A naukri.com initiative
Cyber Security News
Kaspersky
2d
252
Image Credit: Kaspersky
AirBorne: attacks on devices via Apple AirPlay | Kaspersky official blog
- Researchers have discovered a series of security flaws in Apple AirPlay, termed 'AirBorne', which can be exploited for wireless attacks on AirPlay-enabled devices.
- AirPlay is an Apple-developed protocol for streaming audio and video wirelessly between devices, with wide integration across Apple devices and third-party gadgets.
- The vulnerabilities in AirPlay allow various types of attacks, including remote code execution, man-in-the-middle attacks, denial of service, and sensitive information disclosure.
- Some of the critical vulnerabilities can lead to attacks like zero-click remote code execution on macOS devices, potentially spreading malware across networks.
- Updating all AirPlay-enabled devices to the latest software versions is crucial to safeguard against AirBorne attacks, along with disabling AirPlay receiver when not in use and restricting streaming permissions.
- Additional security measures include installing reliable security solutions on devices to enhance protection against potential vulnerabilities.
- The AirBorne vulnerabilities highlight the importance of staying vigilant and proactive in securing Apple devices from cyber threats and potential attacks.
- Some of the other vulnerabilities that Apple users may encounter include the SparkCat trojan stealer, Banshee malware targeting macOS, and risks to Apple Vision Pro users.
- It's essential for users to stay informed about security risks, follow best practices for device security, and take necessary steps to mitigate vulnerabilities in their Apple ecosystem.
- By addressing vulnerabilities promptly, users can enhance the security of their devices, protect their data and privacy, and reduce the risk of falling victim to cyber attacks.
- Ensuring regular software updates, configuring AirPlay settings securely, and employing robust security solutions are key strategies in defending against potential threats in the digital landscape.
Read Full Article
15 Likes
Dev
2d
165
Image Credit: Dev
Can WhatsApp actually read your messages? Myth vs Reality
- WhatsApp's end-to-end encryption ensures messages are only readable by the sender and recipient, protecting user communications from third parties.
- End-to-end encryption encrypts messages on the sender's device and decrypts them only on the recipient's device, making messages unreadable in transit.
- Persistent myths suggest WhatsApp employees can access messages, data is shared with Facebook, and WhatsApp has a backdoor to access messages.
- WhatsApp's encryption protocol, implemented using Signal Protocol, prevents anyone, including WhatsApp employees, from accessing message content.
- While WhatsApp shares some user data with Facebook, message content remains encrypted and inaccessible for advertising or other purposes.
- There is no evidence of WhatsApp having a backdoor to access user messages, as the encryption protocol is open-source and transparent.
- WhatsApp collects metadata but does not have access to message content; exceptions include backups to cloud storage and device security vulnerabilities.
- Protecting your device with strong passwords, two-factor authentication, and software updates is crucial to securing WhatsApp messages.
- Understanding the security measures of WhatsApp and staying informed about cyber threats can help users maintain privacy and security online.
- Using authentic software and files while staying updated on security practices can contribute to a safer online experience for users.
Read Full Article
9 Likes
VentureBeat
2d
31
Image Credit: VentureBeat
Salesforce just unveiled AI ‘digital teammates’ in Slack — and they’re coming for Microsoft Copilot
- Salesforce introduced Agentforce in Slack, providing task-specific AI agents to assist in workplace conversations and actions.
- The move signifies a shift towards purpose-built AI agents over general assistants for more reliable results in enterprise AI.
- Agentforce enables multi-step actions, orchestrating workflows and interacting with multiple systems within Slack.
- Slack Employee Agent Templates will offer pre-configured solutions for common use cases like Customer Insights and Onboarding.
- Salesforce emphasizes the need for AI agents to handle a wide range of tasks with logic and policy adherence.
- Two key capabilities introduced are Slack Enterprise Search and General Slack Topic to support AI agents.
- Agentforce operates within existing user permissions in Salesforce and Slack, ensuring data security and authorization.
- Salesforce extends access to Agentforce to non-Salesforce users through no-cost Salesforce Identity licenses for interaction in Slack.
- Early adopters of Agentforce like reMarkable and Formula 1 have reported significant improvements in support and response times.
- Salesforce's specialized AI approach in Slack positions it against competitors like Microsoft’s Copilot and Google’s Gemini in the enterprise AI market.
Read Full Article
1 Like
Socprime
2d
205
Image Credit: Socprime
CVE-2025-4427 and CVE-2025-4428 Detection: Ivanti EPMM Exploit Chain Leading to RCE
- Two new security flaws, CVE-2025-4427 and CVE-2025-4428, in Ivanti Endpoint Manager Mobile (EPMM) software have been discovered, allowing for remote code execution without authentication.
