Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Zero-Day Vulnerabili ...

 Cyber News

Microsoft has issued a warning about active cyberattacks targeting on-premises SharePoint servers widely used by government agencies and businesses. The cyberattacks exploit a zero-day vulnerability that has placed tens of thousands of servers at risk, prompting quick action to protect affected systems. The FBI   show more ...

confirmed it is aware of the situation and is coordinating efforts with federal and private-sector partners to mitigate the impact of the ongoing exploitation. On-Premises SharePoint Servers Under Attack In a security advisory released on July 20, 2025, Microsoft confirmed that the ongoing cyberattacks are limited to on-premises SharePoint Servers. The company clarified that SharePoint Online, the cloud-based version integrated with Microsoft 365, remains unaffected. The vulnerability, tracked as CVE-2025-53770 and CVE-2025-53771, enables an authorized attacker to perform spoofing attacks over a network. Spoofing involves impersonating a trusted source to gain unauthorized access, often leading to further system compromise or data theft. Zero-Day Vulnerability Actively Exploited This situation is described as a zero-day attack, meaning attackers are exploiting a previously unknown software flaw before a patch was made available. According to The Washington Post, the vulnerability has already been used to target various U.S. and global agencies and organizations. Though Microsoft did not disclose the identity of the threat actors or the scale of affected organizations, the flaw is considered severe due to the wide use of SharePoint servers in government, healthcare, education, and corporate sectors. Microsoft Releases Critical Security Updates Microsoft has rolled out security updates for SharePoint Server Subscription Edition and SharePoint Server 2019. These updates provide full protection against the exploited vulnerabilities. However, updates for SharePoint Server 2016 are still pending. Customers are urged to check Microsoft’s official blog for the latest developments. The company emphasized the importance of keeping systems updated and has published detailed guidance to help organizations apply the fixes effectively. Key Steps to Protect SharePoint Environments Microsoft outlined several mitigation steps to reduce exposure: Use Supported SharePoint Versions Ensure the use of supported versions such as SharePoint Server 2016, 2019, or Subscription Edition. Install July 2025 Security Updates Immediate application of the latest security updates is critical to preventing exploitation. SharePoint Server 2019: KB5002741 SharePoint Enterprise Server 2016: KB5002744 Enable AMSI (Antimalware Scan Interface) Microsoft recommends configuring AMSI integration with Defender Antivirus to detect and block malicious activities in real-time. AMSI was enabled by default in the September 2023 security update for SharePoint Server 2016/2019. For environments where AMSI cannot be enabled, Microsoft advises disconnecting the affected servers from the internet until a fix is available. Deploy Microsoft Defender for Endpoint Organizations should implement Defender for Endpoint or equivalent endpoint protection solutions to detect and contain post-exploitation activities. Rotate ASP.NET Machine Keys and Restart IIS After applying updates or enabling AMSI, it is essential to rotate the ASP.NET machine keys and restart IIS on all SharePoint servers to complete the security hardening process. Use PowerShell (Update-SPMachineKey cmdlet) or Central Administration to trigger the key rotation. Restart using iisreset.exe after rotation. Microsoft also mentioned that detection logs and additional telemetry can be monitored through Microsoft Defender Vulnerability Management for signs of exploitation attempts. CISA Join in Coordinated Response The FBI, in coordination with other agencies, is actively investigating the attacks. While no detailed statement was issued, the Bureau confirmed ongoing collaboration with public and private sector stakeholders to address the threat. In parallel, the Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2025-53770 to its Known Exploited Vulnerabilities Catalog, based on confirmed active exploitation. CISA emphasized that such vulnerabilities pose a serious risk to the federal enterprise and urged organizations to implement Microsoft’s recommended mitigations without delay. SharePoint Online Not Affected Microsoft confirmed that the attacks do not affect SharePoint Online, which is hosted in the cloud as part of Microsoft 365. Organizations using the cloud-based version can continue normal operations, though they are encouraged to stay informed about future threats. Security Update Summary Product KB Article Fixed Build Number SharePoint Server 2019 KB5002741 16.0.10417.20027 SharePoint Enterprise Server 2016 KB5002744 16.0.5508.1000 SharePoint Subscription Edition KB5002768 Security Update Released SharePoint Server 2016 (Full Fix) Pending In progress Next Steps and Recommendations Microsoft continues to assess the situation and has committed to updating its guidance as more information becomes available. Organizations running on-premises SharePoint servers should act immediately: Apply all recommended updates Enable protection tools and AMSI Rotate machine keys Monitor systems for signs of compromise With active exploitation in progress, prompt action is essential to safeguard sensitive data and maintain system integrity.

image for Japanese Police Rele ...

