Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for New Flaw in Somalia ...

 Vulnerabilities

A newly identified security flaw in Somalia’s electronic visa platform has raised serious concerns about the safety of personal data belonging to thousands of travelers, only weeks after the country acknowledged a major breach affecting tens of thousands of applicants. Investigations show that the Somalia e-visa   show more ...

system lacks essential protection methods, making it possible for unauthorized users to access and download sensitive documents with minimal effort.  The Somalia e-visa flaw was confirmed this week by Al Jazeera after receiving a tip from a source with professional experience in web development. According to the source, the e-visa platform could be exploited to retrieve large numbers of visa files containing highly sensitive personal information. The exposed data includes applicants’ passport details, full names, and dates of birth, information that could be misused for a wide range of criminal or intelligence-related activities.  Ignored Warnings Followed by Independent Verification of Global Data Exposure  The source not only shared evidence of the exposed data with Al Jazeera but also demonstrated that they had formally alerted Somali authorities to the e-visa vulnerability the previous week. Despite these warnings, the individual stated that there was no response from officials and no indication that the flaw had been addressed or corrected.  Al Jazeera independently verified the claims by replicating the vulnerability described by the source. During testing, journalists were able to download e-visas belonging to dozens of individuals within a short period. The compromised files included personal information of applicants from several countries, including Somalia, Portugal, Sweden, the United States, and Switzerland.  “Breaches involving sensitive personal data are particularly dangerous as they put people at risk of various harms, including identity theft, fraud, and intelligence gathering by malicious actors,” Bridget Andere, a senior policy analyst at the digital rights organization Access Now, said in comments to Al Jazeera. She noted that the consequences of such failures extend beyond technical problems and can have lasting effects on individuals’ safety and privacy.  Somalia E-Visa Vulnerability Emerges as Fallout Continues from Earlier Mass Data Breach  The Somalia e-visa flaw comes barely a month after Somali officials announced an inquiry into an earlier cyberattack on the same e-visa system. That previous incident prompted warnings from both the United States and the United Kingdom governments. According to those alerts, personal information belonging to more than 35,000 Somalia e-visa applicants had been leaked.  At the time, the US Embassy in Somalia detailed the scope of the exposure, stating that the compromised data included applicants’ names, photographs, dates and places of birth, email addresses, marital status, and home addresses.  In response, Somalia’s Immigration and Citizenship Agency (ICA) moved the e-visa platform to a new internet domain, citing the change as an effort to strengthen security. On November 16, the agency said it was treating the breach with “special importance” and confirmed that an investigation had been launched. However, the discovery of a fresh e-visa vulnerability suggests that the underlying security issues may not have been fully resolved.  Security Claims Clash with Legal Duties  Earlier that same week, Somalia’s Defence Minister, Ahmed Moalim Fiqi, publicly praised the Somalia e-visa system. He claimed it had played a role in preventing ISIL (ISIS) fighters from entering the country, as Somali forces continued a months-long battle against a local affiliate of the group in the northern regions.  “The government’s push to deploy the e-visa system despite being clearly unprepared for potential risks, then redeploying it after a serious data breach, is a clear example of how disregard for people’s concerns and rights when introducing digital infrastructures can erode public trust and create avoidable vulnerabilities,” Andere said. She also expressed alarm that Somali authorities had not issued any formal public notice about the serious November data breach.  Under Somalia’s data protection law, data controllers are required to notify the national data protection authority when breaches occur. In high-risk cases, such as incidents involving sensitive personal data, affected individuals must also be informed. “Extra protections should apply in this case because it involves people of different nationalities and therefore multiple legal jurisdictions,” Andere added.  Al Jazeera said it could not disclose specific technical details of the current security flaw, as the vulnerability remains unpatched, and publicizing it could enable further exploitation. Any sensitive information obtained during the investigation was destroyed to protect the privacy of those affected. 

image for Polygraph Controvers ...

