Cyber Security News

07 Mar 2024 15:30

ALPHV/BlackCat Loses Website After Change Healthcare Breach

Continuous prescription processing troubles have prompted Change Healthcare to introduce a new electronic drug prescription service on Mar. 1.

"We are working on multiple approaches to restore the impacted environment and continue to be proactive and aggressive with all our systems, and if we suspect any issue with the system, we will immediately take action," said Change Healthcare in a statement.

Meanwhile, Cybersecurity and Infrastructure Security Agency Executive Assistant Director for Cybersecurity reassured that efforts to remediate the incident, as well as support organizations affected by the Change Healthcare hack, are underway.

@Cyber_Security_Channel

Cyber Security News

06 Mar 2024 15:11

⚡️Top AI Service Hit by Massive Data Breach — 20 Million Users Have Personal Info Leaked, so Change Passwords Now

Samples of the breach obtained by BleepingComputer reveal the extent of the leaked information, including:

- User ID
- Password
- Profile picture
- API access key
- Salt used in hashing
- Mobile phone number
- Account creation date

@Cyber_Security_Channel

Cyber Security News

05 Mar 2024 22:07

HackerGPT 2.0 – A ChatGPT-Powered AI Tool for Ethical Hackers & Cyber Community

This tool utilizes ChatGPT’s advanced features and specialized training data to support a range of cybersecurity activities such as network and mobile hacking.

It also helps comprehend various hacking techniques without the need for unethical methods like jailbreaking.HackerGPT provides prompt responses to user inquiries while following ethical standards.

It offers support for GPT-3 and GPT-4 models, giving users access to various hacking techniques and methodologies.

Various tools powered by ChatGPT, like OSINVGPT, PentestGPT, WormGPT, and BurpGPT, have already been created for the cyber security community, and HackerGPT is now adding to this legacy.

@Cyber_Security_Channel

Cyber Security News

04 Mar 2024 21:10

The New Era of AI and its Impact on Data Centres

The AI market has the potential to grow even more, thanks to the boom in generative AI (Gen AI).

97% of business owners believe that ChatGPT will benefit their organisations, through uses such as streamlining communications, generating website copy, or translating information, but the surge in adoption will undoubtedly require greater investment and infrastructure for AI-powered solutions than ever.

Today sustainable and resilient data centre design hinges on effective cooling.

The demands that AI places on data centres mean powering high-density servers requires new cooling methodologies for both optimal performance and minimised downtime, Garner says.

@Cyber_Security_Channel

Cyber Security News

03 Mar 2024 20:53

New BIFROSE Linux Malware Variant Using Deceptive VMware Domain for Evasion

The malware has been put to use by a state-backed hacking group from China tracked as BlackTech (aka Circuit Panda, HUAPI, Manga Taurus, Palmerworm, PLEAD, Red Djinn, and Temp.Overboard), which has a history of striking organizations in Japan, Taiwan, and the U.S.

📷: Emsisoft

@Cyber_Security_Channel

Cyber Security News

02 Mar 2024 17:04

Why Governance, Risk, and Compliance Must be Integrated With Cybersecurity

GRC programs include the processes and technologies that enable organizations to meet business goals, address risk, and comply with government and industry regulations.

Incorporating cybersecurity into organization-wide GRC programs means aligning technology decisions with business objectives while meeting regulatory requirements and defining cyber risks.

GRC roles will need to collaborate with cybersecurity roles to structure a program that coordinates activities from both areas of the organization

@Cyber_Security_Channel

Cyber Security News

29 Feb 2024 21:17

The Compelling Need for Cloud-native Data Protection

The reason for this high cost is not only the penalties paid for the data breaches but also the amount of time (mean time to identify, or MTTI) it takes to discover and remediate the breach.

The typical time in days that it takes to identify a breach is significant across all configurations, with the worst being multi-cloud and hybrid-cloud environments.

@Cyber_Security_Channel

Cyber Security News

28 Feb 2024 20:01

67,000 U-Haul Customers Impacted by Data Breach

Responding to a SecurityWeek inquiry, U-Haul confirmed that the incident affected approximately 67,000 customers in the US and Canada and that it is notifying them by mail.

According to U-Haul, the unauthorized party was able to view names, dates of birth, and driver’s license numbers, but did not access financial information.

@Cyber_Security_Channel

Cyber Security News

27 Feb 2024 01:32

Magika, Google's New AI Security Tool, Helps Users Identify Malware at Rapid Speed — and it's Free to Access on GitHub

Similarly the tool performs well on textual files, including code files and configuration files, which other tools have traditionally struggled with.

