A naukri.com initiative
Cyber Security News
Securityaffairs
1M
113
Image Credit: Securityaffairs
Threat actor sells data of over 750,000 patients from a French hospital
- A threat actor had access to the electronic patient record system of an unnamed French hospital, compromising the health data of 750,000 patients.
- The stolen data includes personal information such as names, dates of birth, addresses, phone numbers, and medical information like prescriptions and attending physicians.
- The breach seems to be a supply chain attack, with the hacker compromising the MediBoard platform provided by Softway Medical Group.
- The exposure of medical data puts patients at risk of identity theft, fraud, and can lead to misdiagnoses or medical errors.
Read Full Article
6 Likes
Medium
1M
122
Image Credit: Medium
Which Vpn Is Safe? — Comprehensive Guide And FAQs
- Using a VPN has become a crucial step towards safeguarding your personal information in today's digital age.
- A VPN creates a secure, encrypted connection between your device and the internet, masking your IP address.
- Not all VPNs are created equal, and it is essential to understand what makes a VPN safe and reliable.
- When choosing a VPN, it is critical to consider encryption protocols, no-log policies, speed and performance, and security features.
- NordVPN, ExpressVPN, CyberGhost, and Surfshark are top VPNs that embody these safety features.
- Using a VPN is legal, but some nations restrict VPN usage, and free VPNs may log user activity and sell data to third parties.
- A VPN encrypts your data and hides your IP address, making it harder for hackers to target you.
- Choose a VPN that meets your specific needs, has positive reviews, and fits your budget.
- A VPN significantly enhances your online security, but it's not a one-size-fits-all solution. Always practice safe browsing habits.
- Remember to stay informed about the latest online threats.
Read Full Article
7 Likes
Global Fintech Series
1M
314
Image Credit: Global Fintech Series
Evolution of Digital Front-Ends in Commercial Banking
- The commercial banking landscape has undergone a huge transformation over the past two decades, driven by rapid advancements in financial technology and evolving customer expectations.
- The evolution of digital frontends reflects the commercial banking industry’s response to the demands of a digital-first world.
- The early online banking provided limited functionality, lack customization, and inadequate to meet complex needs of businesses.
- Commercial banks began developing enhanced digital platforms in mid-2000s, to incorporate more features and providing intuitive design and navigation.
- Omnichannel banking aimed to unify experiences, enabling businesses to customize their views and prioritize the information most relevant to their operations.
- Today’s digital front-ends leverage AI to analyze transaction patterns, predict cash flow trends, identify fraud, provide tailored recommendations, and facilitate real-time transactions.
- Blockchain is being incorporated for secure and transparent trade finance transactions, ultimately minimizing intermediary reliance and reducing processing times.
- The future trends indicate a shift towards hyper-personalization, where platforms will leverage AI and big data to deliver bespoke services, and toward embedded finance where bank services will be integrated directly into third-party platforms.
- Commercial banks can provide clients with frictionless access to loans, payments, and other banking services without needing to leave their workflows.
- Digital frontends in commercial banking reflect the strategic enablers that drive efficiency, enhance decision-making, and strengthen client relationships.
Read Full Article
18 Likes
Noupe
1M
314
Securing Your WordPress Against Hacks: Essential Strategies for a Safer Website
- WordPress is a prime target for hackers due to its popularity and open-source nature and it is important to recognise potential threats.
- Keep everything updated, including core software, themes, and plugins. Regular updates have security patches aimed at known vulnerabilities.
- Use strong, unique passwords and additional 2FA for extra security. Change default usernames and limit the number of login attempts to prevent brute-force attacks.
- Choose a reliable hosting provider that offers robust security features, including SSL certificates, firewalls, and regular backups.
- Regularly backup your WordPress site, including your database and files storing backups in multiple locations, to ensure you can restore your site quickly.
- Use security plugins like Wordfence Security, Sucuri Security and iThemes Security to significantly bolster your site's defenses against hacks.
- Monitor user activity, log user actions, and assign user roles carefully to only grant users the permissions they need to perform their tasks.
- Secure your core WordPress files, protect your database and use HTTPS to encrypt the data exchanged between your site and its visitors.
- Switching to HTTPS ensures that your site is safeguarded against malicious attacks and the data exchanged between your site and its visitors is encrypted.
