Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for Any Intent to Pay a ...

 Ransomware News

The UK government wants to know if any private sector entities extorted by cyber crooks intend to pay a ransom, so that, authorities can provide apt support and guidance to help dismantle the business model that fuels cyber criminals. For Public sector? There could be a complete ban. In an assertive move against the   show more ...

escalating global threat of ransomware, the UK government has unveiled a comprehensive strategy aimed at significantly disrupting cyber criminal operations. Building on extensive public consultation, new legislative proposals seek to reduce payments to criminals and drastically increase incident reporting, positioning the UK at the forefront of the international fight against this pervasive form of cybercrime. Ransomware, defined as the "greatest of all serious and organised cyber crime threats," poses a "risk to the UK's national security. The financial losses, intellectual property theft, service disruption, and reputational damage inflicted by these attacks reflect an urgent need for robust countermeasures. The UK's Three-Pronged Legislative Attack The Home Office's proposals, developed after a 12-week consultation period (January 14 to April 8, 2025), represent the first specific measures in UK law to counter ransomware. They are designed to be a "targeted and proportionate response" that complements existing resilience efforts by agencies like the National Cyber Security Centre (NCSC). The three core proposals are: A Targeted Ban on Ransomware Payments for Critical Entities This measure proposes to prohibit ransomware payments for owners and operators of regulated Critical National Infrastructure (CNI) and all public sector bodies, including local government. The aim is to remove financial incentives for attackers, reduce their revenue streams, and make UK organizations financially unattractive targets. Consultation feedback revealed strong support, with nearly three-quarters (72%) of respondents agreeing with the implementation of such a ban. Notably, CNI and public sector respondents showed even higher agreement (82%). The government is committed to defining the scope and application of this ban, including potential extraterritorial effects. A New Ransomware Payment Prevention Regime This proposal seeks to cover all potential ransomware payments originating from the UK. While consultation feedback on this regime was mixed, an "economy-wide payment prevention regime for all organisations and individuals not covered by the targeted ban" garnered the most support (47%). This approach aims to reduce the overall flow of money to criminals. Concerns were raised regarding potential thresholds inadvertently shifting attacks to non-covered entities. The government acknowledges these complexities and is exploring liability across the proposals, particularly concerning financial institutions. A Mandatory Incident Reporting Regime This measure would introduce a mandatory requirement for suspected ransomware victims to report incidents to the government. An initial report would be required within 72 hours of an attack, followed by a more in-depth report within 28 days. The objective is to enhance the government's understanding of the ransomware threat's scale, type, and source, aiding intelligence gathering, resilience building, and targeted disruptions. An "economy-wide mandatory reporting requirement for all organisations and individuals" received the highest support (63%) compared to the current voluntary system. Three-quarters of respondents deemed the 72-hour initial reporting timeframe reasonable. Late last year, Australia introduced a similar 72-hours reporting mandate that was widely expected with a pinch of disagreements among certain sections of experts. Consultation Highlights and Future Outlook The consultation process saw significant engagement, with 273 responses received, largely positive and constructive. Key cross-cutting themes emerged, including the need for clear guidance, proportionate penalties (with concerns about re-victimizing victims), and robust support for organizations impacted by attacks. Respondents also emphasized the importance of improving overall cyber awareness and resilience, including updating IT systems and strengthening incident response mechanisms. The UK government views these proposals as part of a wider, holistic approach to combatting cyber threats. It intends to continue collaborating with industry and will publish additional guidance alongside any new legislation to clarify scope, penalties, and support mechanisms. This comprehensive and collaborative strategy aims to solidify the UK's leadership in an ever-evolving digital threat landscape.

image for Debug Code in Expres ...

 Firewall Daily

ExpressVPN has alerted users of a security issue in its Windows application that allowed certain Remote Desktop Protocol (RDP) traffic to bypass the VPN tunnel, potentially exposing users’ IP addresses. This vulnerability primarily affected TCP traffic routed over port 3389, the standard port for RDP connections,   show more ...

