A naukri.com initiative
Cyber Security News
Medium
1M
374
Image Credit: Medium
Why “1GB of Data” Means Nothing in a Privacy Risk Assessment
- In privacy risk assessments, the amount of data shared is less relevant than the number of records involved.
- Regulatory penalties are often calculated per record, emphasizing the importance of understanding the quantity of records being processed.
- File size alone does not indicate the level of risk, as different types of data carry varying risk profiles.
- Rather than focusing solely on data volume, it is crucial to ask specific questions to understand the potential impact and harm in privacy assessments.
Read Full Article
22 Likes
Tech Radar
1M
342
Image Credit: Tech Radar
Microsoft takes legal action against Lumma Stealer after 400,000 devices infected
- The US Department of Justice, along with the FBI and Microsoft, took action against Lumma Stealer, a significant information-stealing malware, by seizing multiple domains used in its operations.
- Microsoft independently took down 2,300 additional internet domains associated with Lumma Stealer's criminal activities.
- Lumma Stealer was involved in high-profile cyberattacks, such as the attack against Schneider Electric, resulting in millions of dollars in damages.
- The FBI reported that the malware caused losses exceeding $36 million in 2023 alone, with 1.7 million instances of use and around 10 million infections. The DoJ is offering a $10 million bounty for information on cyberattacks against US infrastructure.
Read Full Article
20 Likes
Securityaffairs
1M
346
Image Credit: Securityaffairs
New Signal update stops Windows from capturing user chats
- Signal update for Windows app blocks screenshots by default to protect user privacy from Microsoft's Recall feature.
- The new 'Screen security' setting in Signal Desktop prevents Windows from capturing screenshots of Signal chats.
- Microsoft's Recall feature captures screenshots of users' laptops every few seconds, raising privacy concerns.
- Signal's screen security can be disabled but may impact accessibility tools; the setting only applies locally on Windows 11.
Read Full Article
20 Likes
Tech Radar
1M
168
Image Credit: Tech Radar
Russian GRU cracks open logistic companies to spy on Ukranian military aid
- Fancy Bear, a Russian state-sponsored threat actor, has been spying on logistics organizations in Western and NATO countries to monitor foreign aid moving into Ukraine.
- Organizations targeted by Fancy Bear included logistics providers, technology companies, and government organizations involved in transporting aid to Ukraine via various transportation modes such as air, sea, and rail.
- APT28 (Fancy Bear) leveraged credential guessing, brute-force attacks, spearphishing campaigns, and software vulnerabilities like CVE-2023-23397 to infiltrate systems, manipulate email mailbox permissions, and remain hidden while monitoring sensitive communication.
- The cyber-physical attacks in the Russo-Ukrainian conflict highlight the importance of organizations having full visibility into their environments and a risk-based approach to securing cyber-physical systems to combat modern threats.
Read Full Article
9 Likes
Hackernoon
1M
374
Image Credit: Hackernoon
Stop Feeding the Algorithm: Creative Ways to Disconnect from Data-Hungry Platforms
- In today's world, online tracking has reached unprecedented levels, with platforms like Google, Instagram, and Amazon using collected data to personalize and manipulate user experiences.
- The extensive data collected from individuals' online interactions feeds into algorithms, behavior prediction engines, and recommendation systems, shaping the digital environments we engage with.
- While hyper-personalization offers convenience, it comes at the cost of losing control over one's digital identity, creating echo chambers and limiting choice.
- Users are experiencing fatigue from constant tracking, repetitive content, intrusive ads, and compulsive interaction driven by AI algorithms.
- To combat this digital overload, individuals are urged to understand the tracking mechanisms and make intentional choices to reduce exposure.
- Data tracking extends beyond online activities to include smartphone permissions, voice assistants, cloud platforms, image scans, and app usage habits.
- Users can push back against tracking by adjusting privacy settings on platforms, deleting old data, setting device boundaries, and limiting exposure to data-collecting apps.
- Practical steps like using password managers, enabling multi-factor authentication, reviewing app permissions, and switching to privacy-focused browsers help strengthen personal cybersecurity.
