RBI has issued comprehensive master directions and guidelines for banks and non-banking financial corporations to identify and address operational risks and weaknesses. These guidelines are based on recommendations from working groups focused on information security, e-banking, governance, and cyber fraud. The primary motivation behind these directives is the growing need to mitigate cyber threats arising […]

The post What is an IS (RBI) Audit? appeared first on Kratikal Blogs.

The post What is an IS (RBI) Audit? appeared first on Security Boulevard.

In “Living off the Land attacks,” adversaries use USB devices to infiltrate industrial control systems. Cyberthreats from silent residency attacks put critical infrastructure facilities at risk.

The post A Major Industrial Cybersecurity Threat: Living off the Land Attacks appeared first on Security Boulevard.

Daft name, serious risk: Kit from ActionTec and Sagemcom remotely ruined and required replacement.

The post ‘Pumpkin Eclipse’ — 600,000+ Rural ISP Routers Bricked Beyond Repair appeared first on Security Boulevard.

In today’s data-driven world, protecting personal information is of greater significance. The International Organisation for Standardisation (ISO) has developed ISO 27701, a comprehensive Privacy Information Management System (PIMS) standard aimed at improving privacy management within organizations. This blog will look at the specifics of ISO 27701 PIMS, its significance, and how it may help organizations […]

The post What is ISO 27701 PIMS? appeared first on Kratikal Blogs.

The post What is ISO 27701 PIMS? appeared first on Security Boulevard.

What we know so far: A Ticketmaster AWS instance was penetrated by unknown perpetrators; “ShinyHunters” is selling stolen data on their behalf. Don’t forget to add the hidden 5% fee to the ransom.

The post Ticketmaster Hack Ticks Off 560M Customers in 1.3TB Breach appeared first on Security Boulevard.

Seven Russian and Belarusian-speaking independent journalists and opposition activists based in Europe were targeted or infected with NSO Group’s proprietary Pegasus spyware. A joint investigation by Citizen Lab and Access Now detailed incidents from August 2020 to January 2023 and concluded that a single NSO Group customer might be responsible for at least five of these cases.

Threats Against Critics of Russian and Belarusian Regimes

In September 2023, Citizen Lab and Access Now reported the hacking of exiled Russian journalist Galina Timchenko, CEO and publisher of Meduza, with Pegasus spyware. Building on these findings, the investigation, in collaboration with digital security expert Nikolai Kvantiliani, now reveals the targeting of seven additional Russian and Belarusian-speaking civil society members and journalists. Many of these individuals, living in exile, have vocally criticized the Russian government, including its invasion of Ukraine, and have faced severe threats from Russian and Belarusian state security services. Critics of the Russian and Belarusian governments typically face intense retaliation, including surveillance, detention, violence, and hacking. The repression has escalated following Russia’s 2022 invasion of Ukraine, with laws severely curtailing the operations of media and civil society organizations. An example of this is the Russian government designating the Munk School of Global Affairs & Public Policy at the University of Toronto, home to the Citizen Lab, as an “Undesirable Organization,” in March 2024. Many opposition activists and independent media groups have relocated abroad to continue their work. Despite the geographic distance, these exiled communities face ongoing threats, including violent attacks, surveillance, and digital risks. For instance, Meduza reported a significant Distributed Denial of Service (DDoS) attack on their website during Russia’s 2024 presidential elections.

Investigation Confirmed Pegasus Spyware Targeting

The investigation confirmed that the following individuals were targeted or infected with Pegasus spyware. Their names are published with their consent. [caption id="attachment_73182" align="aligncenter" width="1532"] Table Showing Individuals Identified in the Latest Pegasus Spyware Infections (Credit: Citizen Lab)[/caption] Access Now and Citizen Lab confirmed that five victims' phones had Apple IDs used by Pegasus operators in hacking attempts. Exploits leveraging bugs in HomeKit can leave the attacker's Apple ID email address on the victim's device. Citizen Lab believes each Apple ID is tied to a single Pegasus operator, although one operator may use multiple IDs. The same Apple ID was found on the phones of Pavlov, Radzina, and a second anonymous victim. A different email account targeted both Erlikh and Pavlov’s phones on November 28, 2022. Artifacts from Andrei Sannikov and Natallia Radzina’s phones contained another identical email. This indicates that a single Pegasus spyware operator may have targeted at least three of the victims, possibly all five. [caption id="attachment_73184" align="aligncenter" width="1024"] Credit: Citizen Lab[/caption] The investigators could not attribute the attacks to a specific operator but certain trends pointed to Estonia’s involvement. Based on previous investigation, Poland, Russia, Belarus, Lithuania, and Latvia are all known to be customers of the NSO Group’s spyware, but the likeliness of their involvement is low as they do not target victims outside their borders, the investigators said. Estonia, however, is known to use Pegasus extensively beyond its borders, including in multiple European countries.

Concerns Over Digital Transnational Repression

This pattern of targeting raises serious concerns about the legality and proportionality of such actions under international human rights law. The attacks occurred in Europe, where the targeted individuals sought safety, prompting questions about host states’ obligations to prevent and respond to these human rights violations. The ongoing investigation highlights the persistent threats faced by exiled Russian and Belarusian journalists and activists. As digital transnational repression continues, it underscores the urgent need for robust international measures to protect freedom of expression and privacy for these vulnerable groups.

“Access Now [urged] governments to establish an immediate moratorium on the export, sale, transfer, servicing, and use of targeted digital surveillance technologies until rigorous human rights safeguards are put in place to regulate such practices, and to ban the use of spyware technologies such as Pegasus that have a history of enabling human rights abuses.”

Apple recently issued notifications to users in more than 90 countries alerting them of possible mercenary spyware attacks. The tech giant replaced the term "state-sponsored" in its alerts with "mercenary spyware attacks," drawing global attention. Previously, Apple used "state-sponsored" for malware threats, but now it highlights threats from hacker groups. Apple noted that while these attacks were historically linked to state actors and private entities like the NSO Group’s Pegasus, the new term covers a broader range of threats.

In a joint international law enforcement action dubbed “Operation Endgame,” the agencies and judicial authorities dismantled major botnet infrastructure, targeting notorious malware droppers like IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee and TrickBot. In a Thursday announcement Europol said that between May 27 and 29, Operation Endgame led to four arrests and the takedown of over 100 servers worldwide.

“This is the largest ever operation against botnets, which play a major role in the deployment of ransomware,” Europol said.

Botnets are used for different types of cybercrime including ransomware, identity theft, credit card scams, and several other financial crimes. “The dismantled botnets consisted of millions of infected computer systems,” a joint press statement from the Operation Endgame team said. Led by France, Germany, and the Netherlands, and supported by Eurojust, the operation involved countries including Denmark, the United Kingdom, the United States, Armenia, Bulgaria, Lithuania, Portugal, Romania, Switzerland, and Ukraine. Operation Endgame resulted in:

• 4 arrests - 1 in Armenia and 3 in Ukraine.
• 16 location searches - 1 in Armenia, 1 in the Netherlands, 3 in Portugal, and 11 in Ukraine.
• Over 100 servers dismantled or disrupted in countries such as Bulgaria, Canada, Germany, Lithuania, the Netherlands, Romania, Switzerland, the UK, the US, and Ukraine.
• Over 2,000 domains seized and brought under law enforcement control.
• 8 summons were also served against other suspects.

Targeting the Cybercrime Infrastructure

Operation Endgame focused on high-value targets, their criminal infrastructure behind various malware and the freezing of illicit proceeds. “The malware, whose infrastructure was taken down during the action days, facilitated attacks with ransomware and other malicious software,” according to Europol. One primary suspect, the Europol said, earned at least €69 million in cryptocurrency by renting out sites for ransomware deployment. Authorities are closely monitoring these transactions and have secured permissions to seize the assets. The infrastructure and financial seizures had a global impact on the dropper ecosystem, the authorities believe.

