A naukri.com initiative
Cyber Security News
Mcafee
1M
4
Image Credit: Mcafee
Bogus ‘DeepSeek’ AI Installers Are Infecting Devices with Malware, Research Finds
- Bogus 'DeepSeek' AI Installers Are Infecting Devices with Malware, Research Finds
- Malicious actors are using malware attacks disguised as DeepSeek software and updates.
- Methods of deception include fake installers, unrelated third-party software, and fake captcha pages.
- To stay safe, users are advised to stick to official websites, verify before downloading, and keep security software updated.
Read Full Article
Like
Tech Radar
1M
1.4k
Image Credit: Tech Radar
Financial leaders still rely on regular tools like Excel for automation tasks over AI
- Finance leaders are cautiously optimistic about AI, but still rely on traditional tools like Excel for automation tasks.
- Cybersecurity and compliance with regulations remain top concerns for adopting AI in the finance industry.
- 27% of finance leaders believe that the risks of implementing AI outweigh the potential benefits.
- To embrace AI-powered automation, finance leaders should invest in employee training, establish robust cybersecurity frameworks, and ensure compliance with regulations.
Read Full Article
24 Likes
Cybersecurity-Insiders
1M
407
Image Credit: Cybersecurity-Insiders
Technical Tips to Evade AI-Based Cyber Threats
- AI-based cyber threats are becoming more sophisticated, utilizing advanced algorithms to target vulnerabilities and breach security measures.
- Implementing AI-driven security solutions can aid in detecting unusual patterns, identifying risks, and responding to attacks in real-time.
- Endpoint protection can be enhanced with AI to detect and prevent AI-driven malware that traditional antivirus solutions may miss.
- Employing multi-factor authentication (MFA) and biometric security can bolster account protection against AI-powered attacks.
- Regularly updating and patching software systems is crucial to prevent AI-based cyberattacks that exploit vulnerabilities.
- Network segmentation and Zero Trust Architecture help contain breaches and enforce strict access policies to thwart AI attackers.
- AI can be used to detect phishing and social engineering attacks through email filtering and verifying message authenticity.
- Encrypting sensitive data using end-to-end encryption and robust key management systems can protect against data breaches.
- Adopting AI-enhanced Intrusion Detection Systems helps in intelligent threat detection and automated response to potential breaches.
- Regular security testing through penetration testing and AI simulations can identify and address vulnerabilities proactively.
- Educating employees on AI-based cyber threats, conducting phishing simulations, and promoting security awareness are vital in mitigating risks.
Read Full Article
24 Likes
Cybersecurity-Insiders
1M
219
Image Credit: Cybersecurity-Insiders
Social Media and Email hacking surged in 2024
- In 2024, there was a significant surge in hacking activities targeting social media and email accounts, with fraud incidents rising from 23,000 cases in 2023 to 35,436 in 2024.
- Criminals primarily targeted users through phishing scams, tricking them into providing sensitive information and gaining unauthorized access to personal accounts.
- Email service providers are enhancing spam filters with advanced AI systems, while individual users need to remain cautious of unsolicited emails and suspicious links.
- Social media platforms need to take stronger action in policing deceptive ads and fraudulent promotions, while users should adopt proactive measures like verifying messages, updating passwords, enabling multi-factor authentication, and keeping devices up to date.
Read Full Article
13 Likes
TechCrunch
1M
67
Image Credit: TechCrunch
European tech industry coalition calls for ‘radical action’ on digital sovereignty — starting with buying local
- A coalition of European tech industry players is urging EU lawmakers for 'radical action' to reduce reliance on foreign-owned digital infrastructure and services.
- Over 80 signatories, including cloud, telecoms, and defense companies, are advocating for a shift towards supporting 'sovereign digital infrastructure.'
- The plan involves fostering homegrown alternatives and creating a Euro Stack, reducing dependence on foreign Big Tech companies.
- The coalition emphasizes the need for urgent action to prevent U.S. tech dominance in critical digital infrastructure in Europe.
- Suggestions include implementing 'Buy European' public procurement requirements to boost demand for local tech solutions.
