Security researchers at Cisco Talos and Volexity flag two Pakistani espionage campaigns targeting Indian government entities.

The post Pakistani Threat Actors Caught Targeting Indian Gov Entities appeared first on SecurityWeek.

CISA urges federal agencies to apply mitigations for an exploited Progress Telerik vulnerability as soon as possible.

The post CISA Warns of Progress Telerik Vulnerability Exploitation appeared first on SecurityWeek.

The rise in U.S.-politics-themed scams indicates that adversarial nation states understand the significance of election years.

The post Chinese Threats Aim for Government Sector  appeared first on Security Boulevard.

Location tracking service leaks PII, because—incompetence? Seems almost TOO easy.

The post Tile/Life360 Breach: ‘Millions’ of Users’ Data at Risk appeared first on Security Boulevard.

The first quarter of 2024 painted a concerning picture of security threats for enterprise organizations: information leaks and breaches exposed sensitive data across major corporations.

The post Q1 2024: A Wake-up Call for Insider Threats appeared first on Security Boulevard.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.

The post Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation appeared first on SecurityWeek.

The Windows vulnerability carries a CVSS severity score of 9.8/10 and can be exploited by via specially crafted malicious MSMQ packets.

The post Patch Tuesday: Remote Code Execution Flaw in Microsoft Message Queuing appeared first on SecurityWeek.

Patch Tuesday: Adobe fixes critical flaws and warns of the risk of code execution attacks on Windows and macOS platforms.

The post Adobe Plugs Code Execution Holes in After Effects, Illustrator appeared first on SecurityWeek.

Not our fault, says CISO: “UNC5537” breached at least 165 Snowflake instances, including Ticketmaster, LendingTree and, allegedly, Advance Auto Parts.

The post Ticketmaster is Tip of Iceberg: 165+ Snowflake Customers Hacked appeared first on Security Boulevard.

Arm warns that CVE-2024-4610, a Mali GPU kernel driver vulnerability addressed two years ago, is exploited in attacks.

The post Arm Warns of Exploited Kernel Driver Vulnerability appeared first on SecurityWeek.

By Dina Alsalamen, VP, Head of Cyber and Information Security Department at Bank ABC  In today's interconnected digital landscape, cyber threats pose significant risks to organizations of all sizes and industries. From data breaches to ransomware attacks, the consequences of cyber incidents can be severe, including financial losses, reputational damage, and regulatory penalties. To effectively mitigate these risks and safeguard their operations, organizations must prioritize building cyber resilience. In this article, we'll explore strategies and best practices for building a cyber-resilient organization. 

Understand Your Risks 

The first step in building cyber resilience is understanding the unique risks facing your organization. Conduct a comprehensive risk assessment to identify potential threats, vulnerabilities, and their potential impact on your business operations. This assessment should encompass all aspects of your organization's IT infrastructure, including networks, systems, applications, and data assets. 

Develop a Cybersecurity Strategy 

Based on your risk assessment, develop a robust cybersecurity strategy that aligns with your organization's goals and priorities. This strategy should outline clear objectives, policies, and procedures for protecting against cyber threats. Key components of your cybersecurity strategy may include: 

• Risk Management Framework: Establish a risk management framework to systematically identify, assess, and mitigate cyber risks across your organization. 
• Security Controls: Implement a layered approach to cybersecurity by deploying a combination of preventive, detective, and responsive security controls. 
• Incident Response Plan: Develop a detailed incident response plan outlining procedures for detecting, responding to, and recovering from cyber incidents. 
• Employee Training and Awareness: Educate employees about cybersecurity best practices and raise awareness about the importance of security hygiene in everyday operations. 

Implement Security Controls 

Deploy a range of security controls to protect your organization's digital assets from cyber threats. These controls may include: 

• Firewalls and Intrusion Detection Systems: Implement firewalls and intrusion detection systems to monitor and control network traffic, identifying and blocking malicious activities. 
• Endpoint Protection: Install endpoint protection solutions, such as antivirus software and endpoint detection and response (EDR) tools, to defend against malware and other malicious threats targeting end-user devices. 
• Data Encryption: Encrypt sensitive data both at rest and in transit to prevent unauthorized access and protect confidentiality. 

