menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Info. Security News News

Info. Security News News

source image

Dataprivacyandsecurityinsider

3w

read

406

img
dot

Image Credit: Dataprivacyandsecurityinsider

Neural Data Included in CCPA Amendments

  • California recently passed an amendment to the CCPA, including neural data in the definition of personal information.
  • The amendment aims to safeguard consumer brain data collected by neurotechnology products.
  • Companies will need to disclose the types and uses of brain data they collect.
  • The amendment raises privacy concerns and aims to prevent misuse and potential data breaches.

Read Full Article

like

24 Likes

share

5 Shares

source image

Dataprivacyandsecurityinsider

3w

read

406

img
dot

Image Credit: Dataprivacyandsecurityinsider

Artists’ Copyright Infringement Suit Against AI Companies Can Proceed

  • Visual artists Sarah Andersen, Kelly McKernan, and Karla Ortiz filed a class action lawsuit against AI companies, alleging copyright infringement.
  • Judge William Orrick in the Northern District of California allowed the plaintiffs' copyright claims to proceed.
  • The judge distinguished the defendants' AI models from VCRs and found that the plaintiffs' induced copyright infringement claim could proceed.
  • The case's outcome will likely have significant implications on the AI and copyright landscapes.

Read Full Article

like

24 Likes

share

5 Shares

source image

Dataprivacyandsecurityinsider

3w

read

314

img
dot

Image Credit: Dataprivacyandsecurityinsider

PRIVACY TIP #418 – New Phishing Scheme Uses Scarce Weight Loss Drugs as Hook

  • Scammers are exploiting the high demand for GLP-1 weight loss drugs through phishing schemes.
  • They offer drugs online, accept payments through various platforms, and impersonate doctors on social media.
  • McAfee found a significant increase in phishing attempts and risky website URLs related to weight loss drugs.
  • To avoid scams, it is advised to buy from reputable sources, watch out for low prices and misleading claims, and stay vigilant.

Read Full Article

like

18 Likes

share

4 Shares

source image

TechBullion

3w

read

236

img
dot

Image Credit: TechBullion

Data Security in the Cloud: Best Practices for Protecting Your Valuable Information 

  • Data security in the cloud is a crucial concern for businesses.
  • Best practices for data security include encryption of data at rest and in transit.
  • Implementing strong access controls, such as multi-factor authentication, is important.
  • Regular data backup, monitoring, and compliance checks are necessary for maintaining security.

Read Full Article

like

14 Likes

share

3 Shares

source image

Hackingblogs

3w

read

31

img
dot

Image Credit: Hackingblogs

Samsung Galaxy S24 , Cannon, HP and Sonos Era Were Hacked In Pwn2Own Ireland

  • Samsung Galaxy S24 was hacked by Ken Gannon, earning $50,000 and 5 Master of Pwn points.
  • Sonos Era 300 was hacked by dungdm from Viettel Cyber Security, earning $30,000 and 6 Master of Pwn points.
  • Canon imageCLASS MF656Cdw printer was hacked by ExLuck and Pham Tuan Son, earning $10,000 and 2 Master of Pwn points.
  • Pwn2Own Ireland 2024 witnessed successful exploits on phones, cameras, printers, and smart speakers.