 Firewall Daily

A failed polygraph test taken by the acting head of the Cybersecurity and Infrastructure Security Agency (CISA) has triggered an internal investigation at the Department of Homeland Security, placing at least six long-serving career officials on administrative leave and deepening turmoil inside the federal   show more ...

government’s lead civilian cyber defense agency.  The incident centers on Madhu Gottumukkala, the current acting CISA director, who assumed the role earlier this year amid sweeping staffing and budget cuts. According to interviews with eight current and four former U.S. cybersecurity officials, Gottumukkala failed a polygraph examination in late July that was tied to his request for access to highly sensitive cyber intelligence shared with CISA by another intelligence agency.   DHS Probes Career Staff After Acting CISA Director’s Controversial Polygraph  Following the test, the Department of Homeland Security opened an investigation into whether career staff misled Gottumukkala about the necessity of taking the polygraph test. As a result, at least six employees were suspended with pay over the summer while the inquiry proceeded. The episode, which had not been publicly reported before, has fueled anger among agency staff and raised broader concerns about leadership, accountability, and judgment at CISA.  “Instead of taking ownership and saying, ‘Hey, I screwed up,’ he gets other people blamed and potentially ruins their careers,” said one current official, who described Gottumukkala’s tenure so far as “a nightmare” for the agency.  In a written statement, DHS spokesperson Tricia McLaughlin disputed claims that Gottumukkala failed an official examination. She said the acting CISA director “did not fail a sanctioned polygraph test,” characterizing the exam as an “unsanctioned polygraph” coordinated by staff who allegedly misled incoming leadership. According to McLaughlin, the employees involved were placed on administrative leave pending the outcome of the investigation, adding that Gottumukkala has “the complete and full support of the Secretary.”  McLaughlin also said that polygraph tests cannot be ordered informally. “Random bureaucrats can’t just order a polygraph,” she said, noting that such tests must be approved by leadership with the appropriate authority.  Polygraph Test Controversy Highlights Leadership Gaps Amid CISA Turmoil  The controversy unfolded during an already unstable period for CISA. Since January, nearly one-third of the agency’s workforce has departed amid restructuring under President Donald Trump. Some remaining employees were recently told to either shift into immigration-related roles within Homeland Security or leave the agency altogether.   At the same time, CISA has lacked a permanent, Senate-confirmed leader since former Director Jen Easterly stepped down in January. Gottumukkala, a former senior IT official in South Dakota, was appointed deputy director in May and now serves as acting director. Trump’s nominee to permanently lead CISA, Sean Plankey, has yet to be confirmed.  According to multiple officials, the polygraph test was scheduled to determine Gottumukkala’s eligibility to view a controlled-access intelligence program. Such programs are tightly restricted and require a demonstrated need-to-know. The intelligence agency that shared the material with CISA reportedly required anyone seeking access to first pass a counterintelligence polygraph.  Several officials said senior staff questioned whether Gottumukkala needed access to the program at all. In early June, a senior official declined an initial request signed by mid-level staff, arguing there was no urgent operational need. The agency’s previous deputy director, the official noted, had not been read into the program. Only a limited number of staff are allowed access, and those selections are typically made by a Senate-confirmed director.  That senior official was later placed on administrative leave for unrelated reasons, and by early July, a second request, this time signed by Gottumukkala, was approved. Officials said he had been advised that less classified versions of the intelligence were available without requiring a polygraph, and that previous CISA leaders had declined such access. Despite this, Gottumukkala continued to pursue clearance.  Two officials said he expressed confidence that passing the polygraph would not be an issue. Afterward, however, he reportedly claimed he was following staff guidance, a narrative some inside the agency dispute. One official called DHS’s assertion that the test was unsanctioned “comical,” noting that senior principals are typically aware of and approve their own polygraph requests.  Six CISA Staff Placed on Leave Amid Polygraph Investigation and Security Concerns  On August 1, at least six employees received letters from then–acting DHS Chief Security Officer Michael Boyajian temporarily suspending their access to classified information. The letters alleged they may have provided false information about the requirement for a polygraph. A follow-up letter dated August 4, signed by CISA’s acting chief human capital officer, Kevin Diana, placed the employees on paid administrative leave.  Those affected include CISA Chief Security Officer Jeffery Conklin; Deputy Chief of Staff Masoom Chaudhary; Scott McCarthy, a former acting chief security officer; Adam Bachman, an action officer; Stacey Wrin, a contractor in the security office; and Brian Dōne from CISA’s intelligence division. None responded to requests for comment.  The investigation is being led by the acting general counsel of Homeland Security. Former DHS General Counsel Stewart Baker said it is common for the office to handle politically sensitive cases, particularly when tensions arise between political leadership and career staff.  While officials cautioned that polygraph results can be unreliable and influenced by anxiety or technical factors, and are generally inadmissible in court, some questioned why the acting CISA director himself does not appear to be under scrutiny.  “He ultimately chose to sit for this polygraph,” one official said. “There is only one person to blame for that.”  Another official expressed concern about the implications for national security, noting that CISA handles vast amounts of sensitive data. “How is failing a polygraph not a concern?” the official asked, when Gottumukkala is “supposed to be leading a national security agency?” 