which are often used in enterprise environments rather than by typical consumers.  The issue was discovered after a tip from a security researcher, prompting ExpressVPN’s engineers to release an urgent fix. According to the company, “following a tip from a security researcher about how certain Remote Desktop traffic was being routed,” they deployed a security update to their Version 12 Windows app. This update, Version 12.101.0.45, not only fixed the vulnerability but also included other general improvements and routine bug fixes.  Nature of the ExpressVPN Vulnerability and How It Was Addressed  The problem was traced back to debug code originally meant for internal testing that mistakenly shipped with production versions of the app, specifically from versions 12.97 to 12.101.0.2-beta. This debug code caused traffic over TCP port 3389 to be routed outside the VPN tunnel. ExpressVPN explained, “With help from our bug bounty community, we identified and fixed an issue in certain recent versions of our Windows app where traffic over TCP port 3389 wasn’t being routed through the VPN tunnel as expected.”  This vulnerability meant that when a user connected through RDP, their traffic wasn’t protected by the VPN routing as it should have been. While the encryption of the traffic itself remained intact, the leak allowed observers such as Internet Service Providers (ISPs) or local network eavesdroppers to see that the user was connected to ExpressVPN and accessing specific remote servers via RDP, information normally shielded by the VPN.  The flaw was responsibly reported by security researcher Adam-X through ExpressVPN’s bug bounty platform on April 25. The company responded, confirming and triaging the issue within hours and releasing a fix five days later. The fixed rollout was completed across all distribution channels, and the researcher confirmed the resolution soon after.   Assessing the Impact and Risks  Although the issue could theoretically affect any TCP traffic over port 3389, not just RDP sessions, the typical ExpressVPN user is unlikely to encounter this vulnerability. The company emphasized that “this scenario is uncommon for most users (RDP is primarily used in enterprise environments),” and given that ExpressVPN’s user base mainly consists of individual consumers rather than enterprise clients, the number of potentially impacted users was probably small.  For a malicious actor to exploit the vulnerability, they would need to be aware of the bug and find a way to trigger traffic over port 3389, perhaps by tricking a user into visiting a compromised website or executing a drive-by attack. Even in such cases, ExpressVPN clarified that “the exposure would have been limited to the user’s real IP address. It did not reveal their browsing activity or compromise the encryption of any traffic, including RDP sessions.”  Conclusion  To prevent similar issues, ExpressVPN is enhancing its internal testing processes, including “improving automated tests to flag and remove test settings earlier in development,” reducing human error, and helping ensure that debug code does not reach production.  Users are strongly advised to update to the latest app version to maintain full protection and ensure all traffic, including RDP over port 3389, is properly routed through the VPN tunnel.

image for CISA, FBI Issue Inte ...

 Cyber News

The FBI and the U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory today warning of the growing threat of Interlock ransomware. The Interlock ransomware variant first appeared in late September 2024, and while the FBI-CISA advisory doesn’t say how many victims the group has claimed,   show more ...

Cyble threat intelligence researchers have documented 50 Interlock victims to date. Interlock claimed 13 victims in June, according to Cyble, double its previous monthly high, making the agencies’ advisory particularly timely. The advisory looks at Interlock ransomware indicators of compromise (IOCs) and tactics, techniques and procedures (TTPs), based on FBI investigations and other sources. The FBI and CISA were joined in the advisory by the Department of Health and Human Services (HHS) and Multi-State Information Sharing and Analysis Center (MS-ISAC). Interlock Ransomware Targets VMs Interlock ransomware actors have targeted businesses, critical infrastructure, and other organizations in North America and Europe, based on opportunity and financial motivations, the FBI and CISA said. Interlock ransomware encryptors have been observed both for Windows and Linux operating systems, encrypting virtual machines (VMs) across both operating systems. Initial access has come via drive-by download from compromised legitimate websites, “an uncommon method among ransomware groups,” the advisory said. The ransomware group has also used the ClickFix social engineering technique for initial access. While Interlock actors have been focused on encrypting VMs, it’s possible the group could expand their targets to hosts, workstations, and physical servers in the future. The agencies recommend “robust endpoint detection and response (EDR) tooling and capabilities” to counter the VM threat. The agencies said they’re aware of reports detailing similarities between the Rhysida and Interlock ransomware variants. Interlock Ransomware TTPs One Interlock initial access method has been via fake Google Chrome or Microsoft Edge browser updates, although researchers recently noticed a shift to payload filenames “masquerading as updates for common security software,” CISA and the FBI said. The fake Google Chrome browser executable functions as a remote access trojan (RAT) that executes a PowerShell script to drop a file into the Windows Startup folder that is designed to run the RAT every time the victim logs in to establish persistence. A PowerShell command that establishes persistence through a Windows Registry key modification has also been observed. For reconnaissance, a PowerShell script executes a series of commands to gather information on victim machines, and applications like Cobalt Strike and SystemBC have been used for command and control, along with Interlock RAT and NodeSnake RAT. Once Interlock actors have established remote control of a compromised system, they download a credential stealer (cht.exe) and keylogger binary (klg.dll), and have also been observed using Lumma Stealer and Berserk Stealer to harvest credentials for lateral movement and privilege escalation. The ransomware actors use compromised credentials and Remote Desktop Protocol (RDP) to move between systems. They’ve used AnyDesk for remote connectivity and PuTTY for lateral movement. The ransomware group has also compromised domain administrator accounts, possibly via Kerberoasting attacks. Defending Against Interlock Ransomware The advisory contained a long list of cybersecurity defenses for preventing Interlock ransomware attacks, including: Implementing domain name system (DNS) filtering to block users from accessing malicious sites and applications Implementing web access firewalls to prevent unknown commands or process injection from malicious domains or websites Keeping multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, and secure location Following NIST password standards and requiring multi-factor authentication Keeping operating systems, software, and firmware up to date, prioritizing known exploited vulnerabilities in internet-facing systems Segmenting networks to prevent lateral movement and the spread of ransomware Implement network monitoring, traffic filtering and EDR tools Reviewing domain controllers, servers, workstations, and active directories for new or unrecognized accounts, and applying least privilege principles Disabling unused ports, as well as hyperlinks in received emails Disabling command line and scripting activities and permissions Maintain offline backups of data and ensure that all backup data is encrypted, immutable, “and covers the entire organization’s data infrastructure.”

