A naukri.com initiative
Cyber Security News
Tech Radar
1h
41
Image Credit: Tech Radar
State-sponsored actors spotted using ClickFix hacking tool developed by criminals
- State-sponsored threat actors are using the ClickFix attack technique, according to research from Proofpoint.
- At least three groups, including Kimsuky (North Korean), MuddyWater (Iranian), and UNK_RemoteRogue and APT28 (allegedly Russian), have been observed using ClickFix in their attack chains.
- ClickFix is a social engineering tactic that tricks victims into installing remote desktop programs, allowing the attackers to download and run malware.
- The ClickFix attack technique has been adopted by state-sponsored actors primarily engaged in cyber-espionage, targeting organizations in adversary states.
Read Full Article
2 Likes
Tech Radar
2h
111
Image Credit: Tech Radar
Food retail giant behind several major US supermarket brands confirms data stolen in major ransomware breach
- Ahold Delhaize, one of the world's largest food retail groups, confirms the loss of sensitive data from its US business in a November 2024 cyberattack.
- The cyberattack was conducted by INC Ransom, who added Ahold Delhaize to its data leak website and shared sample stolen documents.
- Ahold Delhaize is currently conducting an investigation to determine the affected information, and their stores and e-commerce services remain open and operational.
- Customers should remain cautious due to the ongoing investigation and the potential risk of their personal data being compromised.
Read Full Article
6 Likes
Tech Radar
4h
99
Image Credit: Tech Radar
US government flags worrying SonicWall flaw, so update now
- The US Cybersecurity and Infrastructure Security Agency (CISA) has added an old SonicWall vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
- Federal Civilian Executive Branch (FCEB) agencies have three weeks to install the patch or stop using the product entirely.
- SonicWall updated its security advisory, upgrading the severity score of the flaw from medium to high.
- The vulnerability allows a remote authenticated attacker to inject arbitrary commands, potentially leading to code execution.
Read Full Article
5 Likes
Tech Radar
6h
322
Image Credit: Tech Radar
A critical Erlang/OTP security flaw is "surprisingly easy" to exploit, experts warn - so patch now
- Security researchers find a 10/10 flaw in Erlang/OTP SSH
- Horizon3 Attack Team says the flaw is 'surprisingly easy' to exploit
- A patch is available, so users should update now
- The flaw allows for remote code execution and affects all versions of Erlang/OTP SSH
Read Full Article
19 Likes
Securityaffairs
6h
107
Image Credit: Securityaffairs
U.S. CISA adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Microsoft Windows NTLM flaws to its Known Exploited Vulnerabilities catalog.
- CISA added Apple products and Microsoft Windows NTLM vulnerabilities to its Known Exploited Vulnerabilities catalog.
- Apple released security updates to address two vulnerabilities impacting iOS, iPadOS & macOS, which have been exploited in sophisticated attacks.
- Microsoft fixed a Windows NTLM hash disclosure spoofing vulnerability, which has been actively exploited since March.
Read Full Article
6 Likes
Socprime
7h
91
Image Credit: Socprime
Accelerating Threat Detection with Uncoder AI’s “Short AI-generated Summary”
- SOC Prime's Uncoder AI offers the Short AI-generated Summary feature for faster and clearer security operations.
- Uncoder AI's Short AI-generated Summary transforms complex detection queries into human-readable insights in seconds.
- The feature enabled a SOC analyst to parse a complicated Google SecOps detection rule related to Windows Defender Application Control (WDAC) policy file creation.
- The AI summary provided a concise explanation of the detection logic, helping in rapid triage and confident validation of its intent.
Read Full Article
5 Likes
TechBullion
8h
17
Image Credit: TechBullion
The Role of Locksmiths in Enhancing Home and Business Security
- Professional locksmiths play a crucial role in enhancing home and business security by offering a range of services beyond traditional lock and key solutions.
- Modern locksmiths are well-trained security professionals who provide services such as installing electronic access systems, designing master key suites, and conducting risk assessments.
- For homeowners, locksmiths ensure high-quality lock installation, emergency lockout assistance, rekeying services, and smart home technology integration to enhance security.
- Locksmiths also offer security evaluations for homes, suggesting improvements like better locks, reinforced door frames, and additional security measures.
