A naukri.com initiative
Info. Security News News
Securityaffairs
16h
304
Image Credit: Securityaffairs
Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
- Crypto exchange Bybit was the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the company’s offline wallets.
- Bybit’s ETH cold wallet was compromised in the attack that masked the signing interface, allowing threat actors to redirect funds to an unknown address.
- The Bybit hack is the largest cryptocurrency heist ever, surpassing previous ones like Ronin Network ($625M), Poly Network ($611M), and BNB Bridge ($566M).
- The cyber heist is attributed to the Lazarus APT group, known for their advanced methods and previous attacks on banks and cryptocurrency exchanges.
Read Full Article
18 Likes
Cybersecurity-Insiders
2d
89
Image Credit: Cybersecurity-Insiders
Apple backs out of offering Data Security tool to UK customers
- Apple's Advanced Data Protection (ADP) service will no longer be available for new sign-ups in the UK.
- Current users of the service will need to discontinue its use.
- This move follows pressure from the UK government to provide a backdoor to access user data on iCloud.
- The decision suggests that Apple has yielded to the UK government's request for special powers under the Investigatory Powers Act.
Read Full Article
5 Likes
Securityaffairs
2d
280
Image Credit: Securityaffairs
B1ack’s Stash released 1 Million credit cards
- Carding website B1ack’s Stash released a collection of over 1 million unique credit and debit cards.
- The release of free samples aims to attract new customers and gain notoriety in the cybercrime ecosystem.
- The leaked data includes PAN, expiration date, CVV2, personal details, and email address.
- Banking institutions should monitor the dark web to prevent fraudulent activities.
Read Full Article
16 Likes
Kaspersky
2d
176
Image Credit: Kaspersky
What to do if your WhatsApp is hacked: a step-by-step guide | Kaspersky official blog
- WhatsApp accounts are targeted by cybercriminals for various criminal activities like spam distribution and scams.
- Eight signs that your WhatsApp account may be compromised include receiving replies to unsent messages and login verification codes you didn't request.
- Hackers can hijack your account by adding devices through 'Linked devices' or re-registering your account on their device.
- To respond to a hacked WhatsApp account, ensure your SIM card is in your smartphone and follow steps to log out additional devices and re-register your account.
- After regaining control of your account, warn friends and family about potential scam messages sent from your compromised account.
- In case of a restriction or ban due to spam, appeal through the 'Request a review' button and await the removal of restrictions.
- To prevent future hacks, enable two-step verification, never share your PIN or codes, use passkeys for secure logins, and set up a backup email for account recovery.
- It is essential to ensure your devices are malware-free by installing comprehensive security protection.
- Be cautious about SIM swap scams and contact your mobile carrier for additional security measures to safeguard your SIM card.
- Taking these security precautions will help protect your WhatsApp account from being hacked and secure your personal information.
Read Full Article
10 Likes
Socprime
2d
238
Image Credit: Socprime
CVE-2025-20059: Relative Path Traversal Vulnerability in Ping Identity PingAM Java Policy Agent
- A critical relative path traversal vulnerability, CVE-2025-20059, has been identified in Ping Identity PingAM Java Policy Agent.
- The vulnerability allows attackers to inject malicious parameters and spread the infection further.
- The number of registered CVEs surged by 30% in 2024, making proactive detection of vulnerability exploitation a top priority for defenders.
- Organizations are advised to update to the latest software version to mitigate the vulnerability.
Read Full Article
14 Likes
Securityaffairs
2d
203
Image Credit: Securityaffairs
U.S. CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Craft CMS and Palo Alto Networks PAN-OS vulnerabilities to its Known Exploited Vulnerabilities catalog.
- The vulnerabilities are Craft CMS Code Injection Vulnerability (CVE-2025-23209) and Palo Alto Networks PAN-OS File Read Vulnerability (CVE-2025-0111).
- Craft CMS is susceptible to remote code execution due to compromised security keys, while Palo Alto PAN-OS allows authenticated attackers to read files accessible by the 'nobody' user.