 Cyber News

To fight against cybercrime, Japan’s National Police Agency (NPA) has released a free decryption tool for victims of the Phobos and 8Base ransomware variants. The decryptor, made publicly available in collaboration with international law enforcement agencies, aims to assist thousands of organizations worldwide that   show more ...

have suffered from ransomware attacks since 2019. The Japanese police revealed decryption utility along with an English-language user guide, offering relief to affected organizations across multiple sectors. The initiative follows extensive international cooperation involving the European Cybercrime Centre (Europol), the FBI, and law enforcement agencies in the U.S., Germany, South Korea, France, and Thailand. The FBI's Baltimore field office led the investigation, which earlier this year resulted in the takedown of key elements of the Phobos ransomware infrastructure and criminal charges against several alleged affiliates. [caption id="attachment_104010" align="aligncenter" width="753"] Source: X[/caption] Background on Phobos and 8Base Ransomware Phobos ransomware first emerged in 2019 and is known for targeting small to mid-sized organizations, demanding relatively modest ransom payments, many under $100,000. According to U.S. prosecutors, Phobos operators and affiliates have collectively extorted more than $16 million from over 1,000 victims globally. The 8Base ransomware group, which emerged as a spinoff in mid-2023, leveraged Phobos’s infrastructure to develop its own variant. Europol previously stated that 8Base tailored attacks for maximum impact using Phobos’s encryption and delivery mechanisms. The group has been particularly aggressive with its double extortion tactics, encrypting victims’ data and threatening to publish the stolen files unless a ransom was paid. Notable targets of 8Base include: The United Nations Development Programme The Atlantic States Marine Fisheries Commission Critical Infrastructure Among the Victims U.S. authorities warned earlier this year that Phobos and its variants had affected state, local, tribal, and territorial government entities. The targets included public healthcare services, emergency services, education systems, and law enforcement. The damages amounted to millions of dollars in ransom payments and disrupted operations. Victim examples from court documents include: California public school system – Paid $300,000 (Summer 2023) Maryland accounting firm for federal agencies – Paid $12,000 (Early 2021) Pennsylvania healthcare organization – Paid $20,000 (Spring 2022) Maryland healthcare groups – Paid $25,000 and $37,000 (Summer 2022) North Carolina children’s hospital – Paid $100,000 (Fall 2023) Other victims include contractors for the U.S. Department of Defense and Energy, public school systems in Connecticut, a New York law enforcement union, and a federally recognized tribe. Law Enforcement Hits Back The global investigation culminated in several high-profile arrests: Evgenii Ptitsyn, an alleged administrator of Phobos, was extradited from South Korea in November. Another suspect was arrested in Italy after an international arrest warrant was issued by French authorities. A Thai police operation dubbed “PHOBOS AETOR” led to the arrest of four individuals—two men and two women—in Phuket. The U.S. Department of Justice later break open charges against Roman Berezhnoy (33) and Egor Nikolaevich Glebov (39), who are accused of using the Phobos ransomware to generate over $16 million in illicit revenue. According to the indictment, the duo profited by distributing Phobos code to affiliates on the dark web. When victims paid for decryption, affiliates shared a portion—often $300—with the administrators. Prosecutors confirmed that Ptitsyn controlled the main cryptocurrency wallet used to collect these fees. In tandem with the arrests, law enforcement agencies dismantled over 100 servers used in the ransomware operations and issued alerts to more than 400 companies that were either under threat or already compromised. How to Use the Free Decryption Tool The decryption tool, named “PhDec Decryptor,” is available for free download via the No More Ransom portal (https://www.nomoreransom.org). The software can decrypt a wide range of files encrypted by Phobos or 8Base ransomware variants. Supported File Extensions: .phobos .8base .elbie .faust .LIZARD Additional extensions matching the naming convention {Original Filename}.id[{8 random characters}–{4 digit numbers}].[{Mail address}].{File Extensions} Note: Decryption may not be successful if the files were corrupted during the encryption process or if encryption keys were broken. Step-by-Step Guide to Use Decryption Tool Download & Run the Tool: Download from No More Ransom and execute the .exe file. Users may need to override antivirus warnings. Agree to Terms of Service: Review and accept terms before proceeding. Select Files or Folder: Choose a single file or entire folders for decryption. Drag-and-drop functionality is supported. Set Output Directory: Specify where decrypted files should be saved. Start Decryption: Press [Decrypt] to initiate the process. Check Results: On completion, a message confirms success. Results include the number of successfully decrypted, failed, and unsupported files. Output reports are generated in .txt, .csv, and .log formats to provide detailed feedback on the decryption process. Conclusion As ransomware continues to evolve, coordinated law enforcement action and accessible resources like this tool offer a lifeline to organizations hit by such debilitating attacks. Victims are encouraged to avoid paying ransoms, use the free decryptor, and report incidents to local and international cybersecurity authorities. Caution for Victims: While the decryptor offers hope, the Japanese NPA cautions that it does not guarantee the integrity of all decrypted files, especially if the original encryption was flawed or if the files were altered post-attack.

image for Phishing Attack Bypa ...

