Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Securityaffairs

Image Credit: Securityaffairs

CISA warns of RESURGE malware exploiting Ivanti flaw

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances.
RESURGE malware exploits the CVE-2025-0282 flaw in Ivanti Connect Secure appliances and has been used in attacks.
The malware creates web shells, bypasses integrity checks, and facilitates credential harvesting and privilege escalation.
CISA provides details about the malicious Linux shared object file 'libdsupgrade.so' and the log-tampering variant of 'SPAWNSLOTH' associated with the RESURGE malware.

Read Full Article

3 Likes

Hackingblogs

10h

253

Image Credit: Hackingblogs

Vroom Leaked 30000+ Australians Bank Detail Are Exposed And ID’S Leaked

Australia's car loan marketplace Vroom by YouX experienced a security breach in which 27,000 driver's licenses, Medicare cards, and partial credit card information were made public.
The breach involved a non-password-protected Amazon S3 database that contained personal information such as bank statements, employment data, and Medicaid cards.
The exposed data poses risks of identity theft and fraud, and cybercriminals could potentially use the information for phishing scams or creating fake accounts.
To prevent similar incidents, cybersecurity researcher Jeremiah Fowler suggests implementing data minimization policies, active monitoring, and anomaly detection systems.

Read Full Article

15 Likes

Securityaffairs

12h

126

Image Credit: Securityaffairs

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Sam's Club, a Walmart-owned membership warehouse club chain, is investigating the alleged Cl0p ransomware security breach.
The Cl0p ransomware group listed Sam's Club among its victims, accusing the company of ignoring security.
Sam's Club announced that it is actively investigating the matter, but has seen no evidence of a breach.
In December 2024, the Cl0p ransomware group claimed to have breached multiple companies through the Cleo file transfer software vulnerability.

Read Full Article

7 Likes

Hackersking

19h

Image Credit: Hackersking

How To Use Remote Access Trojan AndroRAT | All Errors Solved

AndroRAT is a free software that allows remote control of Android devices.
It can be used responsibly in penetration testing.
Before using AndroRAT, you need a computer running Windows or Linux, JDK, and a port forwarding service.
AndroRAT can be used to generate a malicious APK, gain remote access, and perform various actions on the target device.

Read Full Article

4 Likes

Discover more

Securityaffairs

319

Image Credit: Securityaffairs

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme

The U.S. DOJ seized over $8.2 million in USDT stolen through ‘romance baiting’ scams.
Fraudsters tricked victims into fake investments promising high returns.
The FBI used blockchain intelligence to trace the flow of funds through various platforms and networks.
The seizure provides restitution for victims as the FBI traces additional addresses.

Read Full Article

19 Likes

Securityaffairs

327

Image Credit: Securityaffairs

Experts warn of the new sophisticate Crocodilus mobile banking Trojan

The new Android trojan Crocodilus exploits accessibility features and targets users in Spain and Turkey.
Crocodilus uses overlay attacks, keylogging, and remote access to steal banking and crypto credentials.
The trojan supports advanced keylogger capabilities and a wide range of bot and RAT commands.
Crocodilus is linked to the threat actor 'sybra' and poses a significant threat to banks and cryptocurrency wallets.

Read Full Article

19 Likes

Cybersecurity-Insiders

204

Image Credit: Cybersecurity-Insiders

Personal Data Exposure: The Silent Cybersecurity Threat That You Need to Address

Personal data exposure poses a significant cybersecurity threat due to potential unauthorized access to stored information on websites.
Exposed data can be shared across platforms or accessed by data brokers, leading to privacy risks and unauthorized third-party access.
The risks of data exposure include identity theft, financial fraud, cyberattacks, and phishing attempts.
Protecting personal data from exposure is crucial but can be challenging due to low awareness, long-term effort, repopulation of data, and far-sighted consequences.
Minimizing data exposure involves steps like scanning for old accounts, adjusting privacy settings, using a VPN, managing passwords, utilizing data removal services, and being cautious of deceptive websites.
Even top cybersecurity companies like Microsoft face challenges in addressing personal data exposure.
Data exposure consequences may not be immediate, making it a hidden yet major cybersecurity threat.
Proactive protection and keeping personal information private are essential to mitigate risks associated with personal data exposure.
Understanding the risks of data exposure and taking preventative measures are key to safeguarding personal data in the digital age.
Overall, personal data exposure is a critical issue that demands attention to ensure online privacy and security.

