menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

VentureBeat

3w

read

131

img
dot

Image Credit: VentureBeat

Google unveils AI coding assistant ‘Jules,’ promising autonomous bug fixes and faster development cycles

  • Google has unveiled an AI coding assistant called Jules.
  • Jules can autonomously fix software bugs and prepare code changes.
  • It integrates with GitHub, analyzes codebases, and creates pull requests.
  • Jules aims to enhance development cycles and reduce costs.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

3w

read

228

img
dot

Image Credit: Securityaffairs

Ivanti fixed a maximum severity vulnerability in its CSA solution

  • Ivanti addressed a critical authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution.
  • The vulnerability allows remote unauthenticated attackers to gain administrative access.
  • Ivanti also fixed critical SQL injection vulnerabilities in the CSA admin web console.
  • Ivanti released version CSA 5.0.3 to address the vulnerabilities.

Read Full Article

like

13 Likes

share

3 Shares

source image

Tech Radar

3w

read

131

img
dot

Image Credit: Tech Radar

Ivanti warns it has found another major security flaw in its systems

  • Ivanti has found a major security flaw in its Cloud Services Appliance (CSA) solution.
  • The flaw is an authentication bypass in the admin web console, allowing attackers to gain administrative privileges.
  • Users are urged to upgrade to version 5.0.3 to fix the bug.
  • No evidence of abuse has been found yet, but previous CSA vulnerabilities have been exploited in the past.

Read Full Article

like

7 Likes

share

1 Share

source image

TechCrunch

3w

read

180

img
dot

Image Credit: TechCrunch

Researchers uncover Chinese spyware used to target Android devices

  • Security researchers have uncovered a new surveillance tool called EagleMsgSpy used by Chinese law enforcement.
  • The spyware has been operational since at least 2017 and is used by public security bureaus in China.
  • EagleMsgSpy can collect extensive information from Android devices, including call logs, GPS coordinates, and messages from third-party apps.
  • The tool is likely being used for domestic surveillance, but anyone traveling to the region could be at risk.

Read Full Article

like

10 Likes

share

2 Shares

source image

Socprime

3w

read

373

img
dot

Image Credit: Socprime

New Cyber-Espionage Campaign Detection: Suspected China-Backed Actors Target High-Profile Organizations in Southeast Asia

  • A recently uncovered cyber-espionage campaign has been targeting high-profile organizations in Southeast Asia since October 2023, with suspected China-linked hackers believed to be responsible.
  • The campaign primarily aims to collect intelligence and has targeted government ministries, an air traffic control organization, a telecom company, and a media outlet.
  • Attackers use a mix of open-source and living-off-the-land tools, including a remote access tool that exploits Impacket and various malicious software associated with Chinese APT groups.
  • The attackers maintain persistent access to compromised networks, gathering passwords and exfiltrating valuable data.

Read Full Article

like

22 Likes

share

5 Shares

source image

Cybersecurity-Insiders

3w

read

303

img
dot

Image Credit: Cybersecurity-Insiders

DMD Diamond Launches Open Beta for v4 Blockchain Ahead of 2025 Mainnet

  • DMD Diamond launches the open beta for the v4 blockchain.
  • The v4 blockchain features advanced functionality and the Honey Badger Byzantine Fault Tolerance (HBBFT) consensus mechanism.
  • Developers and enthusiasts are invited to participate in testing and contribute to the project's future through DAO.
  • DMD Diamond is a decentralized blockchain project focused on community-driven governance and technological innovation.