image for 158‑Year‑Old UK ...

 Firewall Daily

A cyberattack on KNP Logistics has forced the closure of the 158‑year‑old UK transport company, leaving approximately 700 staff without jobs. The breach, reportedly traced to the notorious Akira ransomware gang, stemmed from a single weak password, which hackers used to infiltrate systems, encrypt data, and   show more ...

effectively shut down operations.  KNP Logistics Group, trading under the historic Knights of Old brand, operated a fleet of around 500 lorries and employed over 900 people across multiple depots. Despite standard cybersecurity measures and insurance in place, KNP could not recover from the cyberattack.  Decoding the Cyberattack on KNP Logistics The attackers accessed the KNP Logistics network by guessing an employee’s password, exploiting weak credentials and a lack of multi-factor authentication. A ransom note left by the Akira ransomware gang ominously stated:  “If you're reading this, it means the internal infrastructure of your company is fully or partially dead…Let’s keep all the tears and resentment to ourselves and try to build a constructive dialogue.” Although note did not name a specific ransom, cybersecurity negotiators estimated a demand of up to £5 million. Unable to meet these terms, KNP accepted total data loss and entered administration in September 2023, leading to 730 redundancies, with only 170 jobs preserved through a sale of Nelson Distribution, reported the BBC.  KNP’s former co-owner, Paul Abbott, later revealed that the breach began with a brute-force attack against a single weak password. He noted that although the company had taken precautions like cybersecurity insurance, the lack of multi-factor authentication left them vulnerable. Even though they had backups and alternative workflows, the attackers destroyed critical financial records, preventing KNP from securing bridging loans or undergoing a viable sale.  Broader UK Cyber Context The KNP Logistics cyberattack is part of a troubling surge in high-profile cyber incidents across the UK in 2025. Notable cases include:  The Marks & Spencer cyberattack Co-op, which experienced a breach affecting member data Peter Green Chilled, a major supermarket supplier hit by ransomware Pearson, which suffered a data breach in May National Defense Corporation, which lost 4.2 TB of data in a March ransomware incident These incidents have caused service disruptions, supply chain breakdowns, and compromised customer data, highlighting systemic vulnerabilities. The UK’s National Cyber Security Centre (NCSC) has made multiple advisories urging businesses, large and small, to upgrade defenses. Conclusion Despite having a £1 million cyber insurance policy, KNP was unable to recover, revealing the limitations of relying solely on insurance for cyber resilience. The company's compromised backups further exposed flaws in its recovery planning. Additionally, the lack of early visibility and transparency during the crisis reflects a broader issue, as many ransomware incidents go unreported. In response, the NCSC advises better cybersecurity measures, including network segmentation, regular patching, user education, and enhanced monitoring. The collapse of this 158-year-old firm demonstrates that even long-standing enterprises can be brought down by basic security failures, and that proactive, layered defenses are now essential for survival.

image for Common mistakes in u ...

