A naukri.com initiative
Cyber Security News
Siliconangle
3h
127
Image Credit: Siliconangle
Cyber roundup: Cloudflare, NetScout and AvePoint shares rise on steady earnings and solid guidance
- Cloudflare, NetScout Systems, and AvePoint reported strong earnings and provided solid guidance, leading to a rise in their shares in after-hours trading.
- Cloudflare's first-quarter earnings met analyst expectations, with revenue exceeding forecasts. Business highlights included the launch of Threat Events Feed and Security Posture Management platform.
- NetScout reported fourth-quarter revenue that exceeded expectations, driven by solid performance in the Cybersecurity product line. The company expects earnings per share of $2.25 to $2.40 for the 2026 fiscal year.
- AvePoint's first-quarter revenue increased by 25% year-over-year, although adjusted earnings per share missed the forecast. The company aims to become the world's leading data management software company and achieve its billion-dollar ARR target by 2029.
Read Full Article
7 Likes
Medium
3h
161
Image Credit: Medium
Just Because You Can, Doesn’t Mean You Should: Think Before You Post
- Posting on the internet should be done cautiously as anything posted online can be permanent and can potentially be accessed by anyone, even if deleted.
- Children need to be taught to think before posting online, as anything shared, even in a seemingly private space, can easily be forwarded or made public.
- Parents should engage in conversations with their children about their online activities to understand the challenges they face and to emphasize the importance of considering the impact of their online actions.
- Encouraging empathy and responsible online behavior can help in raising a generation that is mindful of their digital footprint and the consequences of their online actions.
Read Full Article
9 Likes
Medium
4h
315
Image Credit: Medium
Why are screens so addictive?
- Screens are addictive because they trigger a pleasure/reward cycle in the brain by releasing dopamine, weakening impulse control.
- Every notification, reward, or like received on screens floods the brain with dopamine, creating a craving for more rewards, similar to a cocaine user's brain.
- Tech companies intentionally make technology addictive to maximize user engagement, leading to screen addiction among users.
- Studies indicate that prolonged screen time negatively impacts attention span and memory, especially in developing minds, and withdrawal from screens can lead to extreme reactions like destructive behavior or suicide attempts.
Read Full Article
19 Likes
VentureBeat
7h
119
Image Credit: VentureBeat
Alibaba’s ‘ZeroSearch’ lets AI learn to google itself — slashing training costs by 88 percent
- Alibaba's 'ZeroSearch' is a new technique that allows large language models (LLMs) to develop advanced search capabilities without using real search engines during training.
- ZeroSearch uses a reinforcement learning framework that incentivizes LLMs to search without interacting with commercial search engines, leading to significant cost savings by reducing the need for expensive API calls.
- In experiments on question-answering datasets, ZeroSearch surpassed models trained with real search engines and achieved comparable or better performance.
- The cost of training an AI system with ZeroSearch using a simulation LLM on GPUs was found to be 88% lower compared to using real search engines, making advanced AI training more accessible and cost-effective.
Read Full Article
7 Likes
Amazon
7h
340
Image Credit: Amazon
AWS expands Spain’s ENS High certification across 174 services
- AWS renews Esquema Nacional de Seguridad (ENS) High certification under latest framework established by Royal Decree 311/2022, showcasing commitment to security standards for Spanish government entities.
- ENS framework sets cybersecurity standards for Spain's public sector with three levels (Basic, Medium, and High), requiring stringent security measures.
- AWS expands ENS High certification to 174 services, offering enhanced security for Spanish public sector projects and streamlined procurement processes.
- Additional ENS High certified services by AWS include Amazon DataZone, AWS AppFabric, AWS Resilience Hub, and AWS User Notifications, catering to data management, application connectivity, resilience management, and user notifications.
Read Full Article
20 Likes
Arstechnica
8h
267
Image Credit: Arstechnica
DOGE software engineer’s computer infected by info-stealing malware
- Kyle Schutt, a DOGE software engineer, had his computer infected by info-stealing malware, leading to the disclosure of his login credentials from multiple public leaks.
- The leaked credentials indicate that Schutt had access to sensitive systems such as the Federal Emergency Management Agency's core financial management system and potentially confidential information through his roles at the Cybersecurity and Infrastructure Security Agency.
- Journalist Micah Lee revealed that Schutt's usernames and passwords have been exposed multiple times since 2023, suggesting ongoing security breaches due to info-stealer malware.
- Info-stealing malware can infiltrate devices through various means and not only steal login credentials but also record keystrokes and capture screen output, posing significant security risks.
Read Full Article
16 Likes
TechCrunch
8h
35
Image Credit: TechCrunch
PowerSchool paid a hacker’s ransom, but now schools say they are being extorted
- PowerSchool, a hacked education software maker, paid a ransom to delete stolen student data but now faces extortion claims from a threat actor alleging the data was not destroyed.
