Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Hackersking

10h

100

Image Credit: Hackersking

Unveiling the Truth: Profile View Tracking on Telegram

Telegram is a popular messaging platform known for its privacy, security, speed, and versatility.
Unlike Instagram or WhatsApp, Telegram does not provide a feature to see who viewed your profile.
Third-party apps claiming to offer profile view tracking on Telegram are often scams and pose risks such as data theft, malware, and account suspension.
To enhance privacy on Telegram, users should customize their privacy settings, enable two-step verification, avoid sharing sensitive information, and use secret chats with end-to-end encryption.

Read Full Article

6 Likes

Hackersking

10h

207

Image Credit: Hackersking

Instagram Profile Picture Insights: Possibility to access Old Instagram Profile

Instagram does not publicly provide access to past profile pictures.
Users can access old profile pictures by saving them to their devices or archives.
Avoid using third-party tools as they may compromise account security.
Instagram prioritizes user privacy and promotes a secure and user-friendly experience.

Read Full Article

12 Likes

Securityaffairs

10h

232

Image Credit: Securityaffairs

Cisco addresses a critical privilege escalation bug in Meeting Management

Cisco released security updates to address a critical privilege escalation bug in its Meeting Management.
The vulnerability allows remote, authenticated attackers to gain administrator privileges on affected instances.
The flaw resides in the REST API of Cisco Meeting Management and arises from a lack of proper authorization.
There are no known attacks exploiting this vulnerability in the wild.

Read Full Article

14 Likes

Securityaffairs

12h

354

Image Credit: Securityaffairs

U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator

U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, the creator of the Silk Road, a dark web drug marketplace.
Ulbricht was convicted in 2015 for narcotics and money-laundering conspiracy and was serving a life sentence.
Trump's decision to pardon Ulbricht was based on claims of government overreach in the case.
Silk Road facilitated billions of dollars worth of transactions and generated millions in earnings for Ulbricht.

Read Full Article

21 Likes

Discover more

Qualys

13h

112

Image Credit: Qualys

Oracle Critical Patch Update, January 2025 Security Update Review

Oracle has released the January Critical Patch Update, which includes patches for 318 vulnerabilities.
85% of the patches released in this update are for non-Oracle CVEs.
Security vulnerability patches included Oracle Communications, MySQL and Financial Services Applications.
The Oracle Critical Patch Update addressed vulnerabilities in Oracle Communications, Oracle MySQL, Oracle Financial Services Applications, Oracle GoldenGate, and others.
This update received 10 updates for Oracle Database products.
230 of the 318 security patches are for non-Oracle CVEs, such as open-source components included and exploitable in the context of their Oracle product distributions.
Oracle Communications received the highest number of patches at 85.
Oracle MySQL and Oracle Financial Services Applications followed with 39 and 31 security patches respectively.
Qualys released 12 QIDs that are mentioned in the article.
In the Critical Patch Update for Oracle Communications, 59 vulnerabilities can be exploited over a network without user credentials.

Read Full Article

6 Likes

TroyHunt

15h

334

Image Credit: TroyHunt

You Can't Trust Hackers, and Other Data Breach Verification Tales

A cybersecurity researcher shares his experience of verifying a data breach claim made by a hacker.
The researcher contacted the hacker to verify a data breach incident related to an electronics retailer.
Upon investigation, the researcher found that the provided data sample had common breaches with other incidents.
The hacker's claim was disproved by comparing it to a previous breach, leading to the scammer being exposed.

Read Full Article

20 Likes

Kaspersky

143

Image Credit: Kaspersky

CVE-2025-0411 – vulnerability in 7-Zip | Kaspersky official blog

A vulnerability (CVE-2025-0411) has been discovered in 7-Zip file archiver software allowing attackers to bypass the Mark-of-the-Web protection mechanism.
The vulnerability has a 7.0 CVSS rating and was quickly fixed, but users without automatic updates may still have a vulnerable version.
Attackers can exploit the vulnerability to launch malicious code with user privileges, making it a potential risk in complex attacks.
To stay safe, users are advised to update to version 24.09 or newer and handle files from the internet with caution.

