Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Cybersecurity-Insiders

314

Image Credit: Cybersecurity-Insiders

Creating a Copilot That Doesn’t Violate Security and Compliance

Low code/no code development is enabling business users to build apps and automations throughout the enterprise, with tools like Microsoft Copilot Studio allowing users to build copilots and AI agents.
However, with this new technology comes new risks, and security teams must establish guardrails to prevent data leaks and security backdoors and ensure AI does not act out ofbounds.
Common risks with low code/no code include overprovisioning access and embedded credentials, and there is a lack of security visibility as to who is building what and the ensuing risks.
Organisations must consider how to spot “bad activity” if AI gains access to corporate data and make sure it isn’t accessing what it shouldn’t internally.
IT and security teams need better visibility into what people are building with AI apps since this is now happening outside of traditional IT parameters.
Monitoring and scanning tools are essential and teams should erect stringent guardrails on the back end so sensitive data doesn’t get overshared while fostering innovation.
AI agents and copilots acting autonomously are a huge lift for security to protect the enterprise from data leaks and cyber-attacks.
IT and security teams need visibility, monitoring, and controls for businesses to flourish while keeping their data safe.

Read Full Article

18 Likes

Cybersecurity-Insiders

408

Image Credit: Cybersecurity-Insiders

Phishing Simulation Training: From Strategy To Execution

Phishing simulation training offers a direct learning experience to engage employees with real-life phishing schemes.
Phishing simulation helps identify weaknesses and provides personalized coaching to boost human defenses.
It helps measure human risk and exposure, track training effectiveness, and establish measurable goals.
Executing an effective phishing simulation program involves identifying current state, setting measurable goals, segmenting the audience, developing authentic scenarios, deploying simulations in a phased manner, sharing results with employees, and refining the program over time.

Read Full Article

24 Likes

Cybersecurity-Insiders

277

Image Credit: Cybersecurity-Insiders

2024 Arctic Wolf Security Report: Key insights and trends

The 2024 Arctic Wolf Security Operations Report highlights key trends in the modern threat environment.
Exploitation of known vulnerabilities with available patches is 7.5 times more common than zero-day vulnerabilities.
Phishing attempts have surged by 500% in one month, exploiting world events and political upheavals.
Identity and access management telemetry is crucial for early threat detection and investigating security incidents.

Read Full Article

16 Likes

StartupDaily

323

Antler Investor Memo Series: Aona AI gives corporates the power to implement secure, ethical AI

Antler Australia has pre-seed invested in workplace security solution company, Aona AI.
Aona AI is developing a comprehensive platform to tackle the security and compliance challenges of AI adoption, following a robust three-step integration process.
The startup discovered that 55% of employees are using unauthorised AI tools, while 70% of respondents had never undergone training or received guidance on using Generative AI safely and ethically in the workplace.
Aona AI has initiated pilot programs with clients in highly regulated industries, such as financial services, mining, healthcare, and law.
Antler’s pre-seed investment helped Aona AI establish a robust technology stack, build out the core functionalities of its platform, and obtain certifications such as IS27001 and SOC2.
Current customer base of Aona AI includes organisations with over 750 employees.
Antler Partner, James McClure believes Aona AI brings an end-to-end solution for responsible AI usage, data security, and process optimisation.
Aona AI is working closely with the Federal Government’s National AI Centre to provide feedback on responsible AI standard regulations for Australia.
The startup is actively pursuing the ASEAN market, extending its reach into Southeast Asia.
Aona AI plans to continuously innovate in their product suite, incorporating advanced features.

Read Full Article

19 Likes

Discover more

Wired

Image Credit: Wired

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany

US companies collecting digital advertising data are providing the world a cheap and reliable way to track the movements of American military and intelligence personnel overseas, from their homes to sensitive facilities.
A joint investigation reveales that the unregulated sale of mobile location data poses a significant risk to the US military and the safety of its service members and their families overseas.
Commercial data brokers are collecting sensitive information that could endanger the US military and intelligence or compromise personnel integrity, and are legally selling such information.
The investigation found that mobile location data had the potential to identify individuals with access to sensitive areas, personal information on US nuclear weapons stored in Germany, and vulnerable areas and times for US service members.
The US Defense Department and the National Security Agency declined to answer questions related to the investigation. Senator Ron Wyden expressed his concern that data broker industry poses a clear threat to national security and urged the incoming administration and Congress to act.
Data collected by the report were purchased legally from commercial data brokers and were so precise that they could show the exact movements of American officials and personnel.
The unregulated sale of mobile location data poses a threat to national security and could be used by adversarial nations to gain access to advertising data and exploit, manipulate, or coerce military personnel for purposes of espionage.
Data brokers supply information to third-party software for targeted advertising, which includes location data. Experts say that low-level personnel can pose a risk. A system is only as secure as its weakest link.
The scope of the location data broker industry is the problem and needs to be addressed by US Congress passing comprehensive legislation to ban or limit the sale of personal information by data brokers.
US authorities have arrested suspects accused of offering or scouting for sensitive information about American military operations in Germany to foreign intelligence agencies.