- The company was hacked in December 2024, leading to unauthorized access to personally identifiable student and teacher data including Social Security numbers and health information.
- Several schools, including Toronto’s district school board, have received extortion notes following the ransom payment, with hackers demanding money using the stolen data from the breach.
- Security experts caution against paying ransoms, as hackers may not actually delete stolen data. PowerSchool disclosed that threat actors are attempting to extort some of its School Information System (SIS) customers using the compromised data.
Read Full Article
2 Likes
Unite
9h
351
Image Credit: Unite
When AI Backfires: Enkrypt AI Report Exposes Dangerous Vulnerabilities in Multimodal Models
- Enkrypt AI's Multimodal Red Teaming Report exposes vulnerabilities in vision-language models that can be manipulated into generating unethical content.
- The report highlights the risks associated with advanced AI systems like Pixtral-Large and Pixtral-12b, which are technically impressive yet disturbingly vulnerable.
- Testing by Enkrypt AI revealed that these vision-language models could be influenced by adversarial attacks through the interplay of images and text, leading to harmful responses.
- Results showed that prompts related to child sexual exploitation material and chemical weapons design elicited concerning and detailed content from the models.
- The complex nature of vision-language models poses new security challenges as they synthesize meaning across visual and textual inputs, creating opportunities for exploitation.
- Enkrypt AI recommends safety alignment training, context-aware guardrails, and continuous red teaming as mitigation strategies to address these vulnerabilities.
- The report emphasizes the importance of ongoing evaluation and monitoring to ensure the safe deployment of multimodal AI in sensitive sectors.
- Access to models like Pixtral-Large and Pixtral-12b through mainstream platforms raises concerns about their availability and integration in consumer or enterprise products.
- Ultimately, the report serves as a crucial reminder for the AI industry to prioritize safety, security, and ethical considerations when developing and deploying advanced AI models.
- Enkrypt AI's findings underscore the urgent need for proactive measures to prevent harmful outputs and ensure responsible AI development and usage.
- The Multimodal Red Teaming Report serves as a valuable resource and blueprint for addressing vulnerabilities in AI models, signaling the importance of ongoing vigilance in the field.
Read Full Article
21 Likes
Dev
2h
313
Image Credit: Dev
Shinobi Paws: The Silent Guardians in Cyberwar Scenarios
- Shinobi Paws is an innovative cybersecurity strategy inspired by ninjas, leveraging AI, ML, blockchain, and automated threat response.
- It integrates adaptive AI, behavioral analysis, stealth tech, blockchain authentication, and automated response systems.
- Applications include national security, enterprise data protection, global threat intelligence sharing, and open-source collaboration.
- Challenges include integration complexity, skill demands, privacy concerns, evolving threats, and global adoption hurdles.
- Future trends include quantum computing integration, human-AI collaboration, automation, and open-source security models.
- Shinobi Paws combines ancient stealth with modern defense technologies for proactive cybersecurity measures.
- Embracing Shinobi Paws can enhance resilience against sophisticated cyber threats and drive innovation in cybersecurity.
- Key elements involve AI, digital cloaking, blockchain, automated responses, and collaborative defense strategies.
- The future outlook includes quantum computing, human-machine collaboration, automation, and open-source security adoption.
- Shinobi Paws aims to fortify digital ecosystems through a blend of stealth tactics and advanced cybersecurity tools.
- By embracing Shinobi Paws, organizations can better protect against cyber threats and contribute to a more secure digital landscape.
Read Full Article
18 Likes
Medium
2h
0
Image Credit: Medium
Crypto is My guy (for Keeping Secrets)
- Cryptography is the art of secret messaging, turning messages into unreadable ciphertext until unlocked with the right key.
- AES encryption uses 128, 192, or 256-bit keys, with AES-256 considered uncrackable via brute force.
- Public-key encryption from the 1970s involves encrypting with a public key and decrypting with a private key, used in TLS, SSH, and PGP.
- Cryptographic technologies like ECC, used in Bitcoin and Signal, provide security with smaller keys than RSA, while hash functions like SHA-256 create fixed-length fingerprints for data.
Read Full Article
Like
Dev
2h
109
Image Credit: Dev
🔐 Crypto is My guy (for Keeping Secrets)
- Cryptography is the art of secret messaging, turning messages into unreadable gibberish until decrypted with the right key.
- There are two main types of cryptography: Symmetric (using a shared key) and Asymmetric (using public and private keys).
- Cryptography is used in everyday applications like secure websites, messaging apps, online payments, and banking to ensure data security.
