A naukri.com initiative
Info. Security News News
Securityaffairs
1M
8
Image Credit: Securityaffairs
Kyiv’s hackers launched an unprecedented cyber attack on Russian state media VGTRK on Putin’s birthday
- Russian state media VGTRK faced a major cyberattack conducted by Kyiv’s hackers on Putin’s birthday.
- The cyber attack disrupted online broadcasts, internal services, and communications of VGTRK.
- The attackers used a malicious code that wiped the VGTRK servers and backups.
- Russian government officials have not yet publicly attributed the cyber attack to Ukraine.
Read Full Article
Like
Sentinelone
1M
422
Image Credit: Sentinelone
PinnacleOne ExecBrief | Are You Actuarially In Good Hands?
- Lloyd’s new cyberattack insurance policies mandate exclusions for state-backed cyberattacks starting from March 2023.
- These exclusions applied to cyberattacks that disrupted essential state functions or security and insurers had to attribute these attacks to specific states.
- Despite some infrastructure operators ignoring government warnings, insurers were acutely aware of the risks with billions of dollars at stake.
- The main issue likely to cause disputes between insurers and policyholders is the attribution of cyberattacks, as the covert nature of cyberattacks makes it difficult to determine state responsibility.
- Additionally, the definition of “major detrimental impact” remains vague, which could lead to disagreements over what qualifies as significant disruption.
- As insurers step away from covering cyber warfare-related risks, the question of responsibility looms.
- Businesses must now contend with a new reality where neither governments nor insurers can fully shield or cover them from nation-state attacks.
- The recent MOVEit, Change Healthcare, and NHS incidents showed how attacks on a single critical software and government service can cascade across the economy, creating systemic aggregate losses.
- A recent report by a cyber insurer noted that the risk of and uncertainty around aggregation continues to hang over the market by impeding capital inflows and tempering risk appetite.
- Careful review of cyber policy wordings is crucial to reduce the risk of disputes over cyberattack claims.
Read Full Article
25 Likes
Securityaffairs
1M
409
FBCS data breach impacted 238,000 Comcast customers
- Approximately 238,000 Comcast customers were impacted by the FBCS data breach following a ransomware attack.
- FBCS, a third-party debt collection agency, experienced unauthorized access to its systems between February 14 and February 26, 2024.
- Compromised information may include names, dates of birth, Social Security numbers, and account information.
- Comcast is providing affected customers with 12 months of free credit monitoring services.
Read Full Article
24 Likes
Securityaffairs
1M
184
Image Credit: Securityaffairs
Critical Apache Avro SDK RCE flaw impacts Java applications
- A critical vulnerability in the Apache Avro Java Software Development Kit (SDK) could be exploited to execute arbitrary code on vulnerable instances.
- The vulnerability, tracked as CVE-2024-47561, impacts all versions of the Avro Java SDK prior to 1.11.4.
- The Avro Java SDK is a toolkit used for working with Apache Avro in Java applications, especially in big data or distributed systems.
- Users are advised to upgrade to version 1.11.4 or 1.12.0 to mitigate the security vulnerability.
Read Full Article
11 Likes
Socprime
1M
220
Image Credit: Socprime
Uncoder AI: A Guide on Contributing Detection Rules to SOC Prime Platform via Threat Bounty Program
- Uncoder AI, a professional IDE & co-pilot for detection engineering streamlines content creation and threat detection rule contribution in the SOC Prime Platform.
- Contributors of threat detection rules can use Uncoder AI to make it easier to contribute, collaborate with experts, and track the success of their contributions.
- To start contributing detection rules, contributors must log in to the SOC Prime Platform using the same email address they registered with for the Threat Bounty Program.
- Once logged in, contributors can create a custom repository where their rules and content can be saved.
- Contributors can then use Uncoder AI to create detection rules, select a template that best fits their needs, and save them to their custom repository.
- After writing and saving the rule, it must be validated using Warden, the validation tool within the Platform. If there are errors present, address them to ensure the rule is ready for submission.
- Contributors can submit their rule for review, where it is reviewed by the SOC Prime team. If it meets the necessary quality standards, it will be published.
- If the rule is returned, contributors must make the necessary adjustments and resubmit the rule for another review.
- Once the rule is approved, it will be available on the Threat Detection Marketplace. Contributors can monitor its performance and track its usage.
