The Rapid7 Take Command summit unveiled crucial findings from the 2024 Attack Intelligence Report, offering invaluable insights for cybersecurity professionals navigating today's complex threat landscape.

Key takeaways from the 30 minute panel:

1. Rise of Zero-Day Exploits: 53% of mass compromise events in 2023 and early 2024 began with zero-day exploits. This highlights the urgent need for improved patch management and proactive defense strategies.
2. Network Edge Vulnerabilities: Over a third of the vulnerabilities leading to mass compromise events were in network edge technologies, such as firewalls and VPNs, emphasizing the importance of securing these critical points.
3. Ransomware on the Rise: Rapid7 tracked over 5,600 ransomware incidents in 2023 and early 2024, with ransomware payouts exceeding $1 billion. The sheer volume underscores the importance of robust defenses and incident response plans.

Key Quote:

"Our research shows that more than 40% of incident responses in 2023 stemmed from remote remote access exploits without multifactor authentication. Basic security components are still crucial in making attacks harder." - Caitlin Condon, Director Vulnerability Intelligence, Rapid7

The 2024 Attack Intelligence Report provides deep insights into the evolving threat landscape, highlighting the rise of zero-day exploits, the critical vulnerabilities in network edge technologies, and the rampant increase in ransomware incidents, you can view it here.

For a deeper dive into these findings, click through to watch the full video and stay ahead of attackers.

Two authentication bypass vulnerabilities affect Progress Software’s MOVEit Transfer SFTP service in a default configuration and MOVEit Gateway

A novel malware strain, Snowblind, bypasses security measures in banking apps on Android, leading to financial losses and fraud, according to Promon

In a significant move to bolster data privacy protections, the California Privacy Protection Agency (CPPA) inked a new partnership with France’s Commission Nationale de l'Informatique et des Libertés (CNIL). The collaboration aims to conduct joint research on data privacy issues and share investigative findings that will enhance the capabilities of both organizations in safeguarding personal data. The partnership between CPPA and CNIL shows the growing emphasis on international collaboration in data privacy protection. Both California and France, along with the broader European Union (EU) through its General Data Protection Regulation (GDPR), recognize that effective data privacy measures require global cooperation. France’s membership in the EU brings additional regulatory weight to this partnership and highlights the necessity of cross-border collaboration to tackle the complex challenges of data protection in an interconnected world.

What the CPPA-CNIL Data Privacy Protections Deal Means

The CPPA on Tuesday outlined the goals of the partnership, stating, “This declaration establishes a general framework of cooperation to facilitate joint internal research and education related to new technologies and data protection issues, share best practices, and convene periodic meetings.” The strengthened framework is designed to enable both agencies to stay ahead of emerging threats and innovations in data privacy. Michael Macko, the deputy director of enforcement at the CPPA, said there were practical benefits of this collaboration. “Privacy rights are a commercial reality in our global economy,” Macko said. “We’re going to learn as much as we can from each other to advance our enforcement priorities.” This mutual learning approach aims to enhance the enforcement capabilities of both agencies, ensuring they can better protect consumers’ data in an ever-evolving digital landscape.

CPPA’s Collaborative Approach

The partnership with CNIL is not the CPPA’s first foray into international cooperation. The California agency also collaborates with three other major international organizations: the Asia Pacific Privacy Authorities (APPA), the Global Privacy Assembly, and the Global Privacy Enforcement Network (GPEN). These collaborations help create a robust network of privacy regulators working together to uphold high standards of data protection worldwide. The CPPA was established following the implementation of California's groundbreaking consumer privacy law, the California Consumer Privacy Act (CCPA). As the first comprehensive consumer privacy law in the United States, the CCPA set a precedent for other states and countries looking to enhance their data protection frameworks. The CPPA’s role as an independent data protection authority mirror that of the CNIL - France’s first independent data protection agency – which highlights the pioneering efforts of both regions in the field of data privacy. By combining their resources and expertise, the CPPA and CNIL aim to tackle a range of data privacy issues, from the implications of new technologies to the enforcement of data protection laws. This partnership is expected to lead to the development of innovative solutions and best practices that can be shared with other regulatory bodies around the world. As more organizations and governments recognize the importance of safeguarding personal data, the need for robust and cooperative frameworks becomes increasingly clear. The CPPA-CNIL partnership serves as a model for other regions looking to strengthen their data privacy measures through international collaboration.

