Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Tech Radar

212

Image Credit: Tech Radar

AI chatbot builder leaks hundreds of thousands of records online

AI chatbot builder WotNot leaked over 300,000 files of personally identifiable information online.
The exposed files contained passports, medical records, and CVs of individuals.
The storage bucket was accessible to anyone without authorization for over two months.
The leak poses a serious security and privacy threat, including identity theft and fraud.

Read Full Article

12 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Helping Payments Companies Remain PCI-Compliant in the Cloud

The payments technology space has often lagged in adapting to new technology and updating regulations.
Cloud adoption in payments companies has created new risks and compliance challenges.
Hardware security modules (HSMs) can help address security and compliance requirements.
HSM as a Service offers a workaround for PCI compliance in the cloud.

Read Full Article

2 Likes

Dev

279

Image Credit: Dev

Free Security Learning Resources: Unlock the World of Cybersecurity

Understanding cybersecurity is crucial in today's digital world.
Free online resources offer comprehensive knowledge of network security and cryptography.
Edinburgh Napier University provides a course on network security covering intrusion detection, cryptographic ciphers, public key infrastructure, and blockchain security mechanisms.
MIT offers a course on cryptography, focusing on symmetric and public-key encryption, cryptographic hash functions, and real-world security applications.

Read Full Article

16 Likes

TechJuice

230

Image Credit: TechJuice

Challenges Mount for Digital Community in Sustaining Livelihoods

Pakistan's digital community continues to face poor internet speeds and unpredictable access, impacting remote workers and freelancers.
Unreliable internet and inaccessibility of social media platforms have affected the ability of remote workers and freelancers to compete in the global market.
The government's strategy of requiring VPN registration has backfired, denying access to many users and contributing to the digital divide.
Insufficient infrastructure and bad internet policies threaten Pakistan's digital workforce and online communities.

Read Full Article

13 Likes

Discover more

TechCrunch

103

Image Credit: TechCrunch

These alternatives to popular apps can help reclaim your online life from billionaires and surveillance

There are alternatives out there to apps that sell your data, and they're often just as good or better. For example, you can save articles for later using Wallabag instead of Pocket, and you can encrypt all of your messages and calls using Signal. Prefer a self-hosted Dropbox alternative? Check out Nextcloud. Looking for a simple, but secure way to store your passwords? Try Bitwarden. Want an encrypted photo app? Ente.io has you covered. Other recommendations include Home Assistant for smart homes, Owncast for livestreaming, and Stirling PDF for PDF editing.
Wallabag is a read-later web-archiving service that lets you save articles for later. It's a strong competitor to Pocket and can be hosted for free on a NAS server you run yourself.
Signal is a renown secure messaging app that knows nothing about you. By encrypting all of your messages and calls, Signal keeps you safe from prying eyes and ears.
Nextcloud is a self-hosted alternative to Dropbox. It's built with security in mind and provides you end-to-end encrypted access to your files from your phone or any other device you have.
Bitwarden is an open source password manager that helps you log in quickly to your favorite sites and auto-fills your credit card details when you want to pay for something. Bitwarden is more readily auditable and open about its software development process.
Joplin and Notesnook are note-taking apps that keep all of your notes, thoughts, and scribbles in one encrypted place that you can access anytime. LibreOffice is an Office alternative that is private by design and free to use.
Ente.io is a privacy-focused photo storage app designed to securely back up all of your photos and videos to the cloud. It lets you manage and share your photos privately and for free.
Home Assistant connects all of your smart home devices and lets you control them all from one place. It can be self-hosted on a variety of devices, and is there for you when a supported Smart Home device goes defunct.
Owncast is a free and fairly easy-to-use self-hosted streaming system for setting up and hosting livestreams. It's a good alternative to relying entirely on the tools of a giant corporation when it comes to live streaming.
Stirling PDF is a Swiss Army knife for PDF documents. It lets you convert, edit, merge, split, sign, and more, all without having to hand over your personal or sensitive files to a cloud giant.

