Cyber Security News

A complex large-scale campaign was detected by Unit 42 researchers that manipulated and extorted several organizations using cloud systems.  Security analysts discovered that this massive large-scale cyber attack on AWS targets over 230 million unique cloud environments. The attackers crafted a smart tactic of exploiting exposed environment variable (.env) files on cloud infrastructures. These .env […]

The post Massive Cyber Attack On AWS Targets 230 Million Unique Cloud Environments appeared first on Cyber Security News.

Copilot Autofix is a newly launched feature of the GitHub Advanced Security (GHAS) and this feature was designed to make it easier for users to discover and fix code vulnerabilities. AI tools are revolutionizing the cybersecurity landscape by enhancing several major factors like threat detection, automating processes, and providing valuable insights to combat sophisticated cyber […]

The post Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically appeared first on Cyber Security News.

Researchers uncovered a vulnerability in the Linux kernel’s dmam_free_coherent() function, which stems from a race condition caused by the improper order of operations when freeing DMA (Direct Memory Access) allocations and managing associated resources. This vulnerability can lead to system instabilities and malfunctions, as DMA is crucial for allowing hardware devices to transfer data directly […]

The post Linux Kernal Vulnerability Let Attackers Bypass CPU & Write on Memory appeared first on Cyber Security News.

A new malware strain known as “QWERTY Info Stealer” has emerged. It targets Windows systems with advanced anti-debugging techniques and data exfiltration capabilities. This malware is hosted on the domain mailservicess[.]com, represents a significant threat to individuals and organizations. Our comprehensive analysis illuminates its technical aspects, including its anti-debugging strategies, data collection methods, and interaction […]

The post QWERTY Info Stealer Employed Anti-Debugging Techniques to Exfiltrate Data from Windows appeared first on Cyber Security News.

The “Weekly Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & More” provides a comprehensive overview of the latest developments in the cybersecurity landscape. Each edition highlights significant data breaches, emerging vulnerabilities, and notable cyber attacks, offering insights into the evolving threats that organizations face. By staying informed through this newsletter, readers can […]

The post Cyber Security News Letter – Data Breaches, Vulnerability, Cyber Attack & Other Stories appeared first on Cyber Security News.

As the world becomes more reliant on technology, viruses and security weaknesses may eventually develop in our operating systems. However, developers are ready for this because they have Javascript code security tools that help them find and fix internal computer bugs by giving them more information, such as a snapshot of the application’s state. Recently, […]

The post 10 Best Code Security Tools in 2024 appeared first on Cyber Security News.

Product management Tools aims to orchestrate and supervise every facet of the product life cycle. This encompasses various responsibilities, from marketing to in-depth investigative analysis.  Product management entails the systematic development, market launch, and comprehensive administration of a product or service. The product manager is at the helm of product management leadership and is ultimately […]

The post 10 Best Product Management Tools – 2024 appeared first on Cyber Security News.

Security researchers at Avast have uncovered evidence that the notorious North Korean hacker group Lazarus exploited a previously unknown zero-day vulnerability in the Windows AFD.sys driver to gain kernel-level access to targeted systems. The flaw tracked as CVE-2024-38193, was reported to Microsoft and patched as part of the company’s June 2024 Patch Tuesday updates. The notorious Lazarus […]

The post Windows 0-Day Flaw Exploited by Lazarus to Gain Unauthorized Access appeared first on Cyber Security News.

The imminent release of Cisco HyperShield this month marks a pivotal evolution in the cybersecurity landscape. As an “AI-native” security architecture, HyperShield promises to redefine traditional security protocols through its automated proactive cybersecurity measures and AI-driven security solutions. However, the effectiveness of this sophisticated technology heavily relies on the skilled deployment by IT and Information […]

The post Why Training is Critical to Implementing Cisco HyperShield appeared first on Cyber Security News.

An Android package, “Showcase.apk,” preinstalled on a significant portion of Pixel devices since 2017, possesses extensive system permissions enabling remote code execution and package installation.  It fetches a configuration file via unsecured HTTP from a single US-based AWS domain, rendering it susceptible to tampering, while the combination of excessive privileges and insecure configuration exposes millions […]

The post Critical Android Vulnerability Impacting Millions of Pixel Devices Worldwide appeared first on Cyber Security News.

