Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Socprime

109

Image Credit: Socprime

DarkGate Malware Attack Detection: Voice Phishing via Microsoft Teams Leads to Malware Distribution

Researchers have uncovered a new malicious campaign using voice phishing (vishing) to spread the DarkGate malware.
Adversaries masqueraded as a known client on a Microsoft Teams call, tricking victims into downloading AnyDesk for remote access and deploying malware.
The DarkGate malware facilitated remote control, offensive commands, data collection, and connection to a C2 server.
Mitigation measures include careful vetting of third-party technical support providers, cloud vetting processes, and implementation of multi-factor authentication (MFA).

Read Full Article

6 Likes

VentureBeat

Nvidia and DataStax just made generative AI smarter and leaner — here’s how

Nvidia and DataStax have launched new technology to reduce storage requirements for generative AI systems.
The Nvidia NeMo Retriever microservices, integrated with DataStax's AI platform, can cut data storage volume by 35 times.
The technology has already benefited Wikimedia Foundation, reducing processing time for 10 million Wikipedia entries.
The partnership addresses the challenge of making private data accessible to AI systems without exposing sensitive information.

Read Full Article

2 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Clop Ransomware circumvents Cleo file transfer software for data steal

Clop Ransomware gang exploits vulnerability in Cleo File Transfer software, compromising Harmony, VLTrader, and LexiCom.
Numerous businesses relying on Cleo's products are at risk of data theft.
Cleo has patched the vulnerability but many clients remain unaware and vulnerable.
Clop gang reveals their identity and claims to delete stolen data after media miscredits the attack.

Read Full Article

3 Likes

Securityaffairs

Image Credit: Securityaffairs

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs

The FBI warns of HiatusRAT scanning campaigns against Chinese-branded web cameras and DVRs.
The FBI released a Private Industry Notification (PIN) highlighting HiatusRAT malware campaigns targeting these devices.
The malware has been active since July 2022 and is being used for reconnaissance and intelligence gathering.
The FBI recommends mitigation measures including patching, strong passwords, and network segmentation.

Read Full Article

5 Likes

Discover more

Tech Radar

110

Image Credit: Tech Radar

US government warns federal agencies to patch dangerous Windows kernel bug

The US Cybersecurity and Infrastructure Agency (CISA) has added a Windows kernel bug and an Adobe ColdFusion flaw to its Known Exploited Vulnerabilities (KEV) catalog.
The Windows kernel bug, tracked as CVE-2024-35250, can be exploited to gain system privileges in low-complexity attacks without user interaction.
The Adobe ColdFusion flaw, tracked as CVE-2024-20767, allows unauthenticated remote threat actors to read sensitive files and requires the admin panel to be exposed to the internet.
Federal agencies have been given deadlines to apply the patches for these vulnerabilities or stop using the affected software.

Read Full Article

6 Likes

Tech Radar

Image Credit: Tech Radar

Ransomware, deepfakes, and scams: the digital landscape in 2024

The ESET 2024 threat report highlights investment and crypto scams dominating the digital landscape, with deepfake videos and AI-generated content being used by criminals to legitimize their schemes.
Lockbit ransomware group faced disruption, leading to new and existing groups like RansomHub stepping in. Infostealer players RedLine and Meta were taken down, boosting the popularity of competitor Lumma stealer.
Agent Tesla malware detections decreased by 26%, but Formbook malware saw a resurgence.
Cybercriminals continue to adapt to security measures, finding loopholes and expanding their victim pool, according to ESET Director of Threat Detection Jiř Kropč.

Read Full Article

5 Likes

Tech Radar

197

Image Credit: Tech Radar

FBI warns over new malware targeting webcams and DVRs

The FBI has issued a warning about a new Remote Access Trojan (RAT) malware called HiatusRAT that targets web cameras and DVRs.
HiatusRAT allows hackers to take control over the targeted devices remotely.
The malware is being used to spy on US government organizations and has also targeted Taiwan-based organizations.
The attackers are specifically targeting devices with known vulnerabilities and weak passwords.