Read Full Article

2 Likes

Medium

Image Credit: Medium

NordVPN user ratings review

NordVPN is offering a Black Friday promotion with a price of just $2.99/month.
NordVPN sets itself apart with a robust set of features, user-friendly interface, and a strong commitment to privacy.
With NordVPN, you get impressive connection speeds of over 6,730 Mbps, ensuring almost seamless browsing.
NordVPN offers access to 6,600+ servers spread across 111 countries, allowing you to connect to a server that best fits your needs.
NordVPN is designed to be simple to use; setting it up is as easy as pie and even VPN newbies will find it intuitive.
NordVPN protects up to 10 devices with a single account, including routers, ensuring all your connected devices are shielded from potential threats.
NordVPN is a comprehensive cybersecurity solution that offers additional tools to tailor the VPN experience.
Users appreciate NordVPN’s speed, usability, and robust security features.
NordVPN has gained recognition from various tech experts and influencers.
Whether you're a digital nomad or someone who likes to stream without fences, NordVPN tailors its features for every user.

Read Full Article

The Fintech Times

132

Deepfake Fraud Jumps by 194% in APAC, as Fraud-as-a-Service Becomes More Widespread, Sumsub Reveals

Identity fraud across the APAC region is increasing, driven by sophisticated fraud tactics and the use of Fraud-as-a-Service (FaaS), according to Sumsub.
Sumsub's report shows a 121% YoY increase in identity fraud in 2024, with significant surges in Singapore, Indonesia, and Thailand.
Deepfake fraud saw a 194% YoY spike in APAC, with South Korea experiencing the highest increase.
Sumsub emphasizes the need for enhanced verification measures to combat evolving fraud challenges in the digital economy.

Read Full Article

7 Likes

Dev

451

Image Credit: Dev

The Concept of Digital Fort: Protecting the Virtual World in the Age of Cybersecurity

A complete, multi-layered defense system designed to protect against cyber attacks is referred to as a "Digital Fort".
A Digital Fort comprises multiple components like firewall, encryption, IDPS, backup system and more to provide a multi-layered defense mechanism that ensures the security of digital environments.
As our reliance on digital technology continues to grow, having a strong cybersecurity system in place is becoming increasingly important.
Since cloud computing and remote work settings are becoming increasingly popular, it's important to have a digital perimeter that is protected from potential threats.
An organization's cybersecurity strategy is built around a Digital Fort, which acts as the backbone of the plan.
In the future, artificial intelligence (AI) and machine learning (ML) will make Digital Forts even more dynamic and capable of identifying and responding to threats in real-time.
Blockchain technology might be utilized to safeguard the integrity of data and put a stop to any attempts at manipulation, making it an indispensable component of the next generation of digital fortifications.
A Digital Fort is no longer a choice but is an absolute must for all entities, including enterprises, individuals, and governments.

Read Full Article

27 Likes

TechCrunch

Image Credit: TechCrunch

GitHub launches $1.25M open source fund with a focus on security

GitHub has launched the GitHub Secure Open Source Fund with an initial commitment of $1.25 million in capital from various contributors.
The program aims to support critical open source projects with a focus on security.
Applicants can apply for funding until January 7, 2025, with programming and funding starting shortly after.
Selected projects will receive $10,000 each, along with mentorship, certification, education workshops, and ongoing access to GitHub tools.

