Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

TechBullion

350

Image Credit: TechBullion

Data Security in Recycling Biometric Hardware

Biometric hardware poses unique data security challenges during recycling due to the irreversible and sensitive nature of biometric data.
Residual biometric data in devices could be extracted if not properly sanitized, presenting significant vulnerabilities during the recycling process.
Robust procedures are essential for thorough data wiping or destruction to prevent data exposure, incorporating methods like physical destruction, data wiping, and secure erasure.
Secure recycling practices for biometric hardware are crucial to protect long-term trust and privacy, requiring a balance between data security and environmental sustainability.

Read Full Article

21 Likes

Kaspersky

122

Image Credit: Kaspersky

Scammers are promising compensation from a bank | Kaspersky official blog

Scammers are now promising compensation to victims in a new scam that involves phishing websites hosting fake news videos and AI-generated content.
The scammers use fake news segments with AI-generated voiceovers to lure victims into believing a bank is offering payouts to all Brazilian citizens.
Victims are directed to a phishing website where they are asked personal questions and encouraged to pay taxes in order to receive a promised windfall, which never materializes.
The scam relies on AI-generated journalist and celebrity clones to deliver a sense of credibility to the fake news report.
To protect against such scams, individuals are advised to be cautious of entering personal details on suspicious websites and to avoid clicking on unknown links.
Recognizing patterns such as enticing bait, phishing websites, and fake news reports can help individuals avoid falling victim to payout scams.
Tips include watching for inconsistencies in AI-generated videos, such as unaligned lip movements or unnatural facial expressions.
Installing security software like Kaspersky Premium can help prevent access to suspicious links and phishing attempts.
Basic safety measures such as avoiding sharing personal and payment information on dubious sites and being wary of promises of free prizes are crucial to staying safe online.
Scammers constantly evolve their tactics, creating new schemes like simulated giveaways, false subscriptions, and cryptocurrency fraud to deceive individuals.

Read Full Article

7 Likes

Securityaffairs

126

Image Credit: Securityaffairs

HPE fixed multiple flaws in its StoreOnce software

Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution.
HPE released security patches for eight vulnerabilities in its StoreOnce backup solution, including remote code execution, authentication bypass, data leaks, and more.
The vulnerabilities in HPE StoreOnce software could lead to remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure.
The most severe vulnerability addressed by HPE is an Authentication Bypass issue (CVE-2025-37093) impacting all versions prior to 4.3.11, with a CVSS score of 9.8.

Read Full Article

7 Likes

Socprime

Image Credit: Socprime

AI-Generated MDE Queries from APT28 Clipboard Attacks

Uncoder AI transforms structured threat intel into Microsoft Defender for Endpoint-compatible KQL detection rules.
IOC Extraction from reported behavior includes observables like PowerShell droppers and C2 domains.
Uncoder AI auto-generates detection queries for Microsoft Defender, focusing on detecting attempts to contact attacker-controlled infrastructure.
This AI-driven capability simplifies IOC formatting, ensures correct field mapping, requires zero manual effort, and provides direct value for SOC teams and detection engineers.

Read Full Article

Discover more

Socprime

Image Credit: Socprime

Zip Archive & C2 Domain Detection in Microsoft Sentinel via Uncoder AI

Uncoder AI feature generates KQL detection query for Microsoft Sentinel based on indicators from DarkCrystal RAT threat report.
Query searches logs for strings like 'Розпорядження.zip' and 'imgurl.ir' across all available data tables.
Uncoder AI extracts high-confidence indicators from threat reports, reducing manual IOC integration and query crafting workload for analysts.
Benefits include broad IOC discovery, accelerated detection engineering, and improved SOC efficiency for faster incident response and detection logic authoring.

