menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

4d

read

387

img
dot

Image Credit: Tech Radar

This new phishing campaign can tailor its messages to target you with your favorite businesses

  • Cybersecurity researchers have discovered a new phishing technique that deploys DNS Mail exchange (MX) records to serve phishing emails that closely resemble legitimate messages.
  • The Phishing-as-a-Service (PhaaS) kit, called Morphing Meerkat, is capable of spoofing more than 100 different brands, making it a potent offering for cybercriminals.
  • The phishing kit dynamically serves fake login pages based on the victim's email domain, leading to a more natural and consistent phishing experience.
  • To protect against this phishing technique, organizations are advised to implement a strong layer of DNS security, including DNS controls and restrictions on communication with Domain over HTTPS (DoH) servers.

Read Full Article

like

23 Likes

share

5 Shares

source image

The Verge

4d

read

149

img
dot

Image Credit: The Verge

Madison Square Garden’s surveillance system banned this fan over his T-shirt design

  • A fan, Frank Miller, was banned for life from Madison Square Garden and its properties over a T-shirt incident from 2021 he claims he wasn't involved in.
  • The ban notice was handed to Miller at Radio City Music Hall, part of MSG, before a concert.
  • Miller suspects he was identified through facial recognition technology used by MSG.
  • The incident may have involved a T-shirt design relating to a controversy with 1990s Knicks star Charles Oakley and MSG CEO James Dolan.
  • Despite not wearing a controversial shirt at the event, Miller was informed of his ban at Radio City.
  • Miller, a graphic designer based in Seattle, had not purchased tickets himself for MSG events prior to this incident.
  • Even though he could appeal the ban, Miller deemed it not a priority for him.
  • The experience has prompted Miller to raise awareness about unexpected denials based on collected data and surveillance.
  • Others have faced similar situations, including a New Jersey attorney denied entry at Radio City due to being on an attorney exclusion list.
  • Miller emphasizes the need to be conscious of surveillance practices and how they can impact access to events and venues.

Read Full Article

like

8 Likes

share

2 Shares

source image

Silicon

4d

read

125

img
dot

Image Credit: Silicon

EU To Invest €1.3bn in AI, Cybersecurity, Digital Skills

  • The European Union plans to invest €1.3 billion in AI, cybersecurity, and digital skills.
  • The funding will be allocated to deploy critical technologies that are strategically important for the future of Europe and the continent's tech sovereignty.
  • The areas of focus include AI, cloud and data, cyber resilience, and digital skills.
  • The EU aims to improve the availability of generative AI applications, support digital innovation hubs, boost cyber resilience, and develop digital skills in the workforce.

Read Full Article

like

7 Likes

share

1 Share

source image

Tech Radar

4d

read

96

img
dot

Image Credit: Tech Radar

Thousands of websites have now been hijacked by this devious, and growing, malicious scheme

  • A website hijacking campaign has compromised over 150,000 websites.
  • The attackers use iframe injections to display a full-screen overlay in the visitor's browser.
  • The overlays impersonate legitimate betting websites or serve fake gambling pages.
  • Web admins are advised to audit their code, block malicious domains, and monitor logs for unexpected outgoing requests.

Read Full Article

like

5 Likes

share

1 Share

source image

Medium

4d

read

364

img
dot

How AI is Changing the Cybersecurity Game: The Rise of Autonomous Threat Detection

  • AI-driven cybersecurity solutions enable proactive threat hunting and real-time incident response.
  • Agentic AI, used by companies like Microsoft, CrowdStrike, and Darktrace, operates autonomously without human intervention.
  • AI platforms reduce response times and detect abnormal behavior to prevent data exfiltration.
  • Challenges faced by AI in cybersecurity include deepfake phishing, data quality, privacy concerns, and responsible AI governance.