image for Romanian Water Autho ...

 Ransomware News

Romania's National Directorate for Cyber Security disclosed that on Saturday a ransomware attack compromised approximately 1,000 IT systems belonging to the nation's water authority - known as Administrația Națională Apele Române. The attack impacted 10 of the country's 11 regional water basin   show more ...

administrations including Oradea, Cluj, Iași, Siret, and Buzău. The attackers exploited BitLocker—a legitimate Windows encryption mechanism—for malicious purposes to lock files across the infrastructure and deliver a ransom note demanding contact within seven days. The incident affected multiple critical systems including Geographical Information System (GIS) application servers, database servers, Windows workstations, Windows Server systems, email and web servers, and Domain Name Servers. Despite the extensive IT compromise, operational technologies remained unaffected, allowing normal operations to continue. Hydrotechnical Structures Remain Secure The Romanian water authority clarified that the operation of hydrotechnical structures continues solely through dispatch centers using voice communications. Hydrotechnical constructions remain secure and are operated locally by specialized personnel coordinated through dispatch centers. The organization stressed that despite the IT infrastructure compromise, water management operations including dam control, flood management, and water distribution systems continue functioning normally through manual oversight and voice coordination protocols developed for such contingencies. BitLocker Weaponized for Malicious Encryption Following an initial technical evaluation, investigators determined attackers exploited BitLocker, a legitimate encryption mechanism for Windows operating systems, using it maliciously to produce file blocking through encryption across affected systems. This technique represents an evolution in ransomware tactics where threat actors leverage built-in security tools rather than deploying custom malware. The attackers transmitted a ransom note demanding contact within seven days. The National Directorate for Cyber Security reiterated its strict policy and recommendation that ransomware attack victims will not contact or negotiate with cyber attackers to avoid encouraging and financing this criminal ecosystem. The Cyber Express reached out to the media center of the DNSC to understand what data was compromised and which group had claimed responsibility of the attack but authorities recommended that IT teams at the National Administration of Romanian Waters or regional water administrations should not be contacted, allowing them to concentrate on restoring IT services without distraction from media inquiries or external pressure. Also read: Russia-Linked Hybrid Campaign Targeted 2024 Elections: Romanian Prosecutor General Infrastructure Not Protected by National Cyber Defense System The investigation revealed that Romanian water authority infrastructure was not currently protected through the national protection system for IT infrastructures with critical importance for national security against threats from cyberspace. Necessary procedures have now been initiated to integrate this infrastructure into systems developed by the National Cyber Intelligence Center for ensuring cyber protection of both public IT infrastructures and private ones with critical importance for national security through use of cyber intelligence technologies. Technical teams from the Directorate, National Administration Romanian Waters, the National Cyber Intelligence Center within the Romanian Intelligence Service, affected entities, and other state authorities with competencies in cybersecurity are actively involved in investigating and limiting the impact of the cyber incident. This is an evolving story and will be updated as and when latest updates arrive.

image for Cybersecurity 2026: ...

 Features

By Srinivas Shekar, CEO and Co-Founder, Pantherun Technologies Cyberattacks powered by artificial intelligence are moving faster, spreading wider, and targeting businesses with unprecedented precision. As we look toward Cybersecurity 2026, security teams must rethink how they protect what matters most: their data.   show more ...

