A naukri.com initiative
Cyber Security News
SiliconCanals
1M
45
Image Credit: SiliconCanals
UK’s ThreatSpike lands €12.2M: Wife-husband duo Kate and Adam Blake on ending a 14-year bootstrapping run and simplifying enterprise cybersecurity
- London-based cybersecurity provider ThreatSpike secures €12.2M in Series A funding led by Expedition Growth Capital, supporting global expansion and team growth.
- Expedition Growth Capital praised ThreatSpike for high customer satisfaction and referred growth, with Will Sheldon and Emily Orton joining the board of directors.
- The funding will facilitate hiring across engineering, security operations, and go-to-market teams, aiming for a 75-person team by year-end.
- ThreatSpike's platforms, such as ThreatSpike Blue and ThreatSpike Red, offer managed detection, response and unlimited penetration testing.
- Founded in 2011 by Adam and Kate Blake, ThreatSpike addresses cybersecurity fragmentation by standardising threat detection and investigation.
- The company simplifies cybersecurity through AI-driven real-time threat monitoring and response, enhancing incident triage and resolution efficiency.
- Having been bootstrapped for 14 years, ThreatSpike emphasizes the struggle in scaling due to financial constraints and the vendors' complex cybersecurity product offerings.
- Adam Blake highlights industry failures in delivering straightforward cybersecurity solutions, pointing out vendors' fragmented toolsets and unclear coverage.
- ThreatSpike serves over 200 customers worldwide, including industry leaders in various sectors, aiming to mitigate cybersecurity challenges with streamlined solutions.
Read Full Article
2 Likes
Nvidia
1M
9
Image Credit: Nvidia
Bring Receipts: New NVIDIA AI Blueprint Detects Fraudulent Credit Card Transactions With Precision
- Financial losses from worldwide credit card transaction fraud are projected to reach more than $403 billion over the next decade.
- New NVIDIA AI Blueprint for financial fraud detection launched at Money20/20 conference, offering a reference example for financial institutions to improve accuracy and reduce false positives in detecting and preventing credit card transaction fraud.
- Businesses embracing comprehensive machine learning tools can observe up to a 40% improvement in fraud detection accuracy, with leading financial organizations like American Express and Capital One already utilizing AI to combat fraud and enhance customer protection.
- The NVIDIA AI Blueprint accelerates model training and inference, integrates accelerated computing and graph neural networks for fraud detection, and enhances the XGBoost ML model with NVIDIA CUDA-X Data Science libraries to reduce false positives.
Read Full Article
Like
Dev
1M
130
Image Credit: Dev
Choosing Between JWKS and Token Introspection for OAuth 2.0 Token Validation
- When validating access tokens in OAuth 2.0, the options of using JWKS or Token Introspection (RFC 7662) are common.
- JWKS validates JWTs locally by using public keys from the authorization server's JWKS endpoint.
- Token Introspection validates tokens (opaque or JWTs) by querying the authorization server; provides real-time status but requires a network call.
- Comparing factors like token type, performance, scalability, security, and use case can guide the selection between JWKS and Token Introspection.
- JWKS is suitable for high-traffic distributed systems with JWTs, while Token Introspection works well for centralized systems with opaque tokens and real-time revocation needs.
- A hybrid approach that combines JWKS and Token Introspection can optimize performance and handle various use cases effectively.
- For JWTs, JWKS provides fast and decentralized validation after caching keys, while introspection is preferred for real-time revocation checks.
- OAuth providers like Auth0, Google, Keycloak, and Okta offer support for both JWKS and introspection, allowing flexibility in implementation based on system requirements.
- Factors like token type, revocation criticality, performance needs, and provider support should drive the decision-making process when choosing between JWKS and Token Introspection for token validation in OAuth 2.0.
- Understanding the needs of the system in terms of token type, validation performance, revocation checks, and architectural setup is crucial in selecting the appropriate validation method for secure and efficient token handling.
Read Full Article
7 Likes
Medium
1M
135
Image Credit: Medium
AI progress: why ‘miniaturization’ of LLM models will lead to a cybersecurity nightmare
- AI progress is leading to potential cybersecurity nightmares, particularly due to the miniaturization of Language Model (LLM) models.
- The next wave of cybersecurity threats may arise not from increased performance of AI models, but from the shrinking size of these models.
- As compression techniques improve, it is possible to have powerful AI models as small as 50mb, making it easier for criminals to distribute malicious agents.