- Swapping passive screen time for offline creative activities, practicing foundational privacy practices, and being mindful of what content is shared online also contribute to regaining control over digital life.
- Reconnecting with analog experiences and making intentional choices about digital engagement can help individuals reclaim their privacy and foster more meaningful interactions.
- By implementing small yet impactful changes in online behavior and habits, individuals can take back control of their digital lives and protect their privacy in a data-driven world.
Read Full Article
22 Likes
Siliconangle
1M
123
Image Credit: Siliconangle
Picus Security launches Exposure Validation to help teams focus on exploitable vulnerabilities
- Picus Security has launched Picus Exposure Validation, a service that helps security teams verify exploitability of vulnerabilities based on their unique environments.
- The new service allows continuous testing of security controls against real-world attack techniques to identify truly exploitable vulnerabilities and prioritize them accurately.
- Picus Exposure Validation offers evidence-based, context-aware metrics to quantify actual risk by assessing how effectively current security controls mitigate real threats.
- This new capability aims to help security teams focus on vulnerabilities that truly matter, provide faster decision-making, save time, and improve mitigation efforts through automated validation.
Read Full Article
7 Likes
Tech Radar
1M
406
Image Credit: Tech Radar
Businesses are overwhelmingly concerned about the security threats of AI
- Businesses are overwhelmingly concerned about the security threats of artificial intelligence (AI), particularly Generative AI, as revealed by the 2025 Thales Data Threat Report.
- The report, based on a survey of over 3,100 IT and security professionals, highlighted that nearly 70% of organizations see the rapid advancement of AI as their biggest security risk.
- Despite these concerns, businesses are accelerating their adoption of AI, with a third of them actively integrating GenAI into operations, even without ensuring full security of their systems.
- Spending on GenAI has become a top priority for organizations, followed closely by cloud security, as the fast-evolving GenAI landscape pushes enterprises to deploy AI faster than they can fully understand its implications.
Read Full Article
24 Likes
Medium
1M
142
Image Credit: Medium
7 Cybersecurity Tips to Protect Your Data
- Cybersecurity involves protecting digital information like login details, files, and messages, as most data is now online.
- Basic habits and not complex tools are sufficient to stay safe from hackers who often exploit small mistakes made by individuals.
- Using different, long, and complex passwords with symbols and numbers for each account is recommended to enhance security.
- Regularly updating software, enabling automatic updates, and being cautious with emails to avoid phishing attacks are crucial steps in maintaining cybersecurity.
Read Full Article
8 Likes
Siliconangle
1M
374
Image Credit: Siliconangle
Druva expands Azure support with cloud-native protection for SQL and Blob Storage
- Data security provider Druva Inc. has expanded support for Microsoft Azure, offering cloud-native data protection for Azure SQL and Azure Blob Storage.
- The enhanced support includes protection for Azure SQL workloads, eliminating the need for managing additional infrastructure through agentless deployment and integration.
- Druva's Data Protection for Azure SQL provides air-gapped backups for resilience against cyberattacks and offers cross-region and cross-cloud replication without incurring egress fees or downtime.
- The addition of Azure Blob Storage protection enables secure backups of unstructured data with granular blob-level recovery and global deduplication to reduce storage costs and accelerate recovery time objectives.
Read Full Article
22 Likes
Cloudmatters
1M
214
Image Credit: Cloudmatters
“When the Storm Hits – Why A Cloud Rewind is Your Digital Lifeboat”
- As cyber threats become more sophisticated, the need for quick recovery of IT systems is crucial in today's digital landscape.
- Major outages and cyber-attacks have highlighted the importance of ensuring system availability and data recovery.
- Organizations are facing increasing challenges in restoring data and cloud applications due to the complexity of modern technology.
- The reliance on the cloud for business operations necessitates a shift towards proactive recovery strategies rather than reactive backups.
- Cloud Rewind by Commvault offers a solution for faster recovery from attacks or outages by automating the process.
- The Cloud Rewind feature allows for quick recovery of cloud-native applications, metadata, data, and state, significantly reducing downtime.
- Traditional methods of restoring data alone are no longer sufficient for ensuring operational continuity in the event of a cyber-attack.