Read Full Article

6 Likes

Cybersecurity-Insiders

293

Image Credit: Cybersecurity-Insiders

Zscaler’s Top 10 Predictions for 2025

In 2025, organisations will need to adapt to succeed, becoming more proactive and resilient in the face of a rapidly evolving threat landscape.
Operational technology security will become a greater priority, due to the integration of IT and OT infrastructures.
Micro-segmentation will become standard practice to limit the damage of successful attacks.
Nation-state and ransomware attacks will continue to intensify their focus on critical infrastructures in 2025.
Compliance-driven innovation will surge in response to the growing complexity of IT infrastructures.
Connectivity sovereignty will become a major factor in global IT strategies, with distributed cloud architectures and edge computing solutions being adopted.
Advanced AI-powered cyberattacks will drive the development of AI-based security solutions.
Economic pressures will force more organisations to optimise their security investments and consolidate their security tools.
Outdated legacy infrastructures will face increasing scrutiny, with organisations moving toward cloud-based solutions.
Geopolitics and cybersecurity will become increasingly intertwined as National Critical Infrastructure (NCI) becomes a key focus for attackers.
Ubiquitous security services will become the norm, with enterprises demanding a complex protection solution across all networks.

Read Full Article

17 Likes

Silicon

108

Image Credit: Silicon

Meta Concerned At Australia’s Social Media Ban For Under-16s

Meta has criticised the Australian government for rushing the social media ban without considering the evidence and voices of young people.
Both houses of the Australian parliament have approved the world's first social media ban for under-16s, involving fines of up to AUD 50m for companies who fail to prevent minors using their services.
Enforcement of the social media ban may not be straightforward, since some youths have publicly admitted lying about their age on tech platforms.
Tech giants including TikTok have said the law could push young users to darker corners of the internet, while human rights groups and mental health advocates have warned the policy may marginalise young Australians.
Australia may not be the only country exploring legislation to restrict social media for minors - the UK has said a ban is on the table while the French education minister has expressed her desire to adopt the ban.
Most social media companies have said they will comply with the ban, but expressed concerns about enforcement and its potential impact.
Meta said the task now turns to ensuring productive consultation on all rules associated with the bill and a technically feasible outcome that does not place a burden on parents and teens.

Read Full Article

6 Likes

Cybersecurity-Insiders

446

Image Credit: Cybersecurity-Insiders

From Credentials to Identity: Understanding Digital Identity and Access

To better understand the problems of online identity theft, we need to consider what we mean by ‘digital identity’.
Access to digital infrastructure traditionally relies on information associated with this digital identity.
Stolen credential incidents have appeared in almost one-third (31%) of all breaches.
Microsoft reports a notable increase in sophisticated phishing campaigns designed to deceive individuals into revealing sensitive information.
According to the US Cybersecurity and Infrastructure Security Agency (CISA), Valid Accounts were the most common successful attack technique, responsible for 41% of attempts.
MFA adds an additional layer of security, making it more difficult for attackers to compromise accounts even if credentials are obtained.
Implementing Restrictive Conditional-Access Policies can provide an additional layer of security by ensuring that only trusted users and devices can access sensitive systems.
Implementing robust access control mechanisms is essential to ensure only authorised users can access specific data and systems.
Regular monitoring of audit logs is crucial for detecting unusual activity early on, providing insights into who accessed what, when, and from where.
Through implementing multi-factor authentication, strengthening access controls, and establishing proactive monitoring and incident response measures, organisations can reduce the risk of unauthorised access and protect against identity theft.

Read Full Article

26 Likes

Tech Radar

302

Image Credit: Tech Radar

Uganda's central bank robbed, blames 'hackers'

A criminal group stole $16.8 million from Uganda's central bank and used a hacking story as a cover-up.
Initially, the bank reported being hacked, but further investigation revealed a larger scheme involving fake expenditures.
Part of the money, $7 million, was recovered as it was frozen in a UK bank account.
The perpetrators are believed to be from the Ministry of Finance and the Central Bank with top-level clearance.

