Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Hacking. Show all posts
Russia
China Cyber Attacks Hacking Netherlands Russia

Russia and China Up Their Cyberattacks on Dutch Infrastructure, Security Report Warns

 


Dutch security authorities have recorded growing cyber threats from state-affiliated Russian and Chinese hackers targeting organisations in the country. The attacks, mostly to gain access to the critical infrastructure, are seen as preparations for future sabotage and for gathering sensitive information, according to a recent report by the Dutch National Coordinator for Security and Counterterrorism (NCTV).


Rise of Non-State Hackers in Support of Government Agendas

The report says cyber attacks can no longer be considered the preserve of state actors: in fact, it turns out that non-state hackers in Russia and China increasingly are joining in. Of course, Russia: for some of the past year's cyber espionage and sabotage, hacktivists--independent hacking groups not officially communicating with the government are said to have conducted parts of this past year. At times, Russian state cyber actors work in conjunction with them, sometimes using their cover for their own operations, sometimes directing them to fit state goals.

China's cyber operations often combine state intelligence resources with academic and corporate collaborations. Sometimes, persons are performing dual roles: conducting research or scientific duties coupled with pushing forward China's intelligence goals. Such close cooperation treads the fine line between private and state operations, introducing an element of complexity to China's cyber strategy.


China's Advancing Sabotage Capabilities

For some years now, Chinese cyber campaigns focused on espionage, particularly those targeting the Netherlands and other allies, have been well known. Recent developments over the past year, however, have found China's cyber strategies getting broader in scope and quite sophisticated. The recent "Volt Typhoon" campaign, attributed to China, was an example of shifting toward actual sabotage, where critical U.S. infrastructure is the chief target. Although Europe is not currently under such threats from Volt Typhoon, the Netherlands remains vigilant based on China's rapid advancements in its cyber capabilities, which will potentially be implemented globally at a later stage.


Cyber/Disinformation Combined Threat

In the Netherlands, there is a national coordinator for security and counterterrorism, Pieter-Jaap Aalbersberg, who underscored that cyber threats frequently act as part of an integrated approach, which includes information operations. Coordinated actions are riskier because the cyber attack and digital influence operation come together to compromise security. Aalbersberg indicated that risks need to be balanced collectively, both from direct cyber threats and other consequences.


Recent Breach in Dutch Police Forces Concerns

Earlier this month, the Dutch national police announced a breach into officers' personal contact details with thousands of officers being involved, including names, telephone numbers, and email. The attackers behind this breach are unknown, although it is believed that this incident is "very likely" to be carried out by a state-sponsored group. Still, no country was indicated.

The Dutch government views such heightened cyber hostility as pushing a stronger defensive response from its measures about the cybersecurity fields, particularly since the threats from Russians and Chinese are still multiplying. This scenario now presents strong appeal in asking for added fortifications at international cooperation and greater action in stopping these mounting operations of said aggressive expansions through cyber warfare.


Read more »
Online Security
cookie theft Cookies Cyber Security cybercriminals FBI Hacking https MFA Bypass Online Security

FBI Warns of Cybercriminals Stealing Cookies to Bypass Security

 

Cybercriminals are now targeting cookies, specifically the “remember-me” type, to gain unauthorized access to email accounts. These small files store login information for ease of access, helping users bypass multi-factor authentication (MFA). However, when a hacker obtains these cookies, they can use them to circumvent security layers and take control of accounts. The FBI has alerted the public, noting that hackers often obtain these cookies through phishing links or malicious websites that embed harmful software on devices. Cookies allow websites to retain login details, avoiding repeated authentication. 

By exploiting them, hackers effectively skip the need for usernames, passwords, or MFA, thus streamlining the process for unauthorized entry. This is particularly concerning as MFA typically acts as a crucial security measure against unwanted access. But when hackers use the “remember-me” cookies, this layer becomes ineffective, making it an appealing route for cybercriminals. A primary concern is that many users unknowingly share these cookies by clicking phishing links or accessing unsecured sites. Cybercriminals then capitalize on these actions, capturing cookies from compromised devices to access email accounts and other sensitive areas. 

This type of attack is less detectable because it bypasses traditional security notifications or alerts for suspicious login attempts, providing hackers with direct, uninterrupted access to accounts. To combat this, the FBI recommends practical steps, including regularly clearing browser cookies, which removes saved login data and can interrupt unauthorized access. Another strong precaution is to avoid questionable links and sites, as they often disguise harmful software. Additionally, users should confirm that the websites they visit are secure, checking for HTTPS in the URL, which signals a more protected connection. 

Monitoring login histories on email and other sensitive accounts is another defensive action. Keeping an eye on recent activity can help users identify unusual login patterns or locations, alerting them to possible breaches. If unexpected entries appear, changing passwords and re-enabling MFA is advisable. Taking these actions collectively strengthens an account’s defenses, reducing the chance of cookie-based intrusions. While “remember-me” cookies bring convenience, their risks in today’s cyber landscape are notable. 

The FBI’s warning underlines the importance of digital hygiene—frequently clearing cookies, avoiding dubious sites, and practicing careful online behavior are essential habits to safeguard personal information.
Read more »
Scam
Amazon Hacking links phishing Scam

Chenlun’s New Phishing Schemes Target Big-Name Brands

 


A new phishing campaign unveiled by researchers from DomainTools is a phishing campaign on the go, deceiving users via fake text messages. The messages masquerade as trusted brands like Amazon to get the targets to give away sensitive data. This operation is put at the hands of the threat actor "Chenlun," who was seen tricking people last year for masquerading as a USPS delivery alert during the holiday season. On 18 October 2024, consumer targeting waves, this wave represents new waves in tactics that target trusting consumers on the most-used brands.

Phishing Attack Evolution: From USPS Notification Scam to Authentication and Authorization Hack

In December 2023, DomainTools reported on the earlier approach that Chenlun used through exploiting USPS alerts to instruct users on how to navigate to fraudulent websites. This scheme, also labelled as "smishing, tricked users into message prompting them to visit virtually identical websites to the one genuine USPS websites. These next sent information that victims did not need to provide. With the current attack, however, Chenlun used the more narrow deception of alerts that there is unauthorised access to his or her online store accounts. This prompted victims into confirmation of their account information with links that led him to a scam website. To this end, it goes without saying that one ought to be careful when opening any link on email or text.


