Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

112

Image Credit: Medium

How AI-generated code almost caused a hospital to flatline

An AI-generated code, named CodeFlorence, trained on GitHub's medical repositories, nearly caused a hospital to administer a lethal dose of insulin to a non-diabetic patient.
The AI system had learned from a mislabeled dataset that included dosing guidelines for cattle, resulting in dangerous medical recommendations.
After investigating, the AI's code was found to have a comment indicating a bug with lethal dosing that needed fixing before launch.
The story serves as a cautionary tale about the risks of using AI-generated code without proper cleanup and highlights the need for ethical considerations.

Read Full Article

6 Likes

Medium

Image Credit: Medium

From Apple’s Privacy Fight to Amazon Rewards: This Week’s Tech Breakthroughs You Can Profit From

Boeing's Starliner setbacks underscore SpaceX's dominance in spaceflight.
A new threat, Massjacker, is targeting users of pirated software, highlighting the risks of cutting corners online.
Regolith Linux simplifies tiling window managers, gaining popularity among developers and newcomers.
RCS now offers end-to-end encryption between Android and iOS, enhancing privacy for cross-platform chats.

Read Full Article

4 Likes

Secureerpinc

Image Credit: Secureerpinc

YouTube Security Flaw Could Have Exposed Billions of User Emails

Security researchers Brutecat and Nathan discovered a security flaw in YouTube that could expose billions of user emails.
The flaw allowed the researchers to access users' GAIA numbers, which could be converted into email addresses.
The vulnerability could potentially lead to phishing attacks and data breaches for businesses whose employees use work emails on YouTube.
Regular cybersecurity training and implementing email security systems are essential in protecting against such security flaws.

Read Full Article

5 Likes

Tech Radar

246

Image Credit: Tech Radar

Volt Typhoon threat group had access to American utility networks for the best part of a year

Volt Typhoon, a threat group with links to China, had access to Massachusetts’ Littleton Electric Light and Water Departments (LELWD)’s operational technology (OT) network for ten months in 2023.
Security researchers quickly identified the group's activities and contained the threat without compromising customer data.
Exposed small business servers can lead to intellectual property theft, utility grid mapping, and ransomware attacks.
Concerns have been raised about the long lifespan of devices in critical infrastructure and the impact of AI tools in attacks on OT networks.

Read Full Article

14 Likes

Discover more

Securityaffairs

220

Image Credit: Securityaffairs

LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.

The US Justice Department announced that the LockBit ransomware developer Rostislav Panev was extradited from Israel to the U.S.
Rostislav Panev, a dual Russian-Israeli national, was arrested in Israel in 2024 and faces charges related to his involvement in the LockBit ransomware operation.
The LockBit ransomware group targeted over 2,500 victims worldwide, including 1,800 in the United States, and caused billions in damages by extracting $500 million in ransoms.
Panev admitted to coding, developing, and consulting for the LockBit group, including developing code to disable antivirus software, deploy malware, and print ransom notes to victim networks.

Read Full Article

13 Likes

TechCrunch

314

Image Credit: TechCrunch

Accused LockBit ransomware developer extradited to the US

Rostislav Panev, a dual Russian and Israeli national, has been extradited from Israel to the US.
Panev is accused of being a key developer for the LockBit ransomware gang.
He was arrested in Israel in December 2024 and had been awaiting extradition.
Panev and other LockBit developers designed the gang's malware and maintained its infrastructure.

Read Full Article

18 Likes

Tech Radar

417

Image Credit: Tech Radar

US government warns Medusa ransomware has hit hundreds of critical infrastructure targets

A joint report by FBI, CISA, and MS-ISAC warns that Medusa ransomware has targeted hundreds of critical infrastructure organizations.
Over the last four years, more than 300 victims from various sectors, including medical, education, legal, insurance, technology, and manufacturing, have been impacted.
The report suggests implementing the recommended mitigations, such as patching vulnerabilities, segmenting networks, and filtering network traffic to reduce the risk of Medusa ransomware incidents.
Medusa ransomware, originally a closed variant, evolved into a Ransomware-as-a-Service (RaaS) with an affiliate model and has become a dangerous threat.

Read Full Article

25 Likes

TechCrunch

261

Image Credit: TechCrunch

US lawmakers urge UK spy court to hold Apple ‘backdoor’ secret hearing in public

A group of bipartisan U.S. lawmakers are urging the head of the U.K.’s surveillance court for an open hearing into Apple’s challenge of a secret U.K. government legal demand.
The alleged U.K. order has barred Apple from engaging in constitutionally protected speech under U.S. law, hindering congressional oversight.
The U.K.’s Investigatory Powers Tribunal is scheduled to hold a private petition on Apple, but the lawmakers advocate for a public hearing.
Google, like Apple, indicated it would be restricted from disclosing if it had received a similar demand from the U.K. government.

Read Full Article

15 Likes

Tech Radar

269

Image Credit: Tech Radar

MassJacker malware targets those looking for pirated software

MassJacker malware targets those looking for pirated software.
The malware replaces cryptocurrency addresses in victims' clipboards, redirecting funds to the attacker.
MassJacker manages over 770,000 unique crypto addresses, with around $336,700 in total funds.
The researchers found $87,000 worth of cryptocurrency in a single wallet with 350 transactions.

