menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Cybersecurity-Insiders

7d

read

244

img
dot

Image Credit: Cybersecurity-Insiders

IntelBroker released data related to Cisco stolen from Cloud Instance

  • Notorious hacker group IntelBroker has released stolen data related to Cisco from their Cloud Instance.
  • The stolen data includes sensitive materials such as SASE certificates, source code, and confidential documents.
  • Initially, Cisco denied any theft but later acknowledged that some of the stolen data contained sensitive information.
  • IntelBroker is connected to an Iranian Persistent Threat Group and operates a cyber-leak forum called BreachForums.

Read Full Article

like

14 Likes

source image

Tech Radar

7d

read

236

img
dot

Image Credit: Tech Radar

A critical security flaw in Apache Struts is under attack, so patch now

  • A critical vulnerability in Apache Struts 2 is under active exploitation, prompting security researchers to urge users to apply patches or update to the latest version.
  • The vulnerability, tracked as CVE-2024-53677, has a severity score of 9.5/10 and can enable remote code execution and data theft.
  • Apache has released a patch for the flaw, but a proof-of-concept exploit has also been made publicly available, raising concerns.
  • The attack surface is significant as Struts 2 is widely used, with approximately 300,000 monthly requests, enhancing the risk for potential exploitation.

Read Full Article

like

14 Likes

source image

Dev

7d

read

8

img
dot

Image Credit: Dev

How to Recover Access to BitLocker After Losing Your Password? 🔐

  • Recovery Key is crucial for regaining access to BitLocker if password is lost.
  • Check for Cached Passwords or recover unencrypted data as alternative options.
  • Extract encryption keys using TPM chip or seek assistance from data recovery professionals.
  • As a last resort, format the disk after considering the data's importance.

Read Full Article

like

Like

source image

Siliconangle

7d

read

120

img
dot

Image Credit: Siliconangle

SlashNext report warns of eightfold rise in credential phishing as AI drives sophistication

  • A new report by phishing protection company SlashNext Inc. highlights a significant increase in phishing attacks in the second half of 2024, with an eightfold rise.
  • The rise in credential phishing attacks is attributed to the availability of advanced phishing kits on the dark web, as well as the use of generative artificial intelligence.
  • Email-based attacks saw a threefold surge, driven by sophisticated techniques and AI-generated targeted messages.
  • The report emphasizes the need for organizations to implement real-time, adaptive security measures to combat the evolving nature of phishing campaigns.

Read Full Article

like

7 Likes

source image

Siliconangle

7d

read

394

img
dot

Image Credit: Siliconangle

Cofense report warns of credential-harvesting attacks that spoof Proofpoint, Mimecast and Virtru

  • A new report from Cofense warns of sophisticated phishing attacks that exploit trusted email security companies like Proofpoint, Mimecast, and Virtru.
  • The attacks use fake email attachments, phishing links, and credential-harvesting tactics to compromise sensitive data.
  • Threat actors mimic well-known brands to gain recipients' trust and trick them into divulging credentials, granting unauthorized access to sensitive accounts.
  • The report emphasizes the importance of heightened vigilance, proactive security measures, and employee training to mitigate the risks associated with phishing attacks.

Read Full Article

like

23 Likes

source image

Socprime

7d

read

12

img
dot

Image Credit: Socprime

UAC-0125 Attack Detection: Hackers Use Fake Websites on Cloudflare Workers to Exploit the “Army+” Application

  • Another hacking collective has evolved in the cyber threat arena to target Ukrainian organizations.
  • CERT-UA notifies defenders about the discovery of fake websites that mimic the official page of the “Army+” application and are hosted using the Cloudflare Workers service.
  • UAC-0125 group is highly likely associated with the nefarious russia-backed hacking collective tracked as UAC-0002 (aka APT44 aka Sandworm).
  • The increasing number of cyber attacks targeting government bodies, military and defense agencies and critical infrastructure sector has been causing a stir on the cyber front line since russia’s full-fledged war against Ukraine.
  • SOC Prime Platform for collective cyber defense equips security teams with a relevant detection stack to proactively thwart attacks covered in the CERT-UA#12559 alert.
  • UAC-0125 Attack Analysis: Users are prompted to download the executable file “ArmyPlusInstaller-v.0.10.23722.exe” when visiting fake websites.
  • The executable file runs a PowerShell script to install OpenSSH on compromised system and generate an RSA key pair.
  • The adversary activity is tracked under the UAC-0125 identifier and is highly likely associated with the russia-linked UAC-0002 cluster (aka Sandworm).
  • The notorious Sandworm APT group has been targeting Ukrainian state bodies and critical infrastructure organizations for over a decade.
  • MITRE ATT&CK Context: Security teams can gain valuable insights into the UAC-0125 TTPs involved in the latest malicious campaign against Ukraine.