- To address these challenges, a rethinking of how operating systems run and access resources, along with improved security measures like sandboxing, will be crucial in safeguarding against potential cyber threats posed by miniaturized AI models.
Read Full Article
8 Likes
Pymnts
1M
347
Image Credit: Pymnts
Report: Coinbase Learned of Data Breach in January
- Coinbase was aware of a data breach at an outsourcing company back in January, which was publicly disclosed in a filing with the SEC on May 14.
- The breach was discovered when an employee from the outsourcing company in India was found taking photos of data on her work computer.
- Cybercriminals attempted to extort Coinbase for $20 million after a 'small group' of company insiders copied data from customer support tools.
- Coinbase initiated measures like firing compromised employees, setting up a reward fund, and reimbursing customers tricked by cybercriminals, with potential costs estimated between $180 million and $400 million.
Read Full Article
20 Likes
Siliconangle
1M
60
Image Credit: Siliconangle
Illumio and Nvidia team up to strengthen zero trust security for critical infrastructure
- Illumio Inc. collaborated with Nvidia Corp. to enhance zero trust security for critical infrastructure by integrating Nvidia BlueField networking platform with Illumio’s breach containment platform.
- The integration allows for comprehensive visibility into network dependencies, precise security controls, and increased protection of critical assets using Nvidia BlueField data processing units as zero trust enforcement points.
- Benefits include improved visibility and policy enforcement between IT and OT layers, rapid deployment of zero trust segmentation, enhanced compliance, and operational resilience across converged IT/OT systems.
- The collaboration aims to reduce cyber risks, contain attacks, and strengthen operational resilience by combining the capabilities of Illumio and Nvidia BlueField platforms.
Read Full Article
3 Likes
Siliconangle
1M
383
Image Credit: Siliconangle
Microsoft and CrowdStrike collaborate on shared threat actor mapping system
- CrowdStrike Holdings Inc. and Microsoft Corp. have announced a collaboration to address confusion in identifying and tracking cyberthreat actors across security platforms.
- The partnership will establish a shared mapping system to align adversary attribution across their threat intelligence ecosystems, reducing ambiguity caused by inconsistent naming.
- The collaboration aims to provide clarity in adversary identification, help defenders make faster decisions, correlate threat intelligence, and disrupt threat actor activity effectively.
- CrowdStrike and Microsoft have already 'deconflicted' more than 80 adversaries and plan to expand the effort by inviting other partners to contribute to a shared threat actor mapping resource.
Read Full Article
23 Likes
Medium
1M
378
Image Credit: Medium
Social Media and its Effect on Mental Health
- Excessive use of social media has been linked to negative impacts on mental health, including stress, anxiety, depression, and body image issues.
- Approximately 20% of social media users feel the need to check their accounts every three hours to avoid feeling anxious, leading to what is known as social media anxiety disorder.
- Young children and adults are vulnerable to unrealistic expectations portrayed on social media, which can lead to dissatisfaction with their own lives and mental health issues.
- Constant exposure to curated lifestyles and global news on social media can contribute to feelings of inadequacy and depression among users.
Read Full Article
22 Likes
Medium
1M
410
Image Credit: Medium
How many cases of sextortion are there within a year? How can I avoid it?
- Sextortion is a form of sexual exploitation involving blackmail using sexual images to manipulate individuals into certain actions.
- The first in-depth study of sextortion in 2016 revealed 78 perpetrators and over 3,000 victims, while the National Crime Agency reported 1,304 cases in 2017.
- In 2018, an additional report suggested 124 alleged perpetrators and numerous victims, indicating that many cases may go unreported.
- Sextortion can occur on various social media platforms, with hackers targeting large groups, leading to a significant impact despite the gap between perpetrators and victims.
Read Full Article
24 Likes
Medium
1M
378
Image Credit: Medium
Simp App Review: Simp App = Simply No
- Simp app has been raising privacy concerns as it tracks users' location and collects a variety of personal data, including contacts and usage data.
- The app's privacy policy reveals that it may infer users' location using their IP address if access to location data is not provided.
- Despite its popularity among younger audiences, the app's privacy practices have come under scrutiny due to vague policies and concerns about data handling.
- Users are advised to review app privacy policies before downloading and consider alternatives if privacy risks are too high, especially regarding personal information protection.