Read Full Article

11 Likes

VentureBeat

416

Writer’s new AI model aims to fix the ‘sameness problem’ in generative content

Writer has launched a specialized AI model called Palmyra Creative, aimed at breaking free from the sameness of AI-generated content. The model introduces a new approach to overcome the sameness of traditional AI models known for their rigid, predictable outputs. The innovative method focuses on restructuring how models interpret and generate language, leading to outputs that are more dynamic and less predictable.
Writer is positioning itself in the $1tn generative AI market, offering businesses a tool that combines creativity with domain-specific expertise. Unlike competitors like OpenAI, Writer’s new approach to the AI architecture is cost-effective, costing only $700,000 to train compared to $4.6m at OpenAI.
Palmyra Creative not only produces creative outputs, but it does so while maintaining high levels of accuracy and reliability, thanks to Writer’s new ‘claim detection’ system. This feature ensures that creative outputs remain grounded when combined with industry-specific models.
The model is already being used to generate creative solutions in industries such as marketing, finance, and product development. Palmyra Creative will be open for subscription to the customers using Writer’s API.
Writer, who raised $200m in Series C funding recently, is doubling down on its enterprise-first strategy, offering tools that promise measurable ROI and scalability. Writer’s partnership with NVIDIA further emphasises its commitment to enterprise scalability, enabling businesses to deploy Palmyra Creative across cloud, data center and edge environments with ease.
Palmyra Creative’s token uniqueness and its relationship between tokens will be used as a measure of creativity by Writer as a way to quantify originality. Writer is planning to publish the benchmark measurement as an open-source tool in January 2022, potentially setting a new industry standard for evaluating creative AI.
With the generative AI market projected to surpass $1tn in revenue within the next decade, Writer’s bet on creativity could be a winning strategy. However, to compete in generative AI requires not only technical excellence but also robust governance frameworks to address emerging issues like bias and safety.
Writer will need to continue to innovate to maintain its position in the market and address emerging issues to stay ahead of competition from tech giants such as OpenAI, Google, Microsoft and Anthropic.
Palmyra Creative is available now through Writer’s API, no-code tools, and NVIDIA API catalogue, with $10 in free API credits.
In the world increasingly dominated by AI, Writer’s true test is to teach its machines to think differently like humans.

Read Full Article

25 Likes

Securitysales

Image Credit: Securitysales

Bosch, Genetec Alliance Leverages Cloud Technologies for Improved SaaS

Bosch and Genetec have collaborated to provide direct-to-cloud integration of Bosch cameras with Genetec Security Center SaaS.
Customers choosing Genetec Security Center SaaS gain support for Bosch application-specific AI offerings, enhancing detection and search capabilities.
The integration allows customers to leverage the visual intelligence features of Bosch cameras and improve safety and security.
Direct-to-cloud integration reduces costs associated with hardware installation and maintenance for a more cost-effective solution.

Read Full Article

5 Likes

Docker

197

Image Credit: Docker

Docker 2024 Highlights: Innovations in AI, Security, and Empowering Development Teams

Docker introduced upgraded subscription plans that give developers access to its entire suite of products under their existing subscription.
Docker Build Cloud allows developers to offload resource-intensive build processes to the cloud, freeing up local machines and improving efficiency for engineering teams working on large-scale projects.
Docker Desktop introduced a Virtual Machine Manager (VMM) that provides a robust alternative to the Apple Virtualization Framework, significantly boosting performance for native Arm-based images.
Docker Desktop expanded its platform support to include Red Hat Enterprise Linux (RHEL) and Windows on Arm architectures, ensuring that development teams can optimize workflows regardless of the underlying platform.
Docker enhanced Docker Desktop with synchronized file shares, a feature that can significantly improve file operation speeds by 2-10x.
Docker Debug enhances the ability of developer teams to debug any container, especially those without a shell, by attaching a dedicated debugging toolkit to any image and allowing developers to peek into “secure” images.
Docker Build checks ensure smoother and more reliable image builds by validating common issues in Dockerfiles before the build process begins.
Docker Scout Health Scores evaluate the security posture of container images development teams use every day and provide a clear alphabetical grading system.
Docker introduced support for air-gapped containers in Docker Desktop 4.31, addressing the unique needs of highly secure, offline environments.
Docker Home, a central hub for Docker products, empowers developers and admins to access and manage subscriptions, adjust settings, and find resources.
Docker’s ecosystem supports AI/ML workflows, and through partnerships with NVIDIA and GitHub, Docker ensures seamless integration of AI tools and optimization of AI application development.

