A naukri.com initiative
Info. Security News News
Infoblox
2w
0
Image Credit: Infoblox
Disrupting Fast Flux and Much More with Protective DNS
- A recent cybersecurity alert from the Cybersecurity and Infrastructure Security Agency (CISA) highlights the use of a DNS technique called fast flux by threat actors.
- Fast flux is the rapid changing of DNS records to avoid IP blocking and is difficult to detect, making it a challenge for network operators to mitigate the threat.
- Infoblox, a protective DNS provider, incorporates multiple algorithms into its detectors to identify suspicious domains and protect customers from fast flux attacks.
- Protective DNS solutions, such as Infoblox's, can effectively block suspicious and malicious domains, even in the face of evolving techniques used by threat actors.
Read Full Article
Like
Sentinelone
2w
262
Image Credit: Sentinelone
IngressNightmare | Critical Unauthenticated RCE Vulnerabilities in Kubernetes Ingress NGINX
- Kubernetes Ingress plays a crucial role in managing external traffic to services within a cluster.
- IngressNightmare refers to critical security vulnerabilities found in Ingress NGINX Controller for Kubernetes.
- These vulnerabilities, like CVE-2025-1974, enable unauthenticated remote code execution and cluster takeover.
- Mitigation steps include updating to secure versions and temporary measures like access restriction.
- The attack stages involve identifying vulnerable clusters, injecting malicious configurations, and gaining control.
- SentinelOne's Singularity Platform helps detect, prevent, and respond to IngressNightmare threats.
- The Offensive Security Engine and Cloud Workload Security aid in runtime detection of malicious activity.
- Proactive hunting queries help SentinelOne customers identify potential exploitation of vulnerabilities.
- Troubleshooting Ingress issues like SSL misconfigurations and performance bottlenecks are outlined.
- Securing Kubernetes involves a combination of proactive measures, immediate patching, and robust troubleshooting.
Read Full Article
15 Likes
Krebsonsecurity
2w
301
Cyber Forensic Expert in 2,000+ Cases Faces FBI Probe
- A cybersecurity and computer forensics expert in Minnesota is under FBI investigation for allegedly lying about his credentials, raising concerns about the validity of his testimony in over 2,000 court cases.
- Mark Lanterman, the expert in question, claimed to have degrees from Upsala College and Harvard University, but these claims are being disputed as no records have been found to verify his educational background.
- Allegations surfaced after attorney Sean Harrington raised concerns about Lanterman's testimony and educational qualifications during court cases.
- Lanterman's former clients accused his firm, Computer Forensic Services (CFS), of threatening to hold their data for ransom over billing disputes.
- The law firm Perkins Coie LLP found discrepancies in Lanterman's work history, including his alleged employment at Springfield Township Police Department.
- Perkins Coie asked the court to strike Lanterman's testimony due to lack of evidence supporting his educational background and work history claims.
- Lanterman admitted to attending an online cybersecurity course at Harvard, not completing postgraduate work at the university as he previously stated.
- Multiple cases where Lanterman testified may be reopened due to doubts cast on his credibility, potentially impacting the outcomes of these trials.
- Lanterman has not provided detailed responses to inquiries about his background and recent allegations, and he withdrew from a case after failing to appear in court.
- Concerns have been raised about Lanterman's integrity and the potential impact of his discredited testimony in various court cases.
Read Full Article
18 Likes
Infoblox
2w
224
Image Credit: Infoblox
Unified Security Interception Point for Hybrid Cloud Environments
- The increasing adoption of multi-cloud and on-premises locations has expanded the attack surface, with over 90% of enterprises expected to extend to multi-cloud environments by 2026.
- Organizations face challenges in managing disparate network configurations and security policies across various environments, leading to exposure to evolving threats.
- Using solutions offering a single management point for policy configuration, comprehensive asset visibility, and preemptive security is crucial.
- Infoblox's solution combines DDI Product Suite, Universal Asset Insights, and Threat Defense to simplify management, enhance security, and stay ahead of threats.
- Challenges in hybrid, multi-cloud setups include complex deployments, fragmented response, incomplete visibility, and a reactive defense approach.
- A universal approach to security would simplify operations by unifying DNS management and providing preemptive threat defense across the infrastructure.
- Infoblox's DNS threat intelligence enables early threat detection, blocking high-risk domains before activation and reducing the risk of successful breaches.
- The Unified Security Interception Point with Infoblox streamlines DNS management, offers asset insights, and leverages threat defense for a unified security approach.
- Benefits of Infoblox's solution include fast deployment, preemptive security, faster incident response, and a balance between protection and agility.
- The unified platform empowers CloudOps and SecOps teams to operate efficiently without compromising on security measures.
