menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Info. Security News News

Info. Security News News

source image

Securityaffairs

1w

read

303

img
dot

Image Credit: Securityaffairs

July 2024 ransomware attack on the City of Columbus impacted 500,000 people

  • The July 2024 ransomware attack on the City of Columbus, Ohio, impacted 500,000 individuals.
  • The attack was successfully thwarted, and no systems were encrypted.
  • The Rhysida ransomware gang claimed responsibility for the attack and demanded 30 Bitcoin ($1.9 million) for stolen data.
  • The City of Columbus determined that the attack compromised personal and financial information of the affected individuals.

Read Full Article

like

18 Likes

share

4 Shares

source image

StartupDaily

1w

read

12

img
dot

‘It prevents startups from closing a deal’: the compliance ‘blockers’ that slow founders building a unicorn

  • Compliance certifications such as ISO and SOC 2 are essential for startups looking to work with larger, government and heavyweight clients with tight data protocols and not having these in place can prevent startups from closing a deal. 
  • The compliance process, as it moves very slowly and can often spend anywhere between six to 24 months which can stop the growth of a startup.
  • Automated compliance platforms like Vanta can help in reducing the certification timeline from 24 months to anywhere between one to six months.
  • Founded in San Francisco in 2018, Vanta has attracted over 8,000 companies to use its services including Atlassian, Quora and ZoomInfo.
  • There are two key factors that benefit startups playing a long game: integrations into a single platform and continuous compliance.
  • Vanta’s API accommodates more than 360 integrations with everything from AWS to Xero, and notifications can be sent to startups immediately when they’re out of compliance.
  • Through an automation system called Gen AI, Vanta can automatically answer all the questions in a security questionnaire and utilize compliance documents as the source of truth.
  • When global sales and marketing platform ZoomInfo implemented Vanta’s security questionnaire automation and trust center, they reduced the amount of questions they had to answer manually by around 90%.
  • Vanta is Sequoia Capital-backed and raised $150m in series C funding in 2024, giving it a $2.45bn valuation.
  • Startups looking for these certifications and compliance measures can use Vanta to stay ahead of the game.

Read Full Article

like

Like

share

Share

source image

Hackingblogs

1w

read

92

img
dot

Image Credit: Hackingblogs

Microsoft SharePoint Vulnerability Leads To Exploitation Of Entire Corporate Network

  • Microsoft SharePoint is affected by a high-severity remote code execution (RCE) vulnerability, CVE-2024-38094.
  • Attackers exploited this vulnerability to gain unauthorized access to a SharePoint server and plant a webshell.
  • Rapid7's investigation revealed that the attacker laterally moved across the network and compromised the entire domain.
  • The attacker used the webshell and exploited other system vulnerabilities to carry out malicious activities unnoticed.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1w

read

126

img
dot

Image Credit: Securityaffairs

Nigerian man Sentenced to 26+ years in real estate phishing scams

  • Nigerian national, Kolade Ojelade, has been sentenced to 26 years in prison in the US for phishing scams.
  • Ojelade compromised the email accounts of real estate businesses to steal millions of dollars.
  • He conducted Business Email Compromise (BEC) attacks by changing wire payment instructions.
  • The actual losses from the scheme were estimated at $12 million, with intended losses exceeding $100 million.

Read Full Article

like

7 Likes

share

1 Share

source image

Securityaffairs

1w

read

329

img
dot

Image Credit: Securityaffairs

Russian disinformation campaign active ahead of 2024 US election

  • U.S. intelligence agencies report a fake video circulating on social media, falsely claiming Haitians voted illegally in Georgia, with Russia's intent to spread election disinformation.
  • The fake video is linked to the Russia-linked APT group Storm-1516, which has previously spread videos to discredit Vice-President Kamala Harris and stir controversy.
  • Russia-linked threat actors also created another fake video accusing a Democratic presidential associate of accepting a bribe from a U.S. entertainer.
  • The Office of the Director of National Intelligence warns that Russia will continue to create and release media content to undermine trust in the integrity of the U.S. election and divide Americans.

Read Full Article

like

19 Likes

share

4 Shares

source image

Securityaffairs

1w

read

236

img
dot

Image Credit: Securityaffairs

International law enforcement operation shut down DDoS-for-hire platform Dstat.cc

  • German police shut down DDoS-for-hire platform Dstat.cc and arrested two men accused of operating the site used for launching DDoS attacks.
  • The operation was coordinated by the Central Office for Combating Internet Crime (ZIT) along with authorities from France, Greece, Iceland, and the U.S.
  • The suspects are also accused of running the online platform Flight RCS for drug trafficking and are set to appear before a judge.
  • This operation marks a significant action against the underground economy and showcases the strength of international law enforcement in combating digital crime.

Read Full Article

like

14 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1w

read

342

img
dot

Image Credit: Cybersecurity-Insiders

How Safe Are AI-Powered Laptops When It Comes to Onboard Data Security?