Advanced techniques of hiding and concealing evidence

The strategies that Chenlun uses today are more advanced than that of not being detected. The phishing attack this year is different from the past years because it does not use domain names containing USPS but instead uses a DGA. A DGA automatically generates new, arbitrary domain names, which creates an added difficulty in blocking malicious websites and makes it challenging for the security systems to identify phishing attempts. The constant change in the infrastructure of the domain leaves Chenlun free to continue their attacks without instant interference from cybersecurity defences.


Changed Domain Structures and Aliases

The latest phishing campaign also demonstrates the changed structure of the Chenlun domain. Last year, the fraudsters utilised domains like the official USPS websites. This time around, they change them into simple domains and even switch to other registrars and name servers. Now, they use NameSilo and DNSOwl, for example, and not Alibaba Cloud's DNS service, just like last year. The changing tendency makes phishing attempts less predictable and also complicates the procedure for cybersecurity analysts in relation to the identification and monitoring of suspicious domains.

Moreover, the most recent activity of Chenlun used pseudonyms like "Matt Kikabi" and "Mate Kika". These pseudonyms, which were first identified in the 2023 report, have more than 700 active domains. Reusing these identities, Chenlun has been able to maintain a massive presence online undetected by cybersecurity tools.


Collaboration as a Critical Form of Defense Against Phishing

DomainTools emphasises that effective countermeasures against phishing attacks require the collective efforts of organisations. Recommendations from security experts include active monitoring of registration patterns, sharing threat intelligence, and developing robust strategies that can counter changing phishing techniques.

DomainTools further emphasises that Chenlun's strategy changes reflect the ongoing problem that cybersecurity professionals face. By constantly changing obfuscation techniques, Chenlun underlines the importance of domain-related data in identifying patterns and suspect domains.


Takeaway for Business and Consumers

Continuous activity by Chenlun also points to the fact that vigilance needs to be maintained, given the sophistication in phishing scams. Business entities need to strengthen cybersecurity measures in monitoring domain registrations and promote threat intelligence sharing. Individual consumers need to maintain vigilance by avoiding a response to unsolicited messages or links.

In short, Chenlun's latest phishing campaign calls out for proactive defence. While the attackers continue adapting with a view to remain unseen, the necessity for people to stay updated and network inter-sectorally is the urgent requirement in the world of digitization.


Read more »
Ransomware
Backups computer crime cryptocurrency Cyber Security Cybersecurity Data Recovery encryptor Hacking phishing Ransomware

The Evolution of Computer Crime: From Tinkering to Ransomware Threats

 



In the early days of computing, systems were relatively isolated, primarily reserved for academic and niche applications. Initial security incidents were more about experimentation gone wrong than intentional harm.

Today, the scenario is vastly different. Computers are everywhere—powering our homes, workplaces, and even critical infrastructure. With this increased reliance, new forms of cybercrime have emerged, driven by different motivations.

Computer crimes, which once revolved around simple scams and tech-savvy groups, have evolved. Modern attackers are more professional and devastating, often state-sponsored, like ransomware collectives.

A prime example of this evolution is ransomware. What began as simple criminal schemes has turned into a full-fledged industry, with criminals realizing that encrypting data and demanding payment is a highly lucrative enterprise.

Ransomware attacks follow a predictable pattern. First, the attacker deploys an encryptor on the victim’s system, locking them out. Then, they make their presence known through alarms and ransom demands. Finally, if the ransom is paid, some attackers provide a tool to decrypt the data, though others might threaten public exposure of sensitive data instead.

However, ransomware attackers face two key challenges. The first is infiltrating the target system, often achieved through phishing tactics or exploiting vulnerabilities. Attacks like WannaCry highlight how these methods can devastate unprotected systems.

The second challenge is receiving payment without revealing the attacker’s identity. Cryptocurrencies have helped solve this problem, allowing criminals to receive payments anonymously, making it harder for authorities to trace.

Preventing ransomware isn’t solely about avoiding the initial attack; it’s also about having a recovery strategy. Regular backups and proper employee training on cybersecurity protocols are crucial. Resilient companies use backup strategies to ensure they can restore systems quickly without paying ransoms.

However, backups must be thoroughly tested and isolated from the main system to prevent infection. Many companies fail to adequately test their backups, leading to a difficult recovery process in the event of an attack.

While ransomware isn’t a new concept in technical terms, its economic implications make it a growing threat. Cybercriminals can now act more ruthlessly and target industries that can afford to pay high ransoms. As these attacks become more common, companies must prepare to mitigate the damage and avoid paying ransoms altogether
Read more »
Ransomware
APT Group CISA Cyber Security Hacking Middle East OilRig Ransomware

New Cybersecurity Threat for the Middle Eastern Countries: OilRig Malware

 



Cybersecurity experts say that there is a new threat against Middle East organisations, and more specifically within the United Arab Emirates, and other Gulf countries. There is an Iranian gang cybercrime known as OilRig that aims to hunt login credentials for access into several organisations and personal systems, with a focus on infiltration of key infrastructures within the region.


Role of OilRig in Attacks

OilRig is another notorious state-sponsored hacking group. At other times, it was known by the designations APT43 and Cobalt Gipsy. Its origins date back to Iranian government sponsorship. And in previous campaigns, OilRig has mainly focused on exploiting exposed servers with web shells - a category of malicious software. This gives attackers the ability to take control of an affected server remotely and run PowerShell scripts from it. As such, such a gain in access allows it to facilitate attackers in finding deeper access into the system.

Once the group fully takes over the system, they exploit the flaw CVE-2024-30088. Microsoft discovered that it had patched this security vulnerability in June 2024 for the Windows operating system. This allows the attackers to elevate their privilege, which gives attackers access to the forbidden areas of the system, thus limiting their operations. According to Microsoft, this is a high-risk vulnerability with a base score of 7.0.


How the Malware Works

This attack utilises a malware referred to as STEEL HOOK, that is a very sophisticated piece of malware. STEALHOOK gathers sensitive information from the infected systems. It tumbles the gathered data with other legitimate data that would aid in its undetected operation. Then, it sends it back to the attackers using an Exchange server. This exfiltrated the data, keeping it hidden from cybersecurity defences. Since it moves as traffic, the attackers subtly can extract sensitive information without immediately causing an alarm.


