nurdsoft

Your weekly news tech update covering Payment Breaches, Malware Attacks, AI Glitches, and Crypto Scams 📰 💰 Payment gateway data breach affects 1.7 million credit card owners A data breach at payment gateway provider Slim CD exposed the personal and credit card information of nearly 1.7 million individuals. Hackers had access to the company’s network for almost a year, from August 2023 to June 2024, although credit card data was accessed specifically between June 14 and 15, 2024. Compromised information includes names, addresses, card numbers, and expiration dates. While CVV numbers were not exposed, there remains a risk of credit card fraud. Slim CD has enhanced its security measures and advises affected individuals to stay alert for suspicious activity. 🐍 North Korean Lazarus hackers target Python developers with malware-laced coding tests The North Korean hacker group Lazarus targets Python developers by posing as recruiters and offering coding tests for password management products that secretly contain malware. The 'VMConnect' campaign has been active since August 2023, with hackers using fake Python packages on PyPI. Lazarus impersonates large U.S. banks like Capital One, luring developers through platforms like LinkedIn. Victims are asked to fix bugs in a password manager project, but running the provided files executes a hidden malware downloader. The attackers pressure victims to complete the task quickly to avoid detection. Developers are advised to verify recruiters and check code in safe environments. 📱 iPhone 16's AI-powered Apple Intelligence shows early signs of unreliability Apple unveiled the iPhone 16, highlighting its A18 chip designed for the new Apple Intelligence AI software, set to assist in tasks like summarizing messages, writing emails, and photo editing. However, in tests of its prerelease software, Apple's AI has been found to generate inaccurate or fabricated information frequently. These errors range from funny to concerning, with the AI sometimes misinterpreting basic facts, misclassifying emails, or even editing selfies awkwardly. Though promising, the software's current shortcomings suggest that potential buyers might want to wait for improvements before investing in the iPhone 16. 🔐 Crypto Scam Losses Surge 45% in 2023, FBI Reports Losses from cryptocurrency scams grew by 45% in 2023 compared to the previous year, exceeding $5.6 billion, according to an FBI report. The increase is linked to the speed and irreversibility of digital asset transactions. Investment scams accounted for 71% of the losses, with call center and government impersonation scams following. Older adults, especially those over 60, were disproportionately affected, losing over $1.6 billion. The FBI emphasized that while blockchain transactions are traceable, international money transfers pose challenges for law enforcement. #cybersecurity #crypto #tech #python

The future of AI with commoditized hardware

We're #hiring a new Golang Developer- LATAM in Argentina. Apply today or share this post with your network.

🚀 Exciting News! 🚀 Nurdsoft will be attending Oracle Cloud World 2024 in Las Vegas! Our team is eager to connect with industry leaders, explore cutting-edge software solutions in the cloud, and discuss how our professional services can help businesses maximize their Oracle Cloud investments. If you’re attending, let’s schedule a time to meet and explore opportunities to collaborate. Feel free to reach out here or contact us at info@nurdsoft.com. See you in Vegas! #OracleCloudWorld #Networking #CloudInnovation #ProfessionalServices #LasVegas2024 #s

We skipped Monday, cuz who likes it?, ...Not us! Anyway, here's what's been happening latest in the tech world!! 🔑 New PowerShell Keylogger Steals Sensitive Data—Here’s How to Stay Safe A new keylogger, discovered by CYFIRMA, uses Microsoft PowerShell scripts to stealthily capture keystrokes and steal sensitive information like login credentials and financial data. Exploiting PowerShell’s deep integration with Windows, this malware employs advanced evasion techniques, such as encoded command execution and dual-channel communication via Tor, to avoid detection. To protect against this threat, organizations should tighten security policies around PowerShell, invest in advanced threat detection, educate employees on phishing risks, conduct regular system audits, and deploy robust endpoint protection. 🥷🏼 How MI6 and the CIA Are Using AI to Combat Modern Threats MI6 and the CIA are leveraging generative AI to navigate massive amounts of data and address complex global threats, including cyberattacks from Russia and China. Partnering with tech firms like Microsoft, they deploy specialized AI models to analyze data securely and enhance their covert operations. While details are under wraps, AI is set to play a key role in modern intelligence and counter-terrorism strategies. 🔓 New RAMBO Attack Steals Data from Air-Gapped Computers Using RAM Signals Researchers have developed a novel side-channel attack called "RAMBO" that exfiltrates data from highly secure, air-gapped computers by exploiting electromagnetic emissions from their RAM. The attack involves malware that manipulates RAM's memory access patterns to emit radio signals, which are then captured by nearby receivers. While the attack can only transfer small amounts of data at slow speeds and short distances, it remains a significant threat to isolated systems in high-security environments. Mitigation strategies include physical defenses, RAM jamming, EM interference, and Faraday enclosures to block electromagnetic leaks. 📊 Survey: The AI wave continues to grow on software development teams GitHub surveyed 2,000 software development professionals across the U.S., Brazil, India, and Germany to assess generative AI tools' use, impact, and expectations in software development. Over 97% of respondents reported using AI coding tools, but only 59-88% indicated company support for AI adoption, varying by region. The U.S. shows the highest support (88%), while Germany shows the lowest (59%). #ai #cybsecurity #software #developers

