A naukri.com initiative
Cyber Security News
Siliconangle
1M
100
Image Credit: Siliconangle
Zscaler reports earnings and revenue beats, raises outlook
- Zscaler Inc. reported better-than-expected earnings and revenue for its fiscal third quarter of 2025 and raised its outlook, leading to a 3% rise in its shares in late trading.
- For the quarter ended April 30, Zscaler reported adjusted earnings per share of 84 cents, up from 71 cents year-over-year, on revenue of $678 million, up 23% year-over-year, surpassing analyst expectations.
- Zscaler ended the quarter with approximately $2.9 billion in annual recurring revenue, with total contract value exceeding $1 billion, along with various new service launches and updates aimed at enhancing security and user experience.
- The company expects adjusted earnings per share of 79 to 80 cents on revenue of $705 million to $707 million for the fiscal fourth quarter, and adjusted earnings per share of $3.18 to $3.19 on revenue of $2.659 billion to $2.661 billion for the full year.
Read Full Article
5 Likes
Pymnts
1M
382
Image Credit: Pymnts
Mastercard Launches Financial and Cybersecurity Tools for Small Businesses
- Mastercard has launched a suite of digital tools and resources for small to medium-sized businesses in the U.S.
- The Small Business Navigator program by Mastercard provides insights, protection, and financial tools for long-term success.
- Features of the program include an AI-powered chatbot acting as a mentor, cybersecurity guidance, financial planning support, and access to Mastercard's social media channels.
- Mastercard has introduced various offerings for small businesses in the past, including specialized credit and debit cards, immersive shopping experiences, and the Mastercard Biz360 platform.
Read Full Article
22 Likes
Dev
1M
116
Image Credit: Dev
How Messengers Actually Encrypt Messages (End-to-End)
- The article discusses the implementation of end-to-end encryption for message security, using JavaScript and the Web Crypto API.
- It highlights the importance of private, public, and shared keys in the encryption process, explaining their roles and storage methods.
- The shared secret key, derived from private and public keys, enables the encryption and decryption of messages.
- The article delves into asymmetric encryption and ECDH key exchange protocols for establishing shared secret keys securely.
- Web Crypto API in browsers provides low-level cryptographic primitives for operations like encryption, decryption, hashing, and signature generation.
- A ChatCrypto class example is presented, detailing the key initialization process, encryption, and decryption steps using AES-GCM algorithm.
- Generation of unique Initialization Vectors (IV) for encryption and decryption, along with data encoding and decoding, is explained.
- The article emphasizes the importance of secure key pair generation, public key exchange, and secure message exchange practices for robust encryption.
- The illustration concludes with practical examples demonstrating text encryption and decryption using the ChatCrypto class.
- Overall, the article provides insights into creating a secure messaging system through effective use of encryption methods and APIs.
Read Full Article
6 Likes
Tech Radar
1M
421
Image Credit: Tech Radar
McAfee is now bundling its Scam Detector with all its antivirus plans: here are others that are actually totally free
- McAfee has introduced its Scam Detector feature into all core antivirus plans, offering real-time scam alerts and deepfake detection on various platforms.
- The tool claims 99% accuracy for text-based threats and 96% for deepfakes, supporting popular messaging apps and allowing manual scans.
- While McAfee's Scam Detector is included in its antivirus plans, free alternatives like Bitdefender's Scamio and Google's AI-based scam detector exist.
- Norton also offers scam protection in its plans, but McAfee's positioning of Scam Detector as a plan-exclusive feature limits its accessibility compared to free alternatives.
Read Full Article
25 Likes
Medium
1M
9
Image Credit: Medium
How many kids give away information to strangers?
- An alarming amount of children give away information to strangers, despite being warned by their parents about the dangers of talking to strangers online.
- Setting social media accounts to 'private' can help keep personal information hidden from strangers and reduce the risk of unwanted interactions.
- Parents can use parental controls to ensure that children are only interacting with approved friends, minimizing the chances of strangers accessing their personal information.
- Children should be taught the importance of not sharing personal information online and the risks associated with interacting with strangers, both in real life and on the internet.
