Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Sentinelone

338

Image Credit: Sentinelone

Mothers of SentinelOne Balance Cybersecurity & Parenthood

At SentinelOne, mothers bring valuable skills like multitasking and empathetic leadership to the workplace.
Mothers often face a heavier mental load from managing family tasks, impacting career decisions.
Despite challenges, mothers at SentinelOne excel, bringing motivation and efficiency to their roles.
SentinelOne offers gender-neutral parental leave and flexible work arrangements to support working parents.
The article features stories of three SentinelOne moms navigating cybersecurity careers and motherhood.
Shani returned after maternity leave with SentinelOne's support for flexible work arrangements.
Mona, a lawyer and working mom of two, praises SentinelOne's supportive policies for parents.
LP, a recruiter and mother of two, values the flexibility and trust offered at SentinelOne.
The article highlights the importance of recognizing and supporting mothers in the workplace.
SentinelOne celebrates Mother's Day by showcasing the resilience and leadership of working mothers.

Read Full Article

20 Likes

Securityaffairs

200

Image Credit: Securityaffairs

Ascension reveals personal data of 437,329 patients exposed in cyberattack

A data breach at Ascension, caused by a former partner's compromise, exposed the health information of over 430,000 patients.
The breach disclosed personal and clinical data, including names, contact info, SSNs, and medical visit details, with specific information varying by individual.
Ascension initiated an investigation after learning of the security incident, discovering that patient information was accidentally disclosed to a former business partner, likely leading to data theft.
The healthcare organization is offering two years of free identity monitoring to those affected by the breach and has reported the incident to the U.S. Department of Health & Human Services.

Read Full Article

12 Likes

Securityaffairs

355

Image Credit: Securityaffairs

A cyber attack briefly disrupted South African Airways operations

A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected.
SAA activated disaster and continuity protocols immediately, enabling the resumption of impacted systems on the same day.
Investigation into the cyberattack is ongoing with the assistance of independent digital forensic experts to determine the root cause and full scope of the security breach.
The incident was reported to national authorities for criminal investigation, and steps are being taken to enhance security measures and mitigate potential risks.

Read Full Article

21 Likes

Amazon

301

Image Credit: Amazon

How to manage migration of hsm1.medium CloudHSM clusters to hsm2m.medium

AWS announced the general availability of hsm2m.medium CloudHSM clusters with advanced features compared to hsm1.medium clusters.
hsm1.medium CloudHSM clusters will reach end-of-life on December 1, 2025, prompting migration to hsm2m.medium clusters.
Starting April 2025, AWS will attempt to automatically migrate existing hsm1 clusters to hsm2 with limited-write mode during migration.
Consider automatic migration prerequisites or manage migration manually using options provided based on resources and requirements.
Backup hsm1 data and ensure compatibility with hsm2 instance type, client SDK versions, and deprecated algorithms.
Choose between customer-triggered or customer-managed migration approaches depending on readiness and write operation needs.
For customer-managed migration, create an hsm2 cluster from hsm1 backup, configure for high availability, reconfigure client SDKs, monitor the application, and execute rollback if needed.
Implement blue/green deployment for high availability during migration using load balancer or CloudHSM multi-cluster configuration.
Address different use cases for read-only and create/delete operations during migration, ensuring data synchronization between blue and green clusters.
Rollback strategies involve reconfiguring applications, replicating keys, and syncing between hsm1 and hsm2 clusters based on the migration stage and key creation.

Read Full Article

18 Likes

Discover more

Sentinelone

172

Image Credit: Sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 19

Polish authorities arrested four cybercriminals for operating DDoS-for-hire platforms, leading to the shutdown of six platforms through international efforts.
DDoS-for-hire platforms, disguised as legitimate tools, are used to overwhelm websites by offering easy interfaces for attacks at low costs.
Operation PowerOFF dismantled platforms like Cfxapi and jetstress, marking a significant step against illicit DDoS services.
PowerSchool faces escalated extortion threats targeting individual school districts post-data breach, leading to sensitive data exposure.
The December 2024 breach caused the theft of vast amounts of student and teacher data, affecting over 6,500 school districts globally.
Victims of data breaches, like PowerSchool, face re-extortion risks even after initial ransom payments, as data deletion is not guaranteed.
A global crypto phishing campaign named 'FreeDrain' exploits SEO and free hosting services to drain wallets through phishing sites mimicking legit interfaces.
FreeDrain campaign utilizes spamdexing tactics, AI tools like GPT-4o, and over 38,000 subdomains hosted on cloud services for large-scale crypto theft.
This operation reveals the cybercriminal trend of leveraging AI, cloud services, and social platforms for sophisticated phishing attacks to steal cryptocurrencies.
Free hosting and publishing platforms must enhance abuse detection and collaboration with researchers to combat such large-scale phishing campaigns effectively.