- The letter calls for forming a 'Sovereign Infrastructure Fund' aimed at supporting public investments in European digital infrastructure.
- European tech leaders advocate for requirements favoring open-source technologies, interoperability standards, and joint offerings to bolster local tech industry growth.
- Concerns are raised about Europe's digital infrastructure falling behind due to procurement decisions favoring U.S. or Chinese technology.
- The coalition urges for EU funding to be directed towards market-relevant tech projects and startups, emphasizing the need for strategic autonomy in digital infrastructure.
- The call for a new approach comes amidst geopolitical tensions and the perceived need for Europe to prioritize homegrown tech solutions for security and economic prosperity.
Read Full Article
4 Likes
TheStartupMag
1M
255
Image Credit: TheStartupMag
Why Investing in Antivirus for Your Company’s Computers Is Essential
- Investing in antivirus software is essential for company computers to protect against cyber threats.
- Antivirus software safeguards sensitive business information, preventing financial and reputational damage.
- Antivirus software helps prevent malware and ransomware attacks, detecting and blocking suspicious files.
- Investing in antivirus software enhances employee cybersecurity awareness and improves system performance and efficiency.
Read Full Article
15 Likes
TheStartupMag
1M
147
Image Credit: TheStartupMag
Why Pre-Employment Drug Testing Is Critical in 2025
- Pre-employment drug testing is crucial in the business environment to ensure employee health and performance.
- Drug testing helps maintain legal standards, improve safety, and enhance workplace efficiency.
- By detecting substance abuse, drug testing prevents employees from reverting to harmful behaviors.
- Drug testing services play a critical role in employee selection and contribute to a drug-free workplace.
Read Full Article
8 Likes
Securityaffairs
1M
349
Image Credit: Securityaffairs
Denmark warns of increased state-sponsored campaigns targeting the European telcos
- Denmark's cybersecurity agency has issued a warning about increased state-sponsored campaigns targeting European telecom companies.
- The threat assessment in Denmark has raised the cyber espionage threat level for its telecom sector from medium to high due to growing threats across Europe.
- The Danish Social Security Agency highlighted risks including cyber espionage, destructive attacks, cyber activism, and criminal hackers targeting the telecom sector.
- State actors aim to access user data, monitor communications, and potentially launch cyber or physical attacks by targeting telecom providers for espionage.
- Hackers have demonstrated advanced technical capabilities in targeting telecommunications infrastructure and protocols abroad.
- China-linked APT group Salt Typhoon has been targeting global telecom providers, breaching networks using vulnerabilities in Cisco devices.
- Salt Typhoon group compromised U.S. telecom firms by exploiting flaws like CVE-2023-20198 and CVE-2023-20273, maintaining persistence with GRE tunnels.
- Telecoms such as Lumen, AT&T, and Verizon reported securing networks after cyberespionage attempts by Salt Typhoon, emphasizing the ongoing threat.
- Other China-linked groups like Light Basin have targeted mobile carrier networks globally, compromising calling records and text messages from telecom companies.
- CrowdStrike researchers highlighted the deep knowledge of telecommunication network architectures exhibited by threat actors, using protocols like GTP for malicious activities.
Read Full Article
21 Likes
Dev
1M
71
Image Credit: Dev
Setting up Cloudflare Full (Strict) SSL/TLS on Apache
- Cloudflare’s Full (Strict) SSL/TLS mode ensures end-to-end encryption between visitors, Cloudflare, and your origin server.
- To set up Full (Strict) SSL, you need a valid SSL certificate on your server that Cloudflare trusts.
- Generating Cloudflare Origin Certificates involves creating them via the Cloudflare dashboard.
- Configuring Apache involves enabling SSL and rewrite modules, editing the virtual host configuration, and enabling the site configuration.
- Verifying the setup includes switching Cloudflare to Full (Strict) mode and testing the site in a browser.
- Full (Strict) mode is recommended for maximum security to prevent man-in-the-middle risks and misconfigurations.
- Apache must have the SSL and rewrite modules active to enable Full (Strict) SSL on the server.
