Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Dev

130

Image Credit: Dev

Choosing Between JWKS and Token Introspection for OAuth 2.0 Token Validation

When validating access tokens in OAuth 2.0, the options of using JWKS or Token Introspection (RFC 7662) are common.
JWKS validates JWTs locally by using public keys from the authorization server's JWKS endpoint.
Token Introspection validates tokens (opaque or JWTs) by querying the authorization server; provides real-time status but requires a network call.
Comparing factors like token type, performance, scalability, security, and use case can guide the selection between JWKS and Token Introspection.
JWKS is suitable for high-traffic distributed systems with JWTs, while Token Introspection works well for centralized systems with opaque tokens and real-time revocation needs.
A hybrid approach that combines JWKS and Token Introspection can optimize performance and handle various use cases effectively.
For JWTs, JWKS provides fast and decentralized validation after caching keys, while introspection is preferred for real-time revocation checks.
OAuth providers like Auth0, Google, Keycloak, and Okta offer support for both JWKS and introspection, allowing flexibility in implementation based on system requirements.
Factors like token type, revocation criticality, performance needs, and provider support should drive the decision-making process when choosing between JWKS and Token Introspection for token validation in OAuth 2.0.
Understanding the needs of the system in terms of token type, validation performance, revocation checks, and architectural setup is crucial in selecting the appropriate validation method for secure and efficient token handling.

Read Full Article

7 Likes

Medium

135

Image Credit: Medium

AI progress: why ‘miniaturization’ of LLM models will lead to a cybersecurity nightmare

AI progress is leading to potential cybersecurity nightmares, particularly due to the miniaturization of Language Model (LLM) models.
The next wave of cybersecurity threats may arise not from increased performance of AI models, but from the shrinking size of these models.
As compression techniques improve, it is possible to have powerful AI models as small as 50mb, making it easier for criminals to distribute malicious agents.
To address these challenges, a rethinking of how operating systems run and access resources, along with improved security measures like sandboxing, will be crucial in safeguarding against potential cyber threats posed by miniaturized AI models.

Read Full Article

8 Likes

Pymnts

347

Image Credit: Pymnts

Report: Coinbase Learned of Data Breach in January

Coinbase was aware of a data breach at an outsourcing company back in January, which was publicly disclosed in a filing with the SEC on May 14.
The breach was discovered when an employee from the outsourcing company in India was found taking photos of data on her work computer.
Cybercriminals attempted to extort Coinbase for $20 million after a 'small group' of company insiders copied data from customer support tools.
Coinbase initiated measures like firing compromised employees, setting up a reward fund, and reimbursing customers tricked by cybercriminals, with potential costs estimated between $180 million and $400 million.

Read Full Article

20 Likes

Siliconangle

Image Credit: Siliconangle

Illumio and Nvidia team up to strengthen zero trust security for critical infrastructure

Illumio Inc. collaborated with Nvidia Corp. to enhance zero trust security for critical infrastructure by integrating Nvidia BlueField networking platform with Illumio’s breach containment platform.
The integration allows for comprehensive visibility into network dependencies, precise security controls, and increased protection of critical assets using Nvidia BlueField data processing units as zero trust enforcement points.
Benefits include improved visibility and policy enforcement between IT and OT layers, rapid deployment of zero trust segmentation, enhanced compliance, and operational resilience across converged IT/OT systems.
The collaboration aims to reduce cyber risks, contain attacks, and strengthen operational resilience by combining the capabilities of Illumio and Nvidia BlueField platforms.

Read Full Article

3 Likes

Discover more

Siliconangle

383

Image Credit: Siliconangle

Microsoft and CrowdStrike collaborate on shared threat actor mapping system

CrowdStrike Holdings Inc. and Microsoft Corp. have announced a collaboration to address confusion in identifying and tracking cyberthreat actors across security platforms.
The partnership will establish a shared mapping system to align adversary attribution across their threat intelligence ecosystems, reducing ambiguity caused by inconsistent naming.
The collaboration aims to provide clarity in adversary identification, help defenders make faster decisions, correlate threat intelligence, and disrupt threat actor activity effectively.
CrowdStrike and Microsoft have already 'deconflicted' more than 80 adversaries and plan to expand the effort by inviting other partners to contribute to a shared threat actor mapping resource.

