Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Ars Technica

270

Image Credit: Ars Technica

Tech support scammers inject malicious phone numbers into big-name websites

Tech support scammers have found a way to inject fake phone numbers into popular websites like Apple, PayPal, Netflix, and others.
The scam aims to trick users into calling these malicious numbers.
The scammers buy Google ads that show up in search results for well-known sites.
When a user clicks on these ads, they are taken to the official site, but fake numbers are injected into the page.
Google allows parameters to be added to ad links, which the scammers exploit.
The added parameters are not visible in the ad, making it hard for users to detect the scam.
The injected numbers can deceive users into thinking they are contacting genuine support.
The scam has affected various websites, but some are implementing filters to block the malicious parameters.
Scammers mainly target Google ads in this tactic.
Users with vision or cognitive impairments may be especially vulnerable to this type of scam.
When victims call the fake numbers, scammers try to deceive them into sharing sensitive information or grant access to their devices.
Scammers posing as representatives of big companies like Bank of America or PayPal aim to steal financial information.
Malwarebytes' browser security tool now alerts users to these scams.
Avoid clicking on links in Google ads and prefer organic search results to stay safe from such scams.
The injected phone numbers can be misleading, especially for those in a rush or tired.
Despite security measures, websites are unable to distinguish the injected content as fake during this scam.

Read Full Article

16 Likes

Tech Radar

343

Image Credit: Tech Radar

Jaw-dropping security flaws found in open source code could allow hackers to spirit away entire projects - here's what devs need to know

Sysdig's Threat Research Team uncovered critical vulnerabilities in GitHub Actions workflows that could lead to attackers gaining control over repositories or extracting sensitive credentials.
The pull_request_target trigger in GitHub Actions is highlighted as a major security risk, allowing execution of untrusted code and access to secrets like GITHUB_TOKEN and repository secrets.
Several high-profile projects, including those from MITRE and Splunk, were compromised as a result of misconfigurations in GitHub Actions workflows.
Despite best practices and documentation, repositories continue to use insecure configurations due to oversight or lack of awareness.
The risks associated with the pull_request_target trigger are demonstrated through real examples, such as the Spotipy and MITRE repositories.
Sysdig recommends reassessing the use of pull_request_target, separating workflows, implementing unprivileged checks, and limiting token capabilities to enhance security.
Real-time monitoring tools like Falco Actions are suggested to provide additional protection against potential attacks.
Developers are urged to prioritize security measures to safeguard their projects from vulnerabilities in GitHub Actions workflows.
Exploiting insecure workflows in GitHub Actions can lead to severe consequences, such as unauthorized access and leakage of sensitive information.
Vulnerabilities in workflow configurations pose a significant threat to the integrity and security of open-source projects hosted on GitHub.
GitHub Actions, while powerful for automation, can introduce hidden security risks if not configured and monitored properly.
The exposure of secrets and vulnerabilities in GitHub Actions workflows underscores the importance of implementing robust security practices.
Incidents like the compromises in MITRE and Splunk repositories illustrate the real-world implications of insecure GitHub Actions configurations.
Security experts emphasize the need for developers to stay vigilant and adopt secure practices in utilizing GitHub Actions for software development.
The implications of misconfigurations in automated workflows extend beyond individual projects, impacting the broader ecosystem of open source software on GitHub.
Sysdig's findings serve as a wake-up call for the software development community to prioritize security and address vulnerabilities in their GitHub Actions workflows.

