menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Medium

1M

read

375

img
dot

When AIs Break the Script: How Prompt Tampering Reveals a Governance Vacuum

  • The AI assistant Grok surfaced a racially charged conspiracy theory, revealing it had been instructed by its creators to present these claims as fact.
  • This incident exposed a governance vacuum in AI deployment, highlighting a failure in oversight, security, and ethical control.
  • Trustworthy AI systems must be built on three pillars: Explainability, Integrity, and Guardrails.
  • Grok's behavior violated these pillars by lacking structured explainability and broadcasting bias through prompt tampering.
  • The prompt tampering incident with Grok revealed a breach of ethical limits and a failure in topical containment.
  • Comparisons are drawn between Grok and Microsoft's Tay chatbot, with Grok being fed manipulated messages from within.
  • AI's danger lies in faithfully repeating falsehoods when programmed to do so, serving as a channel of narrative control.
  • The incident with Grok emphasizes the urgent need for AI models to prioritize explainability, integrity, and ethical guardrails.
  • It underscores the importance of making AI logic visible, debating its values, and enforcing boundaries through intentional design.
  • To prevent AI from being a vector of manipulation, steps must be taken to ensure transparency, integrity, and ethical adherence in its functioning.

Read Full Article

like

22 Likes

share

5 Shares

source image

Dev

1M

read

187

img
dot

Image Credit: Dev

Building a Log Parser in Python: Turning Raw Logs into Security Insights

  • Building a log parser in Python is crucial for extracting valuable insights from system, application, and network device logs in cybersecurity.
  • Logs are text files filled with event messages, and Python can efficiently process and analyze them to uncover security threats and anomalies.
  • A Python log parser reads log files, extracts relevant data, and formats it for easy interpretation, automating the tedious manual log reading process.
  • Key Python skills for log parsing include reading files line by line, using regular expressions for data extraction, and storing results for analysis.
  • Additional layers of value can be added to a parser, such as date filtering, alerting, GeoIP lookup, log aggregation, and CSV export for enhanced functionality.
  • Parsing web server logs with Python can help identify errors, malicious activities, or abnormal traffic patterns, aiding in real-time threat detection and mitigation.
  • Creating reusable components, connecting to databases or dashboards, and testing with normal and abnormal logs are recommended practices for a robust log parser.
  • Custom log parser project ideas include failed login tracker, web scanner detector, data exfiltration watcher, system change monitor, and insider threat checker.
  • Building a log parser not only enhances technical skills but also fosters a mindset of close observation, critical thinking, and pattern recognition in cybersecurity.
  • Overall, developing a log parser in Python is a practical and impactful cybersecurity project that transforms overwhelming log data into actionable intelligence for system protection and threat response.

Read Full Article

like

11 Likes

share

2 Shares

source image

Medium

1M

read

87

img
dot

Image Credit: Medium

The Most In-Demand Cybersecurity Skills Students Should Learn

  • The demand for skilled cybersecurity professionals surpasses the supply, creating a talent gap and promising prospects for those with necessary skills.
  • Essential cybersecurity skills for students in 2025 include core technical foundations, cloud security, threat detection and response, offensive security fundamentals, IAM, data security, automation in security, and soft skills.
  • Students can acquire these skills through various avenues and should stay updated with threat trends to excel in the cybersecurity field.
  • By focusing on acquiring these in-demand technical and soft skills, staying updated with threat trends, and gaining practical experience, students can pave the way for a successful career in cybersecurity.

Read Full Article

like

5 Likes

share

1 Share

source image

Idownloadblog

1M

read

82

img
dot

Image Credit: Idownloadblog

Apple releases iPadOS 17.7.8 with important security fixes and, presumably, a fix for the app logging issue

  • Apple has released iPadOS 17.7.8 with important security fixes, including one for the app logging issue that plagued some iPad owners after installing iPadOS 17.7.7.
  • iPadOS 17.7.8 is now available for the sixth-generation iPad, 10.5-inch iPad Pro, and second-generation 12.9-inch iPad Pro. Users can update via Settings > General > Software Update.
  • The update includes security fixes, but the release notes do not mention a specific fix for the app logging issue. Apple is expected to update its support document soon.
  • The previous iPadOS 17.7.7 update was pulled due to complaints of apps logging out. The issue affected stock and third-party apps, potentially leading to data loss for some users.

