool   show more ...

AI was—and sometimes about how cool their own […] La entrada Hearing on the Federal Government and AI – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.schneier.com – Author: Bruce Schneier OpenAI just published its annual report on malicious uses of AI. By using AI as a force multiplier for our expert investigative teams, in the three months since our last report we’ve been able to detect, disrupt and expose abusive activity including social   show more ...

engineering, cyber espionage, deceptive employment schemes, […] La entrada Report on the Malicious Uses of AI – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. A recent investigation has revealed that several widely used Google Chrome extensions are transmitting sensitive user data over unencrypted HTTP connections, exposing millions of users to serious privacy and security risks. The findings, published by cybersecurity   show more ...

researchers and detailed in a blog post by Symantec, reveal how extensions such as: […] La entrada Popular Chrome Extensions Found Leaking Data via Unencrypted Connections – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Deeba Ahmed. iVerify’s NICKNAME discovery reveals a zero-click iMessage flaw exploited in targeted attacks on US & EU high-value individuals including political figures, media pros and executives from AI companies. iVerify, a leading mobile EDR security platform, has   show more ...

revealed the discovery of a previously unknown zero-click vulnerability in Apple’s iMessage service. […] La entrada NICKNAME: Zero-Click iMessage Exploit Targeted Key Figures in US, EU – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Scattered Spider, the ransomware collective believed to be behind recent retail hacks in the UK, including those targeting Marks & Spencer (M&S) and Harrods, has evolved its arsenal to incorporate more sophisticated tactics. In a new report published on   show more ...

June 5, ReliaQuest said, “what started as a run-of-the-mill SIM-swapping crew has […] La entrada Scattered Spider Uses Tech Vendor Impersonation and Phishing Kits to Target Helpdesks – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-06
Aggregator history
Friday, June 06
SUN
MON
TUE
WED
THU
FRI
SAT
JuneJulyAugust