Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Hackingblogs

Image Credit: Hackingblogs

14,000+ Fortinet Devices Compromised as New Exploit Technique Surfaces

A significant wave of Fortinet device hacks has been reported, with over 14,000 devices compromised globally.
The use of a symlink-based persistence technique by the threat actors has allowed long-term access to the compromised devices.
The attacks are part of a larger pattern of web-accessible compromises, and users are advised to handle the systems with caution.
Fortinet has provided mitigation and response measures to address the vulnerabilities and eliminate the malicious link.

Read Full Article

4 Likes

Krebsonsecurity

245

Trump Revenge Tour Targets Cyber Leaders, Elections

President Trump recently revoked security clearances for Chris Krebs, the former director of CISA, who declared the 2020 election secure.
The White House memo targets Krebs, alleging misuse of government authority and censorship.
CISA is facing funding and staff cuts, with plans to reduce its workforce significantly.
Trump's memo accuses Krebs of dismissing election malfeasance claims and promoting censorship.
The cybersecurity community is urged to support Krebs against political attacks.
President Trump fired Gen. Haugh and his deputy, raising concerns about disrupting critical intelligence operations.
Concerns arise over halting cyber operations against Russia and coordination on national security efforts.
China's cyber intrusions and espionage campaigns against U.S. critical infrastructure raise alarms.
FBI ends efforts to counter foreign interference in elections amid concerns.
Proposed legislation like the SAVE Act could impact voter eligibility and election security.

Read Full Article

14 Likes

HRKatha

286

Image Credit: HRKatha

Prashant Janaswamy is now CIO, EET Fuels

Essar Energy Transition’s EET Fuels, the trading name of Essar Oil (UK), has appointed Prashant Janaswamy as CIO.
Janaswamy has over 25 years of global experience in the energy, oil and gas, and manufacturing sectors.
In his new role, Janaswamy will lead the digital transformation strategy and technology infrastructure modernization at EET Fuels.
Janaswamy's experience and innovative approach will support EET Fuels' digital transformation initiatives.

Read Full Article

17 Likes

VentureBeat

189

Image Credit: VentureBeat

Amex GBT puts AI at the center of SOC automation, threat modeling, incident response

Amex GBT's CISO, David Levin, is focused on using AI to enhance threat detection, incident response, and security operations.
They integrate AI into their workflows for faster detection of malicious activities and to enrich alerts with contextual data.
AI helps prioritize urgent alerts, enabling analysts to focus on high-risk issues and improving overall efficiency in threat response.
Levin leads an AI governance framework based on NIST principles, ensuring security, privacy, and compliance are maintained throughout AI deployment.
The framework includes risk assessment, testing, and monitoring processes to mitigate security risks associated with AI.
Amex GBT addresses shadow AI usage through policies, technical controls, and user training to prevent unauthorized and risky AI deployments.
Challenges like data security, model drift, and adversarial testing are managed through encryption, model retraining, and validation to maintain AI reliability.
Levin believes that AI transforms the role of the CISO into a strategic business enabler, guiding responsible AI adoption for business benefits.
Globally, AI adoption at Amex GBT is structured with a centralized approach ensuring consistent security measures are embedded in AI projects from inception.
Tools like CrowdStrike's Charlotte AI are used for alert triage, enhancing incident response and analyst training through AI support.
Levin foresees AI leading to autonomous SOC workflows, predictive security models, and enhanced digital trust practices in cybersecurity over the coming years.

Read Full Article

11 Likes

Discover more

Infoblox

331

Image Credit: Infoblox

What Is NIST SP 800-81? A Complete FAQ on The Latest Draft of NIST Secure DNS Deployment Guide

NIST SP 800-81 is a framework from the U.S. government outlining best practices for secure Domain Name System (DNS) deployment.
The latest draft, 800-81r3, focuses on using DNS as a foundational layer of security and deploying it securely in a zero-trust approach.
The guide targets cybersecurity executives, decision makers, and operational networking and cybersecurity teams.
New additions in 800-81r3 include utilizing DNS to protect against malware, ransomware, data exfiltration, and support incident response efforts.
NIST 800-81 is globally applicable and recognized for its best practices in DNS security by regulators and standards bodies.
DNS supports cyber resiliency by enforcing security policies, blocking access to malicious domains, and aiding incident response efforts.
Key recommendations for DNS deployments include employing Protective DNS, encrypting traffic, deploying dedicated DNS servers, and following technical guidance.
Protective DNS enhances security capabilities by preemptively blocking malicious traffic and providing visibility for incident response.
Encrypted DNS protocols such as DNS over TLS and DNS over HTTPS encrypt DNS queries between clients and servers to enhance security.
DNS Security Extensions (DNSSEC) use authentication to validate DNS responses and ensure they come from legitimate sources.

Read Full Article

19 Likes

Sentinelone

126

Image Credit: Sentinelone

Avoiding MCP Mania | How to Secure the Next Frontier of AI

Large Language Models (LLMs) are at the forefront of Artificial Intelligence (AI) evolution, with the Model Context Protocol (MCP) bridging LLMs with external systems and tools for seamless connectivity and enhanced functionalities.
MCP enables LLM applications to interact with external sources, query data, and perform tasks, improving the accuracy and relevance of AI responses.
Developers benefit from MCP's abstraction of system complexities, while end users enjoy more context-aware and dynamic AI interactions, spanning real-time scenarios.
While MCP enhances AI capabilities, it also exposes AI models to security risks, making securing MCP-enabled AI systems essential for organizations relying on them for critical operations.
Attack vectors against MCP systems include malicious tools, rug pulls, tool poisoning attacks, and cross-tool contamination, posing threats to cloud infrastructure and desktop systems.
SentinelOne offers specialized protection for MCP environments through unified visibility, local MCP protection for desktop applications, and remote MCP service protection for cloud-based operations.
The article presents case studies of MCP threats in action, such as local execution compromise and cloud resource manipulation, illustrating the importance of securing MCP tools and environments.
Organizations implementing MCP-enabled AI systems should prioritize security monitoring, permission boundaries, security assessments, and incident response planning to mitigate evolving threats and safeguard resources.
As MCP adoption grows, continuous adaptation of security frameworks is crucial to address complex threat vectors, ensuring that the power of MCP is utilized effectively and securely in the evolving AI landscape.