Read Full Article

4 Likes

Socprime

249

Image Credit: Socprime

Full Detection Logic for LITERNAMAGER in Cortex XSIAM via Uncoder AI

Uncoder AI feature analyzes a complex CERT-UA#1170 threat report on LITERNAMAGER malware and generates Cortex XSIAM-compatible XQL rule.
Detection capabilities include identifying suspicious command-line executions, registry-based persistence indicators, and network telemetry related to LITERNAMAGER.
AI maps structured indicators to Cortex datasets for process & command line activity, registry keys, and outbound connections to known C2 infrastructure.
Operational benefits include high-fidelity detections based on unique behaviors of LITERNAMAGER, multi-layer coverage, and threat-informed engineering reflected in XQL logic.

Read Full Article

15 Likes

Socprime

162

Image Credit: Socprime

Instant Domain Matching Logic for Splunk via Uncoder AI

Uncoder AI offers a feature to ingest structured IOCs from threat reports like malicious domains tied to credential phishing.
The tool processes this data to automatically output a Splunk-compatible detection query using dest_host field filtering.
The innovation lies in structuring large-scale IOC lists into production-ready query syntax and removing the need for manual extraction and formatting.
Security analysts benefit from speed, accuracy, and reusability when using Uncoder AI for generating detection queries for phishing domains in Splunk.

Read Full Article

9 Likes

Socprime

368

Image Credit: Socprime

Domain-Based IOC Detection for Carbon Black in Uncoder AI

Uncoder AI extracts IOCs from threat reports to identify malicious network infrastructure associated with specific loaders and suspicious domains.
It generates Carbon Black threat hunting queries based on the identified domains to trace command-and-control activity or staged malware delivery.
The effectiveness lies in field-specific formatting, scalable IOC inclusion, and immediate usability for Carbon Black consoles.
Security teams using VMware Carbon Black can proactively hunt for malware infections, detect suspicious domain beacons, and accelerate incident response using this feature.

Read Full Article

22 Likes

Securityaffairs

Image Credit: Securityaffairs

Roundcube Webmail under fire: critical exploit found after a decade

A critical flaw in Roundcube webmail software, known as CVE-2025-49113, has been discovered after being undetected for over a decade.
This flaw allows attackers to execute arbitrary code and take control of affected systems, posing significant risks to users and organizations.
The founder of FearsOff, Kirill Firsov, identified the vulnerability in Roundcube Webmail before version 1.5.10 and 1.6.x before 1.6.11.
To mitigate the risk, users are advised to update their Roundcube installations to the latest version immediately.

Read Full Article

1 Like

Securityaffairs

194

Image Credit: Securityaffairs

U.S. CISA adds Multiple Qualcomm chipsets flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA added multiple Qualcomm chipset flaws to its Known Exploited Vulnerabilities catalog.
The vulnerabilities include CVE-2025-21479, CVE-2025-21480, and CVE-2025-27038.
Qualcomm has released patches for these vulnerabilities after limited, targeted attacks.
CISA has ordered federal agencies to address these vulnerabilities by June 24, 2025.

Read Full Article

11 Likes

Securityaffairs

Image Credit: Securityaffairs

Cartier disclosed a data breach following a cyber attack

Luxury-goods conglomerate Cartier suffered a data breach due to a cyberattack.
The breach exposed customers' personal information like names, email addresses, and countries.
Cartier contained the issue, enhanced system protection, and alerted authorities and impacted customers.
This incident is a part of a series of cyberattacks on luxury fashion brands, including Adidas, Dior, and Victoria's Secret.

Read Full Article

3 Likes

Securityaffairs

Image Credit: Securityaffairs

U.S. CISA adds ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added ASUS RT-AX55 devices, Craft CMS, and ConnectWise ScreenConnect flaws to its Known Exploited Vulnerabilities catalog.
ConnectWise detected suspicious activity from an advanced nation-state actor impacting a small number of its ScreenConnect customers due to CVE-2025-3935, a vulnerability that may have led to a breach.
A new AyySSHush botnet with over 9,000 compromised ASUS routers exploits an authenticated command injection flaw (CVE-2023-39780) to establish a persistent SSH backdoor.
Federal agencies have until June 23, 2025, to address the identified vulnerabilities in the catalog as per the Binding Operational Directive (BOD) 22-01 issued by CISA.

