menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Medium

3d

read

256

img
dot

Image Credit: Medium

Unlocking Information: An Introduction to Open Source Intelligence (OSINT)

  • OSINT involves gathering intelligence from publicly available sources like social media, websites, and public records.
  • Up to 70–90% of data used in investigations comes from open sources, highlighting the significance of OSINT in intelligence gathering.
  • OSINT sources are widely available, and the methods for collecting information range from basic searches to advanced tools like geolocation tracking.
  • The growing importance of OSINT across various fields brings both benefits and ethical considerations, emphasizing the need for responsible use.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

3d

read

297

img
dot

Image Credit: Medium

How I Uncovered Hidden Secrets in Deleted GitHub Files (and Why Bug Bounty Hunters Should Care)

  • Developers often believe that once a file is deleted on GitHub, it is gone forever, but a bug bounty hunter discovered hidden secrets in deleted files.
  • Curiosity led the hunter to explore bug bounty programs and search for API keys, credentials, and tokens in deleted files, revealing hidden risks in repository history.
  • When a file is deleted from a GitHub repository, it is not completely erased due to Git's version control system.
  • The discovery emphasizes the importance of understanding the risks associated with deleted files and the potential for sensitive information to be exposed.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

3d

read

116

img
dot

Building Ransomware Resilience: Why Product Strategies Must Prioritise Comprehensive Recovery Plans

  • The April 2025 ransomware attacks on major retailers exposed vulnerabilities, leading to data theft and disruptions in operations.
  • Recovery plans are crucial in dealing with modern ransomware, requiring more than just backups for data restoration.
  • To enhance ransomware resilience, product managers must integrate recovery plans at every stage of product development.
  • Key best practices include rapid system isolation, building alternative systems for failover, prioritizing secure backups, embedding incident response tools, training employees, and testing recovery plans.

Read Full Article

like

7 Likes

share

1 Share

source image

TechDigest

3d

read

221

img
dot

Image Credit: TechDigest

BBC correspondent Joe Tidy talks to Co-Op and M&S hackers

  • BBC Cyber Correspondent Joe Tidy engaged in a five-hour conversation with hackers claiming responsibility for cyber-attacks on UK retailers M&S and Co-op.
  • Hackers expressed frustration with Co-op's refusal to meet ransom demands, providing evidence of their involvement and association with the DragonForce hacking group.
  • The Co-op acknowledged a significant data breach following consultation with BBC’s Editorial Policy team, as revealed by the hackers.
  • Identity and location of those behind DragonForce remain unclear; hackers indicated connection with Scattered Spider, describing it as more of a community organizing across platforms.

Read Full Article

like

13 Likes

share

3 Shares

source image

Dev

3d

read

393

img
dot

Image Credit: Dev

OAuth or JWT? Everything Developers Need to Know in 2025

  • OAuth (Open Authorization) and JWT (JSON Web Token) are essential elements in contemporary software development for authorization and authentication.
  • OAuth is a standard protocol for authorization, while JWT is used for securely transmitting information between parties.
  • OAuth uses delegated access and supports multiple grant types, while JWT is self-contained and stateless, commonly used in authentication mechanisms.
  • Developers should use OAuth for delegated authorization and JWT for stateless session management and fast authentication.

Read Full Article

like

23 Likes

share

5 Shares

source image

Securityaffairs

3d

read

237

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 524 by Pierluigi Paganini – INTERNATIONAL EDITION

  • US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials
  • New botnet HTTPBot targets gaming and tech industries with surgical attacks
  • Google fixed a Chrome vulnerability that could lead to full account takeover
  • Coinbase disclosed a data breach after an extortion attempt

Read Full Article

like

14 Likes

share

3 Shares

source image

Securityaffairs

3d

read

382

img
dot

Image Credit: Securityaffairs

Experts found rogue devices, including hidden cellular radios, in Chinese-made power inverters used worldwide

  • Chinese-made power inverters in US solar farm equipment were found to have 'kill switches', including hidden cellular radios, that could potentially allow Beijing to remotely disable power grids during a conflict.
  • Experts discovered rogue devices, such as hidden cellular radios, in Chinese-made power inverters used globally, raising concerns about the possibility of remote power grid disruptions in critical infrastructure.
  • US experts found undocumented communication devices like cellular radios in batteries from various Chinese suppliers, indicating a potential covert means to physically destroy power grids.
  • US Representative August Pfluger emphasized the threat posed by such rogue devices, expressing the need to enhance efforts against Chinese interference in sensitive infrastructure to safeguard national security.

Read Full Article

like

23 Likes

share

5 Shares

source image

Medium

3d

read

181

img
dot

Your Password Manager Is a Liar

  • Password managers often boast about their security measures and recovery options, but the ability to reset passwords can pose a significant security risk in case of a breach.
  • Monitoring the dark web for passwords involves accessing and potentially reading the breached data, contradicting the concept of zero-knowledge security.
  • LastPass experienced a data breach in December 2022, raising concerns about its security practices, while Bitwarden faced issues such as an autofill vulnerability.
  • 1Password, known for its strong security, had incidents like being indirectly impacted by the Okta breach and a critical vulnerability in its macOS version.

