A naukri.com initiative
Cyber Security News
Itsecurityexpert
1M
0
UK Cybersecurity Weekly News Roundup - 16 March 2025
- UK government's demand for backdoor access to Apple iCloud raises global concerns about user privacy and security.
- Sellafield nuclear site improves physical security but cybersecurity concerns remain after past incidents involving hacking groups.
- Cyberattacks have cost UK businesses approximately £44 billion in lost revenue over the past five years, with larger companies being more likely targets.
- The US, UK, and Australia have jointly sanctioned Zservers, a Russian web-hosting provider, and two operators for supporting the LockBit ransomware syndicate.
Read Full Article
Like
Dev
1M
147
Image Credit: Dev
How to Fix Weak API Authentication in Laravel (With Code Examples)
- Weak API authentication in Laravel can expose sensitive data and compromise application's security.
- Common pitfalls in API authentication in Laravel include misconfigured authentication guards, insecure API token management, and lack of multi-factor authentication (MFA).
- Best practices to secure API authentication in Laravel are to configure authentication guards properly, implement secure API token management using Laravel Sanctum, and enforce multi-factor authentication (MFA).
- Regularly conducting vulnerability scans is essential to ensure robust API authentication in Laravel.
Read Full Article
8 Likes
Medium
1M
129
Image Credit: Medium
Breaking the Google
- Calls to break up Google have intensified in recent years as regulators accuse the tech giant of monopolistic practices.
- Google and its allies argue that dismantling the company could weaken critical technology infrastructure and America's edge in artificial intelligence.
- Skeptics believe that national security concerns are exaggerated or a pretext to protect Google's economic dominance.
- This article examines the national security risks of a Google breakup, considers Google's role in national security and AI, and explores arguments from policymakers and experts.
Read Full Article
7 Likes
Securityaffairs
1M
439
Image Credit: Securityaffairs
A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
- A ransomware attack hit the Micronesian state of Yap, causing the health system network to go down.
- Yap's Health Department detected the cyberattack and shut down the network and digital health systems to contain the threat.
- The Department is working with government agencies and IT contractors to assess the extent of the breach and restore services.
- No ransomware group has claimed responsibility for the attack.
Read Full Article
26 Likes
Tech Radar
1M
282
Image Credit: Tech Radar
Generative AI has a long way to go as siloed data and abuse of its capacity remain a downside – but it does change the game for security teams
- Generative AI tools have emerged as a transformative force in cybersecurity, offering enhanced threat detection and better security operations.
- Siloed data and a global cybersecurity talent gap hinder the full potential and effectiveness of generative AI.
- Organizations need to ensure real-time access to clean, standardized data to enable enhanced threat detection and proactive risk assessment.
- Training programs should focus on emerging AI tools to bridge the talent gap and improve organizational defenses.
Read Full Article
16 Likes
Dev
1M
156
Image Credit: Dev
Simple SIEM Home Lab Using Elastic Cloud
- This article serves as a guide for setting up a SIEM home lab using Elastic Cloud and a Kali Linux VM, providing hands-on cybersecurity experience.
- Prerequisites include virtualization software, an Elastic Cloud account, and basic Linux and virtualization knowledge.
- Tasks include setting up an Elastic account, configuring a Linux VM, setting up an agent to collect logs, querying for security events, creating a dashboard, and setting up alerts.
- Setting up the Elastic account involves creating a deployment, while configuring the Linux VM follows official documentation guidelines.
- The agent plays a crucial role in collecting and forwarding logs from the Kali VM to Elastic Cloud for analysis and monitoring.
- Querying for security events involves accessing the Elastic deployment, searching for logs, entering search queries, executing searches, and reviewing search results.
- Creating a dashboard allows visualization of security events, while setting up alerts helps in detecting and responding to security threats promptly.
- Configuring alerts involves defining rules based on custom queries, adding descriptions and actions, and enabling the rules for continuous monitoring.
- This project enhances skills in security monitoring, incident response, and familiarity with SIEM tools, offering practical experience in security analysis.
- Overall, the article provides a comprehensive overview of setting up a SIEM home lab using Elastic Cloud, enabling hands-on exploration of cybersecurity concepts.
Read Full Article
9 Likes
Medium
1M
246
Image Credit: Medium
RDP: A Gateway for Ransomware – Remote Access: Still the Weakest Link in Corporate Security?
- Remote Desktop Protocol (RDP) and VPNs are common access points for cyberattacks.
- Organizations should enforce multi-factor authentication, regularly patch and update software, and monitor for suspicious activity.
- Remote access infrastructure represents a significant attack surface.
- Taking proactive steps to secure remote access systems can reduce the risk of cyberattacks.
Read Full Article
14 Likes
Medium
1M
192
Image Credit: Medium
Securing Tomorrow: AI in Cyber Defense
- A cybersecurity operations center experienced a sophisticated cyber attack.
- The attackers were penetrating the company's financial servers and adapting in real time.
- Sentinel AI, using deep learning, detected and foresaw the threats, mounting a multi-layered counterattack.
- The AI processed billions of data points, recognized attackers' behavior patterns, and defended against the breach.
Read Full Article
11 Likes
Securityaffairs
1M
417
Image Credit: Securityaffairs
New MassJacker clipper targets pirated software seekers
- A new clipper malware named MassJacker is targeting users searching for pirated software.
- MassJacker is a clipper malware that intercepts and manipulates clipboard data to redirect cryptocurrency funds.
- The infection starts from a site distributing pirated software and involves multiple stages of execution.
- MassJacker is a malware-as-a-service (MaaS), and the stolen funds are likely managed by a single entity.
