menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Lastwatchdog

1M

read

210

img
dot

News alert: Attaxion integrates its EASM Platform with ENISA’s EU Vulnerability Database (EUVD)

  • Attaxion integrates the European Vulnerability Database (EUVD) operated by the European Union Agency for Cybersecurity (ENISA) into its EASM platform.
  • EUVD is a repository developed in response to the NIS2 Directive, taking a multi-stakeholder approach and providing actionable information on vulnerabilities.
  • The integration enhances vulnerability data with EUVD's metadata, supporting faster triage, risk-based prioritization, compliance with regulations, and better decision-making.
  • Attaxion sets a precedent by aligning external attack surface management with public-sector threat intelligence, emphasizing interoperability between commercial platforms and government-backed datasets.

Read Full Article

like

12 Likes

share

2 Shares

source image

TechCrunch

1M

read

434

img
dot

Image Credit: TechCrunch

Coinbase says its data breach affects at least 69,000 customers

  • Coinbase disclosed a data breach affecting at least 69,461 customers' personal and financial information.
  • The breach occurred from December 26, 2024, until earlier this month, with a hacker demanding $20 million as ransom, which Coinbase refused to pay.
  • The stolen data includes customer names, email addresses, phone numbers, government-issued ID documents, account balances, and transaction histories.
  • The hacker gained unauthorized access through bribing Coinbase customer support workers, leading to concerns about wealthy customers being targeted.

Read Full Article

like

26 Likes

share

6 Shares

source image

Siliconangle

1M

read

365

img
dot

Image Credit: Siliconangle

Operant AI launches Woodpecker to bring open-source red teaming to AI and cloud environments

  • Operant AI Inc. launches Woodpecker, an open-source automated red teaming engine for advanced security testing in AI and cloud environments.
  • Woodpecker aims to address the increasing complexity of security vulnerabilities in cloud-native applications and AI technologies.
  • Red teaming has become crucial as AI threats rise, and Woodpecker enables organizations of all sizes to proactively identify vulnerabilities with enterprise-grade capabilities.
  • Woodpecker offers automated red teaming in Kubernetes security, API security, and AI systems, and is now available as an open-source project on GitHub.

Read Full Article

like

21 Likes

share

5 Shares

source image

Cheapsslshop

1M

read

347

img
dot

Image Credit: Cheapsslshop

HSTS vs HTTPS: Why You Need Both for Web Security

  • Most modern websites use HTTPS to secure communication between the browser and the server, encrypting data in transit to protect user sessions, credentials, and sensitive inputs.
  • However, encryption alone doesn't guarantee that the connection will always be secure, as accessing a site without 'https' or through old HTTP links can lead to insecure requests and potential man-in-the-middle (MITM) attacks.
  • To address this risk, HTTP Strict Transport Security (HSTS) comes into play, serving as a browser-level instruction that enforces the use of HTTPS when connecting to a site, without any exceptions or fallback to HTTP.
  • Understanding the difference between HSTS and HTTPS, and correctly implementing them, is crucial for enhancing web security and safeguarding websites against potential vulnerabilities.

Read Full Article

like

20 Likes

share

4 Shares

source image

Medium

1M

read

429

img
dot

Image Credit: Medium

Meet Gemini Nano: Google Chrome’s New Defensive AI

  • Gemini Nano is a new on-device AI by Google designed to protect users from online scams and phishing traps by analyzing website content and intent in real time.
  • Unlike traditional protection tools, Gemini Nano works independently on the device, ensuring fast and effective scam detection while respecting user privacy.
  • The AI acts as a digital bodyguard within the browser, examining the legitimacy of websites through language and pattern detection capabilities.
  • With online scams on the rise, Gemini Nano's real-time analysis helps combat new and rapidly emerging threats, unlike static blocklist tools.
  • Gemini Nano evaluates websites for signs of deception, such as tech support scams or phishing attempts, and alerts users through Chrome’s Safe Browsing system.
  • The AI's focus on language-based detection sets it apart from location-based security measures, allowing it to adapt to evolving scam tactics.
  • Initially targeting tech support scams, Gemini Nano aims to expand its capabilities to detect various fraud types like fake delivery notices and phishing messages.
  • The AI will soon be integrated into Chrome for Android, enhancing user protection against suspicious website notifications and scams.
  • Google reports a significant increase in scam identification with AI tools, showcasing the effectiveness of Gemini Nano in combating cyber threats.
  • Gemini Nano represents a proactive approach to online security, offering users a vigilant ally in safeguarding their online experiences.

