A naukri.com initiative
Cyber Security News
The Register
2d
208
Image Credit: The Register
Attackers pwn charter airline helping Trump's deportation campaign
- GlobalX, a charter airline utilized for deportations by the US government, faced a cybersecurity breach in its network infrastructure.
- The incident was discovered on May 5, 2025, prompting the activation of response protocols and engagement of cybersecurity experts for containment and investigation.
- Masimo, a healthtech company, also reported a cyber incident impacting its operations, causing disruptions in manufacturing and order processing.
- GlobalX's cybersecurity breach potentially involved theft of flight records and manifests, including those related to deportation flights, with ongoing investigations into the extent of the attack.
Read Full Article
12 Likes
Pymnts
2d
55
Image Credit: Pymnts
Data Security Guardrails Critical Regardless of Open Banking Rule’s Fate
- The fate of the Consumer Financial Protection Bureau's open banking rule remains uncertain under the Trump administration.
- The rule 1033 mandates secure data-sharing practices and prohibits fees for data access, with implementation stretching from 2026 to 2030.
- Banks are concerned about data security responsibilities and the prohibition on charging fees for data access, as stated in a lawsuit.
- Despite regulatory uncertainties, open banking evolution continues driven by market forces, focusing on improving security and financial structures.
Read Full Article
3 Likes
Medium
2d
137
Image Credit: Medium
Weird Leak? Favicon Caching Might Be Exposing You
- Modern browsers store favicon data in persistent caches that may not get cleared even in private or incognito mode.
- Some sites pull favicons from third-party domains, potentially exposing users' visits to these sites.
- Favicon caching could be used as a fingerprintable vector in conjunction with other metadata leaks for tracking purposes.
- Community discussion is ongoing on whether to actively block or route favicons to prevent potential privacy risks.
Read Full Article
8 Likes
Tech Radar
2d
125
Image Credit: Tech Radar
German consumer protection group calls on Meta to halt its AI training in the EU – will other countries follow suit?
- A German consumer protection group is calling on Meta to halt its AI training plans in the EU.
- All public posts and user interactions are set to feed Meta AI starting from May 27, 2025, with EU users needing to actively opt out.
- Privacy advocates express concerns over the legality of Meta's AI training under GDPR, questioning the use of personal data for training without explicit consent.
- Other European consumer groups and privacy authorities might take action against Meta AI as Austrian privacy advocacy group noyb raises compliance issues with EU data protection laws.
Read Full Article
7 Likes
Tech Radar
2d
35
Image Credit: Tech Radar
CPU microcode hack could infect processors with ransomware directly
- A security researcher from Rapid7 created a Proof of Concept for CPU ransomware that infects the computer's CPU, making it undetectable by antivirus programs.
- The ransomware would persist on the device even after the hard drive is replaced, ensuring its continued presence.
- The Proof of Concept is not expected to be released to the public, as confirmed by the researcher Christiaan Beek.
- Ransomware continues to pose a significant threat to businesses, with a recent study showing widespread impact and financial losses due to ransomware attacks.
Read Full Article
2 Likes
Cybersecurity-Insiders
2d
342
Image Credit: Cybersecurity-Insiders
What should we learn from International Anti Ransomware Day
- International Anti-Ransomware Day is observed annually on May 12th to raise awareness and promote prevention measures against ransomware attacks.
- Lessons from the day include emphasizing prevention through regular updates and strong security measures, highlighting the importance of secure backups, raising awareness about cybersecurity for all users, and discouraging ransom payments.
- The day commemorates the WannaCry attack and underscores the need for collaboration among governments, agencies, and organizations to combat cybercrime effectively.
- Education on cybersecurity and the implementation of policies to enhance cyber resilience are crucial in mitigating ransomware threats, emphasizing that cybersecurity is a shared responsibility for individuals and organizations.
Read Full Article
20 Likes
Tech Radar
2d
295
Image Credit: Tech Radar
Google to pay $1.4 billion in unauthorized biometric data collection and geo-tracking lawsuits
- Google will pay $1.375 billion to Texas to settle lawsuits over unauthorized tracking and data collection.
- Unauthorized practices included tracking geolocation without consent, collecting biometrics, and tracking incognito searches.
- This settlement marks Google's biggest state payout for data privacy issues.
- The settlement serves as a warning to companies about the consequences of abusing user trust.
Read Full Article
17 Likes
TechBullion
2d
248
Image Credit: TechBullion
NymVPN: A Privacy-Powered VPN Backed by Privacy Icons
- NymVPN is a decentralized VPN app aiming to enhance security and privacy online by utilizing a decentralized mix network (mixnet) to encrypt metadata and content.
- It differs from traditional VPNs by offering multi-hop architecture which routes data through multiple nodes, enhancing anonymity and privacy protection.
- NymVPN provides two privacy protection levels: 'Fast' mode routes data through two independent proxy nodes, while 'Anonymous' mode routes through a Noise Generating Mixnet with five hops for higher anonymity.
- The mixnet mode introduces 'noise' to combat network surveillance, enhancing data privacy by shuffling data packets and making online activities untraceable.
- By dispersing metadata across a decentralized network of nodes, NymVPN minimizes the risk of tracking by advertisers and other online entities, ensuring enhanced privacy protection.