Read Full Article

like

21 Likes

share

5 Shares

source image

Siliconangle

4d

read

396

img
dot

Image Credit: Siliconangle

Report warns that browser-native ransomware is a growing threat to enterprise data

  • A new report warns about the rise of browser-native ransomware, posing a threat to enterprise data protection.
  • Browser-native ransomware operates within the browser and does not require any downloads, targeting the victim's digital identity.
  • The attacks leverage AI agents to automate the majority of the attack sequence, making social engineering and interference from attackers minimal.
  • The report advises enterprises to reconsider their browser security strategy and invest in a browser-native solution to combat the next generation of ransomware attacks.

Read Full Article

like

23 Likes

share

5 Shares

source image

TechCrunch

4d

read

351

img
dot

Image Credit: TechCrunch

Mozilla patches Firefox bug ‘exploited in the wild’, similar to bug attacking Chrome

  • Mozilla has patched a security bug in Firefox for Windows that was being exploited in the wild.
  • The bug, tracked as CVE-2025-2857, has a similar pattern to a bug that Google patched in Chrome.
  • Exploiting the bug allows users to escape Firefox's sandbox, affecting other browsers with the same codebase.
  • Kaspersky researcher confirmed that the root cause of the Chrome bug also affects Firefox.

Read Full Article

like

21 Likes

share

4 Shares

source image

Medium

4d

read

133

img
dot

Image Credit: Medium

Signal Is Encrypted — So What’s the Big Deal About the War Plan Leak?

  • Signal is a messaging app popular for its encryption and use of end-to-end encryption.
  • Encryption protects messages during transmission, but not before or after.
  • Potential vulnerabilities include screenshots, keyloggers, spyware, insider leaks, and stolen or hacked devices.
  • For national security purposes, governments use purpose-built secure systems.

Read Full Article

like

8 Likes

share

1 Share

source image

Socprime

4d

read

4

img
dot

Image Credit: Socprime

CoffeeLoader Detection: A New Sophisticated Malware Family Spread via SmokeLoader

  • CoffeeLoader is a new sophisticated malware that evades security protection by using advanced evasion techniques and Red Team methods spread via SmokeLoader.
  • With over 1 billion malware strains circulating and 300 new malware pieces daily, early detection of emerging threats is crucial.
  • SOC Prime Platform offers detection algorithms against CoffeeLoader attacks, compatible with various security solutions and mapped to the MITRE ATT&CK framework.
  • Security professionals can hunt for IOCs using Zscaler research and Uncoder AI to transform IOCs into custom queries for SIEM or EDR platforms.
  • CoffeeLoader, discovered in September 2024, is designed to download and execute secondary payloads stealthily using unique GPU-based packing techniques.
  • The malware samples are packed, with CoffeeLoader mimicking ASUS's legitimate Armoury Crate utility using a packer called Armoury.
  • CoffeeLoader establishes persistence via Windows Task Scheduler and uses varied evasion tactics like call stack spoofing, sleep obfuscation, and Windows fibers.
  • It employs HTTPS for C2 communication, domain generation algorithms, and certificate pinning if primary C2 channels fail.
  • CoffeeLoader, spread through SmokeLoader, shares similarities with it in behaviors like scheduled tasks for persistence and utilizing low-level Windows APIs.
  • While a new SmokeLoader version shares some evasion features with CoffeeLoader, the relation between the two remains unclear.

Read Full Article

like

Like

share

Share

source image

TechJuice

4d

read

368

img
dot

Image Credit: TechJuice

NIC Karachi Cohort 13 Welcomes 40 Startups from 618 Applicants

  • NIC Karachi has announced its 13th Cohort, selecting 40 startups from 618 applicants.
  • Over 30% of the selected startups in Cohort 13 are led by female entrepreneurs.
  • The batch includes startups from diverse sectors such as FinTech, Cybersecurity, AI, Industrial Automation, and HealthTech.
  • Selected startups will receive mentorship, funding opportunities, and industry connections through NIC Karachi's incubation program.

Read Full Article

like

22 Likes

share

5 Shares

source image

Global Fintech Series

4d

read

109

img
dot

Image Credit: Global Fintech Series

Can Blockchain Address the Critical Pain Points of Modern Fintech?

