Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

TechBullion

Image Credit: TechBullion

Beware the Blind Spots: The Overlooked Vulnerabilities Endangering Your Data Security

Organizations invest millions in vast security infrastructures, but data breaches are still occurring, declaring that security systems are outdated and riddled with blind spots so glaring that cybercriminals are walking right through them.
Current encryption solutions often assumed to provide continuous data protection do not, leaving gaps in protection when data is in use or moving between stages in the lifecycle.
Other methods of protecting data designed to cover the gaps that traditional encryption leaves exposed are suitable for specific use case scenarios but do not assure data security throughout its lifecycle.
Confidential computing is another data protection method but has inherent performance overheads, given its complex hardware and integration requirements. More importantly, secure enclaves can be breached.
Data access control and monitoring solutions are inadequate to address today's attacks, such as limiting access controls' granularity in permission and restricting monitoring tools to IT users, creating data silos and hindering cross-team collaboration.
Thorough data protection requires data to be encrypted during its entire lifecycle. What businesses need is continuous encryption – Fully Homomorphic Encryption (FHE), a game-changing technology, often considered the holy grail of data protection.
FHE can protect data from even the most sophisticated threats, closing the dangerous data gaps left by data-in-transit and data-at-rest encryption. If companies aren't continuously encrypting data, they have encryption gaps.
FHE has traditionally been hindered by excessive computational costs, but recent breakthroughs make it performant, massively scalable, and a viable solution for businesses, and they no longer have to choose between security and utility.
The blind spots in data security are real and can be costly. It's time to wake-up, face the threat head-on, and embrace the advanced encryption technologies that will genuinely secure the future.

Read Full Article

3 Likes

Kaspersky

11h

114

Image Credit: Kaspersky

How to prevent company from getting hacked again | Kaspersky official blog

After identifying and containing a cyberattack, the vital aspect that follows is to learn from the experience to prevent any similar incident in the future. The incident analysis should involve the entire organization's stakeholders, including the IT and security teams, senior management, third-party vendors, etc.
Striving for maximum transparency in response is important, and specific details of the attack and response should be shared with a trusted circle in the cybersecurity field who can help others prevent similar attacks.
Post-incident analysis provides an opportunity for deeper insights into the attack. It's necessary to document the answers meticulously using factual data to build a comprehensive and detailed picture, allowing for a collective evaluation of the response steps' effectiveness.
A holistic approach enables assessing the security landscape's flaws that enabled the incident and identifying strengths and weaknesses. Human error and behavioral factors warrant special attention to identifying measures to mitigate or balance their impact on the organization.
Developing effective, realistic steps to address weaknesses within resource constraints is the most creative and organizationally challenging phase of the incident review. Several aspects should be considered in the plan: IT asset map update, detection and response technologies enhancements, processes and policies revisiting, etc.
All measures listed above will enhance cybersecurity resilience, and readiness for incidents on the organization's part. But to be sure of the result, cybersecurity exercises, penetration testing, or red teaming can validate their effectiveness.
Implementing all the improvements and updated security measures can be a lengthy, phased process, so regular meetings with all involved parties are necessary.
Exploring further security enhancements, committing to agreed-upon metrics, and milestones to track progress effectively, all play a vital role in cybersecurity resilience.

Read Full Article

6 Likes

Hackingblogs

13h

268

Image Credit: Hackingblogs

Microsoft Zero Day Vulnerability Will Let An Attacker Get Into User’s PC And Exploit Local Privilege Escalation

A recently discovered zero-day vulnerability in Microsoft allows attackers to exploit local privilege escalation (LPE) to gain control of a victim's computer system.
The vulnerability, identified as CVE-2017-0263, was promptly patched by Microsoft after being disclosed by Positive Technologies.
By successfully exploiting the vulnerability, attackers could obtain system privileges and execute arbitrary code in kernel mode, potentially leading to unauthorized access and control over critical system components.
The affected systems range from Windows Server versions to various Windows 10 and Windows 11 editions, highlighting the need for users to install the necessary updates to protect against this vulnerability.

Read Full Article

16 Likes

Securityaffairs

308

Image Credit: Securityaffairs

Ahold Delhaize experienced a cyber incident affecting several of its U.S. brands

A cyber attack affected Ahold Delhaize USA brands, disrupting Giant Food, Hannaford, their pharmacies, and e-commerce services.
Ahold Delhaize is a multinational retail and wholesale holding company that operates supermarkets and ecommerce sites in the US.
The cyber incident was detected on November 8, 2024, and security teams are investigating with the help of external cybersecurity experts.
Ahold Delhaize USA confirmed that all its brand stores remain open and continue serving customers.

