menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Siliconangle

23m

read

668

img
dot

Image Credit: Siliconangle

Fortinet warns of malicious Python packages targeting credentials and user data

  • Fortinet Inc.'s FortiGuard Labs has discovered two malicious Python packages that pose a high risk of credential theft, data exfiltration, and unauthorized system access.
  • The first vulnerability, Zebo-0.1.0, exhibits sophisticated malware behavior, including keylogging, screen capturing, and data exfiltration to remote servers.
  • The second vulnerability, Cometlogger-0.1, targets system credentials and user data, evades detection, and can steal a wide array of user data.
  • To prevent infection, it is recommended to verify third-party scripts, implement firewalls and intrusion detection systems, and train employees to recognize phishing attempts.

Read Full Article

like

8 Likes

source image

TechBullion

1h

read

248

img
dot

Image Credit: TechBullion

FeiXiaoHao: Ranking the Top Cryptocurrency Exchanges for Secure Trading

  • FeiXiaoHao offers a ranking system for cryptocurrency exchanges.
  • Security, liquidity, user experience, and regulatory compliance are crucial factors to consider.
  • Top 10 cryptocurrency exchanges for secure trading are highlighted.
  • Factors like security features, liquidity, regulatory compliance, and supported cryptocurrencies should be considered when choosing an exchange.

Read Full Article

like

14 Likes

source image

Siliconangle

6h

read

62

img
dot

Image Credit: Siliconangle

Kaseya delivers a next-level cybersecurity playbook for SMBs and MSPs

  • Small-to-midsize businesses are easy prey for cybercriminals, and effective cyber defense for SMBs must evolve to meet rising threats.
  • Kaseya Inc. revealed new tools to support cybersecurity for SMBs and help managed service providers strengthen their security posture.
  • The company introduced Kaseya 365 User, a subscription offering that safeguards user identity and security across software-as-a-service applications.
  • Kaseya also announced its acquisition of SaaS Alerts, integrating the firm’s technology into 365 User to help managed service providers protect clients’ cloud-based applications.
  • Effective cyber defense for SMBs is critical, as these companies generate 52% of the global gross domestic product and employ 53% of the workforce, underscoring their vital role in the global economy.
  • Kaseya’s Datto EDR counters these attacks by recognizing abnormal activity and enabling SMBs and MSPs to intervene before attackers gain control.
  • SaaS Alerts track these patterns in real time and integrate into Kaseya 365 User which strengthens its ability to support SMB cyber defense practices.
  • By reducing the need for costly on-site visits and enabling remote issue resolution, Kaseya’s platform minimizes operational friction.
  • Kaseya’s approach positions the platform as more than just a technology solution: It’s a growth engine for sustainable business development.
  • Kaseya’s commitment to MSPs extends beyond boosting profit margins and by aligning its platform with the growing need for SMBs cyber defense practices, enables MSPs to achieve margins closer to 35%.

Read Full Article

like

3 Likes

source image

Siliconangle

7h

read

168

img
dot

Image Credit: Siliconangle

Cyber resilience redefined: Commvault’s Cloud Rewind and recovery capabilities shape the future of cybersecurity

  • At AWS re:Invent, experts from Commvault Systems shared advancements in data protection, cloud recovery, and modern cyber resilience.
  • Commvault's SaaS solutions now deeply integrate with AWS' cloud-native capabilities, enabling organizations to streamline data protection processes.
  • Air Gapped Protect is one of Commvault's latest technologies that offers an isolated environment for secure data storage and recovery.
  • Commvault recently debuted its Cloud Rewind capability that provides comprehensive protection for the entire cloud environment, including critical components.
  • By replicating an application's environment across AWS regions, organizations can achieve near-high availability and quickly recover from regional failures.
  • Recovery-as-Code, a feature of Cloud Rewind, automates the process and enables businesses to resume operations with minimal downtime.
  • Configuration drift, where changes in settings accumulate over time, poses a challenge for automated solutions.
  • Commvault's ability to address these challenges ensures that enterprises can rely on a unified platform for seamless data management and resilience.
  • The technology allows anyone to be able to bring any of their workloads.
  • Commvault Systems sponsored this segment of theCUBE, an exclusive interview on theCUBE, SiliconANGLE Media's livestreaming studio.