Key Dropper Malware Dismantled in Operation Endgame

- SystemBC: Facilitated anonymous communication between infected systems and command-and-control servers. - Bumblebee: Delivered via phishing campaigns or compromised websites, enabling further payload execution. - Smokeloader: Used primarily to download and install additional malicious software. - IcedID (BokBot): Evolved from a banking trojan to a multi-purpose tool for various cybercrimes. - Pikabot: Enabled ransomware deployment, remote takeovers, and data theft through initial system access.

“All of them are now being used to deploy ransomware and are seen as the main threat in the infection chain,” Europol said.

[caption id="attachment_72953" align="aligncenter" width="1920"] Operation Endgame seizure notice (Credit: Europol)[/caption]

The Role of Dropper Malware in Cyberattacks

Droppers are essential tools in cyberattacks, acting as the initial vector to bypass security and install harmful software such as ransomware and spyware. They facilitate further malicious activities by enabling the deployment of additional malware on compromised systems.

How Droppers Operate

1. Infiltration: Enter systems through email attachments, compromised websites, or bundled with legitimate software.
2. Execution: Install additional malware on the victim's computer without the user's knowledge.
3. Evasion: Avoid detection by security software through methods like code obfuscation and running in memory.
4. Payload Delivery: Deploy additional malware, potentially becoming inactive or removing itself to evade detection.

The success of the operation was bolstered by private partners such as Bitdefender, Sekoia, Shadowserver, Proofpoint, and Fox-IT, among others. Their support was crucial in disrupting the criminal networks and infrastructure, the authorities said.

Wait for Operation Endgame Season 2

Operation Endgame signifies a major victory, but this is not really the end of it. Taking cue from the Marvel cinematic movie ‘Avengers – Endgame,’ the law enforcement is set to to release a part two of this operation in a few hours from now as they said their efforts continue.

“This is Season 1 of operation Endgame. Stay tuned. It sure will be exciting. Maybe not for everyone though. Some results can be found here, others will come to you in different and unexpected ways,” the authorities said.

“Feel free to get in touch, you might need us. Surely, we could both benefit from an openhearted dialogue. You would not be the first one, nor will you be the last. Think about (y)our next move.” Future actions will be announced on the Operation Endgame website, possibly targeting suspects and users, and ensuring accountability. The news of this massive botnet takedown operation comes a day after the announcement of the dismantling of “likely the world’s largest botnet ever” – the 911 S5 botnet. The botnet’s alleged administrator Yunhe Wang, was arrested last week and a subsequent seizure of infrastructure and assets was announced by the FBI. The recent law enforcement actions represent a historic milestone in combating cybercrime, dealing a significant blow to the dropper malware ecosystem that supports ransomware and other malicious activities. The operation's success underscores the importance of international cooperation and the need for robust cybersecurity measures to tackle evolving threats.

The FBI, in collaboration with international partners, has successfully dismantled the 911 S5 botnet's massive network that infected over 19 million IP addresses across 200 countries and facilitated several cybercriminal activities, including cyberattacks, financial frauds, identity theft, and child exploitation. In addition to the infrastructural takedown of the 911 S5 botnet, Chinese national YunHe Wang, the alleged administrator of the botnet, was also arrested on May 24, U.S. Attorney General Merrick Garland said in a Wednesday press briefing.

“Working with our international partners, the FBI conducted a joint, sequenced cyber operation to dismantle the 911 S5 Botnet—likely the world’s largest botnet ever,” said FBI Director Christopher Wray.

“We arrested its administrator, Yunhe Wang, seized infrastructure and assets, and levied sanctions against Wang and his co-conspirators,” Wray added. Wang and two of his associates, along with three Thailand-based businesses linked to the botnet, were sanctioned by the U.S. Treasury Department on Tuesday. Wang faces up to 65 years in prison on charges that include computer fraud, wire fraud, and money laundering.

911 S5 Botnet Operations

Beginning in 2014, Wang allegedly developed and distributed malware that compromised millions of Windows operating systems worldwide, including over 600,000 IP addresses in the U.S. Wang allegedly spread malware through malicious VPN programs like MaskVPN and DewVPN, as well as through pirated software bundled with malware. Wang managed and controlled approximately 150 dedicated servers worldwide.

“Using the dedicated servers, Wang was able to deploy and manage applications, command and control the infected devices, operate his 911 S5 service and provide to paying customers access to the proxied IP addresses associated with the infected devices,” Wang's indictment said.

The residential proxy service that Wang developed and operated allowed subscribers to access the more than 19 million compromised IP addresses, which helped them mask their online activities. This service generated approximately $99 million for Wang. The 911 S5 botnet facilitated a range of cybercrimes, including cyberattacks, large-scale fraud, child exploitation, harassment, bomb threats, and export violations, Garland said. One such example is that of customers using the botnet's services for fraudulently filing 560,000 unemployment insurance claims that resulted in a confirmed loss of $5.9 billion from federal pandemic relief programs. In another instance, the 911 S5 botnet customers used the service to file more than 47,000 Economic Injury Disaster Loan applications, which again resulted in the loss of millions of dollars.

Infrastructure and Assets Seized

Authorities seized 23 internet domains and more than 70 servers, which formed the core of the 911 S5 botnet and its successor services. This action effectively shut down the botnet and prevented Wang from reconstituting the service under a new name, Clourouter.io. The U.S. Department of Justice emphasized that this seizure closed existing malicious backdoors used by the botnet. Wang allegedly used the proceeds from the botnet to purchase properties across the globe, including the U.S., China, Singapore, Thailand, the United Arab Emirates, and St. Kitts and Nevis, where he also holds a citizenship. Authorities have moved to forfeit his assets, which include 21 properties and a collection of luxury cars such as a Ferrari F8, several BMWs, and a Rolls Royce.

Investigation Triggered by Ecommerce Incident

The investigation into the 911 S5 botnet was initiated following a probe into more than 2,000 fraudulent orders placed with stolen credit cards on ShopMyExchange, an e-commerce platform linked to the Army and Air Force Exchange Service. The perpetrators in Ghana and the U.S. were found to be using IP addresses acquired from 911 S5.

“Although approximately 2,525 fraudulent orders valued at $5.5 million were submitted, credit card fraud detection systems and federal investigators were able to thwart the bulk of the attempted purchases, reducing the actual loss to approximately $254,000,“ the Justice Department said.

The latest takedown is part of a broader effort of the Justice Department to combat nation-state hacking and international cybercrime. At the beginning of the year, the Justice Department dismantled botnets linked to the China-affiliated hacking group Volt Typhoon, followed by the disruption of botnet controlled by the Russian APT28 group associated with the Russian military intelligence, the GRU. Google-owned cybersecurity firm Mandiant also warned last week that Chinese state hackers are increasingly using vast proxy server networks, built from compromised online devices and virtual private servers, to evade detection during their cyberespionage campaigns. Garland highlighted the global collaboration in this operation, underscoring the Justice Department's commitment to disrupting cybercrime networks that pose a significant threat to individuals and national security. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The funding cutbacks announced in February have continued to hobble NIST’s ability to keep the government’s National Vulnerabilities Database (NVD) up to date, with one cybersecurity company finding that more than 93% of the flaws added have not been analyzed or enhanced, a problem that will make organizations less safe. “With the recent slowdown of..

The post NIST Struggles with NVD Backlog as 93% of Flaws Remain Unanalyzed appeared first on Security Boulevard.

The U.S. Treasury Department sanctioned three Chinese nationals on Tuesday for their alleged involvement in operating the 911 S5 proxy botnet widely used for fraudulent activities, including credit card theft and Coronavirus Aid, Relief, and Economic Security program frauds. The sanctions are aimed at curbing the operations linked to the botnet, which caused major financial losses amounting to "billions" of dollars to the U.S. government.

The Rise and Demise of 911 S5 Botnet

The botnet in question played a critical role in executing numerous fraudulent schemes through stolen residential IP addresses.

"The 911 S5 botnet compromised approximately 19 million IP addresses and facilitated the submission of tens of thousands of fraudulent applications related to the Coronavirus Aid, Relief, and Economic Security Act programs by its users, resulting in the loss of billions of dollars to the U.S. government."