Read Full Article
13 Likes
Securityaffairs
2w
400
Image Credit: Securityaffairs
President Trump fired the head of U.S. Cyber Command and NSA
- President Donald Trump fired Air Force Gen. Timothy Haugh, the head of U.S. Cyber Command and the National Security Agency.
- The decision to fire Gen. Haugh and his deputy, Wendy Noble, raises concerns about national security.
- Army Lt. Gen. William Hartman will serve as the acting head of both Cyber Command and NSA.
- The recent firings may be related to the controversy surrounding a journalist mistakenly added to a Signal chat about U.S. military strikes in Yemen.
Read Full Article
24 Likes
Sentinelone
2w
251
Image Credit: Sentinelone
The Good, the Bad and the Ugly in Cybersecurity – Week 14
- The Department of Justice (DoJ) has seized over $8.2 million in cryptocurrency linked to romance baiting scams, freezing and reissuing the stolen funds to law enforcement-controlled wallets for potential restitution to victims.
- A critical vulnerability (CVE-2025-22457) in Ivanti products is being actively exploited by a China-linked threat actor, allowing remote code execution and long-term persistence in victim environments.
- Ivanti has released patches to mitigate the CVE-2025-22457 vulnerability, urging customers to update to prevent exploitation; active attacks observed since mid-March 2025.
- New malware named 'WRECKSTEEL' was used in cyber espionage campaigns targeting Ukraine, attributed to a threat cluster known as UAC-0219 active since fall of 2024, spreading through phishing emails.
- In the Ukraine cyberattacks, government accounts were compromised to spread malicious links disguised as public file-sharing services, with attackers using tactics like fake salary reduction notices to lure victims.
- Attackers used a Visual Basic Script (VBS) loader triggered by clicking malicious links, executing a PowerShell script to harvest documents, images, and screenshots in the espionage campaign.
- The malware WRECKSTEEL shows advanced development by integrating screenshot functionality directly into the PowerShell script for data collection in the cyber espionage activities targeting Ukraine.
- The cyber espionage campaign targeting Ukraine reflected advanced tactics using PowerShell-based techniques and phishing emails to evade detection and gather specific data from government agencies and critical infrastructure.
- CERT-UA has issued IoCs to help organizations detect and mitigate the new malware WRECKSTEEL and similar cyber threats used in espionage campaigns targeting Ukraine.
- The evolving sophistication of cyber threats highlights the importance of timely software updates, security patches, and vigilance to prevent exploitation and protect against malicious activities.
Read Full Article
15 Likes
Socprime
2w
60
Image Credit: Socprime
Seashell Blizzard Attack Detection: A Long-Running Cyber-Espionage “BadPilot” Campaign by russian-linked Hacking Group
- A long-running cyber-espionage campaign called BadPilot has been detected, carried out by the Russian-linked APT group Seashell Blizzard (also known as APT44).
- Seashell Blizzard has been active since at least 2009 and primarily targets critical sectors in Ukraine before expanding globally.
- The campaign utilizes stealthy initial infiltration and advanced detection evasion techniques to maintain access and carry out cyber espionage.
- To mitigate the risks posed by Seashell Blizzard, security teams are advised to consistently evaluate their defenses and utilize advanced threat detection tools.
Read Full Article
3 Likes
Securityaffairs
2w
258
Image Credit: Securityaffairs
Critical flaw in Apache Parquet’s Java Library allows remote code execution
- A critical vulnerability impacting Apache Parquet’s Java Library that could allow remote code execution has been disclosed.
- The vulnerability, tracked as CVE-2025-30065, affects systems importing Parquet files from untrusted sources.
- Attackers can exploit the flaw to gain remote code execution, steal/tamper with data, install malware, or disrupt services.
- To mitigate the risk, users are recommended to upgrade to Apache Parquet Java version 1.15.1 or later, validate Parquet files from untrusted sources, and enable monitoring for suspicious behavior.
Read Full Article
15 Likes
Kaspersky
2w
21
Image Credit: Kaspersky
How to guard against NFC carding theft | Kaspersky official blog
- Cybercriminals are finding new ways to steal money through NFC carding theft despite payment card security improvements.
- Attackers create networks of fake websites to phish for payment data and link stolen card details to their own mobile payment accounts.
- Victims unknowingly provide their card details and OTP, enabling cybercriminals to replicate their card for unauthorized transactions.
- Cybercriminals may link multiple stolen cards to one smartphone and resell it on the dark web for future use.
- A technique called Ghost Tap, using NFC relay, allows scammers to make contactless payments without the need for PIN or OTP confirmation.
- In a recent NFC relay scheme, victims are tricked into installing an app that reads their card data when held to a smartphone, leading to fraudulent transactions.
- Users can protect themselves by using virtual cards for online payments, being cautious of apps requesting card details, and using security solutions on devices.