Read Full Article

like

25 Likes

share

6 Shares

source image

Securityaffairs

1M

read

301

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog

  • U.S. CISA added Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog.
  • CISA also included Google Chromium, DrayTek routers, and SAP NetWeaver flaws in its Known Exploited Vulnerabilities catalog.
  • Some of the described flaws include authentication bypass, code injection, XSS vulnerabilities, and directory traversal vulnerabilities.
  • Ivanti released security updates for CVE-2025-4427 and CVE-2025-4428 in Endpoint Manager Mobile software to address remote code execution threats.

Read Full Article

like

18 Likes

share

4 Shares

source image

Global Fintech Series

1M

read

9

img
dot

Image Credit: Global Fintech Series

How the Dark Web is Changing Money Laundering And What FinTechs Must Do to Stay Ahead

  • The dark web has emerged as a platform for illicit transactions, including sophisticated money laundering schemes, leveraging anonymity to obscure financial flows.
  • Fintech companies face the challenge of combating evolving financial crimes facilitated by the dark web, requiring enhanced fraud detection systems and collaboration with regulators.
  • The dark web poses significant risks, with cybercriminals using it for financial crimes, identity fraud, phishing attacks, and selling stolen identities and credit card details.
  • Virtual assets, particularly cryptocurrencies, offer anonymity that criminals exploit for money laundering, complicating AML efforts due to decentralized networks and mixers.
  • Challenges for AML initiatives include pseudonymous transactions, lack of regulatory coordination, and the need for stronger compliance measures to counter cross-border money laundering.
  • To combat financial crimes involving virtual assets, integrating blockchain analytics, AI-driven monitoring, and global regulatory cooperation is essential for the financial industry.
  • Without robust enforcement measures, the dark web will continue to be a haven for money launderers, highlighting the urgency for stronger compliance and technology adoption.
  • Financial institutions and FinTech firms must adapt to evolving threats by implementing cutting-edge technologies and fostering collaborative efforts to safeguard the financial system.
  • The integration of real-time risk assessment models and advanced monitoring tools is crucial for detecting and preventing suspicious financial activities in the digital era.
  • Global regulatory frameworks must evolve to address the challenges posed by virtual assets, requiring international cooperation to combat financial risks effectively.

Read Full Article

like

Like

share

Share

source image

Medium

1M

read

242

img
dot

Image Credit: Medium

Are Phone (And Laptop) Repair Shops Spying on us? Here’s What I Found After Testing It Myself

  • A test was conducted to check if phone and laptop repair shops snoop on personal files, revealing some shops going through private documents and photos.
  • The experiment was carried out by NUS Greyhats, a team of ethical hackers and cybersecurity enthusiasts from the National University of Singapore, inspiring the author to conduct a similar test.
  • The author built a monitoring script using Python to understand its functioning and potential for privacy protection, emphasizing the vulnerability of private data in others' hands.
  • While highlighting the importance of tools for monitoring privacy, the author warns about potential misuse and emphasizes the need for responsible use of such technology.

Read Full Article

like

14 Likes

share

3 Shares

source image

Silicon

1M

read

374

img
dot

Image Credit: Silicon

Silicon UK AI For Your Business Podcast: The New Threat Landscape of Generative AI

  • The Silicon UK AI For Your Business Podcast discusses the evolving threat landscape created by generative AI in today's enterprise landscape.
  • Generative AI has brought revolution in content creation and automation but also poses serious risks with new vulnerabilities and security challenges.
  • Pinar Alpay, Chief Product and Marketing Officer at Signicat, provides insights on cybersecurity threat shifts, prompt injection concerns, deepfakes dangers, and risks introduced by autonomous AI agents.
  • The discussion covers the vulnerability of industries, the adequacy of current cybersecurity frameworks, and the urgent steps needed by CISOs and AI developers for a more secure AI-powered future.

Read Full Article

like

22 Likes

share

5 Shares

source image

Securityaffairs

1M

read

434

img
dot

Image Credit: Securityaffairs

A critical flaw in OpenPGP.js lets attackers spoof message signatures

  • A critical flaw in OpenPGP.js, tracked as CVE-2025-47934, allows attackers to spoof message signatures.
  • OpenPGP.js is an open-source JavaScript library used for email and data encryption.
  • Vulnerability affects versions 5.0.1 to 5.11.2 and 6.0.0 to 6.1.0, enabling attackers to craft misleading messages.
  • The issue is patched in versions 5.11.3 and 6.1.1, with manual signature checks available as workarounds.