Credit Suisse, a global investment bank and financial services firm, has reportedly fallen victim to a cyberattack. The Credit Suisse data breach was allegedly masterminded by a threat actor (TA), operating under the alias “888,” on the data hack site BreachForums. The TA claims to have accessed highly sensitive data of the bank and posted it on the dark web marketplace. According to the the threat actor, the data breach contains personal information of about 19,000 of the bank’s Indian employees.

Credit Suisse Data Breach Details

Credit Suisse was founded in 1856 and has approximately $15.21 Billion in revenue. It is one of the leading institutions in private banking and asset management, with strong expertise in investment banking. On June 25, 2024, the threat actor claimed to have carried out a cyberattack on the bank and exfiltrated details on 19,000 of its users. [caption id="attachment_79024" align="alignnone" width="1622"] Source: X[/caption] The breached data purportedly includes names of employees, 6,623 unique email addresses, their codes, date of birth, gender, policy name, relationships, dates of joining, effective dates, statuses, and entities. To substantiate the claim, the threat actor 888 provided a sample of the data breach, which contains details of Credit Suisse employees in India. [caption id="attachment_79025" align="alignnone" width="1362"] Source: X[/caption] The TA, however, did not provide a specific price for the sale of data and has requested potential buyers to quote a figure. The hacker commented that they are only accepting cryptocurrency as the mode of payment. More specifically, the hacker was open to payment on Monero (XMR), a digital currency renowned for its privacy and anonymity attributes. This method of payment is often utilized in illegal transactions to evade detection. Despite these claims by the threat actor, a closer inspection reveals that the bank’s website is currently functioning normally, showing no signs of a security breach. The Cyber Express has reached out to the bank to verify the alleged cyberattack. As of now, no official statements or responses have been received, leaving the claims unverified.

Not the First Credit Suisse Data Breach

This is not the first time that Credit Suisse has been involved in a security breach. According to a report published in The Economic Times, in 2023, the bank warned its staff that a former employee stole personal data of its employees, including salaries and bonuses. The information included salary and "variable compensation" for a period between 2013 and 2015. Another Bloomberg report said that a data breach in 2023 impacted numerous former Credit Suisse clients who collectively held a staggering $100 billion in accounts.

Credit Suisse Hacker Targeted Big Multinationals Recently

There are many concerns over the potential misuse of sensitive information found in the data breach, which includes customer names, dates of birth, and relationships. Credit Suisse should investigate the data breach claims considering the history of the threat actor. Earlier this month, the TA 888 claimed to have stolen data of over 32,000 current and former employees of Accenture. The company, however, denied the claims and said that the data set published by the hacker had only three employee names and email addresses. The hacker also claimed responsibility for leaking details about 8,174 employees of Heineken across several countries. Prior to this, 888 also staked claims for an attack on oil and gas multinational Shell.  The TA posted sample information sharing personal details of Australian customers. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.  

On June 23rd, LockBit announced breaching the US Federal Reserve System, while security experts remained skeptical. The Russian threat group claimed to exfiltrate 33 terabytes of banking information from the USA’s central bank servers. They also threatened to publish the data in the following 48 hours unless the victims would pay ransom. Source – Cybernews.com […]

The post LockBit Claims Breaching the US Federal Reserve but Fails to Prove It appeared first on Heimdal Security Blog.

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States.

On LockBit’s dark web leak site, the group threatened to release over 30 TB of banking information containing Americans’ banking data if a ransom wasn’t paid by June 25:

“Federal banking is the term for the way the Federal Bank of America distributes its money. The Reserve operates twelve banking districts around the country which oversee money distribution within their respective districts. The twelve cities which are home to the Reserve Banks are Boston, New York City, Philadelphia, Richmond, Atlanta, Dallas, Saint Louis, Cleveland, Chicago, Minneapolis, Kansas City and San Francisco.

33 terabytes of juicy banking information containing American’s banking secrets.”

The statement ends expressing the group’s disappointment about a negotiator who apparently offered to pay $50,000.

So, you can imagine that everyone was anticipating the end of the countdown that signalled the release of the stolen data with bated breath.

However, when that deadline passed and the data was released, people who looked at the data found it did not, in fact, belong to the Federal Reserve but instead to a particular financial organization: Evolve Bank & Trust.

All the links lead to directories containing data that seems to belong to Evolve.

There hasn’t been enough time to do a full analysis of the huge amount of data, but it appears it is only remotely tied to the Federal Reserve by some included links to a Federal Reserve press link from mid-June.

At that time, the US Federal Reserve Board penalized Evolve Bancorp and its subsidiary, Evolve Bank & Trust, for multiple “deficiencies” in the bank’s risk management, anti-money laundering (AML) and compliance practices.

