menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

4d

read

284

img
dot

Image Credit: Tech Radar

Juniper Networks warns Mirai botnet is back and targeting new devices

  • Juniper Networks warns Mirai botnet is scanning for vulnerable routers
  • Operators of the Mirai botnet are back, targeting easy-to-compromise Session Smart routers
  • The campaign started in mid-December 2024 and includes DDoS attacks
  • Users advised to tighten security and avoid default login credentials

Read Full Article

like

17 Likes

source image

Arstechnica

4d

read

328

img
dot

Image Credit: Arstechnica

VPN used for VR game cheat sells access to your home network

  • Teenagers have found a way to cheat in the virtual reality game Gorilla Tag by using a VPN to change their location and gain an advantage.
  • The VPN app, Big Mama VPN, is not only used for in-game cheating but also sells access to users' home internet connections.
  • Buyers of Big Mama VPN can hide their online activity by piggybacking on the VR headset's IP address.
  • While the cheating itself may be relatively harmless, the selling of users' home internet connections raises privacy concerns.

Read Full Article

like

19 Likes

source image

Dev

4d

read

235

img
dot

Image Credit: Dev

Waymap: The Ultimate Web Vulnerability Scanner for Penetration Testers

  • Waymap, developed by Trix Cyrus, is a cutting-edge web vulnerability scanner for penetration testers.
  • It offers high-speed scanning, customizable profiles, and the ability to detect a diverse range of vulnerabilities.
  • Key features include flexible scanning options, supported scan types, threaded scanning, comprehensive profiles, and automated update checks.
  • Waymap is an intuitive and user-friendly tool that requires proper authorization and welcomes contributions from the cybersecurity community.

Read Full Article

like

14 Likes

source image

Medium

4d

read

398

img
dot

AES Encryption Keys (password hashing)

  • AES Encryption Keys (password hashing) relies on a password of sufficient length and the non deterministic factor of indistinguishable random data. However, passwords as user inputs do not make for good encryption keys. To use passwords for encryption, a key derivation function must be applied which generates derived keys. Key derivation functions work by utilizing unique random salt to make pre-calculated rainbow tables infeasible. Furthermore, the salt should be stored with the password to ensure it is public, thus rendering the hash with the same password looking different. Weak keys refer to cryptographically secure generated keys, which makes an encryption algorithm vulnerable to an exploit.
  • For good encryption keys, a minimum length, determined by the AES encryption algorithm, is required. AES+CBC encryption necessitates a minimum length of 16 bytes, while AES+GCM can work with 12 bytes, although 16 bytes is suggested. To use passwords for encryption, a Key Derivation Function (KDF) is required to generate derived keys like argon2, bcrypt, and scrypt. Key derivation functions must be slow and some like argon2 are designed to take up a substantial amount of memory such that calculations on GPUs are not possible, to deter brute force attacks against offline stolen data.
  • Argon2 is considered the best KDF to use for password key derivation, with Argon2id being its most secure mode. Unfortunately, allot of encryption starts with user-supplied passwords, which are not random inputs of sufficient length making them 'easily' guessed by a bruteforce attack. To protect passwords from such attacks, the password's hash must not be stored and must be encrypted with the hash itself. Although offline bruteforce attacks on remote login systems are improbable, offline attacks on stolen data can be quite effective.
  • Weak keys, although generally not a concern in AES encryption, can pose a problem in the AES+GCM mode, which has several published papers on weak keys and can make the encryption algorithm vulnerable to an exploit. Ultimately, the GCM mode would best be used for anything with short-lived keys and not for disk encryption where keys and ciphers live longer. Another noteworthy point is that although salts are not secret and are public, they make pre-calculated rainbow tables infeasible and as such the salt should be stored with the password.
  • In conclusion, the use of derived keys in KDFs is a more secure way to encrypt data since passwords as user inputs do not make for good keys. However, even with a decent hashing algorithm and a random unique salt, it is still a possibility that your hash and salt may be exposed. As such, unique and strong passwords are recommended to prevent such password cracking attempts.

Read Full Article

like

23 Likes

source image

Medium

4d

read

247

img
dot

Image Credit: Medium

Why I Believe in MVO Over MVP: Delivering Value, Not Just Features

  • MVO (Minimum Viable Offering) prioritizes delivering immediate, meaningful value to customers.
  • MVO is about delivering on a promise and creating solutions that matter to the audience right away.
  • In cybersecurity, MVO focuses on solving problems and providing real solutions, not just showcasing technology.
  • MVO approach in cybersecurity builds trust, solves problems, and delivers value right from the start.

