A naukri.com initiative
Cyber Security News
Medium
1M
81
The Hidden Risks of ‘Shadow AI’ and How to Secure Them
- Shadow AI refers to unauthorised or unapproved AI applications used within an organisation without the knowledge or oversight of IT or security teams.
- The use of Shadow AI can lead to security gaps, exposing sensitive data and jeopardising business operations.
- To manage Shadow AI effectively, visibility is crucial, along with securing and balancing innovation with security.
- By taking a proactive approach to governance, businesses can transform potential liabilities into strategic assets, driving innovation securely.
Read Full Article
4 Likes
Siliconangle
1M
255
Image Credit: Siliconangle
Palo Alto Networks delivers strong earnings results despite revenue shortfall
- Palo Alto Networks reported strong earnings results in its fiscal 2025 first quarter.
- Adjusted earnings per share rose to $1.56, exceeding analyst expectations of $1.48.
- Revenue reached $2.1 billion, slightly below the expected $2.12 billion.
- Palo Alto Networks secured significant customer wins and remains focused on its platformization strategy.
Read Full Article
15 Likes
Dev
1M
437
Image Credit: Dev
Security iOS Apps with OWASP Best Practices for Data Protection
- This article aims to provide some best practices from OWASP for securing data on iOS applications and explores advanced topics that can improve data protection.
- The UserDefaults API should not be used for saving sensitive data, including all personal user information, credentials, health, banking, and financial information. One way to store sensitive data is to use the Keychain. The Keychain is famous for storing key-value pairs securely. Developers often use popular libraries like KeychainSwift to integrate key-value pairs.
- To handle protection parameters, use kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly for sensitive data. However, if the user disables the passcode, the data gets erased. kSecAttrAccessibleWhenUnlockedThisDeviceOnly is another option for when the device passcode is not in use. The data remains only on the device and is not shared with iCloud.
- FileStorage is an option to store a document file like a PDF or other documents. The most important parameter is FileProtectionType.complete, which makes the file accessible only when the user unlocks the device. If the device is locked, the data becomes inaccessible until the device is unlocked.
- The private keys stored in Secure Enclave—where iOS biometric data such as passcode, Touch ID, or Face ID is stored—are non-extractable, and cryptographic operations such as data signing and decryption are all performed inside it. Private key material never leaves the Secure Enclave, reducing the risk of key compromise.
- CoreData does not encrypt data by default. It is not very common to save structured data and its relations using CoreData, but if needed, your file from the database can be secured in persistent storage by defining a protection level for it, like FileProtectionType.complete. You can also encrypt the data when the device is unlocked.
- Security is very crucial in today’s world. This article provided some best practices from OWASP for securing data on iOS applications. Using these techniques could help prevent data losses for you and your users.
- The article provides a GitHub project link for secure iOS application development with some sample code snippets and examples. Developers might want to explore more to improve security and protection for their users.
Read Full Article
26 Likes
Securityaffairs
1M
204
Image Credit: Securityaffairs
Ford data breach involved a third-party supplier
- Ford investigates a data breach linked to a third-party supplier.
- Threat actors claim to have stolen 44,000 Ford customer records.
- Ford confirms no breach of its systems or customer data.
- Compromised data includes customer names, addresses, and purchase info.
Read Full Article
12 Likes
Tech Radar
1M
110
Image Credit: Tech Radar
Microsoft announces its own Black Hat-like hacking event with big rewards for AI security
- Microsoft announces Zero Day Quest, a new hacking event for security researchers
- Bug bounties for AI-related issues has also been doubled
- Zero Day Quest will offer bug bounties for researchers who report flaws in Microsoft AI, Azure, Identity, Dynamics 365 and Power platform, and M365
- The challenge will run until January 19, 2025, and will be subject to existing bounty program terms, the safe harbor policy, and additional terms and conditions
Read Full Article
6 Likes
Tech Radar
1M
77
Image Credit: Tech Radar
Dangerous global botnet fueling residential proxies is being hit in major crackdown
- Security researchers from Lumen's Black Lotus have disrupted the ngioweb botnet and the proxy service it powered.
