Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Wired

194

Image Credit: Wired

For Tech Whistleblowers, There’s Safety in Numbers

Amber Scorah, a whistleblower, founded Psst in 2024 to help tech industry and government workers share information with extra protections.
Psst's main offering is a digital safe accessed through an encrypted text box on Psst.org, allowing users to enter their concerns anonymously.
A unique feature of Psst is its 'information escrow' system, keeping submissions private until similar concerns are shared by others.
Psst's approach of combining reports from multiple sources protects whistleblowers' identities and encourages sharing of information.
Only Psst's in-house legal team can access the digital safe, ensuring confidentiality, particularly in countries like the US and UK.
Psst plans to automate the review process through secure algorithms to identify potential matches while safeguarding contributors' identities.
Psst involves investigative journalists or publishes accounts based on collected information, sometimes alerting regulators without public disclosure.
Challenges include lagging regulations in areas like AI safety, where reporting may be in the public interest despite not being illegal.
Amber Scorah sees Psst as a platform to expose harmful practices in the tech industry, just as she did with her own stories.
Psst aims to have a sanitizing effect by shedding light on industry issues through whistleblowers' accounts.

Read Full Article

11 Likes

Wired

Image Credit: Wired

How to Win Followers and Scamfluence People

Format Boy, an influencer popular on various platforms, teaches online scams to a group of West African fraudsters known as the Yahoo Boys.
The Yahoo Boys engage in scams targeting wealthy foreigners, often utilizing tactics like deepfakes and emotional manipulation to extract money.
With a focus on social engineering, Yahoo Boys have exploited victims worldwide, leading to significant financial losses and tragic outcomes.
They use coded terminology, such as 'formats,' for different scam types and maintain a lavish lifestyle on social media.
Format Boy, a prominent 'scamfluencer,' shares tutorials on creating deepfakes and outlines various scam formats used by Yahoo Boys.
Despite claiming not to personally engage in scamming, Format Boy provides advice and tools that could aid individuals in illegal activities.
His teachings have drawn scrutiny for potentially encouraging criminal behavior, but he justifies his actions as empowering those in challenging circumstances.
Format Boy's optimistic messages on determination and success contrast with the ethical implications of his teachings.
Facing algorithmic challenges and identity theft issues, Format Boy remains active in sharing scam-related content and exploring new ventures like memecoins.
The article sheds light on the intricate world of scam influencers and the ethical dilemmas surrounding their activities, emphasizing the impact on victims and broader societal implications.

Read Full Article

2 Likes

Silicon

341

Image Credit: Silicon

Coinbase Hit By $400m Crypto Scam

Cryptocurrency trading platform Coinbase faced a $400 million scam where criminals used customers' data to swindle funds.
Attackers obtained personal data on less than 1% of customers by bribing overseas Coinbase staff and contractors.
Rather than paying a $20 million ransom demand, Coinbase set up a reward fund for information leading to the criminals' arrest.
The incident highlights the crypto industry's vulnerability to theft, with Coinbase estimating costs between $179m to $400m for remediation and reimbursements.

Read Full Article

20 Likes

Dev

222

Image Credit: Dev

Taking Python Further in Cybersecurity: Real-World Applications and Projects

After mastering Python basics in cybersecurity, real-world applications are crucial for hands-on experience.
Python excels in network analysis, vulnerability detection, automation, and digital forensics in cybersecurity.
Practical Python projects tackle real-world cybersecurity challenges, enhancing expertise and confidence.
Projects like network monitoring, vulnerability scanning, file integrity monitoring, and password security research are valuable.
Python automates incident response processes, forensic investigations, and web security tasks effectively.
Building projects with Python aids in understanding security concepts and creating a valuable portfolio for cybersecurity careers.
Additional project ideas include log parsing, subdomain scanning, reverse shell building, GeoIP tracking, and threat intelligence aggregation.
Participating in Capture The Flag competitions and staying connected with the cybersecurity community are recommended for skill enhancement.
Python in cybersecurity offers endless possibilities for learners, aiding in threat identification, mitigation, and response.
For further assistance, a detailed 17-page PDF guide 'Mastering Cybersecurity with Python' is recommended.

