Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Mitigating Insider Threats and Zombie Accounts Amid Workforce and Contract Changes

The recent Twitter data leak of 2.8 billion users' personal information highlights insider threats due to disgruntled employees retaining access to sensitive systems.
Proper identity hygiene is crucial, with dormant 'zombie' accounts posing risks as a common attack vector for cybercriminals, as highlighted in the Verizon Data Breach Investigations Report 2024.
Mitigating risks includes promptly revoking access for departing employees and implementing identity governance automation solutions to minimize errors and reduce deprovisioning time.
Maintaining a risk-aware mindset is essential, as insider threats can lead to compliance liabilities and severe consequences, emphasizing the importance of managing cybersecurity risks effectively.

Read Full Article

1 Like

Medium

147

Image Credit: Medium

Securing AI with Zero-Knowledge Proofs: How ExpandZK Enables Trustless Data Authentication

ExpandZK is an infrastructure platform using zero-knowledge proofs to enable trustless data authentication for AI and Web3.
AI agents in Expand's architecture generate cryptographic proofs without accessing or transmitting raw data, providing verifiable claims without exposing sensitive information.
The system uses efficient ZK circuits coded in high-level languages to validate statements like credit score thresholds, ensuring secure access to AI-driven services while maintaining privacy.
ExpandZK's low cost and high efficiency make it ideal for real-time AI decisions, offering developers an SDK to embed ZK proof functionality and connect to decentralized oracle networks.

Read Full Article

8 Likes

Medium

261

Image Credit: Medium

Why I Don’t Share Photos of My Daughters Online: A Father’s Perspective from the Inside

A father shares his perspective on why he doesn't share photos of his daughters online.
He emphasizes that he is protective of his daughters and chooses not to expose them to potential online dangers.
The father highlights concerns about how easily images of children can be misused or digitally altered.
He prioritizes his daughters' safety and privacy by opting for a private, unrecorded childhood for them.

Read Full Article

15 Likes

Pymnts

Image Credit: Pymnts

UK Investment Association Warns of Rise in ‘Cloning Scams’

The Investment Association in the UK has issued a warning about the increase in 'cloning scams', where criminals set up fake versions of legitimate websites or accounts to deceive people into giving them money.
In the last year, there were 478 incidents of investment management firms being impersonated by fraudsters, resulting in consumers losing £2.7 million ($3.5 million), with 23% of attempts being successful.
Consumers are urged to be vigilant against these scams, with the rise of artificial intelligence making them more sophisticated and harder to detect.
The IA report also highlighted other types of fraud, including card fraud and account takeover scams, emphasizing the need for caution when transferring money and sharing personal information.

Read Full Article

Discover more

Medium

Image Credit: Medium

We’re just trying to keep our privacy, not trying to be cool!

Minimizing the data collected by online services is crucial to protecting our privacy as they may end up knowing more about us than we do.
Failure to protect our privacy can lead to identity theft, financial loss, spam emails, unwanted calls, and phishing scams.
Constant tracking of our location data without clear consent can lead to safety risks and threats to freedom and autonomy, making privacy protection essential in the digital age.
Different levels of anonymity exist in online services, ranging from basic authentication to no collection of personal information, emphasizing the importance of privacy tools and techniques.

Read Full Article

TechCrunch

132

Image Credit: TechCrunch

Crypto elite increasingly worried about their personal safety

Cryptocurrency executives and investors are increasingly concerned about their personal safety, as reported by Wall Street Journal and Bloomberg.
The rise in value of Bitcoin has led to a growing threat of violent abduction targeting individuals with significant wealth from crypto holdings.
Security experts are observing an increase in inquiries and demands for proactive security measures from crypto investors, emphasizing the importance of intelligent security measures at this level of business.
Coinbase disclosed spending $6.2 million on personal security costs for its CEO in the previous year, surpassing the combined security expenses for CEOs of major companies like JP Morgan, Goldman Sachs, and Nvidia.

Read Full Article

8 Likes

Medium

290

Image Credit: Medium

The Great Hack: How Your Data Was Stolen and What to Do About It

In the digital age, personal data is being stolen, exploited, and sold, leading to data breaches, targeted ads, and privacy scandals.
Companies like Cambridge Analytica accessed personal data through quiz apps, not by hacking into servers, exposing users and their friends to data misuse.
Many other companies are engaging in similar practices of collecting and using personal data to influence individuals, not just for selling products but also for shaping opinions.
It is crucial for individuals to be aware of how their data is being used and take measures to protect their privacy in the digital realm.