Read Full Article

like

14 Likes

source image

Digitaltrends

4d

read

255

img
dot

Image Credit: Digitaltrends

Tips to keep your smartphone just as safe as a government official’s

  • The Cybersecurity and Infrastructure Security Agency (CISA) has issued a set of guidelines to protect smartphones. Here are some tips from CISA to keep your smartphone just as safe as a government official.
  • CISA’s first general advice for communications is to use end-to-end encrypted services. iPhone’s default iMessage pipeline and the RCS protocol championed by Google for its Messages app on Android are both end-to-end encrypted.
  • Enabling hardware-based or on-device authentication for identity verification is the next line of defense. Go ahead and enable them if carrying a physical FIDO hardware key, like one from Yubico, sounds like too much of a hassle.
  • Another crucial suggestion by CISA is that you should ditch SMS-based multi-factor authentication, as they are prone to various kinds of attacks. Instead, switch to authenticator apps.
  • If an authenticator app is not an option for your work or productivity flow, rely on a password management app instead of the inconvenient (and hack-prone) route of remembering a dozen passwords.
  • Moreover, if you live in a country where carrier accounts form the backbone of your cellular usage, set up a strong password for that SIM account.
  • Use a VPN for your internet surfing activities.If possible, pay for one instead of going the free VPN route. We have detailed the steps to keep your app permissions in check for both Android and iOS.
  • If you sense malware activity on your iPhone, enable Lockdown Mode and reach a law enforcement authority.
  • Google offers a Security Checkup dashboard for all connected devices. I suggest that you spend a few minutes flicking some toggles and clearing the security alerts in there.
  • Taking the time to follow a few tips can drastically reduce your risks.

Read Full Article

like

15 Likes

source image

Tech Radar

4d

read

276

img
dot

Image Credit: Tech Radar

Fortinet flags some worrying security bugs coming back from the dead

  • Fortinet has released a security bulletin flagging a critical severity flaw in its Fortinet Wireless Manager (FortiWLM) product.
  • The flaw, which was first discovered in May 2023, allows attackers to take over vulnerable endpoints remotely.
  • Users are advised to update their FortiWLM version immediately to mitigate the vulnerability.
  • The bug remained undisclosed for several months, making it a zero-day vulnerability for a significant period of time.

Read Full Article

like

16 Likes

source image

Tech Radar

4d

read

44

img
dot

Image Credit: Tech Radar

Safety policies are needed for safe AI adoption, security leaders say

  • Security leaders prefer Generative AI (GenAI) delivered through cybersecurity platforms.
  • Top concerns include sensitive data exposure, adversarial attacks, and hallucinations in GenAI tools.
  • Security leaders are implementing new policies for responsible AI adoption.
  • Opinions are divided on whether the benefits of AI outweigh the risks.

Read Full Article

like

2 Likes

source image

Medium

4d

read

8

img
dot

Image Credit: Medium

INTMAX Partners with Predicate to Enable Safe Decentralization

  • INTMAX is partnering with Predicate to enable safe decentralization.
  • INTMAX aims to balance privacy and background checks on the blockchain.
  • Predicate Network is used to set pre-transaction rules to prevent high-risk activities.
  • INTMAX focuses on scalability, privacy, and accessibility for Ethereum.

Read Full Article

like

Like

source image

Tech Radar

4d

read

325

img
dot

Image Credit: Tech Radar

This top security camera streaming app may have been putting thousands of users at risk

  • Home security solutions provider Virtavo exposed sensitive data on hundreds of thousands of users.
  • A data server with 3GB of personal information and telemetry from iPhones was found exposed.
  • The data included phone numbers, device identifiers, IP addresses, and firmware versions.
  • The researchers reported the issue, and the server has been shut down.

Read Full Article

like

19 Likes

source image

Socprime

4d

read

117

img
dot

Image Credit: Socprime

Understanding Basics of Apache Kafka

  • Apache Kafka is an open-source platform designed for building real-time data pipelines and streaming applications.
  • Kafka operates as a distributed messaging system, allowing systems to publish and subscribe to streams of records.
  • Key concepts of Kafka include topics, producers, consumers, brokers, and partitions.
  • Kafka is efficient for managing real-time data streams and is suitable for various use cases like log aggregation, real-time analytics, and event-driven systems.

