A naukri.com initiative
Info. Security News News
Sentinelone
1M
185
Image Credit: Sentinelone
LABScon24 Highlights | Examining The Latest in Cybersecurity Trends & Challenges
- World-class researchers and threat investigators met at LABScon24, an exclusive event gathering intelligence on pressing issues in the threat landscape.
- Juan Andrés Guerrero-Saade presented this year’s keynote speech, highlighting the challenges facing the current state of cyber threat intelligence.
- Max Smeets offered insight into the complexities of Ransomware dynamics and the importance of a cultural shift when reporting ransomware incidents.
- Eugenio Benincasa and Dakota Cary discussed China’s Capture the Flag (CTF) landscape and how insights can aid threat intelligence efforts in the country.
- Alex Matrosov and Fabio Pagani discussed critical firmware supply-chain weaknesses in secure boot key management, with findings that test keys could expose systems to significant threat.
- Jim Walter examined recent developments in the Kryptina platform and explained why it appeals to threat actors and its implications for victims and targeting.
- LABScon emphasizes the importance of community when it comes to combating cyber threats, with plenty of social and networking events.
- Dr. Cristina Cifuentes was presented with a Lifetime Achievement Award for her contributions to the field of Program Analysis.
- The event was sponsored by Luta Security, Dreadnode, Binarly, Cisco Talos, Aesir Security Consulting, Hidden Layer, Silent Push, The Alperovitch Institute, The Vertex Project, Bishop Fox,and Framework.
- LABScon25 is scheduled for September 17 to 20, 2025, and updates on upcoming talks will be available on their website.
Read Full Article
11 Likes
Schneier
1M
58
AI and the 2024 US Elections
- AI has undermined the public’s ability to trust what it sees, hears, and reads.
- The use of AI can make it easier for bad actors to construct highly persuasive and misleading content.
- There has been slow progress in the area of constraining the use of AI in political campaigns.
- There have been several initiatives for AI regulation aiming to address unsafe or ineffective systems, algorithmic discrimination, and abusive data practices, but none of this has resulted in changes that would resolve the use of AI in political campaigns.
- Two federal agencies with a chance to control the use of AI in political campaigning have not acted, very likely until after the 2024 US elections.
- One bill under consideration, the AI Transparency in Elections Act, would instruct the FEC to require disclosure when political advertising uses media generated substantially by AI.
- Critics say such disclosure is onerous and would increase the cost of political advertising.
- The Honest Ads Act would modernize campaign-finance law, extending FEC authority to definitively encompass digital advertising.
- The Protect Elections From Deceptive AI Act would ban materially deceptive AI-generated content from federal elections, as in California and other states.
- Congress seems resigned not to act before the election, benefiting tech platforms from the lack of evident rules governing political expenditures.
Read Full Article
3 Likes
Securityaffairs
1M
126
Image Credit: Securityaffairs
A British national has been charged for his execution of a hack-to-trade scheme
- A British national has been charged for his execution of a hack-to-trade scheme.
- Robert Westbrook, a 39-year-old British national, hacked into the systems of five U.S. organizations.
- Westbrook executed a hack-to-trade scheme from January 2019 to May 2020, generating millions of dollars in profits.
- He hacked into the email accounts of corporate executives to obtain non-public information and used it for trading securities.
Read Full Article
7 Likes
Pymnts
1M
186
Image Credit: Pymnts
SolarWinds CISO: World’s Cyber Regulations Still ‘In Flux’
- SolarWinds CISO, Tim Brown, emphasizes the need for tough cybersecurity laws.
- Brown argues that the world's cyber regulations are still 'in flux,' causing stress in the field.
- The SEC lawsuit against SolarWinds and Brown was mostly dismissed by a federal judge.
- Collaborative efforts between CFOs, CIOs, and CISOs are crucial for effective cybersecurity measures.
Read Full Article
11 Likes
Pymnts
1M
407
Image Credit: Pymnts
Microsoft Prepares to Relaunch AI-Powered Recall Offering
- Microsoft is preparing to relaunch its AI-powered Recall program.
