menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

1M

read

263

img
dot

Image Credit: Tech Radar

Top online gift platform leaks user details, including thousands of US military members

  • Over 300,000 emails from EnamelPin, owner of gs-jj.com, were exposed online.
  • Many of the exposed emails were from .gov or .mil domains, used by military or government workers.
  • The leak revealed the site's links to China, including hosting source code on a Chinese server.
  • The leak poses national security concerns and highlights the risks of using Chinese services for US government and military officials.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

1M

read

163

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Oracle Agile PLM bugs to its Known Exploited Vulnerabilities catalog.
  • The vulnerabilities added include CVE-2024-44308 Apple Multiple Products Code Execution Vulnerability, CVE-2024-44309 Apple Multiple Products Cross-Site Scripting (XSS) Vulnerability, and CVE-2024-21287 Oracle Agile PLM Incorrect Authorization Vulnerability.
  • Apple released security updates for two zero-day vulnerabilities, CVE-2024-44309 and CVE-2024-44308, which were actively exploited in the wild.
  • CISA orders federal agencies to fix the vulnerabilities by December 12, 2024.

Read Full Article

like

9 Likes

share

2 Shares

source image

Siliconangle

1M

read

172

img
dot

Image Credit: Siliconangle

Google identifies coordinated network of inauthentic news sites in Glassbridge investigation

  • Google has identified a coordinated network of inauthentic news sites operated by four digital public relations firms.
  • The network, known as Glassbridge, includes Chinese companies Shanghai Haixun Technology and Shenzhen Bowen Media, which were found disseminating pro-China content while pretending to be independent media outlets.
  • Google has blocked over 1,000 of these sites for violating policies on editorial transparency and deceptive behavior.
  • The Glassbridge network used sophisticated tactics to mimic legitimate local news outlets and target diverse audiences across different regions.

Read Full Article

like

10 Likes

share

2 Shares

source image

Tech Radar

1M

read

382

img
dot

Image Credit: Tech Radar

Pakistan blocks Bluesky amid popularity surge

  • Pakistan has blocked Bluesky, a popular alternative social media platform.
  • The block comes as Pakistan imposes restrictions on social media platforms and targets VPN services.
  • Authorities have set a deadline for businesses and freelancers to register their VPNs.
  • Residents can still access Bluesky using VPNs, but the situation may change after the registration deadline.

Read Full Article

like

22 Likes

share

5 Shares

source image

The Fintech Times

1M

read

368

img
dot

FinTech Scotland’s FRIL Establishes UK-Wide Programme to Help Innovators Fight Financial Crime

  • FinTech Scotland's FRIL has launched a new UK-wide programme to combat financial crime.
  • Successful applicants will receive support from industry leaders and gain access to roundtables, masterclasses, and workshops.
  • The programme is backed by 11 industry partners, including BT, HSBC, Morgan Stanley, and Lloyds Banking Group.
  • The initiative aims to encourage collaboration and deliver meaningful change in the financial services sector.

Read Full Article

like

22 Likes

share

5 Shares

source image

Pymnts

1M

read

432

img
dot

Image Credit: Pymnts

Panel: Data-Driven Paradigms Future-Proof Security Lifecycle Management

  • Data-driven decisioning is emerging as a fundamental force in fraud prevention for payment ecosystems.
  • Enhanced data sharing during checkout empowers issuers to make accurate decisions that protect both merchants and customers.
  • Discover Global Network, Adyen, and Forter collaborate to identify trends and set industry benchmarks through data aggregation.
  • Tailored, data-driven solutions are crucial in combating evolving fraud techniques and balancing security with customer experience.