Read Full Article

like

1 Like

share

Share

source image

Amazon

3w

read

371

img
dot

Image Credit: Amazon

Exploring digital sovereignty: learning opportunities at re:Invent 2024

  • AWS re:Invent 2024 is a learning conference hosted by Amazon Web Services for the cloud computing community.
  • At re:Invent, attendees can hear the latest cloud industry innovations, meet with AWS experts, and build connections.
  • The 2024 event will offer many ways to learn about digital sovereignty solutions, including sessions and hands-on activities with AWS hybrid and edge services.
  • Attendees can also visit the Digital Sovereignty & Data Protection kiosk in the AWS Village to watch demos and learn more about upcoming AWS European Sovereign Cloud.
  • Breakout sessions and lightning talks covering topics such as data residency, generative AI, and AWS IoT for edge LLM deployment are available to attendees.
  • There will also be interactive sessions available, such as the Implement RAG Without Compromising on Digital Sovereignty workshop and the How AWS Can Help You Meet Your Digital Sovereignty Requirements chalk talk.
  • Attendees can access the full digital sovereignty content catalog by filtering sessions on the AWS re:Invent website.
  • For those unable to attend in person, a virtual-only pass is available for live streaming of keynotes and innovation talks, as well as access to on-demand breakout sessions.
  • Overall, AWS re:Invent 2024 provides a prime opportunity to learn about advanced sovereignty controls, security features, and infrastructure options offered by the sovereign-by-design AWS Cloud.
  • The event is set to take place across multiple venues in Las Vegas from December 2-6, 2024.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securityintelligence

3w

read

324

img
dot

Image Credit: Securityintelligence

3 proven use cases for AI in preventative cybersecurity

  • IBM's Cost of a Data Breach Report 2024 reveals that the application of AI-powered automation in prevention has saved organizations an average of $2.2 million.
  • AI is helping in proactive defense through attack surface management by providing real-time protection to digital infrastructures and improving detection outcomes.
  • AI red teaming helps in stress-testing AI models, identifying vulnerabilities, and detecting shadow data that could pose security risks.
  • Posture management, enabled by AI, ensures continuous security at scale with real-time monitoring, quick identification and mitigation of breaches, and substantial cost savings.

Read Full Article

like

19 Likes

share

4 Shares

source image

Kaspersky

3w

read

262

img
dot

Image Credit: Kaspersky

Security and privacy settings in adidas Running | Kaspersky official blog

  • To protect your privacy on the adidas Running app, it is important to configure the privacy settings correctly.
  • Access privacy settings by tapping Profile > Settings > Privacy.
  • Ensure that maps and activity visibility is set to either Followers or Only me.
  • Consider disabling notifications and delete profile data if you stop using the app.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

3w

read

367

img
dot

Image Credit: Securityaffairs

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

  • The recently disclosed Fortinet FortiManager flaw, known as FortiJump (CVE-2024-47575), has been exploited in zero-day attacks since June 2024.
  • Over 50 servers have been impacted by these attacks, according to a report by Mandiant.
  • The vulnerability allows an attacker to execute arbitrary code or commands through specially crafted requests, due to a missing authentication issue in FortiManager and FortiManager Cloud versions.
  • Attackers have automated the exfiltration of files containing IPs, credentials, and configurations of managed devices from FortiManager.

Read Full Article

like

22 Likes

share

5 Shares

source image

Socprime

3w

read

87

img
dot

Image Credit: Socprime

“Rogue RDP” Attack Detection: UAC-0215 Leverages RDP Configuration Files to Gain Remote Access to Ukrainian Public Sector Computers

  • Adversaries exploit Remote Desktop Protocol (RDP) configuration files to gain remote access to Ukrainian public sector computers.
  • CERT-UA warns about an ongoing phishing email campaign targeting government agencies and defense sector organizations.
  • The attacks are linked to the UAC-0215 hacking group and may expand beyond Ukraine.
  • Mitigation measures include blocking .rdp files at the email gateway and configuring firewalls to limit RDP connections to internet resources.

Read Full Article

like

5 Likes

share

1 Share

source image

Hackersking

3w

read

378

img
dot

Image Credit: Hackersking

Are Cybersecurity Bootcamps Worth It?

  • Cybersecurity boot camps offer a quick and focused way to enter the field.
  • Advantages include fast-track learning, practical experience, expert instructors, networking opportunities, and job placement support.
  • Disadvantages include cost considerations, variation in quality, limited curriculum depth, and a competitive job market.
  • Choosing a cybersecurity boot camp requires considering career goals, learning preferences, and financial investment.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securityaffairs

3w

read

83

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Fortinet FortiManager flaw to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the Fortinet FortiManager missing authentication vulnerability CVE-2024-47575 (CVSS v4 score: 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
  • A missing authentication flaw in FortiManager and FortiManager Cloud versions allows attackers to execute arbitrary code or commands through specially crafted requests.
  • Fortinet confirmed that the vulnerability CVE-2024-47575 has been exploited in the wild for exfiltrating files containing IPs, credentials, and configurations of managed devices.
  • CISA orders federal agencies to fix this vulnerability by November 13, 2024.