Read Full Article

like

18 Likes

share

4 Shares

source image

Securityintelligence

3w

read

188

img
dot

Image Credit: Securityintelligence

On holiday: Most important policies for reduced staff

  • December is prime time for cyberattacks and data leaks, especially in the United States, where organizations and employees are in holiday-season mode between Thanksgiving and New Year’s.
  • Threat actors know this and see this period as prime time to launch an attack.
  • Of the 18 cybersecurity professionals approached, only two shut down operations completely, while several reduced the number of staff working or were more flexible with providing time off.
  • Keeping cybersecurity standards at normal levels is vital for all of the organizations.
  • Several respondents stressed that cybersecurity standards have to be kept at normal levels, often through increased automation in threat detection or enhanced monitoring.
  • Half the organizations freeze updates and patches, six change their incident response plan and elevate their alert protocols and four limit account access.
  • 'The attacker was trying to encrypt critical data, which required immediate action from the response team. Due to proactive measures and rapid response from our offshore team, we managed to control the attack surface.'
  • The common thread with these stories is that each security professional had either a plan in place that resulted in minimal damage or was able to use the incident to prevent problems in the future.
  • To learn how IBM X-Force can help you with anything regarding cybersecurity including incident response, threat intelligence, or offensive security services schedule a meeting here.
  • If you are experiencing cybersecurity issues or an incident, contact X-Force to help: US hotline 1-888-241-9812 | Global hotline (+001) 312-212-8034.

Read Full Article

like

11 Likes

share

2 Shares

source image

Tech Radar

3w

read

57

img
dot

Image Credit: Tech Radar

Top Mexican fintech firm leaks details on 1.6 million customers

  • A Mexican fintech startup, Kapital, has been found holding a large database full of sensitive customer data open on the internet.
  • The database contained sensitive data on 1.6 million Mexicans, including voter IDs and selfies.
  • The data can be used for wire fraud, identity theft, and other money-related crimes.
  • Despite being notified, Kapital has not closed the database, leaving it vulnerable to exploitation.

Read Full Article

like

3 Likes

share

Share

source image

Socprime

3w

read

417

img
dot

Image Credit: Socprime

Designing Index Structure for Large Volumes of Data in Elasticsearch

  • Elasticsearch requires careful index structure design for optimal performance with large datasets.
  • Key considerations include understanding data volume, retention, and query patterns.
  • Optimizing index and shard size is crucial to avoid resource wastage or scalability limitations.
  • Implementing roll-over for time-based data enables efficient management and cleanup.

Read Full Article

like

25 Likes

share

5 Shares

source image

Securityaffairs

3w

read

202

img
dot

Image Credit: Securityaffairs

Operation Digital Eye: China-linked relies on Visual Studio Code Remote Tunnels to spy on Europen entities

  • An alleged China-linked APT group targeted large business-to-business IT service providers in Southern Europe as part of Operation Digital Eye campaign.
  • The attack campaign, known as Operation Digital Eye, lasted for approximately three weeks from late June to mid-July 2024.
  • The attackers utilized Visual Studio Code and Microsoft Azure for command-and-control operations in an attempt to avoid detection.
  • The campaign highlights the increasing sophistication of China-linked APT threats and their use of innovative strategies to orchestrate complex and hard-to-detect attacks.

Read Full Article

like

12 Likes

share

2 Shares

source image

Dev

3w

read

43

img
dot

Image Credit: Dev

Federated Learning: The Future of Privacy-Preserving Machine Learning

  • Federated Learning is a decentralized approach to machine learning that allows models to be trained across multiple devices.
  • Federated learning addresses concerns around privacy, data security, and regulatory compliance.
  • It enhances privacy by keeping raw data on users' devices, minimizing the risk of data breaches.
  • Federated learning reduces data transfer costs and enables personalized machine learning models without compromising privacy.

Read Full Article

like

2 Likes

share

Share

source image

Socprime

3w

read

355

img
dot

Image Credit: Socprime

How to prevent BufferOverflowError

  • To prevent BufferOverflowError when getting logs from Kafka/in_tail and facing connection issues to OpenSearch/ElasticSearch, you can customize Fluentd buffer in the output.
  • Set flush_mode to 'interval', flush_interval to a custom time, and overflow_action to 'block' to handle buffer overflow.
  • Configure retry_max_interval to set the maximum interval for retries and retry_randomize to false for a randomized interval.
  • For buffering, set chunk_limit_size to a specified value in megabytes to control the size of each chunk.