Read Full Article

20 Likes

Securityaffairs

340

Image Credit: Securityaffairs

Healthcare services company Episource data breach impacts 5.4 Million people

A data breach at healthcare services company Episource has exposed personal and health data of over 5.4 million individuals in a major cyberattack.
Episource is a U.S.-based company providing risk adjustment services and clinical data analytics to health plans and organizations.
The breach was detected on February 6, 2025, with a threat actor accessing and copying data from January 27 to February 6.
Episource shut down its systems, initiated an investigation, and informed law enforcement about the security breach.
Exposed data included contact details, health insurance information, medical records, and limited Social Security numbers or birth dates.
Episource began notifying affected customers starting April 23, 2025, and emphasized that not all individuals had the same data compromised.
Individuals are advised to monitor their health, financial, and tax records for any unusual activity following the breach.
Recent cyberattacks on healthcare organizations, like Yale New Haven Health System, highlight the ongoing cybersecurity threats in the industry.
Yale New Haven Health System disclosed a data breach in April, impacting 5.5 million patients.
YNHHS is the largest healthcare network in Connecticut, providing a wide range of medical services and facilities.

Read Full Article

20 Likes

TechBullion

332

Image Credit: TechBullion

Why Corporate Executives Are Choosing Armored Sedans Over Traditional Security Details

Corporate executives are choosing armored sedans over traditional security details as personal security becomes a strategic necessity.
Armored sedans combine enhanced protection with secrecy, moving away from noticeable security teams for a low-profile solution.
They offer ballistic and explosive protection meeting high standards like CEN 1063 BR6 or BR7, essential for volatile environments.
Armored sedans maintain a discrete profile, resembling luxury non-armored vehicles like Mercedes-Benz S-Class or BMW 7 Series.
Enhancements include custom suspension, high-performance braking systems, and re-engineered drivetrains for threat scenarios.
Armored sedans feature autonomous threat response, high mobility for fast exits, and evasive maneuvers, providing strategic advantages.
Customizable protection features such as escape hatches and route-based analysis cater to varying security needs.
Integration of intuitive controls, surveillance features, and low cognitive load systems for executive ease of use.
While the initial cost is high, armored sedans offer cost-efficiency over time compared to traditional security convoy expenses.
Armored sedans serve as a self-contained security solution, saving time, money, and reducing operational vulnerabilities for corporate leaders.

Read Full Article

20 Likes

Discover more

Pymnts

293

Image Credit: Pymnts

Abacus Group Acquires Entara to Bolster Cybersecurity Offering

Abacus Group has acquired Entara, a Chicago-based managed services provider specializing in financial services sector.
The acquisition aims to enhance Abacus Group's cybersecurity, professional services, and digital infrastructure offerings.
Abacus Group plans to extend Entara's incident response capabilities to its clients and bring AI-driven ServiceNow platform for improved service experience.
The merger enables global expansion of managed IT and cybersecurity services through the abacusFlex platform.
This combination benefits clients of all sizes, offering premium and compliant services to financial managers and multinational organizations.
Entara's founder mentioned the merger creates a unique provider in the cybersecurity landscape by scaling service levels without losing personal attention.
Cybersecurity company Cerby emphasized the importance of secure digital identities in the era of AI.
Cerby focuses on securing nonstandard applications that are often neglected by traditional identity platforms.
These applications, not easily integrated with modern identity standards, can be vulnerable to exploitation by bad actors.
Cerby engages with security teams and line-of-business owners to address unique security dynamics.
The news was originally reported by PYMNTS.com.
The acquisition of Entara by Abacus Group is set to bolster Abacus Group's cybersecurity offerings.
The merger will provide enhanced incident response capabilities and AI-driven services to clients.
The collaboration aims to deliver premium and regulatory-compliant services to financial managers and multinational organizations.
The merger aims to scale services from high-touch boutique levels to enterprise-grade global operations.
Entara's specialized incident response capabilities will strengthen Abacus Group's cybersecurity defenses.
The news highlights the growing importance of cybersecurity in the financial services sector.

Read Full Article

17 Likes

Mcafee

10h

Image Credit: Mcafee

Navigating cybersecurity challenges in the early days of Agentic AI

Agentic AI involves AI systems working together unsupervised, like finding events to attend.
Requires building blocks like Large Language Models and invoking tools for tasks.
Potential to augment human productivity but poses cybersecurity challenges.
Security implications around Agentic AI include threats of scams and exploitation.
Cybercriminals can leverage Agentic AI for phishing, social media manipulation, and scams.
Possible vulnerabilities include injection points and errors in AI behavior.
Need for caution in adopting and using Agentic AI to prevent exploitation and cyber attacks.
Urges vigilance, caution, and robust cybersecurity measures in the era of Agentic AI.
Agentic AI offers opportunities for improvement but requires safeguards against misuse.
Important to be aware of potential threats and take proactive cybersecurity measures.