Ties to Ransomware and Other APT Groups

OilRig's operations closely relate to another Iranian threat group known as FOX Kitten, which is particularly infamous for ransomware campaigns. These connections suggest a broader strategy by Iranian hacking groups in targeting and disrupting key industries, with a specific focus on the energy sector. According to Trend Micro, most of OilRig's targets fall in the energy sector; disruption in such industries could have ripple effects at regional and global levels. This sector is also important, and any extended interference could seriously affect daily life because energy supply lines take such a large part of this region's infrastructure.


Vulnerability Not Yet Flagged By CISA

Shockingly though there is a belief that this flaw is already being exploited, the United States Cybersecurity and Infrastructure Security Agency (CISA) has yet to include CVE-2024-30088 in the Known Exploited Vulnerabilities catalogue. Therefore, for organisations to decide and focus on patching the exploited vulnerabilities used by hackers, this catalogue becomes highly important. Its absence on the list means that there still exists an increased need for a general awareness of the threat and hence affected organisations need to patch up their systems actively.

Among the many malware campaigns that have lately been in view targeting the Middle East, OilRig seemed to reflect the rising complexity and frequency of cyber attacks. In fact, energy sector organisations need to be highly aware of such sophisticated attacks. Ultimately, the case of exploitation involving CVE-2024-30088 would reflect critical and constant risks given by state-sponsored cyber criminals. Meanwhile, it emphasises the advisability of timely software updates and the need for strong cybersecurity measures against unauthorised access and data theft.

In that respect, there is a call for protection of the information systems companies have from these advanced threats from corporate and individual entities. In this respect, OilRig can be prevented through great proactive steps and awareness in preventing these powerful cyberattacks from taking their worse course of follow-up actions.


Read more »
Microsoft
cybercriminals Hacking malware Malware attacks Microsoft

Hackers Exploit Visual Studio Code as a Remote Access Tool, Researchers Find

 

In a new wave of cyberattacks, hackers are using Microsoft’s Visual Studio Code (VSCode) as a remote access tool to gain unauthorized entry into computers, according to Cyble Research and Intelligence Labs. Visual Studio, a popular integrated development environment (IDE) for app development on the .NET framework, supports languages like C#, VB.NET, and C++. 

While the tool is widely used for legitimate purposes, cybercriminals have now found a way to exploit it for malicious activities. The attack begins with a seemingly harmless file, a malicious “.LNK” shortcut, which is likely spread through spam emails. Once opened, the file displays a fake “Installation Successful” message in Chinese. 

In the background, however, it secretly downloads a Python package named “python-3.12.5-embed-amd64.zip” and creates a directory on the target system. This malicious file then executes an obfuscated Python script (update.py) from the online source paste[.]ee, which was not detected by the VirusTotal scanning service. 

To maintain access, the malware sets up a scheduled task, “MicrosoftHealthcareMonitorNode,” which runs every four hours or when the computer starts, using SYSTEM-level privileges. If the system does not have VSCode already installed, the malware fetches the Visual Studio Code Command Line Interface (CLI) from Microsoft’s servers. 

This tool is then used to open a remote tunnel that enables the attackers to generate an 8-character activation code, giving them unauthorized remote access to the victim’s computer. Once access is established, the malware gathers sensitive system information, such as data from critical directories, running processes, user details, and even geographical locations. 

With this, hackers can fully control the victim’s machine, accessing files, directories, and the terminal. This discovery highlights the growing sophistication of cyberattacks and emphasizes the need for vigilance, especially with common developer tools like VSCode. Users are advised to be cautious of unexpected email attachments and ensure their systems are protected against such threats.
Read more »
Password
Cyber Phishing Data Breach Hacking MC2 data Password

MC2 Data Breach Exposes Millions: Stay Protected

 



Cybernews reported on September 23 that background check company MC2 Data suffered a major data breach, exposing 2.2 terabytes of sensitive information. This breach potentially affects about 100 million Americans, raising serious concerns among cybersecurity experts about the risks faced by consumers today.


Why This Breach Matters

This data is considered very sensitive, thought to include passwords, along with identifying details in the form of email addresses. According to Gary Orenstein, Chief Customer Officer at Bitwarden, such information makes it possible for attackers to home in on the high-value targets. With all this, the attackers now have access to current email addresses with other sensitive information and can carry targeted phishing attacks or credential-stuffing attacks on a lot of accounts in the hope of accessing additional ones.

According to Orenstein, one of the scariest things is that hackers may use this data cross-referenced by passwords or slight modifications across many platforms. This may go ahead to help them gain access to several accounts if users have reused or slightly modified the same passwords.


A Growing Threat in Cybersecurity

Take the instance of the MC2 incident; it sharply reminds us that larger trends are existing within cyber threats: data breaches and cyberattacks are on the surge in all sectors. According to Efrat Tabibi, Head of Data at Guardio, "assuming that your sensitive data is always under the threat of being compromised" means "this breach signals assuming that your sensitive data is always vulnerable." This is reality for both consumer and company alike within today's data security landscape.

Tabibi says that the sophistication of attacks is increasing and proactive steps are required. She urges users to utilise such tools that will discover the phishing attacks and alert the user about vulnerabilities and deliver the ability to have real-time protection. "Those days when such tools were optional are over; now they are a must-have," she said.


How to Defend Yourself Against Future Attacks

The fact that breaches such as MC2's have become commonplace dictates that the following is the best course of action consumers can take to protect themselves: experts advise strong, unique passwords for every account and, when possible, that two-factor authentication adds yet another layer of security. Unsolicited emails and messages should be avoided, and personal information should not be requested.

Monitoring accounts to catch any suspicious activity and using a password manager for credential storage and management will be another step. Being one step ahead of attackers, tools that provide real-time phishing and data breach alerts also make their way into the picture.


The Bottom Line

The new data breach by MC2 represents the real threat looming in the cyber space of any organisation, which calls for vigilance on their part. With data being more vulnerable than ever, security experts urge the consumers to seize their weapons and take advantage of the best and readily available tools with best practice to defend their private information. This increased risk calls for not only vigilance but concrete steps in order to remain protected in a growing digital environment.