 Business

When you first encounter CVSS (Common Vulnerability Scoring System), its easy to think this is the perfect tool for triaging and prioritizing vulnerabilities. A higher score must mean a more critical vulnerability, right? In reality, that approach doesnt quite work out. Every year, we see an increasing number of   show more ...

vulnerabilities with high CVSS scores. Security teams just cant patch them all in time, but the vast majority of these flaws are never actually exploited in real-world attacks. Meanwhile, attackers are constantly leveraging less flashy vulnerabilities with lower scores. There are other hidden pitfalls too — ranging from purely technical issues like conflicting CVSS scores to conceptual ones like a lack of business context. These arent necessarily shortcomings of the CVSS itself. Instead, this highlights the need to use the tool correctly, as part of a more sophisticated and comprehensive vulnerability management process. CVSS discrepancies Do you ever notice how the same vulnerability might have different severity scores depending on the available source? One score from the cybersecurity researcher who found it, another from the vendor of the vulnerable software, and yet another from a national vulnerability database? Its not always just a simple mistake. Sometimes, different experts can disagree on the context of exploitation. They might have different ideas about the privileges with which a vulnerable application runs, or whether its internet-facing. For instance, a vendor might base its assessment on its recommended best practices, while a security researcher might consider how applications are typically configured in real-world organizations. One researcher might rate the exploit complexity as high, while another deems it low. This isnt an uncommon occurrence. A 2023 study by Vulncheck found that 20% of vulnerabilities in the National Vulnerability Database (NVD) had two CVSS3 scores from different sources, and 56% of those paired scores were in conflict with each other. Common mistakes when using CVSS For over a decade, FIRST has advocated for the methodologically correct application of CVSS. Yet organizations that use CVSS ratings in their vulnerability management processes continue to make typical mistakes: Using the CVSS base score as the primary risk indicator. CVSS measures the severity of a vulnerability — not when it will be exploited or the potential impact of its exploitation on the organization under attack. Sometimes, a critical vulnerability is harmless within a specific companys environment because it resides in insignificant and isolated systems. Conversely, a large-scale ransomware attack might begin with a seemingly innocuous information leak vulnerability with a CVSS score of 6. Using the CVSS Base score without Threat/Temporal and Environmental adjustments. The availability of patches, public exploits, and compensatory measures significantly influences how and how urgently a vulnerability should be addressed. Focusing only on vulnerabilities above a certain score. This approach is sometimes mandated by government or industry regulators (remediate vulnerabilities with CVSS score above 8 within one month). As a result, cybersecurity teams face a continuously growing workload that, in reality, doesnt make their infrastructure more secure. The number of vulnerabilities with high CVSS scores identified annually has been rapidly increasing over the past 10 years. Using CVSS to assess the likelihood of exploitation. These metrics are poorly correlated: only 17% of critical vulnerabilities are ever exploited in attacks. Using only the CVSS rating. The standardized vector string was introduced in CVSS so that defenders could understand the details of a vulnerability and independently calculate its importance within their own organization. CVSS 4.0 was specifically revised to make it easier to account for business context using additional metrics. Any vulnerability management efforts based solely on a numerical rating will largely be ineffective. Ignoring additional sources of information. Relying on a single vulnerability database and analyzing only CVSS is insufficient. The absence of data on patches, working proofs of concept, and real-world exploitation cases makes it difficult to decide how to address vulnerabilities. What CVSS doesnt tell you about a vulnerability CVSS is the industry standard for describing a vulnerabilitys severity, the conditions under which it can be exploited, and its potential impact on a vulnerable system. However, beyond this description (and the CVSS Base score), theres a lot it doesnt cover: Who found the vulnerability? Was it the vendor, an ethical researcher who reported the flaw and waited for a patch, or was it a malicious actor? Is there an exploit publicly available? In other words, is there readily available code to exploit the vulnerability? How practical is it to exploit in real-world scenarios? Is there a patch? Does it cover all vulnerable software versions, and what are the potential side effects of applying it? Should the organization address the vulnerability? Or does it affect a cloud service (SaaS) where the provider will automatically fix the defects? Are there signs of exploitation in the wild? If there are none, whats the likelihood attackers will leverage this vulnerability in the future? Which specific systems within your organization are vulnerable? Is the exploitation practically accessible to an attacker? For example, a system might be a corporate web server accessible to anyone online, or it could be a vulnerable printer physically connected to a single computer that has no network access. A more complex example might be a vulnerability in a software components method, where the specific business application using that component never actually calls the method. What would happen if the vulnerable systems were compromised? Whats the financial cost of such an event to the business? All these factors significantly influence the decision of when and how to remediate a vulnerability — or even if remediation is necessary at all. How to amend CVSS? RBVM has the answer! Many factors that are often hard to account for within the confines of CVSS are central to a popular approach known as risk-based vulnerability management (RBVM). RBVM is a holistic, cyclical process, with several key phases that repeat regularly: Inventorying all IT assets of your business. This includes everything from computers, servers and software, to cloud services and IoT devices. Prioritizing assets by importance: identifying your crown jewels. Scanning assets for known vulnerabilities. Enriching the vulnerability data. This includes refining CVSS-B and CVSS-BT ratings, incorporating threat intelligence, and assessing the likelihood of exploitation. Two popular tools for gauging exploitability are EPSS (another FIRST rating that provides a percentage probability of real-world exploitation for most vulnerabilities), and consulting databases like CISA KEV, which contains information about vulnerabilities actively exploited by attackers. Defining the business context: understanding the potential impact of an exploit on vulnerable systems, considering their configurations and how theyre used within your organization. Determining how the vulnerability can be neutralized through either patches or compensatory measures. The most exciting part: assessing the business risk and setting priorities based on all the gathered data. Vulnerabilities with the highest probability of exploitation and possible significant impact on your key IT assets are prioritized. To rank vulnerabilities, you can either calculate CVSS-BTE — incorporating all collected data into the Environmental component, or use alternative ranking methodologies. Regulatory aspects also influence prioritization. Setting deadlines for each vulnerabilitys resolution based on its risk level and operational considerations, such as the most convenient time for updates. If updates or patches arent available, or if their implementation introduces new risks and complexities, compensatory measures are adopted instead of direct remediation. Sometimes, the cost of fixing a vulnerability outweighs the risk it poses, and a decision might be made not to remediate it at all. In such cases, the business consciously accepts the risks of the vulnerability being exploited. In addition to what weve discussed, its crucial to periodically analyze your companys vulnerability landscape and IT infrastructure. Following this analysis, you need to introduce cybersecurity measures that prevent entire classes of vulnerabilities from being exploited or significantly boost the overall security of specific IT systems. These measures can include network micro-segmentation, least privilege implementation, and adopting stricter account management policies. A properly implemented RBVM process drastically reduces the burden on IT and security teams. They spend their time more effectively as their efforts are primarily directed at flaws that pose a genuine threat to the business. To grasp the scale of these efficiency gains and resource savings, consider this FIRST study. Prioritizing vulnerabilities using EPSS alone allows you to focus on just 3% of vulnerabilities while achieving 65% efficiency. In stark contrast, prioritizing by CVSS-B requires addressing a whopping 57% of vulnerabilities with a dismal 4% effectiveness. Here, efficiency refers to successful remediation of vulnerabilities that have actually been exploited in the wild.