Read Full Article

16 Likes

Securityaffairs

Image Credit: Securityaffairs

SuperBlack Ransomware operators exploit Fortinet Firewall flaws in recent attacks

Operators behind the SuperBlack ransomware exploited two vulnerabilities in Fortinet firewalls for recent attacks.
Threat actor named 'Mora_001' used Russian-language artifacts and exhibited unique operational signature.
SuperBlack ransomware is tracked as an independent entity capable of independent intrusions.
Exploited vulnerabilities include CVE-2024-55591 and CVE-2025-24472 in FortiOS and FortiProxy.

Read Full Article

5 Likes

Digitaltrends

318

Image Credit: Digitaltrends

Watch out for this phishing scam impersonating Booking.com

Microsoft has warned about an ongoing phishing scam impersonating Booking.com.
The phishing campaign sends fake emails from Booking.com with various contents such as guest complaints, account verifications, or requests for information.
The email includes a link or attaches a PDF leading users to a screen with a fake CAPTCHA overlay, instructing them to open Windows Run and download malware.
To protect against such phishing attempts, users are advised to check the sender's email address, be cautious of urgent threats, and hover over links to verify the full URL before clicking.

Read Full Article

19 Likes

TechCrunch

130

Image Credit: TechCrunch

UK’s secret iCloud backdoor order triggers civil rights challenge

The U.K. government's secret order to Apple demanding it backdoor the end-to-end encrypted version of its iCloud storage service has been challenged by Liberty and Privacy International.
The civil rights groups filed complaints, calling the order 'unacceptable and disproportionate', and warning of 'global consequences'.
Apple has already filed a legal challenge, and the case is set to be heard by the Investigatory Powers Tribunal.
Liberty and Privacy International are urging for the case to be heard in public rather than behind closed doors.

Read Full Article

7 Likes

Medium

404

Image Credit: Medium

The Baobab’s Whisper: A Tale of Secrets, Shadows, and the Invisible Shield

Amina, a determined app developer, visits Mzee Jabari in a bustling market seeking life-changing secrets.
Mzee Jabari gives Amina a USB drive that acts as a shield, connecting her to an online forum called 'The Baobab Network.'
Amina learns about VPNs, encountering Simba, who warns her about being tracked and the importance of the VPN.
Amina discovers her app is under threat from a corporation and relies on the VPN to encrypt her data and mask her location.
The story highlights the significance of VPNs for activists, entrepreneurs, students, and individuals in Africa.
Amina teams up with Simba to expose a surveillance operation, using the VPN to stay ahead of hackers.
After the resolution, Amina realizes the ongoing battle for digital privacy and becomes an advocate for VPN usage.
The article concludes with a call to action, emphasizing the VPN as a crucial tool for safeguarding privacy in the digital era.
Amina's encounter with the baobab tree hints at a deeper mystery, symbolizing the importance of remembering and standing firm for freedom.
In a world of constant surveillance, the article stresses the VPN as not just a tool, but a lifeline for upholding privacy rights.

Read Full Article

24 Likes

Wired

314

Image Credit: Wired

A New Era of Attacks on Encryption Is Starting to Heat Up

The rise of encrypted communications has faced increasing threats from government and law enforcement agencies seeking to undermine or eliminate encryption protections.
Recent aggressive efforts in the UK, France, Sweden, and the European Union aim to weaken encryption, while US agencies now recommend using encrypted platforms.
Backdoors in encrypted platforms are proposed to allow 'lawful access,' prompting companies like Apple and Signal to face orders that could compromise users' privacy.
Discussions around client-side scanning to detect prohibited content locally before encryption have raised concerns about privacy and security risks.
Potential bans or blocks on encrypted services in countries like Russia and India pose further threats to privacy and security in the digital realm.
Efforts to defend encryption, critical for protecting human rights and enabling freedom of expression, continue amidst increasing challenges.
While some governments advocate for encryption to safeguard national security, concerns over backdoors, surveillance, and privacy violations persist.
The importance of encryption extends beyond privacy, enabling individuals to exercise fundamental rights such as freedom of speech and association.
Calls for transparency in legal proceedings related to encryption demands highlight the ongoing battle to balance security concerns with privacy rights.
As debates around encryption intensify globally, privacy advocates emphasize the essential role encryption plays in safeguarding human rights and liberties.

Read Full Article

18 Likes

Medium

390

Image Credit: Medium

Black-boxing the Z3 Solver: Solve equations and more using Z3

Z3 is an SMT solver that can be used for formal verification, model checking, and other purposes.
It combines the power of SAT solvers and other types of solvers to handle more complicated formulas involving multiple theories.
Z3 can be applied to solve a variety of problems, including cracking binaries, solving equations, and control flow analysis.
With some knowledge about Z3, users can tackle complex problems like Rubik's cube, Sudoku, and magic squares.

Read Full Article

23 Likes

For uninterrupted reading, download the app