Read Full Article

12 Likes

Securityaffairs

277

Image Credit: Securityaffairs

Crooks are reviving the Grandoreiro banking trojan

Crooks are reviving the Grandoreiro banking trojan.
Grandoreiro is a modular backdoor with various capabilities including keylogging, command execution, and web-injects.
The trojan has been active since 2016 and initially targeted Brazil but expanded to Mexico, Portugal, and Spain.
The recent phishing campaigns use VPS hosting, obfuscation, and malicious ZIP files to evade detection and steal credentials.

Read Full Article

16 Likes

Amazon

152

Image Credit: Amazon

AWS continues to support government cloud security and shape FedRAMP’s evolution toward automated compliance

AWS supports the modernization of FedRAMP and the shift towards automated and efficient compliance.
AWS is dedicated to maintaining support for existing FedRAMP authorizations while preparing for the new program framework.
They will participate in industry working groups and invest in tools and services to help customers adapt to the new compliance model.
AWS encourages customers to continue operating under current guidelines, stay informed, and explore automation capabilities for security compliance.

Read Full Article

9 Likes

Infoblox

329

Image Credit: Infoblox

Mentors, Mothers, and Managers: Lessons from Women Who Lead

In honor of Women's History Month, the author reflects on her journey influenced by powerful women and luck, leading her to cybersecurity leadership.
From growing up with extreme planning tendencies to unexpectedly heading a global threat intelligence team, the author acknowledges the role of luck in her success.
The author's journey from poverty to a PhD in mathematics and a career at the NSA highlights the impact of influential women and lessons learned along the way.
Emphasizing the importance of supportive environments and seeking mentorship, the author shares how championing others and seeking help can lead to shared progress.
Despite her initial career plans, flexibility led the author to managerial roles driven by a mentor's advice, ultimately guiding her to a successful transition to Infoblox.
Working in cybersecurity at Infoblox, the author focuses on protecting a diverse range of individuals and acknowledges the need for more women and minorities in the field.
The author stresses the importance of early education in cybersecurity to foster talent and diversity, highlighting the need for opportunities for all genders and minorities.
Reflecting on her journey and the impact of supportive teams, the author finds fulfillment in championing others and celebrating diverse perspectives in the tech industry.
As Women's History Month concludes, the author encourages supporting and championing one another while navigating planned paths with flexibility to empower future success.

Read Full Article

19 Likes

Sentinelone

385

Image Credit: Sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 13

Interpol conducted Operation Red Card which led to the arrest of 306 cybercriminal suspects involved in African cyber scam operations, defrauding over 5000 victims.
In Nigeria, 130 suspects were detained for investment and online casino schemes, while Zambia and South Africa also made arrests related to cybercrimes.
Recent operations like 'Red Card', 'Serengeti', and 'Africa Cyber Surge II' target the cybercriminal networks in Africa, which have caused significant financial losses.
A new automated credential stuffing service called 'Atlantis AIO Multi-Checker' targets 140 online services, allowing attackers to test stolen credentials and bypass security measures.
Credential stuffing involves using stolen usernames and passwords to gain unauthorized access to accounts and can lead to hijacking, locking out users, and selling accounts on the dark web.
Atlantis AIO enables attackers to automate account recovery, exploit weak passwords, and sell compromised accounts for as little as $0.50 each on underground markets.
EncryptHub, a financially-motivated threat actor, exploits a Windows zero-day vulnerability (CVE-2025-26633) to execute malware and steal sensitive data.
The vulnerability allows attackers to execute malicious payloads, deploy various types of malware, manipulate MSC files, and bypass Windows security mechanisms.
EncryptHub has been associated with at least 618 breaches globally and operates as an affiliate of ransomware groups, emphasizing the need for strong endpoint protection in combating such threats.
Enterprises are advised to deploy trusted security solutions and adhere to best practices to mitigate the risks posed by evolving cyber threats like MSC EvilTwin.