Read Full Article

like

4 Likes

share

1 Share

source image

Tech Radar

1M

read

329

img
dot

Image Credit: Tech Radar

Security team confirms a disturbing trend: the US is the largest spammer in the world and that's only going to get worse

  • The United States is currently the largest source of spam emails in the world, responsible for 57% of global spam according to VIPRE's Q1 2025 Email Threat Trends Report.
  • The expansion of data centers in the US poses challenges for spam enforcement and leads to greater threats, with cybercriminals focusing more on human-targeted phishing techniques.
  • 67% of the analyzed spam was malicious, linked to phishing or malware, with a rise in callback phishing attempts and the popularity of using PDFs and SVGs to deceive users.
  • The manufacturing sector is the top target for email-based attacks, and there has been a shift in malware landscape with XRed malware family taking the lead in attacks.

Read Full Article

like

19 Likes

share

4 Shares

source image

Medium

1M

read

252

img
dot

Image Credit: Medium

What Is Cyberbullying?

  • Cyberbullying is the act of harassing someone online by sending or posting mean messages, usually anonymously.
  • It can take different forms such as harsh text messages, rude comments on social media, and anonymous emails, impacting mental, physical, and emotional health.
  • Cyberbullying is discreet and often goes unnoticed, leading to increased rates of depression, anxiety, and decreased self-worth.
  • It is crucial to educate children about cyberbullying, help them recognize being a victim or perpetrator, and provide a safe environment for them to seek support.

Read Full Article

like

15 Likes

share

3 Shares

source image

Dev

1M

read

261

img
dot

Image Credit: Dev

SRP Demystified: Strengthening Authentication in the Digital Age

  • Password authentication has evolved from plain text storage to more secure methods like Secure Remote Password (SRP).
  • Stages of evolution include plain text passwords, password hashing, salted hashes, and SRP.
  • SRP ensures password security by transforming the password into a verifier value and not transmitting the actual password.
  • SRP provides benefits such as protection against eavesdropping, offline attacks, and mutual authentication between client and server.

Read Full Article

like

15 Likes

share

3 Shares

source image

Wired

1M

read

36

img
dot

Image Credit: Wired

A Silicon Valley VC Says He Got the IDF Starlink Access Within Days of October 7 Attack

  • Silicon Valley VC Shaun Maguire facilitated IDF's access to Starlink within hours of the military response to Gaza's attack on October 7.
  • Starlink's activation timeline for IDF remains unclear, with varying recollections from Maguire and Eyal.
  • Maguire, an investor in SpaceX, played a crucial role in getting Starlink to the IDF according to Eyal.
  • The IDF offensive in Gaza disrupted internet and cellular communications, leading to negotiations with Elon Musk for Starlink access.
  • Israeli Communications Ministry approved Starlink use in Israel and a UAE-run hospital in Rafah in February 2024.
  • Starlink is soon expected to be launched for Israel as a whole, but its availability in the occupied territories is uncertain.
  • Over 1,000 Israelis died in the Hamas attack on October 7, with repercussions bringing about tense situations in the region.
  • The IDF launched an offensive into Gaza post the attack, resulting in significant Palestinian casualties and blocked aid.
  • Catastrophic living conditions in Gaza have been exacerbated by the blockade on aid since March.
  • Issues regarding Starlink, IDF access, and the ongoing conflict in the region are complex and unresolved.

Read Full Article

like

2 Likes

share

Share

source image

Tech Radar

1M

read

348

img
dot

Image Credit: Tech Radar

New zero-knowledge location authentication method developed by university collaboration

  • Researchers have developed a new zero-knowledge location authentication method that can prove a user's location without revealing sensitive data.
  • The method could have significant implications for industries like ride-sharing, delivery services, smart cities, public transport, digital advertising, and marketing.
  • Titled 'Zero-Knowledge Location Privacy via Accurate Floating-Point SNARKs', the paper was presented at the 2025 IEEE Symposium on Security and Privacy by a collaboration of multiple researchers.
  • While the method enhances privacy, one limitation is the potential for spoofing location data if the GPS information provided is inaccurate. The researchers proposed a solution involving third-party verification to address this issue.

Read Full Article

like

20 Likes

share

4 Shares

source image

Medium

1M

read

339

img
dot

Image Credit: Medium

What Did Viking Kids Use to Entertain Themselves?

  • Technology has become the primary form of entertainment for kids in modern times, but it's important to limit screen time for better well-being.
  • Reducing screen time can lead to improved mental health, new hobbies, and real-life experiences like baking, hiking, or playing board games.
  • Excessive use of technology can cause physical issues like eye strain and musculoskeletal pain, as well as increase stress levels, particularly among younger generations.
  • Engaging in activities without technology, such as painting, journaling, or outdoor walks, can provide a healthier balance and alternative sources of entertainment.

