Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

TechCrunch

582

Image Credit: TechCrunch

Wiz CEO explains why he turned down a $23 billion deal

Assaf Rappaport, CEO of Wiz, explains why he turned down a $23 billion deal from Google.
Rappaport believes Wiz can become a $100 billion company in the future as cloud security is the future.
The decision was made by the founders, considering the company's investors and employees.
Wiz aims to double its $500 million annual recurring revenue and plans for an IPO in the future.

Read Full Article

4 Likes

Amazon

354

Image Credit: Amazon

Adding threat detection to custom authentication flow with Amazon Cognito advanced security features

Amazon Cognito is a customer identity and access management (CIAM) service that streamlines the process of building secure, scalable, and user-friendly authentication solutions.
Amazon Cognito supports custom authentication flows, which can be used to implement passwordless authentication for users or to require users to solve a CAPTCHA or answer a security question before being allowed to authenticate.
Amazon Cognito advanced security provides a suite of powerful features designed to detect risks and allows users to take action to protect user accounts.
Passwordless authentication offers an improved user experience, while enhancing overall system security by leveraging strong custom factors.
Threat detection can be combined with passwordless authentication using the advanced security features of Amazon Cognito, making your application more secure while providing a seamless authentication experience to users.
Amazon Cognito advanced security now supports custom authentication flows to provide additional threat detection capabilities, including passwordless authentication.
Risk detection and adaptive authentication can be enabled to improve the security of custom authentication factors.
The custom authentication flow includes Define Auth Challenge Lambda function, Create Auth Challenge Lambda function, Verify Auth Challenge Response Lambda function, and advanced security risk detection.
To configure advanced security for custom authentication flow, set up passwordless authentication with Amazon Cognito and WebAuthn, then go to the AWS Management Console for Amazon Cognito and configure advanced security features for your passwordless authentication flow.
Test the configuration, sign in from multiple devices and locations. Amazon Cognito will calculate risk and take action based on your configuration.

Read Full Article

21 Likes

Securityaffairs

332

Image Credit: Securityaffairs

France’s second-largest telecoms provider Free suffered a cyber attack

French telecoms provider Free discloses a cyber attack where threat actors had access to customer personal information.
The attack targeted a management tool, leading to unauthorized access to some subscriber accounts.
No passwords, bank cards, or communication content were compromised in the attack.
Free has taken immediate measures to mitigate the security breach and has filed a criminal complaint.

Read Full Article

20 Likes

Amazon

Image Credit: Amazon

Spring 2024 PCI DSS and 3DS compliance packages available now

Amazon Web Services (AWS) has expanded its Payment Card Industry Data Security Standard (PCI DSS) and Payment Card Industry Three Domain Secure (PCI 3DS) compliance packages.
The three new AWS services included in the compliance packages are Amazon DataZone, Amazon DevOps Guru, and Amazon Managed Grafana.
The compliance packages consist of an Attestation of Compliance report and an AWS Responsibility Summary.
AWS customers can access the Attestation of Compliance report through AWS Artifact.

Read Full Article

4 Likes

Discover more

Amazon

164

Image Credit: Amazon

How to implement trusted identity propagation for applications protected by Amazon Cognito

AWS IAM Identity Center adds trusted identity propagation to create identity-enhanced IAM role sessions for accessing AWS services
Trusted identity propagation enables AWS services to grant access to users and groups belonging to IAM Identity Center instead of relying solely on IAM role permissions
OAuth 2.0 protocol is used to exchange user information in these feature sets
This post covers how to use Amazon Cognito user pool as a trusted token issuer for IAM Identity Center
IAM Identity Center as a federated identity provider for a Cognito user pool can provide seamless authentication flow for IAM Identity Center custom applications
The SAML integration between IAM Identity Center and Amazon Cognito is useful when your source of identity is IAM Identity Center
This post demonstrates how to authenticate Cognito users with IAM Identity Center to ensure that users are authenticating using the correct mechanisms and policies
Using Amazon Cognito as a trusted token issuer is useful when your application is already secured with a user pool
Feedback about this article can be submitted in the Comments section below.
Author of this article is Joseph de Clerck, Senior Cloud Infrastructure Architect at AWS

Read Full Article

9 Likes

Hackersking

250

Image Credit: Hackersking

Local Area Network (LAN) TO Wide Area Network (WAN): Expose Your Local Host To Internet

There is a tool called 'Host' that makes it easy to expose your local host to the Internet while testing new things on your Linux system.
The tool offers 4 different tunneling options: Localhost (127.0.0.1), Ngrok, Cloudflared, and LocalXpose.
To set up and use the tool, you need to clone the repository and run the 'host.sh' script.
The tool is designed for beginners and eliminates the need for remembering or typing lengthy commands.

