menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Securityaffairs

4w

read

159

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Microsoft Windows CLFS driver flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Microsoft Windows Common Log File System (CLFS) driver flaw to its Known Exploited Vulnerabilities catalog.
  • The flaw, CVE-2024-49138, has a CVSS score of 7.8 and allows a local attacker to escalate privileges.
  • Microsoft released security updates in December 2024 to address this vulnerability and 70 others.
  • CISA has ordered federal agencies to fix the vulnerability by December 31, 2024.

Read Full Article

like

9 Likes

share

2 Shares

source image

Siliconangle

4w

read

117

img
dot

Image Credit: Siliconangle

Citrix strengthens zero-trust security with acquisitions of deviceTRUST and strong.network

  • Citrix Systems Inc. has announced the acquisitions of deviceTRUST GmbH and strong.network SA to enhance zero-trust security in hybrid work environments.
  • deviceTRUST GmbH specializes in real-time contextual access solutions for virtual desktop infrastructure, while strong.network SA provides secure cloud development environments.
  • The acquisitions aim to strengthen security on the Citrix platform, isolate and protect access to critical applications, and ensure developers have secure cloud development environments.
  • deviceTRUST enables zero-trust strategies by continuously monitoring access context and enforcing dynamic access controls, while strong.network offers self-hosted Linux development environments with data protection features.

Read Full Article

like

6 Likes

share

1 Share

source image

Inside

4w

read

257

img
dot

Quality Outreach Heads-up - JDK24: Retiring the Security Manager

  • The OpenJDK Quality Group is promoting the testing of FOSS projects with OpenJDK builds as a way to improve the overall quality of the release.
  • The Security Manager, a legacy feature designed to enforce the principle of least privilege, is being retired due to its complexity, limited adoption, and maintenance costs.
  • In JDK 24, the Security Manager will be effectively disabled, and the Security Manager API will no longer have any operational effect.
  • Developers using older Java versions should transition to alternative sandboxing and API interception mechanisms.

Read Full Article

like

15 Likes

share

3 Shares

source image

Pymnts

4w

read

355

img
dot

Image Credit: Pymnts

Google Cloud and Swift Partner on Privacy-Preserving AI Model Training

  • Google Cloud and Swift are partnering to develop a secure, privacy-preserving solution for financial institutions using federated learning techniques.
  • Federated learning enables collaborative AI model training without compromising privacy and confidentiality.
  • Swift plans to roll out a sandbox with synthetic data in the first half of 2025, working with Google Cloud and 12 global financial institutions.
  • The solution aims to enhance cross-border payments experience by sharing fraud labels while ensuring data privacy and confidentiality.

Read Full Article

like

21 Likes

share

4 Shares

source image

Dev

4w

read

204

img
dot

Image Credit: Dev

The Hidden Danger: How Credential Sprawl is Creating Security Blind Spots in Modern Cloud Environments

  • The unauthorized cryptocurrency mining operations running in a Fortune 500 healthcare company’s AWS environment underscores the seriousness of the under-appreciated security challenges in cloud computing.
  • Credential sprawl has become one of the most pressing yet underappreciated security challenges in modern cloud computing.
  • Recent analysis revealed that the average enterprise maintains over 100,000 cloud credentials ,35% of all cloud credentials are either dormant or over-privileged, and 22% of organizations have experienced security incidents related to credential mismanagement.
  • Credential mismanagement can lead to severe data breaches and damage to reputations.
  • In some companies with legacy systems, automated tools have revealed more than 3,000 active service accounts and more than 150 former employee credentials still active.
  • Some best practices in credential management include providing just-in-time access control, automated credential lifecycle management, and advanced monitoring and detection.
  • Emerging technologies and future trends include machine learning-based access management and zero-trust implementation.
  • Organizations must move beyond traditional static access models to embrace dynamic, context-aware security frameworks to curtail the unnecessary exposure of sensitive data and damage to their organization’s reputation.
  • Adopting such measures would prevent issues like a startup meltdown that experienced 1.2 million customer records exposed, $4.5 million in regulatory fines, and an 18% drop in stock price.
  • It is important to remember that security is only as strong as the weakest credential, and with proper credential management, organizations could prevent security compromise and survive.

Read Full Article

like

12 Likes

share

2 Shares

source image

Medium

4w

read

115

img
dot

A Year of Code, Struggles, and Resilience

  • STELS, a platform for decentralized market automation, has undergone a transformation from its initial monolithic system to STELS 2.0 built on modern technologies.
  • Key mistakes, such as toxic environment, regulatory challenges, managerial failures, lack of contracts, financial mismanagement, and failed delegation, nearly derailed the project.
  • STELS 2.0 is built on six principles: filtering the environment, regulatory structure through protocols, decentralized governance, no partners or contracts, AI as CFO, and interest-based business distribution.
  • The past year involved extensive coding and groundwork, including protocol design, system architecture, cost optimization, decentralization, and cross-platform applications.
  • STELS represents resilience and the future of decentralized market automation, ready to reshape how we think about automation, decentralization, and trading.