- The feature aims to track and store users' computer activity to create a searchable history.
- Microsoft delayed the wider rollout of Recall due to privacy concerns.
- The company has made adjustments to address privacy issues, including encryption of stored data.
Read Full Article
24 Likes
Securityaffairs
1M
149
Image Credit: Securityaffairs
Israel army hacked the communication network of the Beirut Airport control tower
- Israel allegedly hacked Beirut airport's control tower, warning an Iranian plane not to land, forcing it to return to Tehran.
- The Israeli cyber army breached the communication network of the control tower.
- Lebanese authorities instructed airport authorities to block the Iranian aircraft in response to the hack.
- Israel claimed that Beirut International Airport was being used as an entry point for weapons to Hezbollah.
Read Full Article
9 Likes
Securityaffairs
1M
444
Image Credit: Securityaffairs
Security Affairs newsletter Round 491 by Pierluigi Paganini – INTERNATIONAL EDITION
- Hackers were able to steal over $44 million from Asia-based cryptocurrency platform Bing Xie
- Europol has taken down a phishing scheme impacting mobile users named KAERB.
- Ukraine has banned the use of Telegram for government agencies, military use, and critical infrastructure.
- The US Department of Justice had charged two individuals for stealing and laundering $230m of cryptocurrency.
- Antivirus firm Dr.Web has disconnected all servers due to a recent cyber-attack.
- Apple has dismissed a lawsuit against intelligence firm NSO Group due to the risk of exposure of classified information.
- US CISA has added multiple software vulnerabilities to its known exploited vulnerabilities list.
- Hackers broke into a ChatGPT account and received detailed instructions on how to make a bomb.
- Qilin ransomware group was responsible for an attack at Synnovis, affecting over 900,000 patients.
- The Rhysida ransomware group has been linked to an attack in August on the Port of Seattle.
Read Full Article
26 Likes
Securityaffairs
1M
63
Image Credit: Securityaffairs
Progress Software fixed 2 new critical flaws in WhatsUp Gold
- Progress Software has addressed six new security vulnerabilities in its IT infrastructure monitoring product WhatsUp Gold.
- Two of the vulnerabilities fixed by Progress, respectively tracked as CVE-2024-8785 and CVE-2024-46909, are rated as critical severity.
- The company addressed the issues with version 24.0.1 released on September 20, 2024.
- WhatsUp Gold Customers are recommended to address the above vulnerabilities as soon as possible.
Read Full Article
3 Likes
Hackersking
1M
344
Image Credit: Hackersking
How to use TheHarvester to Get Email , Domain and IP Quickly | Quick Guide
- TheHarvester is an OSINT tool used to find email, domain, and IP address of companies.
- It is a powerful tool written in Python and gathers information from publicly available data.
- The tool performs open source intelligence (OSINT) gathering during red team assessments or penetration tests.
- It utilizes both passive and active modules to collect data from various public resources.
Read Full Article
20 Likes
Securityaffairs
1M
158
Image Credit: Securityaffairs
Irish Data Protection Commission fined Meta €91 million for storing passwords in readable format
- The Irish Data Protection Commission (DPC) has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing the passwords of hundreds of millions of users in plaintext, violating data protection regulations.
- In 2019, Meta disclosed that it had inadvertently stored some users’ passwords in plaintext on its internal systems, without encrypting them.
- Meta estimated that the incident impacted hundreds of millions of Facebook Lite users, tens of millions of other Facebook users, and tens of thousands of Instagram users.
- The Irish Data Protection Commission (DPC) stated that it will release its full decision and additional details about the incident at a later date.
Read Full Article
9 Likes
Hackersking
1M
81
Image Credit: Hackersking
Dx-Raptor: The Powerful DOS Tool
- DX-Raptor is an open-source tool used for performing DoS (Denial of Service) attacks on web servers or online services.
- It allows users to generate a large volume of traffic to overwhelm the target server and make the service unavailable.
- DX-Raptor can be useful for security researchers and ethical hackers to test their systems and identify vulnerabilities.