- CISA orders federal agencies to address these vulnerabilities by March 13, 2025.
Read Full Article
12 Likes
Securityaffairs
2h
281
Image Credit: Securityaffairs
U.S. CISA adds Microsoft Power Pages flaw to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Microsoft Power Pages vulnerability to its Known Exploited Vulnerabilities catalog.
- CVE-2025-24989 (CVSS score: 8.2) is an improper access control flaw in Power Pages, allowing unauthorized attackers to elevate privileges over a network.
- Microsoft has confirmed the active exploitation of the vulnerability and has provided instructions for affected customers on reviewing and cleaning up their sites.
- CISA has ordered federal agencies to fix this vulnerability by March 21, 2025.
Read Full Article
16 Likes
Securityaffairs
4h
330
Image Credit: Securityaffairs
Security Affairs newsletter Round 512 by Pierluigi Paganini – INTERNATIONAL EDITION
- Lazarus APT stole $1.5B from Bybit, it is the largest cryptocurrency heist ever
- Apple removes iCloud encryption in UK following backdoor demand
- US CISA adds Craft CMS and Palo Alto Networks PAN-OS flaws to its Known Exploited Vulnerabilities catalog
- Atlassian fixed critical flaws in Confluence and CrowdSalt
Read Full Article
19 Likes
Medium
1d
210
GRC, InfoSec, Privacy & AI Frameworks: A High-Level Overview
- ISO 27001 is the gold standard for Information Security Management Systems (ISMS) which ensures a structured approach to security policies, risk management, and continuous improvement.
- NIST Cybersecurity Framework (CSF) is a widely used risk-based security framework that consists of five core functions: Identify, Protect, Detect, Respond, and Recover.
- COBIT focuses on IT governance, risk management, and aligning IT with business objectives.
- Several other frameworks and regulations include SOC 1, SOC 2, SOC 3, CSA STAR, PCI-DSS, CIS Controls, MITRE ATT&CK, ISO 22301, FISMA, NERC-CIP, FedRAMP, GDPR, CCPA, HIPAA, GLBA, SOX, ISO 27701, NIST Privacy Framework, DPDPO, EU AI Act, NIST AI Risk Management Framework, OECD AI Principles, ISO/IEC 42001, AI Ethics Guidelines by IEEE, and Singapore AI Governance Framework.
Read Full Article
12 Likes
Securityaffairs
1d
109
Image Credit: Securityaffairs
Apple removes iCloud encryption in UK following backdoor demand
- Apple removed iCloud’s Advanced Data Protection in the UK after the government requested encryption backdoor access.
- The UK demanded Apple to create a backdoor to access any iCloud backups, raising concerns about user privacy.
- Apple announced that the Advanced Data Protection feature is no longer available in the UK for new users.
- Existing ADP users must manually disable it, as Apple cannot do so automatically.
Read Full Article
6 Likes
Amazon
1d
81
Image Credit: Amazon
From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic
- Organizations are focusing on outbound traffic controls, particularly domain-based allowlisting, to enhance security against potential vulnerabilities in third-party dependencies.
- AWS Network Firewall automated domain lists improve visibility and simplify outbound traffic control management by automating firewall log analysis.
- Automated domain lists help create rules based on network traffic patterns, enhancing security awareness and rule effectiveness.
- Domain-based security enables control of network traffic based on domain names, providing a more intuitive approach than IP-based rules.
- Automated domain lists in AWS Network Firewall assist in preventive and detective security controls, rule audit, compliance, and incident response support.
- Operational benefits include initial firewall setup, application modernization support, and cross-environment consistency in rule management.
- To use automated domain lists in AWS Network Firewall, enable traffic analysis mode, create domain reports, review report details, and optionally create domain list rule groups.
- Best practices for implementing domain allowlists include starting with generous allowlisting, making iterative improvements, setting up robust logging, and considering additional operational considerations.
