Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Amazon

218

Image Credit: Amazon

2024 H2 IRAP report is now available on AWS Artifact for Australian customers

AWS has made the new 2024 H2 IRAP report available on AWS Artifact for Australian customers.
The report includes an additional six AWS services assessed at the PROTECTED level under IRAP, bringing the total to 164.
The newly assessed services include AWS CodeConnections, AWS HealthLake, Amazon Kinesis Video Streams, Amazon Managed Grafana, Amazon Verified Permissions, and Amazon WorkSpaces Secure Browser.
AWS has developed an IRAP documentation pack to assist customers in planning, architecting, and assessing risk for workloads using AWS Cloud services.

Read Full Article

13 Likes

Medium

223

Image Credit: Medium

AI Scammers Are Getting Smarter: How Criminals Use Artificial Intelligence to Steal Millions

Scammers are now using artificial intelligence to carry out online fraud.
AI enables voice cloning, deepfake videos, chatbots, and automated hacking.
Examples include cloning voices to manipulate victims and using deepfake videos for blackmail or fraud.
Protecting oneself involves verifying calls, being skeptical of videos, and checking business legitimacy.

Read Full Article

13 Likes

TechViral

379

Image Credit: TechViral

Make Microsoft Edge More Secure with these 5 Settings

Enable the Enhanced Security Mode by going to Settings > Privacy, Search, and Services > Security and selecting Balanced or Strict settings.
Turn on Microsoft Defender SmartScreen and Block potentially unwanted apps in the Security section of the Edge browser settings.
Enable Tracking Prevention by going to Settings > Privacy, Search, and Services and ensuring the feature is enabled.
Run the Password Security Check in Settings > Profiles > Passwords to keep your passwords secure.
Enable auto clear for browsing data in Settings > Privacy, Search, and Services by selecting Clear Browsing Data on Close and specifying the items to be cleared.

Read Full Article

22 Likes

Siliconangle

236

Image Credit: Siliconangle

From cyber hygiene to quantum readiness: A strategic approach to digital trust

DigiCert aims to secure its customers’ digital assets for the future, with a strategic approach to digital trust.
The role of a Chief Trust Officer (CTrO) will become indispensable in cultivating digital trust from the ground up.
Quantum computing and generative AI have implications for the future of digital trust and security.
Steps can be taken to ready for quantum and gen AI-fueled cyberattacks, including inventorying cryptographic assets and preparing for quantum-resistant ciphers.

Read Full Article

14 Likes

Discover more

Unite

187

Image Credit: Unite

Open-Source Alternatives Amid Semgrep Licensing Controversy

Rival companies launch Opengrep, a fork of Semgrep, an open-source static application security testing tool.
Opengrep aims to provide unrestricted commercial and public access to its code, as an alternative to Semgrep's restrictive licensing model.
DevSecOps startup DeepSource launches Globstar, an open-source toolkit for code security, backed by Y-Combinator investors.
Other open-source alternatives for code analysis include SonarQube and ShellCheck, providing developers and enterprises with different options.

Read Full Article

11 Likes

Amazon

438

Image Credit: Amazon

AWS completes the annual UAE Information Assurance Regulation compliance assessment

Amazon Web Services (AWS) completes the annual compliance assessment on the Information Assurance Regulation (IAR) established by the Telecommunications and Digital Government Regulatory Authority (TDRA) of the UAE.
AWS Middle East (UAE) Region is covered in the compliance assessment report.
The report is available through AWS Artifact, a self-service portal for on-demand access to compliance reports.
AWS continues to align with IAR requirements to meet the expectations for cloud service providers and provide confidence to IAR-regulated customers.

Read Full Article

26 Likes

Insider

321

Image Credit: Insider

The biggest VC winners in the $32 billion Google-Wiz Deal

Google is acquiring cybersecurity startup Wiz for $32 billion in cash, marking its largest acquisition ever.
The deal emphasizes the increasing value of cybersecurity companies driven by the AI boom.
Venture capital firms like Sequoia Capital, Insight Partners, and Index Ventures are expected to have significant payouts from the deal.
Wiz's valuation has soared, and the acquisition price values the company at 32 times its projected revenue for the year.

Read Full Article

19 Likes

Tech Radar

227

Image Credit: Tech Radar

Criminals are using CSS to get around filters and track email usage

Cybercriminals are using CSS in emails to track and redirect victims to phishing pages.
CSS enables cybercriminals to hide content, track user behavior, and conduct spear-phishing or fingerprinting attacks.
Experts suggest adopting advanced filtering techniques to detect CSS abuse in emails and deploying AI-powered defenses.
The abuse of CSS in email campaigns is being used as a method to bypass security measures and exploit user preferences.

