Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

TechCrunch

255

Image Credit: TechCrunch

Microsoft to launch new custom chips for data processing, security

Microsoft revealed new custom chips, including the Azure Boost DPU for data processing.
The Azure Boost DPU is designed for efficient and low-power data-centric workloads on Azure cloud.
Microsoft also introduced the Azure Integrated Hardware Security Module (HSM) for enhanced cloud security.
The Azure Integrated HSM will be installed in every new server in Microsoft's datacenters starting next year.

Read Full Article

15 Likes

TechCrunch

360

Image Credit: TechCrunch

Microsoft beefs up Windows security with new recovery and patching features

Microsoft is strengthening Windows security with new recovery and patching features.
A new capability called Quick Machine Recovery will allow IT admins to remotely fix software issues on Windows machines that cannot boot.
Microsoft is testing a way to let security products run outside of 'kernel mode,' addressing the root cause of the CrowdStrike outage in July.
Other updates include the introduction of Administrator Protection and hot-patching, aiming to provide enhanced security and user experience.

Read Full Article

21 Likes

Silicon

1.2k

Image Credit: Silicon

German Facebook Users Eligible For Compensation Over Data Breach

Millions of German Facebook users are eligible for compensation over a data leak that occurred in 2018-2019.
Germany's highest civil court, the Federal Court of Justice (BGH), ruled that users' loss of control over their data warrants damages, without the need to prove specific financial losses or misuse of the data.
The ruling acts as a precedent for similar cases currently being processed in German courts.
Approximately six million people in Germany were affected by the data leak.

Read Full Article

6 Likes

Tech Radar

100

Image Credit: Tech Radar

Ford says it is investigating claims thousands of workers have had data leaked online

Ford is investigating claims of a data breach after internal company information was found on the dark web.
A known hacker, EnergyWeaponUser, posted a thread on BreachForums offering Ford's data for free.
Ford confirmed the investigation and is actively looking into the allegations of data theft.
There is no confirmation yet on the authenticity of the stolen data.

Read Full Article

6 Likes

Discover more

Tech Radar

114

Image Credit: Tech Radar

Phishing emails using SVG attachments to help get away with attacks

Security researchers have identified phishing emails with SVG attachments as a new tactic used by hackers.
SVG attachments can bypass email protections, allowing malicious content to be delivered to victims' inboxes.
These attachments, built using XML-based code, cannot be analyzed by traditional antivirus programs.
The best defense against such attacks is to rely on common sense, identifying and reporting phishing emails.

Read Full Article

6 Likes

Siliconangle

346

Image Credit: Siliconangle

Akamai expands Guardicore Segmentation to AWS, enhances zero-trust network access solution

Akamai Technologies expands Guardicore Segmentation to AWS for increased cloud security and application performance.
Akamai Guardicore Segmentation provides microsegmentation capabilities to isolate and protect critical applications and workloads.
The service offers agentless support for platform-as-a-service resources on Azure and AWS, enhancing cloud-native visibility and enforcement.
Akamai introduces new features to its zero-trust network access solution, Enterprise Application Access, to optimize application performance.

Read Full Article

20 Likes

Wired

155

Image Credit: Wired

ICE Can Already Sidestep Sanctuary City Laws Through Data-Sharing Fusion Centers

A report from the Surveillance Technology Oversight Project (STOP) reveals that federal/local data-sharing centers known as "fusion centers" already result in cooperation between federal immigration authorities and sanctuary-city law enforcement.
ICE agents have been using fusion centers to access data from local law enforcement databases and regional surveillance tools, such as face recognition systems, to aid in immigration enforcement in sanctuary cities.
The sharing of data through fusion centers potentially violates local laws, but is less obvious than if it occurred through a direct channel, undermining the purpose of sanctuary city laws.
STOP warns that the erosion of guardrails around data sharing in fusion centers could become a national security issue and lead to repurposing of the infrastructure for different law enforcement initiatives in the future.

Read Full Article

9 Likes

Kaspersky

269

Image Credit: Kaspersky

Kaspersky Password Manager Update | Kaspersky official blog

Kaspersky has updated its password manager for mobile devices, which will roll out on all app stores over November 2024
Kaspersky has added a navigation bar with sections for core features, in-app search, and tools
The navigation bar now hosts all core functionalities at the bottom of the mobile screen
Favorites are more easily managed with added pinning functionality at the top of the list
Kaspersky has shifted the password generator, import and security-check features to a new Tools section
Clicking on the magnifying glass icon in the search enables users to search among dozens or even hundreds of unique passwords for accounts
Kaspersky Password Manager can now remember users' last search within the current session or until app restart in the current session
The update has added additional filtering options
Kaspersky's iOS 18 users have been cautioned that due to Apple's policies, a default source for auto-filling passwords and logins has been established
To rectify the issue, the 'AutoFill & Passwords' section in the device settings must be selected and a source chosen, which Kaspersky Password Manager can be set as the preferred password auto-filling source

Read Full Article

16 Likes

The Register

429

Image Credit: The Register

Join in the festive cybersecurity fun

The SANS Holiday Hack Challenge 2024: Snow-maggedon is starting on 7th November and will run for eight weeks.
The challenge covers various cyber defense and offense disciplines, including reverse engineering, hardware hacking, and threat hunting.
Participants can choose between easy and hard modes and track their progress on a live scoreboard.
Winners will receive prizes such as access to a free SANS OnDemand cyber security course and a subscription to the NetWars Continuous cyber range platform.