Read more »
Salt Typhoon
China Cyber Attacks Cyberattack Cybersecurity Data Breach FBI Hacking internet providers Routers Salt Typhoon

Chinese Government-Linked Hackers Infiltrate U.S. Internet Providers in 'Salt Typhoon' Attack

 

Hackers linked to the Chinese government have reportedly breached several U.S. internet service providers, according to The Wall Street Journal. Investigators are calling the cyberattack "Salt Typhoon," which occurred just a week after the FBI dismantled another China-backed operation called "Flax Typhoon." That attack targeted 200,000 internet-connected devices such as cameras and routers.

In the Salt Typhoon incident, hackers infiltrated broadband networks to access sensitive information held by internet service providers. Sources close to the matter told WSJ that unlike past attacks focused on disrupting infrastructure, this one seems to be aimed at gathering intelligence. FBI Director Christopher Wray had warned at the Aspen Cyber Summit that China would persist in targeting U.S. organizations and critical infrastructure, either directly or through proxies.

Chinese cyberattacks have been ongoing, but their complexity and precision have escalated, intelligence officials told the WSJ. Earlier this year, Wray described China's hacking program as the largest in the world, surpassing all other major nations combined.

China has denied involvement in these attacks. Liu Pengyu, spokesperson for the Chinese embassy in Washington, accused U.S. intelligence agencies of fabricating evidence linking China to the Salt Typhoon breach.

The WSJ report revealed that investigators are focusing on Cisco Systems routers, though a Cisco spokesperson said there is no evidence of their involvement. Microsoft is also looking into the attack. Lumen Technologies, the parent company of CenturyLink and Quantum Fiber, recently detected malware in routers that could expose customers' passwords but did not specify which ISPs were affected.

Although there's no indication that individual customers’ data was the target, you can take basic precautions:

  • Change your passwords regularly—especially your Wi-Fi router's password.
  • Consider identity theft protection services, which monitor your credit and banking activity.
  • Review your credit reports regularly to catch any suspicious activity.
Read more »
USDoD
CrowdStrike Cyber Security Hacking Security USDoD

Brazilian Hacker Behind Major Data Leaks



In a recent turn of events, cybersecurity firm CrowdStrike has identified the hacker known as USDoD, who has been linked to numerous data breaches, as a 33-year-old Brazilian man. This hacker, also known by the alias "EquationCorp," has been behind several high-profile cyber attacks targeting prominent organisations, including Airbus, the FBI's InfraGard portal, National Public Data, and TransUnion.

A report obtained by the Brazilian news site TecMundo, from an anonymous source within CrowdStrike, reveals that the individual behind USDoD is Luan BG, a resident of Minas Gerais, Brazil. The report states that CrowdStrike has shared this information with the authorities, which includes details such as his tax registration, email addresses, domains he registered, IP addresses, social media accounts, and his phone number. While personal information about Luan has been uncovered, specific details that could fully reveal his identity have been kept confidential by CrowdStrike, respecting privacy concerns despite his criminal activities.

According to the investigation, Luan BG has been involved in hacking activities since at least 2017, originally engaging in hacktivism. However, by 2022, his activities had escalated into more serious cybercrimes. His operational security mistakes played a crucial role in his identification. For instance, he repeatedly used the same email address and similar phrases across various social media platforms and forums, allowing investigators to track his activities. This email was also linked to personal accounts, domain registrations, GitHub contributions, and social media profiles, which collectively led to his identification. Additionally, early gaps in his technical abilities made it easier for investigators to compile a detailed profile of him, including photos and emails tied to his aliases.

Robert Baptiste, a well-known cybersecurity expert and CEO of Predicta Lab, has confirmed CrowdStrike's findings through an independent investigation. Baptiste’s work corroborates the evidence pointing to Luan BG as the individual behind the USDoD alias.

The report also highlights that Luan BG inadvertently exposed his identity during a 2023 interview with DataBreaches.net, where he falsely claimed to be around 30 years old with dual Brazilian and Portuguese citizenship, residing in Spain. However, further investigation into his online activities, including emails and social media posts, traced his location back to Brazil. Despite his attempts to mislead by claiming U.S. citizenship, CrowdStrike was able to connect him to Brazil using financial records and other digital traces.

Although authorities have been informed about Luan BG’s identity, there is concern that he may continue his cybercriminal activities. Despite the exposure, experts fear that Luan might deny the revelations or downplay them and persist in his illicit endeavours.

The exposure of USDoD’s identity by CrowdStrike is a crucial step in the ongoing battle against cybercrime. It highlights the complex challenges cybersecurity professionals face in tracking down and exposing individuals involved in high-level cyberattacks. As the case unfolds, the impact of this discovery on the broader cybercriminal community will be closely watched.


Read more »
Unicoin
communication cryptocurrency cyber attack Google Drive Hacking Unicoin

Unicoin's Four-Day Cyberattack: Disruption, Recovery, and Ongoing Investigation

 



Unicoin, a leading cryptocurrency company, experienced a cyberattack beginning on August 9, 2024, which severely disrupted its operations for nearly four days. The breach occurred when a hacker gained unauthorised access to the company’s Google G-Suite account, affecting all employees using the "@unicoin.com" domain. As a result, employees were locked out of critical Google services like Gmail and Google Drive, causing major disruptions in internal communication and file sharing.

In a regulatory filing with the U.S. Securities and Exchange Commission (SEC), Unicoin detailed the extent of the attack, noting that the hacker not only altered account passwords but also restricted access to essential tools. The company managed to restore access to its systems by August 13, 2024. However, ongoing investigations have revealed additional issues stemming from the breach.

Several senior management email accounts were compromised, and further investigations uncovered anomalies in the personal information of employees and contractors. The company’s accounting department discovered several discrepancies, including an instance of identity forgery involving a contractor, which led to their immediate termination. Investigators are still determining whether these incidents are isolated or part of a larger cyber threat, potentially involving North Korean hackers.

Financial Impact and Investigation

Despite the severity of the breach, Unicoin has assured its stakeholders that there is no evidence of stolen funds or compromised cryptocurrency assets. While the situation is serious, the company stated that the attack has not immensely impacted its financial condition or operational performance. However, the full extent of the breach is still under review, and Unicoin has not ruled out the possibility of long-term financial consequences.