Read Full Article

13 Likes

Discover more

TechDigest

218

Image Credit: TechDigest

Cyber attack on UK legal aid agency exposes private data, including criminal records

The UK's Legal Aid Agency experienced a significant cyberattack resulting in the theft of private data, including criminal records, as reported by the Ministry of Justice.
Attackers claim to have accessed 2.1 million pieces of data, including applicants' contact details, criminal history, and financial information spanning the past 15 years.
The Ministry of Justice advises individuals who applied for legal aid during this period to remain vigilant for suspicious activities and update potentially exposed passwords.
The breach is being investigated by the National Crime Agency and the National Cyber Security Centre, with the Information Commissioner notified, and the Legal Aid Agency's online services have been taken offline.

Read Full Article

13 Likes

Securityaffairs

281

Image Credit: Securityaffairs

James Comey is under investigation by Secret Service for a seashell photo showing “8647”

Former FBI chief James Comey is under investigation by the Secret Service for sharing an image of seashells arranged to display the numbers ‘8647,’ which some interpret as incitement to violence against Trump.
The post on Instagram was later deleted, and the Secret Service is investigating the matter.
The number '86' is slang for 'to reject' or 'to get rid of', and '47' is likely a reference to Trump being the 47th US president.
Comey claims he did not know what the numbers meant and removed the post, stating he opposes violence.

Read Full Article

16 Likes

Securityaffairs

238

Image Credit: Securityaffairs

Pwn2Own Berlin 2025: total prize money reached $1,078,750

Pwn2Own Berlin 2025 total prize money reached $1,078,750 over three days, with $383,750 awarded on the final day.
Participants demonstrated 28 unique zero-days in products such as VMware Workstation, ESXi, Windows, NVIDIA, and Firefox, earning a total of $1,078,750, including 7 in the AI category.
STAR Labs SG won the 'Master of Pwn' title with $320,000 and 35 points.
Various participants exploited vulnerabilities, with exploits including a zero-day in ESXi earning $112,500, a heap-based buffer overflow in VMware Workstation earning $80,000, and a TOCTOU race condition in Windows earning $70,000.

Read Full Article

14 Likes

Hackernoon

357

Image Credit: Hackernoon

The Complete Guide to Crafting Security Headlines That Cut Through the Noise

Crafting security headlines that stand out is essential to capture the attention of busy and skeptical security professionals.
Your blog title is crucial as it is often the first impression readers get and determines if they click through.
To create effective titles, focus on promising value, showing relevance, being clear, and reflecting the article's tone.
Understand your cybersecurity audience, which includes a wide range of professionals like penetration testers and CISOs.
Use proven title formats like 'How to,' listicles, 'X vs Y,' question-based, myth-busting, and explainer titles.
Real-world examples, warning headings, career and learning topics, and tool-focused titles are also effective in cybersecurity.
Additional tips include being specific, avoiding jargon, using natural keywords, and not resorting to clickbait.
Testing alternate headlines and using a checklist before publishing can help refine and improve your blog titles.
Remember that a good blog title should be clear, engaging, and honest in communicating the value of the content.
Start with multiple potential titles, test them, edit them, and always keep the reader in mind when crafting security headlines.

Read Full Article

21 Likes

Hackernoon

341

Image Credit: Hackernoon

Your Next Data Breach Might Start with a Friendly Face

Insider threats, whether malicious, negligent, or compromised, pose financial, reputational, and legal risks to companies.
The most common insider threats include loss of confidential data, sabotage and system damage, phishing and credential leaks, and reputational damage.
Prevention measures include restricting access, using Data Loss Prevention tools, implementing activity monitoring, and training staff regularly on cybersecurity best practices.
By adopting intelligent tools, strict policies, and a security-aware culture, organizations can effectively mitigate insider threats and prevent costly consequences.

Read Full Article

20 Likes

Hackernoon

142

Image Credit: Hackernoon

IPinfo’s Free IP Geolocation API Is a Must-Have for Cybersecurity Teams

IPinfo provides IP geolocation information which is crucial for cybersecurity teams to monitor suspicious traffic, log analysis, and OSINT.
Their new free plan offers unlimited country-level IP geolocation and ASN data, making it beneficial for cybersecurity professionals and developers.
Users can easily get started with IPinfo's API by signing up for a free account, obtaining an API key, and making API calls to retrieve IP information.
IPinfo not only offers an API but also tools like a Command-Line Tool, Browser Extension, Bulk IP Lookup, and Python SDK for various cybersecurity use cases.

