A naukri.com initiative
Cyber Security News
Dev
2h
175
Image Credit: Dev
Docker Scout in Kubernetes: Advanced Container Security for Cloud-Native Environments
- Docker Scout offers powerful security features for Kubernetes environments, enabling DevSecOps teams to implement robust container security.
- The guide covers setting up a comprehensive Kubernetes security scanning pipeline using Docker Scout.
- It explains how to implement custom Kubernetes controllers for automated security scanning.
- The article also discusses implementing Kubernetes security policies, multi-cluster security management, GitOps integration, and best practices for Kubernetes security.
Read Full Article
10 Likes
Tech Radar
2h
165
Image Credit: Tech Radar
LinkedIn facing lawsuit over accusations private messages used to train AI
- LinkedIn is facing a lawsuit over accusations of sharing private messages and user data with third parties for AI training.
- The lawsuit seeks $1,000 per user for violations against the US federal Stored Communications Act.
- LinkedIn allegedly made changes to its privacy settings, privacy policy, and FAQs to cover its tracks.
- In 2024, LinkedIn settled a class action lawsuit for overcharging advertisers for video advert views.
Read Full Article
9 Likes
Neuways
3h
237
Image Credit: Neuways
WhatsApp accounts compromised by Cyber Criminals
- Spear-phishing technique used in WhatsApp phishing attack.
- Attackers exploited QR code and spoofed WhatsApp pages.
- Non-governmental organizations (NGOs) remain primary targets.
- Importance of defensive strategies such as phish-resistant authentication and employee awareness training.
Read Full Article
14 Likes
Medium
4h
323
Image Credit: Medium
Private Investigation Firms and Cybersecurity: Protecting Your Digital Life
- Private investigation firms are now focusing on cybersecurity solutions to protect their clients' digital lives.
- They combine investigative techniques with advanced technical solutions to detect, prevent, and respond to cyber threats.
- Private investigators take a holistic approach, blending physical and digital security components for comprehensive protection.
- They ensure compliance with data protection laws and regulations and offer expertise in handling cyber threats.
Read Full Article
19 Likes
Cybersecurity-Insiders
4h
106
Image Credit: Cybersecurity-Insiders
Bashe Ransomware strikes ICICI Bank
- A ransomware group named Bashe has launched a cyberattack on ICICI Bank.
- The group breached the bank's systems and stole data, which is now up for sale on the dark web.
- Bashe is notorious for its aggressive tactics and has set a deadline of January 24, 2025, to release the stolen data online.
- ICICI Bank, a major Indian financial institution, is currently investigating the incident.
Read Full Article
6 Likes
Hackersking
6h
97
Image Credit: Hackersking
Unveiling the Truth: Profile View Tracking on Telegram
- Telegram is a popular messaging platform known for its privacy, security, speed, and versatility.
- Unlike Instagram or WhatsApp, Telegram does not provide a feature to see who viewed your profile.
- Third-party apps claiming to offer profile view tracking on Telegram are often scams and pose risks such as data theft, malware, and account suspension.
- To enhance privacy on Telegram, users should customize their privacy settings, enable two-step verification, avoid sharing sensitive information, and use secret chats with end-to-end encryption.
Read Full Article
5 Likes
Hackersking
6h
201
Image Credit: Hackersking
Instagram Profile Picture Insights: Possibility to access Old Instagram Profile
- Instagram does not publicly provide access to past profile pictures.
- Users can access old profile pictures by saving them to their devices or archives.
- Avoid using third-party tools as they may compromise account security.
- Instagram prioritizes user privacy and promotes a secure and user-friendly experience.
Read Full Article
12 Likes
Securityaffairs
7h
227
Image Credit: Securityaffairs
Cisco addresses a critical privilege escalation bug in Meeting Management
- Cisco released security updates to address a critical privilege escalation bug in its Meeting Management.
- The vulnerability allows remote, authenticated attackers to gain administrator privileges on affected instances.
- The flaw resides in the REST API of Cisco Meeting Management and arises from a lack of proper authorization.
- There are no known attacks exploiting this vulnerability in the wild.
Read Full Article
13 Likes
Securityaffairs
9h
347
Image Credit: Securityaffairs
U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, Silk Road creator
- U.S. President Donald Trump granted a “full and unconditional pardon” to Ross Ulbricht, the creator of the Silk Road, a dark web drug marketplace.
- Ulbricht was convicted in 2015 for narcotics and money-laundering conspiracy and was serving a life sentence.
- Trump's decision to pardon Ulbricht was based on claims of government overreach in the case.
- Silk Road facilitated billions of dollars worth of transactions and generated millions in earnings for Ulbricht.
Read Full Article
20 Likes
Tech Radar
2h
133
Image Credit: Tech Radar
Bad news - businesses who pay ransomware attackers aren’t very likely to get their data back
- A study by Hiscox revealed that only 7% of firms were able to recover their data in full after paying a ransom in a ransomware attack.
- 1 in 10 businesses who paid the ransom still had their data leaked.
- Ransomware attacks not only result in financial loss but also damage the reputation of companies.
- 47% of companies who experienced a ransomware attack reported difficulty in attracting new customers, and 43% lost customers.
Read Full Article
8 Likes
TechRound
2h
127
What Does TikTok Do With Our Data?