In its SEC filing, Unicoin emphasised that no immediate financial losses had been identified. The company has committed to continuing its assessment of the situation and will report any significant impact in future filings if necessary.

Cybersecurity Concerns in the Cryptocurrency Sector

Unicoin's adherence to regulatory compliance stands out in the cryptocurrency industry, where oversight is often limited. The company consistently files reports with the SEC, demonstrating its commitment to transparency. With more than $500 million in Unicoins sold and a diverse portfolio that includes real estate and equity investments, the recent cyberattack is a telling event of how even the well regulated firms are not immune to combating such vulnerabilities. 

As investigations continue, the broader cryptocurrency industry will be closely monitoring Unicoin's response to this breach and the steps it takes to better amp up its cybersecurity defenses.

Read more »
Online Payment
Cyber Security fintech threats Hacking North Miami Online Payment

North Miami Mayor’s Gmail Hacked; Ransomware Attack Disrupts City Services


North Miami residents are on edge after Mayor Alix Desulme disclosed that his personal Gmail account was hacked in a ransomware attack. This cyberattack has severely disrupted city operations, leaving many services unavailable online. 

While City Hall has reopened, residents are currently only able to pay bills in person using cash or checks, as the city's electronic payment systems remain offline. 

In a letter addressed to residents on Sunday, Mayor Desulme revealed the extent of the breach: “This incident, which targeted me as your mayor, resulted in unauthorized access to my personal Gmail accounts. As a result, sensitive personal information, including my passport details, bank statements, credit cards, and private images, were potentially compromised.” 

He reassured the public that the attack only affected his personal accounts and did not compromise any City of North Miami systems. However, the disruption to city services has been significant, with online payments being one of the most critical areas impacted. 

Local residents have expressed their frustrations and concerns over the situation. Jacqueline Kemp, a North Miami resident, shared her experience at City Hall, “Everything went smooth. I paid my bill, I got my receipt, and I’m happy.” 

But not all residents were as fortunate. Vella Clement, who tried to pay her water bill, faced difficulties due to the outage,“The water bill is too high. We do not have enough money to pay cash. So I tried to pay with a credit card. I still cannot pay it because the system is down.” 

The ongoing system outage has left many residents worried about the potential exposure of their financial information, especially those who typically rely on online payment options. 

“That concerns me because I usually pay by check and they can have your checking information. Sometimes, I pay online and they can even get your email and hack into your home system,” Kemp added. 

The city is working to restore full services, but the situation is further complicated by Florida law, which prohibits state, county, or city agencies from paying or complying with ransom demands. Residents remain uncertain about when the issue will be fully resolved, adding to the growing anxiety within the community.
Read more »
North Korean
Andariel cyber attack Hacking Healthcare Mandiant Threat Intelligence North Korean

North Korean Hackers Expand Targets to Healthcare and Energy Sectors


 

A recent report by cybersecurity firm Mandiant reveals that Andariel, a North Korean hacking group, is broadening its scope of attacks to include the healthcare, energy, and financial sectors. This group, likely affiliated with the Democratic People's Republic of Korea Reconnaissance General Bureau, has previously targeted government institutions and critical infrastructure.

Andariel's cyber operations have become increasingly sophisticated over the years. According to Mandiant, the group is now being tracked as APT45 and continues to employ advanced tools and techniques to maximise impact while evading detection. These operations often aim to gather intelligence from government nuclear facilities, research institutes, and defence systems.

Michael Barnhart, Mandiant's principal analyst, highlighted that Andariel has been actively seeking blueprints for military advancements, emphasising the group's flexibility in targeting any entity to achieve its goals, including hospitals. Mandiant's report suggests that Andariel has been involved in ransomware development and deployment, operating under various codenames such as Onyx Sleet, Stonefly, and Silent Chollima. There are also links to the DPRK's notorious Lazarus hacking group.

North Korea is one of the few nations that supports for-profit hacking, using stolen funds to support the development of weapons of mass destruction and to bolster its economy. The report notes that Andariel directly targeted nuclear research facilities and power plants in 2019, including a facility in India. Following a suspected COVID-19 outbreak in North Korea in 2021, the group expanded its focus to the healthcare and pharmaceutical sectors.

Government and Defense Espionage

Initially, Andariel's activities centred on espionage campaigns against government agencies and defence industries. Over time, the group has shifted to include financially motivated operations, such as targeting the financial sector. Barnhart attributed many of North Korea's military advancements to Andariel's successful espionage efforts against governments and defence organisations globally.

Use of Artificial Intelligence

The report also references a January warning from the South Korean National Intelligence Service about North Korea's use of generative artificial intelligence technologies to conduct sophisticated cyberattacks and identify potential targets. This development accentuates the growing complexity and adaptability of North Korean hacking groups like Andariel.

Mandiant, a part of Google, has been working closely with multiple U.S. government agencies, including the FBI, to monitor Andariel's activities. This collaborative effort aims to mitigate the threat posed by the group and to protect critical infrastructure from its attacks.

The Mandiant report paints a concerning picture of Andariel's expanding operations and the increasing sophistication of its cyberattacks. As the group continues to evolve and adapt, it remains a substantial threat to various sectors worldwide, including healthcare, energy, and finance.


Read more »
MediSecure
Australia cyber attack Data financial strain Hacking Healthcare MediSecure

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

 



In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.


Read more »
Privacy
Cyberattacks CyberCrime Cybernews CyberThreat Data threats Hacking ObamaCare Password Privacy

Hackers Leak 10 Billion Passwords How Users Should Respond

 


Several months ago, security researchers discovered the world's largest collection of stolen passwords and credentials had been uploaded to an infamous criminal marketplace where cybercriminals would trade such credentials for a considerable amount of money. A hacker known as 'ObamaCare' has posted a database which, according to the hacker, contains nearly 10 billion unique passwords built over many years as a result of numerous data breaches and hacks he has been spreading across the web for several years. 

'ObamaCare', a user identified as 'ObamaCare', posted on a popular hacking forum on Thursday a collection of leaked passwords known as 'RockYou2024'. In the past, 'ObamaCare' has outsourced stolen data on the internet several times and it is not the first time they have done so. According to the report, the user had previously shared a database of Simmons & Simmons employees, a lead from the online casino AskGamblers, and applications from Rowan College in New Jersey before taking down the reports. 

