A naukri.com initiative
Cyber Security News
Medium
1M
67
Image Credit: Medium
How AI is Changing Phishing Attacks: Smarter, Faster, and More Effective
- AI is revolutionizing phishing attacks by making them smarter, faster, and more effective.
- Phishing campaigns are now highly personalized and harder to detect due to AI.
- AI-driven phishing attacks have higher success rates in data breaches.
- Traditional defenses struggle to keep up, necessitating advanced cybersecurity measures.
Read Full Article
4 Likes
Medium
1M
449
Image Credit: Medium
Learn about future artificial intelligence molding with itself and shape your future accordingly.
- Artificial intelligence involves the development of machines that simulate human behavior and cognition.
- Examples of AI in everyday life include virtual assistants like Siri and Alexa, and self-driving cars.
- Benefits of AI include increased productivity and cost savings, but there are concerns about job loss and privacy.
- AI has the potential to significantly shape the future and impact various industries.
Read Full Article
26 Likes
VentureBeat
1M
330
Anthropic bets on personalization in the AI arms race with new ‘styles’ feature
- Anthropic, an AI company, introduces a 'styles' feature for its Claude AI assistant.
- The feature allows users to customize how Claude responds to queries, offering formal, concise, or explanatory modes.
- Anthropic aims to differentiate itself in the crowded AI market dominated by OpenAI and Google.
- Early enterprise adoption of the feature has shown promising results.
Read Full Article
19 Likes
Tech Radar
1M
113
Image Credit: Tech Radar
VPN demand soars in Pakistan as internet remains restricted
- VPN demand in Pakistan has soared as internet access becomes increasingly restricted.
- VPN usage has seen a 330% increase above the baseline, with Proton VPN reporting a spike of 730% in sign-ups.
- Access to platforms like WhatsApp, Bluesky, Facebook, and Instagram is restricted without a VPN.
- The Pakistan Telecommunication Authority (PTA) has set a deadline of November 30 for businesses and freelance workers to register their VPN services, raising uncertainty about the future accessibility of VPNs in the country.
Read Full Article
6 Likes
Tech Radar
1M
0
Image Credit: Tech Radar
Salt Typhoon targets telcos again with backdoor GhostSpider malware
- Chinese state-sponsored threat actor Salt Typhoon has been targeting telecommunication service providers with a new backdoor malware called GhostSpider.
- GhostSpider is a stealthy backdoor that remains in memory and encrypts its communication with the C2 server.
- Salt Typhoon also uses other variants such as Masol RAT, Demodex, and SnappyBee for data exfiltration and surveillance.
- Major telecommunications providers like T-Mobile, AT&T, Verizon, and Lumen Technologies have been among Salt Typhoon's victims.
Read Full Article
Like
Tech Republic
1M
240
Quick Glossary: DevSecOps
- DevSecOps is transforming the software development industry by incorporating security from the early stages and automating traditional processes.
- Advanced rate limiting is a technique used to limit the number of requests a user can make to a server, considering factors such as account ID, API key, or content of the request.
- Advanced rate limiting protects against denial-of-service attacks, brute-force attacks, traffic surges, and other threats targeting applications and APIs.
- Boost your DevSecOps knowledge with the 19-page PDF glossary available for download at $9 or complimentary access with a Premium annual subscription.
Read Full Article
14 Likes
Tech Republic
1M
348
What Is the Dark Web?
- The Dark Web is often associated with illicit activities such as drug and weapon sales.
- However, it also has legitimate uses, such as providing a secure platform for anonymous journalism.
- Cybersecurity professionals can gather valuable information from the Dark Web to enhance their company's security.
- By staying updated on Dark Web activities, companies can protect their data from cyber threats.
Read Full Article
20 Likes
Cybersecurity-Insiders
1M
167
Image Credit: Cybersecurity-Insiders
Fancy Bear Threat Actor launches Nearest Neighbor Cyber Attacks
- Fancy Bear, a threat actor associated with Russian intelligence agencies, is using proximity-based attacks, dubbed Nearest Neighbor attacks, to compromise organisations's networks located near a primary target in order to gain unauthorised access to another entity.
- These attacks were first launched in February 2022 in Ukraine followed by public and private entities in the US. APT actors monitoring group Volexity has kept Russian-linked groups under surveillance, as it views them as one of the most active and dangerous groups operating today.
- The success of these attacks largely depends on the security measures in place at the target organizations, with credential-stuffing attacks having a higher chance of success when the victim organizations do not employ Multi-Factor Authentication (MFA).
- Fancy Bear has historically used a variety of tools and techniques to infiltrate networks and steal sensitive data. Its targets have ranged across multiple countries and sectors such as the Democratic National Committee, TV5Monde media outlet and the White House.
- The new wave of Nearest Neighbor attacks represents a dangerous escalation in cyber warfare tactics, adding a new layer of complexity surrounding cybersecurity defenses to keep pace with evolving threats.
- Fancy Bear’s latest tactics demonstrate a shift in how cyber threats are carried out by focusing not just on the target organisation itself, but also exploiting nearby networks to facilitate a chain of attacks.