- By implementing these strategies, you can create a robust security posture that protects your site and its content from potential threats. Remember, the cost of prevention is always less than the cost of a breach.
Read Full Article
18 Likes
Securityaffairs
1M
232
Image Credit: Securityaffairs
Decade-old local privilege escalation bugs impacts Ubuntu needrestart package
- Decade-old flaws in the needrestart package in Ubuntu Server could allow local attackers to gain root privileges without user interaction.
- The Qualys Threat Research Unit (TRU) discovered five Local Privilege Escalation (LPE) decade-old security vulnerabilities in the needrestart package that could allow a local attacker to gain root privileges.
- The needrestart package in Ubuntu is a utility designed to ensure system stability after software updates.
- The vulnerabilities have been tracked as CVE-2024-48990, CVE-2024-48991, CVE-2024-48992, CVE-2024-10224, and CVE-2024-11003.
Read Full Article
13 Likes
Cybersecurity-Insiders
1M
204
Image Credit: Cybersecurity-Insiders
SailPoint Revolutionizes Identity Security with Unified Data and AI-Powered Identity Graph
- SailPoint Technologies introduces the SailPoint Identity Graph, a groundbreaking addition to the Atlas platform.
- The SailPoint Identity Graph integrates context from identities, access controls, threat detection, and risk management.
- It provides a unified data model that offers comprehensive identity insights and visualization.
- The Identity Graph simplifies complexity, enhances risk identification, improves contextual awareness, and accelerates anomaly detection.
Read Full Article
12 Likes
Cybersecurity-Insiders
1M
213
Image Credit: Cybersecurity-Insiders
Advanced Radar Screening Key to Safer Public Spaces
- Advanced technology solutions have been developed to help prevent potentially violent incidents in large public spaces. An optical camera combined with millimeter-wave radar has been implemented as a preventative approach to public-venue protection
- Seamless security technology scans individuals while they are in motion, tracking an individual’s movement with the millimeter-wave radar and providing better resolution and imaging quality without disrupting the crowd flow during security scanning
- Security scanning data can also be fed to an integrated monitoring system with overhead video surveillance to identify objects of concern as well as unusual behaviour, prompting any preventative action.
- Privacy concerns about the use of security scanning can be overcome by configuring the system to not reveal privacy-sensitive data to the operator and screening only for suspicious objects such as guns or knives.
- Applications for seamless security include more efficient screening at large public events, conducting high precision screening and identification at business entrances, monitoring people on escalators and improving screening at mall entrances.
- Developments of seamless security will first be implemented in semi-static environments within the next three to five years before precise scanning of people in motion is possible
- Four pillars, each containing an optical and a radar system, will coordinate to acquire a 360-degree screen of an individual for a more effective security system.
- AI can improve the image models of seamless security, automatically recognize suspicious objects and identify anomalous behaviour. It will also be used for general security practices such as facial recognition for identity recognition, but human involvement should be included for validation purposes
- Seamless security will utilise optical sensors, millimeter-wave radar and terahertz imaging, with the aim of providing people travelling in public spaces a more secure environment
- The ideal security system should be less intrusive yet more effective to support the evolving security and identification needs of society.
Read Full Article
12 Likes
Hitconsultant
1M
314
Image Credit: Hitconsultant
PCI DSS 4.0: A Guide to API Security for Healthcare Organizations
- Several health information exchange platforms in the United States have been targets of ransomware attacks in recent years, endangering a vast array of sensitive data, from personally identifiable information to financial records and transactions, and becoming an easy prey for cyber attackers worldwide.
- The Payment Card Industry Security Standards Council released PCI DSS in 2006 as a global standard for any entity that processes, stores, or transmits cardholder data electronically, and due to the proliferation of APIs, PCI 4.0 includes rules and guidelines specifically addressing API security, to combat the growing wave of cyber attacks targeting the healthcare industry.
- Among the changes made, PCI 4.0 now calls for enhanced visibility and protection of APIs, underscoring the need for robust security strategies that can better adapt to new threat tactics, to secure payment providers' security posture, especially to strengthen the protection of personal health information.
- Securing APIs goes beyond just data protection in PCI DSS 4.0; it’s become a core element of compliance. The new standard emphasizes the need for a comprehensive inventory of all software components, including custom-developed and third-party integrations.