@Cyber_Security_Channel

Cyber Security News

26 Feb 2024 09:57

Schneider Electric Confirms Data Was Stolen in Cactus Ransomware Attack

25MB of stolen data was uploaded to the group’s dark web leak site in a bid to prove the veracity of its claims, which included images of US citizens’ passports and scans of non-disclosure agreement documents.

Aside from this snippet, it remains unclear precisely what data has been stolen by the group.

@Cyber_Security_Channel

Cyber Security News

25 Feb 2024 10:15

Senior Executives Affected in Largest Observed Microsoft Azure Data Breach

The variety of accounts compromised has granted the threat actor access to data and resources at multiple levels.

Making matters worse, the attackers have possibly disrupted multifactor authentication (MFA) to ensure that access to the systems is maintained as part of its post-compromise activities.

Groups do this by registering their own MFA methods, such as registering new phone numbers or emails or using their own authenticator app.

@Cyber_Security_Channel

Cyber Security News

24 Feb 2024 09:23

Microsoft Fixes Two Zero-Days in February Patch Tuesday

“In the exploitation scenario, an attacker must send a specifically crafted file to a target user and persuade them to open it, since the attacker cannot compel the user to engage with the malicious content directly,” he explained.

@Cyber_Security_Channel

Cyber Security News

23 Feb 2024 01:31

Armentières Hospital Victim of Cyberattack, Emergency Rooms Closed For the Day

A crisis unit, made up of security professionals from the Armentières hospital but also from the Lille CHR, was set up at 5:40 a.m. to restore the situation; all the establishment’s computers are disconnected from the network in the meantime.

“For the moment, we do not know the extent of the attack,” specifies Samy Bayod. “Cyber ​​attacks are increasing, we have protections in place.

@Cyber_Security_Channel

Cyber Security News

22 Feb 2024 03:53

Aircraft Leasing Company Acknowledges Cyberattack in SEC Filing

Willis said in its filing that it "is working diligently to respond to and address the issues posed by the incident," but it provided no further details and didn't say if any data has been compromised.

@Cyber_Security_Channel

Cyber Security News

21 Feb 2024 07:44

Notorious Bumblebee Malware Re-emerges with New Attack Methods

The attackers utilized social engineering techniques to entice targets into downloading Bumblebee.

In the campaign, several thousand emails were sent from the address “info@quarlesaa[.]com to organizations in the US with the subject “Voicemail February.”

@Cyber_Security_Channel

Cyber Security News

07 Mar 2024 05:03

Advancing Cybersecurity In Digital Education

The digital realm of education is a treasure trove of personal information, making it a prime target for cybercriminals.

Data privacy concerns are at the forefront of cybersecurity challenges in EdTech, with risks ranging from identity theft to financial fraud,' Manit asserts.

'Protecting the personal and financial information of students and educators is not just a matter of privacy but of trust and safety within the educational system.

EdTech platforms are susceptible to various cyber threats, including phishing attacks, ransomware, and data breaches.

Phishing attacks deceive individuals into providing sensitive information, while ransomware locks access to vital data, demanding payment for its release.

📷: Jagran Josh

@Cyber_Security_Channel

Cyber Security News

06 Mar 2024 08:30

Rise in Deceptive PDF: The Gateway to Malicious Payloads

This emerging infection chain involving, among others, Agent Tesla, initiates from an email containing a PDF attachment, which subsequently facilitates the dissemination of the ultimate payload.

In the outdated and unpatched version of Acrobat Reader, PDFs directly execute embedded JavaScript using MSHTA, subsequently launching PowerShell, which facilitates process injection.

Conversely, in the latest version of Acrobat Reader, PDFs are unable to execute JavaScript directly.

Instead, they redirect to a malicious website, from which the script is downloaded.

The subsequent process remains consistent with the previous case. The kill chain for the delivery of Agent Tesla unfolds as follows:

@Cyber_Security_Channel

Cyber Security News

05 Mar 2024 03:45

SafeGuard Cyber Integrates AI-Powered FirstSight Platform with Slack

Powered by Contextual AI, the SafeGuard Cyber FirstSight platform alerts security teams to high frequency and costly attacks such as credential theft, impersonation, phishing, malware, policy violations, and insider threats across the expanding communication attack surface.

The platform enables security and compliance teams to have visibility across all employee communications, while maintaining privacy, to keep organizations secure and compliant.

@Cyber_Security_Channel

Cyber Security News

04 Mar 2024 06:39

Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday

Industry professionals have commented on various aspects of the Cybersecurity Framework 2.0.

Some have praised its improvements, while others have pointed to elements that are still missing from the widely used framework.