Read Full Article

like

26 Likes

share

6 Shares

source image

Pymnts

1M

read

167

img
dot

Image Credit: Pymnts

Bank of America Sees Mobile-First Security Surge as Firms Embrace QR Sign-In

  • Bank of America introduced QR code login for its CashPro platform to address client challenges with password resets and eliminate friction in B2B transactions.
  • The QR sign-in authentication tool has been used over 2 million times within less than two years of its launch, showing a 60% increase in adoption in the past year.
  • Bank of America's innovative approach with QR sign-in reflects a larger trend of combining enterprise-grade security with consumer-grade simplicity in the digitization of B2B transactions.
  • The success of QR sign-in lies in its secure, scalable, and user-friendly design, with features like push authentication which has surpassed physical authentications in Q1 2025.

Read Full Article

like

9 Likes

share

2 Shares

source image

Pymnts

1M

read

297

img
dot

Image Credit: Pymnts

Saudi Small Businesses Rethink Payments for a Faster Future

  • Saudi Arabia is becoming prominent in cross-border payments due to the increasing popularity of digital wallets.
  • 54% of Saudi consumers making cross-border payments used digital wallets, ranking just behind the U.S. and ahead of the UK and Singapore.
  • While consumer adoption of digital wallets is high, SMBs in Saudi Arabia show lower usage rates due to concerns such as security, tracking, high costs, and poor exchange rates.
  • Bridging the gap between consumer and SMB adoption of digital wallets is crucial for Saudi Arabia to fully leverage its FinTech potential and redefine financial operations in the global economy.

Read Full Article

like

17 Likes

share

4 Shares

source image

VoIP

1M

read

251

img
dot

Image Credit: VoIP

SK Telecom Breach Spurs Global Telecom Data Security Efforts

  • A server breach at SK Telecom has compromised personal and USIM data of all subscribers, potentially leaking 9.32 gigabytes of sensitive information.
  • SK Telecom took proactive measures like offering free USIM card replacements and enrolling customers in a USIM protection program to address identity theft concerns.
  • International collaboration in the telecom sector regarding data security includes efforts from South Korea and the U.S., aiming at better international coordination against cyber threats and aligning cybersecurity standards.
  • Despite challenges like South Korea being categorized as a 'sensitive country' affecting research funding, efforts continue to enhance U.S.-South Korea cooperation in technological research, with investments in areas like artificial intelligence and biotechnology.

Read Full Article

like

15 Likes

share

3 Shares

source image

TechDigest

1M

read

287

img
dot

Image Credit: TechDigest

M&S cyber attack could cost £300 million, disruptions expected until July

  • Marks & Spencer (M&S) anticipates a £300 million impact on trading profits this year due to a recent cyberattack, leading to operational disruptions expected until July.
  • The ransomware attack has caused over £1 billion reduction in M&S's market value, primarily affecting online ordering capabilities, with website sales set to resume partially in the upcoming weeks.
  • The cyberattack is suspected to be orchestrated by a hacking group called Scattered Spider, compromising customer data while assuring the security of payment information.
  • M&S CEO Stuart Machin acknowledges the severity of the incident but remains optimistic, stating that it will not derail the company's plans for reshaping and improving technology transformation, despite the projected profit reduction of £300 million.

Read Full Article

like

17 Likes

share

4 Shares

source image

Nordicapis

1M

read

406

img
dot

5 Random API Key Generators (And Why You Might Use Them)

  • API keys play a crucial role in identifying traffic sources and interactions in API development.
  • Random API key generators are useful for temporary or one-time needs, such as mock documentation or testing.
  • Generate-Random.org is a customizable and quick API key generator without the need for sign-up.
  • Akto API Key Generator allows generating multiple keys with options for character types.
  • Vondy API Key Generator offers structured data generation based on LLM systems.
  • Random Number API provides direct API access for generating random numbers and UUIDs.
  • Native methods in languages like JavaScript and Python can also be used for API key generation.
  • Random API keys are beneficial for testing and educational purposes without using production keys.
  • Using random keys for testing helps avoid exposing sensitive data and aids in creating sandbox environments.
  • It is essential to follow best practices when generating actual usable API keys for production.

Read Full Article

like

24 Likes

share

5 Shares

Prev

130
131
132
133
134
135
136
137
138
139
140

Next

For uninterrupted reading, download the app