Read Full Article

23 Likes

Socprime

Image Credit: Socprime

CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader

CoffeeLoader is a new sophisticated malware that evades security protection by using advanced evasion techniques and Red Team methods spread via SmokeLoader.
With over 1 billion malware strains circulating and 300 new malware pieces daily, early detection of emerging threats is crucial.
SOC Prime Platform offers detection algorithms against CoffeeLoader attacks, compatible with various security solutions and mapped to the MITRE ATT&CK framework.
Security professionals can hunt for IOCs using Zscaler research and Uncoder AI to transform IOCs into custom queries for SIEM or EDR platforms.
CoffeeLoader, discovered in September 2024, is designed to download and execute secondary payloads stealthily using unique GPU-based packing techniques.
The malware samples are packed, with CoffeeLoader mimicking ASUS's legitimate Armoury Crate utility using a packer called Armoury.
CoffeeLoader establishes persistence via Windows Task Scheduler and uses varied evasion tactics like call stack spoofing, sleep obfuscation, and Windows fibers.
It employs HTTPS for C2 communication, domain generation algorithms, and certificate pinning if primary C2 channels fail.
CoffeeLoader, spread through SmokeLoader, shares similarities with it in behaviors like scheduled tasks for persistence and utilizing low-level Windows APIs.
While a new SmokeLoader version shares some evasion features with CoffeeLoader, the relation between the two remains unclear.

Read Full Article

Securityaffairs

11h

154

Image Credit: Securityaffairs

Security Affairs newsletter Round 517 by Pierluigi Paganini – INTERNATIONAL EDITION

FBI and DOJ seize $8.2 Million in romance baiting crypto fraud scheme
Experts warn of the new sophisticate Crocodilus mobile banking Trojan
Russian authorities arrest three suspects behind Mamont Android banking trojan
Mozilla fixed critical Firefox vulnerability CVE-2025-2857

Read Full Article

9 Likes

Medium

Safeguarding Your Accounts: Passwords & 2FA

Using strong, unique passwords is crucial in safeguarding your accounts, as attackers often test stolen credentials on multiple platforms.
Consider using passphrases instead of single-word passwords, which are easy to remember and hard to crack.
Using a password manager is recommended to securely store and manage your passwords.
Enable Two-Factor Authentication (2FA) as an additional layer of security for your accounts, but avoid SMS-based 2FA due to vulnerabilities.

Read Full Article

2 Likes

Cybersecurity-Insiders

351

Image Credit: Cybersecurity-Insiders

PCI DSS 4.0.1 and Non-Human Identity Management: What You Need to Know

PCI DSS 4.0.1 introduces stricter security requirements around Non-Human Identities (NHIs), such as service accounts and roles, emphasizing their critical role in modern IT environments.
New requirements focus on least privilege, identity and authentication policies, deactivating unused accounts, managing shared IDs, revoking access for terminated users, interactive login capabilities, and credential rotation based on risk.
Attacks targeting NHIs have increased, leading to a need for dedicated focus on securing NHIs to mitigate cybersecurity threats.
Service accounts are common targets for attackers due to weak authentication, resulting in significant security risks for organizations.
PCI DSS 4.0.1 highlights the importance of stringent controls to address vulnerabilities related to NHIs and service accounts, stressing secure authentication practices.
Organizations are advised to assign ownership, automate access management, enforce authentication best practices, monitor anomalies, secure application credentials, review access rights regularly, and rotate secrets to ensure compliance.
Compliance with PCI DSS 4.0.1 requires proactive steps like mapping NHIs, automating access management, enforcing authentication practices, and regularly reviewing and rotating credentials.
Ensuring compliance with evolving standards and enhancing security posture are crucial for organizations in preparation for PCI DSS 4.0.1 requirements.
Adopting an NHI management solution can assist organizations in navigating the new requirements and ensuring compliance with PCI DSS 4.0.1.

Read Full Article

21 Likes

For uninterrupted reading, download the app