Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Sentinelone

413

Image Credit: Sentinelone

From Amos to Poseidon | A SOC Team’s Guide to Detecting macOS Atomic Stealers 2024

Amos Atomic is one of the most successful malware-as-a-service (MaaS) offerings that primarily targets Mac users, and it has evolved and expanded into several other malware options.
What distinguishes the current family of these Malware-as-a-service providers from those which have targeted Apple's desktop operating system in the past is their highly sophisticated distribution methods, which target a broad range of enterprise applications instead of being restricted to cracked games and user productivity apps.
These Atom InfoStealer variants come with different file characteristics, with some being written in Go, Objective-C, and C++, among others.
Among the most prevalent variants of these stealer families found throughout 2024 are Banshee, Cthulu, Poseidon, and RodrigoStealer.
Many of these variants have taken various approaches to obscuring the code, such as base32 encoding, hex-encoded strings, pulling 2nd-stage AppleScript files from remote servers, and chunk-splitting strings.
Some of the characteristics of different types of these atomic stealer variants have been documented in the post, with evidence of capsule strings and RC4-encoded hex strings to obfuscate AppleScript commands and C2 URLs for fetching payloads.
Users are tricked into allowing permissions and giving away their admin passwords for the system via the use of various AppleScript dialogs.
Organizations without enterprise security systems are urged to review the indicators of compromise offered through the post to keep their systems protected.
SentinelOne detects all variants of the atomic stealer through a multi-engine platform that combines static and dynamic Artificial Intelligence; both are aimed at stopping the threats pre-execution and on-execution.
The post cautions that despite how unprecedented the number of variants of the atomic stealer is on the macOS malware scene, it is not the only infostealer currently visiting unsuspecting users in the wild.

Read Full Article

24 Likes

Amazon

363

Image Credit: Amazon

New whitepaper available: Building security from the ground up with Secure by Design

Developing secure products and services is imperative for organizations looking to strengthen operational resilience and build customer trust.
A whitepaper titled 'Building Security from the Ground up with Secure by Design' explores the concept of Secure by Design (SbD) and its importance in mitigating vulnerabilities early.
Key considerations in implementing SbD include integrating it into the software development lifecycle, supporting it with automation, and applying it to artificial intelligence.
The whitepaper details five key action items that can help organizations adopt a Secure by Design approach and build secure products.

Read Full Article

21 Likes

Schneier

183

Microsoft Is Adding New Cryptography Algorithms

Microsoft is updating SymCrypt, its core cryptographic library, with new quantum-secure algorithms.
The first new algorithm added is ML-KEM, also known as CRYSTALS-Kyber, which is a post-quantum standard formalized by NIST.
ML-KEM, based on Module Learning with Errors, offers guaranteed security and varying parameter sets for different security strengths.
The second algorithm added is XMSS, based on stateful hash-based signature schemes and recommended by NIST.

Read Full Article

11 Likes

Qualys

183

Image Credit: Qualys

TotalCloud Insights: Unmasking AWS Instance Metadata Service v1 (IMDSv1)-The Hidden Flaw in AWS Security

The reliance on IMDSv1 for accessing instance metadata can lead to a significant vulnerability in AWS security, making it susceptible to an SSRF attack, that would allow unauthorized access to the sensitive data of millions of customers.
The key difference between IMDSv1 and IMDSv2 lies in their authentication methods. While IMDSv1 allows instances to retrieve information without requiring explicit authentication or session management, IMDSv2 mandates explicit authentication through session tokens issued by the AWS EC2 Instance Metadata Service (IMDS).
Qualys TotalCloud, a Cloud Security Posture Management tool, addresses the need for enhanced cloud protection strategies by automating the detection and remediation of vulnerable IMDS configurations, significantly reducing the risk and enhancing the overall security posture.
There are several best practices to secure IMDS which includes limiting IMDS access, restricting IMDS access and following IAM best practices.
Transitioning to IMDSv2 is essential for securing modern cloud infrastructures as it mitigates the risk of SSRF attacks and unauthorized data access attempts associated with IMDSv1.
However, vulnerabilities can persist as demonstrated in a real-life scenario where an IMDSv2-enforced EC2 instance remained exploitable due to specific software vulnerabilities.
Disabling IMDS to reduce the attack surface is an option, but it can adversely affect AWS tools and services like CloudWatch and SSM, which rely on IMDS for credentials and information.
IMDSv2 improves security by using PUT requests instead of less secure GET requests used in IMDSv1, mandates explicit authentication through session tokens, and blocks the X-Forwarded-For header.
In conclusion, the transition to IMDSv2 is crucial for securing cloud infrastructures, and Qualys TotalCloud addresses this need by automating vulnerability detection and remediation. Several best practices can also be employed to ensure IMDS is secured across CSPs, Azure, GCP & OCI.