Microsoft has announced a significant security enhancement for its Azure platform: starting in 2024, all Azure sign-in attempts will require multifactor authentication (MFA). This move underscores Microsoft’s commitment to providing its customers the highest level of security. The MFA requirement will apply to several key applications, including the Azure Portal, Microsoft Entra Admin Center, and […]

The post Microsoft Announced Multifactor Authentication is Mandatory for Azure Sign-Ins appeared first on Cyber Security News.

The U.S. Department of Justice (DOJ) is contemplating a historic move to break up Alphabet Inc.’s Google following a significant antitrust ruling. This development marks one of the most aggressive antitrust actions since the attempted breakup of Microsoft two decades ago. The decision comes after a federal judge determined that Google had unlawfully maintained a […]

The post US DOJ Considers Breaking-up Google Following Antitrust Case appeared first on Cyber Security News.

A recently discovered vulnerability in Kubernetes has raised significant concerns within the cybersecurity community. Akamai researcher Tomer Peled identified a design flaw in Kubernetes’ sidecar project, git-sync, which could allow attackers to execute command injection attacks. This vulnerability affects default Kubernetes installations across various platforms, including Amazon EKS, Azure AKS, and Google GKE. It will […]

The post Kubernetes Vulnerability Exposes Clusters to Command Injection Attacks appeared first on Cyber Security News.

A critical security flaw has been discovered in the Zimbra Collaboration Suite (ZCS), potentially allowing hackers to execute malicious JavaScript code. This cross-site scripting (XSS) flaw, identified as CVE-2024-33533, has been found in the Zimbra webmail admin interface. The vulnerability arises from inadequate input validation, which permits attackers to inject harmful scripts into the application. […]

The post Zimbra XSS Flaw Allows Hackers to Execute Malicious JavaScript Code appeared first on Cyber Security News.

In a recent revelation, law enforcement figures have highlighted a concerning rise in cyber attacks targeting small businesses. The City of London Police reported 1,227 incidents in 2022, which experts believe represents only a fraction of the true scale of the problem. The most prevalent threats include business email compromise, ransomware, phone hacking, and insider […]

The post Cyber Alert! Small Businesses Should Enhance Their Cyber Defenses – NCSC Guide (PDF) appeared first on Cyber Security News.

On June 20, 2024, government services were knocked offline as a cyberattack rocked the Indonesian National Data Center. Investigators would attribute the outage to a new hacker group infecting targets with a novel ransomware variant: Brain Cipher. A variant of the LockBit ransomware family, Brain Cipher was created using the leaked LockBit 3.0 Builder. It […]

The post Brain Cipher Ransomware Analysis & Detection with Cynet’s All-in-One Platform appeared first on Cyber Security News.

A recent Digital Forensics and Incident Response (DFIR) report has uncovered various sophisticated tools threat actors employ to bypass major security defenses. These tools have been found to effectively circumvent protections offered by popular antivirus programs such as Windows Defender and Malwarebytes. The report highlights the alarming capability of these tools to delete backups and […]

The post New Threat Actors Tools Found to be Bypassed Antivirus & Delete Backups appeared first on Cyber Security News.

Researchers have uncovered a new and previously undocumented malware platform named “Cyclops.” Written in the Go programming language, Cyclops has been linked to the notorious hacking group Charming Kitten, also known as APT 35. This malware platform enables operators to execute arbitrary commands on targeted systems, posing a severe threat to cybersecurity in the Middle […]

The post Undocumented Malware Platform “Cyclops” Lets Hackers to Write Arbitrary Commands on Windows appeared first on Cyber Security News.

NIST, an agency in the federal government of the United States (US), has finished its first draft of cryptographic algorithms that are immune to quantum computer attacks. Quantum computers use the principle of quantum mechanics, and they are advanced computing systems that perform tasks that normal computers cannot. Instead of using classical bits, these types […]

The post NIST Finalised 3 Encryption Tools To Prevent Future Quantum Computers Cyberattacks appeared first on Cyber Security News.

The research identifies a critical security vulnerability in GitHub Actions artifacts, enabling unauthorized access to tokens and secrets within CI/CD pipelines.  Misconfigured workflows in major organizations’ public repositories exposed sensitive information, potentially compromising cloud environments and allowing attackers to inject malicious code into production systems.  By exploiting leaked GitHub tokens, adversaries could manipulate repositories and […]

The post GitHub Vulnerability “ArtiPACKED” Trigger RCE Exploit to Hack Repositories appeared first on Cyber Security News.