 Cyber News

A phishing campaign is bypassing FIDO key authentication by exploiting cross-device sign-in features, a managed detection and response (MDR) provider has discovered. The attack campaign, reported by Expel, doesn’t involve any vulnerabilities in FIDO keys, but rather exploits the cross-device sign-in functionality   show more ...

developed for user convenience that allows them to sign in on a device that doesn’t have a passkey by using a second device that does. FIDO Key Attack Starts with Phishing Email The attack started with a phishing email sent to employees at an Expel customer that attempted to direct them to a fake login page. A user was tricked onto entering their user name and password into the site, then was presented with a QR code. “What happened behind the scenes is the phishing site automatically sent the stolen username and password to the legitimate login portal of the organization, along with a request to utilize the cross-device sign-in feature of FIDO keys,” the Expel blog said. The login portal then displayed a QR code, which the phishing site captured and relayed back to the user on the fake site. “The user scans it with their MFA authenticator, the login portal and the MFA authenticator communicate, and the attackers are in,” the blog said. That process effectively bypassed the FIDO key protections. There was no evidence of further malicious activity in the attack, which was attributed to the PoisonSeed crypto phishing attack group, but Expel said it’s not the only recent case its security operations center (SOC) has seen of threat actors attempting to abuse FIDO keys. In another case, which likely started with a phishing email, an attacker “reset the user’s password and then enrolled their own FIDO key within the account.” Protecting FIDO Keys from Attack FIDO keys “are still a worthwhile investment when it comes to securing accounts,” the authors said, but the rise in attacks targeting FIDO keys gives security teams one more potential threat to monitor - along with some possible controls to better secure FIDO keys. Possible controls include limiting the geographic locations that users are allowed to log in from, and establishing a registration process for when users travel to different areas. Monitoring for registration of unexpected keys or unexpected key brands, multiple keys for one user, and keys registered in quick succession are other signs of potential malicious activity. The researchers also recommended one additional security feature for cross-device sign-in – requiring Bluetooth communication between a mobile device with an MFA authenticator and an unregistered device a user wants to log into. “This effectively means the user has to be at the system that’s logging into the portal when they scan the QR code,” the blog said. “Enabling this feature will reduce the chances that attackers can use this AitM phishing attack to almost zero.”

image for CrushFTP Servers Hit ...

 Firewall Daily

A new zero-day vulnerability in CrushFTP file transfer servers is being actively exploited by cybercriminals, compromising systems around the world. Tracked as CVE-2025-54309, the CrushFTP zero-day vulnerability was first observed in active exploitation on July 18, 2025.  This zero-day vulnerability in CrushFTP is   show more ...

particularly dangerous due to the stealthy nature of the attack vector, which leverages both HTTP and HTTPS protocols to infiltrate vulnerable servers. This automatically makes internet-facing instances of CrushFTP especially susceptible to unauthorized access if not promptly patched.  CVE-2025-54309: Vulnerability Details and Origins  The attackers behind CVE-2025-54309 reverse-engineered CrushFTP’s codebase to uncover and weaponize a flaw that had technically been addressed in prior updates but remained exploitable in outdated installations. This means organizations that have not kept up with regular patching cycles are now vulnerable to this active threat.  In an official statement, CrushFTP noted, “Hackers apparently reverse engineered our code and found some bug which we had already fixed. They are exploiting it for anyone who has not stayed current on new versions.” The company believes the exploited bug existed in builds prior to July 1, 2025, and that newer versions had already silently patched the issue during unrelated updates to AS2 functionality over HTTP(S).  Affected Versions  The vulnerability affects the following builds:  Version 10: All versions below 10.8.5 Version 11: All versions below 11.3.4_23 Users running these versions who haven’t updated may already be compromised, especially if their servers are directly accessible over the internet.  Signs of Compromise  CrushFTP has released a list of indicators to help system administrators detect possible exploitation:  Presence of "last_logins" entries in user.XML (not normally present)  Recent modification timestamps on the default user.XML file  The default user unexpectedly has admin rights  Strange, long random user IDs (e.g., 7a0d26089ac528941bf8cb998d97f408m)  Unknown admin-level accounts are being created  Disappearance of user interface buttons, or unexpected Admin buttons on user accounts  The altered version displays used by attackers to mask the true server state  Administrators are also being warned that threat actors are reusing scripts from previous exploits to deploy additional payloads on affected systems.  Remediation and Recovery  Organizations suspecting a breach are urged to immediately restore the default user profile from a backup created before July 16, 2025. The backup is located in:  swift  CopyEdit  CrushFTP/backup/users/MainUsers/default   Because these zip files may not be compatible with native Windows extraction tools, users are advised to use software like 7-Zip, WinRAR, macOS Archive Utility, or WinZip.  If backups are unavailable, deleting the default user will trigger CrushFTP to recreate it, though any custom configurations will be lost.  Preventive Measures and Recommendations  To mitigate future risks, CrushFTP recommends the following actions:  Whitelist IP addresses that can access the server  Restrict administration access by IP  Deploy a DMZ-based CrushFTP proxy in enterprise environments  Enable automatic updates within the server preferences  Sign up for emergency notifications via CrushFTP Support  The company emphasized the importance of proactive patching: “Anyone who had kept up to date was spared from this exploit.” 

image for Cyberattack on CoinD ...