Read Full Article

like

25 Likes

share

6 Shares

source image

Dev

1M

read

159

img
dot

Image Credit: Dev

How to Hack Wi-Fi Networks: A Comprehensive Guide for Advanced Penetration Testing

  • Cybersecurity professionals can improve their network defense by understanding how Wi-Fi networks are compromised.
  • Three main Wi-Fi security protocols are WEP, WPA/WPA2, and WPA.
  • Setting up the right environment with tools like Kali Linux, Aircrack-ng Suite, hcxtools, and Wireshark is key to performing penetration testing.
  • Advanced WPA2 hacking techniques include capturing handshakes, cracking the handshake, and PMKID attacks.
  • WPA3 introduces Simultaneous Authentication of Equals (SAE), making it resistant to dictionary attacks but with exploitable side-channel vulnerabilities.
  • To bypass captive portals on public Wi-Fi networks users can use MAC address spoofing, DNS spoofing, and MITM tools.
  • Defend against Wi-Fi attacks by using WPA3, disabling WPS, regularly updating router firmware, enabling MAC address filtering and using VLANs to segment your network.
  • Fallback to WPA2 and downgrade attacks are possible on WPA3 networks.
  • Hacking IoT devices on Wi-Fi can be performed by sniffing unencrypted traffic, exploiting UPnP or brute-forcing web interfaces.
  • Specialized tools for Wi-Fi hacking include Wifiphisher, Airgeddon, and Wireshark Filters.

Read Full Article

like

9 Likes

share

2 Shares

source image

Dev

1M

read

140

img
dot

Image Credit: Dev

Introducing the Multi-Version PYZ Builder: Secure, Cross-Platform Python Modules Made Easy

  • The Multi-Version PYZ Builder Script is a command-line tool designed to create a Universal Python Module optimized for cross-platform compatibility and multi-version support.
  • This tool allows you to bundle multiple protected .pyc files—each corresponding to a different Python version—into a single .pyz archive, significantly enhancing your Python code security.
  • With the ever-growing diversity of Python environments, ensuring that your code runs seamlessly across different platforms and Python versions is a challenge.
  • The Multi-Version PYZ Builder addresses this by providing cross-platform compatibility and multi-version support.
  • The generated .pyz files can be executed on any operating system where Python 3.6+ is installed, including Windows, macOS, Linux and Unix systems.
  • The Multi-Version PYZ Builder also integrates with code protection tools and uses previously compiled and protected .pyc files, adding layers of code obfuscation and encryption.
  • Users can secure code distribution without exposing the original source code, aligning with Python code security best practices.
  • Additional tools like the Local Python Code Protector, Python Obfuscator Online, and Secure Python Code Manager Script can be used to enhance Python code security.
  • The Multi-Version PYZ Builder Script works seamlessly with other tools designed for Python code security.
  • The Multi-Version PYZ Builder Script is a powerful addition to any Python developer's toolkit, especially for those concerned with code security and broad compatibility.

Read Full Article

like

8 Likes

share

1 Share

source image

VoIP

1M

read

218

img
dot

Image Credit: VoIP

NESIC Partners with Cloudbrink to Boost SASE Solutions

  • NEC Networks & System Integration Corporation (NESIC) has partnered with Cloudbrink to boost their Secure Access Service Edge (SASE) solutions.
  • NESIC aims to strengthen its Virtual Trusted Overlay Network by adopting Cloudbrink's SASE technology.
  • The partnership offers a cutting-edge, zero-trust networking solution that integrates advanced services like endpoint security and identity management.
  • Cloudbrink's global edge mesh provides high performance, robust security, ease of deployment, and streamlined management.

Read Full Article

like

13 Likes

share

3 Shares

source image

Cybersecurity-Insiders

1M

read

50

img
dot

Image Credit: Cybersecurity-Insiders

US urging Google to sell its Android and Chrome browser to banish Data Privacy and Market competition concerns

