A naukri.com initiative
Info. Security News News
Amazon
1w
16
Image Credit: Amazon
AWS achieves HDS certification for 24 AWS Regions
- Amazon Web Services (AWS) has achieved the Health Data Hosting (HDS) certification for 24 AWS Regions.
- The HDS certification, introduced by the French governmental agency for health, aims to enhance the security and protection of personal health data.
- The certification demonstrates AWS's commitment to meeting the requirements for securing personal health data in the cloud.
- The HDS certification is applicable to regions such as US East, Asia Pacific, Europe, Middle East, and South America.
Read Full Article
1 Like
Amazon
1w
344
Image Credit: Amazon
How to implement IAM policy checks with Visual Studio Code and IAM Access Analyzer
- IAM Access Analyzer custom policy check feature is used to validate your policies against custom rules.
- You can now bring these policy checks directly into your work environment with the AWS Toolkit for Visual Studio Code (VS Code).
- This proactive approach helps to ensure that your IAM policies are validated before they are deployed.
- You can perform four types of checks with IAM policy checks option, for example ValidatePolicy and CheckNoPublicAccess.
- The ValidatePolicy check returns recommended suggestions to align policies with AWS best practices.
- The CheckNoPublicAccess check helps prevent unauthorized public access to resources.
- The CheckAccessNotGranted checks if the policy allows access to certain resources and permissions.
- The CheckNoNewAccess check validates that permissions granted remain within the intended scope.
- The integration of IAM Access Analyzer in your development workflow helps to make sure IAM policies adhere to best practices.
- Install or update the AWS Toolkit for VS Code today, and make sure that you have the CloudFormation Policy Validator or Terraform Policy Validator.
Read Full Article
20 Likes
Securityaffairs
1w
117
Image Credit: Securityaffairs
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware
- Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia.
- The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023.
- The group targeted government entities in Ukraine, Central Asia, East Asia, and Europe.
- HATVIBE malware is used in the cyber espionage campaign by UAC-0063.
Read Full Article
7 Likes
Kaspersky
1w
100
Image Credit: Kaspersky
Passwords 101: don’t enter your passwords just anywhere they’re asked for | Kaspersky official blog
- Scammers can trick you into giving them passwords for your email, government service websites, banking services, or social networks by mimicking the service’s login form.
- To avoid becoming a victim of fraud, every time you enter a password, take a moment to check where exactly you’re logging in.
- It’s crucial to check the addresses in both windows: make sure that the pop-up window asking for your password really belongs to the auxiliary service you expected.
- Auxiliary services are typically large email providers, social networks, or government service sites.
- Entering your credentials on the legitimate login page of the services is safe.
- To avoid falling into such a trap, use reliable anti-phishing protection on all devices and platforms.
- A phishing site’s address may be almost identical to the original, differing in just a letter or two.
- Scammers can create lookalike sites with addresses that are hard to distinguish from real ones.
- An advanced protection method is to use a password manager for all your accounts.
- A third-party site can’t verify your password — it simply doesn’t know it, and passwords are never shared between sites.
Read Full Article
6 Likes
Socprime
1w
193
Image Credit: Socprime
Detect Banshee Stealer: Stealthy Apple macOS Malware Evades Detection Using XProtect Encryption
- Cybersecurity researchers have uncovered a variant of Banshee Stealer targeting Apple macOS users.
- The malware employs string encryption from Apple's XProtect antivirus engine to evade detection.
- Banshee Stealer can steal browser credentials, login data, cryptocurrency wallets, and other sensitive information.
- The malware campaign is spreading through fraudulent GitHub repositories, targeting both macOS and Windows users.
Read Full Article
11 Likes
Securityaffairs
1w
298
Image Credit: Securityaffairs
Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners
- A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild.
- The vulnerability, tracked as CVE-2024-50603, allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API.
- Threat actors are actively exploiting the flaw to deploy backdoors and cryptocurrency miners.
- The vulnerability has been patched in versions 7.1.4191 and 7.2.4996, and organizations are urged to patch urgently.
