Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Securityaffairs

195

Image Credit: Securityaffairs

Shields up US retailers. Scattered Spider threat actors can target them

Cybercrime group Scattered Spider, known for social engineering and extortion, is now targeting U.S. companies after focusing on UK retailers.
UNC3944 (Scattered Spider) has hacked numerous organizations, including Twilio, LastPass, DoorDash, and Mailchimp, transitioning from telecoms to ransomware and broader sectors by 2023.
Threat actors linked to Scattered Spider used DragonForce ransomware to target UK retailers, exploiting the large trove of PII and financial data held by retailers.
Google experts suggest that UNC3944 targets sectors like Tech, Telecom, Finance, and Retail, focusing on large enterprises in English-speaking countries and beyond by using social engineering tactics for high-impact attacks.

Read Full Article

11 Likes

TechBullion

276

Image Credit: TechBullion

How to Get Your Crypto Back After a Phishing Scam: Emergency Action Plan 2025

In 2023, users and investors lost $4.6 billion to crypto scams, showing a 30% decrease from the previous year, with crypto scams growing by 900% since the pandemic began.
Phishing scams in crypto target victims to reveal sensitive information like passwords and private keys through deceptive messages from seemingly legitimate sources.
Crypto transactions cannot be reversed once funds are transferred to another wallet, making recovery challenging but not impossible.
Emergency steps to retrieve stolen cryptocurrency involve contacting recovery services like HackersTent, providing loss details and transaction histories for better recovery chances.
Phishing attacks exploit human vulnerabilities, using fear, greed, and urgency to trick individuals into surrendering digital assets.
Scammers target private keys and seed phrases that provide full control over wallets, emphasizing the importance of safeguarding these credentials.
After falling victim to a phishing attack, securing remaining assets by isolating compromised devices, conducting scans for malware, and setting up a new secure wallet is crucial.
Effective prevention methods against crypto scams include verifying offers, conducting thorough research on projects, monitoring wallet activities, and utilizing security tools like HackersTent Recovery Service.
With $4.6 billion stolen in 2023, recovering stolen cryptocurrency requires quick action, secure practices, and professional help from blockchain forensics firms like HackersTent.
Seeking immediate assistance after a scam, implementing strong security measures, verifying exchanges for recovery support, and utilizing professional blockchain forensic tools are essential for successful recovery.

Read Full Article

16 Likes

Medium

Image Credit: Medium

From Silicon Valley to Courtroom Valley

Illinois is leading the charge in biometric privacy lawsuits against tech giants such as Google and TikTok.
The state's Biometric Information Privacy Act (BIPA) has already hit Facebook with a $650 million fine.
Google and TikTok are facing legal consequences under BIPA for allegedly collecting biometric data without proper consent.
Companies need to adhere to BIPA regulations regarding biometric data collection to avoid legal repercussions.

Read Full Article

5 Likes

Medium

Image Credit: Medium

Digital Anonymity: A Shield of Privacy or an Illusion of Security?

Digital anonymity allows online engagement without revealing one's real-world identity, offering space for open expression and privacy.
Technological advancements like digital fingerprinting challenge true anonymity, highlighting the illusion of security in the digital realm.
Indonesia faces a lack of awareness on digital anonymity, with the need to comprehend and minimize digital identity exposure.
To protect privacy in a hyperconnected world, individuals must understand data exposure, utilize privacy tools, and promote digital literacy.