Read Full Article
22 Likes
Dev
1M
266
Image Credit: Dev
Cybersecurity for Small Businesses: A Complete Guide
- Small businesses are increasingly targeted by cyberattacks due to their valuable data and potential vulnerabilities without a full IT security team.
- Common cyber threats faced by small businesses include phishing emails, ransomware, data breaches, and insider threats.
- Simple steps to strengthen cybersecurity include using strong passwords, updating software regularly, training staff, backing up data, and using firewalls and antivirus protection.
- Consider choosing a security provider for managed security services and comply with industry regulations like HIPAA or GDPR for data protection.
Read Full Article
16 Likes
VentureBeat
1M
94
Image Credit: VentureBeat
Google quietly launches AI Edge Gallery, letting Android phones run AI without the cloud
- Google has quietly launched the AI Edge Gallery, an experimental Android app that allows users to run AI models directly on their smartphones without internet connection.
- AI Edge Gallery enables tasks like image analysis, text generation, and coding assistance while ensuring data processing remains local.
- The app, available through GitHub, aims to democratize AI access and address privacy concerns related to cloud-based AI services.
- Built on Google’s LiteRT and MediaPipe frameworks, the app supports various machine learning frameworks and is optimized for mobile devices.
- The Gemma 3 model in the app offers efficient language processing and quick response times for tasks such as text generation and image analysis.
- AI Chat, Ask Image, and Prompt Lab are core capabilities of the app, allowing users to perform a variety of tasks offline.
- The on-device processing approach enhances data privacy and compliance with regulations, particularly in sensitive industries like healthcare and finance.
- However, the shift to on-device processing raises new security concerns, requiring organizations to focus on protecting devices and AI models.
- Google's platform approach with AI Edge Gallery differs from competitors, focusing on infrastructure rather than proprietary features.
- While the app faces limitations such as performance variations and installation complexities, it represents a significant shift in AI deployment towards edge computing and privacy-focused strategies.
Read Full Article
5 Likes
Hackernoon
1M
405
Image Credit: Hackernoon
INE Alert: $16.6 Billion In Cyber Losses Underscore Critical Need For Advanced Security Training
- INE Security emphasizes the urgent need for technical cybersecurity professionals to combat cyber threats after record losses of $16.6 billion in 2024 were reported by the FBI.
- Organizations face complex technical challenges such as ransomware evolution, post-compromise detection, and cryptocurrency attacks, requiring specialized skills in threat detection, response, and forensics.
- INE Security offers advanced training programs focusing on threat detection labs, incident response, forensics training, threat hunting methodologies, and industry-specific attack simulations to address the escalating cybersecurity threats.
- The value of skilled security professionals in proactive threat hunting and rapid response capabilities is highlighted, with INE Security providing tailored enterprise training solutions to help organizations enhance their security measures.
Read Full Article
24 Likes
Mcafee
1M
207
Image Credit: Mcafee
How to Protect Your Crypto After the Coinbase Breach
- Coinbase recently experienced a data breach impacting nearly 70,000 users due to insider wrongdoing.
- Sensitive personal information was exposed, leading to potential follow-on attacks and identity theft risks.
- Compromised data includes personal identifiers, financial information, identity documents, and account activity.
- Coinbase refused to pay a $20 million ransom demanded by the attackers and set up a reward fund for their capture.
- The company notified affected users, enhanced defenses, and is collaborating with law enforcement agencies.
- Coinbase users are advised to enable strong two-factor authentication and be cautious of imposters.
- McAfee offers additional safeguards like Scam Detector, reducing digital footprint, and Identity Monitoring.
- Protective measures against identity theft include Transaction Monitoring, Credit Monitoring, and Security Freeze.
- The breach underscores the importance of personal security measures in the digital realm to prevent scams and identity theft.
Read Full Article
12 Likes
Tech Radar
1M
297
Image Credit: Tech Radar
That's a new one: Iranian hackers pretend to be a modelling agency to try and steal user details
- Iranian hackers attempted to steal user details by pretending to be a German modelling agency, as reported by Palo Alto Networks’ Unit 42.
- The malicious website spoofed a legitimate modelling agency website, using obfuscated JavaScript to capture visitor information like browser details and IP addresses.
- The goal of the attack was likely selective targeting based on device and network-specific data collected from visitors.
- Unit 42 speculates that the Iranian threat actors involved could be associated with groups like Agent Serpens or APT35 for potential future attacks involving malware or credential theft.
Read Full Article
17 Likes
For uninterrupted reading, download the app