Read Full Article

8 Likes

Hackernoon

274

Image Credit: Hackernoon

MCP Servers Still Run Critical Infrastructure—Here’s How to Secure Them

MCP (Master Control Program) servers, used in high-reliability applications, are crucial for industries but often overlooked in cybersecurity.
The Vulnerable MCP Project serves as a teaching tool to highlight security risks in MCP environments and train professionals to protect legacy systems.
Securing MCP servers is essential for compliance, uptime, and preventing data breaches in industries like finance and healthcare.
Common vulnerabilities in MCP servers include insecure authentication, obsolete encryption protocols, hardcoded admin credentials, lack of monitoring, unpatched software, and no RBAC.
Recommendations for securing MCP systems include implementing strong password policies, upgrading encryption protocols, using secrets management tools, logging and monitoring, regular patching, and enforcing RBAC.
Tools like port scanners, vulnerability scanners, SSH hardening, and network segmentation can help in securing MCP servers.
Real-world application examples include how a bank could secure its MCP system by auditing user accounts, enabling logging, shifting credentials to a secrets manager, testing patches, and conducting personnel training.
To practice securing MCP servers, individuals can download the Vulnerable MCP Project, set it up in a sandboxed lab, and use tools like Wireshark, Metasploit, and OSINT tools in a controlled environment.
Key takeaways include the importance of securing MCP servers, the neglect of legacy systems in security planning, the value of the Vulnerable MCP Project for hands-on learning, and the need for a mix of modern security practices and legacy-specific measures.
While new technologies are essential, securing old systems like MCP is equally crucial, and projects like the Vulnerable MCP Project play a significant role in educating and securing these systems.

Read Full Article

16 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

SafeLine WAF: Best Security Choice for Small Businesses

SafeLine WAF is a web application firewall designed to protect websites from various attacks like SQL injections, XSS, and zero-day attacks, utilizing a semantic analysis engine for advanced threat detection.
Key features of SafeLine WAF include semantic analysis for threat detection, bot protection, HTTP flood DDoS protection, identity and access management, customizable security rules, and user-friendly setup and management.
SafeLine WAF stands out due to its affordability, with options like a free edition for personal use, a Lite edition for $10 per month, and a Pro edition for $100 per month, making it accessible for small businesses and individuals.
SafeLine WAF offers a comprehensive security solution that combines effective protection against cyber threats with user-friendly features and affordable pricing, making it an ideal choice for small businesses looking for powerful website security.

Read Full Article

4 Likes

Damienbod

262

Image Credit: Damienbod

Using multiple external identity providers from ASP.NET Core Identity and Duende IdentityServer

This blog post discusses integrating multiple external identity providers in ASP.NET Core Identity applications using Duende IdentityServer.
The application acts as an identity provider for local and external users, handling claims mapping for each external authentication provider.
Using Duende allows for robust OAuth and OpenID Connect authentication flows not supported by some other providers.
Each external provider implements a separate scheme for the OpenID Connect flow, with options for shared or unique schemes.
The article showcases how to configure external providers like Auth0 and EntraID using OpenID Connect in ASP.NET Core Identity.
When using Microsoft.Identity.Web, a separate scheme is necessary for callback and logout handling.
Claims mapping from external providers back to UI applications can be managed using Duende's IProfileService.
For ASP.NET Core Identity-only solutions, claims transformation can be utilized for mapping claims.
References to Duende IdentityServer documentation, Microsoft ASP.NET Core Identity guides, and sample code repositories are provided.

Read Full Article

15 Likes

Cryptonews

214

Binance and Kraken Thwart Social-Engineering Attacks Mirroring Coinbase Breach

Binance and Kraken successfully blocked social-engineering attacks similar to the recent Coinbase breach.
Coinbase faced potential losses of up to US$400M due to exposure of sensitive customer data after a failed extortion attempt of US$20M.
The rise in scams and hacks in the crypto industry is attributed to the bullish market, prompting increased security measures and personnel spending.
Cyber threats on crypto platforms have intensified amid rising asset prices, with Binance employing AI-powered bots to detect and prevent bribery attempts from scammers.

Read Full Article

12 Likes

Siliconangle

310

Image Credit: Siliconangle

JFrog and Nvidia partner on secure software supply chain for Enterprise AI Factory

JFrog partners with Nvidia to power enterprise artificial intelligence with a focus on secure software supply chain.
JFrog's platform will serve as the central software artifact repository and secure model registry within Nvidia's Enterprise AI Factory.
The integration allows for secure visibility, governance, and management of software components including machine learning models and engines.
The joint solution aims to enable rapid and trusted provisioning of AI and machine applications with full support for Nvidia's architecture.

Read Full Article

18 Likes

For uninterrupted reading, download the app