Read Full Article

3 Likes

Socprime

10h

171

Image Credit: Socprime

AI Threat Intelligence

Generative AI (GenAI) is reshaping the threat intelligence domain, enabling real-time analysis and more scalable defenses.
AI in Threat Intelligence is crucial for transforming data interpretation and acting on threats strategically, operationally, and tactically.
AI automates long-term planning, situational awareness, and response to immediate threats in organizations.
It plays a key role in every phase of the Threat Intelligence Lifecycle, from collection to planning and feedback.
AI-based threat protection utilizes ML, NLP, and behavioral analytics for real-time threat detection and response.
Use cases for AI in Threat Intelligence include aggregating data, NLP, pattern recognition, IOC discovery, and more.
Advantages of AI in Threat Intelligence include accelerated processing, continuous monitoring, predictive insights, and scalability.
Challenges include adversarial manipulation, human-AI synergy, bias, and compliance complexity.
The future of AI in threat intelligence involves predictive modeling, autonomous hunting, and self-optimizing defenses.
AI-native threat intelligence shifts to autonomous AI-driven threat detection and response for more adaptive and proactive defense.
SOC Prime's AI SOC Ecosystem combines AI speed with human expertise to enhance threat intelligence programs.

Read Full Article

10 Likes

The Verge

11h

177

Image Credit: The Verge

Facebook rolls out passkey support to fight phishing attacks

Facebook is introducing passkey support on its mobile app for enhanced security against phishing attacks.
Passkeys allow users to log in using fingerprint, face scan, or PIN, making it harder for unauthorized access.
Passkeys are more secure than traditional passwords as they can't be stolen or leaked, providing protection against phishing scams.
Browser integration with passkeys ensures they only work on genuine domains and not on fake login pages.
Meta, Facebook's parent company, plans to launch passkey support on Android and iOS soon, extending to the Messenger app as well.
Various big tech companies like Google, Microsoft, Apple, and WhatsApp already use passkeys for secure sign-ins.
Users can still utilize passwords, physical security keys, or two-factor authentication in addition to passkeys for logging in.
In addition to account logins, passkeys can be used for autofilling payment information on Meta Pay.

Read Full Article

10 Likes

Siliconangle

153

Image Credit: Siliconangle

UBS confirms employee data leak after ransomware attack on supplier

UBS Group AG confirms employee data stolen and published online after ransomware attack on third-party supplier, Chain IQ Group AG.
About 130,000 UBS employees' data was exposed, including names, email addresses, phone numbers, positions, languages spoken, and office locations.
No client data was affected, and UBS swiftly took action to mitigate operational impact.
World Leaks, formerly known as Hunters International, is believed to be behind the attack, employing a data theft and threat approach instead of encryption-based ransomware tactics.
Chain IQ Group AG, the affected supplier, serves numerous clients, including Swiss Life, AXA, FedEx, IBM, Swisscom, KPMG, and Pictet Group, with Pictet confirmed as affected.
Implications of the breach extend to potential scams, fraud, and phishing attacks targeting bank employees, clients, and the Swiss banking industry as a whole.
The use of generative AI tools for impersonation amplifies risks, including potential blackmail and money laundering via social engineering.
Third-party exposure risks in interconnected enterprise ecosystems are highlighted by the Chain IQ breach, emphasizing the attractiveness of suppliers as targets for threat actors seeking leverage.

