menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Underscore

6d

read

308

img
dot

Image Credit: Underscore

The Authentication Layer for Agentic AI

  • As we venture into the age of autonomous agents and AI-driven systems, a critical question arises: How do we do that securely?
  • The security infrastructure to support this evolution, particularly in authentication, is still in its infancy, making it a ripe area for founders to build a key infrastructure for the emerging era.
  • Autonomous agents, powered by AI and Large Language Models (LLMs), increasingly assume roles that involve making decisions, executing tasks, and interacting with other systems without human intervention.
  • The level of autonomy introduces new challenges in ensuring that these agents act securely and reliably.
  • Traditional authentication systems are designed for human users or well-defined services, making it challenging to authenticate autonomous agents consistently and securely.
  • Given these challenges, there is a clear need for a startup that focuses on developing authentication solutions tailored explicitly to autonomous agents.
  • This startup would develop systems for dynamically managing agent identities, allowing for flexibility as agents evolve, and develop context-aware authentication methods that consider not just the agent’s identity but also its behavior, environment, and interactions.
  • Despite the clear need, a specialized authentication startup for autonomous agents has yet to emerge for several reasons, including the nascent market, technical complexity, lack of standards, and focus on traditional AI security.
  • As autonomous agents become more prevalent and take on increasingly complex roles, the need for specialized authentication solutions will become critical.
  • A startup dedicated to authentication field would not only fill a growing gap in the market but also play a crucial role in ensuring the secure and ethical deployment of autonomous agents.

Read Full Article

like

18 Likes

source image

Tech Radar

6d

read

263

img
dot

Image Credit: Tech Radar

Salt Typhoon: US cybersecurity watchdog urges switch to Signal-like messaging apps

  • The US cybersecurity watchdog, CISA, is advising citizens to use secure end-to-end encrypted messaging apps like Signal.
  • CISA released best practices in response to the Salt Typhoon attack, urging people to switch to Signal-like apps for secure communications.
  • CISA recommends evaluating the extent to which messaging apps collect and store metadata, enabling phishing-resistant two-factor authentication, and using strong password managers.
  • They also advise against using unsecured commercial VPN services and recommend choosing reputable VPN apps with strong security features.

Read Full Article

like

15 Likes

source image

Dataprivacyandsecurityinsider

6d

read

49

img
dot

Image Credit: Dataprivacyandsecurityinsider

Cl0p Exploiting Cleo Software

  • Cyber gang Cl0p has exploited vulnerabilities in software made by Cleo, an Illinois-based IT company.
  • Cl0p claimed responsibility for the attacks on Cleo's products LexiCom, VLTrader, and Harmony.
  • Cleo has released patches to address the vulnerabilities, including a recent one for a critical flaw.
  • Rapid7 advises affected companies to update to the latest version of Cleo products and apply the provided patches.

Read Full Article

like

2 Likes

source image

The Fintech Times

6d

read

242

img
dot

AP Teams Need Automation to Combat Rise in AI Invoice Fraud Finds Basware

  • Invoice automation firm, Basware, reveals that 90% of organizations lack dedicated prevention teams, forcing accounting staff to manage fraud in addition to their regular responsibilities.
  • Generative AI is cited as a key driver behind the surge in invoice fraud, with 62% of businesses stating its impact according to a report by Basware.
  • Remote work, rising transaction volumes, and expansion of the supplier base are identified as critical risk factors contributing to the increase in fraud attempts.
  • The lack of AP automation and reliance on manual processes leave businesses vulnerable to fraud, emphasizing the need for automation tools to combat AP fraud.

Read Full Article

like

14 Likes

source image

Socprime

6d

read

152

img
dot

Image Credit: Socprime

Enhancing Events with Geolocation Data in Logstash

  • If you are using Logstash and need to enrich event data with geolocation information based on IP addresses, the following filter configuration can help.
  • The filter checks if the IP belongs to private/internal network ranges and skips geolocation enrichment for internal IPs to optimize processing.
  • If the IP is external, the configuration applies the geoip filter to enrich the event with geolocation information.
  • This setup improves Logstash performance and ensures accurate geolocation enrichment for Elasticsearch logs.

Read Full Article

like

9 Likes

source image

Tech Radar

6d

read

65

img
dot

Image Credit: Tech Radar

Midnight Blizzard hacking group hijacks RDP proxies to launch malware attacks

  • Midnight Blizzard, an advanced persistent threat group sponsored by the Russian government, has launched a large-scale spear-phishing attack targeting governments, military organizations, and academic researchers in the West.
  • The group exploited red team methodologies and anonymization tools to exfiltrate sensitive data from their targets' IT infrastructure.
  • The attack utilized a rogue Remote Desktop Protocol (RDP) and a Python-based tool called PyRDP, with approximately 200 high-profile victims targeted in a single day.
  • The victims included government and military organizations, think tanks, academic researchers, and entities associated with the Ukrainian government and the Netherlands' Ministry of Foreign Affairs.

Read Full Article

like

3 Likes

source image

Secureerpinc

6d

read

378

img
dot

Image Credit: Secureerpinc

Addressing the Cybersecurity Skills Crisis

  • The cybersecurity skills crisis presents challenges for companies struggling to fill security roles.
  • Reasons for the skills shortage include unrealistic employer demands and outdated skills.
  • Burnout and competition also contribute to the skills crisis.
  • Companies can address the crisis by implementing automation, providing internal skills development, and supporting existing team members.

