A naukri.com initiative
Cyber Security News
Tech Radar
1M
424
Image Credit: Tech Radar
Coinbase admits data breach affected 69,000 customers - here's what you need to know
- Coinbase confirmed a data breach affecting 69,461 customers in a filing with the Maine Attorney General.
- The attack occurred in December 2024 and was discovered in mid-May 2025.
- Threat actors bribed individuals to steal sensitive customer data, leading to an attempted extortion of Coinbase.
- Coinbase offered a $20 million bounty for information on the attackers and pledged to reimburse customers affected by social engineering attacks.
Read Full Article
25 Likes
Secureerpinc
1M
346
Image Credit: Secureerpinc
Rogue Apps Fuel Surge in Identity Attacks
- Identity-based incidents have been on the rise in the last three years, with rogue apps being the primary culprits behind these attacks.
- Rogue apps often masquerade as trusted platforms or harmless tools but can end up exposing sensitive data to cybercriminals.
- To protect against rogue software threats, empower your team with safe installation practices, create secure login credentials, keep all software up-to-date, and invest in antivirus tools.
- Proactive measures, such as employee training, multi-factor authentication, monitoring app downloads, and implementing security protocols, can help businesses safeguard against the surge in fake app downloads and identity attacks.
Read Full Article
20 Likes
Socprime
1M
109
Image Credit: Socprime
Detect APT28 Attacks: russian GRU Unit 26156 Targets Western Logistics and Technology Companies Coordinating Aid to Ukraine in a Two-Year Hacking Campaign
- A joint Cybersecurity Advisory reveals a two-year cyberespionage campaign by russian GRU Unit 26165 targeting logistics and tech companies coordinating aid to Ukraine.
- The campaign by APT28 (Forest Blizzard, Fancy Bear) aims at intelligence gathering and includes spearphishing and malware deployment strategies.
- Known for targeting Ukraine, APT28 expanded cyber operations to Europe and North America, using persistent tactics to infiltrate critical infrastructure.
- The group deployed various TTPs such as credential guessing, spearphishing emails, and exploiting vulnerabilities like CVE-2023-23397.
- APT28 leverages malware like HEADLACE, MASEPIE, OCEANMAP, and STEELHOOK for data exfiltration and establishing persistence in targeted systems.
- To evade detection, adversaries use encrypted connections, abuse public infrastructure, and exploit vulnerabilities in SOHO devices.
- The attackers conduct reconnaissance, lateral movement, and data exfiltration post initial access, utilizing tools like Impacket, PsExec, and RDP.
- To enhance defense, organizations are advised to implement network segmentation, zero-trust principles, restrict lateral movement, and monitor logs for anomalies.
- Proactive cybersecurity measures, including AI-backed solutions and real-time threat intelligence, are crucial for defending against evolving APT28 attacks.
- The insights from the joint advisory aim to equip security teams with the necessary tools and strategies to combat sophisticated cyber threats effectively.
Read Full Article
6 Likes
Medium
1M
374
Image Credit: Medium
Why “1GB of Data” Means Nothing in a Privacy Risk Assessment
- In privacy risk assessments, the amount of data shared is less relevant than the number of records involved.
- Regulatory penalties are often calculated per record, emphasizing the importance of understanding the quantity of records being processed.
- File size alone does not indicate the level of risk, as different types of data carry varying risk profiles.
- Rather than focusing solely on data volume, it is crucial to ask specific questions to understand the potential impact and harm in privacy assessments.
Read Full Article
22 Likes
Tech Radar
1M
342
Image Credit: Tech Radar
Microsoft takes legal action against Lumma Stealer after 400,000 devices infected
- The US Department of Justice, along with the FBI and Microsoft, took action against Lumma Stealer, a significant information-stealing malware, by seizing multiple domains used in its operations.
- Microsoft independently took down 2,300 additional internet domains associated with Lumma Stealer's criminal activities.
- Lumma Stealer was involved in high-profile cyberattacks, such as the attack against Schneider Electric, resulting in millions of dollars in damages.
- The FBI reported that the malware caused losses exceeding $36 million in 2023 alone, with 1.7 million instances of use and around 10 million infections. The DoJ is offering a $10 million bounty for information on cyberattacks against US infrastructure.
Read Full Article
20 Likes
Securityaffairs
1M
346
Image Credit: Securityaffairs
New Signal update stops Windows from capturing user chats
- Signal update for Windows app blocks screenshots by default to protect user privacy from Microsoft's Recall feature.
