A naukri.com initiative
Cyber Security News
Medium
1M
428
Image Credit: Medium
Better Business Bureau (BBB) Data Breach: Potential Claims in California
- A data breach at Better Business Bureau Serving the Pacific Southwest, Central & Inland California was discovered around May 31, 2024, affecting an undisclosed number of consumers.
- Sensitive information compromised in the breach includes full names, Social Security numbers, financial account details, and more.
- The breach could impact a significant number of California consumers due to BBB's extensive reach in the state.
- Potter Handy, a California law firm, is investigating and representing affected clients in potential lawsuits.
- California laws provide avenues for data breach litigation against organizations failing to protect consumer information adequately.
- BBB began notifying affected individuals a year after the breach was discovered, raising concerns about disclosure timelines.
- Data breach attorneys in California focus on holding organizations accountable and protecting consumer rights.
- The breach serves as a reminder of the cybersecurity challenges even consumer protection organizations face.
- Legal proceedings may focus on cybersecurity failures, notification timelines, and accountability in handling personal data.
- This incident emphasizes the need for robust cybersecurity measures and accountability in all organizations dealing with consumer data.
Read Full Article
25 Likes
Arstechnica
1M
350
Image Credit: Arstechnica
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying
- The US Department of Justice has announced criminal charges against 16 individuals linked to a malware operation known as DanaBot, infecting at least 300,000 machines globally.
- The group, described as 'Russia-based,' includes suspects living in Novosibirsk, Russia, with other suspects named in the indictment or only by their pseudonyms.
- The indictment alleges DanaBot's involvement in criminal hacking for profit, as well as espionage against military, government, and NGO targets.
- The Defense Criminal Investigative Service carried out seizures of DanaBot infrastructure worldwide, including in the US, alongside the criminal charges.
Read Full Article
21 Likes
Dev
1M
91
Image Credit: Dev
How to fix CORS errors in Node.js
- Cross-Origin Resource Sharing (CORS) errors are common in web development due to strict browser security policies.
- Key CORS errors include missing Access-Control-Allow-Origin header, preflight request failure, and multiple origin values in header.
- Solutions involve using the cors package in Express, explicitly handling OPTIONS method, and ensuring CORS headers are set only once.
- Understanding CORS enforcement by browsers and configuring the server correctly is crucial for seamless integrations between frontend and backend services.
Read Full Article
5 Likes
TechCrunch
1M
173
Image Credit: TechCrunch
Apple CEO reportedly urged Texas’ governor to ditch online child safety bill
- Apple CEO Tim Cook reportedly urged Texas Gov. Greg Abbott to make changes to or veto a bill requiring Apple to verify the ages of device owners.
- Apple, along with Google, has been opposing the Texas bill, stating that it could threaten user privacy by collecting sensitive personal information.
- The bill in Texas would link a minor's App Store account to their parents' to allow parental approval or denial of app downloads, aiming to give parents more control over children's device usage.
- Several states, including Texas, are considering similar legislation, with Apple having successfully prevented a similar bill in Louisiana last year.
Read Full Article
10 Likes
Arstechnica
1M
87
Image Credit: Arstechnica
Researchers cause GitLab AI developer assistant to turn safe code malicious
- AI-assisted developer tools like GitLab's Duo chatbot can be tricked by malicious actors into performing hostile actions against users.
- Researchers demonstrated an attack that induced Duo to insert malicious code and leak private code and confidential data.
- The attack can be triggered by instructing the chatbot to interact with merge requests or content from outside sources.
- The vulnerability lies in prompt injections, which allow malicious actors to control AI assistants and exploit their eagerness to follow instructions.
Read Full Article
5 Likes
Tech Radar
1M
141
Image Credit: Tech Radar
Your favorite restaurant is probably really bad at passwords
- A recent study by NordPass revealed that hospitality businesses are among the worst at maintaining good password health, with weak and predictable passwords being commonly used.