Read Full Article

like

Like

source image

TechBullion

7d

read

344

img
dot

Image Credit: TechBullion

Application Security Tools for Enhancing Your Cyber Security Strategy

  • Application security has emerged as the priority for organizations in today’s digital world.
  • Application security testing tools are crucial in finding vulnerabilities and ensuring secure applications.
  • HCL AppScan is a leading application security testing tool with robust capabilities and integration options.
  • Investing in application security tools is essential for protecting sensitive data and staying ahead of cyber threats.

Read Full Article

like

20 Likes

source image

Siliconangle

7d

read

323

img
dot

Image Credit: Siliconangle

OPSWAT acquires Fend to enhance industrial cybersecurity with data diode technology

  • OPSWAT Inc. has acquired Fend Inc., a cybersecurity company specializing in industrial network segmentation.
  • Fend's data diodes enforce a physically isolated, one-way data flow to secure industrial control systems.
  • Fend's solutions provide robust protection against cyber threats and enable real-time operational data usage.
  • The acquisition broadens OPSWAT's product offering for critical infrastructure needs.

Read Full Article

like

19 Likes

source image

Idownloadblog

7d

read

16

img
dot

Image Credit: Idownloadblog

How to change the root user password on a rootless jailbreak with NewTerm

  • Changing the root user password on a rootless jailbreak, such as Dopamine or palera1n, requires using an app like NewTerm.
  • Setting a custom root user password is recommended to enhance the security of your jailbroken device.
  • To change the root user password, install NewTerm 3 from the preferred package manager and follow the provided steps.
  • By changing the root user password, you significantly reduce the risk of SSH-based remote attacks on your device.

Read Full Article

like

Like

source image

Socprime

7d

read

199

img
dot

Image Credit: Socprime

Understanding OpenSearch Routing Allocation Settings

  • OpenSearch provides robust cluster management features, including routing allocation settings.
  • The routing allocation settings control the distribution of data shards across nodes in a cluster.
  • The 'cluster.routing.allocation.enable' parameter determines how shards are allocated.
  • Different values for 'cluster.routing.allocation.enable' allow for various allocation operations.

Read Full Article

like

11 Likes

source image

Socprime

7d

read

203

img
dot

Image Credit: Socprime

Using Ruby Code in Logstash for Translating Text from HEX

  • Logstash provides the ability to use Ruby code in Elasticsearch pipelines for decoding hexadecimal-encoded text.
  • Ruby code can be used to transform hexadecimal-encoded text into its original readable format.
  • The provided example demonstrates how to use the Ruby filter in Logstash to decode a field containing HEX-encoded text.
  • By decoding HEX-encoded data, administrators can enhance data usability and streamline the Elasticsearch workflow.

Read Full Article

like

12 Likes

source image

Tech Radar

7d

read

103

img
dot

Image Credit: Tech Radar

Watch out - that Google Calendar meeting invite could be dangerous malware

  • Hackers are impersonating Google Calendar and sending fake invites to steal sensitive information.
  • The invites include a .ics attachment and a link to a phishing page.
  • Once on the page, victims are prompted to enter personal and payment details.
  • Google advises users to enable the 'Known senders' feature in Calendar for added protection.

