Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for University of Hawaii ...

 Firewall Daily

The University of Hawaii is confronting the fallout from the 2025 UH Cancer Center cyberattack. The breach affected research systems at the University of Hawaiʻi Cancer Center and potentially exposed sensitive personal data, including Social Security numbers and driver’s license numbers, collected decades ago for   show more ...

epidemiological research.  According to an official report, the discovery of the data exposure occurred in December 2025. However, the cybersecurity incident itself was first identified on or about August 31, 2025. The ransomware attack was isolated to specific servers supporting research operations at the Cancer Center.  The University of Hawaii confirmed that the UH Cancer Center cyberattack did not affect clinical operations, patient care, or medical records. There was also no impact on student records or other divisions within the University of Hawaii system.  The affected data was contained strictly within research files and not connected to patient treatment records.  What Data Was Involved in the UH Cancer Center Cyberattack  During the UH Cancer Center cyberattack, an unauthorized third party encrypted and potentially exfiltrated data from certain research servers. The compromised files included: Two files containing names paired with Social Security numbers.  One file included Hawaiʻi driver’s license numbers collected in 2000 from the State Department of Transportation. At that time, driver’s license numbers were typically based on Social Security numbers.  The second file contained voter registration information collected in 1998 from the City and County of Honolulu, where identifiers also commonly included Social Security numbers.  These historical records were primarily used to recruit participants for long-term epidemiological research, particularly the Multiethnic Cohort (MEC) Study.  Impact on the Multiethnic Cohort Study  The UH Cancer Center cyberattack potentially impacted 87,493 participants in the long-running Multiethnic Cohort Study. Established in 1993, the MEC Study recruited more than 215,000 men and women between the ages of 45 and 75 from 1993 to 1996. Participants came from five primary racial and ethnic groups residing in Hawaiʻi and Los Angeles, California.  Additional affected research included three epidemiological studies focused on diet and cancer, specifically colorectal adenomas (with recruitment spanning 1995–2007) and colon cancer (1994–2005). These files contained names combined with Social Security numbers and/or driver’s license numbers. Some files also included participant questionnaires, health-related research data, and information sourced from national and state public health registries.  Two additional files containing names and Social Security numbers collected from public health registries were also compromised. One of those files stopped accepting new names in 1999, while the other closed in the mid-2000s.  Beyond the 87,493 MEC participants, approximately 1.15 million additional individuals may have had their information included in historical driver’s license and voter registration records that contained Social Security identifiers.  Investigations remain ongoing to determine whether other sensitive information was involved. The University of Hawaii has stated that any additional findings are expected to be nominal, and affected individuals will be notified separately where possible.  University Response and Law Enforcement Involvement  Following the discovery of the UH Cancer Center cyberattack, the University of Hawaii immediately disconnected the affected systems and worked to terminate unauthorized access. Third-party cybersecurity experts were retained to investigate the scope of the breach.  Due to the extensive encryption deployed by the threat actors, restoration of systems took time. During the investigation, it was determined that an unauthorized third party had accessed and had the opportunity to exfiltrate a subset of research files.  While the review was underway, the university made the decision to engage with the threat actors in an effort to protect affected individuals. Working with cybersecurity specialists, the University of Hawaii obtained a decryption tool and secured affirmation that the unlawfully obtained data was destroyed. As of now, officials report no evidence that the information has been published, shared, or misused.  Initially, most of the affected files appeared to contain research data without personal identifiers. However, a more detailed third-party electronic review confirmed the presence of files dating back to the 1990s that contained Social Security numbers used at that time to identify research participants.  After confirming the exposure, the University of Hawaii initiated notification procedures in accordance with §487N-4 of the Hawaiʻi Revised Statutes.  Notification and Support for Affected Individuals  On February 23, notification letters were mailed to 87,493 MEC Study participants. The University of Hawaii also identified approximately 900,000 email addresses and is providing notice through electronic communication, a public announcement, and a dedicated UH Cancer Center Cyberattack Information and Resource Website.  Affected individuals are being offered:  12 months of free credit monitoring  $1 million in identity theft insurance  Officials have advised the public to rely only on updates posted through official University of Hawaii channels and to disregard unsolicited websites or social media messages requesting personal information.  Systemwide Security Enhancements  In response to the UH Cancer Center cyberattack, the University of Hawaii has implemented extensive cybersecurity upgrades. These measures include:  Installing endpoint protection software with 24/7 monitoring  Rebuilding compromised systems  Resetting passwords and replacing affected user accounts  Migrating sensitive research servers into the UH Information Technology Services data center  Replacing and upgrading firewalls with enhanced security controls  Conducting third-party security assessments  Enforcing stricter access controls and mandatory cybersecurity training  Additionally, the University of Hawaii created a new Information Security Governance Council for Research and established an Information Security Task Force to update policies, strengthen cybersecurity roles, and recommend enterprise-level controls.  Naoto T. Ueno, director of the UH Cancer Center, stated:  “The UH Cancer Center deeply regrets that this incident occurred and that so many individuals have been impacted. We take this matter extremely seriously and are committed to transparency, accountability, and strengthening protections for the research data entrusted to us.”  University of Hawaii President Wendy Hensel emphasized the broader response:  “This cyberattack requires a comprehensive, systemwide response. I have initiated a full review of information technology systems across all 10 campuses to ensure we are strengthening protections wherever needed. We will take a holistic approach, identify areas requiring additional investment, and move forward with those improvements. Safeguarding the data entrusted to us is essential to our mission and our responsibility to the people of Hawaiʻi.”  As investigations continue, the University of Hawaii has indicated it will supplement its legislative report once the full scope of impacted individuals is confirmed. 

