A naukri.com initiative
Info. Security News News
Kaspersky
2w
294
Image Credit: Kaspersky
How to track Kia car owners online | Kaspersky official blog
- Security researchers discovered a vulnerability in Kia's web portal that allowed cars to be hacked remotely and their owners tracked.
- The vulnerability allowed anyone to register as a car dealer with access to owner's data using just the vehicle's VIN number.
- An experimental app was developed to take control of any Kia vehicle by entering its license plate number, enabling functions like location tracking, door locking/unlocking, engine start/stop, and horn honking.
- The researchers responsibly disclosed the vulnerability to Kia and published their findings after it was fixed, but anticipate discovering more vulnerabilities in the future.
Read Full Article
17 Likes
Socprime
2w
229
Image Credit: Socprime
CVE-2024-47575 Detection: FortiManager API Vulnerability Exploited in Zero-Day Attacks
- Cybersecurity researchers have disclosed a critical FortiManager API vulnerability, CVE-2024-47575, that has been exploited in zero-day attacks.
- The vulnerability allows attackers to execute arbitrary code or commands and steal sensitive files containing configurations, IP addresses, and credentials.
- A new threat actor, UNC5820, has been linked to the exploitation of this vulnerability.
- To detect exploitation attempts, organizations can use the SOC Prime Platform or the dedicated Sigma rule.
Read Full Article
13 Likes
Securityaffairs
2w
364
Image Credit: Securityaffairs
Black Basta affiliates used Microsoft Teams in recent attacks
- ReliaQuest researchers observed Black Basta affiliates relying on Microsoft Teams to gain initial access to target networks.
- Black Basta ransomware affiliates switched to Microsoft Teams, posing as IT support to deceive employees into granting access.
- Threat actors flood employee inboxes with emails, then impersonate IT support on Microsoft Teams to offer help.
- Attackers send QR codes in chats as part of Quishing attempts.
Read Full Article
21 Likes
Hackersking
2w
403
Image Credit: Hackersking
Social Analyzer - API, CLI, and Web App for analyzing & finding Online Identity
- Social Analyzer is an API, CLI, and Web App for analyzing and finding a person's profile across +1000 social media and websites.
- The tool includes different analysis and detection modules, allowing users to choose which modules to use during the investigation process.
- It utilizes a rating mechanism to provide a rate value based on detection techniques, helping to identify suspicious or malicious activities online.
- Social Analyzer can be set up as a Web App or CLI, offering a wide range of features such as string and name analysis, multi-profile search, metadata extraction, custom search queries, and more.
Read Full Article
24 Likes
Securityaffairs
2w
425
Image Credit: Securityaffairs
Security Affairs newsletter Round 495 by Pierluigi Paganini – INTERNATIONAL EDITION
- Chinese cyber spies targeted phones used by Trump and Vance
- Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement
- Change Healthcare data breach impacted over 100 million people
- OnePoint Patient Care data breach impacted 795916 individuals
Read Full Article
25 Likes
Hackersking
2w
47
Image Credit: Hackersking
Get Existing Accounts From Email OSINT Tool Eyes
- Eyes is an open-source intelligence (OSINT) tool used to find existing accounts based on an email address.
- It offers features like full async and asynchronous scraping, as well as modules for facial recognition.
- To use Eyes, you can clone the GitHub repository, install the requirements, and execute the tool with the target email.
- The tool provides information on the target email using various modules and services.
Read Full Article
2 Likes
Tech Story
2w
208
Apple Announces $1 Million Bug Bounty to Strengthen AI Privacy System Security
- Apple has announced a $1 million bug bounty program to strengthen the security of its artificial intelligence (AI) privacy systems.
- The bug bounty program aims to find vulnerabilities in Apple's AI systems, including Face ID and Siri.
- Apple invites researchers to investigate vulnerabilities in various operating systems and offers different levels of payouts based on the importance of the discoveries.
- The bug bounty program promotes collaboration with the cybersecurity community and demonstrates Apple's commitment to user privacy and transparency.
Read Full Article
12 Likes
Securityaffairs
2w
91
Image Credit: Securityaffairs
Chinese cyber spies targeted phones used by Trump and Vance
- China-linked threat actors targeted the phone communications of Donald Trump and vice presidential nominee JD Vance.
- US intelligence is investigating the claims to determine what communications were eavesdropped by the cyberspies.
- The information on phones used by the two politicians is a gold mine for foreign intelligence agencies.
- Chinese cyber spies also targeted people affiliated with the Harris-Walz campaign and senior Biden administration officials.
Read Full Article
5 Likes
Hackersking
2w
118
Image Credit: Hackersking
WHEN IS CYBERSECURITY IS WEEK
- Cybersecurity Week is observed annually in the first week of October to raise awareness about cybersecurity challenges.
- The week includes workshops, webinars, social media campaigns, and community events to educate and engage individuals in cybersecurity.
- Best practices to adopt for better cybersecurity include using strong passwords, enabling two-factor authentication, staying informed, and backing up data.
- Organizations play a crucial role in fostering a culture of security and promoting cyber hygiene during Cybersecurity Week and beyond.