Read Full Article

28 Likes

VentureBeat

209

Image Credit: VentureBeat

The graph database arms race: How Microsoft and rivals are revolutionizing cybersecurity

Multidomain attacks are becoming a digital epidemic, leading to a graph database arms race in the cybersecurity sector.
Microsoft's Security Exposure Management Platform (MSEM) reflects the trend and showcases how the arms race is maturing.
Other key players in the graph database arms race include CrowdStrike, which has its own Threat Graph, and Cisco's SecureX, among others.
Graph databases are being developed as a useful architecture strategy for cybersecurity platforms due to their ability to visualize and analyze interconnected data.
Microsoft's approach to exposure management includes creating a comprehensive graph of the digital estate, overlaying vulnerabilities, threat intelligence and attack paths.
MSEM integrates three core capabilities for cybersecurity: real-time visibility, risk management and bridging the gap between detection and action.
Microsoft has also announced several MSEM enhancements at Ignite 2024 to battle back against multi-domain attacks and fragmented security data.
Other cybersecurity firms, including Cisco, CrowdStrike, Palo Alto Networks, SentinelOne and Trend Micro, are also leveraging graph databases to enhance threat detection and real-time anomaly analysis capabilities.
Graph databases are pivotal in modern cybersecurity strategies and are transforming how defenders think about interconnected risks.
Multi-domain attacks target the gaps in identity management, making the graph database technology an essential element to act on threats before a breach arises.

Read Full Article

12 Likes

Brighter Side of News

387

Image Credit: Brighter Side of News

For the first time ever researchers crack RSA and AES data encryption

Chinese researchers have used D-Wave's quantum annealing technology to crack encryption techniques that have been considered secure for decades
The team showed that the D-Wave Advantage system could factor a 50-bit RSA integer, posing a threat to the Substitution-Permutation Network encryption structure which underpins many cryptographic methods
D-Wave's machine also demonstrated vulnerabilities in encryption standards used by major organizations and governments worldwide
Researchers claim quantum computers pose a real threat to data security and privacy, raising the need for robust quantum-safe encryption immediately
Experts have predicted that quantum computing could eventually break today's encryption, but the timeline for these threats was thought to be several decades away
The team has sent a clear message to the cybersecurity community that quantum computing is fast approaching, and they must act now to protect data and systems from the emerging quantum threat
Apple has already taken steps to bolster the encryption of its iMessage app using the PQ3 security protocol to protect users' data
Research from Shanghai University highlights the urgent need for organizations to reassess their security measures to avoid vulnerabilities in widely used cryptographic methods
The Global Risk Institute has urged the cybersecurity community to develop layered defense strategies to counteract the quantum threat
D-Wave's quantum computing systems which Chinese researchers used in their research, are now accessible through cloud services for around $2,000 an hour

Read Full Article

23 Likes

Medium

437

Image Credit: Medium

Helldown Ransomware: How It Wipes Out Data & Shuts Down Entire Networks in Minutes

Helldown is a ransomware strain that targets networks relying on Linux servers, VMware setups, and vulnerable firewalls.
By exploiting unpatched Zyxel VPN vulnerabilities, Helldown quickly spreads across networks.
It encrypts files, leaving victims with the option to pay the ransom or risk losing their data.
Helldown's speed and scope can cripple businesses, causing significant downtime and potential data breaches.

Read Full Article

26 Likes

Pymnts

223

Image Credit: Pymnts

Financial Institutions Face Surge in Check Fraud

Financial institutions are grappling with a surge in check fraud as scammers exploit loopholes in the banking system.
Scammers steal checks, alter them, and deposit them through ATMs before quickly withdrawing cash.
Mobile deposit capabilities and instant fund access have made it easier for fraudsters to access funds.
According to the Financial Crimes Enforcement Network, mail-theft related check fraud totaled over $688 million between Feb and Aug 2023.

Read Full Article

13 Likes

Securityaffairs

Image Credit: Securityaffairs

Russian Phobos ransomware operator faces cybercrime charges

Russian Phobos ransomware operator Evgenii Ptitsyn extradited from South Korea to the US to face cybercrime charges.
Ptitsyn allegedly managed the sale, distribution, and operation of the Phobos ransomware.
The Phobos ransomware operation targeted over 1,000 entities worldwide, extorting more than $16 million in ransom payments.
Ptitsyn faces multiple charges including wire fraud, computer fraud and abuse, and extortion.

Read Full Article

Dev

127

Image Credit: Dev

Issue 71 of AWS Cloud Security Weekly

AWS introduced Resource Control Policies (RCPs) in AWS Organizations to restrict external access to AWS resources.
AWS IAM Access Analyzer's unused access findings now allow excluding specific accounts, roles, or users from analysis.
IAM introduced new capability to centrally manage root credentials from the AWS Organizations Management account.
AWS introduced Amazon Route 53 Resolver DNS Firewall Advanced to monitor and block suspicious DNS traffic.

Read Full Article

7 Likes

For uninterrupted reading, download the app