image for CISO Conversations: ...

 Feed

Dark Reading's Kelly Jackson Higgins interviews Carmine Valente, Deputy CISO at Con Edison, about his role at the New York-based electric utility and the state of IT and OT security. Valente highlights current threats like ransomware and supply chain attacks, as well as the impact of AI on both defense and threats.

 Feed

The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major Western government, with the activity intensifying on July 18 and 19, spanning government, telecommunications, and software

 Feed

Making the move from managing a security operations center (SOC) to being a chief information security officer (CISO) is a significant career leap. Not only do you need a solid foundation of tech knowledge but also leadership skills and business smarts.  This article will guide you through the practical steps and skills you’ll need to nab an executive cybersecurity job and make the

 Feed

Microsoft has formally tied the exploitation of security flaws in internet-facing SharePoint Server instances to two Chinese hacking groups called Linen Typhoon and Violet Typhoon as early as July 7, 2025, corroborating earlier reports. The tech giant said it also observed a third China-based threat actor, which it tracks as Storm-2603, weaponizing the flaws as well to obtain initial access to

 Feed

Cisco on Monday updated its advisory of a set of recently disclosed security flaws in Identity Services Engine (ISE) and ISE Passive Identity Connector (ISE-PIC) to acknowledge active exploitation. "In July 2025, the Cisco PSIRT [Product Security Incident Response Team], became aware of attempted exploitation of some of these vulnerabilities in the wild," the company said in an alert. The

 Feed

Mexican organizations are still being targeted by threat actors to deliver a modified version of AllaKore RAT and SystemBC as part of a long-running campaign.  The activity has been attributed by Arctic Wolf Labs to a financially motivated hacking group called Greedy Sponge. It's believed to be active since early 2021, indiscriminately targeting a wide range of sectors, such as retail,