Read Full Article

17 Likes

Semiengineering

270

Image Credit: Semiengineering

Cache Side-Channel Attacks On LLMs (MITRE, WPI)

Researchers from MITRE and Worcester Polytechnic Institute published a paper on exploiting CPU cache side-channels to leak tokens from Large Language Models (LLMs).
The paper, titled 'Spill The Beans,' introduces a novel method to use cache side-channels to extract tokens generated by LLMs by detecting cache hits on shared lower-level caches.
Challenges include the large size of LLMs leading to quick eviction of embedding vectors from the cache, managed by balancing monitored tokens against potential leakage. The study demonstrates the feasibility of leaking tokens from LLMs via cache side-channels, highlighting vulnerabilities and suggesting implications for privacy and security.
Proof of concept experiments show recovery rates of 80%-90% for high entropy API keys and 40% for English text with single shot monitoring. Rates are dependent on the token set monitored and can be improved with specialization.

Read Full Article

16 Likes

Pymnts

224

Image Credit: Pymnts

Binance and Kraken Reportedly Fend Off Social Engineering Hack

Binance and Kraken were reportedly targeted in a social engineering cyberattack along with Coinbase.
Both Binance and Kraken successfully repelled the attacks without compromising customer data.
Recently, crypto firms have experienced a rise in attacks as the value of digital assets like bitcoin has increased.
Social engineering fraud has increased by 56% in the past year, with fraudsters using advanced tactics to target consumers.

Read Full Article

13 Likes

Medium

Image Credit: Medium

Why That ‘Free Charging Station’ at the Airport Could Cost You Everything

Jake falls for the trap of 'juice jacking' at an airport charging station while waiting for his delayed flight with a dying phone battery.
Hackers use public USB ports for 'juice jacking' to install malware or extract data from connected devices.
Jake ends up losing $8,000 due to falling victim to the free charging station scam.
To avoid falling prey to such scams, it is recommended to use personal charging devices or portable power banks instead of public USB ports.

Read Full Article

Medium

293

Image Credit: Medium

Unlocking Information: An Introduction to Open Source Intelligence (OSINT)

OSINT involves gathering intelligence from publicly available sources like social media, websites, and public records.
Up to 70–90% of data used in investigations comes from open sources, highlighting the significance of OSINT in intelligence gathering.
OSINT sources are widely available, and the methods for collecting information range from basic searches to advanced tools like geolocation tracking.
The growing importance of OSINT across various fields brings both benefits and ethical considerations, emphasizing the need for responsible use.

Read Full Article

17 Likes

Medium

339

Image Credit: Medium

How I Uncovered Hidden Secrets in Deleted GitHub Files (and Why Bug Bounty Hunters Should Care)

Developers often believe that once a file is deleted on GitHub, it is gone forever, but a bug bounty hunter discovered hidden secrets in deleted files.
Curiosity led the hunter to explore bug bounty programs and search for API keys, credentials, and tokens in deleted files, revealing hidden risks in repository history.
When a file is deleted from a GitHub repository, it is not completely erased due to Git's version control system.
The discovery emphasizes the importance of understanding the risks associated with deleted files and the potential for sensitive information to be exposed.

Read Full Article

20 Likes

Medium

133

Building Ransomware Resilience: Why Product Strategies Must Prioritise Comprehensive Recovery Plans

The April 2025 ransomware attacks on major retailers exposed vulnerabilities, leading to data theft and disruptions in operations.
Recovery plans are crucial in dealing with modern ransomware, requiring more than just backups for data restoration.
To enhance ransomware resilience, product managers must integrate recovery plans at every stage of product development.
Key best practices include rapid system isolation, building alternative systems for failover, prioritizing secure backups, embedding incident response tools, training employees, and testing recovery plans.

Read Full Article

8 Likes

TechDigest

252

Image Credit: TechDigest

BBC correspondent Joe Tidy talks to Co-Op and M&S hackers

BBC Cyber Correspondent Joe Tidy engaged in a five-hour conversation with hackers claiming responsibility for cyber-attacks on UK retailers M&S and Co-op.
Hackers expressed frustration with Co-op's refusal to meet ransom demands, providing evidence of their involvement and association with the DragonForce hacking group.
The Co-op acknowledged a significant data breach following consultation with BBC’s Editorial Policy team, as revealed by the hackers.
Identity and location of those behind DragonForce remain unclear; hackers indicated connection with Scattered Spider, describing it as more of a community organizing across platforms.

Read Full Article

15 Likes

Dev

449

Image Credit: Dev

OAuth or JWT? Everything Developers Need to Know in 2025

OAuth (Open Authorization) and JWT (JSON Web Token) are essential elements in contemporary software development for authorization and authentication.
OAuth is a standard protocol for authorization, while JWT is used for securely transmitting information between parties.
OAuth uses delegated access and supports multiple grant types, while JWT is self-contained and stateless, commonly used in authentication mechanisms.
Developers should use OAuth for delegated authorization and JWT for stateless session management and fast authentication.

Read Full Article

27 Likes

For uninterrupted reading, download the app