Read Full Article
25 Likes
TechBullion
1M
345
Image Credit: TechBullion
How To Track Down Someone Who Scammed You Using Name, Phone Number, or Image
- Tracking down a scammer on your own is possible with the help of the Internet and new tools available.
- To track a scammer, gather information like their name, phone number, and image to use with tracking tools.
- Using search engines with search operators like Google or Bing can help find specific information about the scammer.
- Search for the scammer's information in quotes or on specific websites using site: operator.
- Tools like TruthFinder can provide more personal information about a scammer, aiding in legal action.
- Consider using Truecaller for recognizing unknown callers and potential scam numbers.
- Scannero is a tool for real-time phone number location tracking to identify a scammer's exact location.
- Utilize reverse image search tools like Google Images or Lenso.ai to track down scammers using their photos.
- WhatsApp is a common platform for scammers; use features like checking last seen, profile picture, and reporting suspicious activity.
- Gather and maintain information about scammers for reporting fraudulent activities to authorities like the Federal Trade Commission or the police.
Read Full Article
20 Likes
Tech Radar
1M
224
Image Credit: Tech Radar
Over 90% of Americans demand a "right-to-disconnect" law which would protect them from out-of-hours work communication
- Over 90.4% of American workers support a "right-to-disconnect" law to ignore work emails outside of office hours.
- Only 41.7% of work emails are relevant to employees.
- 71.1% of workers feel pressure to respond to work emails after hours.
- Three in four people answer work emails while on vacation.
Read Full Article
13 Likes
Medium
1M
313
Image Credit: Medium
The Rise of Quantum Computing: What It Means for the Future of Technology
- Quantum computing has gained mainstream attention as big tech companies invest heavily in its development, with potential to revolutionize various industries.
- Quantum computers use qubits which can be both 0 and 1 simultaneously, allowing them to process vast possibilities at once, making them powerful for complex problems.
- They excel at solving issues involving large data sets and complex variables, such as encryption breaking, drug design, supply chain optimization, and material discovery.
- However, quantum computers are not meant to replace traditional computers for everyday tasks; they are specialized machines requiring extreme operating conditions.
- Companies invest in quantum computing due to the potential advantages it offers in industries like pharmaceuticals, cybersecurity, finance, and AI.
- Building a working quantum computer is challenging due to qubits' fragility and decoherence issues, but progress is being made faster than anticipated.
- Quantum computing's impact on cybersecurity is significant, leading to the development of quantum-safe cryptography to counter quantum computing threats.
- The intersection of quantum computing and AI shows promise in accelerating AI training processes, potentially leading to breakthroughs in various fields.
- The growth of quantum computing may lead to changes in job roles but will also create new opportunities in quantum software development and quantum algorithms.
- Learning about quantum computing basics and its potential applications can be beneficial for individuals interested in tech, with many resources available for exploration.
Read Full Article
18 Likes
Dev
1M
242
Image Credit: Dev
TryHackMe: ORM Injection
- Object-relational Mapping (ORM) acts as a bridge between object-oriented and relational database models, converting data seamlessly.
- Commonly used ORM frameworks include Doctrine for PHP, Hibernate for Java, SQLAlchemy for Python, Entity Framework for C#, and Active Record for Ruby on Rails.
- Configuring Laravel's Eloquent ORM involves steps like installing Laravel, setting up database credentials, creating migrations, and running migrations.
- Security considerations for ORM involve ensuring proper Migrations setup to prevent ORM injection vulnerabilities.
- Identifying ORM injection involves techniques like manual code review, automated scanning, input validation testing, and error-based testing.
- Key security measures for preventing ORM injection include using parameterized queries, avoiding raw queries, and ensuring input validation and sanitization.
- Frameworks like Laravel, Ruby on Rails, Django, Spring, and Node.js have their own ORM libraries and common vulnerable methods.
- Best practices to prevent SQL injection include input validation, parameterized queries, proper ORM usage, and escaping/sanitization.
- Doctrine, SQLAlchemy, Hibernate, and Entity Framework provide examples of preventing SQL injection by using parameterized queries in their respective languages.
- A vulnerable implementation using Laravel's Eloquent ORM illustrates the risk of ORM injection, while a secure implementation shows the importance of using methods like where() for query security.
- A case of Laravel Query Builder SQL Injection Vulnerability (Pre 1.17.1) demonstrates the exploitation of unsanitized query parameters for malicious SQL injection.
Read Full Article
14 Likes
Secureerpinc
1M
430
Image Credit: Secureerpinc
New Malware Discovered in Popular App Stores
- Security experts warn about the discovery of new malware in apps from trusted platforms.
- Malware can bypass app store security protocols, hiding in updates or third-party developer kits.
- Examples of discovered malware include banking information stealers, OCR-based data collectors, and dangerous loan apps.
- To protect against malware, businesses are advised to implement ongoing training, strict installation policies, security audits, monitoring, and mobile device management.
Read Full Article
25 Likes
Gizchina
1M
246
Image Credit: Gizchina
FBI warns Gmail, Outlook, and VPN users of Medusa ransomware threats
- The FBI has warned about a rising ransomware threat, naming the Medusa ransomware group as a major risk to people and businesses.
- Medusa is a ransomware-as-a-service (RaaS) group that has been active since at least June 2021, with over 300 victims, especially in critical infrastructure.
- The FBI has shared urgent steps to fight the growing threat of Medusa ransomware, including turning on two-factor authentication (2FA) for services like Gmail, Outlook, and VPNs.
- Experts criticize the FBI's advice for not including specific guidance on improving user awareness to combat social engineering attacks, which account for a significant percentage of successful hacking incidents.
Read Full Article
14 Likes
For uninterrupted reading, download the app