- The new 'Screen security' setting in Signal Desktop prevents Windows from capturing screenshots of Signal chats.
- Microsoft's Recall feature captures screenshots of users' laptops every few seconds, raising privacy concerns.
- Signal's screen security can be disabled but may impact accessibility tools; the setting only applies locally on Windows 11.
Read Full Article
20 Likes
Tech Radar
1M
168
Image Credit: Tech Radar
Russian GRU cracks open logistic companies to spy on Ukranian military aid
- Fancy Bear, a Russian state-sponsored threat actor, has been spying on logistics organizations in Western and NATO countries to monitor foreign aid moving into Ukraine.
- Organizations targeted by Fancy Bear included logistics providers, technology companies, and government organizations involved in transporting aid to Ukraine via various transportation modes such as air, sea, and rail.
- APT28 (Fancy Bear) leveraged credential guessing, brute-force attacks, spearphishing campaigns, and software vulnerabilities like CVE-2023-23397 to infiltrate systems, manipulate email mailbox permissions, and remain hidden while monitoring sensitive communication.
- The cyber-physical attacks in the Russo-Ukrainian conflict highlight the importance of organizations having full visibility into their environments and a risk-based approach to securing cyber-physical systems to combat modern threats.
Read Full Article
9 Likes
Hackernoon
1M
374
Image Credit: Hackernoon
Stop Feeding the Algorithm: Creative Ways to Disconnect from Data-Hungry Platforms
- In today's world, online tracking has reached unprecedented levels, with platforms like Google, Instagram, and Amazon using collected data to personalize and manipulate user experiences.
- The extensive data collected from individuals' online interactions feeds into algorithms, behavior prediction engines, and recommendation systems, shaping the digital environments we engage with.
- While hyper-personalization offers convenience, it comes at the cost of losing control over one's digital identity, creating echo chambers and limiting choice.
- Users are experiencing fatigue from constant tracking, repetitive content, intrusive ads, and compulsive interaction driven by AI algorithms.
- To combat this digital overload, individuals are urged to understand the tracking mechanisms and make intentional choices to reduce exposure.
- Data tracking extends beyond online activities to include smartphone permissions, voice assistants, cloud platforms, image scans, and app usage habits.
- Users can push back against tracking by adjusting privacy settings on platforms, deleting old data, setting device boundaries, and limiting exposure to data-collecting apps.
- Practical steps like using password managers, enabling multi-factor authentication, reviewing app permissions, and switching to privacy-focused browsers help strengthen personal cybersecurity.
- Swapping passive screen time for offline creative activities, practicing foundational privacy practices, and being mindful of what content is shared online also contribute to regaining control over digital life.
- Reconnecting with analog experiences and making intentional choices about digital engagement can help individuals reclaim their privacy and foster more meaningful interactions.
- By implementing small yet impactful changes in online behavior and habits, individuals can take back control of their digital lives and protect their privacy in a data-driven world.
Read Full Article
22 Likes
Siliconangle
1M
123
Image Credit: Siliconangle
Picus Security launches Exposure Validation to help teams focus on exploitable vulnerabilities
- Picus Security has launched Picus Exposure Validation, a service that helps security teams verify exploitability of vulnerabilities based on their unique environments.
- The new service allows continuous testing of security controls against real-world attack techniques to identify truly exploitable vulnerabilities and prioritize them accurately.
- Picus Exposure Validation offers evidence-based, context-aware metrics to quantify actual risk by assessing how effectively current security controls mitigate real threats.
- This new capability aims to help security teams focus on vulnerabilities that truly matter, provide faster decision-making, save time, and improve mitigation efforts through automated validation.
Read Full Article
7 Likes
Tech Radar
1M
406
Image Credit: Tech Radar
Businesses are overwhelmingly concerned about the security threats of AI
- Businesses are overwhelmingly concerned about the security threats of artificial intelligence (AI), particularly Generative AI, as revealed by the 2025 Thales Data Threat Report.
- The report, based on a survey of over 3,100 IT and security professionals, highlighted that nearly 70% of organizations see the rapid advancement of AI as their biggest security risk.
- Despite these concerns, businesses are accelerating their adoption of AI, with a third of them actively integrating GenAI into operations, even without ensuring full security of their systems.