- In commercial settings, locksmiths help manage access control with master key systems, install high-security locks, and integrate electronic access systems for enhanced security measures.
- They ensure commercial properties comply with fire and safety codes by installing panic bars, emergency exit devices, and secure safes for valuable assets.
- Regular maintenance and upgrades by locksmiths help prevent security threats by identifying weakening locks or outdated technology before they pose a risk.
- Specialized locksmith services for automotive, emergency situations, and safe installation cater to unique needs with expert knowledge and dedication to learning.
- Choosing a reputable locksmith partner involves looking for certifications, positive reviews, transparent pricing, and a commitment to safety and expertise.
- As security technologies evolve, locksmiths adapt to trends like biometric authentication and cloud-based access management, bridging traditional and digital security.
Read Full Article
1 Like
Medium
8h
240
Image Credit: Medium
Navigating data regulations and privacy in 2025
- In 2025, navigating data regulations and privacy is critical for app owners, especially in the health and wellbeing sector.
- Key events in app privacy include Apple and Google's renewed focus aligning with EU regulations.
- Personal Identifiable Information (PII) is crucial, categorized as sensitive and non-sensitive data.
- Probabilistic Data and fingerprinting are areas of concern with Apple and Google eradicating their use.
- Data protection regulations aim to safeguard user rights, consent, transparency, and data security.
- Compliance with data regulations like GDPR is vital to avoid fines and ensure timely data breach notifications.
- Maintaining transparent privacy policies, ongoing privacy training, and appointing a Data Protection Officer are key compliance steps.
- Security measures such as encryption, API gateways, multi-factor authentication, and regular updates are recommended for data security.
- Ensuring encryption for data at rest and in transit, implementing row-level security, and automating data validity are crucial for GDPR compliance.
- App developers need to consider data protection regulations, user data storage locations, and certification requirements, even beyond user jurisdictions.
Read Full Article
14 Likes
Wired
2h
163
Image Credit: Wired
ICE Is Paying Palantir $30 Million to Build ‘ImmigrationOS’ Surveillance Platform
- Immigration and Customs Enforcement (ICE) has awarded Palantir a $30 million contract to build a surveillance platform named 'ImmigrationOS' to track individuals self-deporting from the US and aid in deportation decisions, with a focus on visa overstays.
- The platform aims to provide real-time visibility on self-deportation, streamline targeting and enforcement operations, and enhance deportation logistics for ICE.
- Palantir is expected to deliver a prototype of ImmigrationOS by September 2025, with the contract extending through at least September 2027.
- ICE states that the urgency for ImmigrationOS stems from the need to target criminal gangs and fulfill deportation directives set by President Trump.
- The document does not specify the data sources for ImmigrationOS but mentions Palantir's expertise in providing such capabilities to ICE over the years.
- The awarded contract supplements an existing agreement for Palantir's case management system, which has seen multiple value increments in the past.
- The partnership between ICE and Palantir raises concerns about privacy and the extensive data collection methods being implemented for immigration enforcement purposes.
- ICE's push towards self-deportation and heightened deportation efforts have triggered legal challenges and backlash, including recent temporary blocks on certain initiatives by the Trump administration.
- The collaboration between ICE and Palantir, known for its work with various government agencies, underscores the growing role of technology in immigration enforcement and surveillance.
- The development of ImmigrationOS comes amidst broader debates on immigration policies, national security, and the ethical implications of using advanced technology for immigration control.
Read Full Article
9 Likes
Embedded
2h
19
AEB Systems, LTE IoT 10 Click Board, Security of Embedded Systems: Embedded Week Insights
- Equal1 successfully validates a commercial CMOS process for scalable quantum systems.
- Vertex Growth invests €10M in Dolphin Semiconductor to accelerate global expansion.
- TDK introduces the world's first 'Spin Photo Detector' with 10X faster data transmission.
- Security of embedded systems is crucial for smart homes and Industry 4.0 applications.
Read Full Article
1 Like
Cybersecurity-Insiders
5h
147
Why Your Castle Isn’t Enough: Security Must Look Beyond the Perimeter
- The traditional “castle-and-moat” model of cybersecurity is outdated.