Read Full Article

10 Likes

Sentinelone

294

Image Credit: Sentinelone

Insider Risk Revisited: Espionage, Encryption & Economics

Recent incidents in the private sector and U.S. government have exposed weaknesses in trust, access, and oversight, emphasizing the ongoing threat of insider activity.
The Rippling-Deel case involved corporate espionage through an insider leaking confidential documents using encrypted messaging and disappearing messages.
In the U.S. government's Signalgate incident, sensitive operational details were unintentionally disclosed on a consumer encrypted messaging app.
Both cases underscore the risks of relying on encrypted tools without proper governance, creating blind spots in organizational security.
Insider tactics include using encrypted messaging apps, ephemeral messages, cryptocurrency payments, personal devices, and shell companies.
Economic uncertainties are amplifying insider risks, with financially motivated insider activities becoming more prevalent in shifting economic landscapes.
To mitigate insider threats, organizations need to govern encrypted communications, enhance detection capabilities, and adapt to economic and geographic stress factors.
Insider risk is a persistent threat that organizations must acknowledge, and they need to adjust their controls, culture, and strategies accordingly to combat it effectively.
It is crucial for organizations to treat insider threats seriously, establish robust communication policies, enhance detection mechanisms, and adapt to evolving risk factors.
These incidents highlight the importance of implementing proactive measures to mitigate insider risk and bolster security against potential threats.
Organizations must stay vigilant, continuously reassess their security protocols, and adapt to the evolving landscape of insider threats to safeguard their sensitive information.

Read Full Article

17 Likes

Cybersecurity-Insiders

157

Image Credit: Cybersecurity-Insiders

Your Apps Are Leaking: Understanding and Preventing Mobile Data Exposure

Mobile data leaks pose a significant threat due to misconfigured cloud services or weak cryptographic practices, leading to unintentional exposure of sensitive data.
1.7 billion individuals were impacted by data compromises in 2024, with a financial toll estimated at $280 billion.
Zimperium's zLabs research highlights the widespread prevalence of cloud misconfigurations and cryptographic flaws in enterprise mobile apps.
Data leaks occur when sensitive information is inadvertently accessed, often due to design flaws, misconfigurations, or oversight in app development.
Cloud misconfigurations, observed in 62% of analyzed apps, can lead to unauthorized access to sensitive enterprise data.
Cryptography pitfalls, such as hardcoded keys and outdated algorithms, make encryption ineffective and can expose data to attackers.
The average cost of a data breach is nearly $5 million, with cloud misconfigurations and compromised credentials being common causes.
Organizations should focus on visibility, cloud security checks, implementing cryptographic best practices, and vetting third-party components to enhance mobile data security.
Continuous monitoring, risk assessment, and mobile threat defense solutions are essential for maintaining a strong mobile security posture.
As mobile devices and apps continue to proliferate, organizations must prioritize rigorous app security standards to prevent data leaks.

Read Full Article

9 Likes

Securityaffairs

264

Image Credit: Securityaffairs

SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code

SonicWall addressed three SMA 100 vulnerabilities, including a potential zero-day, that could allow remote code execution if chained.
The vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821) involve file deletion, path traversal, and command injection.
Rapid7 researchers discovered the flaws in April 2025 and demonstrated a full exploit chain leading to root-level remote code execution.
The vulnerabilities have been fixed in version 10.2.1.15-81sv, and it is believed that they may have been exploited in real-world attacks.

Read Full Article

15 Likes

Amazon

386

Image Credit: Amazon

AWS expands Spain’s ENS High certification across 174 services

AWS renews Esquema Nacional de Seguridad (ENS) High certification under latest framework established by Royal Decree 311/2022, showcasing commitment to security standards for Spanish government entities.
ENS framework sets cybersecurity standards for Spain's public sector with three levels (Basic, Medium, and High), requiring stringent security measures.
AWS expands ENS High certification to 174 services, offering enhanced security for Spanish public sector projects and streamlined procurement processes.
Additional ENS High certified services by AWS include Amazon DataZone, AWS AppFabric, AWS Resilience Hub, and AWS User Notifications, catering to data management, application connectivity, resilience management, and user notifications.