Read Full Article
Like
Medium
1M
312
Image Credit: Medium
Am I Addicted to My Phone?
- Smartphones have become an essential part of everyday life, offering numerous functions beyond just communication.
- Statistics reveal that 85% of Americans own smartphones, with users checking their phones approximately every 9 minutes.
- On average, individuals spend 4 hours and 10 minutes daily on mobile devices, raising concerns about potential phone addiction.
Read Full Article
18 Likes
Medium
1M
253
Image Credit: Medium
What To Do If You Become a Victim of Cyberbullying
- If you become a victim of cyberbullying, reach out to a trusted adult such as parents, family member, teacher, or school counselor for support.
- Keep evidence of cyberbullying conversations as it may be helpful in taking legal actions against the bully.
- Do not respond to cyberbullying messages, as this could encourage the bully. Report the bully to social media moderators and block the account if being harassed.
- To prevent cyberbullying in the future, consider making your social media accounts private, and adults can help in creating a bullying prevention strategy.
Read Full Article
15 Likes
Hackernoon
1M
240
Image Credit: Hackernoon
Fullscreen BitM Attack Discovered By SquareX Exploits Browser Fullscreen APIs To Steal Credentials
- SquareX discovered a Fullscreen BitM attack targeting Safari users, exploiting Fullscreen API vulnerabilities to steal credentials.
- BitM attacks involve tricking victims by displaying genuine login pages in a pop-up window to steal sensitive information.
- SquareX's research exposed a major Safari-specific flaw in the Fullscreen API, allowing for more convincing attacks.
- Safari users are at higher risk due to no clear visual indication when entering fullscreen mode.
- The use of Fullscreen API in combination with BitM enables attackers to create convincing fake login pages.
- Other browsers like Firefox and Chrome have subtle notifications for fullscreen mode, while Safari lacks this feature.
- Existing security solutions struggle to detect Fullscreen BitM attacks due to architectural limitations.
- Security researchers advise enterprises to update defense strategies against advanced browser attacks.
- SquareX's Browser Detection and Response tool helps organizations detect and mitigate web-based threats effectively.
- The Fullscreen BitM Attack disclosure is part of a series focusing on browser security by SquareX's research team.
Read Full Article
14 Likes
Tech Radar
1M
4
Image Credit: Tech Radar
Critical security flaw could leave over 100,000 WordPress sites at risk
- A critical-severity vulnerability in the TI WooCommerce Wishlist WordPress plugin could expose over 100,000 websites to risks, including complete website takeover.
- The flaw in the plugin allows threat actors to upload arbitrary files to the server without authentication, posing a significant security threat with a severity score of 10/10.
- As of now, the vulnerability is tracked as CVE-2025-47577, and a patch has not been released, advising users to disable or remove the plugin until a fix is available.
- Exploitation is only possible on websites also using the WC Fields Factory plugin with enabled integration on the TI WooCommerce Wishlist plugin, adding an additional layer of requirement for successful attacks.
Read Full Article
Like
Wired
1M
434
Image Credit: Wired
A Swedish MMA Tournament Spotlights the Trump Administration's Handling of Far-Right Terrorism
- A member of a neo-Nazi fight club linked to a far-right Scandinavian group traveled to Sweden for a mixed-martial-arts tournament in 2024.
- The American Active Club's media wing, Media 2 Rise, posted photos from the event, suggesting approval.
- The tournament involved groups associated with the Active Club network and the Nordic Resistance Movement (NRM).
- The State Department designated NRM as a terrorist group, imposing sanctions and criminal charges for support.
- Support for listed terrorist groups, even minor, can result in severe consequences like asset seizure and lengthy prison terms.
- NRM in Scandinavia has a history of violence, including bombings, and is considered a dangerous neo-Nazi organization.
- Active Clubs, influenced by NRM, have spread to Europe, organizing events and recruiting members across borders.
- The growth of far-right fight clubs in Europe raises concerns about radicalization, hate crimes, and ties to terrorism.
- Security services are closely monitoring these activities, particularly the recruitment of younger individuals into extremist movements.