Traditional defenses are struggling to keep pace with the speed, intelligence, and persistence of modern threats. Protecting sensitive information is no longer limited to a few industries, it has become a universal priority for organizations of all sizes. Cybersecurity in 2026 is no longer only about stopping intrusions. It is about ensuring that even if attackers gain access, they walk away with nothing of value. This calls for a shift from perimeter-focused security to continuous protection of the data itself. With businesses rapidly adopting cloud platforms and SaaS applications, the amount of sensitive information being shared and stored online continues to rise. Each new application, integration, or workflow expands the attack surface, giving threat actors more opportunities to exploit weaknesses. Key Cybersecurity 2026 Trends to Watch Out For  Supply-chain and insider threats will grow, elevating device-level security: As reliance on vendors, partners, and automated systems increases, attackers will exploit trusted channels more frequently. Insider risks, both accidental and intentional, will also rise. In this landscape, network security alone will not be enough. Protection must move with the data, regardless of where it travels or who accesses it Real-time data protection will take center stage: Cyberattacks unfold in seconds. Traditional tools that rely on detection and response often move too slowly against AI-driven threats. SaaS environments, in particular, have become frequent targets due to misconfigurations, weak access controls, and third-party integrations. By 2026, organizations will focus less on stopping every attack and more on ensuring that data remains protected at all times. Real-time encryption will play a critical role, rendering stolen data unreadable and unusable even when systems are breached Ransomware will shift from disruption to pressure tactics: Ransomware attacks will evolve beyond simply locking systems. Attackers will study the data they steal and use it to apply pressure through reputational damage, operational disruption, or regulatory exposure. This form of targeted extortion will force organizations to strengthen data protection across endpoints and devices, ensuring sensitive information is never exposed in plain form at any point Identity-based security will give way to data-centric approaches: Stolen credentials, hijacked sessions, and impersonation attacks are becoming easier for adversaries to execute. When identities can no longer be fully trusted, securing the data itself becomes the most reliable defense. By 2026, organizations will place greater emphasis on protecting information even when user accounts are compromised Quantum computing will put existing encryption to the test: Advancements in quantum computing will eventually threaten many current encryption standards. Attackers may already be collecting encrypted data with the intention of decrypting it in the future. To stay ahead, enterprises will begin preparing for quantum-safe encryption, especially for long-term sensitive data. Real-time encryption and robust key management will become increasingly important Cybersecurity in 2026 is entering a decisive phase. AI-powered attacks, expanding digital ecosystems, and growing internal and external risks are pushing traditional security models to their limits. The organizations that succeed will be those that protect what truly matters, the data itself. By embracing real-time encryption and continuous data protection, businesses can strengthen resilience and limit the damage from inevitable breaches. (This article reflects the author’s analysis and personal viewpoints and is intended for informational purposes only. It should not be construed as legal or regulatory advice.)

 Feed

Threat actors have been observed leveraging malicious dropper apps masquerading as legitimate applications to deliver an Android SMS stealer dubbed Wonderland in mobile attacks targeting users in Uzbekistan. "Previously, users received 'pure' Trojan APKs that acted as malware immediately upon installation," Group-IB said in an analysis published last week. "Now, adversaries increasingly deploy

 Feed

Cyber threats last week showed how attackers no longer need big hacks to cause big damage. They’re going after the everyday tools we trust most — firewalls, browser add-ons, and even smart TVs — turning small cracks into serious breaches. The real danger now isn’t just one major attack, but hundreds of quiet ones using the software and devices already inside our networks. Each trusted system can

 Feed

As the internet becomes an essential part of daily life, its environmental footprint continues to grow.  Data centers, constant connectivity, and resource-heavy browsing habits all contribute to energy consumption and digital waste. While individual users may not see this impact directly, the collective effect of everyday browsing is significant. Choosing a browser designed with

 Feed

Cybersecurity researchers have disclosed details of a new malicious package on the npm repository that works as a fully functional WhatsApp API, but also contains the ability to intercept every message and link the attacker's device to a victim's WhatsApp account. The package, named "lotusbail," has been downloaded over 56,000 times since it was first uploaded to the registry by a user named "

2025-12
Aggregator history
Monday, December 22
MON
TUE
WED
THU
FRI
SAT
SUN
DecemberJanuaryFebruary