• Multi-Factor Authentication (MFA): Enable MFA for accessing critical systems and applications, adding an extra layer of security beyond passwords. 

Continuously Monitor and Assess 

Cyber threats are constantly evolving, so it's essential to continuously monitor your organization's security posture and assess for vulnerabilities. Implement threat detection tools and security monitoring systems to detect and respond to suspicious activities in real-time.  Conduct regular security assessments, including penetration testing and vulnerability scanning, to identify weaknesses and address them proactively. 

Foster a Culture of Cyber Resilience 

Building a cyber-resilient organization requires a collective effort from all stakeholders, from top management to frontline employees. Foster a culture of cyber resilience by promoting collaboration, accountability, and a shared responsibility for cybersecurity across the organization. Encourage open communication channels for reporting security incidents and provide support and resources for ongoing training and skill development. 

Conclusion 

Building a cyber-resilient organization is an ongoing process that requires proactive planning, investment, and commitment from leadership and employees alike. By understanding your risks, developing a comprehensive cybersecurity strategy, implementing robust security controls, continuously monitoring and assessing your security posture, and fostering a culture of cyber resilience, you can strengthen your organization's ability to withstand and recover from cyber threats, ensuring the continuity of your business operations in an increasingly digital world. Disclaimer: The views and opinions expressed in this guest post are solely those of the author(s) and do not necessarily reflect the official policy or position of The Cyber Express. Any content provided by the author is of their opinion and is not intended to malign any religion, ethnic group, club, organization, company, individual, or anyone or anything.

Akamai warns that a Chinese threat actor is exploiting years-old remote code execution vulnerabilities in ThinkPHP in new attacks.

The post Chinese Hackers Exploit Old ThinkPHP Vulnerabilities in New Attacks appeared first on SecurityWeek.

It remembers everything you do on your PC. Security experts are raging at Redmond to recall Recall.

The post Microsoft Recall is a Privacy Disaster appeared first on Security Boulevard.

Google and Microsoft warn of elevated risks of cyber threats facing the 2024 Paris Olympics, especially from Russian threat actors.

The post Google, Microsoft: Russian Threat Actors Pose High Risk to 2024 Paris Olympics appeared first on SecurityWeek.

Multiple Chinese state-sponsored groups have targeted a Southeast Asian government in a years-long cyberespionage campaign.

The post Multiple Chinese APTs Targeted Southeast Asian Government for Two Years appeared first on SecurityWeek.

A recent revelation in the cybersecurity realm uncovers a concerning development dubbed GHOSTENGINE, a cryptojacking campaign employing a sophisticated method to bypass security measures. In this blog, we’ll look at the GHOSTENGINE exploit in detail, shedding light on its modus operandi and implications for digital security.   Understanding The GHOSTENGINE Exploit Cybersecurity researchers have unearthed […]

The post GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack appeared first on TuxCare.

The post GHOSTENGINE Exploit: Vulnerable Drivers Facing Attack appeared first on Security Boulevard.

Train people. It makes a difference. In organizations without security awareness training, 34% of employees are likely to click on malicious links or comply with fraudulent requests.

The post Cybersecurity Training Reduces Phishing Threats – With Numbers to Prove It appeared first on Security Boulevard.

Attention Apache Flink users! The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added an Apache Flink vulnerability to its Known Exploited Vulnerabilities Catalog, highlighting evidence of its active exploitation. Apache Flink is a popular open-source framework for processing large streams of data. It’s widely used in big data analytics and real-time applications. However, like […]

The post CISA Alert: Urgent Update Needed for Apache Flink Vulnerability appeared first on TuxCare.

The post CISA Alert: Urgent Update Needed for Apache Flink Vulnerability appeared first on Security Boulevard.

Cybersecurity researchers are demonstrating how malware could steal data collected by the new Windows Recall feature.

The post Researchers Show How Malware Could Steal Windows Recall Data appeared first on SecurityWeek.

Snowflake, Inc. says NO, threatening legal action against those who say it was. But reports are coming in of several more massive leaks from other Snowflake customers.