According to the Federal Reserve statement released at the time:

“In addition, Evolve did not maintain an effective risk management program or controls sufficient to comply with anti-money laundering laws and laws protecting consumers.”

So, as expected, LockBit drew a lot of attention under false pretences.

The group was disrupted by law enforcement in February of 2024 and their activity diminished as a result. As the ThreatDown monthly ransomware review of May review pointed out:

“While LockBit is technically still alive, it’s fair to say the group is not what it was: Not only are its attacks dwindling, but in early May law enforcement also revealed the identity of alleged LockBit leader Dmitry Khoroshev, aka LockBitSupp. LockBitSupp, who is now subjected to a series of asset freezes and travel bans, also has a reward of up to $10 million over his head for information that leads to his arrest.”

And recently the FBI announced it had over 7,000 LockBit decryption keys in its possession, allowing it to help victims to recover data encrypted by the gang in past attacks. LockBit ransomware has impacted over 1,800 US victims, according to FBI stats.

Back to the data, it’s good news it appears not to be from the Federal Reserve. However, it’s not good news for customers of Evolve Bank & Trust and their data may well have been stolen and published. And it’s a lot of data.

We’ll keep you updated on this developing story. For now, there’s no official statement from Evolve, but there are general things to know if you think you have been involved in a data breach.

Protecting yourself after a data breach

There are some actions you can take if you are, or suspect you may have been, the victim of a data breach.

• Check the vendor’s advice. Every breach is different, so check with the vendor to find out what’s happened, and follow any specific advice they offer.
• Change your password. You can make a stolen password useless to thieves by changing it. Choose a strong password that you don’t use for anything else. Better yet, let a password manager choose one for you.
• Enable two-factor authentication (2FA). If you can, use a FIDO2-compliant hardware key, laptop or phone as your second factor. Some forms of two-factor authentication (2FA) can be phished just as easily as a password. 2FA that relies on a FIDO2 device can’t be phished.
• Watch out for fake vendors. The thieves may contact you posing as the vendor. Check the vendor website to see if they are contacting victims, and verify the identity of anyone who contacts you using a different communication channel.
• Take your time. Phishing attacks often impersonate people or brands you know, and use themes that require urgent attention, such as missed deliveries, account suspensions, and security alerts.
• Consider not storing your card details. It’s definitely more convenient to get sites to remember your card details for you, but we highly recommend not storing that information on websites.
• Set up identity monitoring. Identity monitoring alerts you if your personal information is found being traded illegally online, and helps you recover after.

Check your digital footprint

Malwarebytes has a new free tool for you to check how much of your personal data has been exposed online. Submit your email address (it’s best to give the one you most frequently use) to our free Digital Footprint scan and we’ll give you a report and recommendations.

---

We don’t just report on threats – we help safeguard your entire digital identity

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

New GrimResource technique exploits a 2018-old, unpatched, Windows XSS flaw and crafted MSC files to deploy malware via the Microsoft Management Console (MMC). Researchers detected the new exploitation technique in the wild on June 6th, 2024. Exploiting the Microsoft Management Console could enable hackers to evade security measures and gain initial access. Although researchers reported […]

The post GrimResource Technique Exploits Years-Old Unpatched Windows XSS Flaw appeared first on Heimdal Security Blog.

Hacktivist group KillSec has revealed a new weapon in their digital arsenal: a Ransomware as a Service (RaaS) program designed to empower aspiring cybercriminals with hacking capabilities. The threat actor revealed the RaaS program on June 24, 2024, sharing its features for those looking to deploy ransomware attacks on their targets.  The centerpiece of KillSec RaaS is its advanced locker, meticulously crafted in C++ for optimal performance and efficiency. This encryption tool is engineered to lock down files on victims' computers, rendering them inaccessible until a ransom is paid and a decryption key is provided. Operating through a user-friendly dashboard accessible via the Tor network, known for its anonymity features, KillSec ensures that its clients can operate discreetly.

KillSec Announces New RaaS Program for Hackers

[caption id="attachment_79012" align="alignnone" width="532"] Source: Dark Web[/caption] The dashboard boasts several essential features designed to streamline the ransomware deployment process. Users can track the success of their campaigns with detailed statistics, manage communications via an integrated chat function, and customize ransomware configurations using the built-in builder tool. In addition to its current capabilities, KillSec has announced forthcoming enhancements to its RaaS program. These include a stresser tool for launching distributed denial-of-service (DDoS) attacks, automated phone call capabilities to pressure victims into paying ransoms, and an advanced stealer for harvesting sensitive data such as passwords and financial information. Access to KillSec's RaaS program is available for a fee of $250, aimed at "trusted individuals," with KillSec taking a 12% commission from any ransom payments collected. This pricing model highlights the group's commitment to making advanced cyber weaponry accessible while maintaining a profitable partnership with their clients.