Read Full Article

8 Likes

Hackersking

176

Image Credit: Hackersking

How To Recover Instagram Hacked Account Complete Guide

Instagram has become a target for hackers, but recovering a hacked account is possible.
Step 1: Check for Login Issues - Try logging in, check email notifications, and use the login help option.
Step 2: Recover Your Account - Fill the recovery form on Instagram's official website.
Step 3: Secure Your Account Using the Instagram Support Team - Report the hacked account and follow instructions.
Step 4: Regain Access via Linked Accounts or Devices - Try logging in through Facebook or use saved login info.
Step 5: Recover Access Through Email and Phone - Check original email, use recovery options, and contact email provider if needed.
Step 6: Strengthen Your Account Security - Enable two-factor authentication, review account activity, update email and password, and remove suspicious third-party apps.
In conclusion, following this guide will help you recover your hacked Instagram account and enhance its security.

Read Full Article

10 Likes

Schneier

142

Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024)

The Third Interdisciplinary Workshop on Reimagining Democracy (IWORD 2024) was recently held at Johns Hopkins University's Bloomberg Center.
The workshop aimed to bring together experts from various fields to discuss how democracy can be reimagined in the current era.
The goal was to think broadly and consider how modern technology and evolving conceptions of fairness and equality can shape the future of democracy.
The workshop provided intellectually stimulating discussions, and summaries of the talks can be found in the comments section.

Read Full Article

8 Likes

Securityintelligence

161

Image Credit: Securityintelligence

Taking the fight to the enemy: Cyber persistence strategy gains momentum

The concept of cyber persistence is reshaping global cybersecurity efforts by hunting down and neutralizing threats instead of relying on deterrence and reactive defenses alone.
The new proactive strategy is highlighted in America’s Defend Forward initiative and is being rapidly adopted by its allies.
More nations like the UK, Japan, Canada, and the Netherlands are operationalizing cyber persistence to tackle cyber threats.
Engaging and degrading adversaries’ ability to act is essential to creating a more secure cyberspace, requiring cooperation and coordination among allies.
The LockBit ransomware takedown shows how persistent cyber strategies can neutralize significant threats, using not only technical measures but also psychological operations to erode the support base.
The shift from deterrence to persistence in cyberspace stresses the importance of international cooperation and mutual defense efforts to address complex cyber challenges of the future.
The U.S. and its allies advocate for digital solidarity, building international coalitions to ensure global cooperation towards shared intelligence and mutual defense efforts.
Digital solidarity stands in contrast to digital sovereignty, which emphasizes national control over digital infrastructure and data.
Given the evolution of cyber threats, the persistence approach will likely become indispensable for modern cybersecurity.
The goal is to ensure nations stay ahead of adversaries and secure the future of cyberspace.

Read Full Article

9 Likes

Securityaffairs

21h

Image Credit: Securityaffairs

Pwn2Own Automotive 2025 Day 1: organizers awarded $382,750 for 16 zero-days

Trend Micro’s Zero Day Initiative (ZDI) announced that $382,750 was awarded on Day 1 of Pwn2Own Automotive 2025.
The organizers awarded $382,750 for 16 unique working zero-day exploits targeting infotainment systems, electric vehicle (EV) chargers, and automotive operating systems.
The team fuzzware.io earned $50,000 and 10 Master of Pwn points, while Sina Kheirkhah received the biggest reward of $50,000 and 5 Master of Pwn points.
No attempts were made to demonstrate vulnerabilities in a Tesla vehicle.