911 S5 is a residential proxy botnet that allows its paying users, often cybercriminals, to select the IP addresses they can use to connect to the internet using intermediary, internet-connected computers that have been compromised without the computer owners’ knowledge. 911 S5 essentially enables cybercriminals to conceal their originating location, effectively defeating fraud detection systems, the U.S. Treasury explained. The 911 S5 botnet was also implicated in a series of bomb threats made in July 2022, according to the Treasury. Investigators found links of IP addresses within the proxy botnet network being used in this incident. The network was connected to 911 S5, a residential proxy service that allowed users to mask their IP addresses by routing their web activity through compromised devices. The 911 S5 service went offline in July 2022, following a purported hacking incident that damaged essential data. The disruption was reported by independent journalist Brian Krebs. Despite its shutdown, the impacts of its previous operations continued to reverberate, leading to the current sanctions.

The Individuals and Businesses Sanctioned

The sanctioned individuals include Yunhe Wang, allegedly the administrator of the botnet; Jingping Liu, accused of laundering proceeds for Wang; and Yanni Zheng, who reportedly acted as power of attorney for Wang and facilitated business transactions on his behalf through the company Spicy Code Company Limited. The men are believed to reside in Singapore and Thailand, countries that were acknowledged as partners in the sanctions announcement. Three businesses registered in Thailand were also sanctioned for their connections to Wang. These sanctions require that any property and interests owned by the three men within the U.S. be reported to the Treasury, and prohibit U.S. citizens or residents from engaging in business with them. Only these three individuals and the businesses implicated in their fraudulent schemes were sanctioned by the Treasury, but no indictments or legal actions were revealed by the U.S. Department of Justice (DOJ), as is the case in many other instances.

Broader Ongoing Cybersecurity Concerns

The sanctions against these individuals are part of a broader effort by the U.S. government to address cybersecurity threats linked to state-sponsored hacking groups. Google-owned cybersecurity firm Mandiant warned last week that Chinese state hackers are increasingly using vast proxy server networks, built from compromised online devices and virtual private servers, to evade detection during their cyberespionage campaigns. In January, the DOJ announced the takedown of a botnet associated with Volt Typhoon, a hacking group with ties to the Chinese government. This group was known for infecting home and office routers with malware to obscure its hacking activities. The concerted actions by U.S. authorities and private defenders highlight the ongoing challenges and complexities in combating cybercrime and protecting critical financial and infrastructural systems from sophisticated malicious actors. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Scammers impersonating Microsoft, Publishers Clearing House, Amazon and Apple are at the top of the FTC’s “who’s who” list. Based on consumer reports and complaints to the agency, hundreds of millions of dollars were stolen by bad actors pretending to be brands.

The post ‘Microsoft’ Scammers Steal the Most, the FTC Says appeared first on Security Boulevard.

As threats increase in sophistication—in many cases powered by GenAI itself—GenAI will play a growing role in combatting them.

The post The Rise of Generative AI is Transforming Threat Intelligence – Five Trends to Watch appeared first on Security Boulevard.

Exclusive: Johnston Busingye formally appointed days after UK agreed Rwanda asylum deal with Paul Kagame in 2022

Rwanda’s top diplomat in the UK oversaw the use of the international justice system to target opponents of the country’s rulers around the world, the Guardian can reveal.

New details of the Rwandan government’s suppression of opposition beyond its borders add to concerns about the regime at the heart of Rishi Sunak’s asylum policy.

Continue reading...

💾

© Photograph: Leon Neal/Getty Images

💾

© Photograph: Leon Neal/Getty Images

OpenAI announced a new safety and security committee as it begins training a new AI model intended to replace the GPT-4 system that currently powers its ChatGPT chatbot. The San Francisco-based startup announced the formation of the committee in a blog post on Tuesday, highlighting its role in advising the board on crucial safety and security decisions related to OpenAI’s projects and operations. The creation of the committee comes amid ongoing debates about AI safety at OpenAI. The company faced scrutiny after Jan Leike, a researcher, resigned, criticizing OpenAI for prioritizing product development over safety. Following this, co-founder and chief scientist Ilya Sutskever also resigned, leading to the disbandment of the "superalignment" team that he and Leike co-led, which was focused on addressing AI risks. Despite these controversies, OpenAI emphasized that its AI models are industry leaders in both capability and safety. The company expressed openness to robust debate during this critical period.

OpenAI's Safety and Security Committee Composition and Responsibilities

The safety committee comprises company insiders, including OpenAI CEO Sam Altman, Chairman Bret Taylor, and four OpenAI technical and policy experts. It also features board members Adam D’Angelo, CEO of Quora, and Nicole Seligman, a former general counsel for Sony.

"A first task of the Safety and Security Committee will be to evaluate and further develop OpenAI’s processes and safeguards over the next 90 days." 

The committee's initial task is to evaluate and further develop OpenAI’s existing processes and safeguards. They are expected to make recommendations to the board within 90 days. OpenAI has committed to publicly releasing the recommendations it adopts in a manner that aligns with safety and security considerations. The establishment of the safety and security committee is a significant step by OpenAI to address concerns about AI safety and maintain its leadership in AI innovation. By integrating a diverse group of experts and stakeholders into the decision-making process, OpenAI aims to ensure that safety and security remain paramount as it continues to develop cutting-edge AI technologies.

Development of the New AI Model

OpenAI also announced that it has recently started training a new AI model, described as a "frontier model." These frontier models represent the most advanced AI systems, capable of generating text, images, video, and human-like conversations based on extensive datasets. The company also recently launched its newest flagship model GPT-4o ('o' stands for omni), which is a multilingual, multimodal generative pre-trained transformer designed by OpenAI. It was announced by OpenAI CTO Mira Murati during a live-streamed demo on May 13 and released the same day. GPT-4o is free, but with a usage limit that is five times higher for ChatGPT Plus subscribers. GPT-4o has a context window supporting up to 128,000 tokens, which helps it maintain coherence over longer conversations or documents, making it suitable for detailed analysis. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A U.S. Cyber Force moved a step closer to reality this week after the House Armed Services Committee approved language authorizing a National Academy of Sciences (NAS) study of the issue. The amendment, proposed by Rep. Morgan Luttrell (R-TX), was included in the committee’s markup of the fiscal 2025 defense bill, which now goes to the full House for a vote. The amendment – which can be found as log 4401 in the Chairman’s En Bloc – gives the Defense Department 60 days after enactment to engage the Academy, which then has 270 days to submit the report to Congress, so the U.S. is unlikely to get the new armed services branch before fiscal 2027 at the earliest, if it happens at all. But as Sen. Kirsten Gillibrand (D-NY) unsuccessfully pushed a similar measure last year, the study appears to have a better chance of approval this year.

CYBERCOM Under Siege

Cyber defense has been under the U.S. Cyber Command, or CYBERCOM, since 2010. CYBERCOM brings together personnel from the separate service branches, but that arrangement has come under increasing scrutiny as an inadequate solution to a growing global threat. A 2022 GAO study noted problems with cyber training, staffing and retention across the service branches, and a Foundation for Defense of Democracies (FDD) study in March of this year detailed problems with the lack of a singular approach to cyber defense.   “The inefficient division of labor between the Army, Navy, Air Force, and Marine Corps prevents the generation of a cyber force ready to carry out its mission,” the FDD report said.

“Recruitment suffers because cyber operations are not a top priority for any of the services, and incentives for new recruits vary wildly. The services do not coordinate to ensure that trainees acquire a consistent set of skills or that their skills correspond to the roles they will ultimately fulfill at CYBERCOM.”

Promotion systems often hold back skilled cyber personnel because the systems were designed to evaluate service members who operate on land, at sea, or in the air, not in cyberspace. Retention rates for qualified personnel are low because of inconsistent policies, institutional cultures that do not value cyber expertise, and insufficient opportunities for advanced training. “Resolving these issues requires the creation of a new independent armed service – a U.S. Cyber Force – alongside the Army, Navy, Air Force, Marine Corps, and Space Force.” The FDD report concluded, “America’s cyber force generation system is clearly broken. Fixing it demands nothing less than the establishment of an independent cyber service.”

