Author: Admin
As a relatively new security category, many security operators and executives I’ve met have asked us, “What are Automated Security Verification (ASV) tools?” We’ve covered this quite extensively in the past, so today, instead of looking at “What is ASV?” I wanted to address “Why ASV?” question. In this article, we’ll go over some common use cases and misconceptions about how people misuse and misunderstand ASV tools on a daily basis (because it’s a lot more fun). To start a business, there is nothing to start with, as in the beginning. Automated security audit tools are designed to provide a…
Privileged Access Management (PAM) plays a key role in building a strong security strategy. PAM allows you to significantly reduce cybersecurity risks, gain tighter control over privileged access, achieve regulatory compliance, and reduce the burden on your IT team. As a known supplier a The PAM solutionwe have witnessed firsthand how PAM is transforming organizational security. In this article, we aim to show you how PAM can protect your company in real and effective ways. 1. Implementation of the principle of least privilege Giving users sufficient access to perform their duties is fundamental to maintaining robust security. PAM solutions allow…
November 21, 2024Ravi LakshmananMalware / Cyber Fraud Threat actors linked to the Democratic People’s Republic of Korea (DPRK) impersonate US-based software and technology consulting companies to achieve their financial targets as part of a broader information technology (IT) worker scheme. “Shock companies, often based in China, Russia, Southeast Asia and Africa, play a key role in masking the true origins of workers and managing payments,” SentinelOne security researchers Tom Hegel and Dakota Carey said in a report shared with The Hacker News. North Korea’s network of IT workers, both individually and under the guise of front companies, is seen as…
A new study found more than 145,000 industrial control systems (ICS) in 175 countries worldwide, with the US alone accounting for more than a third of the total number of infections. The analysiswhich comes from attack surface management company Censys, found that 38% of devices are located in North America, 35.4% in Europe, 22.9% in Asia, 1.7% in Oceania, 1.2% in South America and 0.5% in Africa. Countries with the highest number of ICS services: USA (over 48,000), Turkey, South Korea, Italy, Canada, Spain, China, Germany, France, UK, Japan, Sweden, Taiwan, Poland and Lithuania. The metrics are derived from the…
November 21, 2024Ravi LakshmananCryptocurrency / Identity Theft Five alleged members of the infamous Scattered Spider cybercriminal group were accused in the US for attacking company employees across the country using social engineering techniques to obtain credentials and use them to gain unauthorized access to sensitive data and hack crypto accounts to steal millions of dollars in digital assets. All defendants are charged with one count of conspiracy to commit wire fraud, one count of conspiracy and one count of aggravated identity theft. They include – Ahmed Hosam Eldin Elbadawy, 23, aka AD, of College Station, Texas Noah Michael Urban, 20,…
November 21, 2024Ravi LakshmananArtificial Intelligence / Software Security Google revealed that its AI-based fuzzing tool OSS-Fuzz was used to detect 26 vulnerabilities in various open-source repositories, including a medium-severity flaw in the OpenSSL cryptographic library. “These specific vulnerabilities represent a major milestone for automated vulnerability discovery: each one was found using artificial intelligence using AI-generated and enhanced fuzz targets,” Google’s Open Source Security Team said in a blog post shared with The Hacker News. OpenSSL vulnerability addressed CVE-2024-9143 (CVSS Score: 4.3), an out-of-memory write error that could cause an application or remote code execution to crash. There was a problem…
Threat hunters warn of an updated Python-based version NodeStealer it is now equipped to extract more information from victims’ Facebook Ads Manager accounts and collect credit card data stored in web browsers. “They collect detailed information about the budget of their victims’ Facebook Ads Manager accounts, which can be a gateway to malicious Facebook advertising,” Ian Michael Alcantara, researcher at Netskope Threat Labs. said in a report shared with The Hacker News. “New techniques used by NodeStealer include using Windows Restart Manager to unlock browser database files, add unnecessary code, and use batch scripting to dynamically generate and execute a…
Steve Bellovino’s Retirement Talk Steve Belavin is retiring. Here his retirement speech, reflecting on his career and what the cybersecurity industry needs next. tags: cyber security, security history Posted on November 20, 2024 at 11:22 • 0 comments Bruce Schneier sidebar photo by Joe McInnis. Source link
November 20, 2024Ravi LakshmananPayment Security / Cybercrime Threat actors are increasingly banking on a new technique that uses near-field communication (NFC) to capture a victim’s funds at scale. Technique under the code name Ghost faucet by ThreatFabric, allows cybercriminals to cash out stolen credit cards linked to mobile payment services such as Google Pay or Apple Pay and relay NFC traffic. “Criminals can now abuse Google Pay and Apple Pay to transmit your click-to-pay information worldwide in seconds,” Dutch security firm The Hacker News said in a statement. “This means that even without your physical card or phone, they can…
November 20, 2024Ravi LakshmananEndpoint Security / Artificial Intelligence Research Microsoft has announced a new Windows Sustainability Initiative as a way to improve security and reliability and to ensure that the integrity of the system is not compromised. The idea, the tech giant said, is to avoid incidents like CrowdStrike earlier this July, allow more applications and users to run without administrator privileges, add controls over the use of dangerous programs and drivers, and offer options for encrypting personal data. One of the most important features is Fast recovery of the machine It is expected to be available to the Windows…