Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Tech Radar

119

Image Credit: Tech Radar

Europol announces takedown of major DDoS-for-hire network

Europol's Operation PowerOFF has taken down 27 'booster' and 'stressor' networks used for DDoS attacks.
The operation involved law enforcement from 15 countries and led to the arrest of three site admins.
Over 300 DDoS site users have been identified by law enforcement.
The operation aimed to disrupt cybercriminals' tradition of targeting websites during the Christmas season.

Read Full Article

7 Likes

Softwareengineeringdaily

Image Credit: Softwareengineeringdaily

The Future of Offensive Pentesting with Mark Goodwin

Offensive penetration testing, or offensive pentesting, involves actively probing a system, network, or application to identify and exploit vulnerabilities.
Bishop Fox is a private professional services firm focused on offensive security testing.
Mark Goodwin, the Director of Operations at Bishop Fox, discusses the future of offensive pentesting in an interview with Gregor Vand.
Gregor Vand, the founder and CTO of Mailpass, joins the podcast to talk about Bishop Fox and the future of offensive pentesting.

Read Full Article

3 Likes

Socprime

198

Image Credit: Socprime

How to Allow Verified Bots Using AWS WAF Bot Control

AWS WAF Bot Control helps you manage bot traffic effectively by allowing you to distinguish between verified bots and unverified or potentially malicious bots.
To configure your web ACL to allow verified bots:
- Ensure AWS WAF Bot Control is enabled on your web ACL.
- Add a rule to allow verified bots by customizing the rule settings.

Read Full Article

11 Likes

Socprime

331

Image Credit: Socprime

How to Convert Arrays of Hashes Into a Structured Key-Value Format During Log Processing

Fluentd supports converting arrays of hashes into a structured key-value format during log processing.
The process involves writing Ruby-based transformation logic to iterate over the event_data array and extract meaningful information.
To implement this in Fluentd, use the record_transformer filter and enable Ruby scripting.
The resulting output is a normalized hash format.

Read Full Article

19 Likes

Discover more

Pymnts

348

Image Credit: Pymnts

AWS and TSYS Say Financial Services’ Shift to the Cloud Includes Responsible Innovation

Financial services' shift to cloud infrastructure brings responsible innovation for bringing new products and payments to new markets; ensuring a secure and interoperable complex web between different stakeholders.
AWS and TSYS partner to help financial institutions to migrate to the cloud using AWS's managed services, as well as automate compliance and tokenise data.
Innovation in the financial industry requires collaborating on a data framework that meets regulatory requirements using transactional data lakes and open table formats for tracking.
Tested phased approaches that deliver similar or better output as the original system can be implemented to break down the monolith into microservices while still syncing mainframe data to the cloud.
Part of responsibily innovating involves breaking away from screen scraping, moving towards standardised APIs to increase interoperability across different industries.
AWS is helping with both digital payments experiences for B2B and bringing hyper-personalisation, fraud prevention and credit decisioning to end customers.
The evolution to the cloud is underway as banks mature from paper checks to full digital payments experiences, delivering a seamless and secure relationship with financial customers.
Interoperability is key as companies bring AI and machine learning models to the cloud using Amazon Sagemaker to accumulate customer data while applications are modernized.
Integrity of the cloud environment is paramount to maintain customers' trust and compliance with regulatory environment.
As technology advances in the financial services industry, trust must always be front and centre in delivering seamless experiences to both individual and enterprise clients.

Read Full Article

20 Likes

Securityaffairs

269

Russia’s Secret Blizzard APT targets Ukraine with Kazuar backdoor

Russia-linked APT group Secret Blizzard is using Amadey Malware-as-a-Service to infect systems in Ukraine with the Kazuar backdoor.
Secret Blizzard leveraged the Amadey bot malware to infiltrate devices used by the Ukrainian military.
The group has a strategy of blending cybercrime with targeted cyber-espionage activities.
Microsoft is investigating how Secret Blizzard gained control of other threat actors' access to deploy its own tools.

Read Full Article

16 Likes

Eu-Startups

ETHIACK hacks cybersecurity with AI, raising €4 million

Coimbra-based cybersecurity startup ETHIACK has raised €4 million in seed funding to accelerate the development of its AI-driven solutions and expand its presence internationally.
The funding round was led by Explorer Investments, with participation from investors such as CoreAngels, Paulo Marques, Startup Wise Guys, Aralab, Amena Ventures, and Start Ventures.
ETHIACK combines human expertise with AI to deliver continuous security testing for digital assets and has achieved €1 million in turnover with a client portfolio spanning nine countries.
The fresh funding will be used to launch the next generation of ETHIACK's Automated Continuous Pentesting technology and expand into new markets, starting with the UK and Europe.

Read Full Article

2 Likes

Dev

432

Image Credit: Dev

Don’t make security an afterthought when designing APIs

Use clear naming, idempotency, versioning, pagination, sorting for API design.
Consider security measures like authentication, input validation, HTTPS, rate limiting, data sensitivity classification, monitoring and logging, error handling, versioning, and deprecation policy.
Implement a gateway layer like Kong during API runtime and utilize debugging tools like Apidog for design and development phase.
These measures ensure reliability, security, and efficient troubleshooting in API implementation.

