menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

1M

read

326

img
dot

Image Credit: Tech Radar

Microsoft 365 accounts are under attack from new malware spoofing popular work apps

  • Hackers are using stolen email addresses to distribute malicious OAuth Apps.
  • The apps impersonate popular cloud and productivity apps, such as Adobe Drive and DocuSign.
  • Users who install these apps are prompted to grant specific permissions.
  • Once granted, the apps redirect to phishing landing pages to steal login credentials and deliver malware.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

1M

read

277

img
dot

Image Credit: Medium

AI in cybersecurity

  • AI is transforming cybersecurity by enhancing threat detection, response, and prevention.
  • AI enables anomaly detection, monitoring, and real-time response to potential threats.
  • Automated incident response provided by AI helps mitigate attacks efficiently.
  • Real-life examples of AI in cybersecurity include Darktrace and Synack.

Read Full Article

like

16 Likes

share

3 Shares

source image

Gizchina

1M

read

98

img
dot

Image Credit: Gizchina

Essential Steps to Take After Setting Up Windows 11

  • Setting up a new Windows 11 PC involves essential steps post initial setup for optimization.
  • Securing your PC with a Microsoft Account is recommended for better security and recovery options.
  • Removing unwanted apps and shortcuts, including those from third parties, helps declutter your PC.
  • Enabling Windows Sandbox for security allows testing software in a secure environment.
  • Customizing the Start Menu, cleaning up the Taskbar, and backing up the BitLocker recovery key are important.
  • Adjusting privacy settings and configuring Windows updates are crucial for data security.
  • Setting up file backups using OneDrive, File History, or an external drive prevents data loss.
  • Optimizing power settings improves battery life or performance, especially for laptops.
  • These steps enhance the Windows 11 experience with better security, privacy, and efficiency.
  • Taking the time to adjust these settings now can prevent issues and frustration later on.

Read Full Article

like

5 Likes

share

1 Share

source image

Dev

1M

read

156

img
dot

Image Credit: Dev

What Is Zero-Knowledge Storage? (And Why Your App Needs It)

  • Zero-knowledge cloud storage ensures that only the user, not even the service provider, can access the data, eliminating third-party access risks.
  • Encryption in zero-knowledge storage is done locally on the user's device before being uploaded, ensuring the cloud provider never sees the raw data.
  • Unlike traditional cloud providers that retain decryption keys, zero-knowledge storage prevents access to data by anyone other than the user.
  • Zero-knowledge storage is crucial for applications handling sensitive information and GDPR-compliant storage needs.
  • Traditional cloud services like Google Drive and Dropbox use server-side encryption, potentially allowing provider access to data.
  • Zero-knowledge encryption eliminates risks of data breaches and unauthorized access, ensuring data privacy and security.
  • Zero-knowledge storage aligns with GDPR principles like data ownership, encryption, and the right to be forgotten.
  • In healthcare, zero-knowledge storage aids HIPAA compliance through end-to-end encryption and access control mechanisms.
  • Zero-knowledge storage offers full user control over encryption keys, protecting against data breaches and insider threats.
  • ByteHide Storage provides true zero-knowledge encryption, ensuring GDPR compliance and user data privacy.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

1M

read

277

img
dot

Image Credit: Tech Radar

Many workers are overconfident at spotting phishing attacks

  • Many employees who are confident in their ability to spot phishing emails fall victim to such scams, according to a report from KnowBe4.
  • Despite 86% of respondents believing they can confidently identify phishing emails, over half (53%) have been victimized by social engineering scams.
  • South African employees have the highest confidence levels and scam victimization rates (68%), while UK employees reported the lowest scam victim rate (43%). The vulnerability is increasing in regions with historically high confidence levels.
  • To combat phishing and social engineering, training is crucial, and fostering a transparent security culture is important. The Dunning-Kruger effect, where people overestimate their abilities, is prevalent in cybersecurity.