Read Full Article

like

10 Likes

share

2 Shares

source image

Dev

4d

read

390

img
dot

Image Credit: Dev

🚀 Introducing Astra v1.1 – Local, Powerful, and Now Even More Flexible

  • Astra v1.1 is the latest version of the open-source network scanning tool designed for security researchers and sysadmins, offering speed, flexibility, and privacy without reliance on third-party APIs.
  • New features in Astra v1.1 include CIDR scan enhancements, output flexibility with JSON or CSV saving options, expanded port scanning choices, improved verbose logging, and performance tuning settings.
  • Quality of life improvements in Astra v1.1 consist of simplified config setup, better help output, and graceful handling of invalid domains and empty scan results.
  • Astra allows users to scan domains, CIDR ranges, limit resources on large scans, and export results to files, offering privacy, customizability, transparent output, and open-source flexibility.

Read Full Article

like

23 Likes

share

5 Shares

source image

Medium

4d

read

119

img
dot

Image Credit: Medium

How to start your cybersecurity career?

  • Before starting a cybersecurity career, question your motives and ensure genuine curiosity and patience.
  • Learn about Kali Linux, a Linux distribution commonly used by cybersecurity experts.
  • Understanding networking is crucial in cybersecurity as it forms the backbone of IT.
  • Start with learning tools like Nmap and Wireshark, focus on understanding commands rather than just copying them.

Read Full Article

like

7 Likes

share

1 Share

source image

Medium

4d

read

263

img
dot

Image Credit: Medium

A Path Down Linux Lane

  • Linux initially relied on CLI but later introduced GUIs like KDE Plasma and GNOME to enhance accessibility.
  • The flexibility of Linux distros allows users to choose between CLI and GUI interfaces.
  • Linux dominates in server, cloud, supercomputers, IoT, and embedded systems, showcasing its versatility and reliability.
  • With its reliability, security, and strong community support, Linux is a worthwhile choice for both beginners and tech enthusiasts.

Read Full Article

like

15 Likes

share

3 Shares

source image

Medium

4d

read

80

img
dot

Image Credit: Medium

SentryPC: The Ultimate Digital Monitoring & Control Solution for Families and Businesses

  • SentryPC is a powerful monitoring and control software designed for families and businesses to protect against cyber risks like cyberbullying, data leaks, and distractions.
  • It offers real-time monitoring, smart filtering, and actionable insights for parents, employers, and educators to manage digital activities effectively.
  • Features include keystroke logging, website & app tracking, custom blacklists, daily usage schedules, and user-specific permissions to ensure security and productivity.
  • SentryPC provides solutions for parents to protect children online, employers to monitor productivity, and educators to maintain a focused learning environment.

Read Full Article

like

4 Likes

share

1 Share

source image

Dev

4d

read

258

img
dot

Image Credit: Dev

How Many AI Tokens to Play a Game of Chess?

  • AI token usage is following a similar trajectory as cloud adoption, with costs increasing over time and potential for unexpected expenses.
  • Understanding token usage is crucial as scale can hide costs; similar to surprise cloud bills, token costs can escalate rapidly.
  • Developers commonly use AI in practice for 'vibe coding,' where tokens accumulate with each iteration, leading to potential cost overruns.
  • Best practices for managing AI token usage include scoping code slices, externalizing business rules, and writing focused prompts to optimize efficiency and cost.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

4d

read

133

img
dot

Image Credit: Securityaffairs

US Government officials targeted with texts and AI-generated deepfake voice messages impersonating senior U.S. officials

  • The FBI warns ex-government officials of being targeted with deepfake texts and AI-generated voice messages impersonating senior U.S. officials.
  • Threat actors have been using texts and AI voice messages since April 2025 to access personal accounts of officials and their contacts.
  • Malicious links are sent to officials posing as messaging platform invites, allowing threat actors to extract data or funds through impersonation.
  • To avoid falling for AI-powered scams, officials are advised to verify callers' identities, check for errors in messages, and avoid sharing sensitive information with unknown contacts.

Read Full Article

like

8 Likes

share

1 Share

source image

Secureerpinc

4d

read

260

img
dot

Image Credit: Secureerpinc

Bots Now Rule the Internet Highway

  • Online traffic is now dominated by bots, accounting for 51% of all web traffic.
  • Bots serve various purposes, including search engine indexing, social media management, data extraction, and monitoring website performance.
  • A significant percentage of bots are malicious, causing issues like data theft, spam propagation, and inflating online numbers.
  • To combat the rising threat of bad bots, organizations are advised to implement strong password habits, enhance website defenses, and invest in bot detection systems.

Read Full Article

like

15 Likes

share

3 Shares

Prev

10
11
12
13
14
15
16
17
18
19
20

Next

For uninterrupted reading, download the app