Who is the KillSec Hacktivist Group?

Founded in 2021, KillSec has emerged as a prominent force in the hacktivist community, often aligning itself with the ethos of the Anonymous movement. Their activities have included high-profile website defacements, data breaches, and ransomware attacks, including recent breaches affecting traffic police websites in Delhi and Kerala. Ransomware as a Service (RaaS) programs, similar to what KillSec has announced, represent an evolution in cybercrime tactics, democratizing access to powerful malicious software for a global audience.  The RaaS program model allows less technically skilled individuals to engage in cyber extortion with relative ease, leveraging customizable ransomware variants to target businesses and individuals worldwide. The proliferation of RaaS platforms has contributed to the escalating frequency and severity of ransomware attacks, posing substantial challenges to law enforcement agencies worldwide. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Choosing an IT management software is one of the most important decisions you make as an IT team. There are a few well-known platforms on the market, one being NinjaOne. Considering the feedback from review sites, NinjaOne customers are switching to alternatives mainly because of a poor user experience, slow customer support, complex configuration, and […]

The post Top 10 NinjaOne Alternatives to Consider in 2024 appeared first on Heimdal Security Blog.

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that impacts the following versions - From 2023.0.0 before 2023.0.11 From 2023.1.0 before 2023.1.6, and&

30,000 websites at risk: Check yours ASAP! (800 Million Ostriches Can’t Be Wrong.)

The post WordPress Plugin Supply Chain Attack Gets Worse appeared first on Security Boulevard.

A report from the Government Accountability Office (GAO) highlighted an urgent need to address critical cybersecurity challenges facing the nation.

The post GAO Urges Action to Address Critical Cybersecurity Challenges Facing U.S. appeared first on Security Boulevard.

In the first quarter of 2024, nearly half of all security incidents our team responded to involved multi-factor authentication (MFA) issues, according to the latest Cisco Talos report.

The post Misconfigured MFA Increasingly Targeted by Cybercriminals appeared first on Security Boulevard.

Google has disrupted over 175,000 YouTube and Blogger instances related to the Chinese influence operation Dragonbridge.

The post Google Disrupts More China-Linked Dragonbridge Influence Operations appeared first on SecurityWeek.

Our adversaries certainly have diversity — so cybersecurity teams need it, too.

The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Votiro.

The post The Check Point Challenge: Safeguarding Against the Latest CVE appeared first on Security Boulevard.

As cybersecurity's cat-and-mouse game starts to look more like Tom and Jerry, attackers develop a method for undermining Android app security with no obvious fix.

Organizations face an overwhelming number of vulnerabilities and threats. The traditional approach has been to prioritize exposures—identifying and addressing the most critical vulnerabilities first. However, this method, while logical on the surface, has significant limitations. At Veriti, we advocate for a different strategy: prioritizing actions. By focusing on remediations rather than merely cataloging exposures, we believe […]

The post Prioritizing Exposures vs. Prioritizing Actions  appeared first on VERITI.

The post Prioritizing Exposures vs. Prioritizing Actions  appeared first on Security Boulevard.

Freed from the shackles of always demanding a technical background, the CISO can concentrate on building a diverse team comprising multiple skills.

The post Gaining and Retaining Security Talent: A Cheat Sheet for CISOs appeared first on SecurityWeek.

Some expressed concern about a rise in hybrid attacks by Russia – including allegations of election interference, cyberattacks and sabotage.

The post The EU Targets Russia’s LNG Ghost Fleet With Sanctions as Concern Mounts About Hybrid Attacks appeared first on SecurityWeek.

Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS).

This joint guidance builds on the guide The Case for Memory Safe Roadmaps by providing a starting point for software manufacturers to create memory safe roadmaps, including plans to address memory safety in external dependencies which commonly include OSS. Exploring Memory Safety in Critical Open Source Projects also aligns with the 2023 National Cybersecurity Strategy and corresponding implementation plan, which discusses investing in memory safety and collaborating with the open source community—including the establishment of the interagency Open Source Software Security Initiative (OS3I) and investment in memory-safe programming languages.

CISA encourages all organizations and software manufacturers to review the methodology and results found in the guidance to:

• Reduce memory safety vulnerabilities;
• Make secure and informed choices;
• Understand the memory-unsafety risk in OSS;
• Evaluate approaches to reducing this risk; and
• Continue efforts to drive risk-reducing action by software manufacturers.