Read Full Article
7 Likes
Securityaffairs
2w
174
Image Credit: Securityaffairs
Irish Data Protection Commission fined LinkedIn €310M for GDPR infringement
- Irish Data Protection Commission fined LinkedIn €310M for violating user privacy by using behavioral data analysis for targeted advertising.
- The DPC’s inquiry was launched following an initial complaint to the French Data Protection Authority.
- LinkedIn’s reliance on user consent was deemed insufficiently informed, and its interests were found to override user rights and freedoms.
- The authority gave LinkedIn three months to ensure GDPR compliance, requiring clear, freely given, informed consent and fair, transparent data processing.
Read Full Article
10 Likes
Amazon
2w
296
Image Credit: Amazon
How to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules
- AWS WAF is a web application firewall that helps you protect against common web exploits and bots that can affect availability, compromise security, or consume excessive resources.
- Challenge actions is useful for detecting requests from automated tools without affecting the user experience.
- Properly handling bot traffic can reduce the impact, which can help you optimize costs and improve the stability of your infrastructure and the availability of your business.
- Implementing Challenge actions through a custom rule is a cost-effective way of using this action to help you reduce the impact of bot traffic in your applications.
- Option 1: Implementing the Challenge action through a custom rule involves defining the expected normal behaviors of the users who access your app.
- Option 2: Implementing the Challenge action by using Bot Control in AWS WAF is an easier, more robust and flexible solution than using a custom rule.
- Bot Control is a managed rules group that provides improved visibility and automated detection and mitigation mechanisms for bots.
- As your cloud infrastructure grows, you need to start managing your protection at scale and centrally. AWS Firewall Manager provides you with a single place to centrally configure, manage, and monitor your AWS WAF firewall, AWS Shield Advanced protections, and more.
- This blog covers the basics of using the Bot Control feature to implement Challenge actions as a more sophisticated and robust option.
- By implementing Challenge actions through a custom rule, you can set up basic, cost-effective measures to handle basic bots and control automated traffic to your applications.
Read Full Article
17 Likes
Startupnation
2w
47
Image Credit: Startupnation
Optimizing App Development and Budgeting with Cost-Effective APIs
- Launching and managing an app development with a tight budget in this highly competitive market is not an easy task for startups.
- One of the best strategies for startups is to leverage Application Programming Interfaces (APIs) which can accelerate the development process of an app while keeping the costs under control.
- API is a third-party software that simplifies and accelerates the creation process by allowing developers to integrate various services and capabilities from other applications into their products.
- Using payment gateway APIs or other suitable APIs can lessen the burden of developing complex payment processing systems and functionalities for a tech startup.
- The selection of the right API is critical and depends on the app requirements, easy integration with existing systems, documentation, user experience enhancement, and performance and scalability, or security features.
- The cost of using an API varies based on usage, features, and service levels. Many API providers offer a free tier or a trial period to help startups select the right API tool.
- APIs can help tech startups to deliver superior products, accelerate their market entry, and enhance app features without substantial capital investment.
- By using APIs, startups can allocate resources to their core strategies rather than investing heavily in developing new app components.
- The market for mobile app development is growing, and mobile app development costs are increasing, so startups need to find innovative ways to optimize their budget while launching their products.
- With API tools, startups can fast-track product development, keep costs low, and deliver more sophisticated software by leveraging pre-existing functionalities from other apps.
Read Full Article
2 Likes
Pymnts
2w
218
Image Credit: Pymnts
Making Sense of Quantum Data Defense in the Payments Space
- Firms in security-critical areas like financial services and payments are urged to prioritize cybersecurity.
- Transitioning to cutting-edge protocols and investing in new tech and training is essential.
- Quantum computing poses a future threat, urging firms to stay ahead in cybersecurity measures.
- Securing sensitive financial data and payment networks is crucial to prevent devastating breaches.
Read Full Article
13 Likes
Securityaffairs
2w
287
Image Credit: Securityaffairs
Change Healthcare data breach impacted over 100 million people
- The Change Healthcare data breach in February 2024 impacted over 100 million people, making it the largest-ever healthcare data breach in the US.
- UnitedHealth Group confirmed that the cyber attack disrupted IT operations of Change Healthcare, affecting more than 100 applications and impacting thousands of pharmacies and healthcare providers.
- Compromised data in the breach includes names, addresses, dates of birth, phone numbers, Social Security numbers, medical records, and more.
- The Alphv/BlackCat ransomware gang claimed responsibility for the attack, with reports suggesting that UnitedHealth paid a $22 million ransom.
Read Full Article
17 Likes
Hackingblogs
2w
261
Image Credit: Hackingblogs
Apple Will Pay Up To $ 1 Million To Anyone Who Hacks there Private AI Cloud
- Apple will pay up to $1 million to security experts for identifying flaws in its private AI cloud.
- Researchers can receive up to $250,000 for privately reporting flaws that compromise user data.
- Apple announced the Virtual Research Environment to allow analysis of its private cloud compute.
- Source code for certain components of Private Cloud Compute will be made public.
Read Full Article
15 Likes
For uninterrupted reading, download the app