Read Full Article

like

10 Likes

source image

Dev

10h

read

124

img
dot

Image Credit: Dev

Enhancing SDLC with Security: A Guide to SSDL and CI/CD Pipelines

  • SDLC integrates security measures into every stage of software development.
  • SSDL enhances SDLC by setting security objectives and preliminary threat modeling.
  • CI/CD pipelines help automate security tasks, accelerate development, and ensure software is functional and secure.
  • In the Planning phase, SSDL sets security objectives and aligns with compliance requirements.
  • The Requirement Analysis phase identifies security-specific requirements like authentication, data encryption, and compliance integration.
  • In the Design phase, secure design principles like least privilege and defense in depth are applied.
  • SAST tools are integrated into the Development phase to detect potential threats, and code review is performed as part of secure coding practice.
  • Automated tests in the Testing phase include unit, integration, performance, and security testing.
  • Continuous monitoring with SIEM tools helps detect unusual activities in the Maintenance phase.
  • Regular patch management ensures updates to libraries, frameworks, and tools to mitigate vulnerabilities.

Read Full Article

like

7 Likes

source image

Tech Radar

10h

read

193

img
dot

Image Credit: Tech Radar

US Government officials urged to lock down devices amid telecoms breach

  • CISA has released an advisory for US government communications.
  • Government officials are encouraged to lock down their devices.
  • This follows the discovery foreign actors have breached US telecoms networks.
  • The advisory includes best practices for mobile communications and emphasizes the use of strict security measures and encryption.

Read Full Article

like

11 Likes

source image

Securityintelligence

10h

read

314

img
dot

Image Credit: Securityintelligence

2024 trends: Were they accurate?

  • Artificial intelligence played a crucial role in cybersecurity, protecting systems, critical information, and sensitive data during the Paris Olympics. Threat actors also employed AI to more effectively execute cyberattacks, with many automating processes such as vulnerability scanning, exploitation, and data exfiltration. Deepfake technology too became an increasing threat, with attackers using it to generate convincing fake calls and content to deceive and steal from individuals and companies. Quantum computing also emerged as a top concern, with harvest-now, decrypt-later attacks becoming increasingly common. Unfortunately, the jury is still out on whether there was a recession in ransomware attacks.
  • Throughout 2024, there was a growing use of artificial intelligence in the cybersecurity sector. For example, Microsoft's internal response teams used a large language model to manage requests and tickets, saving 20 hours per person each week.
  • The use of AI technology for cyberattacks also increased, making it easier for attackers to log in than to hack in. Large-scale social engineering attacks are predicted to involve generative AI by 2027.
  • The use of deepfake technology increased in 2024, with a number of high-profile cases making headlines. Even the Paris Olympics became a target of deepfake campaigns.
  • Quantum computing became an increasingly urgent concern in 2024, as symmetric cryptography was predicted to be unsafe by 2029 and even asymmetric cryptography is expected to be fully breakable by 2034.
  • Experts predicted ransomware attacks would decrease as more companies pledged not to pay ransoms. However, Wired reported that ransomware showed no signs of slowing down in 2024.
  • Despite the increase in cyberthreats, the experts were largely on target with their 2024 cybersecurity predictions.
  • As we move into 2025, the prediction game starts all over again as we wonder what's in store for the future of cybersecurity.

Read Full Article

like

18 Likes

source image

Securityaffairs

5h

read

34

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Acclaim Systems USAHERDS flaw to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) added an Acclaim Systems USAHERDS vulnerability to its Known Exploited Vulnerabilities catalog.
  • The vulnerability was exploited by the Chinese cyber-espionage group APT41 to breach multiple U.S. state government networks.
  • The flaw is rooted in the use of hard-coded credentials and allows arbitrary code execution on affected systems.
  • CISA has ordered federal agencies to fix this vulnerability by January 13, 2025.

