Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

TechCrunch

Image Credit: TechCrunch

How victims of PowerSchool’s data breach helped each other investigate ‘massive’ hack

PowerSchool, an EdTech giant that provides cloud-based education software, suffered a data breach on December 28 of last year in which the private and personal information of millions of students and teachers was compromised.
School administrators who use the breached system began to connect with each other in order to investigate the extent of the breach, mostly because of PowerSchool's poor communication and lack of information on what had been compromised. This resulted in a how-to guide being created to help others investigate their own breach, which became almost viral within the PowerSchool community.
There have been calls to improve the cybersecurity infrastructure in education. Education has to rely on open collaboration through more informal, sometimes public channels, because they lack the funding and expertise to employ a full cybersecurity workforce.
The K-12 sector is becoming increasingly targeted, with the insights gained via the PowerSchool breach expected to be of significant value to hackers in their work elsewhere.
The schools and institutions impacted by the breach will have to provide access to credit monitoring services for all involved, and to take other steps such as contacting identity protection bureaus to prevent their personal information being used for financial impropriety or other nefarious purposes.
The incident may help raise awareness about the vulnerability of educational institutions to cyberattacks and highlight the importance of investing in appropriate protection. The responsibility for maintaining school cybersecurity is often assigned to people with little knowledge of the subject.
The lack of funding to maintain and invest in cybersecurity infrastructure is cited as a major inhibitor to ensuring that student data and information is effectively protected. To ensure that schools can protect this information, more funding and better cybersecurity awareness raising for school site personnel will be necessary.
Schools that have suffered a cyber-incident may see significantly increased insurance premiums, especially if there are insurers that are willing to cover schools. Current policies for schools generally only cover a small portion of the aftermath of a successful cyber-attack.
Increased security measures set up on school websites or applications risk unintentionally creating a disadvantage for underprivileged students who might lack the resources to access the digital tools necessary for remote learning under such circumstances.
The data breach of PowerSchool, among one of the largest in the education sector in recent memories, has highlighted the need for more cybersecurity expertise in the sector. The market is sensitive to the challenges facing institutions and, as a result, incumbent EdTech companies investing in cybersecurity may frequently serve as attractive acquisition targets for larger firms looking to enter the market.

Read Full Article

Hackingblogs

335

Image Credit: Hackingblogs

Sensitive US military and Mossad secrets, including troop details and covert operations, have been leaked.

Sensitive US military and Mossad secrets, including troop details and covert operations, have been leaked.
Highly sensitive data from the Al-Udeid Air Base, including staff deployments, warplane specifications, and secret drone operations, have been exposed.
Confidential Mossad intelligence, including the identities of spies and secret cooperation with US-affiliated forces, has been compromised.
Public disclosure of secret American prisons in the Middle East raises questions about operational security and human rights.
Sensitive papers reveal strategic decision-making procedures and leadership strategies affecting US and ally forces in the Middle East.

Read Full Article

20 Likes

Securityaffairs

102

Image Credit: Securityaffairs

EU privacy non-profit group filed complaints against TikTok, SHEIN, AliExpress, and other Chinese companies

Austrian privacy non-profit group, noyb, has filed complaints against Chinese companies including TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi for illegally transferring EU user data to China in violation of EU data protection laws.
The complaints state that some companies admit to the transfers, while others list 'third countries', raising concerns about compliance with EU data protection laws. noyb has requested the immediate suspension of data transfers to China due to the risk of data access by the Chinese government.
The lack of an independent authority, unclear laws, and limited recourse options in China pose challenges for foreign users in exercising their data rights. noyb has filed six GDPR complaints in multiple European countries, urging data protection authorities to enforce penalties of up to 4% of global revenue.
The potential fines could be as high as €147 million for AliExpress and €1.35 billion for Temu, aiming to deter future violations and ensure compliance with GDPR.