Read Full Article

7 Likes

Securityaffairs

241

Image Credit: Securityaffairs

New malware ‘ResolverRAT’ targets healthcare, pharmaceutical firms

New malware ‘ResolverRAT’ is targeting healthcare and pharmaceutical firms, using advanced capabilities to steal sensitive data.
ResolverRAT spreads via phishing emails using localized languages and legal lures. Victims download a malicious file triggering the malware.
ResolverRAT is a newly identified remote access trojan that combines advanced in-memory execution, API and resource resolution at runtime, and layered evasion techniques.
The threat actor targets users in multiple countries with phishing emails in native languages, often referencing legal investigations or copyright violations to increase credibility.

Read Full Article

14 Likes

Infoblox

373

Image Credit: Infoblox

Infoblox NIOS DDI Now Available On Equinix Network Edge Marketplace

Infoblox NIOS DDI is now available on the Equinix Network Edge marketplace.
The joint solution simplifies the deployment of critical network services and improves deployment speed, security, and scalability.
Infoblox NIOS DDI offers market-leading DNS, DHCP, and IP address management services for on-premises, hybrid, and multi-cloud environments.
The solution provides streamlined deployment, optimized multi-cloud connectivity, enhanced performance, and robust Protective DNS capabilities.

Read Full Article

22 Likes

Securityaffairs

316

Image Credit: Securityaffairs

Malicious NPM packages target PayPal users

Threat actors deploy malicious NPM packages to steal PayPal credentials and hijack cryptocurrency transfers.
"Using PayPal-related names helps these malicious packages avoid detection, making it easier for attackers to steal sensitive information.
Malicious NPM packages use a preinstall hook to run hidden scripts, steal system info, obfuscate data, and exfiltrate it to attacker-controlled servers for future attacks.
Fortinet researchers recommend watching for fake PayPal-related packages, checking network logs for odd connections, removing threats, updating credentials, and staying cautious when installing packages.

Read Full Article

19 Likes

Securityaffairs

362

Image Credit: Securityaffairs

Tycoon2FA phishing kit rolled out significant updates

The operators of the Phishing-as-a-Service platform Tycoon2FA have updated their kit to enhance evasion capabilities.
The updates include advanced evasion tactics such as a custom CAPTCHA via HTML5 canvas, invisible Unicode in obfuscated JavaScript, and anti-debugging scripts.
Tycoon2FA now uses invisible Unicode characters and JavaScript Proxy objects to complicate analysis and delay script execution.
The phishing kit also implemented a custom HTML5 canvas-based solution to evade detection and hinder automated analysis.

Read Full Article

21 Likes

Dev

375

Image Credit: Dev

When the Breach Strikes: Legal & Practical Steps All Developers Must Know

A data breach can have legal and reputational consequences, in addition to technical issues.
When a data breach occurs, it is important to immediately contain the breach and isolate affected systems.
Identifying what data was compromised is crucial in determining the severity of the breach and applicable laws.
It is legally required to notify the company or client, affected customers/users, and regulatory authorities.

Read Full Article

22 Likes

Securityaffairs

341

Image Credit: Securityaffairs

South African telecom provider Cell C disclosed a data breach following a cyberattack

South African telecom provider Cell C confirms a data breach after a cyberattack.
RansomHouse cyberattack group claims responsibility and leaks stolen data.
Compromised data includes personal information, financial details, and identification documents.
Cell C has taken immediate action, engaged cybersecurity experts, and provided guidance to affected stakeholders.

Read Full Article

20 Likes

Hackingblogs

Image Credit: Hackingblogs

New U.S. Program Blocks Foreign Access to Americans’ Sensitive Data

The United States has launched a data security effort to prevent foreign adversaries from gaining access to Americans' private information.
China, Russia, and Iran have been acquiring American private data through legal purchases or pressuring foreign businesses.
The Data Security Program aims to make it harder for foreign adversaries to obtain Americans' data by implementing several measures.
The program protects sensitive data categories and covers foreign enterprises doing business in or with the United States.

Read Full Article

5 Likes

Securityaffairs

144

Image Credit: Securityaffairs

Security Affairs newsletter Round 519 by Pierluigi Paganini – INTERNATIONAL EDITION

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns
Laboratory Services Cooperative data breach impacts 1.6 Million People
Palo Alto warns of brute-force login attempts on PAN-OS GlobalProtect gateways indicating possible upcoming attacks
Gamaredon targeted the military mission of a Western country based in Ukraine

Read Full Article

8 Likes

Securityaffairs

Image Credit: Securityaffairs

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure.
China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign.
Chinese officials’ ambiguous remarks at a December meeting were interpreted by the members of the U.S. delegation as a tacit admission of involvement in cyberattacks linked to Volt Typhoon.
At the Geneva summit, U.S. officials learned of China’s aggressive Salt Typhoon cyber operations, which targeted telecom networks like AT&T and Verizon, spying on unencrypted calls and texts of political figures.

Read Full Article

For uninterrupted reading, download the app