Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Amazon

10h

235

Image Credit: Amazon

CISPE Data Protection Code of Conduct Public Register now certifies 122 AWS services as adherent

Amazon Web Services (AWS) now has 122 services certified as adherent to the CISPE Data Protection Code of Conduct, demonstrating commitment to data protection standards.
Certified AWS services ensure data processing compliance with the European Union's GDPR, offering assurance to AWS customers.
The CISPE Code of Conduct is the first pan-European code for cloud infrastructure providers, aligning with GDPR requirements and enabling development of GDPR-aligned cloud services.
The CISPE Code received GDPR compliance approval and is aimed at facilitating the provision of GDPR-compliant cloud services in Europe.
EY CertifyPoint, the accredited monitoring body, audited and certified 122 AWS services for adherence to CISPE requirements, ensuring compliance with the GDPR.
AWS has expanded the scope of certified services, adding ten additional services in May 2025, reflecting AWS's commitment to compliance with data protection standards.
The Certificate of Compliance demonstrating AWS's adherence is available on the CISPE Public Register for verification.
AWS aims to include more services in its compliance programs to meet architectural and regulatory needs, underscoring its dedication to data protection standards.
For further information or inquiries regarding AWS compliance with the CISPE Code, customers can reach out to their AWS account team.
To learn more about AWS compliance and security programs, customers can visit AWS Compliance Programs, GDPR Center, and the EU data protection section on the AWS Cloud Security website.
Feedback and questions can be directed to the AWS Compliance team through the Contact Us page.

Read Full Article

14 Likes

Securityaffairs

15h

Image Credit: Securityaffairs

McLaren Health Care data breach impacted over 743,000 people

McLaren Health Care experienced a ransomware attack in 2024, exposing personal data of 743,000 individuals.
The nonprofit health care organization operates in Michigan and discovered the breach on August 5, 2024.
Names, Social Security numbers, driver's license numbers, health insurance details, and medical information were compromised.
McLaren is providing affected individuals with 12 months of free credit monitoring services.
In a previous incident in November 2023, McLaren disclosed a breach affecting 2,192,515 individuals.
The attackers in the latest breach remain unidentified, and the company did not disclose technical details.

Read Full Article

Kaspersky

20h

219

Image Credit: Kaspersky

SparkKitty: a new stealer in the App Store and Google Play | Kaspersky official blog

SparkKitty is a new cross-platform image stealer targeting smartphones, aiming to steal photos from victims' devices through malicious apps and suspicious links.
The malware was found in the App Store and Google Play, embedded in apps like a cryptocurrency tracker and messaging app with crypto-exchange features.
In Google Play, a messaging app was infected, while in the App Store, the malware was detected in the 币coin app.
Attackers spread SparkKitty through suspicious links, including a TikTok mod for Android, leading users to a page resembling the App Store for fake app downloads.
The malware targeted users in Southeast Asia and China but poses a threat globally, potentially stealing sensitive information like crypto wallet seed phrases.
Protecting against SparkKitty involves securing your smartphone's gallery and using tools like Kaspersky Password Manager to safeguard sensitive photos.
Checking devices for infected apps and utilizing security solutions like Kaspersky for Android and iOS can help prevent data theft by SparkKitty.
Stay informed about emerging cyberthreats and ensure photo security by following updates on Kaspersky's Telegram channel and using secure storage methods.
Kaspersky recommends using their password manager to store and protect valuable photos and sensitive information across devices.
By being vigilant about app sources and utilizing security tools, users can defend against the evolving tactics of malware like SparkKitty.

Read Full Article

13 Likes

Securityaffairs

273

Image Credit: Securityaffairs

Qilin ransomware gang now offers a “Call Lawyer” feature to pressure victims

The Qilin ransomware group now offers a "Call Lawyer" feature to provide legal support to affiliates and pressure victims into paying, as reported by cybersecurity firm Cybereason.
Qilin, active since at least August 2022 and gaining attention in June 2024 for attacking a UK governmental service provider, uses double extortion tactics and takes a percentage of ransom payments.
Affiliates are ordered not to target systems in CIS countries like other ransomware operations.
Qilin is positioning itself as a full-service cybercrime platform, offering advanced tools, legal support, spam services, and large data storage.
The "Call Lawyer" feature increases pressure on victims during ransom negotiations by offering legal consultations and introducing legal risks.
By introducing network spreading and a DDoS option, Qilin demonstrates sophistication and adaptability in various cyberattack scenarios.
A translation of the ransomware group's text explains how the "Call Lawyer" feature works to increase ransom amounts and apply legal pressure on companies.
Qualys also highlights the strong operational model and legal support provided by Qilin to clients for successful ransomware payouts.
The Qilin ransomware group is intensifying its activity, as shown by a heatmap reporting host compromises.
Organizations are advised to adopt proactive measures to defend against sophisticated threats like Qilin ransomware, as per Qualys' recommendations.
Qilin ransomware group's strategy includes legal support, incentives, and technology for successful ransom payouts.
Cybereason's report emphasizes Qilin's emergence as a major ransomware player, offering more than just malware and aiming to lead the next wave of ransomware-as-a-service operations.