Read Full Article

like

6 Likes

source image

TechBullion

7d

read

377

img
dot

Image Credit: TechBullion

This Startup Aims to Be The Google Search Engine for Smart Contract Risk and Intelligence

  • Trugard aims to be the “Google Search Engine” for smart contract risk and intelligence by providing actionable insights into the risks hidden in smart contracts.
  • Smart contracts automate processes without intermediaries but their vulnerabilities expose billions of dollars to risk, so Trugard uses AI and machine learning to tackle this complex space.
  • Trugard develops an AI engine that evaluates smart contract risk by using dynamic analysis to predict how contracts will behave in different scenarios, to find both current and potential risks such as DeFi exploits.
  • The platform provides actionable recommendations to fix vulnerabilities so developers can secure their code before deployment and offers visibility into digital asset exposure for enterprises, as well as intelligence for wallet providers and custodians to secure transactions.
  • Trugard’s full stack approach sets it apart from other blockchain security companies because it is built to detect and fix vulnerabilities while proactively mitigating risks.
  • As the demand for robust security solutions grows in the blockchain industry, platforms like Trugard are building a safer, more resilient blockchain future.
  • Trugard has partnerships with companies like Thirdwave and FYEO to add intelligence and tackle smart contract honeypots, respectively, and will continue to expand to serve more people and launch predictive analytics capabilities.
  • Jeremiah O’Connor and Anoop Nannra co-founded Trugard Labs to address the critical gaps in security within the blockchain ecosystem and build trust in decentralized ecosystems.
  • Smart contract risk intelligence is a must-have in the rapidly evolving and high-risk landscape of blockchain, and Trugard has the technology, partnerships, and vision for the future to meet this demand.

Read Full Article

like

22 Likes

source image

Devopsonline

7d

read

390

img
dot

Image Credit: Devopsonline

How 5G and AI are revolutionising industries for the next billion users

  • 5G and AI are revolutionizing industries in real-time by breaking barriers and opening new prospects. These technologies have enabled the dawn of real-time intelligence that is informed, instantaneous, and intelligent. It has led to a new normal of moving at the speed of thought. 5G has facilitated businesses to create proactive engagements beyond satisfying their customers. Businesses have started knowing and anticipating their customer needs to an extensive level. The rollout of 5G worldwide is bringing the next billion users online - for many it will be the first time connecting. AI learns regional languages, cultural nuances, and hyperlocal buying habits, ensuring a personalized interaction. Additionally, AI insights are driving inclusivity, from microfinancing to rural entrepreneurs to e-learning platforms tailored for underserved communities.
  • The pairing of 5G and AI has fostered entirely new ecosystems, unlocking exponential growth and innovation. By embedding AI and 5G into their core DNA, businesses are building systems that learn, adapt, and act autonomously, thus redefining competitive advantage. Next Best Offer (NBO) and Next Best Action (NBA) orchestrated through APIs are the foundation of future-ready enterprises. These enterprises aim to redefine engagement by anticipating and creating needs while creating seamless, end-to-end customer journeys at the same time.
  • While the possibilities of harnessing AI and 5G are exceptional, leaders must navigate these new frontiers ethically. For example, they should build AI systems that are explainable and fair, ensuring trust in every interaction. Along with this, leaders should leverage efficient algorithms and green infrastructure to reduce the energy footprint of 5G and AI systems. Lastly, Human-Centric AI will empower thoughtful and empathetic decision-making along with human oversight, ensuring responsible innovation.
  • 5G and AI are not distant opportunities, but present-day reality, which require proactive intelligence, radical personalization, and inclusive ecosystems. Organizations that shape the development of 5G and AI by embracing these systems will create a new customer touchpoint based on delight and seamlessness. In contrast, those that are shaped by AI and 5G are less likely to keep up with the next billion users.

Read Full Article

like

23 Likes

source image

Livebitcoinnews

7d

read

319

img
dot

Image Credit: Livebitcoinnews

Gate.io Refutes Security Breach Claims with Strong Assurance

  • Gate.io responded to rumors of a security breach and confirmed that no such breach occurred.
  • All services on the platform, including deposits, withdrawals, and trading, are functioning normally.
  • Gate.io warns against spreading false information, stating that legal action can be taken against those who distribute malicious claims.
  • The quick and transparent response from Gate.io helped regain user confidence in the cryptocurrency exchange.

Read Full Article

like

19 Likes

For uninterrupted reading, download the app