- Commonly used weak passwords in the hospitality industry include simple numeric sequences, general terms, brand-related terms, easy-to-guess patterns, and developer or role-related terms.
- NordPass advises businesses in the hospitality industry to avoid predictable passwords, implement multi-factor authentication, store credentials in password managers, and provide security training to create a security-aware culture.
- NordPass offers business-focused plans such as Teams, Business, and Enterprise, which include features like SSO, secure sharing, and compliance features.
Read Full Article
8 Likes
Medium
1M
141
Image Credit: Medium
Fast and Easy Money Is Usually a Sign the Job Offer Is a Scam
- Revealing personal experience of being scammed multiple times and warning others about the possibility of it happening to them.
- Highlighting the common tactic of receiving unsolicited job offers with lucrative pay as a potential sign of a scam.
- Sharing a personal experience of receiving a job offer from 'SkyGame Play' despite not having any previous interaction with them, leading to suspicion.
- Emphasizing the importance of being cautious when companies offer money for a job that was not applied for, pointing out this as a major red flag.
Read Full Article
8 Likes
Hackernoon
1M
118
Image Credit: Hackernoon
Here's The Code You Need to Build a Secure Password Manager in Python
- Password management is crucial for online security, and creating a password manager is a beneficial cybersecurity project.
- When developing a password manager, prioritize security and usability by storing data securely, using encryption, and blocking unauthorized access.
- For this project, Python, SQLite, and the cryptography library are recommended as the tech stack.
- Encryption, specifically Fernet symmetric encryption using PBKDF2HMAC, is crucial for securing passwords.
- The process involves creating a key from a master password and storing it securely with a randomly generated salt.
- Data, including website names, usernames, and encrypted passwords, should be stored in a SQLite database.
- Functions to encrypt, decrypt, save, and retrieve passwords are implemented in the program for secure password management.
- Best practices include not hardcoding passwords, always encrypting sensitive information, and adding security measures like locking after inactivity.
- Building a password manager offers a practical way to learn about encryption, secure storage, and security practices for both personal use and educational purposes.
- By following the outlined steps and best practices, you can create a secure and functional password manager in Python.
Read Full Article
7 Likes
Unite
1M
294
Image Credit: Unite
Securing Access at Machine Speed: Why SASE Is the Architecture for the AI Age
- AI-powered adversaries have redefined speed in cyber threats, posing challenges for traditional secure access models.
- Secure Access Service Edge (SASE) is crucial in defending enterprises against AI-accelerated exploitation and providing dynamic access control.
- SASE unifies multiple security components into a cloud-delivered fabric, enabling real-time evaluation of access requests and enforcing Zero Trust.
- SASE eliminates the limitations of legacy VPNs, providing adaptive controls and real-time response to AI threats in the evolving cybersecurity landscape.
Read Full Article
17 Likes
Unite
1M
4
Image Credit: Unite
Hospitals Are the Target in a New Kind of Cyberwar
- Cyberattacks on hospitals are evolving from ransomware for profit to politically motivated attacks, aiming to disrupt operations and steal data.
- Attributing cyberattacks in the health sector becomes complex as state-backed campaigns hide behind sophisticated proxies.
- Ambiguity in attacks allows attackers to inflict harm while avoiding direct political consequences, complicating defense responses.
- Information sharing through organizations like Health-ISAC is crucial for a coordinated response and improved threat intelligence.
- Building resilience in healthcare requires preparation, segmented networks, strong backup systems, and treating cybersecurity as a patient safety issue.
- Collaboration, trust, and proactive defenses are pivotal in protecting critical health systems from cyber threats.
- Resilience should be a foundational priority in the health sector to ensure safe and effective patient care during cyber incidents.
- Cybersecurity in healthcare demands a shift in mindset to view it as core to patient safety and institutional trust, requiring resources and engagement at all levels.
- Shared intelligence, coordinated responses, and a focus on resilience are key to defending hospitals in the escalating cyberwar landscape.