image for Cyber-Kinetic Warfar ...

 Firewall Daily

The Middle East has entered a critical tipping point, as tensions between Iran, the United States, and Israel escalated into a complex hybrid conflict that blends traditional military operations with cyber and information warfare. The offensive, identified as Operation Epic Fury by the US and Operation Roaring   show more ...

Lion by Israel, demonstrates how modern hostilities can no longer be understood through conventional lenses alone.  Unlike previous confrontations, this campaign combined kinetic strikes, cyber intrusions, psychological operations, and information manipulation into a single, synchronized effort. Cyber capabilities were leveraged as a co-equal domain alongside air and missile strikes, revealing a new level of strategic integration that reshapes the dynamics of regional warfare.   Independent monitoring from Cyble Research and Intelligence Labs (CRIL) highlighted how these combined operations exposed both strengths and vulnerabilities among the actors involved.  Strategic Build-Up and Diplomatic Limitations  In the lead-up to the offensive, the United States mobilized its largest Middle East deployment since the 2003 Iraq invasion, positioning aircraft carriers, fighter squadrons, and intelligence assets near Iran’s borders.   Parallel diplomatic initiatives in Geneva offered a fleeting possibility of negotiation, as Tehran agreed to halt nuclear enrichment under IAEA oversight. However, mutual distrust, strategic imperatives, and long-standing hostilities rendered these measures ineffective, creating conditions ripe for Operation Epic Fury and Operation Roaring Lion. Hybrid Warfare: The Cyber-Kinetic Nexus in the Middle East The campaign’s defining feature was the integration of cyber operations with kinetic attacks. Iran’s domestic internet infrastructure was reportedly reduced to 1–4% functionality, as state media, government services, and military communications came under sustained digital assault. Popular services, mobile applications, and religious platforms were compromised, while government websites displayed defaced content intended to undermine Tehran’s official narratives.  Pre-existing cyber actors, including MuddyWater, APT42 (Charming Kitten), Prince of Persia/Infy, UNC6446, and CRESCENTHARVEST, amplified the conflict through phishing, data theft, and server exploitation. Simultaneously, psychological operations extended into Israel, delivering threatening messages about fuel shortages and national ID numbers. Retaliation and Regional Cyber Convergence  Iran’s response combined missile and drone attacks targeting Israel, Gulf Cooperation Council (GCC) states, and US military bases, causing civilian casualties and infrastructure damage, including at Dubai International Airport and an AWS cloud data center.   Hacktivist groups surged in parallel, with over 70 organizations conducting DDoS attacks, website defacements, and credential theft campaigns across multiple countries. Malicious payloads, such as a RedAlert APK mimicking Israel’s missile alert app, showcased tradecraft usually associated with state-sponsored operations.  Pro-Russian groups like NoName057(16) and Russian Legion opportunistically aligned with Iranian interests, while cybercriminal actors exploited chaos to launch ransomware and social engineering campaigns, demonstrating the convergence of ideological and financial motivations in modern hybrid warfare.  Lessons and Implications  The ongoing operations stress several key lessons for the region and global observers: cyber operations now function as coequal with kinetic action; hacktivist networks can act as force multipliers across borders; and opportunistic cybercrime thrives in environments of geopolitical uncertainty. Analysts emphasize the need for continuous vigilance, from credential monitoring and DDoS mitigation to proactive defense against emerging malware campaigns.  Operation Epic Fury and Operation Roaring Lion highlight that the current Middle East conflict extends far beyond conventional warfare. Even as Iran’s networks remain degraded, pre-positioned cyber capabilities and hacktivist activity could sustain prolonged disruption, signaling a persistent and modern threat landscape that will influence regional and global security calculations for months to come.

image for Home Routers in Sing ...