The post Was the Ticketmaster Leak Snowflake’s Fault? appeared first on Security Boulevard.

CISA has added an old Oracle WebLogic flaw tracked as CVE-2017-3506 to its known exploited vulnerabilities catalog.

The post CISA Warns of Attacks Exploiting Old Oracle WebLogic Vulnerability appeared first on SecurityWeek.

Law enforcement reveals the identities of eight cybercriminals linked to recently disrupted malware loaders.

The post Identities of Cybercriminals Linked to Malware Loaders Revealed appeared first on SecurityWeek.

PoC code targeting a recent Check Point VPN zero-day has been released as Censys identifies 14,000 internet-accessible appliances.

The post PoC Published for Exploited Check Point VPN Vulnerability appeared first on SecurityWeek.

The post Risk vs. Threat vs. Vulnerability: What is the difference? appeared first on Click Armor.

The post Risk vs. Threat vs. Vulnerability: What is the difference? appeared first on Security Boulevard.

Over 600,000 SOHO routers belonging to a single ISP and infected with the Chalubo trojan were rendered inoperable.

The post Mysterious Threat Actor Used Chalubo Malware to Brick 600,000 Routers appeared first on SecurityWeek.

Malicious campaign exploits high-severity XSS flaws in three WordPress plugins to backdoor websites.

The post Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors appeared first on SecurityWeek.

The TrickBot botnet and other malware droppers have been targeted by international law enforcement in Operation Endgame.

The post TrickBot and Other Malware Droppers Disrupted by Law Enforcement appeared first on SecurityWeek.

Okta raises the alarm on credential stuffing attacks targeting endpoints used for cross-origin authentication.

The post Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication appeared first on SecurityWeek.

The US announced that the 911 S5 (Cloud Router) botnet, likely the world’s largest, has been dismantled and its administrator arrested.

The post Massive 911 S5 Botnet Dismantled, Chinese Mastermind Arrested appeared first on SecurityWeek.

The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords.

The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek.

Source: securityboulevard.com – Author: Rohan Timalsina On May 2, 2024, the City of Helsinki announced the data breach targeting its Education Division. However, the breach was discovered on April 30, 2024, and an investigation was promptly carried out. It was found that it has impacted tens of thousands of students, guardians, and personnel, causing considerable […]

La entrada City of Helsinki Data Breach: What You Need to Know – Source: securityboulevard.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securelist.com – Author: CFR team Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we’ve seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are forever inventing new schemes for stealing personal data and […]

La entrada Message board scams – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Source: securelist.com – Author: Kaspersky ICS CERT Global statistics Statistics across all threats In the first quarter of 2024, the percentage of ICS computers on which malicious objects were blocked decreased by 0.3 pp from the previous quarter to 24.4%. Compared to the first quarter of 2023, the percentage decreased by 1.3 pp. Percentage of ICS […]

La entrada Threat landscape for industrial automation systems, Q1 2024 – Source: securelist.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Views: 0Source: www.securityweek.com – Author: Ionut Arghire Thousands of computers are at risk of complete takeover after hackers added a backdoor to the installer for the Justice AV Solutions (JAVS) Viewer software, Rapid7 warned in an advisory. According to Rapid7, the hackers injected a backdoor in the JAVS Viewer v8.3.7 installer that is being distributed […]

La entrada JAVS Courtroom Audio-Visual Software Installer Serves Backdoor – Source: www.securityweek.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

Backdoored JAVS courtroom recording and management software installer puts thousands at risk of complete takeover.

The post JAVS Courtroom Audio-Visual Software Installer Serves Backdoor appeared first on SecurityWeek.

The Antidot Android banking trojan snoops on users and steals their credentials, contacts, and SMS messages.

The post New ‘Antidot’ Android Trojan Allows Cybercriminals to Hack Devices, Steal Data appeared first on SecurityWeek.

The Black Basta group abuses remote connection tool Quick Assist in vishing attacks leading to ransomware deployment.

The post Microsoft Quick Assist Tool Abused for Ransomware Delivery appeared first on SecurityWeek.

Russian-speaking threat actors are caught abusing a GitHub profile to distribute information stealers posing as legitimate software.