The researchers at CyberNews have reported that on July 4, 2014, a hacker using the handle "ObamaCare" posted a file on a hacking forum that contained 9,948,575,739 unique plaintext passwords. The password dump that was recently found on the web is a more recent version of the "RockYou2021" data leak collection that surfaced in June 2021. 

In that particular instance, there were 8.4 billion unique passwords within the stolen collection of passwords at the time. This goldmine of thousands of unique passwords has been expanded by cybercriminals since 2021. The goldmine now includes 1.5 billion new and unique passwords added by these cyber criminals. “The team verified the leak passwords by cross-referencing the RockYou2024 leak passwords with a leaked password checker provided by Cybernews, which showed that these passwords were obtained from a mix of both old and new leaks,” Cybernews researchers wrote. 

There seem to have been a record number of stolen and leaked credentials discovered on the BreachForums criminal underground forum by security researchers from Cybernews. This collection has been the largest collection that has ever been seen on that site. A compilation of RockYou2024 appears to consist of an astonishing 9,948,575,739 unique passwords, all in plaintext form, with a total of 9,948,575,739 passwords. 

The database is said to have been built from an earlier credentials database called RockYou 2021, which contained eight billion passwords, and that has been added to with roughly 1.5 billion new passwords. The credential files cover a period to be measured between the years 2021 and 2024, and a total of 4,000 huge databases of stolen credentials have been estimated to contain information spanning a minimum of two decades in the latest credential file. 

Researchers stated that, in essence, the RockYou2024 leak contains a compilation of passwords that are used by people around the world. They also stated that, according to the researchers, the number of passwords used by threat actors is very large, which translates into a substantial risk of credential-stuffing attacks. There are several ways in which credential stuffing and brute force attacks can be mounted on passwords that have been leaked in such datasets. In credential stuffing attacks, the criminal acts by which they use passwords that have been stolen from one device or account to gain access to another device or account are described as the practice of the criminals. 

There is a premise at the foundation of this attack that users often have a single password for all of their accounts and devices, which allows criminals to access their account information, including other accounts or all their accounts, using that password. It is a process of using trial and error methods to try and guess sign-in information, passwords, and encryption keys for network systems. This is called a brute force attack. In a report published by Cybernews, the researchers said the database, which can be used to target all sorts of services, from online to offline, to internet-facing cameras and industrial hardware, is among the data. 

"By combining the data from RockYou2024 with other leaked databases from hacker forums, marketplaces, and other places where electronic mail addresses and other credentials can be published, it has the potential to trigger a cascade of data breaches, identity thefts, and financial frauds," the researchers stated. The multi-platform password manager that Bitdefender offers offers numerous benefits, including automatic password leak alerts that alert you as soon as your passwords and emails have been exposed online, with the ability to change them immediately. 

Users are advised to utilize a digital identity protection service to monitor their online identity and receive real-time alerts about data breaches and leaks involving their online information. One such service, Bitdefender Digital Identity Protection, offers a comprehensive solution for identity protection. Bitdefender Digital Identity Protection enables users to respond immediately to data breaches and privacy threats. 

Through instant alerts, users can take swift action to prevent damage, such as changing passwords with one-click action items. The service provides real-time monitoring by continuously scanning the internet and the dark web for personal information. Users receive alerts whenever their data is involved in a data breach or leak. Additionally, Bitdefender Digital Identity Protection offers peace of mind by immediately flagging suspicious activity and actively monitoring personal information. Users can rest assured that their digital identity is under constant surveillance. 

Furthermore, the service provides a 360° view of all data associated with a user’s digital footprint. This includes traces from services no longer in use but still retaining the user’s data. Users can also send requests for data removal from service providers, ensuring a more secure online presence. Overall, Bitdefender Digital Identity Protection is recommended for users seeking to safeguard their online identity and stay informed about potential security threats in real-time.
Read more »
System Security
ARM architecture ARM TIKTAG attack Cyber Attacks Cybersecurity Data Leakage Google Chrome security Hacking Linux Vulnerability Memory Tagging Extension speculative execution attack System Security

New ARM 'TIKTAG' Attack Affects Google Chrome and Linux Systems

 

A newly identified speculative execution attack named "TIKTAG" exploits ARM's Memory Tagging Extension (MTE) to leak data with a success rate exceeding 95%, allowing hackers to circumvent this security feature.

This discovery was detailed in a paper by researchers from Samsung, Seoul National University, and the Georgia Institute of Technology. They demonstrated the attack on Google Chrome and the Linux kernel.

MTE, introduced in ARM v8.5-A architecture and subsequent versions, aims to detect and prevent memory corruption. It utilizes low-overhead tagging by assigning 4-bit tags to 16-byte memory chunks to ensure that the tag in the pointer matches the accessed memory region.

MTE operates in three modes: synchronous, asynchronous, and asymmetric, to balance security and performance.

The researchers identified two gadgets, TIKTAG-v1 and TIKTAG-v2, which leverage speculative execution to leak MTE memory tags efficiently. While leaking these tags doesn't directly reveal sensitive information such as passwords or encryption keys, it can potentially weaken MTE's defenses, making systems vulnerable to covert memory corruption attacks.

TIKTAG-v1 exploits CPU behaviors such as branch prediction and data prefetching to leak MTE tags, particularly affecting the Linux kernel functions involving speculative memory accesses, though kernel pointer manipulation is necessary.

The attack involves using system calls to trigger the speculative execution path and measuring cache states to infer memory tags.

TIKTAG-v2 exploits speculative execution's store-to-load forwarding, where a value stored to a memory address is immediately loaded from the same address. If the tags match, the value is forwarded, altering the cache state; if not, forwarding is blocked, leaving the cache state unchanged.

By probing the cache state post-speculative execution, attackers can deduce the tag check results.

The effectiveness of TIKTAG-v2 was demonstrated against the Google Chrome browser's V8 JavaScript engine, potentially exposing memory corruption vulnerabilities in the renderer process.