🚀 Exciting News! 🚀 Nurdsoft will be attending Oracle Cloud World 2024 in Las Vegas! Our team is eager to connect with industry leaders, explore cutting-edge software solutions in the cloud, and discuss how our professional services can help businesses maximize their Oracle Cloud investments. If you’re attending, let’s schedule a time to meet and explore opportunities to collaborate. Feel free to reach out here or contact us at info@nurdsoft.com. See you in Vegas! #OracleCloudWorld #Networking #CloudInnovation #ProfessionalServices #LasVegas2024 #s

Our engineering team tells us that some of you out there are not taking your HTTP methods seriously, so we made an infographic reminder for y'all. #takehttpseriously

We're #hiring a new Senior Software Engineer in Colombia. Apply today or share this post with your network.

Monday called—it wants its weekend back. Until it comes back again, let's look at some noteworthy happenings in tech. 🪪 AI in Cybersecurity: A Game-Changer for Overwhelmed Security Teams The growing complexity of cyber threats necessitates AI integration in cybersecurity, according to Palo Alto Networks' co-founder and CTO, Nir Zuk. With attackers constantly innovating, human efforts alone can't keep up. AI can detect anomalies within organizations, offering scalability and speed that humans cannot match. Zuk emphasizes that AI can automate security operations, reducing the time to detect breaches. Palo Alto Networks is leveraging AI to consolidate data, making cybersecurity more manageable and effective. Despite the increasing threat surface posed by AI, Zuk believes AI will ultimately benefit defenders more than attackers. 💪🏽 Amazon Unveils Mithra: A Powerful Defense Against Cyber Threats Amazon has revealed Mithra, an advanced internal platform designed to combat cyber threats at a massive scale. Built on a graph database with 3.5 billion nodes and 48 billion edges, Mithra processes vast amounts of data to identify and neutralize malicious domains. It integrates AI and machine learning to automate threat detection and decision-making, reducing the need for human intervention. With Mithra, Amazon monitors up to 200 trillion DNS requests daily, detecting 182,000 new malicious domains each day. The platform works alongside other security tools like Sonaris, creating a robust defense network. ⚰️ AWS Deprecates Several Services Amazon is quietly deprecating several AWS services, including Cloud9, SimpleDB, and CodeCommit, which was confirmed by Jeff Barr, AWS’s Chief Evangelist, on Twitter. Along with these, S3 Select, CloudSearch, Forecast, Data Pipeline, and others are also being phased out. This move highlights AWS's recognition that its one-stop-cloud-shop approach has limitations. AWS aims to refocus on its core strength—infrastructure as a service—while relying on technical alliances and specialized vendors to enhance developer experience. This strategic shift underscores AWS's understanding that it can't excel in every domain, advocating for a more collaborative ecosystem. 📜 DigiCert's Mass SSL/TLS Certificate Revocation DigiCert is set to mass-revoke SSL/TLS certificates due to a bug affecting domain verification, requiring impacted customers to reissue certificates within 24 hours. The issue impacts 0.4% of domain validations from August 2019 to June 2024, totaling 83,267 certificates and 6,807 customers. The bug, stemming from an August 2019 update, omitted a necessary underscore in DNS CNAME records, posing a security risk. DigiCert urges customers to reissue certificates via CertCentral to avoid service disruption. Measures have been implemented to prevent future incidents, including open-sourcing DCV processes by November 2024. #ai #aws #devops #cybersecurity