Read Full Article

23 Likes

Medium

378

Image Credit: Medium

Social Media and its Effect on Mental Health

Excessive use of social media has been linked to negative impacts on mental health, including stress, anxiety, depression, and body image issues.
Approximately 20% of social media users feel the need to check their accounts every three hours to avoid feeling anxious, leading to what is known as social media anxiety disorder.
Young children and adults are vulnerable to unrealistic expectations portrayed on social media, which can lead to dissatisfaction with their own lives and mental health issues.
Constant exposure to curated lifestyles and global news on social media can contribute to feelings of inadequacy and depression among users.

Read Full Article

22 Likes

Medium

410

Image Credit: Medium

How many cases of sextortion are there within a year? How can I avoid it?

Sextortion is a form of sexual exploitation involving blackmail using sexual images to manipulate individuals into certain actions.
The first in-depth study of sextortion in 2016 revealed 78 perpetrators and over 3,000 victims, while the National Crime Agency reported 1,304 cases in 2017.
In 2018, an additional report suggested 124 alleged perpetrators and numerous victims, indicating that many cases may go unreported.
Sextortion can occur on various social media platforms, with hackers targeting large groups, leading to a significant impact despite the gap between perpetrators and victims.

Read Full Article

24 Likes

Medium

378

Image Credit: Medium

Simp App Review: Simp App = Simply No

Simp app has been raising privacy concerns as it tracks users' location and collects a variety of personal data, including contacts and usage data.
The app's privacy policy reveals that it may infer users' location using their IP address if access to location data is not provided.
Despite its popularity among younger audiences, the app's privacy practices have come under scrutiny due to vague policies and concerns about data handling.
Users are advised to review app privacy policies before downloading and consider alternatives if privacy risks are too high, especially regarding personal information protection.

Read Full Article

22 Likes

Dev

266

Image Credit: Dev

Cybersecurity for Small Businesses: A Complete Guide

Small businesses are increasingly targeted by cyberattacks due to their valuable data and potential vulnerabilities without a full IT security team.
Common cyber threats faced by small businesses include phishing emails, ransomware, data breaches, and insider threats.
Simple steps to strengthen cybersecurity include using strong passwords, updating software regularly, training staff, backing up data, and using firewalls and antivirus protection.
Consider choosing a security provider for managed security services and comply with industry regulations like HIPAA or GDPR for data protection.

Read Full Article

16 Likes

VentureBeat

Image Credit: VentureBeat

Google quietly launches AI Edge Gallery, letting Android phones run AI without the cloud

Google has quietly launched the AI Edge Gallery, an experimental Android app that allows users to run AI models directly on their smartphones without internet connection.
AI Edge Gallery enables tasks like image analysis, text generation, and coding assistance while ensuring data processing remains local.
The app, available through GitHub, aims to democratize AI access and address privacy concerns related to cloud-based AI services.
Built on Google’s LiteRT and MediaPipe frameworks, the app supports various machine learning frameworks and is optimized for mobile devices.
The Gemma 3 model in the app offers efficient language processing and quick response times for tasks such as text generation and image analysis.
AI Chat, Ask Image, and Prompt Lab are core capabilities of the app, allowing users to perform a variety of tasks offline.
The on-device processing approach enhances data privacy and compliance with regulations, particularly in sensitive industries like healthcare and finance.
However, the shift to on-device processing raises new security concerns, requiring organizations to focus on protecting devices and AI models.
Google's platform approach with AI Edge Gallery differs from competitors, focusing on infrastructure rather than proprietary features.
While the app faces limitations such as performance variations and installation complexities, it represents a significant shift in AI deployment towards edge computing and privacy-focused strategies.