- By using Uncoder AI, contributors can simplify the creation and contribution of detection rules within SOC Prime’s Threat Bounty Program.
Read Full Article
13 Likes
Kaspersky
1M
139
Image Credit: Kaspersky
Kaspersky apps are no longer available on Google Play: what to do? | Kaspersky official blog
- Google Play store has terminated Kaspersky's developer account, resulting in the removal of all Kaspersky apps from the store.
- The decision is based on the U.S. government's restrictions on the distribution and sales of Kaspersky products in the United States.
- Already-installed Kaspersky apps will continue to work, but users won't be able to update or reinstall them from Google Play.
- Users are recommended to download Kaspersky apps from other mobile stores or directly from the Kaspersky website.
Read Full Article
8 Likes
Silicon
1M
427
Image Credit: Silicon
The Age of Virtual Assistants
- Virtual assistants are transforming industries and personal productivity. They are becoming indispensable in our daily lives both personal and professional. By 2028, virtual professionals are expected to comprise half of the US workforce
- Virtual assistant journey started with ELIZA, a computer program developed at MIT that simulated conversation.
- Voice-based assistants like Siri, Alexa, and Google Assistant are set to dominate the future and play a central role in our daily interactions with technology, streamlining everything from personal tasks to professional workflows.
- Artificial Intelligence(AI) is the primary driver of virtual assistants’ development, and recent innovations promise even greater capabilities. These tools will enable virtual assistants to anticipate user needs more accurately in customer service, where virtual assistants will assist, predict, and fulfill consumer needs.
- With this growth comes a range of ethical concerns. Virtual assistants are only as unbiased as the data on which they are trained. If this data reflects societal biases, virtual assistants can perpetuate or even exacerbate these issues, particularly in hiring and customer service areas.
- The concern of privacy and data security is another significant factor as virtual assistants become more integral to our lives, they inevitably collect vast amounts of personal data..
- Virtual assistants are becoming integral to business operations and personal productivity. The ethical challenges are surrounding bias, transparency, and privacy must be addressed carefully to ensure these technologies benefit society as a whole.
- Researchers are also working on developing more advanced natural language processing techniques to help AIs better understand context and nuance. They’re working on emotional intelligence algorithms to help virtual assistants read between the lines of human communication.
- Virtual assistants could become indispensable colleagues, handling everything from scheduling to data analysis to first drafts of reports. They might even sit in on meetings, taking notes and suggesting action items.
- As we move forward, it is crucial to establish clear ethical and practical guardrails. It’s not just about what these AIs can do for us, but how they might change us – our behaviours, our relationships, our very way of thinking.
Read Full Article
25 Likes
Hackersking
1M
175
Image Credit: Hackersking
Master Java Compilation to Supercharge Your Hacking Tools
- Learning Java can be very beneficial if you're interested in ethical hacking and want to create your own tools.
- Java offers great advantages, especially when it comes to building hacking tools that can run on various operating systems.
- Java compilation is the process of converting the code you write into a format that is understandable and can be executed by computer.
- Java compilation enhances the performance of ethical hacking tools, allowing them to handle large amounts of data while running multiple processes efficiently.
- Optimizing Java compilation for your hacking tools can help you create powerful, scalable solutions that work on a variety of platforms.
- By optimizing your code and fixing common errors during Java compilation, you can build faster, more reliable tools for ethical hacking.
- To create efficient and powerful hacking tools, use the Latest Java Version, Enable Warnings During Compilation and Keep Your Code Lightweight.
- Java's bytecode is platform-independent, meaning you can write the code once and run it on any operating system.
- Java's multi-threading feature allows you to execute multiple tasks simultaneously, making your tool much faster.
- Keep your Java code secure by not hardcoding sensitive data, using updated libraries and keeping JDK updated for safe Java compilation.
Read Full Article
10 Likes
Securityaffairs
1M
364
Image Credit: Securityaffairs
Man pleads guilty to stealing over $37 Million worth of cryptocurrency
- A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack.
- Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments.
- Using a real client’s identity, Light accessed the company’s servers, exfiltrated personal identifiable information (PII) of other clients, and stole virtual currencies from their accounts.
- He funneled the stolen funds to various locations throughout the world to launder them.