- The ngioweb botnet operated 35,000 bots across 180 countries, primarily used for the NSOCKS proxy service.
- 80% of NSOCKS bots originated from the ngioweb botnet, with two-thirds of the proxies based in the U.S.
- Lumen took over a year to analyze the botnet and its operations, disrupting the botnet and its proxy service.
Read Full Article
4 Likes
Siliconangle
1M
195
Image Credit: Siliconangle
Microsoft integrates source-code analysis into its cloud security suite
- Microsoft has integrated Endor Labs Inc.'s software composition analysis technology into its Microsoft Defender for Cloud cloud-native application protection platform.
- This integration allows security teams to consolidate their application security and cloud security programs into a single platform and unified dashboard.
- The software composition analysis (SCA) process helps identify and manage open-source components and dependencies within software applications.
- The native integration enables teams to trace exploitable vulnerabilities found in open-source software dependencies to potential exploit paths in their cloud environments, facilitating more targeted remediation.
Read Full Article
11 Likes
Medium
1M
200
Image Credit: Medium
Building Secure Machine Learning Systems on Google Cloud
- Building Secure ML Pipelines
- Identifying and Mitigating Risks
- Advanced Security Techniques
- Key Takeaways
Read Full Article
12 Likes
The Fintech Times
1M
432
Financial Technology Association Sets Out to Tackle Holiday Shopping Fraud With ‘Smarter Than Scams’
- The Financial Technology Association (FTA) is launching its annual campaign, Smarter Than Scams, to tackle holiday shopping fraud.
- The campaign aims to empower consumers with tools to outsmart scams and keep their money and financial information safe.
- It brings awareness to common scams during the holiday season and provides key steps to protect against them.
- Partners Cash App, PayPal, and Venmo collaborate with FTA to educate consumers and combat scams.
Read Full Article
26 Likes
Medium
1M
142
Image Credit: Medium
Dating in the Digital Age: Your Cybersecurity Guide
- Posting photos of your home is a risk even small details in the background of your pictures can give away your location or personal habits.
- Consider adjusting your birthdate by a few days or months for every account you create, it can help protect you in case of a data breach.
- Create a separate email account solely for dating to keep your personal emails separate.
- Make privacy settings your best friend.
- Use different sets of photos for each platform and avoid the same profile photo across dating apps, social media, and even your professional accounts.
- Watermarking your photos sends a message that you’re savvy and take your security seriously.
- Avoid tagging your location or posting in real-time.
- Treat your DMs like a slow burn — reveal little by little.
- Protect your internet activity by using a VPN.
- Keep a paper trail of your interactions, save texts, screenshots, and emails in case things go south.
Read Full Article
8 Likes
Tech Radar
1M
268
Image Credit: Tech Radar
It's not just free VPNs, these premium services may be bad for your privacy
- Over half of the most popular premium VPN services suffer from data leaks.
- At least three apps shared personal information, putting user privacy at risk.
- Fifteen out of the top paid VPNs tested failed to encrypt Server Name Indication (SNI) for all server connections.
- Some providers had DNS leaks, while others engaged in data collection and sharing practices.
Read Full Article
16 Likes
Tech Radar
1M
409
Image Credit: Tech Radar
Using a VPN is "against Islamic law" says Pakistan religious chief
- Pakistan's top religious body has stated that using a VPN service to access blocked content is against Islamic law and social norms.
- The use of VPNs is not acceptable under Islamic law as it enables access to immoral and illegal activities online.
- The Ministry of Interior has called for the blocking of all 'illegal' VPNs, citing their use by terrorists for violent activities and financial transactions.