Read Full Article
17 Likes
Securityaffairs
1w
126
Image Credit: Securityaffairs
U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog.
- CVE-2024-12686: OS Command Injection Vulnerability in BeyondTrust PRA and RS allows remote attackers to execute operating system commands.
- December cyberattack on BeyondTrust revealed zero-day vulnerabilities exploited by threat actors, including China-linked hackers.
- CVE-2023-48365: Qlik Sense HTTP Tunneling Vulnerability enables privilege escalation and backend server access.
Read Full Article
7 Likes
Securityaffairs
1w
16
Image Credit: Securityaffairs
Inexperienced actors developed the FunkSec ransomware using AI tools
- FunkSec, a new ransomware group, was developed using AI tools.
- The group has attacked over 80 victims in December 2024.
- FunkSec likely used recycled datasets, raising authenticity doubts.
- The ransomware demands low ransoms and sells stolen data at reduced prices.
Read Full Article
1 Like
Kaspersky
1w
189
Image Credit: Kaspersky
Trusted-relationship cyberattacks and their prevention
- Supply-chain attacks involve a malicious actor infiltrating an organization’s systems by compromising a trusted third-party software vendor or service provider.
- Attackers compromise a link in the chain to reach their target, exploiting the fact that businesses often rely on many suppliers and contractors, who, in turn, use the services and products of yet more contractors and suppliers.
- Types of such an attack include compromising well-known software that is used by the target organization, attacking corporate accounts of service providers, exploiting cloud providers’ infrastructure features, compromising specialized devices belonging to contractors connected to the target network.
- Supply-chain attacks offer advantages to attackers, such as being able to compromise a single popular application that provides access to dozens, hundreds or even thousands of organizations, and stealthily infiltrating organizations.
- The responsibility of minimizing supply-chain attacks should be shared across organization departments including Information Security, IT, Procurement and Vendor Management, Legal Departments and Risk Management and the Board of Directors.
- Organizations should evaluate their suppliers, implement contractual security requirements, adopt preventive technical measures, organize monitoring, develop an incident response plan and collaborate with suppliers on security issues to minimize the risk of supply-chain attacks.
- Deep technological integration throughout the supply chain creates systemic risks that businesses leaders should understand.
- Attacks on trusted relationships and supply chains are a growing threat, and only by implementing preventive measures across the organization can companies ensure the resilience of their business.
Read Full Article
11 Likes
Amazon
1w
0
Image Credit: Amazon
AWS re:Invent 2024: Security, identity, and compliance recap
- AWS re:Invent 2024 was a hub of innovation and learning hosted by AWS for the global cloud computing community. The conference covered best practices for zero trust, generative AI–driven security, identity, and access management, DevSecOps, network and infrastructure security, data protection, and threat detection and incident response.
- AWS launched multiple new features for identity and access management, including resource control policies, centrally managed root access, and declarative policies.
- Amazon Cognito announced four new features, including feature tiers, developer-focused console, managed login, and passwordless authentication.
- Amazon GuardDuty launched Extended Threat Detection, a capability to identify sophisticated, multi-stage threats targeting your AWS accounts and data.
- Amazon OpenSearch Service now offers a zero-ETL integration with Amazon Security Lake, enabling you to query and analyze security data in-place directly through OpenSearch Service.
- AWS Security Incident Response is a new service that helps you respond to security issues in your environment.
- In the zero-trust space, AWS Verified Access and Amazon VPC Lattice launched support for accessing non-HTTPS resources.
- Amazon Virtual Private Cloud launched block public access, which is a one-click declarative control that admins can implement centrally to authoritatively block internet traffic for each of their VPCs.
- Amazon Bedrock launched two new features to help with generative AI workloads: Automated Reasoning checks and multimodal toxicity detection.
- AWS re:Inforce 2025, which will take place June 16–18 in Philadelphia, Pennsylvania, is the next opportunity for more in-person security learning opportunities.
Read Full Article
Like
Amazon
1w
227
Image Credit: Amazon
How to monitor, optimize, and secure Amazon Cognito machine-to-machine authorization
- Amazon Cognito is a CIAM service that supports managing user authentication and authorization to enable secure access to APIs and workloads.