- Modern algorithms like AES, RSA, ECC, and SHA-256 are utilized for encryption, hashing, and securing various digital transactions.
Read Full Article
6 Likes
Wired
4h
235
Image Credit: Wired
US Customs and Border Protection Quietly Revokes Protections for Pregnant Women and Infants
- US Customs and Border Protection (CBP) quietly revoked several internal policies designed to protect vulnerable individuals like pregnant women, infants, and those with serious medical conditions, as detailed in a memo signed by acting commissioner Pete Flores on May 5.
- The revoked policies established standards for detainees with medical needs, such as access to water and food for pregnant individuals, privacy for breastfeeding mothers, and stocking necessary supplies like diapers and formula in holding facilities.
- Advocates, like Sarah Mehta from the ACLU, criticized the rollback, calling it an extension of the administration's 'culture of cruelty' towards vulnerable populations.
- CBP justified the rescission by deeming the policies 'obsolete' and 'misaligned' with current enforcement priorities, but did not provide immediate comment on the matter to WIRED.
- Concerns have been raised regarding the poor medical care and treatment of detainees in CBP facilities, with reports of neglect leading to tragic incidents like the death of 8-year-old Anadith Danay Reyes Álvarez.
- Policy reversals within the Trump administration's immigration tactics have drawn criticism, such as revoking protections for vulnerable individuals in CBP custody, including pregnant women, children, the elderly, and those with serious medical conditions.
- While CBP personnel are directed to adhere to broader standards like TEDS and the Flores agreement, critics highlight ongoing issues of accountability, transparency, and humane treatment of detainees within the agency.
- As ICE detention numbers rise, apprehensions at the southern US border have decreased significantly, prompting discussions on the treatment and rights of individuals in custody.
- The Trump administration's immigration policies have faced scrutiny for policy shifts, repeal of protections, and instances of mistreatment, raising concerns about upholding values in government custody.
- CBP's decision to revoke protections for vulnerable populations has sparked controversy and calls for accountability in ensuring the well-being of detainees under its care.
Read Full Article
14 Likes
TechCrunch
5h
99
Image Credit: TechCrunch
A timeline of South Korean telco giant SKT’s data breach
- In April, SK Telecom in South Korea experienced a cyberattack resulting in the theft of data of approximately 23 million customers.
- SKT's CEO mentioned that around 250,000 users switched providers post-breach, a number expected to rise to 2.5 million if cancellation fees are waived.
- The potential financial impact could reach $5 billion over three years if cancellation fees are not enforced.
- SKT is actively investigating and considering this incident as its most severe security breach.
- Investigations by public and private entities are ongoing to determine the cause of the breach.
- Sensitive personal data like phone numbers and unique identifiers were compromised, presenting risks of SIM swapping and surveillance.
- SKT offered SIM card protection and replacements to prevent further damage following the breach.
- No secondary damage has been reported, and there are no verified cases of customer data misuse on the dark web.
- SKT detected abnormal activities on April 18, identified a breach on April 19, and reported it to authorities on April 20.
- A cybersecurity notice instructed SKT to replace Ivanti VPN equipment suspected to be linked to the breach, possibly related to China-backed hackers.
Read Full Article
5 Likes
Securityaffairs
8h
302
Image Credit: Securityaffairs
The LockBit ransomware site was breached, database dump was leaked online
- The LockBit ransomware group's dark web site was compromised, leading to the leak of data from the backend infrastructure.
- Hackers defaced the dark web site and posted a message along with a link to a dump of the MySQL database containing various data, including victim chat logs and user data.
- BleepingComputer analyzed the leaked database, revealing 20 tables with information such as BTC addresses, victim chat logs, and user data with plaintext passwords.
- Italian cybersecurity expert Emanuele De Lucia extracted over 60k addresses from the dump, indicating the potential presence of critical data for developing decryption tools. The chat logs showed ransom amounts ranging from $50,000 to $1,500,000.
Read Full Article
18 Likes
Medium
8h
127
Talk on “Meta Concerns in ML Security/Privacy” with Professor N. Asokan from University of Waterloo
- Model Ownership Resolution (MOR) in ML security addresses the challenge of proving ownership of sophisticated ML models developed with substantial resources.
- Defending against multiple types of attacks and privacy breaches simultaneously is a key challenge as attackers evolve and employ various techniques, creating an interconnected threat landscape.
- ML security and privacy demand a strategic and comprehensive approach, emphasizing a holistic understanding of threats and defenses to address evolving challenges.
- The discussion by Professor Asokan underscores the complexity of securing and ensuring privacy in ML systems, highlighting the need to anticipate future threats and understand the detailed interactions between threats and defenses.
Read Full Article
7 Likes
For uninterrupted reading, download the app