Read Full Article

11 Likes

TechCrunch

Image Credit: TechCrunch

Texas medical school says hackers stole sensitive health data of 1.4 million individuals

Hackers stole sensitive health data of 1.4 million individuals from Texas Tech University Health Sciences Center during a September cyberattack.
The attackers accessed personal information such as Social Security numbers, financial account details, government-issued ID information, and medical records.
TTUHSC's security incident website has been made more difficult to find in search results through 'noindex' code.
The Interlock ransomware group has claimed responsibility for the cyberattack and published 2.1 million stolen files, totaling 2.6 terabytes of data.

Read Full Article

2 Likes

Dynamicbusiness

Image Credit: Dynamicbusiness

What 2025 has in store for your cybersecurity

Ransomware attacks will continue to pose significant risks to organizations of all sizes and across various sectors. Companies need to prioritize education and training for employees while investing in advanced endpoint protection, network segmentation, and robust backup solutions to minimize the impact of successful attacks.
AI in the enterprise is evolving more toward incremental efficiency improvements than wholesale disruption or replacement, leading to a more pragmatic approach in networking and security such as faster certification for specific network technologies, more accurate detection of real-time IT issues, and other productivity improvements.
In response to the rise of ransomware and extortion attacks, organizations will invest in solutions that simplify the process of meeting regulatory requirements. Solutions and platforms built with proactivity and compliance in mind will be more attractive investment.
By 2025, payments and identity will merge, and individuals can leverage verifiable credentials on their phone to make a payment in-person or virtually. AI assistants will also take advantage of verifiable credentials to enable secure delegation, including purchasing.
Hackers will have access to dramatically advanced AI tools, transforming the threat landscape by 2025. For instance, generative AI will enable cyber attackers to execute highly realistic phishing scams, including deepfake voices and video avatars. Organizations must implement AI-driven security tools that counter advanced social engineering attacks.
In 2025, organizations will face identity compromises that initially appear insignificant but represent a path to privilege that allows an attacker to assume control of significant resources through privileged escalation. Attackers will show enhanced understanding of cloud permissions, roles, and entitlements that allow them to gain the upper hand against defenders who weren’t even aware of the risks.

Read Full Article

1 Like

Socprime

231

Image Credit: Socprime

Monitoring Index Size Trends in Elasticsearch: Monthly and Daily Statistics

Monitoring index size trends in Elasticsearch is crucial for effective cluster management.
Enable index size monitoring using the _cat/indices API in Elasticsearch.
Aggregate index size data daily and log it for analysis.
Visualize trends in Kibana by ingesting the data into Elasticsearch and creating visualizations.

Read Full Article

13 Likes

Tech Radar

121

Image Credit: Tech Radar

LastPass hacked, users see millions of dollars of funds stolen

The hacker responsible for the LastPass breach in 2022 has stolen $5.36 million from 40 crypto wallets linked to the hack.
The breach in 2022 exposed encrypted and unecrypted data from the password manager provider.
Multiple crypto thefts against LastPass users have occurred since the breach, with millions of dollars being stolen.
Users are advised to migrate their crypto assets if they have ever stored their seed phrase or keys in LastPass.

Read Full Article

7 Likes

Medium

286

Top 5 IT Skills to Master in 2025 for Career Growth and Opportunities

Artificial Intelligence and Machine Learning (AI/ML): AI and ML are core technologies with growing influence across industries. Learning these skills opens doors to roles like Machine Learning Engineer and Data Scientist.
Cybersecurity: With increasing cyber threats, cybersecurity expertise is highly valuable. Roles like Cybersecurity Analyst and Ethical Hacker are in demand as organizations invest in protecting user data and systems.
Cloud Computing: Mastering cloud technologies positions you at the forefront of IT innovation. Cloud computing enables scalability and cost reduction. Roles such as Cloud Engineer and DevOps Cloud Specialist are lucrative.
Data Analytics and Big Data: Data-driven decision-making is crucial in every industry. Proficiency in data analytics and big data technologies leads to roles like Data Analyst and Big Data Engineer.
DevOps: DevOps methodology and automation accelerate delivery and improve quality. DevOps Engineers and Automation Specialists are in demand as companies seek seamless code deployment.

Read Full Article

17 Likes

For uninterrupted reading, download the app