To learn more about taking a top-down approach to developing secure products, visit CISA’s Secure by Design webpage.

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.

• CVE-2022-24816 GeoSolutionsGroup JAI-EXT Code Injection Vulnerability
• CVE-2022-2586 Linux Kernel Use-After-Free Vulnerability
• CVE-2020-13965 Roundcube Webmail Cross-Site Scripting (XSS) Vulnerability

These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.

Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to protect FCEB networks against active threats. See the BOD 22-01 Fact Sheet for more information.

Although BOD 22-01 only applies to FCEB agencies, CISA strongly urges all organizations to reduce their exposure to cyberattacks by prioritizing timely remediation of Catalog vulnerabilities as part of their vulnerability management practice. CISA will continue to add vulnerabilities to the catalog that meet the specified criteria.

The P2Pinfect worm targeting Redis servers has been updated with ransomware and cryptocurrency mining payloads.

The post P2Pinfect Worm Now Dropping Ransomware on Redis Servers appeared first on SecurityWeek.

Rate limiting is a well-known technique for limiting network traffic to web servers, APIs, or other online services. It is also one of the methods available to you for blocking DDoS attackers from flooding your system with requests and exhausting network capacity, storage, and memory.  You typically define rate-limiting rules in your Web Application Firewall […]

The post 6 Tips for Preventing DDoS Attacks Using Rate Limits appeared first on Security Boulevard.

The tragedy of the commons is a concept in economics and ecology that describes a situation where individuals, acting in their own self-interest, collectively deplete a shared resource. In simpler terms, it's the idea that when a resource is available to everyone without restriction, some individuals tend to overuse it, leading to its eventual depletion and harming everyone in the long run. In the case of Maven Central, we are experiencing an unwitting tyranny by the few.

The post Maven Central and the tragedy of the commons appeared first on Security Boulevard.

More than 100,000 websites are affected by a supply chain attack injecting malware via a Polyfill domain.

The post Polyfill Supply Chain Attack Hits Over 100k Websites  appeared first on SecurityWeek.

Multiple vulnerabilities have been addressed in ADOdb, a PHP database abstraction layer library. These vulnerabilities could cause severe security issues, such as SQL injection attacks, cross-site scripting (XSS) attacks, and authentication bypasses. The Ubuntu security team has released updates to address them in various versions of Ubuntu, including Ubuntu 22.04 LTS, Ubuntu 20.04 LTS, Ubuntu […]

The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on TuxCare.

The post Critical ADOdb Vulnerabilities Fixed in Ubuntu appeared first on Security Boulevard.

Containerized applications offer several advantages over traditional deployment methods, making them a powerful tool for modern application development and deployment. Understanding the security complexities of containers and implementing targeted security measures is crucial for organizations to protect their applications and data. Adopting specialized security practices, such as Linux live kernel patching, is essential in maintaining […]

The post Navigating Security Challenges in Containerized Applications appeared first on TuxCare.

The post Navigating Security Challenges in Containerized Applications appeared first on Security Boulevard.

A growing number of malware operators have turned to cloud-based command and control servers to deploy malicious campaigns, Fortinet researchers found

Identity-related crimes declined 16% annually in 2023 with the majority related to compromised credentials

VPNs are not all created equal – make sure to choose the right provider that will help keep your data safe from prying eyes

Notorious ransomware group BianLian has claimed to have added two new organizations as its latest cyberattack victims. The BianLian ransomware attack was allegedly carried out on two US-based firms, namely, Better Business Bureau Inc and U.S. Dermatology Partners. The infamous actor has claimed to have accessed sensitive data including financial, contract, and employee profiles from both its victims.

BianLian Ransomware Attack: Critical Details  

The first organization targeted by hackers was Better Business Bureau (BBB), which is a private, nonprofit organization founded in 1912 in Arlington, Virginia. The firm maintains a massive database of accredited and non-accredited businesses, providing ratings based on several factors. The Better Business Bureau has a revenue of $430.6 Million. [caption id="attachment_79001" align="alignnone" width="1259"] Source: X[/caption] The threat actor claims to have accessed 1.2 TB of organization data, including accounting, budget, and financial data; contract data and NDAs; files from the CFO's computer; operational and business files; and email and PST archives. The group has also disclosed sensitive information such as the names, personal email addresses, and phone numbers of BBB’s CEO, vice president, chief accreditation officer, and chief activation officer. The other organization that has allegedly fallen victim to the ransomware group is US Dermatology Partners. The organization, with a revenue of $213.7 Million, is one of the premier dermatology practitioners in the USA, caring for over two million patients annually. [caption id="attachment_79002" align="alignnone" width="1259"] Source: X[/caption] The hackers claimed to have accessed 300 GB of organization data, including personal data, accounting and budget information, financial data, contract data and NDAs, and employee profiles.