Read Full Article

15 Likes

Securityaffairs

Image Credit: Securityaffairs

A crime ring compromised Italian state databases reselling stolen info

Italian police have arrested four individuals and are investigating dozens, including Leonardo Maria Del Vecchio, for unauthorized access to state databases.
Charges include criminal conspiracy, illegal interception, falsification of electronic communications, disclosure of confidential information, aiding and abetting, and extortion.
The criminal ring allegedly collected a large amount of sensitive data and offered it to customers for various purposes, potentially including spying and blackmail.
Investigators suspect that foreign intelligence agencies may have also accessed the stolen data.

Read Full Article

1 Like

Kaspersky

294

Image Credit: Kaspersky

How to track Kia car owners online | Kaspersky official blog

Security researchers discovered a vulnerability in Kia's web portal that allowed cars to be hacked remotely and their owners tracked.
The vulnerability allowed anyone to register as a car dealer with access to owner's data using just the vehicle's VIN number.
An experimental app was developed to take control of any Kia vehicle by entering its license plate number, enabling functions like location tracking, door locking/unlocking, engine start/stop, and horn honking.
The researchers responsibly disclosed the vulnerability to Kia and published their findings after it was fixed, but anticipate discovering more vulnerabilities in the future.

Read Full Article

17 Likes

Socprime

229

Image Credit: Socprime

CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks

Cybersecurity researchers have disclosed a critical FortiManager API vulnerability, CVE-2024-47575, that has been exploited in zero-day attacks.
The vulnerability allows attackers to execute arbitrary code or commands and steal sensitive files containing configurations, IP addresses, and credentials.
A new threat actor, UNC5820, has been linked to the exploitation of this vulnerability.
To detect exploitation attempts, organizations can use the SOC Prime Platform or the dedicated Sigma rule.

Read Full Article

13 Likes

Securityaffairs

363

Image Credit: Securityaffairs

Black Basta affiliates used Microsoft Teams in recent attacks

ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks.
Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access.
Threat actors flood employee inboxes with emails, then impersonate IT support on Microsoft Teams to offer help.
Attackers send QR codes in chats as part of Quishing attempts.

Read Full Article

21 Likes

Hackersking

402

Image Credit: Hackersking

Social Analyzer - API, CLI, and Web App for analyzing & finding Online Identity

Social Analyzer is an API, CLI, and Web App for analyzing and finding a person's profile across +1000 social media and websites.
The tool includes different analysis and detection modules, allowing users to choose which modules to use during the investigation process.
It utilizes a rating mechanism to provide a rate value based on detection techniques, helping to identify suspicious or malicious activities online.
Social Analyzer can be set up as a Web App or CLI, offering a wide range of features such as string and name analysis, multi-profile search, metadata extraction, custom search queries, and more.

Read Full Article

24 Likes

Securityaffairs

425

Image Credit: Securityaffairs

Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION

Chinese cyber spies targeted phones used by Trump and Vance
Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement
Change Healthcare data breach impacted over 100 million people
OnePoint Patient Care data breach impacted 795916 individuals

Read Full Article

25 Likes

Hackersking

Image Credit: Hackersking

Get Existing Accounts From Email OSINT Tool Eyes

Eyes is an open-source intelligence (OSINT) tool used to find existing accounts based on an email address.
It offers features like full async and asynchronous scraping, as well as modules for facial recognition.
To use Eyes, you can clone the GitHub repository, install the requirements, and execute the tool with the target email.
The tool provides information on the target email using various modules and services.

Read Full Article

2 Likes

Tech Story

208

Apple Announces $1 Million Bug Bounty to Strengthen AI Privacy System Security

Apple has announced a $1 million bug bounty program to strengthen the security of its artificial intelligence (AI) privacy systems.
The bug bounty program aims to find vulnerabilities in Apple's AI systems, including Face ID and Siri.
Apple invites researchers to investigate vulnerabilities in various operating systems and offers different levels of payouts based on the importance of the discoveries.
The bug bounty program promotes collaboration with the cybersecurity community and demonstrates Apple's commitment to user privacy and transparency.

Read Full Article

12 Likes

Securityaffairs

Image Credit: Securityaffairs

Chinese cyber spies targeted phones used by Trump and Vance

China-linked threat actors targeted the phone communications of Donald Trump and vice presidential nominee JD Vance.
US intelligence is investigating the claims to determine what communications were eavesdropped by the cyberspies.
The information on phones used by the two politicians is a gold mine for foreign intelligence agencies.
Chinese cyber spies also targeted people affiliated with the Harris-Walz campaign and senior Biden administration officials.

Read Full Article

5 Likes

For uninterrupted reading, download the app