 Firewall Daily

Singapore is preparing to tighten its mandatory cybersecurity requirements for residential routers, with the Cyber Security Agency of Singapore (CSA) and the Infocomm Media Development Authority (IMDA) set to raise standards under the Cybersecurity Labelling Scheme (CLS). The move, announced during the Ministry of   show more ...

Digital Development and Information (MDDI) Committee of Supply Debates 2026, will require all locally sold residential routers to meet CLS Level 2 standards by the end of 2027.  The decision reflects growing concern over the security of home network devices, which are targeted by cybercriminals. As gateways to household internet connections, residential routers can be exploited to infiltrate other connected systems within a home network or hijacked to participate in broader cyberattacks. Both the CSA and IMDA said the strengthened mandatory cybersecurity requirements are intended to address such cyber threats.   Why CSA and IMDA Are Raising Mandatory Cybersecurity Requirements  The policy shift follows Singapore’s participation in a global cybersecurity operation in 2025. During that exercise, authorities discovered that more than 2,700 devices in Singapore, including residential routers, had been compromised. These infected devices were part of a global botnet, a network comprising hundreds of thousands of everyday internet-connected devices that had been infiltrated with malicious software.  Botnets are frequently deployed to conduct Distributed Denial of Service (DDoS) attacks, overwhelming targeted systems with traffic and disrupting services. The incident underscored how vulnerable home routers can become entry points for malicious cyber actors. According to CSA and IMDA, the findings highlighted the need to strengthen mandatory cybersecurity requirements beyond existing baseline protections.  The Role of the Cybersecurity Labelling Scheme (CLS)  Launched in 2020, the Cybersecurity Labelling Scheme rates the cybersecurity provisions of Internet-of-Things (IoT) devices using a tiered framework. The scheme was designed to give consumers greater visibility into the security standards of connected products while encouraging manufacturers to adopt stronger protection.  As of mid-February 2026, 870 products had attained the CLS label. Currently, all residential routers sold in Singapore must comply with CLS Level 1 standards. These Level 1 mandatory cybersecurity requirements include unique default passwords, established vulnerability management processes, and regular software updates.  While CLS Level 1 addresses fundamental vulnerabilities, CSA and IMDA have determined that these protections are no longer sufficient. Authorities noted that Level 1 standards, though effective against basic security gaps, do not adequately defend against more advanced attacks that exploit weaknesses in encryption protocols, authentication systems, and secure data storage.  What CLS Level 2 Means for Manufacturers and Consumers  Under the revised framework, CSA and IMDA will require residential routers to meet CLS Level 2 standards by end-2027. The upgraded mandatory cybersecurity requirements will introduce stronger protection designed to better protect user data and privacy.  Manufacturers will need to implement secure communications protocols, ensuring that data transmitted through routers is properly encrypted. They must also provide secure storage for sensitive information and incorporate robust authentication mechanisms to prevent unauthorized access. These additional measures aim to reduce the likelihood of routers being compromised and recruited into botnets or used as entry points for broader network intrusions.  By strengthening mandatory cybersecurity requirements to CLS Level 2, CSA and IMDA intend to close gaps that attackers exploit. The agencies emphasized that encryption, authentication, and secure storage are critical components in mitigating emerging threats.  Implementation Timeline and Regulatory Coordination  CSA is working closely with IMDA to update the regulatory framework governing residential routers. The new mandatory cybersecurity requirements are expected to take effect by the end of 2027, providing manufacturers with a transition period to align their products with CLS Level 2 standards.  The agencies’ collaboration reflects a coordinated approach to digital infrastructure security. As connected devices continue to proliferate in homes, regulators are seeking to ensure that cybersecurity measures keep pace with technological adoption and the evolving tactics of malicious actors.  The announcement at the MDDI Committee of Supply Debates 2026 signals the government’s broader commitment to strengthening national cyber resilience. By raising mandatory cybersecurity requirements under the CLS and working jointly through CSA and IMDA, Singapore aims to better protect households against complex cyber threats while maintaining clear, enforceable standards for device manufacturers. 

image for AI assistant in Kasp ...