The post Threat Actors Abuse GitHub to Distribute Multiple Information Stealers appeared first on SecurityWeek.

The Ebury Linux botnet has ensnared over 400,000 Linux systems in 15 years, with roughly 100,000 still infected.

The post 400,000 Linux Servers Hit by Ebury Botnet  appeared first on SecurityWeek.

Patch Tuesday: Microsoft documents 60 security flaws in multiple software products and flags an actively exploited Windows zero-day for urgent attention.

The post Microsoft Warns of Active Zero-Day Exploitation, Patches 60 Windows Vulnerabilities appeared first on SecurityWeek.

Adobe documents multiple code execution flaws in a wide range of products, including the widely deployed Adobe Acrobat and Reader software.

The post Adobe Patches Critical Flaws in Reader, Acrobat appeared first on SecurityWeek.

The Change Healthcare ransomware attack has taken a third cruel twist. A new ransomware group, RansomHub, has listed the organisation as a victim on its dark web leak site, saying it has 4 TB of “highly selective data,” which relates to “all Change Health clients that have sensitive data being processed by the company.”

The announcement follows a series of events that require some unpacking.

Change Healthcare is one of the largest healthcare technology companies in the USA, responsible for the flow of payments between payers, providers, and patients. It was attacked on Wednesday February 21, 2024, by a criminal “affiliate” working with the ALPHV ransomware group, which led to huge disruptions in healthcare payments. Patients were left facing enormous pharmacy bills, small medical providers teetered on the edge of insolvency, and the government scrambled to keep the money flowing and the lights on.

American Hospital Association (AHA) President and CEO Rick Pollack described the attack as “the most significant and consequential incident of its kind against the US health care system in history.”

The notorious ALPHV ransomware group claimed responsibility, chalking up Change Healthcare as one of a raft of healthcare victims in what looked like a deliberate campaign against the sector at the start of 2024.

ALPHV used the ransomware-as-a-service (RaaS) business model, selling the software and infrastructure used to carry out ransomware attacks to criminal gangs known as affiliates, in return for a share of the ransoms they extorted.

On March 3, a user on the RAMP dark web forum claimed they were the affiliate behind the attack, and that ALPHV had stolen the entirety of a $22 million ransom paid by Change Healthcare. Shortly after, the ALPHV group disappeared in an unconvincing exit scam designed to make it look as if the group’s website had been seized by the FBI.

ALPHV’s exit left Change Healthcare with nothing to show for its $22 million payment, a disgruntled affiliate looking for a ransom, and very possibly two different criminal gangs—ALPHV and its affiliate—in possession of a huge trove of stolen data.

Now, a month later, a newcomer ransomware group, RansomHub has listed Change Healthcare as a victim on its website.

While some have speculated that Change Healthcare has suffered a second attack, the RansomHub site itself makes the connection to the events surrounding February 21 quite clear:

As an introduction we will give everyone a fast update on what happened previously and on the current situation.

ALPHV stole the ransom payment (22 Million USD) that Change Healthcare and United Health payed in order to restore their systems and prevent the data leak.

HOWEVER we have the data and not ALPHV.

RansomHub first appeared in late February and its arrival dovetails neatly with ALPHV’s disappearance in very early March, leading some to think they are the same group under two different names.

The statement also pours water on the idea that RansomHub is a rebrand of the ALPHV group with its suggestion that “we have the data and not ALPHV.” However, any public statement like this has to be tempered by the fact that ransomware groups are prolific liars.

It’s not uncommon for affiliates to work with multiple RaaS providers, so the most likely explanation is that having lost its money to ALPHV, the affiliate that ransacked Change Healthcare has paired up with a different ransomware group.

Whatever the reason, there is no comfort in it for Change Healthcare. Having apparently already paid a ransom thirty times greater than the average demand, it now has to decide whether it’s going to pay out again.

For everyone else, it’s a lesson in how devastating ransomware can be, and how badly things can go even when you pay a ransom.

How to avoid ransomware

• Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
• Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
• Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
• Stop malicious encryption. Deploy Endpoint Detection and Response software like ThreatDown EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
• Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
• Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.

---

Our business solutions remove all remnants of ransomware and prevent you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.