CYBERCOM Retools for the Future

CYBERCOM, which was elevated to a unified command in 2018, is taking its own steps to address the growing cyber warfare threat. In testimony last month before the Senate Armed Services Committee, Air Force General Timothy D. Haugh, who serves as CYBERCOM’s commander and director of the NSA, noted some of the ways CYBERCOM is addressing those challenges. “CYBERCOM 2.0” is an initiative under way “to develop a bold set of options to present to the Secretary of Defense on the future of USCYBERCOM and DoD cyber forces,” Haugh told the committee. “To maximize capacity, capability, and agility, we are addressing readiness and future force generation.” Enhanced Budgetary Control (EBC) authority granted by Congress gave more than $2 billion in DoD budget authority to CYBERCOM for the current fiscal year, and “streamlines how we engage the Department’s processes,” Haugh said. “EBC is already paying dividends in the form of tighter alignments between authorities, responsibility, and accountability in cyberspace operations. Greater accountability, in turn, facilitates faster development and fielding of capabilities.” It remains to be seen whether the U.S. will get a seventh military service branch – after the Army, Navy, Marine Corps, Air Force, Coast Guard, and Space Force – or if current initiatives will be enough to address cyber defense challenges. But it seems likely that the issue will get a lot more scrutiny before it’s settled. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Inglorious Basta(rds): 16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk.

The post Black Basta Ascension Attack Redux — can Patients Die of Ransomware? appeared first on Security Boulevard.

Privacy FAIL: Apple location service returns far more data than it should, to people who have no business knowing it, without your permission.

The post Apple API Allows Wi-Fi AP Location Tracking appeared first on Security Boulevard.

After years of false starts, the US is edging closer to a federal data privacy law. In a surprise move, two lawmakers last month introduced a bipartisan, bicameral piece of legislation described as “the best opportunity we've had in decades” to finally enshrine a national privacy and security standard into law.

The post What America’s Federal Privacy Bill Means for Data Protection appeared first on Security Boulevard.

The U.S. Securities and Exchange Commission (SEC) announced today that a major player in the U.S. financial system has agreed to pay a $10 million penalty for failing to timely report an April 2021 VPN breach. The Intercontinental Exchange Inc. (ICE), which owns the New York Stock Exchange (NYSE) and a number of other major financial interests, will pay the penalty to settle charges that it “caused the failure of nine wholly-owned subsidiaries, including the New York Stock Exchange, to timely inform the SEC of a cyber intrusion as required by Regulation Systems Compliance and Integrity (Regulation SCI),” the agency said in a press release. The SEC found out about the ICE breach after contacting the company while assessing reports of similar vulnerabilities several days after the breach occurred. Regulation SCI requires immediate reporting of cybersecurity incidents and an update within 24 hours if the incident is significant. The SEC said in its order that a third party identified only as “Company A” informed ICE that it was potentially impacted by a system intrusion involving a zero-day VPN vulnerability. The following day, ICE “identified malicious code associated with the threat actor that exploited the vulnerability on one of its VPN concentrators, reasonably concluding that it was ... indeed subject to the Intrusion.” Over the next several days, ICE and its internal InfoSec team took steps to analyze and respond to the intrusion, including taking the compromised VPN device offline, forensically examining it, and reviewing user VPN sessions to identify any intrusions or data exfiltration, the SEC said. ICE also retained a cybersecurity firm to conduct a parallel forensic investigation, and also worked with the VPN device manufacturer “to confirm the integrity of ICE’s network environment.” Five days after being notified of the vulnerability, ICE InfoSec personnel concluded that the threat actor’s access was limited to the compromised VPN device. At that point – “four days after first having had a reasonable basis to conclude that unauthorized entry ... had occurred” – legal and compliance personnel at ICE’s regulated subsidiaries were finally notified of the intrusion, the SEC order said. “As a result of ICE’s failures, those subsidiaries did not properly assess the intrusion to fulfill their independent regulatory disclosure obligations under Regulation SCI,” the SEC press release said. “The reasoning behind the rule is simple: if the SEC receives multiple reports across a number of these types of entities, then it can take swift steps to protect markets and investors,” Gurbir S. Grewal, Director of the SEC’s Division of Enforcement, said in a statement. “Here, the respondents subject to Reg SCI failed to notify the SEC of the intrusion at issue as required. Rather, it was Commission staff that contacted the respondents in the process of assessing reports of similar cyber vulnerabilities.” The order and penalty reflect not only the seriousness of the violations, but also that several of them have been the subject of prior SEC enforcement actions, including for violations of Reg SCI, Grewal added. Among the ICE subsidiaries involved in the case were Archipelago Trading Services, Inc., NYSE Arca, Inc., ICE Clear Credit LLC, and the Securities Industry Automation Corporation (SIAC), all of which agreed to a cease-and-desist order in addition to ICE’s monetary penalty. VPN devices have come under increased scrutiny in recent days. The Norwegian National Cyber Security Centre issued last week an advisory to replace SSLVPN and WebVPN solutions with more secure alternatives, due to the repeated exploitation of vulnerabilities in edge network devices. The advisory followed a notice from the NCSC about a targeted attack against SSLVPN products in which attackers exploited multiple zero-day vulnerabilities in Cisco ASA VPN used to power critical infrastructure facilities. The campaign had been observed since November 2023. Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

88% of participants in the Immersive “Prompt Injection Challenge” successfully tricked a GenAI bot into divulging sensitive information.

The post Prompt Injection Threats Highlight GenAI Risks appeared first on Security Boulevard.

The difficulty of defending against the misuse of AI – and possible solutions – was the topic of a U.S. congressional hearing today. Data security and privacy officials and advocates were among those testifying before the House Committee on Homeland Security at a hearing titled, “Advancing Innovation (AI): Harnessing Artificial Intelligence to Defend and Secure the Homeland.” The committee plans to include AI in legislation that it’s drafting, said chairman Mark E. Green (R-TN). From cybersecurity and privacy threats to election interference and nation-state attacks, the hearing highlighted AI’s wide-ranging threats and the challenges of mounting a defense. Nonetheless, the four panelists at the hearing – representing technology and cybersecurity companies and a public interest group – put forth some ideas, both technological and regulatory.

Cybercrime Gets Easier

Much of the testimony – and concerns raised by committee members – focused on the advantages that AI has given cybercriminals and nation-state actors, advantages that cybersecurity officials say must be countered by increasingly building AI into products. “AI is democratizing the threat landscape by providing any aspiring cybercriminal with easy-to-use, advanced tools capable of achieving sophisticated outcomes,” said Ajay Amlani, senior vice president at biometric company iProov.

“The crime as a service dark web is very affordable. The only way to combat AI-based attacks is to harness the power of AI in our cybersecurity strategies.”

AI can also help cyber defenders make sense of the overwhelming amount of data and alerts they have to contend with, said Michael Sikorski, CTO of Palo Alto Networks’ Unit 42. “To stop the bad guys from winning, we must aggressively leverage AI for cyber defense,” said Sikorski, who detailed some of the “transformative results” customers have achieved from AI-enhanced products.

“Outcomes like these are necessary to stop threat actors before they can encrypt systems or steal sensitive information, and none of this would be possible without AI,” Sikorski added.

Sikorski said organizations must adopt “secure AI by design” principles and AI usage oversight. “Organizations will need to secure every step of the AI application development lifecycle and supply chain to protect AI data from unauthorized access and leakage at all times,” he said, noting that the principles align with the NIST AI risk management framework released last month.

Election Security and Disinformation Loom Large

Ranking member Bennie Thompson (D-MS) asked the panelists what can be done to improve election security and defend against interference, issues of critical importance in a presidential election year. Amlani said digital identity could play an important role in battling disinformation and interference, principles included in section 4.5 of President Biden’s National Cyber Security Strategy that have yet to be implemented.

“Our country is one of the only ones in the western world that doesn't have a digital identity strategy,” Amlani said.

“Making sure that it's the right person, it's a real person that's actually posting and communicating, and making sure that that person is in fact right there at that time, is a very important component to make sure that we know who it is that's actually generating content online. There is no identity layer to the internet currently today.”