Read Full Article

11 Likes

Discover more

Hackersking

358

Image Credit: Hackersking

Windows Remote Kernel Exploitation via IPv6

Microsoft has disclosed a critical vulnerability, CVE-2024-38063, affecting the TCP/IP protocol.
The vulnerability allows remote code execution (RCE) on systems with IPv6 enabled.
It affects various Windows systems, including Windows 10, Windows 11, and Windows Server from 2008 to 2022.
Mitigation steps include updating Windows systems, disabling IPv6, and monitoring for anomalous IPv6 traffic.

Read Full Article

21 Likes

Securityintelligence

105

Image Credit: Securityintelligence

How I got started: AI security executive

Nicole Carignan, Vice President of Strategic Cyber AI at Darktrace, shares her journey into the field of AI and cybersecurity.
Carignan initially pursued a computer science degree with a focus on artificial intelligence and mathematics.
After being recruited into the intelligence community, she developed a keen interest in cybersecurity.
Carignan's passion for data analytics and machine learning led her to her current role at Darktrace.

Read Full Article

6 Likes

Hackingblogs

119

Image Credit: Hackingblogs

79 Critical Vulnerabilities and 4 0days fixed by Microsoft team in September Patch Tuesday.

Microsoft team fixed 4 zero-days and 79 serious vulnerabilities in September Patch Tuesday.
Patch Tuesday is a monthly release of security updates for Windows operating systems.
The update fixed 7 serious vulnerabilities, including privilege escalation and remote code execution flaws.
Four zero-day vulnerabilities were fixed, one of which was publicly disclosed and actively exploited.

Read Full Article

7 Likes

Global Fintech Series

395

Image Credit: Global Fintech Series

Winning the AI Race: How Payment Automation Prepares Financial Data for Machine Learning

Businesses using AI technology for administrative tasks and workflow applications is up by two-fold in just a year.
Financial institutions, banks, and credit unions' workforce hinder their ability to achieve AI adoption.
FinTech automation solutions that automate processing, tracking, and accounting of financial data help prepare and cleanse financial data for ongoing and future AI analysis.
Paper and manual-based processes present risks of human error when payment data is manually transferred to accounting systems.
Spreadsheet-based accounting and payment tracking still present problems for AI analysis.
Automated payment solutions provide accurate and usable data, cleanse the data for machine readability, and immediately add payment details to a data repository for efficient and accurate analysis by AI-driven systems.
Newly-adopted AI solutions can be trained on the same dataset that was used initially, ensuring standardization and reducing bias across AI-generated insights.
Automated payment technology as a springboard will enable financial institutions to effortlessly ensure information security and comply with all security standards and regulations for each piece of recorded information.
Preparing to enter, sustaining in the AI race, scaling AI solutions, exploring and implementing new solutions will be the key to maintaining a competitive pace.
Leveraging automated payment and FinTech solutions ensures businesses can tackle data-related obstacles and embrace the future of FinTech AI.

Read Full Article

23 Likes

Securityaffairs

Image Credit: Securityaffairs

Adobe Patch Tuesday security updates fixed multiple critical issues in the company’s products

Adobe addressed tens of vulnerabilities, including critical issues that could allow attackers to execute arbitrary code on Windows and macOS.
The most severe vulnerabilities are two critical memory corruption flaws in Acrobat and PDF Reader, tracked as CVE-2024-41869 and CVE-2024-45112.
The company also fixed critical flaws in Photoshop and Illustrator software.
The vulnerabilities could be exploited for arbitrary code execution.