Read Full Article

6 Likes

Qualys

115

Image Credit: Qualys

How to Address CVE-2025-21307 Without a Patch Before the Weekend

Microsoft released a patch addressing the critical vulnerability CVE-2025-21307 in the Windows Reliable Multicast Transport Driver.
The vulnerability allows remote attackers to execute arbitrary code on a vulnerable Windows system through specially crafted packets in the PGM protocol.
Deploying the patch on critical servers before the weekend can be challenging due to the need for reboot and application compatibility testing.
To mitigate the risk until patch deployment, organizations can choose from various suggested techniques, such as disabling the MSMQ service.

Read Full Article

6 Likes

Discover more

Infoblox

Image Credit: Infoblox

Ransomware Spotlight – How Threat Actors use C2 and Data Exfiltration as Part of Double Extortion

Ransomware attacks are on the rise and can have serious consequences, including costly downtime, data theft, and reputational damage. The average downtime after a ransomware attack is 22 days, costing companies an estimated $43.2 million. To increase pressure, cybercriminals have deployed double extortion ransomware, where data is stolen and held for ransom. DNS command and control (C2) is a popular communication method for ransomware, used to download the encryption key and execute malicious activities. DNS can also be used for data exfiltration where queries are sent to a malicious server, bypassing data loss prevention tools. DNS-based threat intelligence is a proactive solution to identify ransomware domains before they can be weaponized. Effective mitigation against ransomware involves detecting and blocking C2 communications and monitoring DNS for unusual patterns that may indicate data exfiltration.
Ransomware attacks have become a significant concern for organizations worldwide, with the frequency and success of these attacks continuing to rise. Ransomware attacks can have devastating consequences for businesses, including costly downtime, data theft, and reputational damage. The average downtime and recovery time after a ransomware attack is 22 days, with a conservative estimate of the cost of downtime being $43.2 million.
To increase the pressure on victims to pay the ransom, cybercriminals then started to resort to double extortion ransomware, where the attackers not only encrypt sensitive data but also steal the data and threaten to publish it on the dark web if the ransom is not paid.
DNS C2 is a technique used by cybercriminals to communicate with malware that has infected a target system. Also called beaconing, the malware periodically sends DNS queries to the attacker’s server to check for new commands.
In addition to using DNS to relay commands/data out of the organization, ransomware attacks, especially ones that are double extortion, as defined at the beginning of this blog, get hold of sensitive data, such as credit card data, and send this data out in DNS queries.
Phishing, one of the most used delivery methods for ransomware, lure users to domains owned by threat actors. Proactive identification of such domains, even before they are weaponized, is something that DNS threat intel excels at, because it can identify when domains are registered for future malicious purposes and block them, on an average of 63 days ahead of attacks.
By monitoring DNS traffic and using DNS threat intelligence, organizations can block the C2 communications, preventing the encryption key download and the eventual encryption of data.
It is important that all DNS record types are examined (e.g.: A, AAAA, CNAME, MX, NS, SOA, TXT, etc.) because malware could use any or multiple of these record types to avoid detection by standard security tools.
Proactive protection against ransomware is extremely important because once ransomware lands, organizations have only about an hour to detect, investigate and remediate to avoid a broader scale incident.
Infoblox Threat Defense uses a combination of unique DNS threat intelligence and behavioral analysis, to disrupt and minimize the damage caused by ransomware attacks, while delivering precise protection with 0.0002% false positive rate.

Read Full Article

Socprime

140

Image Credit: Socprime

CVE-2024-49113 Detection: Windows LDAP Denial-of-Service Vulnerability aka LDAPNightmare Exploited via a Publicly Available PoC

A new denial-of-service (DoS) vulnerability in the Windows LDAP, known as CVE-2024-49113 or LDAPNightmare, has been discovered.
The vulnerability can cause disruptions to the LDAP service and enable DoS attacks in Windows environments.
A publicly accessible proof-of-concept (PoC) exploit for CVE-2024-49113 has been released.
Mitigation measures include updating systems, applying temporary workarounds, and setting up detections to monitor for suspicious activity.