- TikTok stores data in three layers that consist of a user’s registration details, device-related statistics, and in-app activities, including location with permissions. Personalized ads and recommendations are released through algorithms guided by biometric details, likes, views and shares. External stakeholders access user information for marketing or analytic reasons. Users seeking data archives can only obtain partial data sets, that are missing details linked to other user’s privacy. Criticisms levied at the platform include claims of insufficient transparency, underage data protection, and vulnerabilities during security breaches.
- Concerns regarding the safety of user information have arisen in light of the large volume of user data TikTok manages, prompting concerns over data privacy risks. TikTok’s tracking of biometric data and partial location details is seen as invasive, while others worry that private records may be susceptible during a security breach.
- Algorithms form the backbone of TikTok’s advertising and recommendation features. Watch history, likes, and device details are used to personalize ad selection while a user’s interaction with videos shapes trending content.
- Data collection on TikTok extends beyond the app as external stakeholders access user information for marketing or analytic reasons. Unsettled questions surround how international data transfers, national security, politics, and ownership structures serve to protect user data.
- TikTok is user-downloadable but individual data files do not always contain all data. The platform may ask for verification, then compile the records in a downloadable format. However, users might not receive all the information they were looking to archive because of the exclusion of details linked to other users’ privacy.
- Teenagers are also a concern that the company may not sufficiently be addressing as TikTok's biggest user base tends to comprise minors.
- The platform has to strike a balance between providing users with a personalized experience, while ensuring ample privacy controls are in place, to avoid being seen as an invasive platform.
- To address criticisms, TikTok could increase transparency around how data is gathered and used, make privacy settings more accessible, and introduce more online controls to enable parents to preserve their children's privacy.
- TikTok has surged in popularity globally, with millions of users posting short, often humorous, music-related videos. The Chinese-based social media platform is so far enjoying massive growth but ongoing data privacy concerns could threaten the company's future if not addressed in a responsible and respectful fashion.
- TikTok is currently in talks with the UK government over concerns that user data might be at risk from Chinese state influence through parent company, ByteDance.
Read Full Article
7 Likes
Arstechnica
2h
224
Image Credit: Arstechnica
Data breach hitting PowerSchool looks very, very bad
- A major data breach has occurred at PowerSchool, a cloud-based service provider for K-12 schools.
- The breach resulted in unauthorized access to personal information stored in PowerSchool's Student Information System (SIS).
- The stolen information includes names, contact details, dates of birth, medical alert information, Social Security Numbers, and other related data.
- PowerSchool serves 16,000 schools worldwide, impacting 60 million students and an undisclosed number of teachers.
Read Full Article
13 Likes
Arstechnica
3h
237
Image Credit: Arstechnica
Researchers say new attack could take down the European power grid
- Researchers have found that renewable energy facilities in Central Europe use unencrypted radio signals.
- The signals are used to receive commands to feed or ditch power into or from the grid serving 450 million people in Europe.
- The researchers accidentally discovered this vulnerability while working on a different hacking project.
- This finding raises concerns about the potential for a coordinated attack on the European power grid.
Read Full Article
14 Likes
Wired
3h
170
Image Credit: Wired
Subaru Security Flaws Exposed Its System for Tracking Millions of Cars
- Security researchers Sam Curry and Shubham Shah found vulnerabilities in a Subaru web portal that allows to hijack the ability to unlock the car, honk its horn, and start its ignition, control features to any phone or computer.
- Moreover, they could track the Subaru's location for the entire year his mother owned it, including precise location data multiple times a day.
- Subaru quickly fixed the vulnerabilities in Starlink security after the researchers informed the company, but it remains unclear how far back Subaru keeps customers' location histories and makes them available to employees.
- Car hacking and location tracking techniques are not unique. In recent years, security researchers have found similar flaws in vehicles sold by Acura, BMW, Ferrari, Genesis, Honda, Hyundai, Infiniti, Mercedes-Benz, Nissan, Rolls Royce, and Toyota.
- Subaru may have collected multiple years of location data though Curry and Shah tested their technique only on Curry's mother, who owned the Subaru for about a year.
- This discovery by Curry and Shah highlights the lack of privacy safeguards around the growing collection of personal data in the car industry and the concerns over the enormous amount of location data that they collect.
- The researchers warn that similarly serious hackable bugs exist in other auto companies' web tools that have yet to be discovered.
- The vulnerabilities discovered by the researchers alone, for drivers, present serious theft and safety risks.
- A growing concern over the enormous amount of location data that car companies collect that was highlighted by a report by privacy researchers at the Mozilla Foundation in September.
- The vulnerabilities in Subaru web portal hinted at how pervasively those with access to Subaru's portal can track its customers' movements.
Read Full Article
10 Likes
Medium
6h
288
Image Credit: Medium
Multimodal Transformers vs. Classical Transformers : a cybersec example
- Multimodal transformers combine multiple data sources simultaneously, using cross-attention layers to relate one modality to another.
- In the example of detecting a fileless malware attack in an enterprise environment, multimodal transformers integrate indicators and reasoning data streams.
- Multimodal transformers excel in detecting such attacks by analyzing diverse data sources and identifying relationships that would be missed by classical models.
- This article highlights the educational and defensive potential of multimodal transformers in detecting and preventing advanced threats, while emphasizing the importance of ethical use in cybersecurity.
Read Full Article
17 Likes
For uninterrupted reading, download the app