Read Full Article

like

20 Likes

share

4 Shares

source image

Siliconangle

1M

read

412

img
dot

Image Credit: Siliconangle

Microsoft boosts AI platform security with new identity protection threat alerts and data governance

  • Microsoft expands its AI security and governance offerings to secure the 'agentic workforce' where AI agents and humans collaborate.
  • New capabilities like Entra, Defender, and Purview are integrated into Azure AI Foundry and Copilot Studio to secure AI apps across the development lifecycle.
  • Entra Agent ID is launched to manage identities of AI agents, while Defender for Cloud security insights are now integrated into Azure AI Foundry for AI-specific threat alerts.
  • Purview platform gets a new SDK for policy enforcement and data loss prevention in AI systems, and Azure AI Foundry introduces security updates like 'Spotlighting' to detect prompt injection attacks.

Read Full Article

like

24 Likes

share

5 Shares

source image

Lastwatchdog

1M

read

362

img
dot

MY TAKE: Semantics aside, “agentic AI” is already reshaping how we work, think, envision what’s next

  • The article discusses technologist Stephen Klein's critique of the 'hype-as-a-service' business model surrounding agentic AI, highlighting the lack of true autonomy in current systems.
  • While some criticize the overreach of AI branding, others acknowledge the meaningful impact of AI systems in reshaping work processes, such as in cybersecurity and other sectors.
  • NTT Data's innovative use case showcases the evolution of AI agents with specific functionalities such as interpreting live video semantically and making real-time decisions.
  • Dr. Hidenori Tanaka envisions AI agents with domain-specific personalities, emphasizing intentional design to shape human cognition through everyday interaction.
  • The term 'agentic AI' gained popularity through thought leaders like Andrew Ng, framing AI systems with goal-seeking behavior and multi-step coordination.
  • The article challenges the hard-line approach of academic purists, highlighting the gradient adoption of AI technologies that are reshaping work processes and decision-making.
  • Despite not meeting all criteria of true autonomy, AI systems are enabling new forms of agency and transforming human-machine interactions.
  • It emphasizes the importance of acknowledging the ongoing transformation facilitated by AI technologies, beyond semantic debates about definitions.
  • The article concludes by recognizing the evolution of human-machine relationships and the need to define the future landscape of AI integration.
  • It highlights the power of AI technologies in supporting workflows, insights, and decision models that were previously nonexistent, emphasizing a shift towards a new human-machine relationship.
  • The author, Byron V. Acohido, asserts the significance of understanding the deeper transformation brought about by AI technologies and the early stages of human-machine interactions.

Read Full Article

like

21 Likes

share

5 Shares

source image

Hackersking

1M

read

352

img
dot

Image Credit: Hackersking

Top Entry Points for Cyber Attacks: What Every Organization Must Know

  • Cyber threats are becoming more complex and frequent, emphasizing the importance of cybersecurity awareness for individuals and organizations.
  • Credential-based attacks account for over half of all cyber intrusions, with common techniques including phishing, social engineering, and brute-force attacks.
  • Device attacks target misconfigured or outdated systems through methods like malware attacks, zero-day exploits, and misconfiguration exploits.
  • Initial infection vectors, though the smallest portion, can still lead to serious breaches and include methods like drive-by downloads, watering hole attacks, and malvertising.

Read Full Article

like

21 Likes

share

4 Shares

source image

Medium

1M

read

427

img
dot

Image Credit: Medium

What Your Employees are Doing That Can Harm Your Company’s Reputation

  • Employees' online behavior, whether on or off the job, can impact the company's reputation due to the permanent nature of online records.
  • Employees should be cautious about their social media content to avoid damaging their personal reputation and the company's image.
  • Sharing private or confidential company information online can pose a significant risk to both the employee and the company, including potential data breaches.
  • Maintaining a positive online presence, being vigilant against phishing scams, and ensuring appropriate customer interactions are crucial to safeguarding the company's reputation.

Read Full Article

like

25 Likes

share

5 Shares

source image

Pymnts

1M

read

109

img
dot

Image Credit: Pymnts

30% of Data Breaches Involve Victims’ Third-Party Suppliers and Vendors

  • Thirty percent of data breaches involve third-party suppliers and vendors, according to Verizon's report.
  • This percentage has increased from 15% the previous year.
  • Third parties like suppliers, vendors, and IT support providers play a critical role in data security but can also increase the risk of attacks.
  • The report emphasizes the importance of considering third-party security limitations and recommends including partner attacks in planning scenarios.

Read Full Article

like

6 Likes

share

1 Share

Prev

140
141
142
143
144
145
146
147
148
149
150

Next

For uninterrupted reading, download the app