Read Full Article

like

2 Likes

source image

Medium

5h

read

89

img
dot

Image Credit: Medium

Cyberfraud and it's effects on our society ‍

  • Cybercrime is a major global issue with a significant impact on individuals and businesses.
  • Reports from organizations such as Interpol and cybersecurity firms highlight countries that are often flagged for their role in originating internet fraud schemes.
  • The USA has a vast internet user base, making it a prime target for fraudsters who operate globally.
  • China is known for its fraudulent schemes that include fake investment platforms, counterfeit goods, and hacking, which often affect both domestic and international targets.
  • India is facing an increase in cybercrime, particularly in online banking and mobile payments, with financial fraud and online scams targeting both domestic and international victims being common.
  • Brazil faces a high rate of online fraud, especially through credit card fraud, identity theft, and phishing, as its growing internet penetration leads to an increase in cybercrime, particularly targeting users in e-commerce and financial transactions.
  • Nigeria is infamous for its online fraud schemes that target people worldwide, particularly through fake business deals, romantic scams, and phishing attacks.
  • The UK has a well-developed online infrastructure, but it is also a hotspot for cybercrime, as many online scams, especially investment fraud and phishing, originate from the country.
  • South Korea is one of the most internet-connected countries, which makes it a target for cybercriminals who often engage in phishing and identity theft schemes, particularly from neighboring countries.
  • Germany is a major target for cybercriminals involved in online fraud schemes, particularly involving banking, credit cards, and e-commerce, and reports from organizations like Europol and Interpol highlight significant amounts of online fraud originating from or affecting Germany.

Read Full Article

like

5 Likes

source image

Mjtsai

5h

read

166

img
dot

Meta’s iOS Interoperability Requests

  • Meta has made 15 interoperability requests under the Digital Markets Act (DMA) in the EU, more than any other company.
  • Apple claims that Meta's requests could compromise user security and privacy.
  • Meta argues that Apple is using privacy as an excuse to avoid reasonable interoperability.
  • The European Commission is evaluating Apple's compliance with the DMA and gathering feedback.

Read Full Article

like

9 Likes

source image

Mjtsai

5h

read

228

img
dot

WhatsApp v. NSO Group

  • A U.S. judge ruled in favor of WhatsApp in a lawsuit against NSO Group.
  • WhatsApp accused NSO Group of exploiting a bug to install spy software.
  • The lawsuit claimed unauthorized surveillance of 1,400 people, including journalists and activists.
  • The ruling focused on whether NSO Group exceeded authorization on WhatsApp.

Read Full Article

like

13 Likes

source image

Medium

8h

read

173

img
dot

Image Credit: Medium

All about Motherboards

  • A motherboard is like the ultimate multi-tasker, managing and integrating various components of your computer.
  • Built-in features of most motherboards include Ethernet ports for wired internet connections and basic sound capabilities.
  • The motherboard serves as a hub for connecting components such as the CPU and peripherals.
  • Motherboards also support discrete devices that can be swapped out for upgrades.

Read Full Article

like

10 Likes

source image

Blockonomi

8h

read

53

img
dot

Image Credit: Blockonomi

Hyperliquid Token Falls 21% Following North Korean Hacking Concerns

  • HYPE token dropped 21% following reports of potential North Korean hacker activity on Hyperliquid platform
  • Security expert Taylor Monahan identified suspicious wallet activity, suggesting North Korean hackers are probing for vulnerabilities
  • Hyperliquid completed a $1.6 billion token airdrop in November 2024, reaching $11 billion market cap
  • Over $211 million in USDC withdrawn from platform amid security fears

Read Full Article

like

3 Likes

source image

Sdtimes

10h

read

314

img
dot

Image Credit: Sdtimes

Techniques to secure open source software

  • Open source projects are increasingly targeted by attackers seeking to exploit software vulnerabilities.
  • There has been a significant increase in software supply chain attacks, with incidents reaching 245,000 in 2023.
  • Open source leaders need to prioritize security and implement measures to address potential threats proactively.
  • Zero-trust builds and Software Bill of Materials (SBOM) can enhance open source software security.

Read Full Article

like

18 Likes

source image

Arstechnica

10h

read

117

img
dot

Image Credit: Arstechnica

Health care giant Ascension says 5.6 million patients affected in cyberattack

  • Health care company Ascension lost sensitive data for nearly 5.6 million individuals in a cyberattack attributed to a ransomware gang.
  • The attack caused disruptions, errors, delayed or lost lab results, and diversions of ambulances to other hospitals.
  • Investigation revealed that affected individuals' data included names, medical information, payment information, insurance information, government identification, and other personal information.

Read Full Article

like

7 Likes

For uninterrupted reading, download the app