Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Qualys

152

Image Credit: Qualys

Mass Campaign of Murdoc Botnet Mirai: A New Variant of Corona Mirai

The Qualys Threat Research Unit has uncovered a large-scale, ongoing operation within the Mirai campaign, dubbed Murdoc Botnet.
This variant exploits vulnerabilities targeting AVTECH Cameras and Huawei HG532 routers.
Murdoc Botnet demonstrates enhanced capabilities, exploiting vulnerabilities to compromise devices and establish expansive botnet networks.
The campaign utilizes ELF file and Shell Script execution for deployment and shows a geographical distribution of affected countries.

Read Full Article

9 Likes

Global Fintech Series

Image Credit: Global Fintech Series

Entrust Helps Businesses Fight Fraud with New AI-powered Facial Biometric Authentication Capability

Entrust introduces AI-powered identity verification as a new capability for its Identity-as-a-Service (IDaaS) platform.
The new feature enables facial biometric authentication and stores biometric data directly on users' mobile devices, addressing data protection regulations.
The solution enhances fraud prevention, eliminates vulnerabilities exploited by phishing attacks, improves data privacy, and offers a streamlined user experience.
Entrust's integration builds upon its market leadership and recognition as a provider of security solutions, including being named a Leader in the 2024 Gartner Magic Quadrant for Identity Verification.

Read Full Article

1 Like

Securityintelligence

168

Image Credit: Securityintelligence

Are attackers already embedded in U.S. critical infrastructure networks?

The threat of cyberattacks against critical infrastructure in the United States has evolved beyond data theft and espionage. Intruders are already entrenched in the nation’s most vital systems, waiting to unleash attacks.
Pre-positioning tactic allows cyber actors to infiltrate systems, maintain persistence and potentially launch massively destructive operations.
Volt Typhoon, a state-sponsored hacking group, has infiltrated critical infrastructure networks. They have targeted infrastructure that millions of Americans depend on daily, and their methodical approach has allowed them to infiltrate U.S. systems for extended periods without detection.
The FOCAL Plan: the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment Plan developed by CISA aims to shore up federal cybersecurity defenses by driving coordinated action across agencies to defend against pre-positioning and other sophisticated cyber threats.
The FOCAL Plan focuses on five critical areas: asset management, vulnerability management, defensible architecture, cyber supply chain risk management, and incident detection and response.
The threat landscape outlined by Volt Typhoon’s actions calls for an urgent response from every organization that operates critical infrastructure.
The harsh reality is that many organizations may already have pre-positioned attackers within their networks. The objective now is to limit the damage they can do and to ensure that attackers cannot trigger even more widespread disruption.
The presence of cyber actors like Volt Typhoon in U.S. critical infrastructure is not hypothetical — it’s happening now.
The FOCAL Plan is a step in the right direction, but the fight against pre-positioned cyber actors is far from over; it will require a sustained, coordinated effort.
The FOCAL Plan provides a framework, but it is up to individual organizations to implement these measures at every level.

Read Full Article

10 Likes

Kaspersky

Image Credit: Kaspersky

How to download, install, and update Kaspersky apps for Android | Kaspersky official blog

Kaspersky’s Android security solutions are temporarily unavailable in the official Google Play store.
Any Kaspersky apps that are already installed from Google Play will continue to work on your device.
To install Kaspersky apps on Android, we recommend using alternative app stores.
You can also install our apps manually from the APK files available on our website or in your My Kaspersky account.
You can download and install over already installed app versions from Samsung Galaxy Store, Huawei AppGallery, or Vivo V-Appstore.
The same Kaspersky apps can be found in all these stores.
Auto-update can be enabled to update automatically of the apps in the alternative stores.
If you want to installKaspersky appson a Google Play-only smartphone, install an alternative app store first.
Kasperky provides detailed instructions for all the alternative stores named in this article.
You can also buy subscription or activate an already installed license.

Read Full Article

Discover more

Securityaffairs

164

Image Credit: Securityaffairs

CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

CERT-UA warns of scammers impersonating the agency using fake AnyDesk requests.
Threat actors send fraudulent AnyDesk connection requests under the guise of security audits.
CERT-UA recommends enabling remote access software only during active use and reporting anomalies promptly.
The attacks have not been attributed to any specific APT group and the targets remain undisclosed.

Read Full Article

9 Likes

Schneier

235

AI Mistakes Are Very Different from Human Mistakes

AI systems and humans make different types of mistakes, with AI errors seeming much more random, without clustering around particular topics.
Indeed, AI mistakes are frequently accompanied by a level of confidence that can be difficult to ignore, regardless of how obviously incorrect a statement seems to humans.
AI’s random and inconsistent inconsistency makes trusting reasoning in complex and multi step problems almost impossible.
One area of research for addressing the issues posed by AI is to engineer models for language that more closely resemble human responses.
The other area involves creating new systems specifically for correcting the sorts of mistakes that AI models tend to make.
The strange inconsistency of AI necessitates systems such as asking the same question repeatedly in slightly different ways and then combining responses.
In some cases, what's bizarre about LLMs is that they act more like humans than we think they should.
AI systems that make consistently random and unpredictable errors, like LLMs, should perhaps be confined to applications that play to their strengths or are more trivial.
The need for new security systems to address the challenges posed by AI is arguing for an urgent rethink in this area.
Researchers are still struggling to understand where LLM mistakes diverge from human ones.