- Preventing DoS attacks can be done through rate limiting, firewall rules, load balancers, and DDoS mitigation services.
Read Full Article
4 Likes
Securityaffairs
1M
381
Image Credit: Securityaffairs
A cyberattack on Kuwait Health Ministry impacted hospitals in the country
- The Kuwait Health Ministry was the victim of a cyberattack that affected hospitals and the Sahel healthcare app.
- Systems at several hospitals were taken offline, including the Ministry of Health website.
- The ministry contained the attack with government security agencies and is enhancing security measures.
- The incident suggests a ransomware attack, but no group has claimed responsibility.
Read Full Article
22 Likes
Securityaffairs
1M
122
Image Credit: Securityaffairs
The Tor Project and Tails have merged operations
- The Tor Project and Tails have merged operations to enhance collaboration and expand their efforts to protect users globally from digital surveillance and censorship.
- The merger aims to enhance protections for users needing both network and system-level security.
- Tails proposed merging operations with Tor Project to expand its operational capacity and build a larger operational framework.
- Tor and Tails offer complementary privacy protections, providing a comprehensive solution for users facing surveillance or seeking access to the open web.
Read Full Article
7 Likes
Tech Story
1M
154
Meta Fined $101.5 Million for Storing 600 Million Passwords in Plain Text The Timeline of Meta's Password Storage Controversy
- Meta, the parent company of Facebook and Instagram, has been fined $101.5 million by Ireland’s Data Protection Commission(DPC) for storing more than 600 million user passwords in plain text, leaving them vulnerable to internal access for more than a decade, violating GDPR at the same time.
- The case goes back to 2019 when Facebook admitted that hundreds of millions of user passwords were being stored in plain text. The company confirmed that around 2,000 employees had made over 9 million queries to this database in the past.
- The DPC’s investigation culminated in the recent fine. The company was found to have violated four sections of the GDPR, including delayed notification of the breach to the DPC.
- Data Protection Commissioner, Graham Doyle, emphasized the severity of storing passwords in plain text as they could have allowed unauthorized access to users’ social media accounts.
- Although it is still unclear which users were affected, in 2019 Facebook stated that most of the compromised plain text passwords were associated with Facebook Lite.
- Meta is also facing a $1.3 billion fine for violating data protection laws related to the transfer of user data between the EU and the U.S.
- This privacy scandal has significantly damaged Meta's reputation and led to a series of legal challenges and hefty financial penalties.
- Given the substantial fines and regulatory pressure, it is expected that Meta has made efforts to enhance its data security.
- Meta needs to take meaningful steps to rebuild trust and ensure the protection of user data going forward.
- Meta's failure to properly encrypt passwords and its slow response in notifying authorities of the breach were clear violations of GDPR regulations.
Read Full Article
9 Likes
Kaspersky
1M
381
Image Credit: Kaspersky
How to solve the cybersecurity talent shortage | Kaspersky official blog
- The coronavirus pandemic led to demand for cybersecurity professionals growing faster than the supply.
- ISC2 reported a global staffing shortage in cybersecurity industry stands at four million employees.
- A study of over a thousand cybersecurity professionals from 29 countries showed not all experts in cybersecurity studied the field at university.
- The availability of specialized cybersecurity courses in colleges and universities was rated as poor, and responses to whether higher education is necessary for a cybersecurity career were mixed as well.
- The problem with formal cybersecurity education is that it often lags behind real-world developments.
- Surveyed cybersecurity specialists note that higher education often does not provide sufficient hands-on training or help develop skills for a career in the field, leaving young professionals unprepared for the job.
- The lack of hands-on experience means many aspiring professionals can make poor decisions that can have serious consequences for employers.
- To mitigate the shortage, companies can give entry-level employees opportunities to fill gaps in their theoretical and practical knowledge, especially as technology and threats evolve quickly.
- Lastly, companies can invest in trainings and IT services to help mitigate the burden on their infosec department.
- Managed Detection and Response and Incident Response are third-party services companies can seek help from.
Read Full Article
22 Likes
For uninterrupted reading, download the app