Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Infoblox

Image Credit: Infoblox

Muddling Malspam: The Use of Spoofed Domains in Malicious Spam

Spoofing emails are a common tactic among threat actors to make emails appear legitimate.
Infoblox Threat Intel discovered a group named Muddling Meerkat conducting DNS operations in China.
The threat actors behind Muddling Meerkat used domain spoofing to evade security safeguards.
Infoblox Threat Intel used home-grown telemetry and community feedback to investigate Muddling Meerkat.
QR code phishing campaigns were the largest group of malspam that targeted Chinese email recipients.
Japanese phishing campaigns were another sizable percentage of collected spam that targeted Japanese users.
Domain spoofing, fake domains, and TDSs were used to evade detection by these Chinese actors.
Extortion emails are still common, and they contain domain spoofing to make them appear more legitimate.
Mysterious Malspam is a spam campaign with spoofed sender domains and benign Excel spreadsheet attachments.
Domain spoofing is a widely used tactic among threat actors to evade security safeguards.

Read Full Article

3 Likes

Hackingblogs

Image Credit: Hackingblogs

Do You Want To Access What the Government Stop You From, Use Tor’s New Webtunnel

The Tor Project’s Anti-Censorship Team launched WebTunnel, a new bridge designed to improve access to the Tor network for users in areas with strict internet censorship.
WebTunnel works by covering data in an HTTPS connection that resembles a WebSocket, making it difficult to detect and block by censorship systems.
To set up WebTunnel, users need to obtain bridge lines from the provided link and add them manually in the Tor browser's connection settings.
WebTunnel bridges are incompatible with older versions of the Tor browser, and users should report any issues or strange behavior encountered while using WebTunnel.

Read Full Article

3 Likes

Socprime

Image Credit: Socprime

EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East

A new variant of the Eagerbee malware, known as EAGERBEE backdoor, is posing a growing threat to organizations in the Middle East.
The malware primarily targets Internet Service Providers (ISPs) and state agencies in the region.
The enhanced EAGERBEE backdoor variant demonstrates advanced offensive capabilities, including deploying payloads, scanning file systems, and executing command shells.
To detect and mitigate EAGERBEE malware infections, SOC Prime Platform offers a comprehensive collection of detection algorithms and advanced threat detection tools.

Read Full Article

4 Likes

Hackersking

111

Image Credit: Hackersking

An Insight on Whatsapp Call Crash Bug

WhatsApp Call Crash Bug is a notable bug that disrupts the WhatsApp process during or after calls.
The bug causes app crashes, unresponsiveness, and device hang.
Common causes of the bug include outdated app versions, network issues, malicious exploits, and device-specific problems.
WhatsApp responds to the bug by providing emergency patches, bug bounty programs, and regular communication with users.

Read Full Article

6 Likes

Discover more

Hackersking

408

Image Credit: Hackersking

How Hacker's hack Android Devices

Android devices are popular among users due to affordability and flexibility.
Hackers use techniques like phishing, malware, public Wi-Fi exploitation, exploiting outdated software, and physical access to hack Android devices.
Safety measures include avoiding unknown links, downloading apps from trusted sources, using VPN on public networks, keeping software updated, using strong passwords and biometrics, disabling USB debugging, and installing antivirus programs.
If an Android device is hacked, steps include turning off internet, uninstalling suspicious apps, running malware check, performing factory reset, and changing passwords.

Read Full Article

24 Likes

Securityintelligence

292

Image Credit: Securityintelligence

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

IBM's X-Force team released the Cloud Threat Landscape Report for 2024, highlighting the decrease in mentions of Software-as-a-Service (SaaS) platforms on dark web marketplaces.
The average decrease in SaaS mentions was 20.4% year-over-year, with WordPress-Admin declining by 98% and Microsoft Active Directory and ServiceNow seeing declines of 44% and 38% respectively.
The decrease in SaaS mentions is attributed to the sophistication of modern cybersecurity solutions and the takedown of Raccoon Stealer, a widely used infostealer malware in the dark web.
While the decline in SaaS mentions is positive, organizations are advised to maintain proactive security measures and conduct comprehensive security testing to mitigate risks of system compromise.

Read Full Article

17 Likes

Securityaffairs

185

Image Credit: Securityaffairs

Meta replaces fact-checking with community notes post ‘Cultural Tipping Point’

Meta is replacing its fact-checking program with a 'community notes' system, citing a shift in moderation strategy after a 'cultural tipping point'.
Meta CEO Mark Zuckerberg announced the end of the fact-checking program and its replacement with a community-driven system.
Meta's fact-checking system, introduced in 2016, relied on certified third-party organizations to review posts in multiple languages.
Zuckerberg emphasized a focus on reducing mistakes, simplifying policies, and restoring free expression on Meta's platforms.