Read Full Article

13 Likes

TechCrunch

433

Image Credit: TechCrunch

CISA scrambles to contact fired employees after court rules layoffs ‘unlawful’

The U.S. government's cybersecurity agency, CISA, is scrambling to contact more than 130 former employees after a federal court ruled that the Trump administration must reinstate workers it unlawfully fired.
The ruling applies to federal probationary employees, including those who were hired or promoted within the past three years.
CISA is reaching out to the fired employees after not having their contact information on record and not being aware of all affected staff.
Re-hired employees will be placed on administrative leave with full pay and benefits.

Read Full Article

26 Likes

Cybersecurity-Insiders

102

Image Credit: Cybersecurity-Insiders

Google buys Wiz for $32 billion

Google is acquiring cloud security software provider Wiz for $32 billion in an all-cash transaction.
Wiz's suite of security products will be integrated with Google Cloud, enhancing security operations across major cloud platforms.
The acquisition aims to reduce the overall cost of cybersecurity, particularly in multi-cloud environments.
Google's CEO also expressed gratitude to SpaceX for the successful launch of the FireSat satellite constellation, a crucial asset in early wildfire detection and tracking.

Read Full Article

6 Likes

Pymnts

309

Image Credit: Pymnts

Why Does Google Want Multi-Cloud Security Platform Wiz So Badly?

Google parent Alphabet is reportedly close to acquiring cybersecurity startup Wiz for $33 billion.
Wiz offers AI-driven, cloud-based security solutions to identify and mitigate risks across cloud infrastructures.
The acquisition will enhance Google's cybersecurity offerings and provide more comprehensive security solutions.
The deal comes at a time when organizations are increasingly investing in advanced security solutions to combat evolving cyber threats.

Read Full Article

18 Likes

Tech Radar

348

Image Credit: Tech Radar

Fortinet firewall bugs are being targeted by LockBit ransomware hackers

LockBit ransomware hackers are targeting vulnerable Fortinet firewalls.
The threat actor is using two known vulnerabilities in Fortinet firewalls.
The newest variant of LockBit ransomware being deployed is named SuperBlack.
LockBit affiliate group named Mora_001 is believed to be behind the attacks.

Read Full Article

20 Likes

Securityaffairs

401

Image Credit: Securityaffairs

ChatGPT SSRF bug quickly becomes a favorite attack vector

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations.
The SSRF vulnerability exists in the pictureproxy.php file of ChatGPT, allowing attackers to inject crafted URLs and make arbitrary requests.
Veriti researchers noted over 10,000 attack attempts within a week, primarily targeting government organizations in the US.
Misconfigured Intrusion Prevention Systems and Web Application Firewalls left 35% of the analyzed companies unprotected.

Read Full Article

24 Likes

Siliconangle

Image Credit: Siliconangle

What to expect at Chainguard Assemble: Join theCUBE Mar. 26

As software development becomes more complex, enterprises face challenges with software supply chain security due to vulnerabilities introduced by open-source components.
Chainguard Inc. is leading the charge in promoting a secure-by-default model to address software security issues, focusing on reducing vulnerabilities proactively.
The Chainguard Assemble event will showcase the company's commitment to proactive security and feature discussions on software security innovations.
The event is expected to provide insights into the evolving software security landscape, with major announcements from Chainguard.
The Coalition for Secure AI (CoSAI), spearheaded by industry leaders like Chainguard, aims to develop tools for securing AI applications amidst rising security threats.
Chainguard's $140 million Series C funding supports the launch of Chainguard AI Images, enhancing security measures for AI applications.
The company offers hardened, containerized versions of open-source tools to mitigate vulnerabilities at their source and challenge traditional security models.
As enterprises integrate AI into their workflows, the need for secure AI systems grows, with Chainguard contributing to setting new benchmarks for AI security.
Proactive, built-in security measures are gaining traction as traditional security methods struggle to keep pace with advancing threats, shaping the future of secure software development.
TheCUBE will provide exclusive coverage of the Chainguard Assemble event on March 26, featuring discussions with industry experts on software security and vulnerability prevention.

Read Full Article

5 Likes

Dev

187

Image Credit: Dev

TryHackMe: CORS & SOP

Same-Origin Policy (SOP) guides how web browsers interact between web pages.
Cross-Origin Resource Sharing (CORS) allows servers to specify how resources can be requested from different origins.
CORS exceptions permit web pages to request resources from other domains under controlled conditions.
Server processes requests and includes CORS headers in responses for browser interpretation.
HTTP headers like Access-Control-Allow-Origin, Access-Control-Allow-Methods, and others play roles in CORS.
CORS distinguishes between simple requests and preflight requests based on HTTP methods and headers.
Process of a CORS request involves validation of Origin header against allowed origins.
Access-Control-Allow-Origin header indicates the permitted origin for a request.
CORS configurations include single origin, multiple origins, wildcard origin, and configurations with credentials.
Common CORS misconfigurations include null origin misconfigurations, bad regex in origin checking, and trusting arbitrary supplied origin.

Read Full Article

11 Likes

100

For uninterrupted reading, download the app