 Cyber News

Indian cryptocurrency exchange CoinDCX has confirmed a cyberattack that resulted in a loss of approximately $44 million. The CoinDCX cyberattack, which occurred on July 19, 2025, targeted one of the platform’s internal operational accounts. CoinDCX co-founders have assured users that no customer's funds were   show more ...

affected by the breach, and that trading operations remain uninterrupted.  Co-founder Neeraj Khandelwal disclosed the breach in a public post on X (formerly Twitter) on July 20, stating that the team had been working intensively to manage and investigate the incident. “We suffered a security attack early this morning (~17 hours ago),” Khandelwal posted. He clarified that the breach was limited to an internal account used solely for liquidity provisioning on a partner's exchange.  “All the customer assets are safe, and the trading activity plus the INR withdrawals continue unhindered,” he said. Crypto withdrawals, for users who have access enabled, also remain operational.  [caption id="attachment_104027" align="aligncenter" width="658"] CoinDCX cyberattack confirmed (Source: X)[/caption] CoinDCX emphasized that its customer wallets were not compromised due to the segregation between user assets and operational funds. “The incident was quickly contained by isolating the affected operational account,” Khandelwal explained, adding that the loss would be absorbed by the company’s treasury reserves.  Responding to the CoinDCX Cyberattack  CoinDCX co-founder and CEO Sumit Gupta also addressed the breach directly to reassure the community. In his statement, Gupta reiterated the platform’s commitment to transparency, confirming that customer funds remain “completely safe and protected in our secure cold wallet infrastructure.”  [caption id="attachment_104028" align="aligncenter" width="590"] Sumit Gupta detailing the CoinDCX cyberattack (Source: X)[/caption] He further explained that CoinDCX had initiated a full-scale investigation with the help of top cybersecurity firms and forensic experts. "We are collaborating with the exchange partner to block and recover assets, and we’re also launching a bug bounty program," he said. The company is taking additional steps to patch any vulnerabilities in its infrastructure to prevent similar incidents in the future.  The cyberattack on CoinDCX has prompted the company to temporarily suspend operations of its Web3 platform as a precautionary measure. However, CoinDCX assured users that all Web3 customer funds are also safe and that the service will resume shortly.  Conclusion  Gupta acknowledged that while the CoinDCX cyberattack was distressing, it also presents an opportunity for the company and the broader crypto industry to strengthen defenses against cyber threats. “Every security incident is a learning,” he said. “We commit to work together with experts to secure our industry. This is our time to win the war against cyberthreats.”  The Cyber Express has reached out to CoinDCX to learn more about this cyber incident. However, at the time of writing this, no official statement or response had been received. This is a developing story, and The Cyber Express will be closely monitoring the situation. We’ll update this post once we have more information on the CoinDCX cyberattack or any new statements from the company.  

image for Back-to-school cyber ...

 Home + Mobile

Summer is flying by and before you know it, you’ll be buying backpacks and taking first-day-of-school photos. Back-to-school season brings new classes and friends, but it also brings new digital dangers. By the time you’ve dropped your kids off for their first day of class, chances are they’ve already been   show more ...