- Automated domain lists feature works by analyzing HTTP/HTTPS traffic, generating domain reports, and aiding in the creation of domain-based rules for network security.
- AWS Network Firewall's automated domain lists streamline firewall management, help in rule optimization based on traffic behavior, and enhance security posture with less manual effort.
- Feedback on the post can be submitted in the Comments section, and further questions can be directed to the AWS Network Firewall forum or AWS Support.
Read Full Article
4 Likes
Schneier
2d
202
Implementing Cryptography in AI Systems
- Researchers have presented a theory on how to securely implement cryptography in deep neural networks (DNNs).
- The challenge lies in the discrepancy between the discrete computational model of cryptographic primitives and the continuous computational model of DNNs.
- The researchers demonstrated that natural implementations of block ciphers as DNNs can be broken, but they also developed a new method for implementing cryptographic functionality in a provably secure and correct way.
- Their protective technique introduces a low overhead and is practical for implementation.
Read Full Article
12 Likes
Securityaffairs
2d
74
Image Credit: Securityaffairs
Atlassian fixed critical flaws in Confluence and Crowd
- Atlassian has patched 12 critical and high-severity vulnerabilities in its software products.
- The most severe vulnerabilities include remote code execution flaws and broken authentication and session management issues.
- The vulnerabilities affect Bamboo, Bitbucket, Confluence, Crowd, and Jira.
- Atlassian did not disclose whether the flaws have been exploited.
Read Full Article
4 Likes
Securityaffairs
2d
284
Image Credit: Securityaffairs
Salt Typhoon used custom malware JumbledPath to spy U.S. telecom providers
- China-linked APT group Salt Typhoon utilizes custom malware JumbledPath to spy on U.S. telecom providers, as reported by Cisco Talos researchers.
- The APT group has been active since at least 2019, targeting government entities and telecom companies globally.
- Salt Typhoon exploited Cisco vulnerabilities, breached U.S. telecom networks, and utilized GRE tunnels for data exfiltration.
- Stolen credentials, network config captures, and intercepted traffic were used by Salt Typhoon for further access inside networks.
- The group manipulated network settings, used JumbledPath tool for packet capture, and attempted evasion techniques.
- In December 2024, Salt Typhoon targeted a Myanmar-based telecom provider, with IOCs and mitigation recommendations provided in the report.
- The group also compromised Charter Communications and Windstream, exploiting vulnerabilities in major network device vendors.
- Salt Typhoon breached a ninth U.S. telecom as part of a global cyberespionage campaign aimed at telco firms, confirmed by a White House official.
- President Biden's national security adviser disclosed breaches in telecommunications companies globally by the China-linked APT group.
- Lumen, AT&T, and Verizon reported securing networks post-cyberespionage attempts by Salt Typhoon, active for 1-2 years targeting telcos worldwide.
Read Full Article
17 Likes
Kaspersky
2d
154
Image Credit: Kaspersky
The complete story of the 2024 ransomware attack on UnitedHealth
- UnitedHealth Group, a major health-insurance company, was hit by a ransomware attack in 2024, causing significant disruptions.
- The attack targeted Change Healthcare, a platform acquired by UnitedHealth, impacting insurance claims processing.
- Recovery efforts took months, with some systems remaining partially available even a year later.
- The attackers bypassed two-factor authentication on the Citrix portal to initiate the attack.
- UnitedHealth Group paid a $22 million ransom to the BlackCat/ALPHV gang, leading to further complications.
- The cybercriminals claimed to have stolen extensive sensitive data, including medical records and financial documents.
- The financial losses for UnitedHealth from the breach were estimated at over $3 billion by the end of the year.
- Initial estimates of affected individuals at 100 million later rose to 190 million, revealing the massive impact of the breach.
- Lessons from the attack include the critical need for two-factor authentication and robust cybersecurity practices.
- Companies are advised to implement multilayered defenses, raise employee awareness, and engage external threat-hunting services.
Read Full Article
9 Likes
For uninterrupted reading, download the app