Read Full Article

25 Likes

Dev

383

Image Credit: Dev

SafeLine WAF Waiting Room: The Terminator of HTTP Flood DDoS Attack

SafeLine WAF Waiting Room is an anti-HTTP Flood DDoS attack/CC attack feature that can effectively smooth peak loads when simultaneous visits to the website are too high.
HTTP flood DDoS attacks operate at the HTTP layer and simulate multiple legitimate users continuously sending requests to consume server resources, thus preventing normal users from accessing the server.
The most common way to defend against HTTP flood DDoS attacks is to limit the frequency of visits from the source IP. But this method has many drawbacks such as the problem of large proxy IPs and sudden business peaks.
SafeLine WAF Waiting Room is a user-friendly feature designed to handle high traffic peaks that might overwhelm a website server. It provides a solution to rate-limit user traffic and prevent server crashes.
The SafeLine Waiting Room can be enabled simply by clicking the 'HTTP Flood' button on the interface and configuring the waiting room parameters to handle the peak traffic.
The SafeLine WAF Waiting Room is very effective and user-friendly. It uses WebSocket to implement queuing logic, ensuring performance and security.
SafeLine WAF offers a Discord community where users can discuss WAF technology and share their experiences.

Read Full Article

23 Likes

Pymnts

433

Image Credit: Pymnts

Cutting the Checks: Boosting Commercial Payment Speed and Security With Virtual Cards

Virtual cards, which are digital versions of traditional credit or debit cards, eradicates challenges associated with traditional paper-based and manual payment processes that present delays to fraud threats and disrupts operations and relationships.
The virtual card benefits include minimising delays, reducing fraud risk and improving efficiency, and can help businesses to stabilise cash flow and strengthen B2B relationships.
Out of US firms, nearly three in five contend with late B2B payments, with one-third enduring delays of over 90 days, according to a survey conducted in 2024.
Heads of payments say fast and convenient payment methods like virtual cards boost the bottom line.
Virtual cards offer built-in, digital safeguard against B2B payment fraud.
A 2024 fraud survey by The Association for Financial Professionals found that 80% of organizations were targeted by payment fraud last year, up from 65% the previous year.
PYMNTS Intelligence research shows that virtual cards award greater expenditure management and control over expenditure through real-time tracking and reporting capabilities, improving expense management, and controlling corporate spending.
Middle-market firms on average use four payment methods to pay suppliers, with 75% of companies continuing to use paper checks.
Middle-market firms forfeit nearly twice as much revenue due to payment uncertainties on non-use of virtual card as compared to the firms that uses them.
Virtual cards can streamline the user experience, by offering a variety of payment options and simplifying the payment process, suppliers can improve overall customer satisfaction.

Read Full Article

26 Likes

Ubuntu

415

Image Credit: Ubuntu

Needrestart local privilege escalation vulnerability fixes available

Qualys discovered local privilege escalation vulnerabilities in the needrestart package (CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, and CVE-2024-11003) and the libmodule-scandeps-perl package (CVE-2024-10224).
Canonical has released updates for the needrestart and libmodule-scandeps-perl packages for all Ubuntu releases, including Ubuntu Server images since 21.04.
The vulnerabilities allow a local attacker to gain root privileges by manipulating environment variables and exploiting a time-of-check time-of-use race condition.
Affected users are advised to update their packages as soon as possible to mitigate the risks.

Read Full Article

24 Likes

Pymnts

360

Image Credit: Pymnts

AI Makes Impact in Supplier Enablement and Predictive Analytics

Finexio is leading the revolution in B2B payments through embedded payment solutions and AI-driven supplier enablement.
The company focuses on seamless integration and eliminating friction points in B2B payments.
Finexio's AI-driven models achieve over 90% accuracy in predicting supplier payment preferences.
The company emphasizes comprehensive security measures and is positioned for significant market share growth.

Read Full Article

21 Likes

Securityaffairs

191

Image Credit: Securityaffairs

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Progress Kemp LoadMaster, Palo Alto Networks PAN-OS and Expedition bugs to its Known Exploited Vulnerabilities catalog.
CISA adds CVE-2024-1212, CVE-2024-0012, and CVE-2024-9474 to the catalog.
CVE-2024-1212 is an OS command injection vulnerability in Progress Kemp LoadMaster.
CVE-2024-0012 and CVE-2024-9474 are vulnerabilities in Palo Alto Networks PAN-OS.

Read Full Article

11 Likes

Securityaffairs

405

Image Credit: Securityaffairs

Great Plains Regional Medical Center ransomware attack impacted 133,000 individuals

A ransomware attack on Great Plains Regional Medical Center compromised personal data of 133,000 individuals, exposing sensitive information.
The attack occurred on September 8, 2024, and an investigation was launched with the help of a cybersecurity firm.
Files were accessed, encrypted, and copied by the threat actor between September 5 and September 8, 2024.
The exposed patient information includes names, demographic and health insurance information, clinical treatment details, and in some cases, Social Security and driver's license numbers.

Read Full Article

24 Likes

For uninterrupted reading, download the app