  • AI-powered laptops have revolutionized technology, but concerns about onboard data security arise.
  • Advantages of AI in data security: anomaly detection, real-time threat analysis, automated security updates, biometric authentication.
  • Potential risks and vulnerabilities: data privacy concerns, manipulation of AI algorithms, dependence on connectivity, insider threats.
  • Best practices for enhanced security: regular software updates, strong passwords, data encryption, user education, security software utilization.

Read Full Article

like

20 Likes

share

4 Shares

source image

Hackingblogs

1w

read

55

img
dot

Image Credit: Hackingblogs

Starhealth’s Data Was Leaked By RansomHub and is available in the Darkweb: 200 GB Of Data Leaked

  • Data from the ransomware attack on Starhealth life insurance firm was leaked by the ransomhub gang and is available on the darkweb.
  • The attack occurred on October 19, 2024, at 07:09:13, resulting in the leak of approximately 200 gigabytes of data.
  • The leaked data includes sensitive information such as personally identifiable information (PII), financial details, health records, and confidential business data.
  • Star Health and Allied Insurance Co Ltd is an independent health insurance company based in Chennai, India, offering comprehensive health insurance solutions with features like maternity benefits and cashless hospitalization.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

1w

read

101

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 496 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Chinese threat actors use Quad7 botnet in password-spray attacks
  • FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info
  • Sophos details five years of China-linked threat actors’ activity targeting network devices worldwide
  • PTZOptics cameras zero-days actively exploited in the wild

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

1w

read

139

img
dot

Image Credit: Securityaffairs

US Election 2024 – FBI warning about fake election videos

  • The FBI has issued a warning about two fake videos spreading false claims of ballot fraud and misinformation about Kamala Harris's husband.
  • The videos, which were falsely presented as being from the FBI, did not receive significant views from real people on social media platform X.
  • The FBI is also investigating a separate fake video showing ballots being destroyed in Pennsylvania.
  • Experts have cautioned about the increase in misinformation and influence campaigns related to the 2024 US elections, particularly on social media.

Read Full Article

like

8 Likes

share

1 Share

source image

Securityaffairs

1w

read

364

img
dot

Image Credit: Securityaffairs

Chinese threat actors use Quad7 botnet in password-spray attacks

  • Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.
  • Quad7 botnet, also known as CovertNetwork-1658, targets SOHO devices and VPN appliances.
  • Chinese threat actors, including Storm-0940, are using credentials obtained from Quad7 botnet through password-spray attacks.
  • Microsoft advises organizations to prioritize credential hygiene and harden cloud identities to defend against password spraying.

Read Full Article

like

21 Likes

share

5 Shares

source image

Hackersking

1w

read

4

img
dot

Image Credit: Hackersking

Know Passwords Using Email From Data breach And Leaks On The Internet

  • Data breaches have become a common occurrence in today's connected world, leading to severe consequences for individuals and businesses.
  • A data breach occurs when unauthorized individuals access sensitive information through hacking or other means.
  • Websites like ihavebeenpwned can help determine if your email credentials have been compromised in a data breach.
  • A tool called Zehef allows users to check for compromised passwords associated with their email from various data breaches and leaks on the internet.

Read Full Article

like

Like

share

Share

source image

Hackersking

1w

read

89

img
dot

Image Credit: Hackersking

HomePwn: Swiss Army Knife for Penetration Testing of IoT Devices

  • HomePwn is a Swiss Army Knife for testing the security of IoT devices.
  • It is a Python-coded program that runs on Windows and Linux.
  • HomePwn provides features to audit and pen-test devices in home or office environments.
  • It has a modular architecture with discovery modules and specific modules for audited technologies.

Read Full Article

like

5 Likes

share

1 Share

source image

Securityaffairs

1w

read

212

img
dot

Image Credit: Securityaffairs

FBI arrested former Disney World employee for hacking computer menus and mislabeling allergy info

  • A former Disney World employee hacked servers after being fired, altering prices, adding profanities, and mislabeling allergy info.
  • The FBI arrested the man last week, falsely declaring some items as allergy-safe could put the lives of visitors at risk.
  • The former Disney employee denied any misconduct when FBI agents searched his home last month.
  • The company had to take its menu creation program offline for over a week, incurring costs of at least $150,000 due to the attacks.

Read Full Article

like

12 Likes

share

2 Shares

source image

Kaspersky

1w

read

80

img
dot

Image Credit: Kaspersky

Improvements to our SIEM for Q3 2024 | Kaspersky official blog

  • Kaspersky has made improvements to their SIEM system, focusing on early detection of attacker activity.
  • New detection rules have been added to identify attempts to collect data on containerization infrastructure and manipulate the containerization system.
  • The latest update includes over 659 rules, with 525 rules directly related to detection logic.
  • The SIEM system has also added and improved normalizers for various event sources.

Read Full Article

like

4 Likes

share

1 Share

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app