Read Full Article

like

6 Likes

share

1 Share

source image

TechCrunch

4w

read

0

img
dot

Image Credit: TechCrunch

ElevenLabs’ AI voice generation ‘very likely’ used in a Russian influence operation

  • The recent report by Recorded Future suggests that a Russian influence operation, known as "Operation Undercut," used AI-generated voiceovers to create fake or misleading news videos.
  • The campaign aimed to undermine Europe's support for Ukraine by attacking Ukrainian politicians and questioning military aid to Ukraine.
  • Recorded Future researchers confirmed the use of AI voice generation, including technology from ElevenLabs, by submitting the clips to ElevenLabs' AI Speech Classifier.
  • ElevenLabs has faced allegations of misuse before, including its tech being used for a robocall impersonating President Joe Biden during a primary election.

Read Full Article

like

Like

share

Share

source image

Dev

4w

read

430

img
dot

Image Credit: Dev

Reconnaissance & Information Gathering

  • Reconnaissance and information gathering is the process of collecting data about a target.
  • Popular techniques for reconnaissance include social engineering, phishing, and footprinting.
  • Network scanning, OS fingerprinting, and vulnerability scanning are also commonly used.
  • Passive reconnaissance involves low-risk activities, while active reconnaissance carries a higher risk of detection.

Read Full Article

like

25 Likes

share

6 Shares

source image

Tech Radar

4w

read

266

img
dot

Image Credit: Tech Radar

Claude AI and other systems could be vulnerable to worrying command prompt injection attacks

  • Security researchers tricked Anthropic's Claude Computer Use to download and run malware
  • Prompt injection attacks can compromise AI tools such as GenAI
  • Claude Computer Use is still in beta and has a disclaimer regarding potential risks
  • Other AI tools like DeepSeek AI chatbot and Large Language Models (LLM) are also vulnerable to prompt injection attacks

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

4w

read

284

img
dot

Image Credit: Securityaffairs

Microsoft December 2024 Patch Tuesday addressed actively exploited zero-day

  • Microsoft December 2024 Patch Tuesday security updates addressed 71 vulnerabilities including an actively exploited zero-day.
  • 16 vulnerabilities are rated Critical, 54 are rated Important, and one is rated Moderate in severity.
  • One of the issues addressed by Microsoft, tracked as CVE-2024-49138, is actively exploited in the wild.
  • The most severe flaw addressed by Microsoft is a Windows Lightweight Directory Access Protocol (LDAP) Remote Code Execution Vulnerability tracked as CVE-2024-49112.

Read Full Article

like

17 Likes

share

3 Shares

source image

Pymnts

4w

read

79

img
dot

Image Credit: Pymnts

Meta Sounds Pre-Holiday Alarm As Scam Incidents Jump 56%

  • Meta has launched a pre-holiday anti-scam awareness campaign to keep users safe.
  • Scammers are using various tactics like fake coupons, gift cards, and non-existent Christmas decorations.
  • Meta advises users to be cautious of phishing emails and texts and to avoid sharing personal information.
  • Scam-related fraud has increased by 56%, making it the leading form of fraud.

Read Full Article

like

4 Likes

share

1 Share

source image

Embedded

4w

read

359

img
dot

Crypto Quantique Introduces Post-Quantum Cryptography (PQC) in its QuarkLink IoT Device Security Platform

  • Crypto Quantique has enhanced its QuarkLink IoT device security platform with a hybrid post-quantum cryptographic method.
  • QuarkLink diminishes the time and cost of executing essential security activities in embedded devices (IoT) and industrial PCs by as much as 10 times.
  • The hybrid key encapsulation technology integrated into QuarkLink provides instant security against conventional assaults and safeguards against potential quantum computer threats.
  • QuarkLink hybrid-PQC is now accessible for MPUs operating on Embedded Linux, with support for MCUs expected to be released in the first quarter of 2025.

Read Full Article

like

21 Likes

share

5 Shares

source image

Dev

4w

read

403

img
dot

Image Credit: Dev

Turning a Customer Security Concern into a Feature

  • LiveAPI is developing a product called LiveAPI, which creates automated API docs for projects.
  • A main concern for users was the security of the product, as it requires linking their GitHub or GitLab account.
  • To address this, LiveAPI has introduced the LiveAPI Runner, acting as an agent between the backend and the client.
  • The LiveAPI Runner allows users to clone repositories on their own platform and monitor file access for transparency.

Read Full Article

like

24 Likes

share

5 Shares

source image

BGR

4w

read

310

img
dot

Image Credit: BGR

Someone hacked iOS 18 to get AI, Camera Control, and more on an iPhone 15

  • iOS 18 hack allows enabling Apple Intelligence, Camera Control, and more on iPhone 15
  • Apple announced that Apple Intelligence is only available on iPhone 15 Pro models and iPhone 16 series
  • Hardware constraints, such as the Neural Engine and RAM, prevent Apple Intelligence on non-Pro iPhone 15 models
  • A software vulnerability allowed for the hack, but Apple has since patched it

Read Full Article

like

18 Likes

share

4 Shares

source image

TechCrunch

4w

read

0

img
dot

Image Credit: TechCrunch

US sanctions Chinese cybersecurity firm for firewall hacks targeting critical infrastructure

  • The U.S. sanctions Chinese cybersecurity company and employee for firewall hacks targeting critical infrastructure
  • The employee of Sichuan Silence exploited a zero-day vulnerability in Sophos firewalls
  • Approximately 81,000 firewalls were compromised in the hacking campaign
  • The purpose of the exploit was to steal data and attempt to infect victims' systems with ransomware

Read Full Article

like

Like

share

Share

Prev

70
71
72
73
74
75
76
77
78
79
80

Next

For uninterrupted reading, download the app