Read Full Article

23 Likes

Securityaffairs

194

Image Credit: Securityaffairs

Security Affairs newsletter Round 523 by Pierluigi Paganini – INTERNATIONAL EDITION

437,329 patients' personal data exposed in Ascension cyberattack.
Operation Moonlander dismantles cybercriminal services Anyproxy and 5socks.
SonicWall fixes critical flaws in SMA 100.
NSO Group ordered to pay over $167M to WhatsApp for spyware campaign.

Read Full Article

11 Likes

Securityaffairs

214

Image Credit: Securityaffairs

Google will pay Texas $1.4 billion over its location tracking practices

Google agrees to pay Texas $1.4 billion to settle lawsuits over unauthorized location tracking and facial recognition data retention.
Texas Attorney General reached a $1.375 billion settlement with Google for unlawful tracking of geolocation, incognito searches, and biometric data.
The settlement represents a significant privacy victory for Texans and serves as a warning to companies against violating user trust.
Google denies wrongdoing in the settlement, stating it had already made policy changes and will not alter products as part of the deal.

Read Full Article

12 Likes

Securityaffairs

Image Credit: Securityaffairs

Operation Moonlander dismantled the botnet behind Anyproxy and 5socks cybercriminals services

Operation Moonlander dismantled a 20-year botnet behind Anyproxy and 5socks cybercriminals services and arrested four suspects.
U.S. Justice Department charged Russian and Kazakhstani nationals for maintaining, operating, and profiting from Anyproxy and 5socks services.
The botnet operators enabled cryptocurrency payments and targeted IOT and SOHO devices for malicious activities like ad fraud, DDoS attacks, and brute force attacks.
FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life routers and urged replacing compromised routers or preventing infection by disabling remote admin and rebooting.

Read Full Article

4 Likes

Securityaffairs

133

Image Credit: Securityaffairs

Russia-linked ColdRiver used LostKeys malware in recent attacks

Russia-linked ColdRiver, also known as APT COLDRIVER, has been using LostKeys malware in recent espionage attacks on Western governments and organizations since early 2025.
The ColdRiver APT group primarily targets NATO countries, along with the Baltics, Nordics, and Eastern Europe, including Ukraine, focusing on government officials, military personnel, journalists, and think tanks.
LostKeys malware is deployed through a multi-step chain, starting with a fake CAPTCHA to trick users into running PowerShell scripts. It is capable of stealing files, sending system information to the attacker, and running processes.
Google’s Threat Intelligence Group discovered LostKeys malware in selective ClickFix attacks, with victims being tricked into running malicious PowerShell scripts that led to data theft via VBS payloads. Two additional samples were found dating back to December 2023, leading to uncertainty about their relation to COLDRIVER.

Read Full Article

8 Likes

Qualys

289

Image Credit: Qualys

Inside LockBit: Defense Lessons from the Leaked LockBit Negotiations

The LockBit ransomware gang recently faced a data breach with dark web panels defaced, leading to a MySQL database dump.
The leaked data includes victim negotiation messages and bitcoin addresses from LockBit's affiliate panel.
LockBit has evolved since 2019, releasing versions like LockBit 2.0 and LockBit 3.0 with expanded capabilities.
LockBit operates on an affiliate model, where core developers create ransomware and affiliates execute attacks.
Their attacks involve initial access, lateral movement, data exfiltration, encryption, and ransom note delivery.
Leaked chats indicate LockBit demands ransom payment in Bitcoin and offers discounts for payments in Monero.
The article highlights critical CVEs exploited by LockBit that organizations should prioritize patching or mitigating.
Systems beyond traditional endpoints like Veeam, vCenter, ESXi, NAS devices, and file transfer tools are also targeted by LockBit.
Recommendations include patching known vulnerabilities, securing backup infrastructure, and enforcing strong credentials.
Understanding LockBit's tactics and enhancing security hygiene are crucial to bolster defenses against ransomware threats.

Read Full Article

17 Likes

Securityaffairs

342

Image Credit: Securityaffairs

The LockBit ransomware site was breached, database dump was leaked online

The LockBit ransomware group's dark web site was compromised, leading to the leak of data from the backend infrastructure.
Hackers defaced the dark web site and posted a message along with a link to a dump of the MySQL database containing various data, including victim chat logs and user data.
BleepingComputer analyzed the leaked database, revealing 20 tables with information such as BTC addresses, victim chat logs, and user data with plaintext passwords.
Italian cybersecurity expert Emanuele De Lucia extracted over 60k addresses from the dump, indicating the potential presence of critical data for developing decryption tools. The chat logs showed ransom amounts ranging from $50,000 to $1,500,000.

Read Full Article

20 Likes

For uninterrupted reading, download the app