 Business

Modern software development relies on containers and the use of third-party software modules. On the one hand, this greatly facilitates the creation of new software, but on the other, it gives attackers additional opportunities to compromise the development environment. News about attacks on the supply chain through   show more ...

the distribution of malware via various repositories appears with alarming regularity. Therefore, tools that allow the scanning of images have long been an essential part of secure software development. Our portfolio has long included a solution for protecting container environments. It allows the scanning of images at different stages of development for malware, known vulnerabilities, configuration errors, the presence of confidential data in the code, and so on. However, in order to make an informed decision about the state of security of a particular image, the operator of the cybersecurity solution may need some more context. Of course, it’s possible to gather this context independently, but if a thorough investigation is conducted manually each time, development may be delayed for an unpredictable period of time. Therefore, our experts decided to add the ability to look at the image from a fresh perspective; of course, not with a human eye — AI is indispensable nowadays. OpenAI API Our Kaspersky Container Security solution (a key component of Kaspersky Cloud Workload Security) now supports an application programming interface for connecting external large language models. So, if a company has deployed a local LLM (or has a subscription to connect a third-party model) that supports the OpenAI API, it’s possible to connect the LLM to our solution. This gives a cybersecurity expert the opportunity to get both additional context about uploaded images and an independent risk assessment by means of a full-fledged AI assistant capable of quickly gathering the necessary information. The AI provides a description that clearly explains what the image is for, what application it contains, what it does specifically, and so on. Additionally, the assistant conducts its own independent analysis of the risks of using this image and highlights measures to minimize these risks (if any are found). We’re confident that this will speed up decision-making and incident investigations and, overall, increase the security of the development process. What else is new in Cloud Workload Security? In addition to adding API to connect the AI assistant, our developers have made a number of other changes to the products included in the Kaspersky Cloud Workload Security offering. First, they now support single sign-on (SSO) and a multi-domain Active Directory, which makes it easier to deploy solutions in cloud and hybrid environments. In addition, Kaspersky Cloud Workload Security now scans images more efficiently and supports advanced security policy capabilities. You can learn more about the product on its official page.

 Government

The Global Coalition on Telecoms (GCOT) — comprising the United Kingdom, United States, Canada, Japan and Australia, with Sweden and Finland joining at the launch — unveiled voluntary security and resilience principles for the technology at the Mobile World Congress trade show in Barcelona.

 Feed

Microsoft on Monday warned of phishing campaigns that employ phishing emails and OAuth URL redirection mechanisms to bypass conventional phishing defenses implemented in email and browsers. The activity, the company said, targets government and public-sector organizations with the end goal of redirecting victims to attacker-controlled infrastructure without stealing their tokens. It described

 Feed

Google on Monday disclosed that a high-severity security flaw impacting an open-source Qualcomm component used in Android devices has been exploited in the wild. The vulnerability in question is CVE-2026-21385 (CVSS score: 7.8), a buffer over-read in the Graphics component. "Memory corruption when adding user-supplied data without checking available buffer space," Qualcomm said in an advisory,

 Feed

The threat activity cluster known as SloppyLemming has been attributed to a fresh set of attacks targeting government entities and critical infrastructure operators in Pakistan and Bangladesh. The activity, per Arctic Wolf, took place between January 2025 and January 2026. It involves the use of two distinct attack chains to deliver malware families tracked as BurrowShell and a Rust-based

 Feed

Every CISO knows the uncomfortable truth about their Security Operations Center: the people most responsible for catching threats in real time are the people with the least experience. Tier 1 analysts sit at the front line of detection, and yet they are also the most vulnerable to the cognitive and organizational pressures that quietly erode SOC performance over time. The Paradox at the Gate:

 Feed

The threat actor behind the recently disclosed artificial intelligence (AI)-assisted campaign targeting Fortinet FortiGate appliances leveraged an open-source, AI-native security testing platform called CyberStrikeAI to execute the attacks. The new findings come from Team Cymru, which detected its use following an analysis of the IP address ("212.11.64[.]250") that was used by the suspected

 Feed

The Rise of MCPs in the Enterprise The Model Context Protocol (MCP) is quickly becoming a practical way to push LLMs from “chat” into real work. By providing structured access to applications, APIs, and data, MCP enables prompt-driven AI agents that can retrieve information, take action, and automate end-to-end business workflows across the enterprise. This is already showing up in production

 Feed

Cybersecurity researchers have disclosed details of a new phishing suite called Starkiller that proxies legitimate login pages to bypass multi-factor authentication (MFA) protections. It's advertised as a cybercrime platform by a threat group calling itself Jinkusu, granting customers access to a dashboard that lets them select a brand to impersonate or enter a brand's real URL. It also lets

 Feed

Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control (C2) framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner organizations, involved the threat actors using email spam as lures, followed by a phone call from

2026-03
Aggregator history
Tuesday, March 03
SUN
MON
TUE
WED
THU
FRI
SAT
March