exposed to their first cyberthreat of the day. New devices, new online accounts, and relaxed summer screen habits could make your children vulnerable to a slew of online threats. Numbers you need to know For most kids, especially teenagers, being online is a big part of daily life. From scrolling through TikTok and watching YouTube videos to chatting with friends and gaming, 46% of teens say they’re online “almost constantly.” Cybercriminals know this and are always looking for opportunities to cash in on your kids’ online activity. Threats like social media phishing have skyrocketed from 18.9% to 42.8%. Some of these scams are directly aimed at children, including a rash of fake school emails designed to steal sensitive personal information. Since more than 80% of data breaches start with stolen passwords, it’s more important than ever that your children use strong passwords that are difficult to crack. The good news? We’ve put together a digital safety checklist to help you boost your entire family’s cybersecurity in just one weekend. Real-life risks in your child’s digital day Phishing & social engineering: Let’s say your teenage daughter gets a text that reads, “Your grades won’t post unless you verify your information now.” Or maybe she gets an email that asks for her student login to update her records. Phishing and social engineering scams use threats and a sense of urgency to get you to click links and share personal information. Make sure your kids know to question any sudden or unusual request, and always bring it to you for verification before taking any action. Gaming & app-related hazards: Your son’s gaming buddy asks to move their conversation to a private app. Seems harmless enough, but is this someone your son really knows? Gaming sites are often part of a child’s social life, and that’s exactly why they’re a popular place for scams. Kids get urged to make in-game purchases that run up mom and dad’s credit card bills. They get invites to unfamiliar apps and private chats that can lead to crimes like credit card theft and inappropriate contact with strangers. Scammers and predators often target kids through chat features and build trust so they can take advantage of them, both personally and financially. Remind your children that not everyone they meet online is who they say they are. For their safety, they should only trust the friends they actually know IRL (in real life). Social media dangers: Oversharing personal information: Your child’s classmate screenshots a private message and shares it on social media. It’s a seemingly small act that can have lasting consequences, from public embarrassment to cyberbullying. One of the biggest perils of social media can be oversharing personal details. Location tracking and location tagging can expose sensitive information like addresses, schools and current locations. Talk with your kids about keeping private information private by being careful who they chat with and by using location sharing and tagging wisely. Negative mental health effects: While there are many rewards to social media, excessive use can have a negative effect on your child’s mental health. Too much time spent scrolling can lead to social isolation, lack of sleep and lack of outdoor activity. Be sure to talk with you kids about creating healthy digital habits, which includes regular breaks from devices. Academic integrity issues: With AI use on the rise, it’s only fair to expect your kids will use ChatGPT or another AI tool to help with their homework. But it’s important to explain that while AI can be used to help them study, it shouldn’t do their work for them. As AI tools become more sophisticated, so do detection tools that identify plagiarism and other forms of cheating. The same goes for sharing homework or posting test answers online. Make sure your kids know that the consequences of cheating can include failing grades and disciplinary action at school. Encourage them to stay academically honest and try to offer to help them with their studies if they need it. Sextortion & online predators: The toughest topic to bring up with your children may be the most important one. Online predators are skilled at manipulation and tend to be very difficult to spot, especially for a child. Sextortion is a form of blackmail. It often occurs when an adult poses as a peer and builds an online relationship with a child. The scammer then pressures the child for private photos and information, which they can use for blackmail purposes. Even if a child has never shared a sexually explicit photo, they can still fall victim to sextortion. Recently, scammers have been using AI to transform an innocent photo of a child, usually taken from a social media profile, into a sexually explicit photo. They then use these very realistic photos to blackmail the victim. Have open conversations with your kids and encourage them to share details about any online relationships with you. Explain that you respect their privacy but need to have regular check-ins to keep them safe. Your back-to-school digital security action plan Want to secure your whole family’s digital life? Complete this back-to-school digital security checklist and use it to protect your entire household in under an hour. Complete this weekend: Install reputable antivirus software: Keep your family cyber safe by installing antivirus software on all devices. Webroot Total Protection offers comprehensive online security and protection for up to ten devices. It includes real-time monitoring to safeguard you from bank and credit card fraud and identity theft. Enable automatic updates: Outdated software puts you and your family at risk for cyberfraud. Protect your important digital data by enabling automatic updates for all your apps, software and devices. This ensures you always have the latest security patches, and you can schedule updates to happen overnight, so they won’t interrupt your family’s screen time. Create a strong Wi-Fi password: Every smart home device you have, from Nest thermostats to Ring doorbell cameras, connects to your Wi-Fi and creates an opportunity for hackers to break in. Be sure to lock down your home network by creating a strong  password for your router.  Set up encrypted connections: Consider using a VPN (Virtual Private Network) to protect your personal information. Whether you’re at home or public Wi-Fi, Webroot Secure VPN provides encrypted connections for safe browsing and online transactions. Create a backup system for schoolwork and important files: Keep all your homework, projects and other valuable files safe from online fraud with regular backups. Carbonite offers automatic, encrypted backups and unlimited cloud storage, giving you peace of mind that your digital data is always stored safely and easy to restore. Monthly tasks (general): Review and update passwords: Pick your child’s three most important passwords and update them together. Be sure to make them long and strong – nothing easy to guess like “12345”, “password”, or your pet’s name. Check your child’s app downloads and permissions: Remove unnecessary apps and manage permissions to deny unwanted data sharing. Review parental control settings: Review parental control settings on all devices and adjust as needed. Elementary (6-10 years)This week: Set up strict parental controls: Make managing screen time and content access on all devices easy with Webroot Parental Controls. Whether your kids are playing Minecraft or chatting on Discord, it’s an easy way to keep them safe while giving them space. It even lets you tailor different levels of protection according to their ages. Create a “safe list”: Make a list of parent-approved websites and apps for your kids. Establish device-free homework zones and times: Create a digital detox zone in your home to disengage from all things digital – no texting, email or social media allowed! Practice the “ask first” rule: Teach your kids to ask a parent before accessing any new downloads or websitesOngoing: Monitor all online activity: Always be aware of the games, apps and sites your child uses and anyone they are communicating with. Keep devices in common areas: Limit online activity to spaces in your home where it’s easy to keep an eye on what your kids are doing. Teach basic online “stranger danger”: Stranger danger is just as important for online interactions as it is for in-person encounters. Be sure your child knows the basics to keep them safe in all situations. Middle school (11-13 years)This week: Set up password manager and teach them to use it: Strong, unique passwords are a simple, yet powerful security tool. Webroot solutions include password managers that store your credentials and credit card information and automatically fill in login information for you. Start using Webroot’s password manager with your kids and teach them how easy it is to generate secure passwords. Configure social media privacy settings: Work together with your kids to create safe social media settings. Establish screen time limits: Create screen time limits and stick to consequences if the agreement is broken. Create a family media agreement with clear rules: Create a media-use contract together and be sure to include screen time, study time, and mental health breaks.Ongoing: Check-in regularly about online experiences: Establish a monthly check-in to discuss what they’re seeing and experiencing online. Monitor friend lists and follower requests: Regularly check on and manage new friend and follower requests for your children. Instill in your children to not accept friend requests from anyone they do not know IRL. Discuss oversharing risks: Remind your kids to not share  locations, school names, and other personal details on social media. High school (14-18 Years)This week: Transition to collaborative security: Work together with your teens to create a security plan. Discuss the need for a digital safety strategy in a matter-of-fact way, just as you’d discuss the need for driving safety rules. Review the need for password security and remind them how important it is that they never share their passwords with anyone but their parents or caregivers. Discuss the impact of their digital footprint: Remind your kids that their current digital lives can have an impact on their future. Explain how social media profiles, postings, and other content can affect college applications and job opportunities and their safety. Set up two-factor authentication: Establish and enforce two-factor authentication (2FA) on all important accounts, such as email, banking and even social media. Review gaming and social media privacy settings: Gaming apps are often automatically set to share personal information. Work with your teen to review and adjust settings. Ongoing: Monthly “digital wellness” conversations: Make sure to check in with your teens on the emotional effects of their online habits. Discuss academic integrity: Talk about AI cheating, online ethics, and responsible use. Set boundaries about using AI tools for schoolwork. Address dating app safety and sextortion risks: No matter how uncomfortable it may be, be straightforward with your kids about the risks of sexting. Be sure they understand that any sexual messages or images they share digitally can live forever. Even on a platform like Snapchat, where images are supposed to be temporary, someone can screenshot, save and share messages and images with others. Just one text to the wrong person could have deeply painful and humiliating consequences. Conversation starters that work Starting conversations about online safety with your kids isn’t always easy, but with the right approach, you can help them build digital confidence and awareness. For elementary kids: “Let’s be internet detectives today! Can you help me spot what’s real and what’s fake in these emails?” “Your computer is like your house – we need to lock the doors. Let me show you how.” For middle schoolers: “I saw this news story about a kid your age who had their account hacked. Want to check if yours is secure?” “What would you do if someone online asked you to keep a secret from me?” For high schoolers: “I’m not trying to spy on you, but I do want to make sure you know how to protect yourself online. Can we talk about what you’ve been seeing?” “Have you ever gotten a message or email that made you suspicious or uncomfortable? What did you do?” Webroot offers real-time protection to keep your family safe online without slowing down devices during homework time. With coverage for multiple devices, including phones, tablets, and computers, it’s easy to protect every member of your household. Cybersecurity doesn’t go on summer break, so take an hour this weekend to complete the checklist and strengthen your family’s digital defenses before the first bell rings. With Webroot’s powerful tools, you’ll get year-round protection, so you can focus on having a safe, smart, and cyber-savvy school year! Additional resources: Benefits and Risks of Technology for Teens Phishing Scams Aimed at Students Building Online Defenses for the Whole Family Keeping Kids Safe Online Cybersecurity for Students The post Back-to-school cyber safety: Parent checklist appeared first on Webroot Blog.