Read Full Article

8 Likes

Securityaffairs

321

Image Credit: Securityaffairs

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
The vulnerability allows unauthenticated attackers to execute arbitrary code through improper command neutralization in the API.
Threat actors have been actively exploiting the vulnerability to deploy backdoors and cryptocurrency miners.
The flaw has been addressed in patched versions, and organizations are advised to patch urgently to protect their controllers.

Read Full Article

19 Likes

Socprime

362

Image Credit: Socprime

SOC Prime Threat Bounty Digest — December 2024 Results

December was another impressive month for the Threat Bounty Program, with 33 new detection rules successfully released.
Starting January 2025, the acceptance of new Threat Bounty detections has been temporarily suspended.
The SOC Prime Platform is undergoing enhancements to improve user experience and provide more opportunities for Threat Bounty Program members.
Top detection rules in December included rundll32 usage for LOLBin exploitation, possible privilege escalation attempts, suspicious TA4557/FIN6 execution, and possible persistence activities of APT35 and BlackCat Ransomware.

Read Full Article

21 Likes

Sentinelone

350

Image Credit: Sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 3

The US Department of Justice (DoJ) has indicted three Russian nationals for operating cryptocurrency mixing services Blender[.]io and Sinbad[.]io, alongside the theft of over $659m in cryptocurrency by North Korean cyber threat actors.
The FBI carried out an operation to remove the PlugX malware from over 4,200 infected computers worldwide. PlugX was mostly used by Chinese hackers to steal sensitive information, remotely control machines and infect more systems.
Evidence of a crowdfunding scam from 2016 has emerged showing DPRK’s fraudulent IT worker schemes were involved. A new report shows the 17 seized domains all impersonated IT service companies and were linked to the aforementioned fraud scheme.
UAC-0063 is a threat actor, suspected to be working with Russia’s GRU-backed APT28, that has been targeting Kazakhstan and neighboring countries with multi-stage infections to enable continuous data extraction.
The malware chain used by UAC-0063 involves spearphishing emails containing malicious Microsoft Office documents from Kazakhstan’s Ministry of Foreign Affairs which trigger an infection chain called “Double-Tap”.
The Visual Basic Script backdoor HATVIBE was used by UAC-0063 to pave the way for the Python-based CHERRYSPY backdoor that allows attackers to execute code from a C2 server.
Source of the documents used by UAC-0063 is still unclear, but it is likely to have been exfiltrated in a previous attack on the same system.
The GRU’s focus on intelligence gathering on Kazakhstan’s geopolitical alliances, trade routes, and strategic projects to maintain Russia’s influence in Central Asia is the motive behind the spearphishing attacks.
North Korean hackers and ransomware gangs laundered criminal proceeds, including ransomware payouts and stolen cryptocurrency, via Blender[.]io and Sinbad[.]io. Using cryptocurrency mixers is a part of how actors profit from crypto-heists and remains a significant threat to the global financial system's integrity.
Blender[.]io operated between 2018 and 2022 and helped Lazarus Group launder $500m of the $617m stolen in the Axie Infinity Ronin bridge attack. Sinbad[.]io emerged after Blender[.]io was shut down, offering similar services until seized in November 2023 in a law enforcement operation.

Read Full Article

21 Likes

Securityintelligence

Image Credit: Securityintelligence

How to calculate your AI-powered cybersecurity’s ROI

Organizations will increase cybersecurity AI spending dramatically from $24 billion in 2023 to $133 billion by 2030.
Measuring ROI on cybersecurity investments with the integration of artificial intelligence has become increasingly challenging.
Reduction in false positives, time saved on routine tasks, faster incident response times and improved threat intelligence accuracy are the metrics for measuring the ROI of cybersecurity investment.
According to the IBM 2024 Cost of a Data Breach report, prevention workflows integrated with AI and automation saved an average of $2.2 million in breach costs compared to those without such technologies.
Key Performance Indicators (KPIs) such as security operational efficiency and mean time to detect and respond should be carefully considered when measuring the ROI of cybersecurity investment.
Organizations must adopt a comprehensive approach to measure the impact of AI cybersecurity investment, including proactive capabilities, efficiency gains and quantifiable metrics provided by AI-powered solutions, to get an accurate assessment of cybersecurity ROI.
The integration of AI in cybersecurity will only be more critical as cyber threats continue to evolve, making it essential for organizations to invest in and effectively measure cybersecurity strategies.