Read Full Article

like

16 Likes

share

3 Shares

source image

TechCrunch

1M

read

318

img
dot

Image Credit: TechCrunch

UK’s internet watchdog puts storage and file-sharing services on watch over CSAM

  • The internet watchdog, Ofcom, has launched a new enforcement program under the U.K.'s Online Safety Act (OSA) focused on online storage and file-sharing services.
  • File-sharing and file-storage services are deemed particularly susceptible to being used for the sharing of child sexual abuse material (CSAM).
  • Ofcom has written to several of these services, requesting information on the safety measures they have implemented or plan to implement to tackle CSAM.
  • Failure to comply with the OSA could result in penalties of up to 10% of global annual turnover.

Read Full Article

like

19 Likes

share

4 Shares

source image

Blockonomi

1M

read

62

img
dot

Image Credit: Blockonomi

Don’t Take the Bait: Coinbase & Gemini Exchange Users Targeted by Phishing Attack

  • Coinbase and Gemini exchange users are being targeted by a phishing attack.
  • Scammers are sending mass phishing emails claiming mandatory wallet transfers by April 1.
  • The scammers provide pre-generated recovery phrases that give them control of transferred funds.
  • Coinbase has warned users that they will never send recovery phrases to customers.

Read Full Article

like

3 Likes

share

Share

source image

Securityaffairs

1M

read

58

img
dot

Image Credit: Securityaffairs

Researcher releases free GPU-Based decryptor for Linux Akira ransomware

  • A security researcher has released a free decryptor for Linux Akira ransomware that uses GPU power to recover keys through brute force.
  • The researcher, Yohanes Nugroho, implemented a decryption technique that exploits the use of timestamp-based seeds by Akira ransomware to generate unique encryption keys for each file.
  • By analyzing log files, file metadata, and hardware benchmarks, the researcher estimated encryption timestamps, making the brute-forcing of decryption keys more efficient.
  • To speed up the process, Nugroho used sixteen RTX 4090 GPUs through cloud GPU services, reducing the decryption time to 10 hours.

Read Full Article

like

3 Likes

share

Share

source image

Eu-Startups

1M

read

259

img
dot

Adara Ventures announces first close of €100 million Adara Ventures IV Fund

  • Adara Ventures, the Madrid-based VC firm, has announced the first close of its fourth flagship fund, AV4, with a target of €100 million in capital commitments.
  • AV4 reinforces Adara Ventures' focus on strategic sectors including cybersecurity, applied AI, digital infrastructure, hardware components, digital health, and space.
  • The firm has also secured over €140 million in commitments for Adara Ventures Energy (AVE), its Pan-European fund dedicated to energy transition technologies.
  • Adara Ventures has invested in over 50 companies, including notable exits such as AlienVault, PlayGiga, and Seedtag.

Read Full Article

like

15 Likes

share

3 Shares

source image

The Fintech Times

1M

read

102

img
dot

AI and Real-Time Transaction Monitoring: SEON Identifies Keys to Combatting Fraud in 2025

  • SEON, the digital fraud prevention and compliance firm, has published its ‘2025 Digital Fraud Report' highlighting the keys to combating fraud in 2025.
  • The report reveals that businesses may lose a significant portion of their revenue to fraud due to operational inefficiencies, compliance penalties, and customer attrition.
  • To counter fraud, firms believe a combination of the right people and technology, real-time transaction monitoring, and the development of AI is crucial.
  • While AI is seen as an effective tool in reducing the need for human oversight, real-time transaction monitoring is identified as the most important component in fraud prevention strategies.

Read Full Article

like

6 Likes

share

1 Share

source image

VoIP

1M

read

322

img
dot

Image Credit: VoIP

CelcomDigi and PayNet Partner to Boost Digital Transaction Security

  • CelcomDigi and PayNet have partnered to enhance digital transaction security in Malaysia.
  • PayNet will utilize CelcomDigi's open network APIs to strengthen the security framework for its payment services.
  • The partnership enables the use of SIM-based authentication for DuitNow P2P transfer service, adding an extra layer of security.
  • CelcomDigi will collaborate with Malaysia's National Scam Response Centre to receive real-time fraud intelligence for prompt action against scams.