image for Update Microsoft Sha ...

 Business

Unknown malefactors are actively attacking companies that use SharePoint Server 2016, SharePoint Server 2019 and SharePoint Server Subscription Edition. By exploiting a chain of two vulnerabilities CVE-2025-53770 (CVSS rating 9.8) and CVE-2025-53771 (CVSS rating 6.3), attackers are able to execute malicious code on   show more ...

the server remotely. The severity of the situation is highlighted by the fact that patches for the vulnerabilities were released by Microsoft late Sunday night. To protect the infrastructure, researchers recommend installing the updates as soon as possible. The attack via CVE-2025-53770 and CVE-2025-53771 Exploitation of this pair of vulnerabilities allows unauthenticated attackers to take control of SharePoint servers, and therefore not only gain access to all the information stored on them, but also use the servers to spread their attack on the rest of the infrastructure. Researchers at EYE Security state that even before the Microsoft bulletins were published, they had seen two waves of attacks using this vulnerability chain, resulting in dozens of servers being compromised. Attackers install web shells on vulnerable SharePoint servers and steal cryptographic keys that can later allow them to impersonate legitimate services or users. This way they can to gain access to compromised servers even after the vulnerability has been patched and the malware destroyed. Relationship to CVE-2025-49704 and CVE-2025-49706 vulnerabilities (ToolShell chain) Researchers noticed that the exploitation of the CVE-2025-53770 and CVE-2025-53771 vulnerability chain is very similar to the ToolShell chain of two other vulnerabilities, CVE-2025-49704 and CVE-2025-49706, demonstrated in May, as part of the Pwn2Own hacking competition in Berlin. Those two were patched by previously released updates, but apparently not perfectly. By all indications, the new pair of vulnerabilities is an updated ToolShell chain, or rather a bypass of the patches that fix it. This is confirmed by Microsofts remarks in the description of the new vulnerabilities: Yes, the update for CVE-2025-53770 includes more robust protections than the update for CVE-2025-49704. The update for CVE-2025-53771 includes more robust protections than the update for CVE-2025-49706. How to stay safe? The first thing to do is install the patches, and before rolling out the emergency updates released yesterday, you should install the regular July KB5002741 and KB5002744. At the time of writing this post, there were no patches for SharePoint 2016, so if youre still using this version of the server, youll have to rely on compensating measures. You should also make sure that robust protective solutions are installed on the servers and that the Antimalware Scan Interface (AMSI), which helps Microsoft applications and services to interact with running cybersecurity products, is enabled. Researchers recommend replacing machine keys in ASP.NET on vulnerable SharePoint servers (you can read how to do this in Microsofts recommendations), as well as other cryptographic keys and credentials that may have been accessed from the vulnerable server. If you have reason to suspect that your SharePoint servers have been attacked, it is recommended that you check them for indicators of compromise, primarily the presence of the malicious spinstall0.aspx file. If your internal incident response team lacks the in-house resources to identify indicators of compromise or remediate the incident, we advise you to contact third-party experts.

image for Microsoft Fix Target ...

