Aggregator

数字时代维权的技术利剑与实务指南

Move Raises Possibility Group Isn't Just Marketing Its Malware to Criminals
Up-and-coming ransomware group Anubis has tweaked its malware to irrevocably wipe victims' data - an unusual tactic from hackers whose typical corrupt bargain is restored data in exchange for extortion money. Why would a ransomware attacker seeking leverage in negotiations ever do this?

Several Affected HealthEC Healthcare Clients Are Chipping in to Fund Settlement
A provider of artificial intelligence-enabled hospital cost-cutting software and several of its healthcare clients agreed to $5.48 million to settle proposed class action litigation involving a 2023 hacking incident affecting 4.6 million individuals.

JFrog uncovers multi-stage malware harvesting cloud secrets
Multi-stage malware embedded in a Python package is stealing sensitive cloud infrastructure data, JFrog researchers said Monday. The package steals credentials, configuration files, API tokens and other data from corporate cloud environments. It targets developers using the Chimera sandbox platform.

Research Shows Next-Generation 9-1-1 Ecosystems Lack Critical Cyber Protections
A report from telecom firm Intrado warns that cybersecurity safeguards are lagging behind the rapid deployment of next-generation 911 systems, exposing the emergency ecosystem to attacks ranging from VoIP floods to ransomware amid growing reliance on cloud-based and IP-connected technologies.

Deal Adds Live Fraud Red Teaming, Adversarial Testing to Neovera's Cyber Portfolio
Neovera has acquired Greenway Solutions, a Charlotte-based fraud red-teaming vendor serving top banks, to expand its cyber capabilities. The Washington D.C.-area services provider plans to tailor services for community banks and credit unions using automation and selective testing.

Highlights:

• Discover every API and API Gateway across your entire AWS environment.
• Achieve a complete, accurate inventory in minutes, not weeks or months.
• Deploy instantly with a simple, agentless connection.

Traditionally, securing APIs in AWS has involved a frustrating trade-off. Obtaining a full view of your API Fabric requires weeks or months of deploying various agents, setting up traffic analysis, and enduring lengthy professional services engagements. The outcome? An unacceptably slow time-to-value that keeps you unaware of potential risks for too long. The main issue hasn't only been locating APIs, but also the extensive wait to identify them.

But what if that trade-off is no longer necessary? What if you could completely avoid the complexity and waiting? Envision having a comprehensive, precise overview of your entire AWS API landscape in just minutes, not months, with a solution so straightforward that you could get started today.

Introducing Salt Cloud Connect for AWS: Your API Overview in Minutes

We are thrilled to introduce Salt Cloud Connect for AWS, an innovative solution for API discovery. This is an industry-first solution that operates without any traffic, allowing you to receive instant answers.

With a simple one-click integration, Salt Cloud Connect provides a comprehensive inventory of all APIs in your AWS environment within minutes. There are no agents to install, no delays due to traffic, and no complexities.

"It was a surprise to the team the number of shadow APls we had in our organization. Salt helped us find those quickly and constantly look for new ones. The cloud connection was simple to implement and gave us inventory data in less than 5 minutes." – Top 10 Global Airline

From Months to Minutes: How Your Team Benefits

This isn't just another tool; it's a new way of working.

• You Can Finally See Everything, Today: That shadow API your dev team spun up for a quick test and forgot about? That zombie API gateway from a project that ended last year? Salt Cloud Connect finds them all, every forgotten API and every unknown gateway, eliminating hidden risks in minutes on day one.
• Your Inventory is Always Up-to-Date: Your AWS environment changes faster than ever. Salt Cloud Connect works continuously, automatically updating your inventory as new APIs are added or changed. You get a living, breathing view of your landscape without lifting a finger.
• You Can Govern with Confidence: Once you can see everything, you can properly govern it. Salt helps you instantly spot risky APIs, track their posture over time, and ensure you're staying compliant with security standards.
• Setup is Genuinely Simple: You can be fully up and running in minutes, not the weeks or months it takes to deploy other solutions. The solution uses a secure AWS CloudFormation template with minimal, read-only permissions for unparalleled ease of use.

The Secret to Instant, Agentless Discovery

Instead of relying on slow, cumbersome methods like traffic analysis or agents, Salt Cloud Connect securely and directly queries AWS services, including the AWS API Gateways, for a complete view of your API Fabric.  Think of it as a super-fast, automated auditor for your APIs that asks AWS, "Show me everything you have," and gets an immediate, comprehensive response detailing every API. This agentless approach is the key to its speed and simplicity.

Stop Guessing and Start Seeing

API security starts with visibility, and you shouldn't wait months to get it. Don't let another day pass with blind spots in your AWS environment. It’s time to move faster, stay secure, and take definitive control of your API Fabric today.

Salt Security will showcase these new capabilities in an upcoming webinar, “See your Blind Spots in Minutes, not Months: How Salt Security & AWS Simplify API Security,” taking place on July 9 at 9am PT/12pm ET. Register to attend here.

If you want to learn more about Salt and how we can help you on your API Security journey through discovery, posture governance, and run-time threat protection, please contact us, schedule a demo, or check out our website.

The post Eliminate Your AWS API Blind Spots in Minutes appeared first on Security Boulevard.

TSPU：俄罗斯的分布式审查系统 by ourren

更多最新文章，请访问SecWiki

Phishing remains one of the most effective ways attackers infiltrate corporate environments. Today’s phishing campaigns are no longer just poorly written emails with obvious red flags. They’re sophisticated, well-disguised, and tailored to exploit trust in everyday tools your teams use.  From fileless redirections to abuse of collaboration platforms like Notion, these new tactics are designed […]

The post 5 New Trends In Phishing Attacks On Businesses – Must Aware Threats appeared first on Cyber Security News.

Concerned by rapidly evolving evasion tactics, the new Jitter-Trap tool from Varonis aims to help organizations detect beacons that help attackers establish communication inside a victim network.

<% Visit %>

========

A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINE#CLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based loaders to deliver memory-injected payloads through a chain of shortcut files and obfuscated

Alleged Sale of Telecall Data

Two critical Linux flaws allow unprivileged users to gain root access, affecting major distributions