Cyber Security News

How to Defend Amazon S3 Buckets from Ransomware Exploiting SSE-C Encryption All key management for S3 server-side encryption with SSE-C is handled outside of AWS, with encryption key material provided alongside the object, ensuring the cloud provider never stores the key material. AWS emphasizes the importance of using short-term credentials, implementing data recovery procedures, and preventing the use of SSE-C on S3 buckets when not necessary for the workload. Cyber_Security_Channel

Intelligence Community AI Cybersecurity Program Achieves ‘Massive Scientific Impact’ IARPA’s TrojAI program aims to defend AI systems from intentional, malicious attacks, known as Trojans. That is done by developing technology to identify so-called backdoors or poisoned data in completed AI systems before the systems are deployed, IARPA explains on its TrojAI website. Cyber_Security_Channel

ℹ️ $1.5B Hack of Bybit — the Largest Crypto Heist Ever The Lazarus Group, a hacking organization under North Korea’s Reconnaissance General Bureau, has been identified by blockchain security experts. North Korea has been accused of multiple hacks of cryptocurrency exchanges to steal digital assets, launder the funds, and use them to finance its nuclear weapons program. In January, the United States, South Korea, and Japan issued a joint statement blaming North Korea for roughly $660 million in crypto thefts just in 2024 alone. Cyber_Security_Channel

Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job All these intrusions were focused on espionage, but the same toolset was employed in a November 2024 extortion attempt on a medium-sized software and services company in South Asia, Symantec notes. Cyber_Security_Channel

📌 Are you a Cyber Security Manager? → This resource is perfect for your company. All-in-one solution for efficient Information Security Management. This comprehensive package provides access to ISMS templates… Seamlessly integrating into your organizational structure. What do you get? — Awareness — Risk Management — Implementation Roadmap — ISO 27001 Self-Assessment — Information Security Policies With this system, you can: — Meet stakeholder requirements — Assure the security of your information — Optimize your business processes all at once Need to obtain the ISO-27001 certification? Make the process hassle-free with Notion ISMS. 🔐 Check out this valuable resource from our partners: ↳ https://gumroad.com/a/792215507/qqkfpn

How Russian Hackers Are Exploiting Signal ‘Linked Devices’ Feature for Real-Time Spying By tricking users into scanning malicious QR codes embedded in phishing pages or disguised as group invite links, Mandiant says APT groups linked to the Kremlin are secretly adding their own device as a linked endpoint. Cyber_Security_Channel

Microsoft Detects New XCSSET MacOS Malware Variant The variant employs a much more randomized method for creating payloads to infect Xcode projects. Both the encoding technique and the number of encoding iterations are randomized. Cyber_Security_Channel

⚡️Bybit ETH Cold Wallet Breach Sees $1.5B Moved to Unknown Address Bybit has reported a breach involving one of their ETH cold wallets. The platform stated that the issue started when a “sophisticated attack” manipulated a routine transfer from their ETH multisig cold wallet to their warm wallet. Cyber_Security_Channel

Amazon Sued in First 'My Health, My Data' Privacy Dispute Amazon tracked users’ location data without their consent. The company used it for targeted advertising and other means of enriching its business, according to a complaint filed by an Amazon app user in the US District Court Western District of Washington. Information collected by these apps also included “biometric data and precise location information." That data could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies,” putting it in violation of Washington’s My Health My Data Act, the complaint said. Amazon denied the above allegations that came through. “These claims are not accurate, and we look forward to explaining this in court,” an Amazon spokesperson wrote in an Email. Cyber_Security_Channel

Everything You Need to Know About the Privacy-Focused Messaging App Signal Signal is an open-source, encrypted messaging app. It's available on Android and iOS devices, and it's free to download and use. You can voice or video call others through the app, and you can send payments through the app using the cryptocurrency MobileCoin. Signal uses end-to-end encryption to protect your messages and calls, which means that only your intended recipient can read your messages and receive your call. Cyber_Security_Channel

The Case for Lean Cybersecurity Leadership Businesses’ natural response to growing cyber risk has been to invest in and grow their cybersecurity capabilities, including: — Creating new leadership roles — Safeguarding the confidentiality/privacy — Integrity and availability of organizational data This phenomenon of decision-making bias stemming from overconfidence, referred to as illusory superiority, has been found in other settings as well. Under certain conditions, people — regardless of their competence level — overestimate their abilities, skills, or qualities relative to those of their peers. Cyber_Security_Channel