Read Full Article

2 Likes

Krebsonsecurity

101

MasterCard DNS Error Went Unnoticed for Years

MasterCard recently corrected a glaring error in its domain name server settings that had persisted for nearly five years; a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.
The misconfiguration occurred on one of MasterCard's core Internet servers that direct traffic for portions of the mastercard.com network, effectively allowing DNS traffic to be intercepted or diverted.
All of the Akamai DNS server names that MasterCard uses are supposed to end in “akam.net” but one of them was misconfigured to rely on the domain “akam.ne”.
Caturegli spent nearly three months waiting for the domain to be secured with the registry in Niger after discovering the misconfiguration which had left MasterCard vulnerable to potential security breaches.
MasterCard acknowledged the mistake and said there was never any real threat to the security of its operations. 'We have looked into the matter and there was not a risk to our systems,” a spokesperson told reporters. “This typo has now been corrected',
Caturegli alerted MasterCard that the domain was theirs if they wanted it, rather than abusing his access, obtaining website encryption certificates or Windows authentication credentials.
Caturegli had hoped MasterCard would feature, or at least cover the cost to buy the domain. He believes that users are relying on public traffic forwarders or DNS resolvers like Cloudflare and Google.
The fundamentally cautionary tale: Don’t dismiss risk, and don’t let your marketing team handle security disclosures.
Registered previously by someone using the email address [email protected], the domain was left to expire in 2018
This is interesting as another typo domain was registered to [email protected] and hosted at the same ISP, Team Internet (AS61969)

Read Full Article

6 Likes

Securityintelligence

Image Credit: Securityintelligence

2024 Cloud Threat Landscape Report: How does cloud security fail?

40% of all data breaches involve data distributed across multiple cloud environments.
The need to maintain a strong security posture in the cloud is exceptionally challenging.
The X-Force Cloud Threat Landscape 2024 report analyses which specific rules are most commonly failing.
In 100% cloud environments, security rules often fail because of misconfiguring assets.
The most commonly failed rule in 100% Cloud-Only environments was configuring essential security and management settings in Linux systems.
For hybrid environments, the most commonly failed rule revolves around authentication and cryptography policies.
Organizations are turning to Ansible automation to confirm that all rules are correctly followed.
Multiple organizations are involved in the cloud environment, and security is a dual responsibility.

Read Full Article

5 Likes

Schneier

AI Will Write Complex Laws

Artificial intelligence is already being used by legislators to write laws using generative AI.
There are projects currently underway in the US House, US Senate and around the world focused on the use of AI in legislative processes.
Demand for increasingly complex legislation is growing, which is leading legislators to rely on more external support to draft bills.
AI could be very useful for legislators in such a context since it can cover more topics simultaneously and work with a higher degree of complexity than humans.
Additionally, AI tools can be used throughout the entire legislative process, from drafting to summarizing bills and answering questions.
The use of AI tools in the legislative process could also make laws clearer and more consistent since AI can detect inconsistencies or ambiguous phrases.
However, oftentimes AI tools in the wrong hands can benefit certain constituencies rather than the broader population, just like human-written laws can be manipulated to benefit special interests.
While AI-written laws may come with certain risks and uncertainties, it’s likely to become more prevalent as legislators turn to it to help them keep pace with the increasing complexity of lawmaking.
AI will have an impact on the balance of power between legislative and executive branches of government, since the elimination of existing tools, such as the Chevron doctrine plan, induces the legislature to exert its control over delegation more robustly.
As for now, this use of AI in legislation will only grow. AI-made legislation is coming and it doesn’t require any changes in legislative procedure or agreement from any rules committee.

Read Full Article

2 Likes

Securityaffairs

305

Image Credit: Securityaffairs

Cloudflare blocked a record-breaking 5.6 Tbps DDoS attack

Cloudflare announced blocking a record-breaking 5.6 Tbps DDoS attack.
The attack occurred on October 29 and lasted for 80 seconds.
The botnet behind the attack consisted of 13,000 IoT devices.
Cloudflare's detection and mitigation were fully automated.

Read Full Article

18 Likes

For uninterrupted reading, download the app