Potential Impact of BianLian Ransomware Attack

If proven, the potential consequences of this ransomware attack could be critical as the accounting and financial details of both these firms could be leaked. The organizations should take appropriate measures to protect the privacy and security of the stakeholders involved. Financial data breaches can lead to identity theft, financial fraud, and a loss of trust among clients, potentially jeopardizing the company’s standing in the industry. Currently, details regarding the extent of the BianLian ransomware attack, data compromise, and the motive behind the cyber assault remain undisclosed. Despite the claims made by BianLian, the official websites of the targeted companies remain fully functional. This discrepancy has raised doubts about the authenticity of the BianLian group’s assertion. To ascertain the veracity of the claims, The Cyber Express has reached out to the officials of the affected organizations. As of the writing of this news report, no response has been received, leaving the ransomware attack claim unverified.

History of BianLian Ransomware Group Attacks

BianLian, a ransomware group, has been targeting critical infrastructure sectors in the U.S. and Australia since June 2022. They exploit RDP credentials, use open-source tools for discovery, and extort data via FTP or Rclone. FBI, CISA, and ACSC advise implementing mitigation strategies to prevent ransomware attacks. Initially employing a double-extortion model, they shifted to exfiltration-based extortion by 2023. According to a report by  BlackBerry, BianLian ransomware showcases exceptional encryption speed and is coded in the Go programming language (Golang). This sophisticated approach has enabled the group to strike multiple organizations, leaving a trail of unverified claims in its wake. Earlier in 2024, the group targeted companies such as North Star Tax and Accounting, KC Pharmaceuticals, Martinaire. In its attack on MOOver, the group claimed to have accessed a staggering 1.1 terabytes of the firm’s data. Subsequently, Northeast Spine and Sports Medicine also found themselves on the list of victims. All these claims, similar to the recent attack, remain unverified. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime New Report Urges Public-Private Collaboration to Reduce Chemical, Nuclear AI Risks Chris Riotta (@chrisriotta) • June 25, 2024     The U.S. federal government warned that artificial intelligence lowers the barriers to conceptualizing and conducting […]

La entrada US DHS Warns of AI-Fueled Chemical and Biological Threats – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Artificial Intelligence & Machine Learning , Governance & Risk Management , Next-Generation Technologies & Secure Development Companies Eager for Tools Are Putting AI’s Transformative Power Ahead of Security Rashmi Ramesh (rashmiramesh_) • June 25, 2024     Oh, no – not all Ollama administrators have patched against the “Probllama” flaw. […]

La entrada Patched Weeks Ago, RCE Bug in AI Tool Still a ‘Probllama’ – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Healthcare , Industry Specific , Standards, Regulations & Compliance John Riggi of the American Hospital Association on HHS’ Upcoming Cyber Regulations Marianne Kolbasuk McGee (HealthInfoSec) • June 25, 2024     John Riggi, national cybersecurity and risk adviser, American Hospital Association White House efforts to ratchet up healthcare sector cybersecurity […]

La entrada Why New Cyber Penalties May Strain Hospital Resources – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime More Victims of Campaign Against Data Warehousing Platform Snowflake Come to Light Mathew J. Schwartz (euroinfosec) • June 25, 2024     Attention Neiman Marcus shoppers: Your contact information may be for sale on a criminal forum. (Image: Shutterstock) […]

La entrada Luxury Retailer Neiman Marcus Suffers Snowflake Breach – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: www.databreachtoday.com – Author: 1 Immutable backups are essential in the fight against ransomware, and businesses should put protections in place to ensure attackers can’t alter or delete them. Acronis President Gaidar Magdanurov said data protection firms must address the threat of ransomware by implementing immutable storage and exposing APIs for seamless integration with security […]

La entrada Securing Data With Immutable Backups and Automated Recovery – Source: www.databreachtoday.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Malwarebytes Premium Security has maintained its long-running, perfect record in protecting users against online threats by blocking 100% of the malware samples deployed in the AV Lab Cybersecurity Foundation’s “Advanced In-The-Wild Malware Test.”

For its performance in the May 2024 evaluation, Malwarebytes Premium Security also received a certificate of “Excellence.”