Safe AI Use Guidelines Proposed by Public Policy Advocate

The most detailed proposal for addressing the AI threat came from Jake Laperruque, deputy director of the Security and Surveillance Project at the Center for Democracy and Technology, who argued that the “AI arms race” should proceed responsibly.

“Principles for responsible use of AI technologies should be applied broadly across development and deployment,” Laperruque said.

Laperruque gave the Department of Homeland Security credit for starting the process with its recently published AI roadmap. He said government use of AI should be based on seven principles:

1. Built upon proper training data
2. Subject to independent testing and high performance standards
3. Deployed only within the bounds of the technology’s designed function
4. Used exclusively by trained staff and corroborated by human review
5. Subject to internal governance mechanisms that define and promote responsible use
6. Bound by safeguards to protect human rights and constitutional values
7. Regulated by institutional mechanisms for ensuring transparency and oversight

“If we rush to deploy AI quickly rather than carefully, it will harm security and civil liberties alike,” Laperruque concluded. “But if we establish a strong foundation now for responsible use, we can reap benefits well into the future.” Media Disclaimer: This article is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Deepfake Zoom of Doom: Construction giant Arup Group revealed as victim of January theft—10% of net profit lost.

The post CFO Deepfake Redux — Arup Lost $26M via Video appeared first on Security Boulevard.

The custom policy wizard helps prevent data leaks in GenAI tools by using CDP, requires no coding, and offers adaptive, intuitive policies.

“The real threat is in unstructured data, the kind of problem that requires data scientists and developers to solve.”

The post Lasso Security Data Protection Tool Aimed at GenAI Applications appeared first on Security Boulevard.

Final dividend hiked by 9% as MPs write to Ofwat boss urging him to deny water firms’ requests in price review process

• Business live – latest updates

Severn Trent has increased its payout to shareholders despite being responsible for 60,000 sewage spills last year.

Severn hiked its final dividend by 9% to 70.1p a share after pre-tax profits swelled almost 20% to £201.3m in the year to the end of March.

Continue reading...

💾

© Photograph: David Sillitoe./The Guardian

💾

© Photograph: David Sillitoe./The Guardian

Legacy systems are attractive targets to bad actors because outdated components often mean that security vulnerabilities remain unpatched, offering exploitable footholds. “End of life” does not mean “end of vulnerability.”

The post Legacy Systems: Learning From Past Mistakes appeared first on Security Boulevard.

UK data watchdog has warned against ignoring the data protection risks in generative artificial intelligence and recommended ironing out these issues before the public release of such products. The warning comes on the back of the conclusion of an investigation from the U.K.’s Information Commissioner’s Office (ICO) into Snap, Inc.'s launch of the ‘My AI’ chatbot. The investigation focused on the company's approach to assessing data protection risks. The ICO's early actions underscore the importance of protecting privacy rights in the realm of generative AI. In June 2023, the ICO began investigating Snapchat’s ‘My AI’ chatbot following concerns that the company had not fulfilled its legal obligations of proper evaluation into the data protection risks associated with its latest chatbot integration. My AI was an experimental chatbot built into the Snapchat app that has 414 million daily active users, who on a daily average share over 4.75 billion Snaps. The My AI bot uses OpenAI's GPT technology to answer questions, provide recommendations and chat with users. It can respond to typed or spoken information and can search databases to find details and formulate a response. Initially available to Snapchat+ subscribers since February 27, 2023, “My AI” was later released to all Snapchat users on April 19. The ICO issued a Preliminary Enforcement Notice to Snap on October 6, over “potential failure” to assess privacy risks to several million ‘My AI’ users in the UK including children aged 13 to 17. “The provisional findings of our investigation suggest a worrying failure by Snap to adequately identify and assess the privacy risks to children and other users before launching My AI,” said John Edwards, the Information Commissioner, at the time.

“We have been clear that organizations must consider the risks associated with AI, alongside the benefits. Today's preliminary enforcement notice shows we will take action in order to protect UK consumers' privacy rights.”

On the basis of the ICO’s investigation that followed, Snap took substantial measures to perform a more comprehensive risk assessment for ‘My AI’. Snap demonstrated to the ICO that it had implemented suitable mitigations. “The ICO is satisfied that Snap has now undertaken a risk assessment relating to My AI that is compliant with data protection law. The ICO will continue to monitor the rollout of My AI and how emerging risks are addressed,” the data watchdog said. Snapchat has made it clear that, “While My AI was programmed to abide by certain guidelines so the information it provides is not harmful (including avoiding responses that are violent, hateful, sexually explicit, or otherwise dangerous; and avoiding perpetuating harmful biases), it may not always be successful.” The social media platform has integrated safeguards and tools like blocking results for certain keywords like “drugs,” as is the case with the original Snapchat app. “We’re also working on adding additional tools to our Family Center around My AI that would give parents more visibility and control around their teen’s usage of My AI,” the company noted.

‘My AI’ Investigation Sounds Warning Bells

Stephen Almond, ICO Executive Director of Regulatory Risk said, “Our investigation into ‘My AI’ should act as a warning shot for industry. Organizations developing or using generative AI must consider data protection from the outset, including rigorously assessing and mitigating risks to people’s rights and freedoms before bringing products to market.”

“We will continue to monitor organisations’ risk assessments and use the full range of our enforcement powers – including fines – to protect the public from harm.”

Generative AI remains a top priority for the ICO, which has initiated several consultations to clarify how data protection laws apply to the development and use of generative AI models. This effort builds on the ICO’s extensive guidance on data protection and AI. The ICO’s investigation into Snap’s ‘My AI’ chatbot highlights the critical need for thorough data protection risk assessments in the development and deployment of generative AI technologies. Organizations must consider data protection from the outset to safeguard individuals' data privacy and protection rights. The final Commissioner’s decision regarding Snap's ‘My AI’ chatbot will be published in the coming weeks. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Malicious actors are using AI to perpetrate phishing scams centered around website impersonation, a threat few businesses are prepared to combat.

The post Digital Impersonation Fraud: a Growing Challenge for Brands appeared first on Security Boulevard.

Web application development and usage are at an all-time high, but businesses aren’t sure which APIs to monitor or how to protect them.

The post Shifting the Security Mindset: From Network to Application Defense appeared first on Security Boulevard.

WTH? DPRK IT WFH: Justice Department says N. Korean hackers are getting remote IT jobs, posing as Americans.

The post North Korea IT Worker Scam Brings Malware and Funds Nukes appeared first on Security Boulevard.

The Importance of Lookback Analysisin Effective ERP AuditingToday, data is the key driver of success, and even small decisions can have a significant impact. Therefore, it is crucial for organizations to use powerful analytical tools. Lookback or retrospective analysis provides a point-in-time view of past events, decisions, actions, or outcomes. […]

The post Lookback Analysis in ERP Audit appeared first on SafePaaS.

The post Lookback Analysis in ERP Audit appeared first on Security Boulevard.

The SEC is tightening its focus on financial data breach response mechanisms of very specific set of financial institutions, with an update to a 24-year-old rule. The amendments announced on Thursday mandate that broker-dealers, funding portals, investment companies, registered investment advisers and transfer agents develop comprehensive plans for detecting and addressing data breaches involving customers’ financial information. Under the new rules, covered institutions are required to formulate, implement, and uphold written policies and procedures specifically tailored to identifying and mitigating breaches affecting customer data. Additionally, firms must establish protocols for promptly notifying affected customers in the event of a breach, ensuring transparency and facilitating swift remedial actions. “Over the last 24 years, the nature, scale, and impact of data breaches has transformed substantially,” said SEC Chair Gary Gensler. “These amendments to Regulation S-P will make critical updates to a rule first adopted in 2000 and help protect the privacy of customers’ financial data. The basic idea for covered firms is if you’ve got a breach, then you’ve got to notify. That’s good for investors.” According to the amendments, organizations subject to the regulations must notify affected individuals expeditiously with a deadline of no later than 30 days following the discovery of a data breach. The notification must include comprehensive details regarding the incident, the compromised data and actionable steps for affected parties to safeguard their information. While the amendments are set to take effect two months after publication in the Federal Register, larger entities will have an 18-month grace period to achieve compliance, whereas smaller organizations will be granted a two-year window. However, the SEC has not provided explicit criteria for distinguishing between large and small entities, leaving room for further clarification.