Read Full Article

18 Likes

Discover more

TechCrunch

329

Image Credit: TechCrunch

Snowflake hackers identified and charged with stealing 50 billion AT&T records

Two hackers, Connor Moucka and John Binns, have been identified and charged with stealing around 50 billion customer call and text records from AT&T.
The stolen records were taken from AT&T's systems hosted on Snowflake, a provider of cloud services for data analysis.
The indictment reveals that the hackers accessed billions of sensitive customer records and successfully extorted at least three victims.
AT&T is one of several companies who had sensitive data stolen from their Snowflake instances, making these Snowflake-related breaches some of the worst cyberattacks of the year.

Read Full Article

19 Likes

Socprime

130

Image Credit: Socprime

Interlock Ransomware Detection: High-Profile and Double-Extortion Attacks Using a New Ransomware Variant

Adversaries employ new Interlock ransomware in big-game hunting and double-extortion attacks.
Interlock ransomware variant targets organizations globally in various sectors.
Interlock ransomware operators maintain a data leak site and exploit unpatched vulnerabilities.
Interlock ransomware encrypts files and demands ransom under threat of data leakage.

Read Full Article

7 Likes

Securityaffairs

Image Credit: Securityaffairs

China’s Volt Typhoon botnet has re-emerged

The China-linked Volt Typhoon’s botnet has resurfaced using the same infrastructure and techniques, per SecurityScorecard researchers.
In May 2023, Microsoft reported that the Volt Typhoon APT infiltrated critical infrastructure organizations in the U.S. and Guam without being detected.
The Volt Typhoon group has been active since at least mid-2021 it carried out cyber operations against critical infrastructure.
The APT group is using almost exclusively living-off-the-land techniques and hands-on-keyboard activity to evade detection.
In December 2023, the Black Lotus Labs team at Lumen Technologies linked a small office/home office (SOHO) router botnet, tracked as KV-Botnet to the operations of China-linked threat actor Volt Typhoon.
At the end of 2023, the U.S. government neutralized the Volt Typhoon botnet taking over its C2 and deleting the bot from infected devices.
In February, the Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assessed that People’s Republic of China (PRC) state-sponsored cyber actors warned that the APT group had been pre-positioning itself on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure.
In August 2023, Volt Typhoon exploited a zero-day vulnerability, tracked as CVE-2024-39717, in Versa Director, to deploy a custom webshell on breached networks.
Now SecurityScorecard warned that the botnet is back, it is composed of compromised Netgear ProSafe, Cisco RV320/325 and Mikrotik networking devices.
While Volt Typhoon doesn’t use ransomware, its ecosystem benefits from Ransomware-as-a-Service (RaaS), where ransom payments fund advanced tools, escalating attack risks, especially through third-party and cloud dependencies.

Read Full Article

4 Likes

Securityintelligence

15h

Image Credit: Securityintelligence

Adversarial advantage: Using nation-state threat analysis to strengthen U.S. cybersecurity

Nation-state attackers are changing their approach, pivoting from data destruction to prioritizing stealth and espionage, as they pose a critical threat to United States infrastructure and protected data.
Thankfully, there’s an upside to these malicious efforts: information. By analyzing nation-state tactics, government agencies and private enterprises are better prepared to track, manage and mitigate these attacks.
The Cybersecurity & Infrastructure Security Agency (CISA) identifies four prolific nation-state actors: The Chinese government, the Russian government, the North Korean government and the Iranian government.
According to CISA’s associate director for threat hunting, Jermaine Roebuck, these actors use various methods to compromise security and gain access to victim networks. These include phishing, use of stolen credentials and exploiting unpatched vulnerabilities and/or security misconfigurations.
By understanding the techniques and tactics used by threat actors, organizations are better prepared to allocate limited security resources where they will be most effective.
While the actions of each nation-state offer protective insight for American cybersecurity, there’s another component in effective defense: getting back to basics. These approaches aren’t mutually exclusive, as government agencies need to identify and dismantle disinformation campaigns.
Other CISA recommendations include implementing strong authentication, regularly updating and patching systems, educating employees on recognizing phishing attempts, and using antivirus and anti-malware solutions.
Roebuck also recommends that businesses establish centralized log management and regularly review these logs for suspicious activity.
Remote access has become commonplace as organizations embrace the need for agile operations. By using secure configurations for remote services and limiting access to trusted IP addresses, enterprises can minimize remote access risks.
Ultimately, Roebuck’s security advice is straightforward: “To protect against the increased prevalence of malicious actors, implement and maintain an effective solution to detect intrusions and evict attackers as quickly as possible.“

Read Full Article

2 Likes

Krebsonsecurity

Microsoft Patch Tuesday, November 2024 Edition

Microsoft released updates to fix at least 89 security vulnerabilities in Windows operating systems and other software.
The patch batch includes fixes for two zero-day vulnerabilities, as well as two other publicly disclosed flaws.
One of the zero-day flaws allows privilege escalation through the Windows Task Scheduler, while the other enables spoofing of Net-NTLMv2 hashes.
Other notable vulnerabilities include an elevation of privilege flaw in Active Directory Certificate Services, a spoofing vulnerability in Microsoft Exchange Server, and remote code execution vulnerabilities in Windows Kerberos, .NET, and Visual Studio.