Read Full Article

26 Likes

TechCrunch

Image Credit: TechCrunch

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach

Bitcoin ATM operator Byte Federal has reported a data breach affecting 58,000 customers.
The breach occurred on September 30 and was discovered on November 18.
The hacker gained access to customer data including names, addresses, phone numbers, IDs, and transaction activity.
Byte Federal has performed a hard reset on all customer accounts and updated internal passwords.

Read Full Article

2 Likes

TechJuice

Image Credit: TechJuice

New Chinese Spyware Poses Risk to Android Users

Chinese government authorities are using a new surveillance tool called EagleMsgSpy to steal private data from Android devices in the country.
The malware has been active since at least 2017 and is being used by mainland Chinese public security departments to gather extensive data from mobile devices.
EagleMsgSpy can record audio, capture screen activity, and access contacts, phone history, location data, and messages from apps like WhatsApp and Telegram.
The spyware, developed by Wuhan Chinasoft Token Information Technology, is likely used for domestic monitoring and poses a risk to all individuals traveling to the region.

Read Full Article

Dev

300

Image Credit: Dev

Building Cloud Security Efforts with AWS CAF and Well-Architected Framework

Cloud security engineers can enhance their efforts by leveraging the AWS Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF).
The AWS CAF consists of six perspectives: Business, People, Governance, Platform, Security, and Operations.
The AWS WAF focuses on pillars such as Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
Engineers can leverage these frameworks by defining organizational policies, implementing IAM best practices, automating detection, and conducting regular Well-Architected Reviews.

Read Full Article

18 Likes

Tech Radar

344

Image Credit: Tech Radar

Google says its next data centers will be built alongside wind and solar farms

Google plans to build its next data centers alongside wind and solar farms.
The move is part of a $20 billion investment to power data centers with clean energy.
Google aims to connect data centers directly to renewable energy sources instead of relying on fossil fuel-powered grids.
The company hopes to create a sustainable blueprint for future data center development.

Read Full Article

20 Likes

TechDigest

132

Image Credit: TechDigest

Scam ads slipping through net too easily on second-hand marketplaces, Which? warns

UK second-hand marketplaces like Gumtree, Facebook Marketplace, and Nextdoor are failing to detect and remove scam ads quickly enough, according to a new investigation by consumer watchdog Which?
These platforms do not offer buyer protection schemes, which can make it difficult for users to get their money back if they're s cammed
A survey of more than 2,000 UK adults by Which? found that many consumers did not know these platforms lacked buyer protection.
To test how easily scam ads can be posted on Gumtree, Facebook Marketplace, and Nextdoor, Which? created a fake identity and posted a suspicious ad for a secondhand Nikon digital camera. In each case, the ad went live and stayed up for several hours despite the obvious signs of fraud.
The report claimed that scams on online marketplaces is a growing problem, with the National Fraud Intelligence Bureau reporting over 56,603 incidents of online fraud and a loss of £104.6m in online shopping and auction fraud in the UK in the year up to October 2020.
Which? has called on the government and Ofcom to implement the Online Safety Act quicker to combat the growing issue of online fraud and crime

Read Full Article

7 Likes

TechBullion

Image Credit: TechBullion

Sree Gopinath’s Advocacy for Digital Privacy: Defending Critical National Interests

Sree Gopinath is an expert in cybersecurity strategies and navigating digital privacy and national security.
Sree believes digital privacy is a fundamental right that must be safeguarded as essential infrastructure shifts online.
He advocates for protecting data and digital assets from tampering and advancing technologies that protect privacy without breaching liberties.
Sree’s cybersecurity paradigm is rooted in defensive strategies aimed at averting unauthorized access rather than tracing perpetrators.
He pioneered strategies to secure vital networks by championing proactive digital privacy measures and developing tools that pinpointed vulnerabilities cyber adversaries might exploit.
Sree plays a pivotal role in national security by shielding financial systems from exploitation by malicious entities and identifying illicit transactions.
He advocates for governmental accountability in ensuring companies protect sensitive customer data to the highest standards and suggests governments consider legislation to require strict privacy standards.
Through focused advocacy and education, Sree empowers people to recognize and counter evolving threats, contributing to a secure digital future.

Read Full Article

2 Likes

Arstechnica

Image Credit: Arstechnica

Russia takes unusual route to hack Starlink-connected devices in Ukraine

Russian hackers have used the infrastructure of other threat actors to gather intelligence in Ukraine.
The Russian group known as Turla, Waterbug, Snake, or Venomous Bear has targeted front-line Ukrainian military forces.
They have leveraged the infrastructure of cybercrime group Storm-1919 and Russian threat actor Storm-1837.
The hackers' usual means of access is spear phishing, but the use of other threat actors' infrastructure is unusual.

Read Full Article

For uninterrupted reading, download the app