Read Full Article

like

5 Likes

share

1 Share

source image

Infoblox

3w

read

70

img
dot

Image Credit: Infoblox

Threat Actors Abuse DNS to Con Consumers

  • According to CISA, more than 90% of successful cyber-attacks start with a link or webpage designed by bad actors to trick users into revealing their passwords or other sensitive information. DNS infrastructure and communications fit perfectly to the criminal mode of operation.
  • The first element DNS offers to cybercriminals is anonymity, enabling them to set up a nefarious infrastructure including the content bait, malicious payload, and victim data-capturing backend while staying unidentifiable.
  • Second advantage adversaries find in DNS is the ability to intentionally target and aim at victims. By combining multiple DNS servers, domain names can lure and redirect traffic to the right malicious content based on the victim’s environment.
  • Most importantly, by hiding commands in the DNS response, the C2 communication stays undetected by many security tools, allowing the adversary to continue their attack.
  • DNS is the Swiss army knife for any actor and supports a broad spectrum of intrusion techniques, such as social engineering, credential theft, unauthorized remote access, or data leakage.
  • Infoblox has discovered multiple DNS weaponizations, including sophisticated campaigns using techniques like fake messages via SMS to trick users into entering personal information for supposed high-return investments.
  • Another discovery by Infoblox found an advanced technology suite connected to Chinese organized crime, money laundering, and human trafficking that uses DNS configurations, website hosting, payment mechanisms, and more. The brands exploit residents in China and victims worldwide tapping into the $1.7 trillion illegal gambling economy.
  • Common in all the adversarial tactics is that the cyber-criminal first carefully created the domain and malicious site sometimes months to a year in advance of the attack.
  • Infoblox generates threat intelligence to proactively stop these attacks and efficiently protect businesses from costly incidents.
  • DNS can give the attacker an advantage by deceiving the victims and automatically providing a malicious link. To learn more on how to protect brand and consumer trust using Infoblox threat intelligence go to https://www.infoblox.com/threat-intel/

Read Full Article

like

4 Likes

share

Share

source image

Securityaffairs

3w

read

105

img
dot

Image Credit: Securityaffairs

Digital Echo Chambers and Erosion of Trust – Key Threats to the US Elections

  • Resecurity reports a rise in political content related to the 2024 US elections on social media, with increased activity from foreign sources.
  • Resecurity has detected a substantial increase in the distribution of political content related to the 2024 US elections through social media networks, particularly from foreign jurisdictions.
  • Social media can create echo chambers where users are exposed primarily to information that reinforces their existing beliefs, leading to polarization and influencing voter behavior.
  • Accounts impersonating government entities and media outlets, and promoting negative opinions about political candidates and distrust in U.S. elections, have been identified on Telegram.

Read Full Article

like

6 Likes

share

1 Share

source image

Kaspersky

3w

read

100

img
dot

Image Credit: Kaspersky

ID card selfie: pros and cons | Kaspersky official blog

  • More and more online services are requiring users to upload selfies with their ID documents in order to prove their identity; banks, rental cars and even some potential employers now insist on the practice.
  • Personal decision whether to share your confidential data or not.
  • It's a straightforward choice — take a photo or choose your safety.
  • If you decide to go through with it, be cautious.
  • Before sending your document selfies, find out everything you can about the company.
  • Check where and by whom your data will be processed, how long it will be stored, and whether the company can pass customer information to law enforcement, third parties, or even to other countries.
  • If it’s worth the risk, add watermarks to the selfie with the name of the service you’re sending it to.
  • Send the photo through the official app or website of the service and delete the selfie immediately after sending if your device lacks reliable protection.
  • Check with your bank to find out how to be notified promptly of changes to your credit history.
  • Never give out personal data for monetary rewards.

Read Full Article

like

6 Likes

share

1 Share

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app