Read Full Article

4 Likes

Discover more

Wired

236

Image Credit: Wired

Coinbase Will Reimburse Customers Up to $400 Million After Data Breach

Researchers published 1,000 email addresses linked to North Korean IT worker scams; Xinbi Guarantee marketplace used by Chinese-speaking crypto scammers cracked down by Telegram.
Telegram banned thousands of accounts used for money laundering in cryptocurrency scams, including Haowang Guarantee, facilitating $27 billion in transactions.
CFPB acting director Russell Vought scrapped a plan to regulate sale of Americans' personal data; Concerns rise over generative AI services fueling fraud online.
Google enhances Android Scam Detection tool ahead of Android 16 launch; Introduces Advanced Protection mode for highly targeted users with heightened security features.
Coinbase discloses costly data breach affecting less than 1% of monthly users; Expecting $180 million to $400 million to remediate breach and reimburse customers.
12 more individuals indicted for cryptocurrency theft, money laundering totaling $263 million; Luxury spending included on things like private jet rentals and exotic cars.
Former FBI director James Comey under investigation for Instagram post of seashells spelling out '8647' tagged as a potential violence threat against Trump.
Comey's post led to investigations by DHS and Secret Service, with accusations of inciting violence against Trump from Republican figures.
Trump interpreted post as a call for his assassination, leading to calls for Comey to be put behind bars; Comey, in response, stated he opposes violence.
Comey served as FBI director until being fired by President Trump in 2017 amid the investigation into Russian interference in the 2016 election.

Read Full Article

14 Likes

Medium

330

Image Credit: Medium

NVIDIA vs AMD: Why This Tech War Is So Fun to Watch

NVIDIA and AMD's ongoing tech war is captivating to watch, particularly for tech enthusiasts and students interested in fast PCs, gaming, virtualization, AI, and performance-heavy tasks.
Beyond just FPS, the battle extends to ecosystems, software support, compute performance, and how both companies are influencing gaming, AI, and cybersecurity.
NVIDIA is often seen as the victor in gaming due to features like RTX, DLSS, and Reflex, while AMD's RX 6000 and 7000 series offer competitive value, particularly for budget-conscious consumers.
NVIDIA's dominance in AI research tools with CUDA and cuDNN sets them apart, although AMD is striving to bridge the gap. The rivalry between the two companies fosters innovation and offers students valuable learning opportunities.

Read Full Article

19 Likes

Securityaffairs

305

Image Credit: Securityaffairs

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog

U.S. CISA adds Google Chromium, DrayTek routers, and SAP NetWeaver flaws to its Known Exploited Vulnerabilities catalog.
Critical vulnerabilities including OS command injection in DrayTek routers and insufficient policy enforcement in Google Chromium were added to the catalog.
A flaw in SAP NetWeaver allows privileged users to upload malicious content, posing risks to system confidentiality, integrity, and availability.
Federal agencies are required to fix the vulnerabilities by June 5, 2025, to protect their networks from potential attacks exploiting the identified flaws.

Read Full Article

18 Likes

TechBullion

171

Image Credit: TechBullion

AngularJS Security: Best Practices Every Business Should Know

AngularJS is a popular front-end framework for creating dynamic web applications, but it requires strong security measures to protect users and data.
Common security vulnerabilities in AngularJS applications include Cross-Site Scripting (XSS), which can be mitigated by proper HTML escaping.
Best practices for AngularJS security include turning off debug data in production, implementing role-based access control, and avoiding unsafe constructs like eval().
Regular audits, keeping dependencies updated, and ensuring secure API communication are essential for maintaining security in AngularJS applications.

Read Full Article

10 Likes

TechBullion

240

Image Credit: TechBullion

Blockchain-Enabled EDI: Transforming Data Exchange with Immutable Security

Blockchain technology is revolutionizing Electronic Data Interchange (EDI) by enhancing security and reliability through decentralized data storage and cryptographic hashing.
Integration of smart contracts with blockchain-EDI streamlines processes, reduces operational costs, and ensures compliance with regulatory requirements.
Blockchain-EDI integration improves supply chain transparency by establishing an immutable source of truth for real-time traceability of transactions.
While offering enhanced security and transparency, the scalability challenges of blockchain integration with EDI are being addressed through hybrid models and interoperability solutions.

Read Full Article

14 Likes

Cybersecurity-Insiders

338

Image Credit: Cybersecurity-Insiders

Beyond the hype: The hidden security risks of AI agents and MCP

As AI becomes essential for businesses, AI agents are autonomous systems utilizing Large Language Models (LLMs) to make decisions and adapt in real time.
Model Context Protocol (MCP) is an emerging standard simplifying how AI agents connect to tools and data sources, akin to what USB did for hardware peripherals.
MCP uses a client-server architecture for standardized interaction between AI agents and external resources, described in natural language for accessibility.
The distinction between autonomous and delegated AI identities is crucial for managing accountability and security in AI-powered systems.
Real-time monitoring and robust identity management are critical for detecting anomalies and enforcing least-privilege access in AI agents.
As AI agents integrate with tools via MCP, security frameworks must evolve to include dynamic authorization and continuous monitoring.
Organizations should audit current MCP usage, enhance visibility, standardize authentication, and foster collaboration between engineering and security teams.
To secure the future of AI agents, auditing MCP deployments, implementing authentication protocols, and building comprehensive AI identity security strategies are essential.
Security measures must evolve alongside AI technology to address risks such as unauthorized access, data leakage, and compromised tool integrity.
Proactive steps include assessing existing MCP implementations, implementing standardized authentication, and collaborating across teams to enforce security policies.