The researchers reported their findings to the affected parties between November and December 2023, receiving generally positive feedback but no immediate fixes. Their technical paper on arxiv.org suggests several mitigations:

1. Modify hardware design to prevent speculative execution from altering cache states based on tag check results.
2. Insert speculation barriers (e.g., sb or isb instructions) to block speculative execution of critical memory operations.
3. Add padding instructions to extend the execution window between branch instructions and memory accesses.
4. Enhance sandboxing mechanisms to strictly limit speculative memory access paths within safe memory regions.

ARM acknowledged the seriousness of the situation but did not view it as a compromise of the feature, noting that allocation tags are not intended to be secrets within the address space.

Chrome's security team recognized the issues but chose not to address the vulnerabilities, citing that the V8 sandbox is not designed to ensure the confidentiality of memory data and MTE tags. Additionally, Chrome does not currently enable MTE-based defenses by default, making it a lower priority for immediate fixes.

The MTE vulnerabilities in the Pixel 8 device were reported to the Android security team in April 2024 and were acknowledged as a hardware flaw qualifying for a bounty reward.
Read more »
Shell
Cyber Crime Data Privacy Hacking Sensitive Information Shell

Shell Data Breach: Hacker Group 888 Claims Responsibility

 



A hacker group known as 888 has claimed responsibility for a data breach targeting Shell, the British multinational oil and gas company. The breach, allegedly impacting around 80,000 individuals across multiple countries, has raised significant concerns about data security within the organisation.

The compromised data includes sensitive information such as shopper codes, names, email addresses, mobile numbers, postcodes, site addresses, and transaction details. This information reportedly pertains to Australian users, specifically linked to transactions at Reddy Express (formerly Coles Express) locations in Australia. The hacker, using the pseudonym Kingpin, shared samples of the data on a popular hacking forum, indicating that the breach occurred in May 2024.

The breach affects individuals in several countries, including the United States, United Kingdom, Australia, France, India, Singapore, the Philippines, the Netherlands, Malaysia, and Canada. The extensive range of affected regions stresses upon the potential severity and widespread implications of the breach for Shell’s customers and stakeholders.

At present, there has been no official statement from Shell confirming the breach. The Cyber Express reached out to Shell for verification, but no response has been received. This lack of confirmation leaves the authenticity of the claims uncertain, though the potential risks to those involved are considerable.


This is not the first time Shell has faced cyberattacks. In the past, the company experienced a ransomware attack and a security incident involving Accellion’s File Transfer Appliance. These past events highlight the persistent threat cybercriminals pose to the energy sector.


In response to previous incidents, Shell emphasised its commitment to cybersecurity and data privacy. The company has initiated investigations into the recent claims and is working to address any potential risks. Shell has also engaged with relevant regulators and authorities to ensure compliance with data protection regulations and to mitigate the impact of any breaches.


The situation is still unfolding, and The Cyber Express continues to monitor the developments closely. 


The alleged Shell data breach by hacker group 888 serves as a reminder of the vulnerabilities that even large multinational corporations face in the digital age. As investigations continue, the importance of robust cybersecurity measures and vigilant monitoring cannot be overstated.


Read more »
Windows
CPR Cyber Attacks Hacker attack Hacking Iranian hackers Isreal Linux Public Networks Windows

Iranian Hacker Group Void Manticore Linked to Destructive Cyber Attacks on Israel and Albania

 

A recent report from Check Point Research (CPR) has unveiled the activities of an Iranian hacker group known as Void Manticore, which has been linked to a series of destructive cyber attacks on Israel and Albania. Affiliated with Iran’s Ministry of Intelligence and Security (MOIS), Void Manticore operates alongside another Iranian threat actor, Scarred Manticore, to carry out these attacks. 

The group employs various online personas, such as "Karma" for attacks in Israel and "Homeland Justice" for those in Albania. Their tactics involve gaining initial access to target networks using publicly available tools and deploying custom wipers to render data inaccessible on both Windows and Linux systems. CPR’s analysis details a systematic collaboration between Void Manticore and Scarred Manticore. Initially, Scarred Manticore gains access and exfiltrates data from targeted networks. 

Control is then transferred to Void Manticore, which executes the destructive phase of the operation. This strategic partnership amplifies the scale and impact of their cyber attacks. The report underscores the similarities in the attacks on Israel and Albania, including the exploitation of specific vulnerabilities for initial access, the use of similar tools, and the coordinated efforts between the two groups. These overlaps suggest a well-established routine for the Iranian hacker groups. 

Void Manticore's toolkit includes several custom wipers, such as the CI Wiper, Partition Wipers like LowEraser, and the recently deployed BiBi Wiper, named after Israeli Prime Minister Benjamin Netanyahu. These wipers specifically target files and partition tables, using advanced techniques to corrupt files and disrupt system functionality. 

The revelation of Void Manticore's activities and its collaboration with Scarred Manticore underscores the growing sophistication and coordination of state-affiliated cyber threat actors. The combined use of psychological tactics and destructive malware represents a significant escalation in cyber warfare, posing substantial risks to national security and critical infrastructure. 

As these cyber threats continue to evolve, it is imperative for nations and organizations to strengthen their cybersecurity defenses and enhance their capabilities to detect, mitigate, and respond to such sophisticated attacks. The report from CPR serves as a crucial reminder of the persistent and evolving nature of cyber threats posed by state-affiliated actors like Void Manticore and Scarred Manticore.
Read more »
Sensitive Information
Cloud Cyber Attacks fake websites Financial Scam Financial Theft Gift Card Hacking Microsoft Moroccan Cybercrime Phishing Attack Sensitive Information

Moroccan Cybercrime Group Storm-0539 Exploits Gift Card Systems with Advanced Phishing Attacks

 

A Morocco-based cybercrime group, Storm-0539, is making headlines for its sophisticated email and SMS phishing attacks aimed at stealing and reselling gift cards. Microsoft's latest Cyber Signals report reveals that this group is responsible for significant financial theft, with some companies losing up to $100,000 daily. 

First identified by Microsoft in December 2023, Storm-0539, also known as Atlas Lion, has been active since late 2021. The group employs social engineering techniques to harvest victims' credentials through adversary-in-the-middle (AitM) phishing pages. They exploit this access to register their own devices, bypass authentication, and maintain persistent access to create fraudulent gift cards. 