Read Full Article

2 Likes

Hackingarticles

266

Image Credit: Hackingarticles

A Detailed Guide on Feroxbuster

Feroxbuster is a tool to identify directories and files on web servers using brute-force techniques.
It is used in penetration testing and security evaluations.
To install Feroxbuster in Kali Linux, use ‘apt install feroxbuster’.
To perform a default directory brute force use, ‘feroxbuster -u http://192.168.1.4’.
To filter status codes, use ‘-C or --filter-status.’
To use a custom wordlist, use ‘-w or --wordlist’.
To perform scanning only on top-level directories, use ‘-n or --no-recursion.’
To set a limit on recursion, use ‘-L or --scan-limit’.
Feroxbuster offers comprehensive features for directory and file brute-forcing.
Other tools like DirBuster, Gobuster, and ffuf offer different advantages and limitations.

Read Full Article

16 Likes

Kaspersky

Image Credit: Kaspersky

Alert notification as phishing bait | Kaspersky official blog

Receiving a security alert email about a hack should not prompt immediate action, but rather caution and verification.
A recent phishing attack involved an email pretending to be a notification from Office 365.
The email contained suspicious signs, such as an incorrect logo and an odd sender's address.
Employees can protect themselves from phishing by receiving regular training and using multi-layered anti-phishing protection.

Read Full Article

3 Likes

Medium

Image Credit: Medium

How To REMOVE Your Personal Information Online For FREE (and PAID)

This guide provides information on how to remove your personal information online, without having to pay someone else to do it.
The processes for removing the information may take several weeks to fully process, and some may require providing personal information such as a driver's license or social security number.
There are hundreds of sites that actively maintain personal information for the public to view, but there are paid options that can remove a person's information from 99.99% of websites.
Security professionals recommend removing personal identifiable information (PII) from the internet to avoid being targets of data breaches, identity theft, and other malicious activities.
A 'nuke all' option is provided for those who want to remove all information about them from the internet.
The guide also includes information on how to verify if any of your email addresses or passwords have been involved in data breaches, and how to remove your phone number from spam call and text lists.
For removing personal information from the internet, a list of some of the most well-known websites that maintain personal information is provided.
Freezing credit to prevent creditors from gaining access to a person's credit report and to hinder identity theft is also discussed, although freezes may vary from state-to-state and some may require payment.
The guide also provides additional resources on internet security, privacy, and digital privacy laws.
Overall, the guide provides a helpful starting point for anyone looking to remove their personal information from the internet.

Read Full Article

3 Likes

Minis

1.2k

Image Credit: Minis

Govt alerts mobile users, issues high risk warning for Android 13 and other versions

The Indian CERT-In has issued a high-severity alert for Android users due to multiple vulnerabilities.
Android versions 13, 12, 12L, 11, and 10 are at risk, potentially leading to data breaches and system disruption.
Attackers could exploit these vulnerabilities to access sensitive data, gain privileges, and cause denial-of-service incidents. Users should update and secure their devices promptly.

Read Full Article

18 Likes

Minis

704

Image Credit: Minis

Wikipedia fined ₹20 lakh by Russian court for Ukraine war article

Wikimedia Foundation, the owner of Wikipedia, has been fined two million roubles (over ₹20 lakh) by a Russian court for not deleting "banned content."
The fine was imposed for an article containing "classified" information about a Russian military unit's location and the military operation in Ukraine.
This is the seventh fine imposed on Wikimedia in 2023 by Russia for not removing prohibited information.

Read Full Article

24 Likes

Minis

278

Image Credit: Minis

Watchdog reveals Secret Service and ICE used Stingray surveillance without warrants

US government watchdog found Secret Service and ICE's HSI unit used cell-site simulators without obtaining appropriate search warrants.
Cell-site simulators or "stingrays" are controversial surveillance gear used to track cell phones' real-time location.
Federal agencies must obtain a search warrant before using a cell-site simulator, except in emergency circumstances.
Secret Service and ICE HSI did not always follow agency policies or federal law and accepted six recommendations to improve internal policies and procedures.

Read Full Article

17 Likes

For uninterrupted reading, download the app