Read Full Article

like

7 Likes

source image

Socprime

4d

read

0

img
dot

Image Credit: Socprime

Using map Command in Splunk

  • The map command in Splunk allows executing secondary searches based on the results of a primary search.
  • It is particularly useful in cybersecurity for uncovering indicators of compromise (IOCs) and analyzing user activity patterns.
  • An example usage of the map command is for detecting brute force attempts by identifying users with multiple failed login attempts followed by a successful login within a short time frame.
  • While the map command is powerful, it can be resource-intensive and should be used cautiously.

Read Full Article

like

Like

source image

TechBullion

4d

read

227

img
dot

Image Credit: TechBullion

Securing the Future of AI: Insights from Cybersecurity Specialist Alok Jain.

  • Alok Jain, a cybersecurity specialist with over two decades of experience, shares insights on AI security concerns, actionable strategies to safeguard AI systems and explores the transformative role of federated learning in the AI field.
  • Protecting AI models from inversion attacks requires data protection, strong security measures, strict access controls, and proactive monitoring.
  • Protecting training data integrity requires careful validation, secure storage, regular audits, data sanitization, and robust training techniques.
  • Organizations should adopt a comprehensive and multi-layered approach in securing the AI supply chain.
  • AI-powered threat detection offers advanced, adaptive, and proactive capabilities to combat the ever-evolving landscape of cyber threats.
  • Building a secure cloud environment for AI requires prioritizing robust access controls, data encryption, continuous monitoring, secure configuration, network security, compliance, automated testing, and a solid disaster recovery plan.
  • Federated learning offers a powerful way to enhance privacy and security for AI models by enabling decentralized training. However, successful implementation requires addressing challenges related to data heterogeneity, communication, computational constraints, and security risks.
  • Preparing AI models for quantum threats requires a proactive and strategic approach. By understanding the quantum threat landscape, adopting PQC standards, collaborating with specialized providers, conducting thorough risk assessments, investing in R&D, implementing hybrid solutions, and educating personnel, organizations can ensure that their AI systems remain secure in the age of quantum computing.
  • Government regulations like the EU’s AI Act are instrumental in enhancing AI cybersecurity by setting clear standards, promoting accountability, and encouraging best practices.
  • Collaboration between industry and academia is crucial for addressing AI cybersecurity challenges and leads to innovative and effective cybersecurity solutions.

Read Full Article

like

13 Likes

source image

Socprime

4d

read

24

img
dot

Image Credit: Socprime

Splunk: Using collect Command for Creating New Events in a New Index

  • The collect command in Splunk allows you to write search results into a summary index for long-term storage or faster analysis.
  • You can save summarized data into a new summary index using the collect command.
  • The summarized results will be written into the windows_failed_logon_trend summary index, which can be used for investigation or further analysis.
  • Using the collect command, you can efficiently manage and reuse data, optimizing your Splunk environment for performance and usability.

Read Full Article

like

1 Like

source image

Global Fintech Series

4d

read

178

img
dot

Image Credit: Global Fintech Series

Fintech Startups from the Global Fintech Landscape That Made Headlines in 2024

  • In 2024, fintech startups redefined financial services through innovation, customer focus, and market expansion.
  • Nubank, South America’s largest neobank with over 70 million customers in Brazil, Mexico, and Colombia, solidified its dominance in the global fintech space.
  • Revolut expanded its financial services beyond traditional banking and AI-driven fraud prevention tools.
  • Wise maintained its leadership in international money transfers, with cost-effective and transparent services.
  • Adyen achieved significant milestones in 2024 by expanding partnerships with major companies like Meta, Uber, and Microsoft.
  • Finastra provided innovative financial software solutions across banking and capital markets with cutting-edge solutions.
  • Klarna revolutionized consumer financing in 2024, focusing on transparent, interest-free options and AI-driven personalization.
  • LM Funding America specializes in cryptocurrency mining and financing for nonprofit community associations and positioned as one of the fastest-growing fintechs in the U.S.
  • SoFi Technologies expanded its personal finance ecosystem, offering student loan refinancing, mortgages, investment tools, and banking services.
  • Plaid, a fintech infrastructure provider, gained recognition for its critical role in connecting financial apps with consumer bank accounts.

Read Full Article

like

10 Likes

For uninterrupted reading, download the app