Read Full Article

16 Likes

Discover more

Hackersking

115

Image Credit: Hackersking

How Hackers Create Phishing Email Templates of Instagram, Gmail, etc.

Phishing attacks remain highly effective due to the ability to clone professional-looking email templates from trusted services like Instagram, Gmail, etc.
PhishMailer is an open-source tool on GitHub for creating and sending phishing emails resembling popular services, using pre-made email formats.
The blog emphasizes educational purposes to raise awareness about phishing threats.
Hackers use PhishMailer by installing it, selecting a phishing template, configuring SMTP email settings, sending the phishing email, and capturing credentials on a fake login page.
Commonly targeted platforms include Instagram, Gmail, Facebook, and PayPal with emails related to suspicious activities or login attempts.
Tips to stay safe from phishing emails include checking sender's email address, previewing URLs, enabling 2FA, and reporting phishing attempts to service providers.
PhishMailer highlights the ease of creating convincing phishing emails, underscoring the importance of digital awareness and user education.

Read Full Article

6 Likes

Securityaffairs

343

Image Credit: Securityaffairs

Cloudflare blocked record-breaking 7.3 Tbps DDoS attack against a hosting provider

Cloudflare successfully blocked a record-breaking 7.3 Tbps DDoS attack in May 2025, surpassing the previous peak by 12%.
The attack targeted a hosting provider using Cloudflare's DDoS protection solution, Magic Transit.
In January and February 2025, Cloudflare experienced over 13.5 million DDoS attacks, primarily impacting its infrastructure and protected hosting providers.
The 7.3 Tbps attack sent 37.4 TB of data in 45 seconds, equivalent to streaming 9,350 HD movies or downloading 9.35 million songs.
The attack focused on a single IP, hitting an average of 21,925 ports per second and peaking at 34,517, with mainly UDP floods.
It originated from 122,145 IPs across 5,433 networks in 161 countries, with a significant portion from Brazil and Vietnam.
Cloudflare's system autonomously blocked the attack without human intervention, managing the traffic effectively.
The previous record DDoS attack blocked by Cloudflare was 5.6 Tbps, occurring in October 2024.

Read Full Article

20 Likes

Pymnts

10h

Image Credit: Pymnts

AT&T’s Proposed Settlement of Data Breach Lawsuit Receives Preliminary Approval

AT&T's proposed settlement of a class action lawsuit over data breaches received preliminary approval from a judge on Friday.
The $177 million settlement was deemed fair and reasonable by the judge.
The lawsuit stemmed from data breaches announced by AT&T in May 2024 and July, affecting tens of millions of customers.
Under the settlement, affected customers may receive up to $2,500 or $5,000, with remaining funds distributed to others whose information was accessed.
AT&T denied responsibility for the breaches but agreed to settle to avoid lengthy litigation.
In a cybersecurity incident, records of calls and texts of almost all wireless customers were stolen, but no content or personal data was taken.
The stolen data could potentially be used to associate telephone numbers with names through public tools.
The breach was linked to an earlier incident involving cloud vendor Snowflake.
In a separate settlement with the FCC, AT&T agreed to pay $13 million and enhance data governance following a 2023 hack.
The settlement shows AT&T's efforts to address data breach issues and compensate affected customers.

Read Full Article

1 Like

Securityaffairs

17h

242

Image Credit: Securityaffairs

American steel giant Nucor confirms data breach in May attack

American steel giant Nucor confirms data breach in May cyberattack.
Nucor, North America's largest steel maker, disclosed unauthorized access to certain IT systems.
The company activated its incident response plan and involved law enforcement and cybersecurity experts.
Limited data was stolen from Nucor's systems during the cyberattack.
Operations and IT systems have been restored, and the threat actor no longer has access.
Nucor confirmed no material business or financial impact from the incident.
The nature of the attack was not specified in the notifications.
Experts suggest Nucor may have been a victim of a ransomware attack.
No group has claimed responsibility for the cyberattack on Nucor.
The incident is being monitored for any further developments.
Nucor is reviewing and evaluating the impacted data for potential notifications.
The company is committed to complying with regulatory requirements following the cyber incident.
Nucor believes it has addressed the cybersecurity incident and restored normal operations.
The cybersecurity incident did not have a significant impact on Nucor's business or finances.
Nucor continues to assess its cybersecurity measures to prevent future incidents.