Read Full Article

3 Likes

Kaspersky

Image Credit: Kaspersky

Hype and confusion surrounding quantum computers in cryptography

The hype surrounding the potential threat of quantum computers in cryptography is not entirely accurate and is more complex than the headlines suggest.
Mathematicians, startups, cyber agencies, governments and enthusiasts have each added to the hype in their own ways.
While Shor's algorithm has captured the imagination of experts, a practical quantum computer using it to break encryption doesn't yet exist and no one knows for certain when it might.
While Google and IBM have had limited successes in demonstrating their quantum computing capabilities, both have stopped short of proving a practical threat.
The dangers posed by quantum computing, according to the US National Security Agency, come from the creation and storage of encrypted data that may be vulnerable to future attacks from quantum computing.
The Chinese report of encryption being cracked by quantum computing was actually a much more modest claim, while quantum resistant encryption is the recommended course of action across IT.
The reality is that modern encryption is not currently vulnerable to quantum computing, but the potential exists and so steps should be taken to secure data with quantum-resistant (post-quantum) algorithms.
Major IT regulators have already issued recommendations on transitioning to post-quantum cryptography, which should be studied and gradually implemented.

Read Full Article

5 Likes

Schneier

160

Social Engineering to Disable iMessage Protections

Phishing SMS messages with a new twist are circulating, instructing users to reply 'Y' and then open a link in the browser.
The messages contain false claims about delayed packages and aim to trick recipients into entering personal information.
The tactic of replying 'Y' and then accessing the link in the browser is becoming increasingly common among phishing attempts.
This technique has been observed since last summer, with more individuals adopting it to deceive users.

Read Full Article

9 Likes

Securityaffairs

284

Image Credit: Securityaffairs

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

ESET disclosed a now-patched vulnerability that allowed a bypass of the Secure Boot mechanism in UEFI systems.
The vulnerability affected the UEFI application of several real-time system recovery software suites.
It was caused by the usage of a custom PE loader instead of secure UEFI functions.
The issue was resolved and vulnerable binaries were revoked in Microsoft's Patch Tuesday update.

Read Full Article

17 Likes

Hackersking

297

Image Credit: Hackersking

Top 5 Instagram Password Cracking Techniques Commonly Used In 2025

Brute Force Attack: Hackers systematically try all possible password combinations until finding the correct one.
Dictionary Attack: Hackers use precompiled lists of common passwords and phrases to guess the password.
Phishing: Attackers trick users into revealing passwords through fake emails, messages, or websites.
Keylogging: Hackers use malware to record keystrokes and capture passwords as they are typed.
Credential Stuffing: Hackers exploit reused passwords from data breaches to gain unauthorized access to multiple accounts.

Read Full Article

17 Likes

Securityaffairs

107

Image Credit: Securityaffairs

Russia-linked APT Star Blizzard targets WhatsApp accounts

The Russian group Star Blizzard targets WhatsApp accounts in a new spear-phishing campaign, shifting tactics to avoid detection.
The Star Blizzard group, aka 'Callisto', 'Seaborgium', 'ColdRiver', and 'TA446', has been targeting government officials, military personnel, journalists, and think tanks since at least 2015.
Their recent campaign involves sending emails to targets, impersonating a US government official and containing a malicious link, which redirects to a webpage with a QR code. Scanning the code grants the attackers access to the victim's WhatsApp account.
Microsoft advises vigilance for email users targeted by Star Blizzard and provides Indicators of Compromise (IoCs) for this campaign.

Read Full Article

6 Likes

For uninterrupted reading, download the app