Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Securityaffairs

Image Credit: Securityaffairs

Amazon discloses employee data breach after May 2023 MOVEit attacks

Amazon disclosed a data breach exposing employee data, with information allegedly stolen in the May 2023 MOVEit attacks.
The data breach occurred through a third-party vendor and the exact number of impacted employees was not disclosed.
Over 2.8 million records containing employee data were leaked by a threat actor named Nam3L3ss on BreachForums.
The compromised data includes names, contact information, building locations, and email addresses, but did not include SSNs or financial information.

Read Full Article

4 Likes

Tech Radar

413

Image Credit: Tech Radar

Windows machines are being targeted with ZIP file workaround

Hackers are using ZIP file concatenation to bypass security solutions and infect their targets with malware through email messages.
ZIP file concatenation is a type of attack in which multiple ZIP files are merged into one to trick archiver programs and antivirus solutions.
Different archivers handle these files differently, allowing crooks to move past cybersecurity solutions and infect the target device.
Perception Point suggests that traditional detection tools often fail to unpack and fully parse such ZIP files and recommends their proprietary solution.

Read Full Article

24 Likes

VentureBeat

Image Credit: VentureBeat

Google DeepMind open-sources AlphaFold 3, ushering in a new era for drug discovery and molecular biology

Google DeepMind has released the source code and model weights of AlphaFold 3 for academic use, advancing scientific discovery and drug development.
AlphaFold 3 can model the interactions between proteins, DNA, RNA, and small molecules, transforming it into a comprehensive solution for studying molecular biology.
The release balances open science and commercial interests, with freely available code and controlled access to model weights.
AlphaFold 3's technical advances and improved accuracy in predicting molecular interactions have implications for drug discovery and other fields.

Read Full Article

4 Likes

Dev

261

Image Credit: Dev

Amazon Inspector Explained: Boosting Cloud Security for Your AWS Workloads

Amazon Inspector is AWS's built-in security specialist that offers ways to fix issues within you cloud environment.
Amazon Inspector scan EC2 instances, checks on EC2 instances, Lambdas and Container images to detect package vulnerabilities and network exposure.
Amazon Inspector offers a Hybrid option to configure scan types for EC2 which includes Agent-based and Agent-less.
Amazon Inspector detects vulnerabilities and includes exact location of code where the vulnerability is present.
Amazon Inspector provides remediations for detected vulnerabilities such as upgrading software packages or storing secrets in AWS Secret Manager.
EC2 instances can be excluded from Amazon Inspector scan by tagging individual instances with the key InspectorEc2Exclusion.
Amazon Inspector also scans Lambda functions for vulnerable code.
AWS lambda code vulnerabilities can be remedied using AWS Secret Manager and accessed using roles.
Amazon Inspector offers robust security assessment for both EC2 Instances and Lambda functions, helping maintain a more resilient AWS environment.
Amazon Inspector provides a 15-day trial period, and users can refer to the pricing information if they decide to continue with the service.

Read Full Article

15 Likes

Discover more

TechBullion

215

Image Credit: TechBullion

Secure Your Personal Information: 10 Ways to Stay Safe When Shopping Online

Online shopping offers convenience and endless choices while also posing potential risks for personal information safety.
To safeguard personal data while shopping online, it is essential to choose reputable websites, ensure a secure connection, and use strong, unique passwords for each account.
Using credit cards instead of debit cards is essential, as they offer better consumer protections.
Verifying the website's security and checking for HTTPS in the URL and the padlock symbol signifies data encryption.
Being vigilant against phishing attempts, using secure payment methods, and checking financial statements frequently are other vital steps to protect personal information.
Checking a website's URL, avoiding sharing social security numbers, and staying cautious with links and attachments are some additional precautions to secure personal data.
Securing devices with updated software and regularly monitoring credit cards transactions are crucial steps towards a safe and secure online shopping experience.
By following these proactive measures, users can stay vigilant and enjoy the benefits of online shopping while keeping their personal data secure.
Regularly checking financial statements, using virtual cards, and enabling multifactor authentication adds an extra layer of security.
Staying informed and being aware of tactics used by cybercriminals helps to avoid falling victim to scams and protecting personal data online.

Read Full Article

12 Likes

Medium

123

Image Credit: Medium

“Please Knock First”: Privacy in Python, a Developer’s Choice

Python uses conventions and hints to signal privacy boundaries
Single underscores are used as a polite request for privacy
Double underscores add an extra layer of security called name mangling
Respecting privacy cues is the responsibility of developers

Read Full Article

7 Likes

Tech Radar

142

Image Credit: Tech Radar

D-Link says it won’t fix a serious security flaw affecting 60,000 older NAS devices

D-Link refuses to fix a critical security flaw in around 60,000 older NAS devices
The vulnerability allows attackers to inject arbitrary shell commands
Since the devices have reached end-of-life status, they won't be patched
Users are advised to replace the devices or implement mitigations to restrict access

Read Full Article

8 Likes

TechCrunch

151

Image Credit: TechCrunch

Amazon confirms employee data stolen after hacker claims MOVEit breach

Amazon confirms employee data compromised after a 'security event' at a third-party vendor.
The breach involved employee work contact information, such as work email addresses, desk phone numbers, and building locations.
The third-party vendor does not have access to sensitive data like Social Security numbers or financial information.
A threat actor claims to have stolen data from Amazon and other major organizations during the MOVEit Transfer hack.