- To address API security requirements, organizations can adopt these four best practices: establishing mechanisms to monitor and assess API components, developing a comprehensive inventory of all APIs, regularly validating the expected behavior of APIs, and adopting secure coding standards tailored for API development.
- For healthcare organizations, where the protection of sensitive patient information is critical, enhancing API security through PCI DSS 4.0 is a crucial defense strategy in the battle to safeguard patient privacy and build trust within the healthcare industry.
- The financial and reputational fallout from ransomware attacks on healthcare organizations can cost hundreds of millions to billions of dollars, and recent healthcare data breaches have necessitated a reevaluation of security protocols, especially to ensure patient trust and protect financial transactions.
- The rise of e-commerce and the widespread adoption of cloud technologies have increased API usage, and PCI 4.0 strengthens controls and security measures to handle millions of sensitive records, protect valuable customer data, and thwart cybercriminals' attacks.
- PCI 4.0 also adopted a more flexible approach to stringent security measures to fit specific operational needs. To stay compliant, organizations must prioritize robust API security measures aligned with PCI DSS 4.0 to ensure recurring integrity of sensitive patient data and bolster their defenses against cyberattacks.
- Strengthening API security measures is a critical defense strategy for healthcare providers in the fight to safeguard patient privacy and build trust within the healthcare industry.
Read Full Article
18 Likes
Cybersecurity-Insiders
1M
323
Image Credit: Cybersecurity-Insiders
Professionalization seen in Russian Cyber Crime groups linked to Ransomware
- A disturbing new trend shows the increasing professionalization of cybercrime, with hacking groups in Russia actively advertising job openings for pen testers. These positions require expertise in penetration testing, which checks identified vulnerabilities and helps attackers to infiltrate networks more efficiently. In the first week of November 2024, several job posting platforms were found to be listing vacancies for pen testers. Cybersecurity firm Cato Networks highlights that the hackers are filling these advertised positions in an anonymous manner via online platforms, with most communication taking place in encrypted environments such as TOR and Telegram.
- The Cato CTRL SASE Threat Report revealed how cybercriminals are increasingly using Shadow AI, a term that refers to the illegal use of AI technologies and tools in cybercrime activities. The report emphasizes the potential dangers of Shadow AI, which has become an integral tool in the cybercriminal toolkit, as the possibilities for their misuse in criminal activities continue to expand.
- Law enforcement agencies are closely monitoring these emerging trends globally, focusing on the illegal use of AI and the hiring of pen testers by hacking groups. Operation Cronos, a large-scale effort led by Europol in collaboration with other law enforcement agencies, serves as a prime example of proactive steps being taken to combat cybercrime. Even the FBI is working on this issue, monitoring suspects (in many cases, catching them in the act) using advanced tools and techniques.
- The increasing professionalization of cybercrime, reflected in hiring pen testers by Russian hacking groups, serves as a reminder of the ever-evolving nature of cyber threats. Therefore, both the public and private sectors should remain vigilant and proactive in their defense strategies.
- The rise of Shadow AI and the growing demand for specialized skills such as penetration testing by criminal groups highlight the need for enhanced international cooperation, and improved cybersecurity awareness, as cybercrime continues to pose a significant threat.
Read Full Article
19 Likes
Gizchina
1M
168
Image Credit: Gizchina
Microsoft to launch a “Zero Day Quest” with $4 million up for grabs
- Microsoft is planning to launch a new event called 'Zero Day Quest' to strengthen the protection of its technologies.
- The event will bring together experts, developers, and researchers to investigate vulnerabilities in Microsoft's infrastructure and algorithms.
- Microsoft will allocate $4 million in incentives for discoveries of critical weaknesses.
- Findings from the event will be shared with the Common Vulnerabilities and Exposures (CVE) program to benefit the wider tech community.
Read Full Article
10 Likes
Mcafee
1M
27
Image Credit: Mcafee
Lumma Stealer on the Rise: How Telegram Channels Are Fueling Malware Proliferation
- Lumma Stealer is a new information-stealing malware that is spreading rapidly through Telegram channels.
- Telegram channels are being identified as lucrative distribution vectors, able to bypass traditional detection mechanisms.