- It is imperative for the health sector to unite against cyber threats to protect critical systems and ensure patient safety.
Read Full Article
Like
Tech Radar
1M
95
Image Credit: Tech Radar
Is it over 9,000? Report claims hackers are increasingly disguising malware as anime
- Hackers are increasingly disguising malware as anime shows to target Gen Z'ers, with over 250,000 anime-themed phishing emails detected by cybersecurity researchers Kaspersky.
- The rising popularity of anime among Gen Z'ers, with 65% regularly watching it, has made them more susceptible to anime-themed phishing attacks.
- Threat actors have targeted popular anime shows like Naruto, Demon Slayer, Attack on Titan, One Piece, and Jujutsu Kaisen to lure victims with promises of 'exclusive episodes' or 'leaked scenes' for malware distribution.
- Kaspersky advises viewers to watch shows through reputable streaming services like Netflix, Hulu, or Disney+ to avoid falling prey to malicious attacks disguised as enticing content.
Read Full Article
5 Likes
TechBullion
1M
369
Image Credit: TechBullion
Top Performing Crypto Right Now: BlockDAG Hits $264M, Toncoin Rises, Celestia Grows, ONDO Expands Fast
- BlockDAG raised over $264 million during its presale, showing a massive increase of 2,520% from its initial batch. It has a frozen price of $0.0020 until June 13, attracting significant investor interest.
- Toncoin trades at $3.11 with positive returns for 16 days in the past month, making it a reliable choice for investors. It stays 50% above its 200-day moving average, indicating long-term strength.
- Celestia, priced at $2.70, enables modular blockchain setups with data availability sampling. Despite a daily drop, it gained 9.44% over the month, showcasing steady progress in the market.
- ONDO, connecting DeFi to traditional finance, stands at $0.9992 and has seen a 7.70% increase over the month. With real asset exposure and healthy liquidity, ONDO positions itself as a notable crypto project.
Read Full Article
22 Likes
TechDigest
1M
442
Image Credit: TechDigest
UK exposes Russian cyber campaign targeting Ukraine aid
- UK exposes Russian cyber campaign targeting organizations delivering foreign aid to Ukraine.
- Investigation led by UK's National Cyber Security Centre identifies Russian military unit GRU Unit 26165 as behind the attacks.
- Campaign involved accessing cameras near Ukrainian borders to monitor aid shipments, posing serious risks to targeted organizations.
- Russian hacking team Fancy Bear employed sophisticated techniques like spearphishing and exploiting vulnerabilities in Microsoft Outlook.
Read Full Article
26 Likes
Tech Radar
1M
31
Image Credit: Tech Radar
US local governments targeted by Chinese hackers
- Local government organizations in the United States targeted by Chinese hackers through a zero-day vulnerability in Trimble Cityworks, as reported by Cisco Talos.
- Hackers exploited CVE-2025-0994, a high-severity deserialization bug to gain access and deploy malware loaders like Cobalt Strike beacons and VSHell malware.
- Cisco discovered intrusions by a threat actor named UAT-6382 in U.S. local government networks, primarily focusing on utilities management systems.
- Trimble has since patched the vulnerability, but the US Cybersecurity and Infrastructure Agency recommends prompt application of patches to prevent future attacks.
Read Full Article
1 Like
Tech Radar
1M
278
Image Credit: Tech Radar
Hacker claims to have grabbed 1.2 billion Facebook user records - here's what we know
- A hacker claims to have scraped 1.2 billion user records from Facebook, including names, locations, and phone numbers, according to cybersecurity researchers.
- The data contains user IDs, names, email addresses, usernames, phone numbers, locations, birthday data, and gender information.
- Meta acknowledged the incident but stated that the data is old, indicating that steps were taken years ago to prevent similar incidents.
- The researchers suggest this could be one of the biggest data scrapes from Facebook, highlighting issues in customer security and privacy measures of the company.
Read Full Article
16 Likes
For uninterrupted reading, download the app