Read Full Article

14 Likes

Schneier

17h

106

Largest DDoS Attack to Date

A recent unprecedented DDoS attack reached 7.3 Tbps.
The attack mainly utilized User Datagram Protocol packets.
UDP is commonly used for time-sensitive communications like gaming and video playback.
UDP speeds up communication by not requiring a formal connection setup before data transfer.
Unlike TCP, UDP does not establish a connection through a handshake or ensure proper data reception.
In UDP flood attacks, high volumes of packets flood random or specific ports on the target IP.
These floods can overwhelm the target's Internet link or internal resources with excessive packets.
Attackers can flood servers using UDP without obtaining permission, causing strain on the target system.
UDP floods often send numerous datagrams to multiple ports on the target system.
The targeted system must respond with an equal number of data packets, leading to strain and denial of legitimate traffic.

Read Full Article

6 Likes

Securityaffairs

18h

1.9k

Image Credit: Securityaffairs

The financial impact of Marks & Spencer and Co-op cyberattacks could reach £440M

The Cyber Monitoring Centre (CMC) has categorized cyberattacks on Marks & Spencer and Co-op as a Category 2 event, with estimated financial losses between £270M and £440M.
Hackers named DragonForce claimed responsibility for the Co-op attack, accessing data of current and past members.
Co-op initially denied customer data compromise but later confirmed data breach.
DragonForce also targeted M&S and confessed to trying to hack Harrods, accessing staff and customer data.
The attack exposed personal details of Co-op members but did not include sensitive information like passwords or financial data.
DragonForce is known for ransomware attacks, data theft, and running a cybercrime affiliate service.
The CMC linked M&S and Co-op attacks due to shared timing and threat actor, estimating total financial impact at £270M–£440M.
The attacks caused major business disruption and financial consequences for M&S and Co-op.
Estimated costs include legal fees, business interruption, incident response, and IT restoration for both companies.
M&S anticipates a £300M impact, with significant declines in online sales and consumer spending.
The incidents emphasized the vulnerability of retail supply chains and the importance of crisis preparedness and cyber resilience.
CMC stresses the need for stress-testing crisis plans, financial resilience, enhanced cyber hygiene, and access control improvement.
Clear crisis communication and robust recovery capabilities are essential during cyber incidents.
CMC aims to enhance cyber readiness through collaboration and transparency.
The financial impact of the M&S and Co-op cyberattacks highlights the widespread repercussions of cyber incidents in the retail sector.

Read Full Article

Securityaffairs

20h

Image Credit: Securityaffairs

Iran-Linked Threat Actors Cyber Fattah Leak Visitors and Athletes’ Data from Saudi Games

Iran-linked threat actors known as Cyber Fattah have leaked thousands of records on athletes and visitors from past Saudi Games, as reported by U.S.-based cybersecurity firm Resecurity.
The stolen data, leaked in the form of SQL dumps, includes personal information about visitors and athletes from the Saudi Games.
Resecurity views this incident as part of a broader information operation conducted by Iran and its proxies to instill insecurity and disrupt peace in the region.
Iran is increasing anti-US, anti-Israel, and anti-Saudi propaganda activities in cyberspace, targeting major sports and social events.
The incident is significant amidst escalating tensions between Israel and Iran, with threat actors leveraging the roles of Saudi Arabia and the United States in regional relationships and security.
Hezbollah-linked, Hamas-linked, and pro-Iranian groups in Iraq have amplified the incident through targeted propaganda activities on digital media channels.
The data originates from a database associated with the Saudi Games 2024 official website, containing personal information such as International Bank Account Numbers (IBANs) and medical examination certificates.
The breach poses serious implications for cybersecurity, sports integrity, and global audiences.
No confirmed date yet for the Saudi Games 2025, with Saudi Arabia hosting various major sports events like the Islamic Solidarity Games and Esports World Cup 2025.
Saudi Arabia aims to host the Olympics in 2036, with threat actors potentially targeting the reputation and efforts of the country through cyberattacks.
The cyberattack on the Saudi Games is part of a broader narrative aimed at spreading insecurity and disrupting peace in the region.
The incident underscores the vulnerability of major sports competitions to cyber threats and serves as a reminder of the importance of safeguarding sensitive data.
For more information, follow Pierluigi Paganini on Twitter: @securityaffairs, Facebook, and Mastodon.
Credit: SecurityAffairs - hacking, Cyber Fattah