Read Full Article
21 Likes
TechBullion
1M
404
Image Credit: TechBullion
EFURB: Leader in ITAD (IT Asset Disposition) for Schools & Businesses in the USA
- Disposing of old technology can be daunting due to concerns surrounding secure data erasure and environmentally responsible disposal practices.
- EFURB, a leader in IT Asset Disposition (ITAD), offers a comprehensive solution for schools and businesses looking to retire old technology.
- EFURB ensures that all sensitive data is thoroughly and securely wiped from devices before they are repurposed and resold.
- EFURB's white-glove service offers unparalleled convenience by providing on-site pick-up and handling the entire process from collection to repurposing.
- EFURB's commitment to environmental responsibility is demonstrated by repurposing aging devices rather than contributing to the growing e-waste problem.
- EFURB buys old devices providing customers with additional revenues while ensuring useful technology finds new homes.
- The devices collected by EFURB are often repurposed for charitable organizations and international communities that lack access to up-to-date technology.
- EFURB's transparent process and dedication to customer service have made them a leader in the ITAD industry.
- Partnering with EFURB provides a secure and responsible solution for disposing of old technology while helping to reduce the harmful impact of e-waste.
- Contact EFURB today to securely and responsibly dispose of old devices without any logistical challenges.
Read Full Article
24 Likes
Securityaffairs
1M
355
Image Credit: Securityaffairs
U.S. CISA adds Synacor Zimbra Collaboration flaw to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra Collaboration vulnerability CVE-2024-45519 to its Known Exploited Vulnerabilities catalog.
- Proofpoint researchers report threat actors attempting to exploit the Zimbra Collaboration vulnerability for remote code execution on vulnerable instances.
- The vulnerability allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations.
- CISA has ordered federal agencies to address and fix the vulnerability by October 24, 2024.
Read Full Article
21 Likes
Securityaffairs
1M
395
Image Credit: Securityaffairs
China-linked group Salt Typhoon hacked US broadband providers and breached wiretap systems
- China-linked APT group Salt Typhoon breached U.S. broadband providers, potentially accessing systems for lawful wiretapping and other data.
- The breach poses a major national security risk and remained undisclosed due to possible impact on national security. Experts suspect the hackers aimed at gathering intelligence.
- The Salt Typhoon group targeted surveillance systems used by the US government. U.S. officials are increasingly concerned about Chinese cyber efforts to infiltrate critical infrastructure.
- The investigation into the breaches is ongoing, and experts are assessing the scope of the compromise.
Read Full Article
23 Likes
Securityaffairs
1M
360
Image Credit: Securityaffairs
Security Affairs newsletter Round 492 by Pierluigi Paganini – INTERNATIONAL EDITION
- WordPress LiteSpeed Cache plugin flaw could allow site takeover
- Apple iOS 18.0.1 and iPadOS 18.0.1 fix media session and passwords bugs
- Google removed Kaspersky’s security apps from the Play Store
- New Perfctl Malware targets Linux servers in cryptomining campaign
Read Full Article
21 Likes
Hackersking
1M
121
Image Credit: Hackersking
How To Brute Force Attack On Network, WebApps and Directories: Kraken All-in-one Password Cracking Kit
- Kraken is an all-in-one brute-force attack toolkit that can be used for network protocols, web applications, and directories.
- Key features of Kraken include finding hidden directories, passwords, and sub-domains of websites and network protocols.
- To install Kraken, you can use the git package and follow the provided command in the installation guide.
- Once installed, Kraken can be launched from the command line, and you can select a specific tool by entering the corresponding number.
Read Full Article
7 Likes
Securityaffairs
1M
202
Image Credit: Securityaffairs
Google Pixel 9 supports new security features to mitigate baseband attacks
- Google announced that its Pixel 9 has implemented new security features, and it supports measures to mitigate baseband attacks.
- Pixel phones are known for their strong security features, particularly in protecting the cellular baseband.
- Google claims that the Pixel 9 implements the most secure baseband to date, addressing a critical attack vector exploited by researchers.
- Key security measures implemented in the Pixel 9 series include Bounds Sanitizer, Integer Overflow Sanitizer, Stack Canaries, Control Flow Integrity, and Auto-Initialize Stack Variables.
Read Full Article
12 Likes
For uninterrupted reading, download the app