- Node operators in the NymVPN network are incentivized with NYM tokens to maintain network reliability, security, and performance.
- With over 600 nodes in approximately 60 countries, NymVPN offers a global decentralized system prioritizing security and privacy for users worldwide.
- Its multi-hop mixnet architecture provides robust protection against cyber threats and third-party surveillance, making it an attractive option for those concerned about online privacy.
- NymVPN supports various operating systems like Android, iOS, Windows, macOS, and Linux, making it accessible to users across different devices.
- In a digital age plagued by data vulnerabilities and privacy issues, NymVPN stands out as a secure alternative to traditional VPNs, offering uncompromised privacy and protection for online activities.
Read Full Article
14 Likes
Tech Radar
2d
248
Image Credit: Tech Radar
This DOGE workers' credentials have allegedly been exposed by infostealing malware
- A DOGE worker's personal computer was allegedly compromised by infostealer malware multiple times, leading to concerns about US government's security practices.
- Researcher Micah Lee found the data of the supposed DOGE software engineer in four different infostealer logs.
- However, not everyone agrees with Lee's assessment, with Alon Gal from Hudson Rock stating that the employee was not infected by malware.
- Recent scrutiny on US government employees' security hygiene stems from various incidents, including the Signal fiasco involving Mike Waltz.
Read Full Article
14 Likes
Medium
2d
197
What You Should Learn Now to Be Relevant in 2030
- By 2030, AI and ML will be essential in every industry, from tech to healthcare to finance to education.
- Cloud computing has become integral, allowing access to data and services over the internet without complex hardware.
- Cybersecurity will be in great demand due to the increase in digital threats and attacks on networks, devices, and data.
- Data science plays a crucial role in analyzing data to predict trends and make smart decisions, influencing services like YouTube and food delivery apps.
Read Full Article
11 Likes
Securityaffairs
2d
63
Image Credit: Securityaffairs
Threat actors use fake AI tools to deliver the information stealer Noodlophile
- Threat actors are using fake AI tools to distribute the information stealer Noodlophile, as warned by Morphisec researchers.
- Attackers exploit the AI hype through viral posts and Facebook groups to trick users into downloading Noodlophile Stealer, a new malware that steals browser credentials and crypto wallets.
- Noodlophile Stealer, a previously undisclosed malware, is being sold on cybercrime forums as part of malware-as-a-service schemes and is often bundled with tools for credential theft.
- Fake AI tools like 'Dream Machine' or 'CapCut' spread through social media, attracting users seeking free video/image editors, but instead delivering malware like Noodlophile or XWorm.
Read Full Article
3 Likes
Tech Radar
2d
15
Image Credit: Tech Radar
These North Korean IT workers have been infiltrating Western businesses since 2016
- North Korean hackers have been infiltrating Western firms by impersonating job applicants since 2016 as part of the Nickel Tapestry campaign.
- The fraudulent job applicants target European and Japanese organizations by posing as professionals from various countries and industries, including defense, aerospace, and cybersecurity.
- The hackers aim to fund the government interests of North Korea and have been involved in record-breaking crypto scams, earning the Lazarus hacking group $1.5 billion.
- Organizations are advised to be vigilant in verifying candidate identities, conducting thorough checks on CVs and addresses, and considering in-person interviews to prevent such infiltrations.
Read Full Article
Like
Tech Radar
2d
43
Image Credit: Tech Radar
Outdated and unsecured IoT devices are a serious risk for UK businesses
- IoT devices in the enterprise pose a significant security risk, according to a report commissioned by the UK government.
- The report highlighted that many organizations are running outdated software and are not following security standards.
- Vulnerabilities were found that could lead to remote code execution attacks, potentially allowing threat actors to gain full control over devices.
- The majority of tested devices were found to have insecure configurations, with some running highly privileged processes that could lead to serious consequences in case of a breach.
Read Full Article
2 Likes
Siliconangle
2d
82
Image Credit: Siliconangle
Commvault teams with Deloitte to strengthen enterprise cyber resilience
- Commvault Systems Inc. has formed a strategic alliance with Deloitte & Touche LLP to enhance cyber resilience and incident response.
- The collaboration integrates Commvault's data protection technologies with Deloitte's cyber defense expertise to provide protection across all stages of a cyber incident.
- They address the increasing need for incident response and comprehensive cyber resilience strategies as cyber threats evolve.
- The alliance offers proactive prevention, detection, response, and recovery capabilities to safeguard critical assets and ensure operational integrity.
Read Full Article
4 Likes
Tech Radar
2d
333
Image Credit: Tech Radar
Most businesses can't fill cyber roles leaving huge gaps in defense
- Most businesses are struggling to fill vacant roles for cybersecurity professionals, leaving significant gaps in their defenses.
- Cisco's 2025 Cybersecurity Readiness Index report, based on a survey of 8,000 security and business leaders, highlights the critical shortage of skilled cybersecurity professionals.
- Investing in AI-driven solutions, simplifying security infrastructures, and enhancing AI threat awareness are recommended to address the talent shortage in cybersecurity roles.
- Cisco warns that only 4% of organizations worldwide are mature enough to effectively withstand today's cybersecurity threats, highlighting the need for enhanced cybersecurity measures.
Read Full Article
11 Likes
For uninterrupted reading, download the app