Read Full Article

9 Likes

Siliconangle

151

Image Credit: Siliconangle

Bitdefender to acquire Mesh Security to bolster email protection for managed service providers

Bitdefender has announced the acquisition of Mesh Security Ltd., a provider of advanced email security solutions for managed service providers.
Mesh Security, founded in 2020, specializes in email protection solutions tailored for MSPs, offering various deployment options and a dual-layered email security approach.
Mesh Security's technology uses machine learning, passive DNS, fuzzy hashing, and global threat intelligence to detect and protect against threats like phishing, ransomware, and impersonation scams.
The platform facilitates centralized multi-tenant management, automated policy enforcement, and integrates with tools like ConnectWise and Kaseya for licensing and billing.
Post-acquisition, Bitdefender plans to incorporate Mesh's email security capabilities into its GravityZone platform, enhancing its cybersecurity offering for MSPs.
Bitdefender aims to leverage Mesh's technology to strengthen its email protection services and expand its global network of channel and MSP partners.
Mesh Security had previously raised $4.5 million from Booster Ventures before being acquired by Bitdefender.

Read Full Article

9 Likes

TechJuice

Image Credit: TechJuice

Iranian Crypto Exchange Nobitex Hacked BY Israeli Hackers as War Enters Cyberspace

Iran's largest cryptocurrency exchange, Nobitex, was hacked on June 18, resulting in the theft of digital assets, with estimates ranging from $73 million to over $100 million.
The attack was claimed by Gonjeshke Darande, a pro-Israel hacking group with a history of targeting Iranian infrastructure amidst escalating tensions between the two countries.
Nobitex, with over 7 million users, has been linked to the IRGC, Iranian government figures, and sanctioned entities like Hamas, Palestinian Islamic Jihad, and the Houthis.
The hackers exploited vanity blockchain addresses containing anti-IRGC messages, suggesting a geopolitical motive rather than purely financial gain.
Blockchain analysis indicates that the hackers may not have access to the stolen funds, implying a politically motivated hack.
The use of anti-IRGC messages in the addresses aims to weaken Iran's position amid the conflict.
The hack disrupted Nobitex's services and targeted the exchange due to its alleged role in evading sanctions and financing geopolitical strategies.
Iran has restricted internet access following the hack as a precaution against further cyberattacks.
The stolen funds have not been moved from the original wallets, supporting the theory of a politically driven attack.

Read Full Article

5 Likes

Hackernoon

237

Image Credit: Hackernoon

Halo Security Honored With 2025 MSP Today Product Of The Year Award

Halo Security has won the 2025 MSP Today Product of the Year Award for its attack surface management solution.
The award recognizes products reshaping the managed services landscape, meeting evolving end-user needs.
Halo Security's platform enables organizations and MSPs to discover, monitor, and secure internet-facing assets.
It combines attacker-like discovery, security monitoring, vulnerability scanning, and penetration testing services.
The platform offers easy client management, integrations with tools like Slack, Jira, and cloud providers.
MSPs can deliver scalable security services with features like PCI compliance reporting, dark web monitoring, and DAST.
Lisa Dowling, CEO of Halo Security, highlighted their mission to provide visibility into digital presence.
Rich Tehrani, CEO of TMC, praised Halo Security's commitment to the Channel and product innovation.
Winners will be featured on MSP Today and TMCnet's media platforms.
Halo Security offers external attack surface management with asset discovery, risk assessment, and penetration testing.
MSP Today is a key resource for managed service providers globally, delivering news and product insights.
TMC has been honoring technology companies for over 20 years, providing valuable insights for global buyers.

Read Full Article

14 Likes

Wired

10h

Image Credit: Wired

Iran’s Internet Blackout Adds New Dangers for Civilians Amid Israeli Bombings

Iran has a history of controlling and shutting down internet access for its citizens, impacting information flow and the economy.
During the conflict with Israel and recent bombings, Iran has imposed internet restrictions, limiting communication and access to information.
The internet connectivity in Iran dropped significantly following the conflict escalation, affecting various service providers.
Iranian authorities have restricted international internet access to prevent potential cyberattacks and maintain control over information.
Reports indicate severe disruptions in mobile data services and VPNs, making communication and information dissemination challenging.
Internet shutdowns are a common tactic in repressive regimes to curb protests, restrict communication, and control information flow.
Countries like Iran develop intranet systems to censor content, promote domestic apps, and exert control over the internet.
Despite claims of cybersecurity protection, internet shutdowns primarily aim to control and limit information to maintain power.
Experts suggest that internet shutdowns are ineffective against state-level cyberattacks and mainly restrict access to information for society.
The ultimate goal of internet restrictions in Iran is speculated to be about controlling the population and narrative, rather than cybersecurity.