Read Full Article

11 Likes

Securityaffairs

254

Image Credit: Securityaffairs

U.S. CISA adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle WebLogic Server and Mitel MiCollab flaws to its Known Exploited Vulnerabilities catalog.
CISA added two vulnerabilities to its catalog: CVE-2020-2883 affecting Oracle WebLogic Server and CVE-2024-41713 affecting Mitel MiCollab.
The Oracle WebLogic Server vulnerability allows remote attackers to execute arbitrary code without authentication.
The Mitel MiCollab vulnerabilities include a path traversal vulnerability and a local file read vulnerability.

Read Full Article

15 Likes

Qualys

302

Image Credit: Qualys

Secure, Efficient, Cost-Effective: How Qualys Patch Management Delivers ROI

Qualys Patch Management is a cloud-native solution designed to automate and simplify the patching process, enhancing security posture and delivering measureable cost and operational benefits.
The benefits and ROI of Qualys Patch Management include cost savings, operational efficiency, risk mitigation, time-to-value and security posture improvement.
Qualys platform reduces cost by providing a single unified tool rather than siloed solutions and minimizes manual input and unpatched vulnerabilities, which leads to a reduction in downtime.
The platform improves operational efficiency by simplifying management across hybrid and multi-cloud environments and automation helps to speed up processes such as compliance.
Preventing data breaches and ransomware attacks is the significant ROI of risk mitigation along with the reduction of non-compliance penalties and brand reputation protection.
Qualys Patch Management offers a fast TTV and provides efficiency by automation capabilities and simplified management console, freeing up staff time, which can be spent on other essential projects.
Effective patch management improves the overall security posture of an organization through proactive threat mitigation.
Qualys Patch Management offers solutions that improve operational efficiency, reduce risks, and enhance overall security posture.
User feedback reinforces the platform’s ability to deliver timely results and streamline patching operations, making it a valuable tool for managing vulnerabilities effectively.
The Qualys platform demonstrates a high ROI and highlights its value as an investment for businesses and organizations.

Read Full Article

18 Likes

Securityintelligence

142

Image Credit: Securityintelligence

Mobile device security: Why protection is critical in the hybrid workforce

Mobile devices are now essential tools for productivity and communication, but they face different security challenges. Mobile devices have unique vulnerabilities that cyber criminals increasingly exploit and often the least protected corporate devices and offer platforms from which to launch social engineering attacks. Businesses often use a mix of iOS and Android devices, each with its own security protocols and vulnerabilities. Mobile devices frequently connect to public Wi-Fi in coffee shops, airports and other common spaces, making them easy targets for attackers. Mobile threats every user and IT team should be aware of include phishing attacks, malware and spyware, man-in-the-middle attacks (MITM) and unsecured devices and theft.
Mobile device security is crucial for the hybrid workforce, as more employees have their workdays start and end on a mobile device. Mobile devices have unique security challenges as they connect to various applications and public and Wi-Fi networks. Although app stores like Google Play and Apple's App Store vet applications, malicious apps still manage to slip through, making the devices unsafe.
The vulnerabilities make mobile devices a rich target for malicious actors. Due to the lack of user awareness and proper protection, mobile devices are often left vulnerable to cyber threats. Mobile devices are frequently left with outdated software as mobile operating system updates are essential to patch known vulnerabilities. When devices have improper security, sensitive information can be accessed by anyone who picks up the device.
Mobile device management (MDM) solution, like IBM MaaS360, is particularly valuable for businesses. MDM provides critical control and visibility, allowing organizations to enforce security policies, manage devices remotely and wipe data if a device is lost or stolen — ensuring comprehensive security across all mobile devices accessing company resources.
Individuals and organizations can take proactive measures to secure their mobile devices and protect sensitive data. Regularly updating operating systems, using mobile security software and employing strong authentication are essential steps for protecting mobile devices. Additionally, limiting app permissions and promoting cybersecurity training among employees can significantly reduce risks.
Mobile devices often hold both personal and professional data. Malware-laden apps can compromise both personal and business information. Public Wi-Fi networks are often unsecured and allow attackers to intercept sensitive data, including login credentials and personal information. Phishing remains one of the most effective attack vectors, and mobile users are highly susceptible due to the small screens and simplified user interfaces.
IBM MaaS360 Mobile Threat Defense add-ons (Professional and Advanced) provide near real-time dashboards to identify risky users and devices, as well as detect and respond to advanced and persistent mobile threats. MaaS360 Unified Endpoint Management, combined with the MaaS360 Mobile Threat Defense Professional add-on, provides IT administrators with a comprehensive, integrated, end-to-end solution that brings together best-in-class endpoint management and mobile threat defense.
The lack of awareness often translates into a lack of cyber hygiene, leaving devices susceptible to a growing number of cyber threats. Mobile devices face different security challenges than desktops or laptops, making them easy targets for attackers. Android, for instance, has a more fragmented ecosystem, where updates are not universally applied across devices, leaving users exposed. In addition, iOS users may not be aware that jailbreaking their phones disables important security features.
As more organizations embrace hybrid work models, mobile device security is no longer optional. Without proper safeguards, the productivity benefits of mobile devices are outweighed by the increased security risks they pose. Mobile threats are on the rise, but there are ways to reduce the risk of attacks. The best practices for mobile cybersecurity include regularly updating operating systems, using mobile security software and employing strong authentication to protect mobile devices.
MaaS360 Mobile Threat Defense provides device management, mobile threat defense, seamless integration with existing cybersecurity stacks and AI-driven security insights to accelerate threat assessment and response. IBM MaaS360 Mobile Threat Defense Advanced represents a significant advance in how organizations adopt and leverage mobile device defense.
Embracing mobile security for the hybrid workforce is critical. It is imperative to take mobile security seriously as business data is accessed on the go. Individuals, as well as organizations, can take proactive measures to secure their mobile devices and protect sensitive data. As mobile threats are on the rise, it is important to reduce the risk of attacks with the best practices for mobile cybersecurity.