Read Full Article

18 Likes

Socprime

315

Image Credit: Socprime

HATVIBE and CHERRYSPY Malware Detection: Cyber-Espionage Campaign Conducted by TAG-110 aka UAC-0063 Targeting Organizations in Asia and Europe

TAG-110 (UAC-0063) cyber-espionage campaign targets organizations in Asia and Europe
Adversaries use HATVIBE and CHERRYSPY malware tools to target state bodies, human rights organizations, and educational sector
TAG-110 group leverages Ukraine as a testing ground for new attack tactics before expanding to global targets
Organizations advised to patch security flaws, enforce multi-factor authentication, and improve cybersecurity awareness to mitigate threats

Read Full Article

19 Likes

Medium

103

Image Credit: Medium

Compare Gaming VPN Services

A VPN encrypts your internet connection, hides your IP address, and location to keep your online activity safe and secure.
Online gaming has become increasingly popular and with DDoS attacks becoming common, a VPN can add extra security.
A VPN offers access to games that might not be available in your region.
A VPN decreases the chance of having lag, and many VPN services offer optimized low-latency servers.
NordVPN is one of the most advanced VPNs and offers top-tier security, user-friendly interface, committed user safety features, and optimized servers for gaming.
Other gaming VPNs like ExpressVPN, Surfshark, and CyberGhost also offer exciting features to consider.
When selecting a gaming VPN, consider server speed, security features, server diversity, cost, and customer service options.
Using a gaming VPN elevates your gaming experience by securing your connection, providing access to restricted games, and improving overall performance.
However, some VPNs might decrease the speed of your connection, and not all VPNs are free.
Setting up a VPN can be a complex process but reputable VPN services provide clear instructions and customer support to ease onboarding.

Read Full Article

6 Likes

Tech Radar

203

Image Credit: Tech Radar

Industrial Wi-Fi networks found to have serious security flaws

Multiple Advantech access points, used for industrial Wi-Fi networks, have been found to have serious security flaws.
Twenty vulnerabilities were discovered in Advantech access points, with six of them being critical.
These vulnerabilities enable remote code execution, denial of service attacks, and more.
The flaws have been patched, and users are advised to continuously monitor and manage potential vulnerabilities to protect their industrial IT infrastructure.

Read Full Article

12 Likes

Socprime

288

Image Credit: Socprime

AWS WAF: Creating Custom String Match Rule

Navigate to Add Rules > Add Rules and Rule Groups page > Add my own rules and rule groups > Rule builder > Rule visual editor.
Define the Rule Settings: Name, Type (Regular rule), Condition (If a request matches the statement).
Configure Statement Settings: Inspect a request component (e.g., Single header), Specify the header, Match Type (Exactly matches string), String to Match (e.g., Pingdombot).
Set Action: Initially select CountCheck CloudWatch logs, then change to Block or Allow.

Read Full Article

17 Likes

Tech Radar

270

Image Credit: Tech Radar

Many small businesses are falling well short when it comes to cybersecurity plans

Most small and medium-sized enterprises (SME) are falling short in mobile cybersecurity
60% of SMEs expect employees to use personal mobile devices for work tasks
Employees are not provided cybersecurity training
40% of organizations have no guidelines for mobile device use

Read Full Article

16 Likes

Noupe

113

Image Credit: Noupe

Artificial Intelligence in Fraud Prevention: What Online Businesses Need to Know

Artificial Intelligence has proven to be a helpful tool for online companies in detecting, preventing, and responding to fraudulent activities in real-time.
With the capability of analyzing large amounts of data, AI tools can easily highlight various patterns of possible fraud in seconds. It can also improve accuracy via machine learning by learning from real-world situations.
Unlike traditional systems, AI-based fraud detection tools understand the common marks of fraudulent activities and take less time to achieve this.
Advanced machine learning models are superior in fraud versus non-fraud transaction classification, as it can analyze historical customer behavior to uncover outliers that may be unseen by human analysts.
AI-powered fraud prevention tools work in real-time and filter out all legitimate transactions, highlighting only those that need further investigation, thereby drastically reducing the load on human fraud analysts.
AI-powered systems learn and improve over time, making them competitive against evolving fraud techniques, providing a sense of security against changing threats.
For accurate results, online businesses need to invest in high-quality data collection as AI systems learn from training data.
AI has advantages over traditional fraud prevention methods with its increased accuracy, reduced operational costs, and scalability as businesses grow.
The AI implementation process entails assessing the current fraud prevention strategy, partnering with reliable AI vendors, training and implementing the AI tool, and monitoring and optimizing the system's performance.
GDPR laws should be considered while deploying AI systems as compliance is a huge factor, especially concerning sensitive customer data.

Read Full Article

6 Likes

For uninterrupted reading, download the app