- Public cloud environments present unique challenges for organizations in terms of data security and recovery.
- Commvault's Cloud Rewind offers a disruptive approach to cloud recovery by providing quick and automated recovery solutions.
- Organizations are encouraged to take advantage of the free 30-day trial of Cloud Rewind to understand and mitigate potential risks to their public cloud services.
- Having a robust recovery strategy that includes automated rebuild capabilities is crucial for ensuring business continuity in the face of cyber threats.
Read Full Article
12 Likes
TechJuice
1M
4
Image Credit: TechJuice
Microsoft Hits Back After Lumma Stealer Affects Thousands of PCs
- The FBI, Europol, and Microsoft collaborated to shut down the Lumma Stealer malware network that infected around 10 million devices globally.
- Lumma Stealer operated on a malware-as-a-service model, allowing cybercriminals to buy access through subscription plans, making it easier for less-skilled attackers to deploy powerful malware.
- Authorities seized 2,300 malicious domains critical to Lumma Stealer's command-and-control infrastructure, cutting off communication between infected systems and its operators.
- The takedown of Lumma Stealer is a significant win against cybercrime networks, disrupting their tool for stealing sensitive information and showcasing the power of global collaboration in cybersecurity.
Read Full Article
Like
Gritdaily
1M
51
Image Credit: Gritdaily
Cybersecurity Entrepreneur Ryan Sheskey Keeps Small Businesses Protected
- Ryan Sheskey launched Forcetron Technologies to reduce small companies' risk exposure in cybersecurity.
- Sheskey, a tech veteran, started his cybersecurity career in 2008 at American Electric Power, gaining extensive experience in the field.
- During the pandemic in 2020, Sheskey noticed the lack of cybersecurity expertise in small businesses and founded Forcetron Technologies to address this gap.
- Forcetron Technologies provides foundational technology solutions and cybersecurity to small businesses in Southern Ohio, aiming to help them grow securely.
Read Full Article
3 Likes
TechJuice
1M
232
GitLab Duo AI Vulnerability Exposes Developers to Code Theft
- GitLab’s AI-powered coding assistant, Duo, faced a significant security issue due to prompt injection vulnerability.
- Attackers could manipulate Duo by embedding hidden prompts in code comments, commit messages, or merge-request descriptions.
- Exploiting this vulnerability could lead to harmful code changes, redirection to malicious websites, or leakage of sensitive data.
- GitLab has patched the flaws, emphasizing the importance of maintaining security in AI-integrated development workflows.
Read Full Article
14 Likes
Dev
1M
31
Image Credit: Dev
How to Tell if Your Mac Is Being Remotely Accessed (And What To Do About It)
- Signs of potential remote access to your Mac include cursor movement, apps opening or closing on their own, system running hot, unknown login sessions, and enabled remote sharing features.
- To check for remote access, review and disable unused sharing settings, monitor Activity Monitor for suspicious processes, check for active sessions using Terminal, and take necessary actions like enabling firewall and revoking accessibility access.
- To prevent remote access, turn off sharing features, enable the firewall, monitor login users, and uninstall any suspicious remote tools installed on your Mac.
- Additional steps to secure your Mac include monitoring for monitoring software, checking logs, using antivirus software, installing updates, encrypting data with FileVault, using strong passwords, and avoiding public Wi-Fi.
Read Full Article
1 Like
Medium
1M
383
Image Credit: Medium
Rise of AI in Security Operations Centers (SOC)
- A Security Operations Center (SOC) plays a crucial role in organizations by actively monitoring, detecting, investigating, and responding to security threats.
- Artificial Intelligence is transforming SOC operations by enhancing threat detection through real-time analysis of extensive datasets, leading to proactive responses against cyber threats.
- AI-driven automation in SOCs improves incident response by streamlining workflows, automating tasks, and allowing human analysts to focus on complex cybersecurity issues for quicker response times.
- AI-powered SOC solutions offer scalability, efficiency, and reduced false positives in threat detection, but face challenges such as bias, data quality, regulatory compliance, and adversarial attacks.
Read Full Article
23 Likes
For uninterrupted reading, download the app