Read Full Article

9 Likes

Lastwatchdog

335

News alert: Sweet Security rolls out its advanced runtime detection and response platform for AWS

Sweet Security has launched its advanced runtime detection and response platform on the AWS marketplace.
The platform unifies threat detection across cloud infrastructure, network, workloads, and applications.
Customers can detect active threats in real time and respond within minutes, achieving a 2-5 minute Mean Time to Resolve (MTTR).
Sweet Security offers 30+ integrations and features lean sensor technology for easy deployment.

Read Full Article

20 Likes

The Robot Report

266

Image Credit: The Robot Report

RBR50 Spotlight: Neya Systems developing cybersecurity standards for AGVs

Neya Systems is developing a cybersecurity standard for autonomous ground vehicles (AGVs).
The effort aims to enhance the protection, mitigation, recovery, and adaptability of AGVs.
Neya Systems will apply U.S. Department of Defense Zero Trust cybersecurity to its autonomy software.
The company aims to establish a more secure future for ground and autonomous vehicles.

Read Full Article

16 Likes

Hackernoon

275

Image Credit: Hackernoon

Sweet Security Launches Its Cloud Native Detection And Response Platform On The AWS Marketplace

Sweet Security has launched its cloud-native detection and response platform on the AWS Marketplace.
The platform unifies threat detection across cloud infrastructure, network, workloads, and applications.
It enables AWS Marketplace customers to detect active threats in real time and respond within minutes.
Sweet Security aims to simplify cloud security and provide faster and better protection.

Read Full Article

16 Likes

Tech Radar

Image Credit: Tech Radar

Brave browser's built-in VPN gets a boost – both in functionality and transparency

Brave browser's built-in VPN has undergone significant improvements in functionality and transparency.
The VPN tool, available on both mobile and desktop devices, has been independently audited and confirmed as a reliable no-log VPN.
The Brave VPN has expanded its server network to over 40 countries, offers increased device connections, and features an intuitive interface.
The cost-saving annual subscription is now available for both mobile and desktop users, priced at $9.99 per month or $99.99 per year.

Read Full Article

1 Like

Dev

380

Image Credit: Dev

The Essential Business Continuity Plan Template [DOC]

Business continuity planning is critical for organizations to be prepared for cyberattacks, natural disasters, adverse events, and disruptions to ensure resilience. Organizations should have their own customized plan, which is not standardized across the board. However, adopting a structured business continuity plan template can help ensure that each client gets a comprehensive but accurate set of checklists and guidelines to implement business continuity effectively across departments. Small and medium-size businesses are especially vulnerable to catastrophes like ransomware attacks that paralyze all business operations because often, they lack resources and in-house skills to plan for their own business continuity. MSPs can help these businesses to build long-term business resilience.
The business continuity plan template outlined in this article can serve as a good basis for MSPs/MSSPs to create a customized business continuity plan for clients. While business continuity and disaster recovery plans are used synonymously, they represent different organizational functions and should be integrated in overall disaster management strategies. The goals, objectives and scope of the business continuity plan should be defined in the template, along with sections related to description of critical assets, continuity activation criteria, communication channels, recovery objectives, recovery sequence, security and access issues, key documentation, and plan location and access.
A disaster recovery plan focuses on restoring access to services and data and restoring lost or damaged business systems to full operational capacity after a catastrophic IT event. It's important to align the development of business continuity plans with the development of disaster recovery plans to have a holistic approach to timing and prioritizing continuity and recovery procedures. Business continuity planning helps organizations minimize downtime, safeguard employee well-being and data privacy, maintain customer trust and loyalty, respond quickly and effectively to threats, and comply with regulatory requirements.
In a business continuity plan template, the continuity plan activation criteria should outline the worst operational disruption scenarios that may require activation and an impact analysis for each scenario to measure the impact on ongoing operations. Organizations should list all the roles essential for restoring and executing each critical service and primary and backup personnel. They should also include a section listing known recovery objectives for each service, a list of actions that must be completed to fully recover from adverse events and return to normal business operations, and plans of action to respond to risk assessments and comply with legal requirements. Cybersecurity providers can support SMB clients' long-term business resilience planning and develop a comprehensive business continuity plan alongside a proactive cyber attack protection strategy.
In the event of a prolonged service disruption, organizations need to identify various communication channels to keep in touch with customers, service providers, and stakeholders to ensure that if there is a failure in one channel, a backup is available. The location of the document, dissemination of copies, and the processes for annual reviews and adjustments to the BCP should also be included. MSPs should look for a platform that will help them manage their clients' cybersecurity plans at scale, helping them evaluate and analyze their clients' disaster readiness, build detailed policies with actionable tasks, track and measure progress, and generate executive status reports with a single click.

Read Full Article

22 Likes

Tech Radar

123

Image Credit: Tech Radar

NordVPN launches new ID theft protection tool, in yet another expansion of its cybersecurity empire

NordVPN has launched a new ID theft protection tool as part of its cybersecurity expansion.
The tool, called NordProtect, provides all-round ID theft protection with features such as identity recovery, credit monitoring, dark web monitoring, and cyber extortion protection.
NordProtect is currently available for NordVPN Prime users in the US, with plans for further support and a standalone product in 2025.
This expansion is a response to the growing frequency of identity theft incidents worldwide.

Read Full Article

7 Likes

Tech Radar

380

Image Credit: Tech Radar

AWS keys stolen by malicious PyPI package with thousands of downloads

A malicious Python package called 'fabrice' has been discovered in the Python Package Index (PyPI).
The package is a typosquatted version of the popular 'fabric' library with over 37,000 downloads.
Its main goal is to steal Amazon Web Service (AWS) login credentials from developers.
The package exfiltrates the stolen credentials to a VPN server in Paris, France.

Read Full Article

22 Likes

For uninterrupted reading, download the app