- The importance of proactive threat detection in light of the increasing number of vulnerabilities, as seen with over 18,000 logged by NIST in the first half of 2025, is emphasized.
- Ivanti has addressed the vulnerabilities in the API component of EPMM software, where CVE-2025-4427 is an authentication bypass, and CVE-2025-4428 is an RCE flaw, impacting on-premises EPMM instances.
- Defenders recommend applying the available patches to mitigate the risks associated with CVE-2025-4427 and CVE-2025-4428, found in EPMM versions up to 12.5.0.0.
Read Full Article
12 Likes
Vista InfoSec
2d
176
Image Credit: Vista InfoSec
Minimize Cybersecurity Threats by Making Smart Hosting Choices
- Hosting plays a critical role in protecting websites from cyber threats and should not be overlooked in cybersecurity strategies.
- Different hosting types offer varying levels of security, with dedicated and VPS hosting providing better isolation.
- Choosing a hosting provider with transparency, quality support, and built-in security tools is crucial for long-term security.
- Shared hosting can pose risks due to multiple sites sharing a server, making them vulnerable if one site is compromised.
- Providers that prioritize security invest in infrastructure, monitoring, and responsive customer support to prevent breaches.
- Key features like DDoS protection, malware scanning, automatic backups, and patch management enhance hosting security.
- Warning signs when choosing a host include vague security documentation, poor customer support, and lack of compliance with industry standards.
- Choosing a hosting solution tailored to your website's needs and future growth is essential for long-term cybersecurity.
- Your hosting choice impacts your site's safety, reliability, and user trust, making it a crucial aspect of cybersecurity.
- Understand your hosting environment and prioritize security features to make informed decisions that protect your digital space.
Read Full Article
9 Likes
Siliconangle
2d
363
Image Credit: Siliconangle
BreachRx raises $15M to expand intelligent incident response platform
- Incident response startup BreachRx Inc. raises $15 million in new funding to scale up its go-to-market and engineering teams.
- BreachRx offers an intelligent incident response platform that automates the creation of tailored incident response plans and guides stakeholders through every phase of an incident.
- The platform provides a centralized workspace for all teams involved in incident response, integrates privileged communication channels and audit trails, and includes features like Rex AI for real-time recommendations.
- The Series A round was led by Ballistic Ventures, with notable customers including Coinbase Global Inc., Commvault Systems Inc., and American Express Co. among others.
Read Full Article
21 Likes
Tech Radar
2d
11
Image Credit: Tech Radar
Broadcom hit by employee data theft after breach in supply chain
- In a supply chain attack, sensitive data of Broadcom customers was leaked on the dark web after a breach at Business Systems House (BSH) in September 2024, a business partner of ADP, which serviced Broadcom.
- The stolen data included National ID numbers, health insurance details, financial account numbers, contact information, and salary details.
- Broadcom almost switched payroll providers before the breach was discovered in December 2024, with data exposed in unstructured format.
- El Dorado, later rebranded as BlackLock, was identified as the group behind the attack, urging users to enhance security measures and monitor financial records.
Read Full Article
Like
Tech Radar
2d
47
Image Credit: Tech Radar
Broadcom hit by employee data theft after breach in ADP payroll system
- Business Systems House, a partner of ADP, experienced a breach in September 2024, leading to sensitive Broadcom files appearing on the dark web.
- Customers of Broadcom had their data exposed after a supply chain attack, with data such as National ID numbers, salary details, and personal contact information being leaked.
- The stolen data was discovered on the internet in December 2024, prompting Broadcom to advise users to enable multi-factor authentication and monitor financial records.
- The attackers, known as El Dorado and later rebranded as BlackLock, are a ransomware group consisting of Russian-speaking individuals. The incident highlights the importance of cybersecurity measures for both businesses and individuals.
Read Full Article
2 Likes
Dev
2d
71
Image Credit: Dev
What is SD-WAN?
- SD-WAN revolutionizes network connectivity for distant offices by centrally managing and enhancing performance.
- Key components include SD-WAN edge devices, controller, orchestration, transport-independent network, overlay network, and integrated security.
- SD-WAN adds a smart overlay to network connections, directing traffic based on defined policies and application needs.
- SD-WAN offers a flexible, secure, and efficient approach to network management, essential for stable connections and reliable performance.
Read Full Article
4 Likes
Tech Radar
2d
1k
Image Credit: Tech Radar
Legal Aid database hacked, 'significant amount' of data and criminal records stolen
- A cyberattack on the Legal Aid system led to the theft of a 'significant amount' of data, including criminal records, with up to 2.1 million records accessed.
- The data stolen may include contact details, addresses, dates of birth, national ID numbers, criminal history, employment status, financial data, debts, and payments.