Using Popular AI App DeepSeek Can Put Your Personal Information and Data at Risk: Study "We found three serious vulnerabilities in the application as well as a number of privacy issues that, overall, mean that your data and your identity is placed at risk when you use the DeepSeek iOS," Hoog said. A NowSecure mobile application security and privacy assessment has uncovered multiple security and privacy issues in the DeepSeek iOS mobile app. Recent DeepSeek privacy analysis has focused on its Privacy Policy and Terms of Service. However NowSecure analyzed the iOS app by running and inspecting the mobile app on real iOS devices to uncover confirmed security vulnerabilities and privacy issues. Cyber_Security_Channel

❗️Cyber Security News is looking for VOLUNTEERS to join our Team: Round 4 Our community is continuously growing and we are looking to further expand the Team of authors.

Responsibilities

• Conduct research on the Internet • Format and publish posts to the channels of our community • Offer creative ideas to enhance content

Requirements

• Research skills • Stable Wi-Fi connection • Strong interest in cybersecurity • A mobile device with installed Telegram app • Up to date knowledge about trending topics, current events, etc.

Offerings

• Exchange of knowledge with colleagues from the field • Experience as a manager/admin of a large cybersecurity community (for CV) • Opportunity to influence a growing community with a large audience If you have a friend/colleague who would be interested in the position, feel free to send them this post!

Contacts

If you are interested in the above position or have any further questions, feel free to reach out → @cybersecadmin - - - - - @Cyber_Security_Channel

UK Orders Apple to Give it Access to Encrypted Cloud Data The UK’s demand is the latest flashpoint in a long-running battle between the tech industry and law enforcement over the use of encryption in messaging apps and storage services. 📷 Photo credit: Yau Ming Low / Shutterstock Cyber_Security_Channel

How Agentic AI will be Weaponized for Social Engineering Attacks November 2022 saw the introduction of the first Large Language Model (LLM), freely released to the public. In 2023, the world began using generative AI tools and developers rolled out a range of features and functionalities built on top of these LLMs. By the second half of 2024, a new iteration rapidly emerged—AI-powered agents (“agentic AI”) that can act autonomously and execute complex tasks. Cyber_Security_Channel

Cyble Sensors Detect Attacks on Apache OFBiz, Palo Alto Networks CVE-[2024]-[0012] is an authentication bypass vulnerability in PAN-OS that enables an unauthenticated attacker with network access to the management interface to gain PAN-OS administrator privileges. The Palo Alto alert said hackers could use CVE-[2024]-[0012] to perform administrative actions, tamper with configurations, or exploit other authenticated privilege escalation vulnerabilities such as CVE-[2024]-[9474]. Cyber_Security_Channel

ChatGPT, DeepSeek Vulnerable to AI Jailbreaks Threat intelligence firm Kela discovered that DeepSeek is impacted by Evil Jailbreak, a method in which the chatbot is told to adopt the persona of an evil confidant, and Leo, in which the chatbot is told to adopt a persona that has no restrictions. These jailbreaks have been patched in ChatGPT. Cyber_Security_Channel

🔒 Expertised Malware Analysis & Threat Intelligence   We are happy to announce a brand new partnership with ANY.RUN.   ANY.RUN provides malware analysis and threat intelligence solutions to over 500,000 security professionals   Join ANY.RUN's Telegram Channel for:   • Fresh threat research • Malware analysis • Insightful tips   To help your team stay updated on the latest industry trends!   Access the resource via the link below:   👉 https://t.me/anyrun_app   -----   #ad #paidpromotion #sponsored   @Cyber_Security_Channel

NAO Warns that UK Government Doesn't Know How Vulnerable its IT Systems Are "The risk of cyber attack is severe, and attacks on key public services are likely to happen regularly, yet the government's work to address this has been slow," said Gareth Davies, head of the NAO. Cyber_Security_Channel

Hidden Text Salting Disrupts Brand Name Detection Systems The study also highlights the use of hidden text salting in HTML smuggling. In these cases, attackers concealed malware in email attachments by embedding irrelevant comments within base64-encoded strings. This approach disrupted detection engines that typically scan attachments for threats. Cyber_Security_Channel