Info. Security News News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Info. Security News News

Securityaffairs

178

Image Credit: Securityaffairs

PTZOptics cameras zero-days actively exploited in the wild

Hackers are actively exploiting two zero-day vulnerabilities, CVE-2024-8956 and CVE-2024-8957, in PTZOptics cameras.
The vulnerabilities allow unauthorized access to sensitive information and OS command injection, potentially leading to full system control.
These exploits can jeopardize video feeds, compromise sensitive sessions, and enable botnet participation for DDoS attacks.
Affected organizations are advised to apply firmware updates immediately and ensure system security.

Read Full Article

10 Likes

Krebsonsecurity

379

Booking.com Phishers May Leave You With Reservations

Phishing attacks on the hotel industry are increasing and centered around the booking.com site. The majority of these attacks appear to stem from phishing attacks launched on unsecured hotel machines that store login details to the site.
According to statista.com, booking.com is the most searched travel site, receiving 550 million visits in September alone.
A recent spear-phishing campaign was launched on booking.com after a California hotel had its credentials stolen.
The phishing messages often reference actual booking details, making them appear much more convincing for the receiver.
In response to the spear-phishing campaign, booking.com has introduced two-factor authentication. However, it is unclear whether this is mandatory for all as the company still advises users to activate it on their own accounts.
Cybercriminal services have emerged to provide phishing campaigns targeting hotels and other booking.com partners. This includes stealing login details and fraudulent listings on the site.
Intel 471 reported that there is high demand for compromised booking.com accounts belonging to hotels and other partners on numerous cybercrime forums.
Some hackers have used compromised booking.com accounts to promote their own travel agencies amongst other scammers. They have provided amazing discounts for hotel reservation through bulk bookings.
The solution for this would be to have better security protocols and both consumers and businesses should be cautious of emails that appear to be from booking.com.
There needs to be an awareness of the impact of phishing and to consider the amount of data that is available to cybercriminals.

Read Full Article

22 Likes

Securityaffairs

Image Credit: Securityaffairs

New LightSpy spyware version targets iPhones with destructive capabilities

The new LightSpy spyware version, which targets iOS devices, has destructive abilities that allow it to block compromised devices from booting up.
This modular spyware can steal files from popular applications, record audio, harvest browser history, and more.
The updated iOS version of LightSpy has expanded plugins to 28, from 12 before, including 7 that disrupt device booting.
The iOS version of this spyware targets platforms up to version 13.3, and it gains initial access with the Safari exploit CVE-2020-9802 and for privilege escalation with CVE-2020-3837.
This spyware is capable of deleting media files, SMS messages, and contacts, freezing devices, and preventing restarts. Some of the above plugins can simulate fake push notifications with specific URLs.
The authors of this spyware used five active C2 servers, and some samples labeled 'DEMO' suggest that the infrastructure might be used for demonstration rather than active deployment.
The delivery method for the iOS implant is similar to that of the macOS version, but the two versions rely on different post-exploitation and privilege escalation stages.
The researchers suggest that watering hole attacks may be the method of distribution, and they believe the operators have a Chinese origin.
Since the threat actors use a 'Rootless Jailbreak' — which doesn't survive a device reboot — a regular reboot may provide some protection for Apple device users.
Evidence collected by the researchers suggests that this spyware was developed by the same team that designed the macOS version.

Read Full Article

Securityaffairs

Image Credit: Securityaffairs

LottieFiles confirmed a supply chain attack on Lottie-Player

LottieFiles confirmed a supply chain attack on Lottie-Player.
Threat actors targeted cryptocurrency wallets to steal funds.
The attack involved unauthorized versions of the npm package.
LottieFiles is investigating the incident and implementing security measures.

Read Full Article

3 Likes

Discover more

Sentinelone

222

Image Credit: Sentinelone

The Good, the Bad and the Ugly in Cybersecurity – Week 44

Dutch National Police join forces with international law enforcement groups to disrupt the network infrastructure for Redline and Meta infostealer malware during operation Magnus.
US officials announce criminal charges against Maxim Rudometov, a Russian national suspected to be the developer and administrator behind Redline.
FBI issues warning just days ahead of US elections about scams exploiting election activities to dupe the public and gather personal information and money.
Four main types of election-related scams include investment pool scams, fake Political Action Committees (PACs), fake campaign merchandise, and fake voter registration alerts via malicious links.
Andariel hacking group backed by North Korea’s Reconnaissance General Bureau known as a player of Play ransomware operation, either as an affiliate or initial access broker (IAB).
Andariel was linked to Play ransomware deployment to bypass international sanctions during May 2021.
The link between Andariel and Play is the first recorded collaboration between the state-sponsored group and an underground ransomware network.
The dangerous infostealers, like Redline and Meta, can extract sensitive data from infected devices, which is later used for identity theft, fraud schemes, and network breaches.
People can protect themselves by treating all unsolicited political communications with skepticism and avoid sharing personal and financial information.
Researchers conclude that the development itself is a sign that North Korean threat actors are working on staging more widespread ransomware attacks.