- Legal Aid Agency's online digital services have been taken offline as a precaution, and the Ministry of Justice is working with authorities to secure systems.
- Individuals advised to be vigilant against unknown communications, update passwords, and verify identities independently to protect against potential misuse of stolen data.
Read Full Article
15 Likes
TechDigest
2d
312
Image Credit: TechDigest
UK identity fraud cases surge to record high
- Identity fraud cases in the UK have surged to a record high of over 421,000, marking a 13% increase from the previous year.
- Fraudscape 2025 report highlights a growing sophistication among fraudsters, with examples such as exploiting the Companies House system and claiming Universal Credit fraudulently.
- Certain regions like Bedfordshire, Cleveland, Merseyside, Nottinghamshire, and Greater Manchester are disproportionately affected by identity theft cases.
- Telecom sector faces a 76% rise in account takeover cases, with mobile phone accounts being prime targets; individuals over 61 account for 25% of identity fraud victims.
Read Full Article
18 Likes
Wired
2d
356
Image Credit: Wired
Who Even Is a Criminal Now?
- WIRED has a history of championing rogues and disruptive innovators since its inception.
- The current issue of WIRED explores the dark side of technology, featuring stories about scam influencers, DIY guns, and an AI-inflected death cult.
- Despite the rise of bad actors in power, WIRED encourages embracing a positive form of 'rogue' spirit to drive positive change.
- The issue also highlights individuals and organizations challenging the status quo, such as tech whistleblowers, anti-establishment rebels, and a vision for a democratized social internet.
Read Full Article
21 Likes
Wired
2d
193
Image Credit: Wired
For Tech Whistleblowers, There’s Safety in Numbers
- Amber Scorah, a whistleblower, founded Psst in 2024 to help tech industry and government workers share information with extra protections.
- Psst's main offering is a digital safe accessed through an encrypted text box on Psst.org, allowing users to enter their concerns anonymously.
- A unique feature of Psst is its 'information escrow' system, keeping submissions private until similar concerns are shared by others.
- Psst's approach of combining reports from multiple sources protects whistleblowers' identities and encourages sharing of information.
- Only Psst's in-house legal team can access the digital safe, ensuring confidentiality, particularly in countries like the US and UK.
- Psst plans to automate the review process through secure algorithms to identify potential matches while safeguarding contributors' identities.
- Psst involves investigative journalists or publishes accounts based on collected information, sometimes alerting regulators without public disclosure.
- Challenges include lagging regulations in areas like AI safety, where reporting may be in the public interest despite not being illegal.
- Amber Scorah sees Psst as a platform to expose harmful practices in the tech industry, just as she did with her own stories.
- Psst aims to have a sanitizing effect by shedding light on industry issues through whistleblowers' accounts.
Read Full Article
11 Likes
Wired
2d
35
Image Credit: Wired
How to Win Followers and Scamfluence People
- Format Boy, an influencer popular on various platforms, teaches online scams to a group of West African fraudsters known as the Yahoo Boys.
- The Yahoo Boys engage in scams targeting wealthy foreigners, often utilizing tactics like deepfakes and emotional manipulation to extract money.
- With a focus on social engineering, Yahoo Boys have exploited victims worldwide, leading to significant financial losses and tragic outcomes.
- They use coded terminology, such as 'formats,' for different scam types and maintain a lavish lifestyle on social media.
- Format Boy, a prominent 'scamfluencer,' shares tutorials on creating deepfakes and outlines various scam formats used by Yahoo Boys.
- Despite claiming not to personally engage in scamming, Format Boy provides advice and tools that could aid individuals in illegal activities.
- His teachings have drawn scrutiny for potentially encouraging criminal behavior, but he justifies his actions as empowering those in challenging circumstances.
- Format Boy's optimistic messages on determination and success contrast with the ethical implications of his teachings.
- Facing algorithmic challenges and identity theft issues, Format Boy remains active in sharing scam-related content and exploring new ventures like memecoins.
- The article sheds light on the intricate world of scam influencers and the ethical dilemmas surrounding their activities, emphasizing the impact on victims and broader societal implications.
Read Full Article
2 Likes
Silicon
2d
340
Image Credit: Silicon
Coinbase Hit By $400m Crypto Scam
- Cryptocurrency trading platform Coinbase faced a $400 million scam where criminals used customers' data to swindle funds.
- Attackers obtained personal data on less than 1% of customers by bribing overseas Coinbase staff and contractors.
- Rather than paying a $20 million ransom demand, Coinbase set up a reward fund for information leading to the criminals' arrest.
- The incident highlights the crypto industry's vulnerability to theft, with Coinbase estimating costs between $179m to $400m for remediation and reimbursements.
Read Full Article
20 Likes
For uninterrupted reading, download the app