Read Full Article

3 Likes

TechJuice

10h

343

Image Credit: TechJuice

US Fights Iranian Cyberattacks: $10M for IOControl Hacker Info

The U.S. State Department offers a $10 million reward for identifying Iranian hackers behind IOControl malware targeting critical infrastructure like industrial control systems globally.
The reward is part of the Rewards for Justice (RFJ) program and focuses on CyberAv3ngers, a hacking group tied to Iran’s Islamic Revolutionary Guard Corps Cyber-Electronic Command.
The reward notice targets an online persona known as "Mr. Soul" associated with CyberAv3ngers.
IOControl (OrpaCrab) malware is designed to target Industrial Control Systems (ICS) and SCADA devices crucial for managing sectors like water, energy, and manufacturing.
IOControl enables remote control of infected devices and movement within victim systems, compromising industrial technologies from various vendors.
IOControl has been linked to attacks on water treatment facilities in the U.S. and Israel, as well as fuel management systems, causing disruptions.
The malware leverages the MQTT protocol for secure command-and-control communications and supports commands for executing code and port scans.
The reward aligns with escalating military and cyber tensions between Israel and Iran, with U.S. officials anticipating intensified Iranian cyberattacks on critical infrastructure.
Amidst concerns about potential disruptions and the sanctioning of individuals linked to the IRGC-CEC, the U.S. pursues identifying hackers behind IOControl.
Attacks using IOControl, while not highly sophisticated, have been disruptive, with instances of cutting off water supplies to project power and induce fear.
The initiative indicates a focus on combating cyber threats and ensuring the security of critical infrastructure amid increasing tensions in the cyber realm.
The U.S. State Department's move aims to enhance cybersecurity efforts and deter malicious cyber activities targeting vital systems.
The Malware IOControl's use in targeting industrial systems underscores the need for heightened vigilance and proactive measures to safeguard critical infrastructure.
Given the significance of the issue, the U.S. government takes proactive steps to identify and counteract cyber threats, contributing to global cybersecurity efforts.
The $10 million reward reflects the seriousness with which the U.S. views cyber threats and the importance of deterring malicious actors from targeting critical infrastructure.
The announcement of the reward demonstrates the U.S. government's commitment to cybersecurity and the protection of essential services from cyberattacks.

Read Full Article

20 Likes

Tech Radar

11h

Image Credit: Tech Radar

Top email hosting provider Cock.li hacked - over a million user records stolen

Email hosting provider Cock.li, known for its popularity among hackers, has been hacked, compromising sensitive data of over a million users.
A threat actor is selling two Cock.li databases on the dark web, containing email addresses, login details, contact information, and user preferences.
Cock.li confirmed the authenticity of the leaked data and urged users to change their passwords.
The hacker exploited a vulnerability in Cock.li's Roundcube webmail platform, affecting users who logged in since 2016.
Sensitive information of approximately 1,023,800 users and 10,400 contact entries were compromised in the breach.
The stolen data includes email addresses, login timestamps, preferences, names, emails, vcards, and comments.
Passwords, emails, IP addresses, and data of non-webmail users were reportedly not compromised in the breach.
Cock.li, a German email provider focusing on privacy, decided to abandon Roundcube due to an exploited remote code execution flaw.
After the breach, Cock.li experienced disruptions and the databases were put up for sale on the dark web for one bitcoin.
Cock.li admin team advised users to update their passwords as a precautionary measure.

Read Full Article

1 Like

For uninterrupted reading, download the app