According to AV Lab, such certificates “are granted to solutions that are characterized by a high level of security, with a rating of at least 99% of blocked threats in the Advanced In-The-Wild Malware Test.”

Every two months, the cybersecurity and information security experts at AV Lab construct a series of tests to compare cybersecurity vendors against the latest malware that is currently being used by adversaries and threat actors.

For the May evaluation, AV Lab tested 521 unique malware samples against 13 cybersecurity products. Malwarebytes Premium Security detected 521/521 malware samples, with a remediation time of 44 seconds—well below the 52-second average determined by AV Lab in its most recent testing.

Three cybersecurity vendors failed to block 100% of malware tested: ESET, F-Secure, and Panda.

To ensure that AV Lab’s evaluations reflect current cyberthreats, each round of testing follows three steps:

1. Collecting and verifying in-the-wild malware: AVLab regularly collects malware samples from malicious and active URLs, testing the malware samples to understand their impact to networks and endpoints.

2. Simulating a real-world scenario in testing: To recreate how a real-life cyberattack would occur, AVLab uses the Firefox web browser to engage with the known, malicious URLs collected in the step prior. In the most recent test, AVLab emphasized the potential for these URLs to be sent over instant messaging platforms, including Discord and Telegram.

3. Incident recovery time assessment: With the various cybersecurity products installed, AVLab measures whether the evaluated product detects a malware sample, when it detects a sample, and how long it took to detect that sample. The last metric is referred to as “Remediation Time.”

Malwarebytes is proud to once again achieve a 100% score with AVLab’s Advanced In-The-Wild Malware Test, a trusted resource that proves our commitment to user safety.

A newly surfaced banking trojan named "Sniffthem," also known as Tnaket has emerged on the dark web forums. This Sniffthem trojan, introduced by threat actor oliver909 on the XSS Russian language forum, targets a wide spectrum of Windows operating systems ranging from Windows 7 to the latest Windows 11. Oliver909's forum post on June 24, 2024, detailed the capabilities of the banking trojan Sniffthem, highlighting its advanced functionalities designed for financial fraud. Among its notable features, Sniffthem possesses the ability to perform HTML injection, enabling it to compromise websites—even those secured with SSL certificates—by injecting malicious HTML code. This tactic undermines the integrity of supposedly secure web pages, facilitating the theft of sensitive information.

Dark Web Actors Reveals Banking Trojan Sniffthem

[caption id="attachment_78990" align="alignnone" width="1906"] Source: Dark Web[/caption] Another key feature of Sniffthem is its credit card grabber capability, allowing it to stealthily capture credit card details through the injection of fake web pages. This method operates covertly, ensuring that the theft of financial data goes unnoticed by users and security measures alike. Moreover, the trojan supports a wide range of web browsers including Firefox, Google Chrome, Edge, and Yandex, ensuring compatibility across various user environments. To evade detection, the banking trojan Sniffthem employs crypters, enhancing its stealth and persistence on infected systems. These crypters cloak the trojan's code, making it difficult for antivirus programs and security defenses to detect and remove the malware effectively. Oliver909 demonstrated the trojan's functionalities through a video shared on the forum, showcasing its management panel and user interface designed for seamless control over malicious activities. In terms of pricing, oliver909 offers Sniffthem on a subscription basis, setting a monthly rate of USD 600. This pricing strategy positions Sniffthem as a lucrative option within the cybercriminal marketplace, appealing to threat actors looking to capitalize on financial fraud opportunities.

Technical Insights into Sniffthem Banking Trojan

Sniffthem's technical specifications highlight its sophistication and potential impact on cybersecurity. The Sniffthem banking trojan operates persistently as a hidden process, evading detection and maintaining a covert presence on infected systems. Its integration with a web-based management panel allows threat actors to efficiently control compromised devices and orchestrate malicious activities remotely. Furthermore, Sniffthem's compatibility with a wide array of browsers—64 in total—highlights its versatility and ability to infiltrate diverse user environments. This capability extends its reach across various sectors, with a particular focus on the BFSI (Banking, Financial Services, and Insurance) industry where financial transactions and sensitive data are prime targets. The emergence of Sniffthem signifies a heightened threat to organizations and individuals alike, particularly within the financial sector. To mitigate risks associated with banking trojans like Sniffthem, cybersecurity best practices are essential. Organizations should prioritize regular software updates, endpoint protection, and employee training to recognize and respond to phishing attempts effectively. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

India’s largest government-owned-telecommunications service provider, Bharat Sanchar Nigam Ltd (BSNL), has allegedly suffered a massive data breach, the second such instance in less than six months. The BSNL data breach reportedly involves critical data including international Mobile Subscriber Identity (IMSI) numbers, SIM card information, Home Location Register (HLR) specifics, DP Card Data, and even snapshots of BSNL's SOLARIS servers which can be misused for SIM cloning.