- The association of Americans with NRM poses enforcement challenges for US authorities in handling far-right extremist cases.
Read Full Article
26 Likes
Dataprivacyandsecurityinsider
1M
208
U.S. Retailers Bracing for Scattered Spider Attacks
- Google issued a warning about cybercriminal group Scattered Spider targeting U.S.-based retailers, known for attacking Marks & Spencer in the U.K.
- Scattered Spider focuses on one industry at a time, with recent attacks on financial and food services sector, using DragonForce ransomware.
- Mandiant's threat report on Scattered Spider's social engineering methods and communication with victims advises proactive security measures for Identity, Endpoints, Applications and Resources, Network Infrastructure, Monitoring/Detections.
- All industries, especially retailers, are advised to review Mandiant's recommendations for protection against Scattered Spider's tactics.
Read Full Article
12 Likes
Tech Radar
1M
13
Image Credit: Tech Radar
Massive data leak exposes 1.6 million Etsy and other TikTok shop customer details - here's what we know
- Over 1.6 million files belonging to Etsy, Poshmark, and TikTok Shop customers were found in two unsecured Azure Blob Storage containers.
- The files contained personally identifiable information like full names, home addresses, email addresses, and shipping order details.
- Most exposed users are from the United States, with some from Canada and Australia, and the data seems to belong to a Vietnamese-based embroidery service.
- Customers are at risk of social engineering attacks and financial loss due to the leaked personal information, and it's advised to monitor accounts closely for any suspicious activities.
Read Full Article
Like
TechCrunch
1M
58
Image Credit: TechCrunch
US government sanctions tech company involved in cyber scams
- The U.S. government imposed sanctions on FUNNULL for its involvement in cyber scams, specifically 'pig butchering' crypto scams resulting in $200 million in losses for American victims.
- FUNNULL provided infrastructure for cybercriminals and was linked to the majority of virtual currency investment scam websites reported to the FBI.
- The company, based in the Philippines and operated by Chinese-national Liu Lizhi, generated domain names and provided web design templates to cybercriminals to facilitate their activities.
- The Treasury also mentioned FUNNULL's involvement in a Polyfill supply chain attack and actions by cybersecurity firm Silent Push to expose their activities.
Read Full Article
3 Likes
Tech Radar
1M
398
Image Credit: Tech Radar
Over 364,000 people have personal info leaked following hack on data broker LexisNexis
- Cyberattack on LexisNexis results in data theft affecting 364,333 individuals, with personal information accessed including names, phone numbers, email addresses, home addresses, SSNs, and driver’s license details.
- No sensitive personal information like financial or credit card details were compromised, and the company claims their infrastructure, systems, and products remain secure.
- Some are critical of LexisNexis' response timeline, with the breach detected in April 2025, four months after the incident occurred in December 2024, and public disclosure only made in May.
- Legal consequences may be significant for LexisNexis due to the breach, as similar incidents have led to regulatory penalties, legal fees, and settlements with victims in the past.
Read Full Article
23 Likes
TechBullion
1M
367
Image Credit: TechBullion
Cybersecurity and Medical Device Software: A Development-Stage Perspective
- Medical device software development must consider cybersecurity from the design stage to protect patient safety and data privacy
- Security should be integrated early in the development lifecycle, not added as a separate component later
- Cyber threats to medical devices can lead to compromised treatment settings, vital signs, or data transmission
- Considerations such as user authentication, data encryption, and access controls are crucial for mitigating risks in medical software
- IEC 62304 standard provides guidelines for secure development processes, emphasizing documentation, traceability, and verification
- Structured risk analysis helps identify threats, assess likelihood, and determine consequences, guiding the selection of security controls
- Coordination among development, quality assurance, regulatory, and clinical teams is essential for effective cybersecurity implementation
- Devices should be designed for flexibility, with secure update mechanisms and monitoring systems for anomaly detection
- Cybersecurity in medical device software is about proactive design for resilience and trust, not just meeting compliance standards
- Secure-by-design is a necessary standard to build products that can be trusted in critical clinical scenarios
Read Full Article
22 Likes
For uninterrupted reading, download the app