  • US regulators have requested Google's parent company, Alphabet Inc., to dismantle its Chrome and Android divisions to address concerns over the company's ongoing monopoly and privacy concerns.
  • Google's search engine and mobile operating system have helped the search giant maintain its dominant position in the online world for two decades by giving it direct access to online behavior, search habits, and personal data of millions every day.
  • The company's monopoly on mobile operating systems and web browsers has allowed it to control the online experience of users and collect vast amounts of data through its Chrome and Android platforms.
  • Data advocates have raised alarms about the vast amounts of personal information Google collects through its platforms in the last five years.
  • The U.S. Department of Justice has argued that Google's monopoly over internet search and browsing is a violation of anti-trust laws and that its overwhelming influence coupled with the collection of user data is troubling.
  • The U.S. government has suggested the separation of Chrome and Android into two separate entities to be sold to interested buyers, which could give other competitors a fair shot at succeeding in the browser and operating system markets and bring an end to the legal battles faced by Google worldwide over its surveillance practices.
  • This breakup could provide a significant opportunity for rival search engines like Yahoo and Microsoft's Bing to gain ground and compete with Google Search.
  • Some believe that the political landscape could further influence the outcome of this case, and President Trump may champion the breakup of Google as a necessary step to curtail the overreach of Silicon Valley.
  • If the U.S. government's proposal to break up Google's Chrome and Android divisions succeeds, this step could bring an end to Google's long-standing monopoly and offer a more competitive and privacy-conscious environment for other tech firms.
  • The implications of such a decision would reverberate far beyond just Google, potentially reshaping the entire internet ecosystem and altering how users interact with the digital world.

Read Full Article

like

3 Likes

share

Share

source image

Medium

1M

read

409

img
dot

Image Credit: Medium

The Mathematics Behind RSA

  • RSA is a widely-used encryption algorithm developed in 1979.
  • It is an asymmetric encryption algorithm that uses public and private keys.
  • The algorithm was constructed based on mathematical principles, with Leonhard Euler's work as a foundation.
  • RSA has been reliable and secure for almost half a century.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

1M

read

350

img
dot

Image Credit: Securityaffairs

More than 2,000 Palo Alto Networks firewalls hacked exploiting recently patched zero-days

  • Threat actors have hacked thousands of Palo Alto Networks firewalls using recently patched zero-day vulnerabilities.
  • The vulnerabilities exploited are CVE-2024-0012 and CVE-2024-9474 in PAN-OS.
  • The first vulnerability allows unauthenticated attackers with access to the management web interface to bypass authentication and gain admin privileges, while the second vulnerability allows privilege escalation for PAN-OS administrators.
  • Approximately 2,000 firewalls have been compromised, with countries like the US and India most affected.

Read Full Article

like

21 Likes

share

4 Shares

source image

HRKatha

1M

read

423

img
dot

Image Credit: HRKatha

Sachin Jain appointed senior VP, Eventus Security

  • Sachin Jain has been appointed as the senior vice president, technology and business development, North America at Eventus Security.
  • Jain brings 25 years of experience in technology leadership, cybersecurity, cloud, data, and digital transformation.
  • His appointment marks a strategic move towards expanding Eventus Security's presence in the North American market.
  • Jain's expertise will contribute to driving growth and meeting the region's cybersecurity needs.

Read Full Article

like

25 Likes

share

5 Shares

source image

Medium

1M

read

282

img
dot

Image Credit: Medium

The Trap Behind the Door: Asymmetric Cryptography

  • Symmetric cryptography is efficient for securing information, but sharing keys securely can be a challenge.
  • Asymmetric cryptography is a complement to symmetric cryptography and uses a public key and private key.
  • In asymmetric cryptography, the sender and receiver each have a separate key for locking and unlocking.
  • This method allows for secure key exchange and enhances information security.

Read Full Article

like

16 Likes

share

3 Shares

source image

Siliconangle

1M

read

1.3k

img
dot

Image Credit: Siliconangle

Wiz acquires cybersecurity startup Dazz for reported $450M

  • Wiz Inc. is acquiring cybersecurity startup Dazz Inc. for a reported $450 million.
  • Wiz provides a platform for securing public cloud environments, generating $500 million in annual recurring revenue.
  • Dazz generates revenue from an application security posture management platform that scans code for vulnerabilities.
  • Wiz will use Dazz's technology to enhance its Wiz Code service to detect and fix vulnerabilities in code.

Read Full Article

like

10 Likes

share

2 Shares

Prev

130
131
132
133
134
135
136
137
138
139
140

Next

For uninterrupted reading, download the app