Read Full Article

like

19 Likes

share

4 Shares

source image

Silicon

1M

read

331

img
dot

Image Credit: Silicon

Medusa Ransomware Hits Critical Infrastructure

  • The Medusa ransomware has affected more than 300 organisations in critical infrastructure in the US alone from 2021 up to last month, according to the Cybersecurity and Infrastructure Security Agency (CISA).
  • The group's developers demand ransoms of $100,000 to $15 million, in double-extortion attacks, pressuring organisations to restore encrypted data and prevent exfiltrated data from being published online.
  • Symantec has warned of an increase in Medusa attacks, with an increase of 42% between 2023 and 2024 and twice as many incidents in January and February compared to the previous year.
  • CISA advises organisations to mitigate ransomware by patching security vulnerabilities, segmenting networks, and filtering network traffic to block access from unknown or untrusted sources.

Read Full Article

like

19 Likes

share

4 Shares

source image

Dev

1M

read

31

img
dot

Image Credit: Dev

Enhancing Endpoint Security with Microsoft Intune and Microsoft Copilot for Security

  • Microsoft Intune is a cloud-based endpoint management tool that strengthens endpoint security through unified endpoint management, zero trust security framework, and automated policy enforcement.
  • Microsoft Copilot for Security enhances threat protection by leveraging AI-powered threat detection, automated incident response, and integration with Microsoft security tools.
  • Best practices for strengthening endpoint security include enabling multi-factor authentication, keeping devices updated, using conditional access policies, educating employees, and leveraging AI for proactive threat hunting.
  • By integrating cloud-based endpoint management with AI-powered security, organizations can reduce risks, improve compliance, and enhance overall cybersecurity resilience.

Read Full Article

like

1 Like

share

Share

source image

Dev

1M

read

8

img
dot

Image Credit: Dev

Pin GitHub Actions to a full length commit SHA for Security

  • Last weekend, the popular GitHub Action tj-actions/changed-files was compromised.
  • To prevent such issues, pinning action versions by full commit hash is recommended.
  • You can pin GitHub Actions using a CLI tool called pinact.
  • To improve security, you should pin GitHub Action versions to a full-length commit hash.

Read Full Article

like

Like

share

Share

source image

Mcafee

1M

read

107

img
dot

Image Credit: Mcafee

Look Before You Leap: Imposter DeepSeek Software Seek Gullible Users

  • Malware authors are exploiting popular trending terms like "AI" and "DeepSeek" to lure unsuspecting users into installing malware through tactics like SEO poisoning and affiliate programs.
  • AI tools, such as chatbots, voice cloning software, and text generators, have become common, making it easier for scammers to create deepfake videos, impersonate voices, and conduct phishing scams.
  • Scammers capitalized on the hype around DeepSeek-R1 model release, launching fake DeepSeek AI assistant apps that prompted major downloads while disguising malware.
  • Users encountered threats like fake installers, trojanized applications, and fake captcha pages disguised as DeepSeek software, distributing malware like Keyloggers, Crypto miners, and Password Stealers.
  • McAfee uncovered various DeepSeek-themed malware campaigns attempting to exploit the popularity, targeting tech-savvy users by masquerading as legitimate software.
  • Examples included fake installers distributing third-party software, fake Android apps abusing the DeepSeek logo, and fake captcha pages leading to malicious software downloads.
  • A technical analysis revealed cryptominer malware posing as DeepSeek, using techniques like process injection, persistence, and payload execution to mine Monero cryptocurrency for anonymity.
  • The malware attempted system infiltration and resource exploitation by connecting to a C2 server, downloading malicious scripts, and initiating mining processes through legitimate Windows processes.
  • McAfee advises caution when encountering trending news stories, underscores the importance of protection features like Scam Protection, Web Protection, and Antivirus, and offers AI-powered security solutions.
  • By staying informed, being vigilant online, and utilizing security measures like McAfee's offerings, users can outsmart scammers and contribute to making the internet a safer space for everyone.

Read Full Article

like

6 Likes

share

1 Share

Prev

100
101
102
103
104
105
106
107
108
109
110

Next

For uninterrupted reading, download the app