Read Full Article

13 Likes

Securityintelligence

380

Image Credit: Securityintelligence

What’s behind unchecked CVE proliferation, and what to do about it

The volume of Common Vulnerabilities and Exposures (CVEs) has reached staggering levels, placing immense pressure on organizations’ cyber defenses.
The drivers behind CVE proliferation are the increased complexity of IT systems, explosion of open-source software and rapid pace of code development.
Continuous vulnerability discovery, effective prioritization of vulnerabilities, vulnerability resolution and reporting and continuous improvement are key to effective vulnerability management.
Automated vulnerability scanning and risk-based vulnerability management help organizations to mitigate potential exploits.
Correlating vulnerabilities, curation of vulnerability information, strategic scheduling scans and automation are the approaches to improve vulnerability management capabilities.
Organizations need to tailor their approach depending on the criticality of vulnerability and the potential damage it could cause if exploited.
The post-pandemic shift to remote and hybrid work settings adds even more complexity to IT environments, making it necessary for organizations to elevate their vulnerability management approach.
It is also important to adopt outcome-focused security models that measure security performance by business metrics.
Organizations must prioritize risk reduction and capitalize on the proliferation of security data to gain better visibility and a more proactive approach to vulnerability management.
It is high time for organizations to invest in robust security technologies and solutions that can keep pace with the rapidly evolving CVE landscape and help them stay one step ahead of cyber adversaries.

Read Full Article

22 Likes

Dev

392

Image Credit: Dev

What Does a Cyber Security Analyst Do?

A cybersecurity analyst plays a critical role in protecting an organization’s information systems and data from cyber threats.
Key responsibilities include monitoring and analyzing security systems, incident response, vulnerability assessment, security policy development, threat intelligence, collaboration with IT teams, and reporting and documentation.
Skills required for this role include technical proficiency, analytical skills, problem-solving ability, and effective communication.
Career progression involves starting in entry-level IT roles and advancing to senior positions with continuous education and certifications.

Read Full Article

23 Likes

Amazon

244

Image Credit: Amazon

New AWS Secure Builder training available through SANS Institute

AWS has partnered with SANS Institute to offer SEC480: AWS Secure Builder training course.
The course aims to equip architects, engineers, and developers with skills to build secure workloads in the AWS Cloud.
The training covers various aspects of AWS security, including shared responsibility model, access management, CI/CD, security monitoring, incident response, and more.
Anyone involved in building, operating, configuring, or managing AWS cloud environments can benefit from the training, which includes an associated GIAC exam.

Read Full Article

14 Likes

Dataprivacyandsecurityinsider

364

Image Credit: Dataprivacyandsecurityinsider

Scary Halloween News: Jumpy Pisces Using Play Ransomware to Attack Organizations

Jumpy Pisces, a North Korean state-sponsored threat group, is collaborating with the Play ransomware group.
Jumpy Pisces has previously engaged in cyberespionage, financial crime, and ransomware attacks.
This collaboration marks the first observed instance of Jumpy Pisces using an existing ransomware infrastructure.
Organizations need to be vigilant as Jumpy Pisces' activity may be a precursor to ransomware attacks.

Read Full Article

21 Likes

Dataprivacyandsecurityinsider

179

Image Credit: Dataprivacyandsecurityinsider

FCC Privacy and Data Protection Task Force Partners Up with the California Privacy Protection Agency

The FCC's Privacy and Data Protection Task Force has partnered with the California Privacy Protection Agency (CPPA) through a Memorandum of Understanding (MOU).
The partnership aims to collaborate on privacy, data protection, and cybersecurity enforcement matters.
The FCC and CPPA will share resources and align efforts in conducting investigations related to consumer protections.
This unique collaboration will enable the agencies to protect consumer privacy, educate businesses and consumers, and enforce privacy laws.