 AI

In episode 60 of The AI Fix, we learn why Grok might be Elon Musk's bid for digital immortality, how Meta is building a Manhattan-sized data centre called Prometheus, how AI is helping create carbon-sucking concrete, and are bewildered that 2000 people "work" at the Candy Crush company. Plus Graham takes a   show more ...

look at Elon's latest creations: a giggling anime girlfriend desperate for your attention, and a cute cartoon red panda who wants to bomb a synagogue and moon the rabbi. Meanwhile Mark learns which AI is most likely to blackmail, lie, and - when the mood takes it - commit murder to avoid being switched off. All this and much more is discussed in the latest edition of "The AI Fix" podcast by Graham Cluley and Mark Stockley.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have unearthed new Android spyware artifacts that are likely affiliated with the Iranian Ministry of Intelligence and Security (MOIS) and have been distributed to targets by masquerading as VPN apps and Starlink, a satellite internet connection   show more ...

service offered by SpaceX. Mobile security vendor Lookout said it discovered four […] La entrada Iran-Linked DCHSpy Android Malware Masquerades as VPN Apps to Spy on Dissidents – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 China-Linked

Source: thehackernews.com – Author: . The China-linked cyber espionage group tracked as APT41 has been attributed to a new campaign targeting government IT services in the African region. “The attackers used hardcoded names of internal services, IP addresses, and proxy servers embedded within their   show more ...

malware,” Kaspersky researchers Denis Kulik and Daniil Pogorelov said. “One of […] La entrada China-Linked Hackers Launch Targeted Espionage Campaign on African IT Infrastructure – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Even in well-secured environments, attackers are getting in—not with flashy exploits, but by quietly taking advantage of weak settings, outdated encryption, and trusted tools left unprotected. These attacks don’t depend on zero-days. They work by staying   show more ...

unnoticed—slipping through the cracks in what we monitor and what we assume is safe. […] La entrada ⚡ Weekly Recap: SharePoint 0-Day, Chrome Exploit, macOS Spyware, NVIDIA Toolkit RCE and More – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Assessing

Source: thehackernews.com – Author: . By 2025, Zero Trust has evolved from a conceptual framework into an essential pillar of modern security. No longer merely theoretical, it’s now a requirement that organizations must adopt. A robust, defensible architecture built on Zero Trust principles does more than   show more ...

satisfy baseline regulatory mandates. It underpins cyber resilience, secures […] La entrada Assessing the Role of AI in Zero Trust – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: news.sophos.com – Author: Matt Wixey Sophos X-Ops sees exploitation across multiple customer estates On July 18, 2025, Sophos MDR (Managed Detection and Response) analysts observed an influx of malicious activity targeting on-premises SharePoint instances, including malicious PowerShell commands   show more ...

executed across multiple estates. Additional analysis determined these events are likely the result of active, malicious […] La entrada SharePoint ‘ToolShell’ vulnerabilities being exploited in the wild – Source: news.sophos.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: CyberNewswire. Austin, United States / TX, July 21st, 2025, CyberNewsWire Living Security, the global leader in Human Risk Management (HRM), today released the 2025 State of Human Cyber Risk Report, an independent study conducted by leading research firm Cyentia Institute. The   show more ...

report provides an unprecedented look at behavioral risk inside organizations and reveals how strategic […] La entrada New Report Reveals Just 10% of Employees Drive 73% of Cyber Risk – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. World Leaks, the rebranded version of the Hunters International ransomware gang, has leaked 1.3 TB of internal data, which the group claims belongs to Dell Technologies Inc., the American multinational tech giant. The announcement was made earlier today, Monday, July 21,   show more ...

2025, on the group’s official dark web leak site. […] La entrada World Leaks Claims Dell Data Breach, Leaks 1.3 TB of Files – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. The number of cyberattacks keeps growing every year, and human error is still the main cause of security breaches. While it’s impossible to eliminate the user mistake factor entirely, developers can introduce authentication systems that offer more security compared   show more ...

to traditional password-based algorithms.  Geolocation-based authentication is only one example […] La entrada Why You Should Use Geolocation in Your React App’s Authentication Process – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: heimdalsecurity.com – Author: Gabriella Antal Cybercriminals don’t break in, they log in. From exposed RDP ports to compromised VPN credentials and abused remote tools, remote access remains one of the most common and dangerous entry points for threat actors. It’s the silent doorway that, once   show more ...

opened, can lead to full domain compromise, data exfiltration, […] La entrada Inside the Heimdal Labs Deep Dive: A Closer Look at Remote Access Protection – Source: heimdalsecurity.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 0-day vulnerability