- As a result, it’s imperative for organizations, both large and small, to adopt comprehensive security strategies that include measures such as Multi-Factor Authentication and network segmentation to minimize the risk of falling victim to these increasingly sophisticated attacks.
Read Full Article
10 Likes
Hitconsultant
1M
49
Image Credit: Hitconsultant
5 Cybersecurity Strategies for Remote Patient Monitoring Systems
- Remote patient monitoring can offer personalized treatments but also comes with growing cybersecurity risks, with the 2023 COVID-19 pandemic leading to the most data breaches and the most leaked information recorded therein.
- To make remote patient monitoring more secure, improved cybersecurity protocols should be adopted starting from choosing more reliable patient monitoring systems with strong security features that conform to standardized cybersecurity requirements, such as the proposed FCC labeling program.
- Feature restriction, encompassing deactivation of automatic connectivity features and restriction of access permissions in compliance with regional privacy regulations, should also be adhered for enhanced security.
- Utilizing artificial intelligence (AI) for threat detection can assist in the analysis of IoT device traffic, allowing for faster identification of any unauthorized access or unusual activity.
- Users of remote patient monitoring must be educated on how to use the monitoring devices correctly and encouraged to use the security features that come with them, such as a strong password, while also being trained to spot phishing emails to avoid cybersecurity incidents.
- Lastly, cloud platform security is also essential in remote patient monitoring as companies must encrypt all electronic health records and implement real-time monitoring tools.
- Reliable security is necessary for remote patient monitoring to ensure patient privacy and adherence to regional privacy regulations, and companies in the healthcare industry must be mindful of cybersecurity risks.
Read Full Article
2 Likes
Tech Radar
1M
18
Image Credit: Tech Radar
Ransomware attack on Blue Yonder hits Starbucks, grocery stores across the world
- Supply chain management giant Blue Yonder confirms ransomware attack, affecting its services.
- Starbucks and grocery store chains Morrisons and Sainsbury among the affected clients.
- Blue Yonder working on restoring services, no claim of responsibility or details of ransom demands.
- No information on data loss or impact on company and customer data.
Read Full Article
1 Like
Tech Radar
1M
163
Image Credit: Tech Radar
US government agencies told to patch these critical security flaws or face attack
- The US Cybersecurity and Infrastructure Security Agency (CISA) has added a new critical vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
- Federal agencies have until December 16 to patch the vulnerability or stop using the affected software.
- The vulnerability, tracked under CVE-2023-28461, allows attackers to execute arbitrary code on remote devices.
- A Chinese group known as Earth Kasha, linked to the APT10 advanced persistent threat, is said to be exploiting the vulnerability.
Read Full Article
9 Likes
Siliconangle
1M
140
Image Credit: Siliconangle
Knostic research unveils timing-based vulnerabilities in AI large language models
- New research from Knostic Inc. reveals timing-based vulnerabilities in AI large language models (LLMs).
- The vulnerabilities, called #noRAGrets, bypass model guardrails through a race condition-like attack.
- Exploitation methods use timing techniques to manipulate LLM application activity and extract sensitive information.
- The research highlights the importance of designing and testing LLM applications with a comprehensive approach.
Read Full Article
8 Likes
Hackernoon
1M
0
Image Credit: Hackernoon
Speakers at Devcon 7 Continue to Ignore Old ERC-20 Issues
- The Devcon 7 conference in Thailand concluded with positive developments and optimistic predictions about cryptocurrency adoption.
- However, the conference failed to address the issues surrounding ERC-20 vulnerabilities and mishandling of token transfers.
- Speakers avoided discussing the topic, including the session on smart contracts and ERC-20 audits.
- The industry's lack of focus on fixing fundamental issues may hinder the mainstream adoption of cryptocurrencies.
Read Full Article
Like
Cybersecurity-Insiders
1M
267
Image Credit: Cybersecurity-Insiders
How to Safeguard Mobile Banking Apps from Cyber Risk
- The convenience of mobile banking has transformed financial services, making banking apps more accessible and user-friendly.
- Mobile banking faces risks from unauthorized access to sensitive data, account takeover, and identity theft.
- Common risks include sideloaded apps, banking malware, device spoofing, and SIM swapping.
- To safeguard mobile banking apps, organizations should embrace real-time threat visibility, utilize binary scanning, embed device attestation capabilities, make encryption hardware-agnostic, adopt OTA security updates, and prioritize ongoing education.
Read Full Article
16 Likes
Tech Radar
1M
158
Image Credit: Tech Radar
QNAP fixes host of security updates following major issues
- QNAP has released fixes for 17 security vulnerabilities, including critical flaws.
- The vulnerabilities affect products such as Notes Station 3, QuRouter, and others.
- Some of the bugs allow threat actors to run arbitrary commands, expose sensitive data, and gain unauthorized access.
- Users are advised to apply the patches promptly to protect their systems.
Read Full Article
9 Likes
For uninterrupted reading, download the app