Read Full Article

14 Likes

Securityaffairs

166

Image Credit: Securityaffairs

HPE is investigating IntelBroker’s claims of the company hack

HPE is investigating claims made by IntelBroker about a hack on the company.
IntelBroker, a notorious threat actor, announced the sale of alleged stolen data from HPE.
The data for sale includes source code for company products, digital certificates, Docker builds, and user PII.
HPE has initiated an investigation and stated there is no operational impact or evidence of customer data involvement.

Read Full Article

10 Likes

Securityaffairs

111

Image Credit: Securityaffairs

Esperts found new DoNot Team APT group’s Android malware

Researchers linked the threat actor DoNot Team to a new Android malware that was employed in highly targeted cyber attacks.
The DoNot APT group, also known as APT-C-35 and Origami Elephant, has been active since 2016 and focuses on government and military organizations in South Asian countries.
The recently discovered Android malware, named 'Tanzeem' and 'Tanzeem Update', mimics chat functionality and uses the OneSignal platform for delivering phishing links through notifications.
The malware gathers call logs, contacts, SMS messages, locations, account information, and files stored in external storage, and can also record the screen.

Read Full Article

6 Likes

Sentinelone

263

Image Credit: Sentinelone

2024 macOS Malware Review | Infostealers, Backdoors, and APT Campaigns Targeting the Enterprise

2024 saw a sharp rise in macOS malware campaigns targeting enterprise users, with infostealers, backdoors, and APTs being the key threats.
The Amos Atomic family of stealers includes stealer varieties that grab login credentials, making it possible to uncover Keychain-based credentials.
The Backdoor Activator trojan is delivered via cracked versions of commercial applications and installs a Python runtime to execute arbitrary commands.
The LightSpy malware is a modular surveillance tool that captures audio-visual recordings of the device, collects user history, and records keystrokes and clipboard data.
BeaverTail (attributed to North Korean state-sponsored groups) targets job seekers, targets crypto wallets, and installs a secondary payload for keylogging and remote control software.
ToDoSwift and Hidden Risk are two similar APT campaigns identified in 2024 that target the crypto sector.
The HZ RAT backdoor targets DingTalk and WeChat installations to steal user info and exfiltrate data using shell commands.
CloudChat delivers malware via a disk image and attempts to exfiltrate data and monitor clipboard data.
NotLockBit ransomware has data exfiltration capabilities and attempts to lock files, although samples discovered have not been associated with any distinct delivery method and have no known victims.
RustyAttr is a macOS malware that leverages the Tauri development framework to hide malicious code in extended attributes.

Read Full Article

15 Likes

Securityaffairs

371

Image Credit: Securityaffairs

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Researchers have discovered malicious npm and PyPI packages designed to target Solana private keys and steal funds from victims' wallets.
The malicious npm packages allowed threat actors to exfiltrate Solana private keys via Gmail.
The attackers used names typosquatting popular libraries and exfiltrated the stolen information via Gmail's SMTP servers.
The packages are still live on npm despite experts' requests for removal, and two GitHub repositories were reported for supporting the malware campaign.

Read Full Article

22 Likes

Schneier

391

Biden Signs New Cybersecurity Order

President Biden has signed a new cybersecurity order.
The order aims to improve cybersecurity practices industry-wide, using the US government's procurement power.
Software vendors are required to submit proof of following secure development practices, with potential investigation and prosecution for non-compliance.
The Department of Commerce will assess common cyber practices and issue mandatory guidance for government contractors.

Read Full Article

23 Likes

Socprime

255

Image Credit: Socprime

Hackers Exploit AnyDesk Impersonating CERT-UA to Launch Cyber-Attacks

Hackers are exploiting the popular AnyDesk remote utility by impersonating CERT-UA to launch cyber-attacks.
Adversaries have misused the AnyDesk software, masquerading as CERT-UA activity to connect to targeted computers.
This malicious campaign involves social engineering techniques and relies on victims' AnyDesk IDs and functional software.
To minimize risks, users are advised to be vigilant, enable remote access tools only during active sessions, and rely on proactive defense strategies.

Read Full Article

15 Likes

Hackingblogs

Image Credit: Hackingblogs

Real Vs Fake : Python Users Beware Of pycord-self , a PyPi package stealing Discord auth tokens

Discord developers are being targeted by a malicious Python package called "pycord-self" on the Python Package Index (PyPI). It installs a backdoor for remote access and steals authentication tokens.
The package claims to be the authentic "discord.py-self" library and has been downloaded 885 times.
The malicious package collects authentication tokens and creates a backdoor for remote system control.
To protect against such attacks, users are advised to verify the source of packages, review and update dependencies regularly, and report suspicious packages.

Read Full Article

14 Likes

Securityaffairs

165

Image Credit: Securityaffairs

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices.
Claroty researchers discovered vulnerabilities in Planet WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution.
The vulnerabilities include buffer and integer overflow vulnerabilities and an OS command injection flaw, allowing attackers to remotely run code on the device.
Planet Technology has released firmware version 1.305b241111 to address these issues.

Read Full Article

9 Likes

Hackersking

Image Credit: Hackersking

Bypass Screenshot Restriction in Apps Without Root

Bypassing screenshot restrictions in apps without root access is possible using three powerful apps: Disable Flag Secure, LSPatch, and Shizuku.
Screenshot restrictions are implemented by app developers to enhance privacy and security.
Disable Flag Secure removes the "FLAG_SECURE" attribute in Android, allowing screenshots.
LSPatch and Shizuku work together to inject the "Disable Flag Secure" module into the target app and grant necessary permissions without root access.

Read Full Article

5 Likes

For uninterrupted reading, download the app