- Cloudflare's Origin CA certificates are signed by Cloudflare and are trusted only by Cloudflare, not browsers.
- Enabling Full (Strict) mode in Cloudflare and testing your website in a browser ensures secure HTTPS connection.
- Setting up Cloudflare Full (Strict) SSL/TLS on Apache provides encryption and verification for secure data transit.
Read Full Article
4 Likes
Pymnts
1M
125
Image Credit: Pymnts
Cashless Countries Rethink Switch Amid New Cyberthreats
- Two of the planet’s most cashless societies, Sweden and Norway, are reexamining their move from paper money.
- Norway has floated legislation to fine retailers for not accepting cash and recommending citizens to keep some cash on hand, citing vulnerability of digital payment solutions to cyberattacks.
- Sweden's central bank is focusing on monitoring central bank digital currency (CBDC) projects around the world instead of developing their own digital currency, the "e-krona".
- In the U.S., the future of digital currencies is uncertain as lawmakers debate the potential ban of an American central bank digital currency (CBDC) due to concerns of centralization and impact on financial privacy.
Read Full Article
7 Likes
Dev
1M
326
Image Credit: Dev
have fun with Zeek
- Zeek is a versatile network security monitoring tool with great potential.
- It allows the installation of protocol recognition packages for enhanced extensibility.
- By monitoring network traffic and converting packets into events, Zeek provides valuable information in its log files.
- Zeek's capabilities can be further expanded by installing appropriate plugins, making it a powerful network monitoring solution.
Read Full Article
19 Likes
Medium
1M
0
Image Credit: Medium
Lock It or Lose It: Genius and Scary Ways to Store Your Passwords
- Storing passwords in plain text files or spreadsheets is highly insecure.
- Encrypting local files provides better security, but still not ideal.
- Storing passwords in unencrypted cloud storage is risky.
- Using password managers, either local or cloud-based, is recommended for better security.
Read Full Article
Like
Hackernoon
1M
129
Image Credit: Hackernoon
Mal-Where? How We Boosted Malware Detection to XG-ceptional Levels
- The article discusses a study where exceptional results in malware detection were achieved through memory dump analysis and machine learning algorithms.
- The binary classification model attained 99.99% accuracy in detecting malware, with XGBoost outperforming other classifiers.
- In malware classification, approaches like undersampling and oversampling were employed to handle imbalanced data, with XGBoost consistently excelling.
- Undersampling methods like Random Undersampling and Near Miss showed better performance in detecting malware compared to other techniques.
- Oversampling with ADASYN significantly improved classification accuracy, highlighting the effectiveness of balancing minority classes.
- The study emphasizes tailored strategies for addressing class imbalance and the potential of advanced techniques like ADASYN in enhancing classification accuracy.
- The research concludes by emphasizing the need for continuous adaptation in cybersecurity, suggesting hybrid approaches and exploring new data sources for improved detection.
- Future work recommendations include refining algorithms, interdisciplinary collaboration, and studying adversarial attacks to enhance detection system robustness.
- The study contributes valuable insights for resilient cybersecurity solutions to combat obfuscated malware and emerging threats in digital ecosystems.
- References in the article cover various studies on malware classification, obfuscation techniques, behavior-based detection, and methodologies like ADASYN for imbalanced learning.
Read Full Article
7 Likes
Dev
1M
309
Image Credit: Dev
Enhance Your Application Security with Fake Data!
- Using real data for testing projects can expose you to legal and security risks.
- Fake data generation tools like Faker, Chance.js, Mockaroo, and Veilgen-Master can be used for testing projects.
- Examples of using Veilgen-Master for random test data generation are provided.
- Fake data can be used to test websites before launch, simulate user data in AI applications, and create security testing scenarios in databases.
Read Full Article
18 Likes
Securityaffairs
1M
58
Image Credit: Securityaffairs
Security Affairs newsletter Round 515 by Pierluigi Paganini – INTERNATIONAL EDITION
- New MassJacker clipper targets pirated software seekers
- Cisco IOS XR flaw allows attackers to crash BGP process on routers
- LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
- SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks
Read Full Article
3 Likes
For uninterrupted reading, download the app