- McAfee offers robust defenses against malware threats like Lumma Stealer, using cutting-edge threat intelligence and behavioral analysis.
- CCleaner 2024.rar is one specific file used to distribute Lumma Stealer.
- Lumma Stealer can steal sensitive data and compromise user privacy.
- The malware employs a decryption routine to establish communication with the attacker's server, making detection harder.
- Lumma Stealer has been detected in India, USA, and Europe, with Telegram channels offering fake crack software, being the main source of distribution.
- McAfee's advanced security features provide users with a safeguard to protect their digital assets and personal data against Lumma Stealer malware.
- The threat of Lumma Stealer highlights the importance of having robust antivirus protection to safeguard against evolving malware tactics.
- Indicators of compromise include various ransomware, spyware, and Trojan malware packaged as fake software.
Read Full Article
1 Like
Siliconangle
1M
1.2k
Image Credit: Siliconangle
AI meets cybersecurity: Twine launches with $12M funding for digital cyber employees
- Twine, an Israeli and U.S. cybersecurity company, has raised $12 million in funding to develop AI-driven 'digital cyber employees.'
- The company's digital employees, starting with the first product Alex, automate cybersecurity tasks and focus on identity management.
- Twine aims to address the talent shortage in the industry by introducing virtual digital employees who work alongside human teams, automating repetitive tasks.
- The funding round was led by Ten Eleven Ventures LP and Dell Technologies Capital, with participation from angel investors and Wiz Inc.
Read Full Article
27 Likes
Medium
1M
341
Image Credit: Medium
Detecting Deepfakes: The Role of AI
- Deepfakes, synthetic media designed to deceive, are becoming increasingly threatening to reputations, political stability, and global security.
- A young journalist named Maya Kumar was targeted by a deepfake attack in 2027.
- Maya clicked on an email link and days later, a video surfaced online.
Read Full Article
20 Likes
Siliconangle
1M
391
Image Credit: Siliconangle
Prompt Security secures $18M to enhance enterprise protection against generative AI risks
- Security startup Prompt Security Inc. has raised $18 million in funding to enhance enterprise protection against generative AI risks.
- Prompt Security specializes in safeguarding enterprises against generative AI threats and offers visibility and governance over gen AI tools.
- The company addresses the issue of AI security breaches by providing comprehensive security measures for generative AI.
- The funding round was led by Jump Capital, with participation from Hetz Ventures, Ridge Ventures, Okta Inc., and F5 Inc.
Read Full Article
23 Likes
Medium
1M
40
Image Credit: Medium
Shop For Gaming VPN
- A VPN is essential for online gaming as it can encrypt your internet traffic for better security, access geo-restricted content, and minimize latency to maintain a smooth connection. VPN like NordVPN provides advanced technology and features, including AES-256 encryption, extensive server network, SmartPlay technology, no-logs policy, malware protection, an in-built ad blocker, and password manager, and secure cloud backup. NordVPN offers different plans designed to cater to different budgets and needs.
- Using a VPN protects your online data from cybercriminals and sometimes, even your ISP can't access your gaming activities.
- A good VPN adds an additional layer of security to protect your information privacy and connection from potential attacks.
- A VPN can help you access geo-restricted content and slip past digital barriers by appearing to connect from a different country. It's perfect for gamers who want to access exclusive content.
- Using a VPN minimizes latency and buffering, unlike high usage from gaming, which may get your ISP to throttle your bandwidth. That gives you the thrill of a lag-free gaming experience.
- NordVPN is recognized for its cutting-edge technology and advanced security protocols and features that protect your identity and gaming account. NordVPN also provides the flexibility to secure up to 10 devices simultaneously, which includes PCs, laptops, tablets, smartphones, etc.
- Besides offering services like AI assistance for content creation, NordVPN also provides malware protection, built-in ad-blocker, in-built password manager, and secure cloud solution for encrypted file backup.
- NordVPN also offers several plans designed to cater to different budgets and needs and is currently giving 70% off and three extra months for free as its Black Friday offer.
- A VPN like NordVPN can enhance your gaming experience as it offers privacy, security, and speed, which are significant considerations for gamers.
- A VPN will equip you with the tools necessary for safe and unrestricted gaming, helping you conquer any level of the gaming world without any compromises.
Read Full Article
2 Likes
For uninterrupted reading, download the app