Read Full Article

20 Likes

TechBullion

110

Image Credit: TechBullion

Advancing Cybersecurity: The Role of Intelligent Agents in Security Orchestration

Cybersecurity is evolving with the introduction of intelligent agents powered by large language models (LLMs), as highlighted by cybersecurity researcher Harpreet Singh.
Intelligent agents automate threat detection, streamline responses, and enhance situational awareness, improving organizations' ability to identify and neutralize cyber threats efficiently.
These agents leverage machine learning and natural language processing to analyze network activity, detect anomalies, and recognize new attack patterns faster than human analysts, reducing mean time to detect threats by 63% and improving detection accuracy by 71%.
By unifying multiple security tools, orchestrating responses across various security layers, and integrating threat intelligence feeds, intelligent agents promise a more secure digital landscape where cyber threats are addressed proactively with minimal human intervention.

Read Full Article

6 Likes

Dev

290

Image Credit: Dev

gem oauth2 v2.0.10 released

Gem oauth2 version 2.0.10 has been released with new features and bug fixes, focusing on the upgrade process.
The project supports a large number of authorization systems on the internet, affecting a significant number of projects and packages.
Extensive testing has been done across multiple Ruby versions and runtime dependencies to ensure compatibility.
Support is maintained for various Ruby versions, JRuby, TruffleRuby, and several gem dependencies.
Strict adherence to Semantic Versioning is followed, and dropping support for certain dependencies will result in a major version bump.
Users are encouraged to upgrade the gem and its dependencies with confidence, given the thorough testing and compatibility efforts.
Two runtime dependencies were extracted from the gem and are part of the oauth-xx org, developed collaboratively.
The gem release includes various enhancements, bug fixes, and documentation improvements.
Changes include added support for token revocation, improved documentation, and bug fixes like encoding spaces as %20 and not exposing sensitive information.
Gem releases are now cryptographically signed, and improvements have been made for linux distros to build without signing.

Read Full Article

17 Likes

Medium

126

Image Credit: Medium

How to stop hackers from reading your private messages: Encrypt them with MakeItPrivate.org

Encrypt your private messages with MakeItPrivate.org to prevent hackers from reading them.
Use different keywords to scramble messages for different recipients, enhancing security.
MakeItPrivate does not require registration or phone numbers, providing anonymity and privacy.
Encrypt and decrypt messages offline for added security and protection of your communications.

Read Full Article

7 Likes

Medium

Image Credit: Medium

Data Privacy and Your Mobile Phone

Cell phones have become an essential part of everyday life, enabling users to access the internet, find locations, and obtain information conveniently.
However, it is crucial to understand that the same technology allowing these functionalities also enables user tracking, potentially compromising privacy.
Users can take steps to limit data access, such as adjusting location tracking settings, switching to airplane mode, or disabling certain permissions.
Maintaining awareness of how technology impacts privacy, making informed choices about data sharing, and discussing privacy concerns with family members are essential in safeguarding personal information.

Read Full Article

5 Likes

Medium

208

Image Credit: Medium

How Are Women Treated Differently Online?

Sexism and discrimination against women online is a prevalent issue, fueled by societal patriarchal norms.
Women face harassment in online spaces like gaming, with female players often receiving sexually explicit messages and female characters being oversexualized.
Beyond sexist remarks, women also experience serious forms of harassment such as sexual solicitation and sharing explicit photos without consent.
Addressing online sexism requires ending the demeaning and sexualization of women, promoting equal treatment for all genders, and creating a safer online environment.

Read Full Article

12 Likes

For uninterrupted reading, download the app