Source: securityboulevard.com – Author: Jeffrey Burt Hackers are exploiting a significant Microsoft vulnerability chain that allows them gain control of on-premises SharePoint servers, steal cryptographic keys, and access Windows applications like Outlook, Teams, and OneDrive. It also gives them persistence in   show more ...

the systems even after reboots and updates. The post Hackers Exploiting Microsoft Flaw to […] La entrada Hackers Exploiting Microsoft Flaw to Attack Governments, Businesses – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 AI and ML in Security

Source: securityboulevard.com – Author: Robert Chamberlin As artificial intelligence (AI) accelerates across industries from financial modeling and autonomous vehicles to medical imaging and logistics optimization, one issue consistently flies under the radar: Physical security.  The post The Overlooked Risk   show more ...

in AI Infrastructure: Physical Security  appeared first on Security Boulevard. Original Post URL: https://securityboulevard.com/2025/07/the-overlooked-risk-in-ai-infrastructure-physical-security/?utm_source=rss&utm_medium=rss&utm_campaign=the-overlooked-risk-in-ai-infrastructure-physical-security Category & […] La entrada The Overlooked Risk in AI Infrastructure: Physical Security  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Compliance

Source: securityboulevard.com – Author: Matt Ream With cyberthreats intensifying and regulatory bodies tightening oversight, securing revenue data in the cloud is essential.  The post Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age  appeared first on Security Boulevard. Original Post   show more ...

URL: https://securityboulevard.com/2025/07/securing-revenue-data-in-the-cloud-compliance-and-trust-in-a-digital-age/?utm_source=rss&utm_medium=rss&utm_campaign=securing-revenue-data-in-the-cloud-compliance-and-trust-in-a-digital-age Category & Tags: Cybersecurity,Governance, Risk & Compliance,Security Awareness,Security Boulevard […] La entrada Securing Revenue Data in the Cloud: Compliance and Trust in a Digital Age  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 access control

Source: securityboulevard.com – Author: Almog Apirion Cybersecurity officers need to remember that the reality is, most attacks don’t begin with a dramatic break-in… they start with a login. The post Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative  appeared first on Security   show more ...

Boulevard. Original Post URL: https://securityboulevard.com/2025/07/cybersecurity-isnt-just-an-it-line-item-its-a-business-imperative/?utm_source=rss&utm_medium=rss&utm_campaign=cybersecurity-isnt-just-an-it-line-item-its-a-business-imperative Category & Tags: Cybersecurity,Security […] La entrada Cybersecurity Isn’t Just an IT Line Item — It’s a Business Imperative  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 certificates

Source: securityboulevard.com – Author: David Morimanno The way we manage certificates must transform. For CISOs, this is not a future problem; the time to re-architect digital trust is now. The post The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity    show more ...

appeared first on Security Boulevard. Original Post […] La entrada The Expiring Trust Model: CISOs Must Rethink PKI in the Era of Short-Lived Certificates and Machine Identity  – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CVE-2025-53770

Source: www.securityweek.com – Author: Mike Lennon Microsoft issued an urgent warning on Saturday to SharePoint Server customers, saying active attacks are targeting a zero-day vulnerability in the software product, which has been assigned CVE-2025-53770 with a CVSS score of 9.8. A patch is currently not   show more ...

available for the flaw, dubbed “ToolShell“, which Microsoft says is […] La entrada SharePoint Under Attack: Microsoft Warns of Zero-Day Exploited in the Wild – No Patch Available – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The recently disclosed critical Microsoft SharePoint vulnerability has been under exploitation as early as July 7, 2025, according to findings from Check Point Research. The cybersecurity company said it observed first exploitation attempts targeting an unnamed major   show more ...

Western government, with the activity intensifying on July 18 and 19, spanning government, […] La entrada Hackers Exploit SharePoint Zero-Day Since July 7 to Steal Keys, Maintain Persistent Access – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers have disclosed details of a new malware called MDifyLoader that has been observed in conjunction with cyber attacks exploiting security flaws in Ivanti Connect Secure (ICS) appliances. According to a report published by JPCERT/CC today, the threat   show more ...

actors behind the exploitation of CVE-2025-0282 and CVE-2025-22457 in intrusions observed […] La entrada Ivanti Flaws Exploited to Drop MDifyLoader and Launch In-Memory Cobalt Strike Attacks – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: security.googleblog.com – Author: Kimberly Samra. Security Blog The latest news and insights from Google on security and safety on the Internet Original Post url: http://security.googleblog.com/2025/07/introducing-oss-rebuild-open-source.html Category & Tags: – Views: 0 La entrada Introducing   show more ...