Read Full Article

5 Likes

Hackernoon

405

Image Credit: Hackernoon

INE Alert: $16.6 Billion In Cyber Losses Underscore Critical Need For Advanced Security Training

INE Security emphasizes the urgent need for technical cybersecurity professionals to combat cyber threats after record losses of $16.6 billion in 2024 were reported by the FBI.
Organizations face complex technical challenges such as ransomware evolution, post-compromise detection, and cryptocurrency attacks, requiring specialized skills in threat detection, response, and forensics.
INE Security offers advanced training programs focusing on threat detection labs, incident response, forensics training, threat hunting methodologies, and industry-specific attack simulations to address the escalating cybersecurity threats.
The value of skilled security professionals in proactive threat hunting and rapid response capabilities is highlighted, with INE Security providing tailored enterprise training solutions to help organizations enhance their security measures.

Read Full Article

24 Likes

Mcafee

207

Image Credit: Mcafee

How to Protect Your Crypto After the Coinbase Breach

Coinbase recently experienced a data breach impacting nearly 70,000 users due to insider wrongdoing.
Sensitive personal information was exposed, leading to potential follow-on attacks and identity theft risks.
Compromised data includes personal identifiers, financial information, identity documents, and account activity.
Coinbase refused to pay a $20 million ransom demanded by the attackers and set up a reward fund for their capture.
The company notified affected users, enhanced defenses, and is collaborating with law enforcement agencies.
Coinbase users are advised to enable strong two-factor authentication and be cautious of imposters.
McAfee offers additional safeguards like Scam Detector, reducing digital footprint, and Identity Monitoring.
Protective measures against identity theft include Transaction Monitoring, Credit Monitoring, and Security Freeze.
The breach underscores the importance of personal security measures in the digital realm to prevent scams and identity theft.

Read Full Article

12 Likes

Tech Radar

297

Image Credit: Tech Radar

That's a new one: Iranian hackers pretend to be a modelling agency to try and steal user details

Iranian hackers attempted to steal user details by pretending to be a German modelling agency, as reported by Palo Alto Networks’ Unit 42.
The malicious website spoofed a legitimate modelling agency website, using obfuscated JavaScript to capture visitor information like browser details and IP addresses.
The goal of the attack was likely selective targeting based on device and network-specific data collected from visitors.
Unit 42 speculates that the Iranian threat actors involved could be associated with groups like Agent Serpens or APT35 for potential future attacks involving malware or credential theft.

Read Full Article

17 Likes

Macdailynews

225

Image Credit: Macdailynews

Apple TV is privacy advocates’ go-to streaming device

Apple TV boxes stand out in terms of privacy protection by avoiding automatic content recognition tracking unlike competitors like Roku, Amazon Fire TV, and Google TV.
During setup, users of Apple TV have the option to disable features like Siri, location tracking, and analytics data sharing, providing better control over their privacy settings.
Apple's business model does not rely on selling targeted ads, which leads to less data harvesting and monetization compared to other tech companies, earning them more trust in handling user data according to RJ Cross from PIRG.
Apple TV is favored by privacy-conscious users for its strong privacy protections, making it a go-to streaming device for those who prioritize safeguarding their personal data.

Read Full Article

13 Likes

TechBullion

279

Image Credit: TechBullion

How aosu Surveillance Cameras Help Prevent Crime in Your Neighborhood

Neighborhood safety has become a growing concern due to crimes like theft and vandalism.
Traditional security measures are no longer sufficient to provide adequate protection.
aosu surveillance cameras offer advanced technology to prevent crime and enhance security in residential neighborhoods.
These cameras provide real-time monitoring, deterrence, and interaction, making them a versatile and cost-effective security solution.

Read Full Article

16 Likes

100

For uninterrupted reading, download the app