 Latest Warnings

On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint flaw to breach U.S. federal and state agencies,   show more ...

universities, and energy companies. Image: Shutterstock, by Ascannio. In an advisory about the SharePoint security hole, a.k.a. CVE-2025-53770, Microsoft said it is aware of active attacks targeting on-premises SharePoint Server customers and exploiting vulnerabilities that were only partially addressed by the July 8, 2025 security update. The Cybersecurity & Infrastructure Security Agency (CISA) concurred, saying CVE-2025-53770 is a variant on a flaw Microsoft patched earlier this month (CVE-2025-49706). Microsoft notes the weakness applies only to SharePoint Servers that organizations use in-house, and that SharePoint Online and Microsoft 365 are not affected. The Washington Post reported on Sunday that the U.S. government and partners in Canada and Australia are investigating the hack of SharePoint servers, which provide a platform for sharing and managing documents. The Post reports at least two U.S. federal agencies have seen their servers breached via the SharePoint vulnerability. According to CISA, attackers exploiting the newly-discovered flaw are retrofitting compromised servers with a backdoor dubbed “ToolShell” that provides unauthenticated, remote access to systems. CISA said ToolShell enables attackers to fully access SharePoint content — including file systems and internal configurations — and execute code over the network. Researchers at Eye Security said they first spotted large-scale exploitation of the SharePoint flaw on July 18, 2025, and soon found dozens of separate servers compromised by the bug and infected with ToolShell. In a blog post, the researchers said the attacks sought to steal SharePoint server ASP.NET machine keys. “These keys can be used to facilitate further attacks, even at a later date,” Eye Security warned. “It is critical that affected servers rotate SharePoint server ASP.NET machine keys and restart IIS on all SharePoint servers. Patching alone is not enough. We strongly advise defenders not to wait for a vendor fix before taking action. This threat is already operational and spreading rapidly.” Microsoft’s advisory says the company has issued updates for SharePoint Server Subscription Edition and SharePoint Server 2019, but that it is still working on updates for supported versions of SharePoint 2019 and SharePoint 2016. CISA advises vulnerable organizations to enable the anti-malware scan interface (AMSI) in SharePoint, to deploy Microsoft Defender AV on all SharePoint servers, and to disconnect affected products from the public-facing Internet until an official patch is available. The security firm Rapid7 notes that Microsoft has described CVE-2025-53770 as related to a previous vulnerability — CVE-2025-49704, patched earlier this month — and that CVE-2025-49704 was part of an exploit chain demonstrated at the Pwn2Own hacking competition in May 2025. That exploit chain invoked a second SharePoint weakness — CVE-2025-49706 — which Microsoft unsuccessfully tried to fix in this month’s Patch Tuesday. Microsoft also has issued a patch for a related SharePoint vulnerability — CVE-2025-53771; Microsoft says there are no signs of active attacks on CVE-2025-53771, and that the patch is to provide more robust protections than the update for CVE-2025-49706. This is a rapidly developing story. Any updates will be noted with timestamps.

 Cybercrime

Researchers from the cybersecurity firm Lookout detected the latest version of DCHSpy one week after Israel’s June bombing campaign targeting Iran’s nuclear program began. DCHSpy was first detected in 2024, but has since evolved and can now exfiltrate data from WhatsApp and files stored on devices, Lookout said.

 Feed

Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also released details of another vulnerability that it said has been addressed with "more robust protections." The tech giant acknowledged it's "aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed by the July Security

 Feed

Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. "Hard-coded login credentials were found in HPE

 Feed

A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive.  Although the service has since shuttered after browser makers took steps to ban miner-related apps and add-ons, researchers from the c/side said they found evidence of a stealthy

 Feed

Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to downgrade Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.FIDO keys are hardware- or software-based authenticators designed to eliminate phishing by binding logins to specific domains using public-private key

 Feed

Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying unnoticed—slipping through the cracks in what we monitor and what we assume is safe. What once looked suspicious now blends in, thanks to

 Feed

By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than satisfy baseline regulatory mandates. It underpins cyber resilience, secures third-party partnerships, and ensures uninterrupted

 Feed

Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection service offered by SpaceX. Mobile security vendor Lookout said it discovered four samples of a surveillanceware tool it tracks

 Feed

The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. "The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their malware," Kaspersky researchers Denis Kulik and Daniil Pogorelov said. "One of the C2s [command-and-control servers] was a captive

 Denial of Service

The hacking group NoName057(16) has been operating since 2022, launching cyber attacks on government organisations, media bodies, critical infrastructure, and private companies in Ukraine, America, Canada, and across Europe in a seeming attempt to silence voices that the group considers anti-Russian. Read more in my article on the Hot for Security blog.

 Cyber Security News

Source: thehackernews.com – Author: . The financially motivated threat actor known as EncryptHub (aka LARVA-208 and Water Gamayun) has been attributed to a new campaign that’s targeting Web3 developers to infect them with information stealer malware. “LARVA-208 has evolved its tactics, using fake AI   show more ...

platforms (e.g., Norlax AI, mimicking Teampilot) to lure victims with job […] La entrada EncryptHub Targets Web3 Developers Using Fake AI Platforms to Deploy Fickle Stealer Malware – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Critical

Source: thehackernews.com – Author: . A critical security vulnerability in Microsoft SharePoint Server has been weaponized as part of an “active, large-scale” exploitation campaign. The zero-day flaw, tracked as CVE-2025-53770 (CVSS score: 9.8), has been described as a variant of CVE-2025-49706   show more ...