Read Full Article

like

22 Likes

source image

Cybersecurity-Insiders

6d

read

234

img
dot

Image Credit: Cybersecurity-Insiders

Russia imposes official ban on Cybersecurity firm Recorded Future

  • Recorded Future, a cybersecurity firm, has been officially banned by the Russian government from conducting any business operations within the country.
  • The ban comes as Recorded Future has been added to Russia's list of 'Undesirable Organizations,' making it prohibited from operating in Russia and potentially requiring it to cease all business activities in the country by early next year.
  • However, the CEO of Recorded Future, Christopher Ahlberg, considers the ban a form of recognition rather than a setback, emphasizing that it does not impact the company's core business.
  • The ban is believed to be a retaliation by Russia against Recorded Future's support of Ukraine by providing financial aid to safeguard critical infrastructure against cyberattacks.

Read Full Article

like

14 Likes

source image

Securityaffairs

6d

read

366

img
dot

Image Credit: Securityaffairs

Mirai botnet targets SSR devices, Juniper Networks warns

  • Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024.
  • Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. Threat actors initially compromised the devices and then employed them in DDoS attacks.
  • Mirai bot exploits devices using default credentials, enabling remote command execution through SSH attacks to facilitate various malicious activities, including DDoS attacks.
  • To mitigate the exposure to these threats, users are recommended to change default credentials, use strong passwords, review access logs, employ firewalls and IDS/IPS, and keep firmware up-to-date.

Read Full Article

like

22 Likes

source image

TechBullion

6d

read

28

img
dot

Image Credit: TechBullion

Empowering Enterprises: Puneet Aggarwal’s Vision for ERP, SAP Cybersecurity, and Innovation

  • Puneet Aggarwal is a leader in SAP technologies and cybersecurity, driving transformation across various industries.
  • He focuses on simplifying complex SAP environments and optimizing performance for enterprises.
  • Puneet addresses vulnerabilities in ERP systems and implements robust security frameworks.
  • His innovative work includes streamlining SAP ECC to S/4HANA migrations and integrating AI and machine learning into SAP systems.

Read Full Article

like

1 Like

source image

TechBullion

6d

read

205

img
dot

Image Credit: TechBullion

How External Attack Surface Management Protects Your Business from Emerging Threats

  • External Attack Surface Management (EASM) ensures cutting-edge cybersecurity by providing a comprehensive view of digital assets.
  • EASM helps organizations identify and monitor assets to mitigate risks before they become cyberattacks.
  • It offers visibility of assets, proactive vulnerability detection, and evaluation of third-party risks.
  • By implementing EASM, businesses can secure their networks and strengthen resilience against emerging threats.

Read Full Article

like

12 Likes

source image

Tech Radar

6d

read

333

img
dot

Image Credit: Tech Radar

Thousands of GPS tracking customers have info leaked following data breach

  • Hapn, a company that sells GPS tracking hardware and software, is reportedly leaking sensitive user information online.
  • The exposed data includes customer names, workplace names, data on over 8,600 GPS trackers, and IMEI numbers for their SIM cards.
  • No location data was leaked, but Hapn has not responded to researcher alerts or media inquiries.
  • The company does not have a web page or form for reporting security vulnerabilities.

Read Full Article

like

20 Likes

source image

TechCrunch

6d

read

285

img
dot

Image Credit: TechCrunch

US government urges high-ranking officials to lock down mobile devices following telecom breaches

  • The U.S. government is urging senior politicians and high-ranking officials to lock down their devices amid the ongoing Chinese breaches of at least eight major telecom providers.
  • CISA advises officials to enable advanced security features like Apple's Lockdown Mode to limit the phone's attack surface.
  • Officials are also advised to switch to end-to-end encrypted messaging apps, such as Signal, to protect against communication interception.
  • CISA recommends the use of phishing-resistant multi-factor authentication and telecom-level account PINs to safeguard against SIM-swapping attacks.

Read Full Article

like

17 Likes

source image

Securityintelligence

6d

read

395

img
dot

Image Credit: Securityintelligence

2024 roundup: Top data breach stories and industry trends

  • One of the largest personal data breaches took place on April 8, 2024, leading to nearly 3 billion US citizens having their information leaked on the dark web.
  • 90% of the world’s top energy companies experienced data breaches that stemmed from third-party breaches.
  • According to the IBM Cost of a Data Breach 2024 report, the financial sector has seen a surge in data breach costs since the pandemic, reaching an average of $6.08 million per incident.
  • The global average cost of data breaches jumped 10% year-over-year between 2023 and 2024, with the latest figure reaching an alarming $4.88 million.
  • 50% of organizations experiencing data breaches reported that they stemmed from staffing shortages.
  • Organizations should prioritize a proactive approach to cybersecurity planning, optimize their access restriction policies and address critical staffing shortages.

Read Full Article

like

23 Likes

source image

VentureBeat

6d

read

86

img
dot

Small model, big impact: Patronus AI’s Glider outperforms GPT-4 in key AI evaluation tasks

  • A startup called Patronus AI has released an open-source language model called Glider.
  • Glider outperforms OpenAI's GPT-4o-mini on key benchmarks for evaluating AI outputs.
  • The model is designed to provide detailed explanations for its decisions.
  • Glider offers advantages such as cost-effectiveness, real-time evaluation, and the ability to assess multiple aspects simultaneously.

Read Full Article

like

5 Likes

For uninterrupted reading, download the app