OSS Rebuild: Open Source, Rebuilt to Last – Source:security.googleblog.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: go.theregister.com – Author: Jessica Lyons Dell has confirmed that criminals broke into its IT environment and stole some of its data — but told The Register that it’s “primarily synthetic (fake) data.” On Monday, WorldLeaks, a rebrand of the Hunters International extortion gang,   show more ...

posted Dell Technologies on its leak site and claimed to have exfiltrated […] La entrada Dell scoffs at breach, says miscreants only stole ‘fake data’ – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Another

Source: go.theregister.com – Author: Jessica Lyons comment Here we go again. Another major Microsoft attack, with this one seeing someone — most likely government-backed hackers — exploiting a zero-day bug in SharePoint Server that Redmond failed to fix. Late Saturday, Microsoft warned it was “aware   show more ...

of active attacks targeting on-premises SharePoint Server customers by exploiting […] La entrada Another massive security snafu hits Microsoft, but don’t expect it to stick – Source: go.theregister.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: www.mcafee.com – Author: Jasdev Dhaliwal. As reports emerge of a new TikTok app known internally as “M2” specifically designed for US users, McAfee warns that the transition period could create perfect conditions for cybercriminals to exploit unsuspecting consumers – including by distributing fake   show more ...

or malicious TikTok apps disguised as the real thing. Here’s what […] La entrada New TikTok App on the Horizon: What US Users Need to Know About the Risks – Source:www.mcafee.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Cisco warns of active exploits targeting Identity Services Engine (ISE) and ISE-PIC flaws, first observed in July 2025. Cisco confirmed attempted exploitation in the wild of recently disclosed ISE and ISE-PIC flaws (CVE-2025-20281, CVE-2025-20282,   show more ...

CVE-2025-20337), updating its advisory after detecting attacks in July 2025. “Multiple vulnerabilities in Cisco Identity […] La entrada Cisco confirms active exploitation of ISE and ISE-PIC flaws – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini While SentinelOne did not attribute the attack to a specific threat actor, The Washington Post linked it to China-nexus acors. On July 19, Microsoft confirmed active exploitation of a zero-day vulnerability, tracked as CVE-2025-53770 in on-prem SharePoint   show more ...

Servers. The IT giant issued emergency patches for SharePoint Subscription Edition and […] La entrada SharePoint under fire: new ToolShell attacks target enterprises – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Hackers exploit CrushFTP zero-day, tracked as CVE-2025-54309, to gain admin access via HTTPS when DMZ proxy is off. Threat actors are exploiting a zero-day vulnerability, tracked as CVE-2025-54309 (CVSS score of 9.0), in the managed file transfer software   show more ...

CrushFTP to gain administrative privileges on vulnerable servers via HTTPS. CrushFTP […] La entrada CrushFTP zero-day actively exploited at least since July 18 – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini Hardcoded credentials in HPE Aruba Instant On Wi-Fi devices, let attackers to bypass authentication and access the web interface. HPE disclosed hardcoded credentials in Aruba Instant On Wi-Fi devices that allow attackers to bypass login and access the web   show more ...

interface. The flaw tracked as CVE-2025-37103 (CVSS score of 9.8) […] La entrada Hardcoded credentials found in HPE Aruba Instant On Wi-Fi devices – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Owais Sultan. Flowable has taken a significant leap forward in the realm of intelligent process automation with its Summer 2025 release. The update brings a comprehensive set of features centered around agentic AI, signaling a new era where artificial intelligence seamlessly   show more ...

integrates into business workflows as a first-class citizen. Released on […] La entrada Flowable’s Summer 2025 Update Introduces Groundbreaking Agentic AI Capabilities – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 1 - Cyber Security News Post

Source: hackread.com – Author: Waqas. Microsoft’s critical new update reveals that specific Chinese nation-state threat groups are actively exploiting vulnerabilities in its on-premises SharePoint servers. Following an earlier report from Hackread.com, which highlighted the compromise of over 100   show more ...

organisations globally, Microsoft has now identified the key players behind the intrusions and released comprehensive security updates […] La entrada Microsoft Reveals Chinese State Hackers Exploiting SharePoint Flaws – Source:hackread.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-07
Aggregator history
Tuesday, July 22
TUE
WED
THU
FRI
SAT
SUN
MON
JulyAugustSeptember