Read Full Article

1 Like

Amazon

Image Credit: Amazon

Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center

Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center focuses on the importance of controlling access to privileged and sensitive resources.
Elements of a privileged access management solution include least privileged access, minimum required access, and restricting access duration.
Entra Privileged Identity Management (PIM) integrates with AWS IAM Identity Center for dynamic group management and access control.
Entra PIM enables just-in-time access by allowing users to request and be granted temporary access to AWS resources based on approvals.
Prerequisites for trying this solution include an AWS account with IAM Identity Center, an Azure account with Entra ID licensing, and setup steps for Entra ID as an external IdP.
Configuration steps involve creating groups, assigning access, setting permission sets in IAM Identity Center, and configuring Entra PIM for group activation.
Testing involves activating group membership, checking access permissions, and monitoring access revocation within defined timeframes.
The integration of Entra PIM and IAM Identity Center automates access provisioning based on policies and approval workflows, ensuring least privilege is enforced.
The detailed auditing features of these services provide visibility into privileged access activities for enhanced security.
The Entra PIM and IAM Identity Center integration is recommended for AWS customers seeking secure and scalable privileged access management.

Read Full Article

2 Likes

Kaspersky

305

Image Credit: Kaspersky

DollyWay is infecting WordPress sites | Kaspersky official blog

Cybercriminals exploit vulnerabilities in WordPress plugins and themes to compromise websites, injecting harmful scripts to redirect users to third-party pages.
The DollyWay campaign, affecting over 20,000 WordPress sites, monetizes through affiliate programs like VexTrio and LosPollos, redirecting traffic to scam or legitimate sites based on victim profiles.
To conceal itself, DollyWay injects malicious code into active plugins, employs a re-infection mechanism, hides admin accounts, and hijacks legitimate credentials.
Attackers use maintenance scripts and web shells to update compromised sites and prevent rival malware interference, focusing resources on valuable assets.
Regular security audits, particularly of plugins and themes, are crucial to safeguarding corporate websites against campaigns like DollyWay.
If signs of compromise are detected, isolating the affected site, removing suspicious plugins, deleting unrecognized admin accounts, changing passwords, and enabling two-factor authentication are recommended steps.
In cases where internal resources are insufficient, seeking assistance from third-party incident response specialists is advised.

Read Full Article

18 Likes

Infoblox

309

Image Credit: Infoblox

Blue Helix: Agentic OSINT Researcher

As digital threats accelerate, human analysts struggle to synthesize intelligence efficiently, leading to the need for advanced methods like Blue Helix, an agentic OSINT platform.
Blue Helix aims to automate collection and synthesis of threat intelligence using AI tools like OpenAI's Agents SDK, Playwright browser orchestration, large language models, OCR, and a genetic algorithm.
It operates with a multi-agent system that switches between exploration and exploitation modes to optimize search effectiveness and discover valuable indicators of compromise.
The platform balances between exploring new information spaces and refining known pathways by employing Goal-Based Generation (exploration) and Genetic Algorithm (exploitation) modes.
Blue Helix's Genetic Algorithm refines search terms by evaluating fitness scores, determining high-performing terms through tournament selection, and creating new queries through crossover and mutation operations.
The system leverages AutoBrowser for web navigation, PDF handling, and OCR capabilities to extract high-value information and IOCs from various sources.
Blue Helix employs a dual-mode operational framework and automated processes to streamline OSINT collection and report generation while ensuring goal alignment and data relevance.
Operationalizing the system involves utilizing Model Context Protocol connections for seamless integration with internal databases, enabling rapid value extraction and feedback mechanisms.
The platform demonstrates how agentic concepts can enhance cybersecurity efforts by automating repetitive tasks and guiding relevant data through the pipeline efficiently.
Blue Helix's innovative approach emphasizes the need for a balance between human expertise and machine intelligence in addressing the evolving landscape of cyber threats.
Overall, the platform showcases a significant advancement in OSINT collection by leveraging AI-driven tools within a structured environment, paving the way for more adaptive and effective threat intelligence research.

Read Full Article

18 Likes

For uninterrupted reading, download the app