Exploring Claims of BSNL Data Breach

The BSNL data leak was first disclosed by an Indian firm, Athenian Tech, in its threat intelligence report. According to the report, a threat actor, operating under the alias “kiberphant0m”, leaked a significant amount of sensitive data affecting millions of users. The threat actor posted this information on the data hack site BreachForums and shared samples of the breach to legitimize the claim. Overall, around 278GB of sensitive information could be compromised. The hacker also posted details of call log samples which leaked sensitive information like mobile numbers of users, the date and duration of calls, and the amount charged for the call in Indian Rupees. The call log samples were being leaked in two sets: one for the month of May 2024 and another from 2020. This indicates that the data breach was a recent attack raising questions over the security checks in place at BSNL. The threat actor was selling the alleged stolen data for $5,000. The steep price tag could indicate the significant value of the stolen data which is sensitive. The Cyber Express has yet to verify the authenticity of the recent BSNL data breach and has contacted the organization for an official response.  This article will be updated based on their response.

Potential Implications of BSNL Data Breach

1. SIM Cloning and Identity Theft: Cloning a SIM involves creating a duplicate card that has the same IMSI and authentication keys, thus making it easy for the attackers to intercept messages/ calls, gain access to people’s bank accounts, and embezzle their finances.
2. Privacy Violations: Identity theft means that one can gain unauthorized access to the individuals’ communication and breaches.
3. Financial and Identity Theft: Illegal operations can defeat protective procedures in the financial portfolios, which entail substantial monetary losses and cases of identity theft.
4. Targeted Attacks and Scams: The user could be exposed to major security risks and could be vulnerable to phishing schemes and other social engineering attacks, exploiting their trust in BSNL.

The threat is not just limited to the consumers, but also to BSNL’s operations and security. Illegal access to servers can result in service disruptions, slow performance, and unauthorized access to telecom operations. Leaking of such information poses a severe threat to critical infrastructures and paves the way for future attacks on complex systems interconnectivity. BSNL users should remain vigilant and monitor any unusual activity on their phones and bank accounts and enable two-factor authentication (2FA) for added security on all accounts. BSNL too should take immediate action if the breach is confirmed, secure network endpoints, and audit access logs. They should enhance security measures, conduct frequent security audits, and adopt advanced threat detection technologies.

Second BSNL Data Breach in Less Than Six Months

If the data theft claims are proven, it would be the second instance of a cyberattack on BSNL in less than six months. In December 2023, a threat actor known as “Perell” claimed access to critical information about fiber and landline users of BSNL. The dataset contained about 32,000 lines of data allegedly impacting over 2.9 million users. However, BSNL did not validate the claims back then. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

This move has been coming for a long time.

The Biden administration on Thursday said it’s banning the company from selling its products to new US-based customers starting on July 20, with the company only allowed to provide software updates to existing customers through September 29. The ban—­the first such action under authorities given to the Commerce Department in 2019­—follows years of warnings from the US intelligence community about Kaspersky being a national security threat because Moscow could allegedly commandeer its all-seeing antivirus software to spy on its customers.

The China-nexus cyber-threat actor has been operating since at least 2019 and has notched victims in multiple countries.

Several vulnerabilities patched recently in Siemens Sicam products could be exploited in attacks aimed at the energy sector.

The post Siemens Sicam Vulnerabilities Could Facilitate Attacks on Energy Sector appeared first on SecurityWeek.

Exploitation attempts targeting CVE-2024-5806, a critical MOVEit Transfer vulnerability patched recently, have started.

The post Exploitation Attempts Target New MOVEit Transfer Vulnerability appeared first on SecurityWeek.

McLean, United States of America, 26th June 2024, CyberNewsWire

The post FireTail Unveils Free Access for All to Cutting-Edge API Security Platform appeared first on Security Boulevard.

Red Teaming security assessments aim to demonstrate to clients how attackers in the real world might link together various exploits and attack methods to reach their objectives.

The post Stepping Into the Attacker’s Shoes: The Strategic Power of Red Teaming (Insights from the Field) appeared first on Security Boulevard.

By introducing a mobile device management (MDM) platform into the existing infrastructure, administrators gain the ability to restrict sideloading on managed devices.

The post EU Opens the App Store Gates: A Call to Arms for MDM Implementation appeared first on Security Boulevard.