- It offers support for OAuth 2.0 client credentials grants used for M2M authorization.
- It is suggested to locally cache and reuse access tokens, and customize the valid token period to align with security requirements.
- M2M use cases can be combined with a REST API proxy integration using Amazon API Gateway enables to cache token responses and optimize request and response of access tokens.
- Monitoring usage and costs can be done using the Security tab of the Cost and Usage Dashboards Operations Solution.
- Token caching from Amazon API Gateway can be used to reduce token requests and improve latency.
- It's important to use AWS Secrets Manager to retrieve credentials for authentication only at runtime rather than hard-code credentials into workloads and applications.
- It's suggested to use AWS WAF to protect user pool endpoints from unwanted HTTP web requests.
- Several security best practices and considerations were discussed, such as using AWS WAF, always verifying tokens, defining scopes at the app client level.
- API cache encryption can be enabled to meet security requirements.
Read Full Article
13 Likes
Securityintelligence
1w
198
Image Credit: Securityintelligence
How CTEM is providing better cybersecurity resilience for organizations
- Cyber threat exposure management (CTEM) is an effective way to achieve reliability for organizations by identifying, assessing and mitigating new cyber risks as they materialize.
- The importance of developing cybersecurity resilience cannot be overstated. The key components of cybersecurity resilience include proactive risk management, continuous monitoring and improvement, incident response and recovery, and maintaining a progressive cybersecurity culture.
- CTEM provides a much more proactive approach to strengthening an organization's security posture.
- CTEM frameworks incorporate key components such as threat intelligence, vulnerability management, security testing, and risk assessment.
- CTEM deployments involve continuous improvement and refinement and have five stages- scoping, discovery, prioritization, validation, and mobilization.
- Implementing CTEM is an important step for improving the cybersecurity resilience for organizations.
- Steps to follow while implementing CTEM include a cybersecurity risk assessment, embracing automation, prioritizing and validating discovered vulnerabilities, and establishing clear communication channels.
- Organizations need to take a proactive and continuous approach to their risk management strategy in order to achieve reliability and a resilient cybersecurity posture.
- Continuous cybersecurity resilience is essential to address the assets and associated risks of an organization.
- CTEM solutions provide rapid defense against known and emerging cyber threats in real-time, enabling organizations to become much more proactive in securing their IT assets.
Read Full Article
11 Likes
Socprime
1w
122
Image Credit: Socprime
SOC Prime Launches Uncoder AI Solo: New Subscription Plan for Individual Security Experts
- SOC Prime announces the launch of Uncoder AI Solo, a new personal subscription plan designed for individual detection engineers, threat hunters, and cybersecurity researchers.
- Uncoder AI acts as a private IDE and co-pilot for detection engineering, helping security professionals to easily create, customize, and translate detection rules.
- Uncoder AI empowers security professionals to optimize their detection engineering workflow by automating daily tasks and enabling full CI/CD with API access.
- Uncoder AI serves as a powerful translation engine, allowing security professionals to effortlessly convert Sigma rules into 46 SIEM, EDR, and Data Lake native languages with a single click.
Read Full Article
7 Likes
Hackingblogs
1w
21
Image Credit: Hackingblogs
All It Takes Is One Simple Google Search From Being Watched By Hackers, Wanna Know Why ?
- Google Dorking is a technique used by advanced hackers to search for information and find flaws.
- It involves using advanced search operators like 'Intitle' and 'Inurl' to refine data.
- Google Dorking can also be used to access unprotected webcams with default passwords.
- To prevent camera hacking, users should update software, secure their cameras, and avoid using public Wi-Fi.
Read Full Article
1 Like
Schneier
1w
223
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
- Microsoft is taking legal action against individuals running a hacking-as-a-service scheme.
- The defendants developed tools to bypass safety measures and compromise legitimate accounts.
- They created a fee-based platform for generating harmful and illicit content using Microsoft's AI services.
- The scheme used undocumented APIs and compromised API keys to mimic legitimate requests.
Read Full Article
13 Likes
For uninterrupted reading, download the app