- Additional protective measures should be implemented by Google, Apple, and payment systems in the payment infrastructure to combat such scams.
- Regularly replacing virtual cards, disabling offline payments, and setting up transaction notifications are recommended steps to prevent card theft.
- By educating users on safe practices and implementing security measures, the risk of falling victim to NFC carding theft can be minimized.
Read Full Article
1 Like
Securityaffairs
2w
345
Image Credit: Securityaffairs
CERT-UA reports attacks in March 2025 targeting Ukrainian agencies with WRECKSTEEL Malware
- CERT-UA reported three cyberattacks in March 2025 targeting Ukrainian agencies and infrastructure to steal sensitive data.
- The attacks involved the use of compromised accounts to send emails with links leading to VBScript loaders and PowerShell scripts for data exfiltration.
- The primary tool used for stealing files, known as WRECKSTEEL, has versions in VBScript and PowerShell.
- Any signs of cyberattacks should be reported to CERT-UA for immediate action.
Read Full Article
20 Likes
Securityaffairs
2w
181
Image Credit: Securityaffairs
39M secrets exposed: GitHub rolls out new security tools
- GitHub found 39 million secrets leaked on the platform in 2024, posing a serious risk to organizations.
- GitHub launched new tools to help developers and organizations secure sensitive data in their code.
- The new Advanced Security features include standalone Secret Protection and Code Security, with support for GitHub Team orgs and free secret scanning.
- GitHub has partnered with cloud providers to improve secret detection and response times, and recommends best practices to reduce exposure risks.
Read Full Article
10 Likes
Securityaffairs
2w
259
Image Credit: Securityaffairs
China-linked group UNC5221 exploited Ivanti Connect Secure zero-day since mid-March
- Ivanti has addressed a critical remote code execution flaw in Connect Secure, which has been exploited by a China-linked group since mid-March 2025.
- The vulnerability, tracked as CVE-2025-22457, is a stack-based buffer overflow that allows remote unauthenticated remote code execution.
- The flaw impacts Ivanti Connect Secure, Pulse Connect Secure, Ivanti Policy Secure, and ZTA gateways. Ivanti has released security updates to address the vulnerability.
- The China-linked group UNC5221 has been exploiting the vulnerability to deploy TRAILBLAZE, BRUSHFIRE, and SPAWN malware since March 2025.
Read Full Article
15 Likes
Dataprivacyandsecurityinsider
2w
302
Image Credit: Dataprivacyandsecurityinsider
CISA Issues Malware Analysis Report on RESURGE Malware
- The Cybersecurity and Infrastructure Security Agency (CISA) has released a Malware Analysis Report (MAR) on RESURGE malware.
- RESURGE malware is associated with the product Ivanti Connect Secure.
- It contains capabilities of the SPAWNCHIMERA malware variant but has distinctive commands that alter its behavior.
- CISA recommends users to follow specific recovery steps, reset credentials, and monitor related accounts.
Read Full Article
18 Likes
Dataprivacyandsecurityinsider
2w
419
Image Credit: Dataprivacyandsecurityinsider
EdTech and Privacy of Student Information: A Case Study
- A class action lawsuit was filed against Instructure, alleging violations of children's privacy rights by collecting extensive student data beyond what is considered an education record.
- Instructure's terms mentioned using student information to personalize user experience and offer data-derived student 'insights' for recruitment, raising transparency concerns.
- Companies need transparent policies if data may be used for marketing or other purposes to avoid misleading statements and possible legal issues.
- The complaint highlighted Instructure's statements on privacy practices, emphasizing the importance of aligning public statements with actual privacy approaches.
- Instructure's use of APIs for third-party access to granular student data was critiqued for lacking clear communication to consumers about data sharing.
- Consumers may struggle to provide informed consent due to complex policies, suggesting the need for more understandable terms to prevent 'no consent' claims.
- The evolving role of EdTech raises questions about privacy and constitutional rights, with private tech companies like Instructure potentially being deemed state actors in handling student data.
- The digital transformation in education technology calls for clear boundaries between public and private entities regarding data management and privacy regulations.
Read Full Article
25 Likes
Dataprivacyandsecurityinsider
2w
155
Image Credit: Dataprivacyandsecurityinsider
Cleo AI Agrees to $17 Million Settlement with FTC
- Cleo AI, an online cash advance company, has agreed to a $17 million settlement with the Federal Trade Commission (FTC).
- Cleo AI promised consumers fast cash payments but limited the cash advances below the advertised amounts and took several days to process them.
- Consumers faced difficulties in canceling subscriptions and stopping recurring fees with Cleo AI.
- The settlement serves as a reminder for companies to avoid making misrepresentations and for consumers to be cautious of too-good-to-be-true offers and sharing payment information.
Read Full Article
9 Likes
For uninterrupted reading, download the app