The Debate on SEC's Tight Guidelines

The introduction of these amendments coincides with the implementation of new incident reporting regulations for public companies, compelling timely disclosure of “material“ cybersecurity incidents to the SEC. Public companies in the U.S. now have four days to disclose cybersecurity breaches that could impact their financial standing. SEC’s interest in the matter stems from a major concern: breach information leads to a stock market activity called informed trading, currently a grey area in the eyes of law. Several prominent companies including Hewlett Packard and Frontier, have already submitted requisite filings under these regulations, highlighting the increasing scrutiny on cybersecurity disclosures. Despite pushback from some quarters, including efforts by Rep. Andrew Garbarino to The SEC’s incident reporting rule has however received pushback from close quarters including Congressman Andrew Garbarino, Chairman of the Cybersecurity and Infrastructure Protection Subcommittee of the House Homeland Security Committee and a Member of the House Financial Services Committee. Garbarino in November introduced a joint resolution with Senator Thom Tillis to disapprove SEC’s new rules. “This cybersecurity disclosure rule is a complete overreach on the part of the SEC and one that is in direct conflict with congressional intent. CISA, as the lead civilian cybersecurity agency, has been tasked with developing and issuing regulations for cyber incident reporting as it relates to covered entities. Despite this, the SEC took it upon itself to create duplicative requirements that not only further burden an understaffed cybersecurity workforce with additional and unnecessary reporting requirements, but also increase cybersecurity risk without a congressional mandate and in direct contradiction to public law that is intended to secure the homeland,” Garbarino said, at the time. Senator Tillis added to it saying the SEC was doing its “best to hurt market participants by overregulating firms into oblivion.” Businesses and industry leaders across the spectrum have expressed intense opposition to the new rules but the White House has signaled its commitment to upholding the regulatory framework. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

The post Questions You Need to Ask When Evaluating a Security Automation Vendor appeared first on AI Enabled Security Automation.

The post Questions You Need to Ask When Evaluating a Security Automation Vendor appeared first on Security Boulevard.

One in three office workers who use GenAI admit to sharing customer info, employee details and financial data with the platforms. Are you worried yet?

The post Risks of GenAI Rising as Employees Remain Divided About its Use in the Workplace appeared first on Security Boulevard.

Gone in 60 seconds is a thing of the past. With the world moving towards digital assets and cryptocurrency, “Gone in 12 seconds” seems to be the new norm for digital heists. The U.S. Department of Justice arrested two siblings for attacking the Ethereum blockchain and siphoning $25 million of cryptocurrency during a 12 second exploit. Hailing from Boston and New York respectively, Anton Peraire-Bueno, 24, and James Peraire-Bueno, 28, stand accused of a litany of charges including conspiracy to commit wire fraud, wire fraud and conspiracy to commit money laundering. According to an unsealed indictment on Wednesday the brothers mixed their “specialized skills” from their education at MIT with their expertise in cryptocurrency trading to exploit “the very integrity of the (Ethereum) blockchain,” said U.S. Attorney Damian Williams. The brothers meticulously planned the exploit scheme for months “and once they put their plan into action, their heist only took 12 seconds to complete,” he added.

“This alleged scheme was novel and has never before been charged.”

Through the Exploit, which is believed to be the very first of its kind, Peraire-Bueno brothers manipulated and tampered with the process and protocols by which transactions are validated and added to the Ethereum blockchain.

The MEV Conundrum from Ethereum Blockchain Exploit

According to the indictment, the Pepaire-Bueno brothers initiated their scheme in December 2022, targeting specific traders on the Ethereum platform through what investigators term a "baiting" operation. At the heart of the indictment lies the concept of MEV-Boost, a software tool utilized by Ethereum validators to optimize transaction processing and maximize profitability. MEV, or maximal extractable value, has long been a subject of controversy within the cryptocurrency community, with proponents arguing its economic necessity and critics highlighting its potential for abuse. They exploited a critical flaw in MEV-Boost's code, granting them unprecedented access to pending transactions before their official validation by Ethereum validators. Leveraging this loophole, the siblings embarked on a sophisticated campaign targeting specific traders utilizing MEV bots. The indictment elucidates the modus operandi employed by the accused duo. The brothers created 16 Ethereum validators and targeted three specific traders who operated MEV bots, the indictment said. By establishing their own Ethereum validators and deploying bait transactions, they enticed MEV bots from these traders for their illicit scheme. Subsequently, through a series of meticulously orchestrated maneuvers, including frontrunning and transaction tampering, they siphoned off $25 million of cryptocurrency from unsuspecting victims – all in just 12 seconds. Following the successful execution of their nefarious scheme, the brothers allegedly laundered the ill-gotten gains through a network of shell companies. Converting the stolen funds into more liquid cryptocurrencies such as DAI and USDC, they attempted to rebuff attempts of victims and Ethereum representatives to recover the stolen cryptocurrency. Following their arrest on Tuesday, the brothers are set to appear in federal courts in New York and Boston to face charges. If convicted the brothers face a maximum sentence of up to 20 years in prison for each count. Deputy Attorney General Lisa Monaco lauded the Justice Department’s prosecutors and IRS agents, “who unraveled this first-of-its kind wire fraud and money laundering scheme.”

“As cryptocurrency markets continue to evolve, the Department will continue to root out fraud, support victims, and restore confidence to these markets.”

Cryptocurrency Heists and Convictions Growing Every Day

The news of the arrest comes on the heels of another crypto heist from Sonne Finance, the cryptocurrency lending protocol. The team at Sonne Finance is offering an undisclosed bounty to a hacker responsible for a $20 million theft on Tuesday evening. Sonne Finance facilitates lending and borrowing without intermediaries like banks. The theft, tracked by blockchain security companies, involved digital coins like ether and USDC. Developers paused all markets and later detailed the attack in a postmortem, offering a bounty for the return of funds. They detected the attack within 25 minutes, with some users preventing $6.5 million theft. The hacker has since been exchanging stolen cryptocurrency for bitcoin and others. Law enforcement focus on crypto theft has intensified in 2024, with notable convictions including a $110 million theft from Mango Markets resulting in up to 30 years in prison and sentences for individuals involved in crypto scams and market manipulation. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

In response to heightened cyber threats targeting political candidates, election officials and civil society groups, the National Cyber Security Centre (NCSC) in the UK, a part of GCHQ, has introduced a new initiative called the Personal Internet Protection (PIP) service. The service that was unveiled at CYBERUK 2024 in Birmingham, aims to provide an additional layer of security to individuals at “high-risk” of cyberattacks like spear-phishing, malware and other threats, ahead of the upcoming election year. The Personal Internet Protection service works by alerting users when attempting to access malicious domains known to the NCSC and by blocking outgoing traffic to these domains. The PIP offered to high-risk individuals is built on the NCSC’s Protective DNS service that was developed primarily for use by organizations. Since its inception in 2017, PDNS has provided protection at scale for millions of public sector users, handling more than 2.5 trillion site requests and preventing access to 1.5 million malicious domains, the NCSC said.

Cyber Threats Targeting Political Candidates

The Personal Internet Protection service is part of a broader effort by the UK government to enhance cyber support for individuals and organizations crucial to the democratic process, especially considering recent attempts by Russian and Chinese state-affiliated actors to disrupt UK's government and political institutions as well as individuals. While the Russian intelligence services had attempted to use cyberattacks to target prominent persons and organizations in the UK for meddling in the electoral processes, China is likely seen targeting various government agencies including the Ministry of Defence (MoD), whose payroll system was recently breached. Although both, Moscow and Beijing have rejected the use of hacking for political purposes, the relations between them remain strained over these allegations. Jonathon Ellison, NCSC Director for National Resilience and Future Technology, noted the importance of protecting individuals involved in democracy from cyber threats, highlighting the attractiveness of their personal accounts to espionage operations.