- Spending on GenAI has become a top priority for organizations, followed closely by cloud security, as the fast-evolving GenAI landscape pushes enterprises to deploy AI faster than they can fully understand its implications.
Read Full Article
24 Likes
Medium
1M
142
Image Credit: Medium
7 Cybersecurity Tips to Protect Your Data
- Cybersecurity involves protecting digital information like login details, files, and messages, as most data is now online.
- Basic habits and not complex tools are sufficient to stay safe from hackers who often exploit small mistakes made by individuals.
- Using different, long, and complex passwords with symbols and numbers for each account is recommended to enhance security.
- Regularly updating software, enabling automatic updates, and being cautious with emails to avoid phishing attacks are crucial steps in maintaining cybersecurity.
Read Full Article
8 Likes
Siliconangle
1M
374
Image Credit: Siliconangle
Druva expands Azure support with cloud-native protection for SQL and Blob Storage
- Data security provider Druva Inc. has expanded support for Microsoft Azure, offering cloud-native data protection for Azure SQL and Azure Blob Storage.
- The enhanced support includes protection for Azure SQL workloads, eliminating the need for managing additional infrastructure through agentless deployment and integration.
- Druva's Data Protection for Azure SQL provides air-gapped backups for resilience against cyberattacks and offers cross-region and cross-cloud replication without incurring egress fees or downtime.
- The addition of Azure Blob Storage protection enables secure backups of unstructured data with granular blob-level recovery and global deduplication to reduce storage costs and accelerate recovery time objectives.
Read Full Article
22 Likes
Cloudmatters
1M
214
Image Credit: Cloudmatters
“When the Storm Hits – Why A Cloud Rewind is Your Digital Lifeboat”
- As cyber threats become more sophisticated, the need for quick recovery of IT systems is crucial in today's digital landscape.
- Major outages and cyber-attacks have highlighted the importance of ensuring system availability and data recovery.
- Organizations are facing increasing challenges in restoring data and cloud applications due to the complexity of modern technology.
- The reliance on the cloud for business operations necessitates a shift towards proactive recovery strategies rather than reactive backups.
- Cloud Rewind by Commvault offers a solution for faster recovery from attacks or outages by automating the process.
- The Cloud Rewind feature allows for quick recovery of cloud-native applications, metadata, data, and state, significantly reducing downtime.
- Traditional methods of restoring data alone are no longer sufficient for ensuring operational continuity in the event of a cyber-attack.
- Public cloud environments present unique challenges for organizations in terms of data security and recovery.
- Commvault's Cloud Rewind offers a disruptive approach to cloud recovery by providing quick and automated recovery solutions.
- Organizations are encouraged to take advantage of the free 30-day trial of Cloud Rewind to understand and mitigate potential risks to their public cloud services.
- Having a robust recovery strategy that includes automated rebuild capabilities is crucial for ensuring business continuity in the face of cyber threats.
Read Full Article
12 Likes
TechJuice
1M
4
Image Credit: TechJuice
Microsoft Hits Back After Lumma Stealer Affects Thousands of PCs
- The FBI, Europol, and Microsoft collaborated to shut down the Lumma Stealer malware network that infected around 10 million devices globally.
- Lumma Stealer operated on a malware-as-a-service model, allowing cybercriminals to buy access through subscription plans, making it easier for less-skilled attackers to deploy powerful malware.
- Authorities seized 2,300 malicious domains critical to Lumma Stealer's command-and-control infrastructure, cutting off communication between infected systems and its operators.
- The takedown of Lumma Stealer is a significant win against cybercrime networks, disrupting their tool for stealing sensitive information and showcasing the power of global collaboration in cybersecurity.
Read Full Article
Like
Gritdaily
1M
51
Image Credit: Gritdaily
Cybersecurity Entrepreneur Ryan Sheskey Keeps Small Businesses Protected
- Ryan Sheskey launched Forcetron Technologies to reduce small companies' risk exposure in cybersecurity.
- Sheskey, a tech veteran, started his cybersecurity career in 2008 at American Electric Power, gaining extensive experience in the field.
- During the pandemic in 2020, Sheskey noticed the lack of cybersecurity expertise in small businesses and founded Forcetron Technologies to address this gap.
- Forcetron Technologies provides foundational technology solutions and cybersecurity to small businesses in Southern Ohio, aiming to help them grow securely.
Read Full Article
3 Likes
For uninterrupted reading, download the app