Read Full Article

8 Likes

Securityaffairs

Image Credit: Securityaffairs

US adds Tencent to the list of companies supporting Chinese military

The US has added Tencent, the Chinese multinational conglomerate, to its list of companies supporting the Chinese military.
The list, known as the 'Chinese military company' list, identifies companies that support the People's Liberation Army (PLA) on technology development.
Tencent's inclusion on the list serves as a warning for organizations to scrutinize potential collaborations with the tech giant.
Tencent has stated that its inclusion on the list must be an error and plans to appeal.

Read Full Article

2 Likes

Securityaffairs

306

Image Credit: Securityaffairs

Eagerbee backdoor targets govt entities and ISPs in the Middle East

New variants of the Eagerbee backdoor have been spotted targeting government entities and ISPs in the Middle East.
Kaspersky researchers discovered new attack components, including a service injector and plugins for payload delivery and remote control.
The backdoor injects itself into the Themes service, gathers system information, and communicates with a command and control (C2) server.
The backdoor uses plugins to handle file and process management, remote access, service control, and network monitoring.

Read Full Article

18 Likes

Amazon

Image Credit: Amazon

How to enhance Amazon Macie data discovery capabilities using Amazon Textract

Amazon Macie is a managed service that uses machine learning (ML) and deterministic pattern matching to help discover sensitive data that’s stored in Amazon Simple Storage Service (Amazon S3) buckets.
In this post, we show you how to gain visibility of sensitive data embedded in images that are stored within your S3 buckets by adding an additional conversion layer to extract image-based data into a format supported by Macie. The solution also uses the recommended set of managed identifiers and custom data identifiers supported by Macie to cover most use cases.
The solution is deployed using AWS Serverless Application Model (AWS SAM), which is an open source framework for building serverless applications.
The resulting JSON file from the Amazon Textract job is stored within the same S3 bucket as the original image.
Macie then scans the bucket for sensitive data based on managed identifiers and your custom data identifiers.
It’s important to note the language capabilities of Amazon Textract. Amazon Textract can extract printed text and handwriting from the standard English alphabet and ASCII symbols.
This solution has been designed to enable sensitive data discovery of text in image objects within a single S3 bucket. To expand the scope to include multiple S3 buckets, some additional code and permission changes are required to allow the Lambda functions to process and access multiple existing S3 buckets.
If you want to extend the benefits of Amazon Macie to scan your databases for sensitive data, you might find these blog posts useful:
In this post, you learned how to enhance the capabilities of Amazon Macie to conduct sensitive data discovery within image files. With this solution, you can extend the benefits of Amazon Macie beyond structured file formats.
If you have feedback about this post, submit comments in the Comments section.

Read Full Article

3 Likes

Socprime

Image Credit: Socprime

Message Queues vs. Streaming Systems: Key Differences and Use Cases

Message queues operate like a queue at a coffee shop, messaging consume tasks independently, one at a time.
Streaming messages is a continuous flow of data and real-time processing.
Message queues are ideal for scenarios requiring parallel processing and scalability. Whereas, streaming messages focus on real-time analytics and monitoring.
Kafka now supports both streaming and queue-based workflows, catering to a broader range of use cases.
Share Groups offer a flexible approach, enabling finer-grained control over data sharing and processing.
Retailers can benefit from Share Group capabilities for efficient processing during sales events.

Read Full Article

1 Like

Socprime

Image Credit: Socprime

What is Event Streaming in Apache Kafka?

Event streaming is a powerful data processing paradigm where events—small, immutable pieces of data—are continuously produced, captured, and processed in real time.
Apache Kafka is an open-source distributed event streaming platform that has become the go-to solution for implementing event streaming in modern systems.
Kafka enables event streaming through its producers, consumers, distributed architecture, retention capabilities, and stream processing tools like Kafka Streams and Apache Flink.
Event streaming with Kafka is beneficial for real-time data processing, decoupling of producers and consumers, scalability, reliability, and applications like real-time analytics, event-driven architectures, and data integration.

Read Full Article

For uninterrupted reading, download the app