“Individuals who play important roles in our democracy are an attractive target for cyber actors seeking to disrupt or otherwise undermine our open and free society. That’s why the NCSC has ramped up our support for people at higher risk of being targeted online to ensure they can better protect their accounts and devices from attacks,” Ellison said.

Ahead of the major election year where more than 50 countries around the world cast their vote, Ellison urged individuals eligible for the Personal Internet Protection services to sign up and to follow their guidance to bolster defenses against various cyber threats. The initiative also extends support to civil society groups facing a heightened risk of cyber threats. A new guide, "Mitigating Cyber Threats with Limited Resources: Guidance for Civil Society," which offers practical advice for individuals such as elected officials, journalists, activists, academics, lawyers and dissidents was released on Tuesday. This guide, developed by the U.S. Cybersecurity and Infrastructure Security Agency in collaboration with international partners, aims to empower high-risk civil society communities with limited resources to combat cyber threats effectively. These include customized risk assessment tools, helplines for digital emergencies and free or discounted cybersecurity services tailored to the needs of civil society organizations. The launch of the Personal Internet Protection service and the release of the guidance for civil society mark significant steps in bolstering the cybersecurity posture of individuals and organizations critical to the democratic process. By enhancing protection against cyber threats, the UK aims to safeguard the integrity of its democracy and promote collective resilience against global threats to democracy. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Phish Ahoy! Hacker took advantage of Dell’s lack of anti-scraping defense.

The post Dell Hell Redux — More Personal Info Stolen by ‘Menelik’ appeared first on Security Boulevard.

The notorious BreachForums seized for the second time in a year. The U.S. law enforcement today seized the clear web domain of the second version of BreachForums - popularly known as a Breached hacking forum in the underground market - that helped sell stolen data and credentials. Hosted at BreachForums[.]st, the domain now shows a seizure banner saying the website was taken down by the FBI and the U.S. Department of Justice with assistance from international partners. Other law enforcement authorities worldwide were also part of this action, including the Australian Federal Police, the U.K. National Crime Agency, New Zealand Police, police department of the canton of Zürich in Switzerland and Icelandic Police, among others. As is common with domain seizure messages, law enforcement displayed the logo for the site. It however took an unconventional approach by also featuring two avatar's - likely of BreachForums' administrators "Baphomet" and "ShinyHunters" - behind bars in the seizure banner.

BreachForums Seized

The message on the banner reads: "We are reviewing this site's backend data. If you have information to report about cybercriminal activity on BreachForums, please contact us." The law enforcement has also shared a link to a form hosted on the Internet Crime Complaint Center. The FBI has put out a questionnaire for victims or individuals that have information to assist in any of the investigations against BreachForums v2, BreachForums v1, or Raidforums. A summary of the takedown of BreachForums on this portal says, "The Federal Bureau of Investigation (FBI) is investigating the criminal hacking forums known as BreachForums and Raidforums. "From June 2023 until May 2024, BreachForums (hosted at breachforums.st/.cx/.is/.vc and run by ShinyHunters) was operating as a clear-net marketplace for cybercriminals to buy, sell, and trade contraband, including stolen access devices, means of identification, hacking tools, breached databases, and other illegal services." Earlier a separate version of BreachForums hosted at breached.vc/.to/.co and run by pompompurin between March 2022 to 2023 was seized by the U.S. law enforcement in June 2023. Raidforums, hosted at raidforums.com and run by an admin under the moniker "Omnipotent" was the predecessor hacking forum to both version of BreachForums and ran from early 2015 until February 2022. *The Telegram channel of "Baphomet," one of the administrators behind the BreachForums, has also been seized, according to a pinned message from the law enforcement on his channel. [caption id="attachment_68571" align="aligncenter" width="446"] Credit: Dark Web Intelligence[/caption]

ShinyHunters Confirms Baphomets Arrest

*Shiny Hunters, one of the administrators of the BreachForums, allegedly confirmed on a Telegram channel called "BF Announcements" the arrest of Baphomet and said that the law enforcement did not get to anyone from the ShinyHunters gang. [caption id="attachment_68843" align="aligncenter" width="300"] Message on BF Announcements Telegram channel[/caption] Later in the same channel the administrator claimed that the domain was recovered back from the law enforcement's control, as was the case during the BreachForums v1 takedown where the cat and mouse game went on for a while between the two. The Cyber Express tried to verify this claim and saw that the domain is now redirecting to a Telegram chat group called "Jacuzzi 2.0" The FBI and Justice Department spokespersons were not immediately available for comment when contacted by The Cyber Express for details on the latest claims. This is a developing story. The article will be updated with the latest information as it becomes available. Update 1*: Added Telegram account seizure details along with screenshot. Update 2* May 16 - 9:40 AM (UTC) : Added details from Shiny Hunters' BF Announcements Telegram channel that allegedly confirmed details of one of the administrators of BreachForums - Baphomets - arrest. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

A Dutch court ruling on Tuesday found one of the co-founders of the now-sanctioned Tornado Cash cryptocurrency mixer service guilty of laundering $1.2 billion illicit cybercriminal proceeds. He was handed down a sentence of 5 years and 4 months in prison, as a result. Alexey Pertsev, a 31-year-old Russian national and the developer of Tornado Cash, awaited trial in the Netherlands on money laundering charges after his arrest in Amsterdam in August 2022, just days after the U.S. Treasury Department sanctioned the service for facilitating malicious actors like the Lazarus Group in laundering their illicit proceeds from cybercriminal activities. “The defendant declared that it was never his intention to break the law or to facilitate criminal activities,” according to a machine translated summary of the judgement. Instead Pertsev intended to offer a legitimate solution with Tornado Cash to a growing crypto community that craved privacy. He argued that “it is up to the users not to abuse Tornado Cash.” Pertsev also said that given the technical specifications of the cryptocurrency mixer service, it was impossible for him to prevent the abuse. However, the District Court of East Brabant disagreed, asserting that the responsibility for Tornado Cash's operations lay solely with its founders and lacked adequate mechanisms to prevent abuse. “Tornado Cash functions in the way the defendant and his cofounders developed Tornado Cash. So, the operation is completely their responsibility,” the Court said. “If the defendant had wanted to have the possibility to take action against abuse, then he should have built it in. But he did not.”

“Tornado Cash does not pose any barrier for people with criminal assets who want to launder them. That is why the court regards the defendant guilty of the money laundering activities as charged.”

Tornado Cash functioned as a decentralized cryptocurrency mixer, also known as a tumbler, allowing users to obscure the blockchain transaction trail by mixing illegally and legitimately obtained funds, making it an appealing option for adversaries seeking to cover their illicit money links. Tornado Cash laundered $1.2 billion worth of cryptocurrency stolen through at least 36 hacks including the theft of $625 million from the Axie Infinity hack in March 2022 by North Korea’s Lazarus Group hackers. The Court used certain undisclosed parameters in selecting these hacks due to which only 36 of them were taken into consideration. Without these parameters, more than $2.2 billion worth of illicit proceeds from Ether cryptocurrency were likely laundered. The Court also did not rule out the possibility of Tornado Cash laundering cryptocurrency derived from other crimes. The Court further described Tornado Cash as combining “maximum anonymity and optimal concealment techniques” without incorporating provisions to “make identification, control or investigation possible.” It failed to implement Know Your Customer (KYC) or anti-money laundering (AML) programs as mandated by U.S. federal law and was not registered with the U.S. Financial Crimes Enforcement Network (FinCEN) as a money-transmitting entity. "Tornado Cash is not a legitimate tool that has unintentionally been abused by criminals," it concluded. "The defendant and his co-perpetrators developed the tool in such a manner that it automatically performs the concealment acts that are needed for money laundering." In addition to the prison term, Pertsev was ordered to forfeit cryptocurrency assets valued at €1.9 million (approximately $2.05 million) and a Porsche car previously seized.

Other Tornado Cash Co-Founders Face Trials Too

A year after Pertsev’s arrest, the U.S. Department of Justice unsealed an indictment where the two other co-founders, Roman Storm and Roman Semenov, were charged with conspiracy to commit money laundering, conspiracy to operate an unlicensed money-transmitting business and conspiracy to violate the International Emergency Economic Powers Act. Storm goes to trial in the Southern District of New York later in September, while Semenov remains at large. The case has drawn a debate amongst two sides – privacy advocates and the governments. Privacy advocates argue against the criminalization of anonymity tools like Tornado Cash as it gives users a right to avoid financial surveillance, while governments took a firm stance against unregulated offerings susceptible to exploitation by bad actors for illicit purposes. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.