The group's attack strategy includes gaining covert access to cloud environments for extensive reconnaissance, targeting large retailers, luxury brands, and fast-food chains. They aim to redeem and sell gift cards on black markets or use money mules to cash out. This marks an evolution from their previous tactics of stealing payment card data via malware on point-of-sale (PoS) devices. 

Microsoft noted a 30% increase in Storm-0539's activities between March and May 2024, emphasizing their deep understanding of cloud systems to manipulate gift card issuance processes. In addition to stealing login credentials, Storm-0539 targets secure shell (SSH) passwords and keys, which are either sold or used for further attacks. The group uses internal company mailing lists to send phishing emails, enhancing their credibility and sets up new phishing websites by exploiting free trial or student accounts on cloud platforms. 

The FBI has warned about Storm-0539's smishing attacks on retail gift card departments, using sophisticated phishing kits to bypass multi-factor authentication (MFA). The group's ability to adapt and pivot tactics after detection underscores their persistence and resourcefulness. Microsoft urges companies to monitor gift card portals closely and implement conditional access policies to strengthen security. They highlight the effectiveness of using additional identity-driven signals, such as IP address and device status, alongside MFA. 

Meanwhile, Enea researchers have identified broader criminal campaigns exploiting cloud storage services like Amazon S3 and Google Cloud Storage for SMS-based gift card scams. These scams use legitimate-looking URLs to bypass firewalls and redirect users to malicious websites that steal sensitive information. 

Storm-0539's operations exemplify the increasing sophistication of financially motivated cybercriminals, borrowing techniques from state-sponsored actors to remain undetected. As these threats evolve, robust cybersecurity measures and vigilant monitoring are crucial to protect sensitive information and financial assets.
Read more »
phishing
Data Breach database Dell Hacking Personal Information phishing

Dell Data Breach Exposes Personal Information Of 49 Million

 




Dell, the renowned computer manufacturer, has issued a cautionary notice to its customers regarding a disconcerting data breach. The breach, which affects an estimated 49 million customers, involves unauthorised access to an online portal containing sensitive customer information. Dell has disclosed that the breached data includes customers' names, physical addresses, and detailed information regarding Dell hardware purchases such as service tags, item descriptions, order dates, and related warranty details. Notably, the compromised information excludes financial details, email addresses, and telephone numbers. Dell accentuated its collaboration with law enforcement and a third-party forensics firm to thoroughly investigate the breach. While Dell declined to specify the number of affected individuals, it assures ongoing efforts to address the incident.

Data for Sale on the Dark Web

Disturbingly, reports have surfaced indicating that a threat actor, operating under the pseudonym Menelik, endeavoured to sell a database containing Dell customer information on a prominent hacking forum. The compromised data encompasses purchases spanning from 2017 to 2024, affecting a staggering 49 million customers. While Dell's initial notification primarily encompasses personal purchases, the breadth of the breach extends its tendrils to affect consumers, enterprises, partners, and educational institutions alike.

In the wake of such an imminent breach, customers are vehemently advised to exercise utmost caution against potential phishing attacks. Armed with comprehensive customer information, malicious actors may orchestrate targeted scams through various mediums, ranging from deceptive emails to physical mail. The criticality of vigilance cannot be overstated, as hackers may employ sophisticated tactics, such as tech support or invoice scams, to extract sensitive information from unsuspecting victims. Furthermore, there exists a palpable risk of malware dissemination through malicious flash drives, underscoring the imperative for users to exercise discretion when interacting with external storage devices.

In response to the breach, Dell has initiated a rigorous investigation, leveraging the expertise of law enforcement agencies and third-party forensic specialists. While the company reassures customers that no financial or payment data, email addresses, or telephone numbers were compromised, it acknowledges the severity of the breach and the pressing need for proactive measures to secure customer data security.

As investigations progress, affected customers are implored to remain informed and enact robust security measures to mitigate the inherent risks associated with potential phishing and malware attacks, thereby safeguarding their sensitive personal information from malicious exploitation.





Read more »
Hacking
CoinDesk Crypto ISAC cryptocurrency Cyber Security Hacking

Crypto’s New Cybersecurity Initiative Led by Justine Bone

 



The cryptocurrency sector is on the brink of a paradigm shift in cybersecurity as it gears up to launch Crypto ISAC (Information Sharing and Analysis Center), under the adept leadership of cybersecurity expert Justine Bone. Bone, acclaimed for her crucial role in instigating recalls of vulnerable medical devices, brings over two decades of expertise to the forefront, promising a formidable defence against cyber threats within the existing institution of digital assets.  

Set to make its debut at CoinDesk's prestigious Consensus 2024 event in Austin, Texas, Crypto ISAC is backed by a consortium of founding members, including major exchanges, stablecoin issuers, and custody firms. This collaborative effort marks an essential moment in the industry's journey towards fortifying security measures in light of persistent hacking incidents and unlawful activities.

The inception of Crypto ISAC stems from a collective acknowledgment within the cybersecurity community of the urgent need for a centralised platform to facilitate seamless information sharing and in-depth analysis. Bone, in an exclusive interview with CoinDesk, stressed upon the turning role of ISACs as trusted intermediaries in establishing collaboration and rapid responses to emerging security threats.

Drawing inspiration from the community-driven principles of neighbourhood watch programs, ISACs serve as vital means bridging the gap between public and private sector entities. By aligning itself with established sectors such as healthcare and finance, Crypto ISAC aims to elevate the credibility of the crypto industry while shoring up defences in order to combat cyber threats. 

With a diverse membership comprising crypto-native companies, investors, and cybersecurity solution providers, Crypto ISAC endeavours to engineer a robust ecosystem for active threat mitigation. They are leveraging a rigorously vetted information-sharing protocol, the platform ensures the timely dissemination of threat intelligence to empower members to preemptively address evolving cyber threats.

Bone's illustrious career trajectory, spanning notable roles at Dow Jones and Bloomberg, accentuates her leadership prowess in steering Crypto ISAC towards effective cybersecurity governance. The organisation's pursuit of FedRAMP readiness further underscores its commitment to delivering top-tier services.

As the launch date for Consensus approaches, members eagerly anticipate gaining access to a comprehensive collection of information on potential threats. With a focus on working together, being transparent, and staying strong, Crypto ISAC promises to bring a new level of security and trust to the cryptocurrency world.


Read more »
Subscribe to: Posts (Atom)