@Cyber_Security_Channel

Cyber Security News

03 Mar 2024 09:44

NIST Releases Cybersecurity Framework 2.0

The National Institute of Standards and Technology (NIST) has updated the widely used Cybersecurity Framework (CSF), its landmark guidance document for reducing cybersecurity risk.

The new 2.0 edition is designed for all audiences, industry sectors and organization types, from the smallest schools and nonprofits to the largest agencies and corporations — regardless of their degree of cybersecurity sophistication.

NIST plans to continue enhancing its resources and making the CSF an even more helpful resource to a broader set of users, Stine said, and feedback from the community will be crucial.

@Cyber_Security_Channel

Cyber Security News

01 Mar 2024 16:28

🔥 Scanning Networks – Pro Guide for Cybersecurity Specialists

→ Our partners at Hacklido have a released a REVAMPED version just for you

More material, the same price!

Cyber Security News

29 Feb 2024 07:40

How Can Synthetic Data Impact Data Privacy in the New World of AI

Collecting data in the real world can bring about further problems, such as needing to attain model releases and consent when filming in public spaces.

Moreover, government regulations and legislative processes like the EU AI Act further complicate real-world data collection.

How companies interpret this ethical landscape can vary case by case – there is no universal understanding of how to approach it.

@Cyber_Security_Channel

Cyber Security News

28 Feb 2024 05:24

Why Are Compromised Identities the Nightmare to IR Speed and Efficiency?

The triggering of an IR process can come in a million shapes.

They all share a resemblance in that you think – or are even sure – that something is wrong, but you don't know exactly what, where, and how.

If you're lucky, your team spotted the threat when it's still building up its power inside but hasn't yet executed its malicious objective.

If you're not so lucky, you become aware of the adversarial presence only after its impact has already broken out – encrypted machines, missing data, and any other form of malicious activity.

@Cyber_Security_Channel

Cyber Security News

26 Feb 2024 21:14

Tech Companies Sign Accord to Combat AI-Generated Election Trickery

The accord is largely symbolic, but targets increasingly realistic AI-generated images, audio and video:

“That deceptively fake or alter the appearance, voice, or actions of political candidates, election officials, and other key stakeholders in a democratic election, or that provide false information to voters about when, where, and how they can lawfully vote.”

@Cyber_Security_Channel

Cyber Security News

25 Feb 2024 21:33

What Is a Passphrase? Examples, Types & Best Practices

A passphrase is a combination of phrases used to safeguard or authenticate access to an online account, computer system or other digital resource.

Passphrases are usually longer than traditional passwords and consist of words that are easy to remember but challenging for potential attackers to decipher.

Think of it as a short sentence of four words or more and a minimum of 15 characters.

@Cyber_Security_Channel

Cyber Security News

24 Feb 2024 18:53

Romanian Hospital Ransomware Crisis Attributed to Third-Party Breach

The scale of the ransomware emergency in Romania is bordering on the unbelievable as now more than 100 hospitals have been either disconnected from the internet or had their files encrypted.

@Cyber_Security_Channel

Cyber Security News

23 Feb 2024 09:00

🔍🆓 Exclusive Access to One of the Most Versatile Scanning Tools on the Market [FREE]

*Only for members of the Cyber Security News Community

Odin Internet offers:

— Hosts
— 3+ Billion IPs
— Threat Hunting Tools
— Millions of Internet Assets
— Internet Scanning Opportunities

Excited to learn more?

Register now and try it out for yourself:

→ Claim your personalized experience via this link.

-----

#ad #paidpromotion #sponsored

@Cyber_Security_Channel

Cyber Security News

22 Feb 2024 14:08

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as:

- VK
- Gettr
- Viber
- Flickr
- Quora
- TikTok
- Skype
- Twitch
- Reddit
- GitHub
- Tumblr
- Google
- YouTube
- LinkedIn
- Telegram
- Facebook
- Instagram
- Snapchat
- X (formerly Twitter)

📷: Engadget

@Cyber_Security_Channel

Cyber Security News

21 Feb 2024 15:39

Hunter-Killer Malware is On the Rise, and Security Experts are Seriously Concerned

Each of the four most frequently employed techniques recorded in MITRE ATT&CK in 2023 were aspects of hunter-killer malware.

T1055 (process injection), T1059 (command and scripting interpreter), T1562 (impair defenses), and T1082 (system information discovery) can all be used in hunter-killer malware attacks.

@Cyber_Security_Channel

Cyber Security News

20 Feb 2024 22:03

Fifth of British Kids Have Broken the Law Online

NCA deputy director, Paul Foster, who heads up the agency’s National Cyber Crime Unit, encouraged parents, teachers and children to visit its Cyber Choices website for more information.

@Cyber_Security_Channel