Read Full Article

Pymnts

357

Image Credit: Pymnts

CISO’s Role in Payments Starts With Risk Mitigation

The role of the chief information security officer (CISO) is central in protecting financial transactions and mitigating payments risk in digital payments.
Testing and expertise of the CISO aid in securing sensitive financial data, preventing fraud, and ensuring compliance with industry regulations.
Tokenization, replacing sensitive data with unique identifiers, is considered the future of cybersecurity and builds consumer trust.
CISOs are responsible for managing third-party risks, educating employees and customers, and continuously evolving the security playbook in the ever-expanding digital payments landscape.

Read Full Article

21 Likes

Amazon

Image Credit: Amazon

Discover duplicate AWS Config rules for streamlined compliance

AWS Config continuously audits, assesses, and evaluates the configurations of your AWS
AWS Config rules continuously evaluate your AWS resource configurations for desired settings.
In this post, we introduce our Duplicate Rule Detection tool, built to help customers identify duplicate AWS Config rules and sources.
This serverless solution collects the current active AWS Config rules and identifies duplicates based on identical sources, scopes, input parameters, and states.
Some options you can take to resolve duplicate AWS Config rules include: If conformance packs were deployed from AWS Systems Manager Quick Setup
After the assessment is complete and duplicate rules are identified, you can work to consolidate rules and resolve duplicates.
AWS Config provides a dashboard to view resources, rules, conformance packs, and their compliance states.
For AWS customers, it’s critical to understand the compliance of resources as it relates to specific rules—such as default encryption settings or making sure that network connections are encrypted.
This post provides a solution to assess the currently deployed AWS Config rules in a single AWS account and Region to identify when duplicate rules exist.
This approach will help to optimize your compliance posture by reducing complexity and eliminating unnecessary redundancy.

Read Full Article

1 Like

Qualys

142

Image Credit: Qualys

Microsoft and Adobe Patch Tuesday, November 2024 Security Update Review

Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide.
This month’s updates also included one Defense in Depth update for Microsoft SharePoint Server.
In this month’s updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited in the wild.
Adobe has released eight security advisories to address 48 vulnerabilities in Adobe Bridge, Adobe Audition, Adobe After Effects, Substance 3D Painter, Adobe Illustrator, Adobe InDesign, Adobe Photoshop, and Adobe Commerce.
Microsoft has fixed several flaws in multiple software, including Spoofing, Denial of Service (DoS), Elevation of Privilege (EoP), Information Disclosure, Security Feature Bypass, and Remote Code Execution (RCE).
This month’s release notes cover multiple Microsoft product families and products/versions affected, including, but not limited to, Windows Package Library Manager, SQL Server, Microsoft Virtual Hard Drive, Windows SMBv3 Client/Server, Windows USB Video Driver, Microsoft Windows DNS, Windows NTLM, Windows Registry, .NET and Visual Studio, Windows Update Stack.
Successful exploitation of these vulnerabilities may lead to arbitrary code execution.
Microsoft has addressed three vulnerabilities in Microsoft Edge (Chromium-based) in this month’s updates.
Microsoft has released its November 2024 Patch Tuesday updates, targeting various vulnerabilities that could impact users and organizations worldwide.
The Qualys Research team hosts a monthly webinar series to help our existing customers leverage the seamless integration between Qualys Vulnerability Management Detection Response (VMDR) and Qualys Patch Management.

Read Full Article

8 Likes

Tech Story

Amazon Confirms Data Breach Exposing Employee Phone Numbers and Sensitive Information

Amazon recently acknowledged a data breach in which private employee data, including phone numbers and other personal information, was made public.
The breach has raised concerns about data security and employee privacy, casting doubt on Amazon’s data security protocols.
Amazon is investigating the hack and working with law enforcement to determine how attackers obtained the data.
The incident highlights the need for improved data protection measures and employee awareness in big corporations.

Read Full Article

2 Likes

Securityaffairs

107

Image Credit: Securityaffairs

A cyberattack on payment systems blocked cards readers across stores and gas stations in Israel

A cyberattack in Israel disrupted credit card readers across stores and gas stations.
The attack was a DDoS attack that targeted the company responsible for the operations of the devices.
The attack lasted for an hour but was mitigated, and no personal or financial data was compromised.
The attack is believed to be linked to ongoing military operations, and an Iran-linked hacker group claimed responsibility.

Read Full Article

6 Likes

Metaoption

111

Image Credit: Metaoption

Why Automation is the Future of Document Management

Automation is revolutionizing document management, offering numerous benefits such as increased efficiency and improved accuracy.
Automated document management systems eliminate manual tasks, reduce errors, and enhance overall productivity.
The future of document management includes emerging technologies like AI and ML, which further optimize workflows and enhance accuracy.
MetaDocs is a robust document management platform that streamlines knowledge sharing, document creation, collaboration, and workflow automation.

Read Full Article

6 Likes

For uninterrupted reading, download the app