Read Full Article

2 Likes

Securityaffairs

280

Image Credit: Securityaffairs

Iran confirmed it shut down internet to protect the country against cyberattacks

Iran confirmed an internet shutdown to counter Israeli cyberattacks aimed at protecting critical infrastructure and preventing drone interference.
The internet blackout in Iran occurred amid escalating military tensions with Israel, impacting the country's communication and information access.
The exact cause of the internet shutdown remains uncertain, with no definitive evidence linking it to a technical failure, deliberate government action, or external cyber operation.
The Iranian government has acknowledged ordering the shutdown to safeguard against cyberattacks, citing threats to infrastructure and drone control.
Reports indicate that enemy drones were controlled through the internet, prompting the restriction to ensure national security and prevent further disruptions.
The internet blackout followed cyberattacks on Iranian institutions, including the hacking of Iran's largest crypto exchange and disruptions in banking services.
A pro-Israel hacking group, 'Predatory Sparrow,' claimed responsibility for the cyberattacks on Iran, targeting financial institutions and crypto exchanges.
The group accused Iran of using crypto exchanges to evade sanctions and claimed to have destroyed data at Iran's state-owned Bank Sepah, leading to potential banking disruptions.
Cybersecurity firms confirmed the theft of crypto assets and their transfer to accounts referencing Iran's Revolutionary Guard Corps, highlighting the ongoing cyber warfare.

Read Full Article

16 Likes

Hackingblogs

126

Image Credit: Hackingblogs

FREE NOTES API-HACKING DAY 3: Finding Anyones’s Location In crAPI Using EDE & Bola Bugs

API-HACKING: Excessive Data Exposure bug occurs when an API returns more data than required for a user.
Sensitive data may be exposed when APIs return unnecessary information.
Examples of attack scenarios due to Excessive Data Exposure bug are discussed.
Exploiting the vulnerability using crAPI to access private information is explained.
Chaining Excessive Data Exposure with BOLA vulnerabilities to reveal car location is described.
An attacker could exploit the two vulnerabilities to find someone's car location.
Using Burp Suite, the attacker could access leaked sensitive data like VIN numbers and car locations.
The Excessive Data Exposure flaw and BOLA weakness are exploited to gather information about a car's location.
By chaining the vulnerabilities, the attacker successfully retrieves location details using the VIN number.
The report highlights the risks of data exposure and methods for detecting and addressing security breaches.
Real-time threat feeds are utilized to monitor for data exposure and potential impersonation risks.
The platform offers alerts and reports on leaked data, importance of the breach, and steps to mitigate risks.

Read Full Article

7 Likes

Dataprivacyandsecurityinsider

323

CISO’s: Take a Look at CSC’s CISO Outlook 2025 Report

Cybersecurity firm CSC releases CISO Outlook 2025 Report on upcoming challenges for CISOs.
Report based on survey of 300 CISOs globally; predicts intensifying cybersecurity challenges.
Key findings: 70% CISOs foresee increased security threats in the next year.
98% believe risks will rise over next three years; 66% expect cyber risks to be 'significant.'
76% somewhat confident in mitigating domain attacks; regulatory compliance remains a challenge.
AI-powered attacks escalating threat levels; top cited risks include cybersquatting and DDoS attacks.
Anticipated risks in next three years: cybersquatting, domain/DNS hijacking, ransomware/malware.
CISOs acknowledge evolving and complex cyber threats, making defense harder.
Proposed steps: Establish AI Governance Program, focus on Shadow AI, prepare for security audits, consider outsourcing.
Protecting organizations in 2025 will remain intricate amid evolving threats and risks.

Read Full Article

19 Likes

Dataprivacyandsecurityinsider

359

VPPA Class Action Plaintiffs May Not Waive Arbitration Goodbye

A federal court in the Northern District of California ruled that a VPPA class action lawsuit should be resolved through arbitration due to the defendant company's arbitration clause.
Plaintiffs alleged that DirectToU LLC and Alliance Entertainment LLC shared consumer data with Meta through the Meta Pixel on their websites.
Defendants filed a motion to compel arbitration, citing a clause in the Terms of Use that users had to agree to before making purchases.
Under the FAA, a party may waive its right to arbitration if it acts inconsistently with that right.
Plaintiffs argued that the Defendants had waived their right to arbitration by engaging in discovery and settlement negotiations.
The court considered various factors and determined that the Defendants had not waived their arbitration right.
The court highlighted that the settlement involved the earlier version of the complaint, not the current one.
Companies facing VPPA litigation should carefully craft arbitration clauses to reduce class action risk.
Arbitration clauses are essential but not foolproof, and companies should also be mindful of their litigation strategies.
Crafting valid and enforceable arbitration provisions is crucial to protecting arbitration rights.
Companies must exercise caution to avoid unintentionally forfeiting their arbitration rights.
Valid arbitration clauses can help companies minimize class action risks in the VPPA litigation landscape.

Read Full Article

21 Likes

For uninterrupted reading, download the app