Будет! Russian ransomware rascals riled a Roman Catholic healthcare organization.

The post FBI/CISA Warning: ‘Black Basta’ Ransomware Gang vs. Ascension Health appeared first on Security Boulevard.

Do you recall the incidents involving Equifax, Target, and British Airways? Experiencing a data breach can significantly harm your business and reputation. According to research by the National Cyber Security Alliance, 60% of small businesses shut down within six months of a data breach. To mitigate the risk of such breaches, PCI compliance establishes stringent […]

The post How to Get PCI Compliance Certification? Steps to Obtain it appeared first on Kratikal Blogs.

The post How to Get PCI Compliance Certification? Steps to Obtain it appeared first on Security Boulevard.

Maybe you’ve heard there’s an interplanetary-sized gap in the amount of cybersecurity professionals available and...

The post Cybersecurity Salary: How Much Can You Earn? appeared first on Security Boulevard.

DUDE! You’re Getting Phished.

Dell customer data from the past six (or more?) years was stolen. It looks like someone sold scads of personal information to the highest bidder.

The post Dell Hell: 49 Million Customers’ Information Leaked appeared first on Security Boulevard.

Companies in the crosshairs of advanced persistent threat (APT) actors look at data theft not as a primary objective of hacking crews backed by Russia, China and Iran — but rather as a means to an end, the U.S. National Security Agency (NSA) told attendees at the annual RSA Conference in San Francisco. 

The post NSA: State-backed attackers are not after your data — they’re targeting CI appeared first on Security Boulevard.

British Columbia in Canada has faced multiple "sophisticated cybersecurity incidents" on government networks, province premier said this week. Premier David Eby emphasized that there is presently no evidence of compromised sensitive information and that investigations are ongoing, with further efforts required to ascertain potential data access, as per his Wednesday statement. While the attack's specific nature remains unclear, labeling it as "sophisticated" and its involvement with government networks suggests fans theories of espionage from a state-sponsored actor seeking political intelligence. “I know the public will have many questions about these incidents, and we will be as transparent as we can without compromising the investigation. As this complex work proceeds, government will provide British Columbians with updates and information as we are able.” Eby said. The provincial government's investigation involves the Canadian Centre for Cyber Security and other agencies, with the Office of the Information and Privacy Commissioner duly informed. Neither of the agencies immediately responded to The Cyber Express’ request for a comment.

Opposition’s Spar in the House

B.C.'s political adversaries engaged in heated debate during the question period on Thursday morning, a day after the province disclosed the multiple cybersecurity incidents within its networks. British Columbia United MLA Todd Stone criticized the government, alleging it "concealed a massive cyberattack on the provincial government for eight days." Stone’s accusations came on the backdrop of a memo from The Office of the Chief Information Officer that directed all provincial employees to immediately change passwords. British Columbians are rightly concerned about their sensitive information, questioning whether it has been compromised by a foreign, state-sponsored cyberattack. So, I ask the premier today: Will he reveal who was responsible for this attack?" Stone demanded. Stone pointed out the timing of Eby's Wednesday statement, suggesting it was issued discreetly "while everyone was preoccupied with last night’s Canucks game." [caption id="attachment_67963" align="aligncenter" width="256"] BC United MLA Todd Stone arguing in the House during the QP on Thursday morning. (Credit: Legislative Assembly of B.C.)[/caption]

“How much sensitive personal information was compromised, and why did the premier wait eight days to issue a discreet statement during a Canucks game to disclose this very serious breach to British Columbians?” the Opposition MLA asked.

In response to BC United's criticisms, Public Safety Minister Mike Farnworth accused Stone of "playing politics." “We take our advice from the Canadian Cyber Security Service, who deal with these kinds of things on an ongoing basis. That’s who we will take the advice from in terms of protecting public information, every single time. We will never take advise from the opposition — all they ever want to do is play politics,” Farnworth retorted amid uproar in the House. [caption id="attachment_67981" align="aligncenter" width="271"] Public Safety Minister Mike Farnworth addressing opposition queries. (Credit: Legislative Assembly of B.C.)[/caption]

“When an incident like this happens, the first thing that happens is the protection of the system, honourable speaker. The protection of the information that’s done by technical experts, honourable speaker, who work on the advice of the Canadian Cyber Security System,” Farnworth explained.

“And, honourable speaker, the reason they do that is because if you go out and give information before that’s done, you actually end up compromising people’s information, potentially.”

Multiple Cybersecurity Incidents Rock B.C. in Last Few Weeks

The latest revelation of cyberattacks on government networks comes on the heels of a string of cyberattacks that the westernmost province in Canada is facing. B.C. headquartered retail and pharmacy chain London Drugs announced April 28, closure of its stores across Western Canada after falling victim to a cybersecurity incident. The impact was such that they were forced to even take their phones offline and pharmacies could only satisfy “urgent” needs of patients on-site. Addressing reporters later Thursday afternoon, Farnworth clarified that there was no evidence linking the multiple cybersecurity incidents targeting the province networks to the event that led to the closure of London Drugs locations in the west for several days. "At present, we lack any information suggesting a connection. Once an incident is detected, technical security teams work swiftly to secure the system and ensure its integrity, while closely coordinating with the Canadian Cyber Security Service to address the situation," he explained. "While a comprehensive investigation involving multiple agencies is ongoing, we currently have no indication of any link to the London Drugs incident." The same day as the London Drugs cyberattack came to light, another western province entity BC Libraries reported a cybersecurity incident where a hacker attempted to extort payment for data exfiltrated from its newly commissioned server and threatening to release that data publicly if no payment was received.

China’s Involved?

This development follows an official inquiry in Canada, revealing unsuccessful Chinese attempts to interfere in past elections. Beijing has refuted these allegations. The Canadian Security Intelligence Service (CSIS) recently published an annual report, warning of ongoing Chinese interference in Canadian political affairs, risking democratic integrity.

“Canada’s strong democratic institutions, advanced economy, innovative research sectors, and leading academic institutions make Canada an attractive target for cyber-enabled espionage, sabotage, and foreign influenced activities, all of which pose significant threats to Canada’s national security,” the report said.

The report identified China as a state-based threat conducting widespread cyber espionage across various sectors, including government, academia, private industry, and civil society organizations.

A GAO review of NASA projects found that, while some cybersecurity challenges have been addressed, many security policies and standards remain optional.

The post NASA Must Improve Spacecraft Cybersecurity, GAO Report Finds appeared first on Security Boulevard.

The UK government is taking cybersecurity seriously and proving it with a new version of...

The post What the UK’s New Password Laws Mean for Global Cybersecurity appeared first on Security Boulevard.

If you need to reach PCI DSS 4.0 compliance, GitGuardian has solutions that can help.

The post How Git Guardian Helps With PCI DSS 4.0’s Password Requirements appeared first on Security Boulevard.

The recent crackdown on the crypto mixer money laundering, Samourai, has unveiled a sophisticated operation allegedly involved in facilitating illegal transactions and laundering criminal proceeds. The cryptocurrency community was shocked by the sudden Samourai Wallet shutdown. The U.S Department of Justice (DoJ) revealed the arrest of two co-founders, shedding light on the intricacies of their […]

The post Crypto Mixer Money Laundering: Samourai Founders Arrested appeared first on TuxCare.

The post Crypto Mixer Money Laundering: Samourai Founders Arrested appeared first on Security Boulevard.

Every organization needs to have security measures and policies in place to safeguard its data. One of the best and most important measures you can take to protect your data (and that of your customers) is simply to have a robust information security policy. Of course, that idea sounds simple enough. In practice, however, it’s...

The post Build Strong Information Security Policy: Template & Examples appeared first on Hyperproof.

The post Build Strong Information Security Policy: Template & Examples appeared first on Security Boulevard.