Read Full Article

like

21 Likes

share

5 Shares

source image

Eletimes

3w

read

150

img
dot

Image Credit: Eletimes

Harnessing Computer-on-Modules for Streamlined IT/OT Convergence and Enhanced Cybersecurity

  • IT/OT convergence brings physical (OT) equipment and devices into the digital (IT) world by using the Industrial Internet of Things (IIoT) and big data analytics for higher productivity and efficiency.
  • aReady.COM, congatec's application-ready offering around computer-on-modules (COMs), provides the perfect building blocks for out-of-the box IT/OT convergence, reducing complexity by seamlessly integrating hardware and software for enhanced performance and flexibility.
  • With the Cyber Resilience Act, the exposure to cyber threats from OT and IT systems escalates. OEMs must comply with these regulations before entering the EU market, to safeguard against potential risks by secure software updates.
  • The software should enable remote monitoring of embedded systems with security protocols, sensor and actuator integration, control logic, lifecycle management, and historical data. It should also provide connectivity to prevalent cloud services like AWS, with options for establishing or integrating private on-premises clouds to protect critical business data.
  • aReady.VT for system consolidation and aReady.IOT for IIoT connection can address the needs for software in IT/OT convergence. aReady.VT enables designers to consolidate multiple systems on one single hardware platform, shortening time-to-market and optimizing overall system functionality. aReady.IOT allows developers to remotely access device information, including serial numbers, software versions, voltages, and temperatures.
  • The technology that underpins aReady.IOT is built upon the solid foundation established by Arendar, a company that congatec acquired in 2023. Moreover, asembled platform and distributed software building blocks provide reliable real-time machine capabilities, data processing, and optimized maintenance with minimal on-site service.
  • congatec offers aReady.VT and aReady.IOT in an application-ready or custom-configured package that integrates a pre-configured hypervisor, operating system, and IIoT software, streamlining workflows, supply chain, and warehousing.
  • The implementation of IT/OT convergence will bring significant efficiencies through cost savings and enhanced reliability.
  • The emergence of Industry 4.0 and IIoT technology has emphasised the importance of IT/OT convergence, enabling innovation in the core of business operations and becoming essential for organizational success.
  • By reducing the number of systems, embedded computing applications can achieve significant size, weight, power consumption, and cost savings, optimizing production processes, increasing efficiency, and reducing costs.

Read Full Article

like

8 Likes

share

2 Shares

source image

Tech Radar

3w

read

140

img
dot

Image Credit: Tech Radar

Chinese cybersecurity firm facing US sanctions over alleged ransomware attacks

  • The US Treasury Dept. is bringing sanctions against a Chinese cybersecurity firm and one of its employees
  • The employee is allegedly responsible for over 80,000 Sophos firewall breaches
  • Many of the targets were part of US critical infrastructure
  • Sanctions include seizure of US property/assets and blocking entities owned by the firm

Read Full Article

like

8 Likes

share

1 Share

source image

Socprime

3w

read

114

img
dot

Image Credit: Socprime

Adaptive Replica Selection in OpenSearch

  • Adaptive replica selection is a mechanism designed to improve query response times and alleviate strain on overloaded OpenSearch nodes.
  • It ensures that nodes experiencing delays due to issues like hardware, network, or configuration problems do not slow down the overall query process.
  • Enabling adaptive replica selection prioritizes nodes with better response times and avoids sending shard requests to struggling nodes unless no other replicas are available.
  • This feature is enabled by default in OpenSearch, but can also be manually activated using the provided API request.

Read Full Article

like

6 Likes

share

1 Share

Prev

50
51
52
53
54
55
56
57
58
59
60

Next

For uninterrupted reading, download the app