- While VPN usage for legitimate purposes is still allowed, businesses and freelancers in specific sectors are required to register their VPNs with the Pakistan Telecommunication Authority to avoid disruptions.
Read Full Article
24 Likes
Neuways
1M
136
Image Credit: Neuways
How AI Deepfakes Threaten Business Security
- The rise of AI-generated deepfakes has become a severe threat to businesses worldwide.
- Deepfake technology allows for real-time manipulation, enabling cyber criminals to impersonate individuals and gain access to sensitive information.
- These deepfakes can lead to significant financial losses and reputational risks.
- Businesses can defend themselves by implementing detection systems, providing employee training, and enforcing robust security protocols.
Read Full Article
8 Likes
Googleblog
1M
387
Image Credit: Googleblog
Introducing Restore Credentials: Effortless account restoration for Android apps
- Android's Credential Manager API introduces Restore Credentials, a feature that enables users to get into their accounts on a new device with ease. Restore Credentials allows app developers to onboard users onto their accounts on a new phone without the need to re-enter login credentials. The feature ensures a seamless transition between devices and removes the friction of having to restore apps and data from a previous device. Additionally, apps can opt for automatic login for their users as soon as the restore is completed, as well as send notifications on the user's content without requiring them to access the app on the new device.
- One of the benefits of Restore Credentials is that there is no developer effort required to transfer a restore key from one device to another, as this process is tied to Android's system backup and restore mechanism. However, if developers want to automatically log in users as soon as the restore is completed, they can opt to implement BackupAgent and add their logic in the onRestore callback.
- Apps can check for a restore key upon first launch and then log the user in automatically if they are not using BackupAgent. The Restore Credentials feature leverages the same server-side implementation used for passkeys, making it easy for developers to implement Restore Credentials.
- The Restore Credentials feature enables seamless user account restoration on a new device. This occurs during device setup when a user restores apps and data from a previous device. The restore key, which is generated on the old device, is stored locally and backed up to the cloud, allowing the new device to have access to it for automatic login. Users can choose to restore data from a cloud backup or local transfer.
- The minimum version of the Jetpack Library required to use Restore Credentials is 1.5.0-beta01, and the minimum GMS version is 242200000. The feature is available through the Credential Manager Jetpack library.
- Benefits of the Restore Credentials feature include seamless user experience during a user's transition to a new Android device, immediate engagement through notifications or other prompts as soon as users start using their new device, and easy implementation as it leverages existing passkey server-side infrastructure for apps.
- To implement Restore Credentials with Jetpack Credential Manager, app developers need to create a restore credential, get the restore credential, and clear the restore credential. The feature leverages restore key, which is a public key compatible with passkey/FIDO2 backends.
- The Restore Credentials feature is a valuable tool that delivers a practical and user-friendly authentication solution. For developers, it is straightforward to integrate and leverages existing passkey server-side infrastructure.
- Restore Credentials is a part of the Spotlight Week: Passkeys series, which delivers informative blog posts, engaging videos, and practical sample code to help app developers leverage the latest advancements in seamless sign-up and sign-in experiences.
- The Restore Credentials feature enhances security, reduces friction for users, and keeps app developers ahead of the curve in the rapidly evolving landscape of digital identity.
Read Full Article
23 Likes
Tech Radar
1M
446
Image Credit: Tech Radar
Two independent audits confirm NordVPN as top tool for blocking malicious sites
- NordVPN's Threat Protection Pro has been ranked as the top tool for blocking malicious sites in independent audits conducted by AV-TEST and West Coast Labs.
- AV-TEST found that NordVPN successfully detected and blocked 83.42% of malicious links, outperforming other VPN providers.
- In WCL's testing, NordVPN achieved a 99.8% detection rate for high-threat malware and received the highest AAA rating overall.
- NordVPN's Threat Protection Pro complements previous evaluations and provides comprehensive protection against various online threats.
Read Full Article
26 Likes
For uninterrupted reading, download the app