  • Blockchain technology is disrupting the financial industry by offering innovation, efficiency, and security on a global scale.
  • Blockchain's impact on fintech includes reducing operational costs, enhancing security, and providing transparency.
  • Global spending on blockchain in finance is expected to exceed $18.7 billion by 2024, emphasizing its growing importance.
  • Blockchain addresses fintech pain points by offering security, transparency, and operational efficiency.
  • The technology enables faster, secure transactions, reduces fraud, and enhances operational transparency.
  • Blockchain's core advantages in fintech include enhanced security, greater transparency, boosted efficiency through automation, and advancing financial inclusion.
  • Key challenges faced by fintech companies include fraud risks, inefficiencies, lack of financial inclusion, regulatory compliance, centralization, and slow processes.
  • Blockchain technology improves data security, increases trust and transparency, promotes financial inclusion, streamlines payments, and enables new crowdfunding models.
  • Fintech industry's adoption of blockchain is reshaping financial services, with opportunities for improved processes and security.
  • Blockchain's versatility allows fintech companies to create digital tokens, loyalty programs, and streamline transactions independently.

Read Full Article

like

6 Likes

share

1 Share

source image

Arstechnica

4d

read

190

img
dot

Image Credit: Arstechnica

Gemini hackers can deliver more potent attacks with a helping hand from… Gemini

  • Researchers have developed a method to create computer-generated prompt injections against Gemini with higher success rates.
  • Indirect prompt injections have emerged as a powerful means for attackers to exploit large language models.
  • These prompt injections can divulge confidential information and deliver falsified answers.
  • Black-box nature of closed-weights models like Gemini makes it challenging for attackers to devise working prompt injections.

Read Full Article

like

11 Likes

share

2 Shares

source image

Tech Radar

4d

read

254

img
dot

Image Credit: Tech Radar

Solar grids could be hijacked and even potentially disabled by these security flaws

  • Solar inverters produced by Sungrow, Growatt, and SMA have been found to have 46 vulnerabilities.
  • These vulnerabilities could potentially lead to remote code execution, denial of service, device takeover, and access to sensitive information.
  • Concerns have been raised about the possibility of hijacking solar grids and damaging the electrical grid.
  • The manufacturers have released patches for all the disclosed vulnerabilities.

Read Full Article

like

15 Likes

share

3 Shares

source image

Tech Radar

4d

read

76

img
dot

Image Credit: Tech Radar

Microsoft Stream classic domain hijacked, causing spam across SharePoint

  • An old Microsoft Stream domain, microsoftstream.com, was recently hijacked and used in a spam campaign.
  • Users with SharePoint sites that contained embedded videos experienced the malicious content.
  • Microsoft has taken action to prevent access to the impacted domains.
  • The hijacked domain could have been used for more harmful activities, but the attackers in this case opted for a spam campaign.

Read Full Article

like

4 Likes

share

1 Share

source image

Cybersecurity-Insiders

4d

read

271

img
dot

Image Credit: Cybersecurity-Insiders

Generative AI providers rewriting the rules of automated traffic – F5 report

  • Generative AI has led to a surge in automated bot traffic, outnumbering human users for web content requests.
  • A report by F5 analyzed 207 billion web transactions, showing significant growth in web scrapers used by LLM providers.
  • Over half of web page requests were automated, with a notable increase in content scraping.
  • Industries like healthcare, hospitality, and entertainment were targeted most by bot traffic.
  • Certain industries, like technology and entertainment, faced higher rates of account takeover attacks.
  • Despite high bot traffic levels, most industries saw a decline in automated activity compared to the previous year.
  • Mitigation efforts against bots had varied impacts, resulting in decreased automated activity in some cases.
  • The rise of generative AI has presented challenges for organizations to combat evolving bot traffic patterns.
  • Industries need to adapt and strengthen defenses to deter sophisticated automated traffic.
  • An increase in bot traffic post-mitigation doesn't imply breach success, but rather persistent attempts to access data.

Read Full Article

like

16 Likes

share

3 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app