- Attackers no longer need to break through digital walls when they can bypass them using stolen credentials.
- The biggest risks lie in third-party compromises and external attack surfaces.
- To improve security, organizations need to expand their field of view, implement threat intelligence, identity monitoring, automated detection, and have an empowered SOC team.
Read Full Article
8 Likes
Cybersecurity-Insiders
6h
94
When Security Gets Too Complicated: A Return to Basics
- Cybersecurity industry often focuses on complexity with new AI-infused solutions, but breaches continue due to neglecting basic security practices.
- Use of cutting-edge tools without addressing fundamental weaknesses creates security imbalances.
- Most successful cyber attacks exploit basic security gaps that could have been prevented by consistent security fundamentals.
- Neglecting basic security measures while implementing advanced solutions can lead to vulnerabilities in the one system left unprotected.
- Consistent implementation of basic security practices like endpoint security and regular patching can prevent a majority of security incidents.
- Organizations should prioritize achieving complete coverage of fundamental controls before implementing advanced protections.
- Automation and process discipline are crucial in implementing basic security practices consistently across complex environments.
- Successful security approaches include focusing on basics, addressing known gaps, and strategically deploying advanced protections.
- Measuring security success should focus on outcomes like vulnerability remediation speed and control implementation consistency.
- Effective cybersecurity involves mastering basics first before pursuing advanced solutions to make attacks costly and difficult for adversaries.
Read Full Article
5 Likes
Cybersecurity-Insiders
6h
312
Cybersecurity Talent Gap
- The cybersecurity talent gap is a growing concern in the industry, with high demand for skilled professionals.
- Breaking into cybersecurity does not always require a degree but understanding industry concepts and networking is crucial.
- Learning the language of cybersecurity through courses like SSCP and CISSP can help in career growth.
- Networking with organizations like ISACA, ISC2, and others can provide guidance and job opportunities.
- Certifications such as CISSP, CISA, and CISM are recognized by employers, showcasing expertise and commitment to the field.
- Presenting on security topics and claiming your identity as a security professional can establish credibility and build connections.
- Cybersecurity offers diverse career paths, allowing professionals to specialize in areas like governance, technical specialties, or security education.
- Persistence, continuous learning, and networking are essential for success in the cybersecurity field.
- The industry values talented and passionate professionals who aim to protect systems and make a difference.
- Initiating the journey into cybersecurity requires starting with learning the language, joining communities, and embracing the challenges ahead.
Read Full Article
18 Likes
Medium
6h
0
Image Credit: Medium
Toy Portraits: Creativity? Danger? Or Just Fun?
- Prompt, images, and interactions provided to AI models can be used for further training, unless opted out.
- AI systems contextualize and build reflections of users' identity without permission.
- AI-generated media raises concerns about consent, ownership, and transparency.
- AI can be misused for activities like deepfakes, misinformation, identity fraud, and targeted phishing attacks.
Read Full Article
Like
Dynamicbusiness
6h
330
Image Credit: Dynamicbusiness
How SMBs can take the complexity out of data compliance
- Cyber security and data privacy are critical challenges for SMBs in Australia, with reported data breaches hitting a three-and-a-half-year high.
- Recent legislation changes will require 92% of SMBs to comply with regulations on handling personal information, emphasizing the importance of data privacy.
- Businesses collecting and processing personal data must be transparent to build customer trust and comply with laws.
- Around half a million SMBs are unaware of their obligation to inform customers about data collection, risking legal and reputational damage.
- To enhance data security, SMBs should update software, adopt unified technology stacks, and provide employee training on cybersecurity threats.
- Implementing role-based access controls, regular audits, multi-factor authentication, and encrypted backups are essential for safeguarding sensitive data.
- Having a privacy policy that clearly outlines data handling practices is crucial for compliance and building customer trust.
- Less than half of SMBs have a clear and enforced privacy policy, highlighting the need for businesses to prioritize and maintain such policies.
- A proactive approach to data protection, including regular policy reviews and updates, helps SMBs mitigate risks and establish a positive brand image.
- Prioritizing data privacy not only enhances security but also fosters customer loyalty and trust, contributing to long-term business success.
Read Full Article
19 Likes
For uninterrupted reading, download the app