Read Full Article

10 Likes

Sentinelone

269

Image Credit: Sentinelone

Driving Advancement in Cybersecurity | Top 5 Takeaways from OneCon24

At OneCon24, SentinelOne’s annual cybersecurity conference, new products and the company’s roadmap were introduced to deliver on the promise of the Autonomous SOC.
Singularity AI SIEM enables real-time detection and response capabilities across vast amounts of data by using a single management platform.
Singularity Hyperautomation brings out-of-the-box workflows, without the complexity, that accelerate detection and response to threats like ransomware.
Purple AI Auto-Triage helps security teams focus on the most relevant alerts and assessments are automatically prioritized.
Purple AI Auto-Investigations streamlines the access, execution, and audit of incidents, thereby reducing incident resolving times.
The Ultraviolet family of Security Models is a combination of LLMs and Multimodal Models enabling efficient reasoning for security issues.
The convergence of general and specialized AI models will result in a hybrid approach that is more efficient for cybersecurity tasks.
SentinelOne is driving the future of security through solutions that revolutionize threat detection and response, streamline security operations, and deliver long-term value.
The cybersecurity industry is constantly evolving, and OneCon aims to arm professionals with the necessary tools needed to meet modern security challenges.
SentinelOne would like to extend its gratitude to the sponsors, guest speakers, event organizers, and attendees for contributing to the success of OneCon24.

Read Full Article

16 Likes

Dataprivacyandsecurityinsider

Image Credit: Dataprivacyandsecurityinsider

Honeywell Asserts Barcode-Scanning Patents Against Scandit AG

Honeywell has filed a patent infringement suit against Scandit AG in the Eastern District of Texas.
Honeywell alleges that Scandit's products infringe five of its patents related to barcode scanning and multimedia content.
Scandit's application, ShelfView, utilizes barcode scanning, optical character recognition, and augmented reality to analyze store inventory.
Honeywell claims to have notified Scandit about the potentially infringing activity as early as 2019.

Read Full Article

1 Like

Dataprivacyandsecurityinsider

Image Credit: Dataprivacyandsecurityinsider

Privacy Tip #419 – Apple Issues Security Updates

Apple released security patches iOS 17.7.1 and iPadOS 17.7.1 on October 27, 2024.
Patches to iOS 18.1 and iPadOS 18.1 were released on October 28, 2024.
These patches address vulnerabilities and zero day initiatives.
Apple product users are recommended to apply the patches immediately.

Read Full Article

Qualys

Image Credit: Qualys

Announcing TotalCloud Attack Path, Cloud Workflow Automation, and 3-Step Simplified User Onboarding for Qualys TotalCloud CNAPP

Qualys announced new features to enhance its TotalCloud CNAPP that significantly improve customers' cloud security programs.
TotalCloud Attack Path is a tool that enables organizations to strengthen cloud security strategies by breaking exposure chains, with a view to targeted remediation and prioritizing high-risk IT issues.
These can be integrated with TruRisk Insights, which offers security teams a single, comprehensive view of risk across the cloud environment as a whole.
Ongoing real-time monitoring ensures that security teams can react quickly to potential threats, streamlining incident response.
Cloud Workflow Automation allows scalability for growing operational environments, automating and monitoring everything from inventory discovery to complex remediation tasks.
Customizable QFlow Playbooks allow users to quickly adapt to evolving threats and requirements without the need for technical input, while real-time alerts ensure fast reaction times and more efficient operations.
Qualys has overhauled its User Onboarding UI to help streamline connectivity of multi-cloud CSP environments.
The simplified 3-step connector onboarding process ensures users can be up and running faster.
The enhancements aim to provide a more user-friendly experience that allows security teams to maximize their productivity without the need for extended delays.
Prospective customers can arrange a trial of Qualys TotalCloud CNAPP.

Read Full Article

1 Like

Kaspersky

115

Image Credit: Kaspersky

Backdoor in coding test on GitHub | Kaspersky official blog

Hackers have been using fake job offers to target IT specialists for years — and in some cases with staggering success.
Recently, a new scheme has emerged in which hackers infect developers’ computers with a backdoored script disguised as a coding test.
One of the most notorious cases of fake job ads used for malicious purposes was witnessed in 2022.
Hackers managed to contact a senior engineer at Sky Mavis, the company behind the crypto game Axie Infinity, and offer him a high-paying position.
In 2023, several large-scale campaigns were uncovered in which fake job offers were used to infect developers, media employees, and even cybersecurity specialists (!) with spyware.
A recently discovered variation of the fake job attack starts similarly. Attackers contact an employee of the target company pretending to be recruiters seeking developers.
However, one component of this project contains an unusually long string, specially formatted to be overlooked when scrolling quickly.
When the victim runs the malicious project, this code downloads, unpacks, and executes the code for the next stage.
This next stage is a Python file without an extension, with a dot at the beginning of the filename signaling to the OS that the file is hidden.
As with the other variations of this scheme, the hackers count on the victim using their work computer to complete the “interview” and run the “test”.

Read Full Article

6 Likes

For uninterrupted reading, download the app