(CVSS score: 6.3), a spoofing bug in Microsoft SharePoint Server that was addressed by […] La entrada Critical Unpatched SharePoint Zero-Day Actively Exploited, Breaches 75+ Company Servers – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have alerted to a supply chain attack that has targeted popular npm packages via a phishing campaign designed to steal the project maintainers’ npm tokens. The captured tokens were then used to publish malicious versions of the packages   show more ...

directly to the registry without any source code commits or […] La entrada Malware Injected into 5 npm Packages After Maintainer Tokens Stolen in Phishing Attack – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securelist.com – Author: Denis Kulik, Daniil Pogorelov Introduction Some time ago, Kaspersky MDR analysts detected a targeted attack against government IT services in the African region. The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their   show more ...

malware. One of the C2s was a captive SharePoint server within the […] La entrada Rumble in the jungle: APT41’s new target in Africa – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed a novel attack technique that allows threat actors to downgrade Fast IDentity Online (FIDO) key protections by deceiving users into approving authentication requests from spoofed company login portals.FIDO keys are hardware- or   show more ...

software-based authenticators designed to eliminate phishing by binding logins to specific domains using public-private […] La entrada PoisonSeed Hackers Bypass FIDO Keys Using QR Phishing and Cross-Device Sign-In Abuse – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Microsoft on Sunday released security patches for an actively exploited security flaw in SharePoint and also disclosed details of another vulnerability that it said has been addressed with “more robust protections.” The tech giant acknowledged it’s   show more ...

“aware of active attacks targeting on-premises SharePoint Server customers by exploiting vulnerabilities partially addressed […] La entrada Microsoft Releases Urgent Patch for SharePoint RCE Flaw Exploited in Ongoing Cyber Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Hewlett-Packard Enterprise (HPE) has released security updates to address a critical security flaw affecting Instant On Access Points that could allow an attacker to bypass authentication and gain administrative access to susceptible systems. The vulnerability, tracked as   show more ...

CVE-2025-37103, carries a CVSS score of 9.8 out of a maximum of 10.0. […] La entrada Hard-Coded Credentials Found in HPE Instant On Devices Allow Admin Access – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . A new attack campaign has compromised more than 3,500 websites worldwide with JavaScript cryptocurrency miners, marking the return of browser-based cryptojacking attacks once popularized by the likes of CoinHive.  Although the service has since shuttered after browser   show more ...

makers took steps to ban miner-related apps and add-ons, researchers from the c/side […] La entrada 3,500 Websites Hijacked to Secretly Mine Crypto Using Stealth JavaScript and WebSocket Tactics – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. If you find that your email has been hacked, your immediate reaction is probably wondering what you should do next. Take a deep breath before jumping into action. In this guide, we will take a look at the signs of a hacked email account, the steps to take to   show more ...

[…] La entrada My email has been hacked! What should I do next? – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China

Source: www.schneier.com – Author: Bruce Schneier ProPublica is reporting: Microsoft is using engineers in China to help maintain the Defense Department’s computer systems—with minimal supervision by U.S. personnel—leaving some of the nation’s most sensitive data vulnerable to hacking from its leading   show more ...

cyber adversary, a ProPublica investigation has found. The arrangement, which was critical to Microsoft […] La entrada Another Supply Chain Vulnerability – Source: www.schneier.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CISA

Source: krebsonsecurity.com – Author: BrianKrebs On Sunday, July 20, Microsoft Corp. issued an emergency security update for a vulnerability in SharePoint Server that is actively being exploited to compromise vulnerable organizations. The patch comes amid reports that malicious hackers have used the SharePoint   show more ...

flaw to breach U.S. federal and state agencies, universities, and energy companies. […] La entrada Microsoft Fix Targets Attacks on SharePoint Zero-Day – Source: krebsonsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt If I’m honest, I was never that keen on a merch store for Have I Been Pwned. It doesn’t make the code run faster, nor does it load any more data breaches or add any useful features to the service whatsoever. But… people were keen. They wanted swag   show more ...

they […] La entrada Good Riddance Teespring, Hello Fourthwall – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.infosecurity-magazine.com – Author: Written by Iranian hackers likely started a cyber espionage campaign just one week after the start of the Israel-Iran conflict in June. In a new report published on July 21, cybersecurity firm Lookout shared findings about four new samples of DCHSpy, an Android   show more ...

surveillance tool leveraged by the Iranian cyber espionage […] La entrada Iranian Hackers Deploy New Android Spyware Version – Source: www.infosecurity-magazine.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Iran-linked APT MuddyWater is deploying new DCHSpy spyware variants to target Android users amid the ongoing conflict with Israel. Lookout researchers observed Iran-linked APT MuddyWater  (aka SeedWorm, TEMP.Zagros, and Static Kitten) is deploying a   show more ...

new version of the DCHSpy Android spyware in the context of the Israel-Iran conflict. The first MuddyWater campaign was observed in late 2017, when […] La entrada MuddyWater deploys new DCHSpy variants amid Iran-Israel conflict – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Monday, July 21
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember