Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Cssauthor

401

Image Credit: Cssauthor

Cybersecurity Red Flags That Designers Encounter Daily

Relying on digital tools exposes designers to various cybersecurity risks that could put their projects, assets, and sensitive client information in danger.
Recognizing certain cybersecurity red flags early on is important so your work and client data are always secure.
Cybercriminals take advantage of the code to access sensitive information or cause system malfunctions.
Graphic designers constantly share files online. Using unencrypted file-sharing methods or public Wi-Fi’s pose a significant risk for data interception.
Designers deal with many file formats, including PSD, AI, JPG, and PDF.
Cloud storage is convenient, but it’s also a privacy risk when configured incorrectly.
Use a virtual private network (VPN) to protect your connection when you work from home or use public Wi-Fi.
Most cloud storage and collaboration platforms support two-factor authentication.
Always use trusted platforms like Adobe, Envato, and Google Fonts to upload your files.
Integrating security measures into your daily routine can keep your digital life safe and let you focus on creative work.

Read Full Article

24 Likes

TestingXperts

419

Cyber Extortion: Protecting Your Business from Digital Blackmail

The cyber security world has seen a significant increase in cyber-attacks, with 1,876 per enterprise on average in the 2024 Q3, recording a 75% increase from 2023 Q3. In this article, we look at the history of cyber extortion and how this type of crime works. Cyber extortion is a crime where a threat actor steals critical information and demands money or other requirements in exchange for returning it. In the article, we look at the types of cyber extortion and best practices to protect yourself from cyber extortion.
There have been different types of cyber extortion attacks in the recent past, including doxing extortion, software extortion, data breach extortion, email extortion, among others. There is a process cyber criminals follow, which varies based on techniques and tactics they utilise. Cyber extortion mainly involves cyber attackers gaining unauthorised access to sensitive information, demanding ransom, and threatening victims with exposure of their data publicly if they do not pay.
Best practices to mitigate the impact of cyber extortion include adopting comprehensive security strategies, conducting regular vulnerability assessments, compliance audits and adopting an incident response plan. Because cyber extortion targets both system weaknesses and human error, training employees on security awareness, conducting simulations through drill exercises, and partnering with an experienced cybersecurity provider like TestingXperts (Tx) can help organizations fortify their defenses.
Real-world examples of cyber extortion attacks include Orange Is the New Black, where the extortionists demanded $50,000 in exchange for not releasing pre-scheduled episodes, which they still released after receiving the ransom. In other instances, universities and different government organizations have been attacked, and confidential client data has been exposed.
Preventing cyber extortion entails having a backup of your files, employing anti-malware and firewall protection measures, performing Background check on each employee to avoid digital fraud and training employees on dodging phishing attacks and spear phishing attacks; authentication systems to manage employees' access and obtaining a cyber extortion insurance policy.
To manage cyber extortion risks, Tx offers different services such as proactive vulnerability assessment, penetration testing, security testing, and compliance audits to identify gaps in security controls that hackers can exploit, and incident response testing to help organizations' readiness in handling cyber extortion attacks.

Read Full Article

25 Likes

Tech Radar

301

Image Credit: Tech Radar

Hackers are spreading QR code malware through...the post?

Swiss citizens warned about fake ‘Alertswiss app’
Malicious app deploys a variant of the Coper trojan
Keystrokes, 2FA codes, and credentials are at risk
Hackers are spreading QR code malware through postal letters

Read Full Article

18 Likes

Tech Radar

282

Image Credit: Tech Radar

Millions of WordPress sites could be at risk from "one of the most serious" plugin flaws ever found

Cybersecurity researchers have discovered a critical vulnerability affecting millions of WordPress websites.
The vulnerability is found in the Really Simple Security WordPress plugin, which has more than five million active installations.
The flaw allows attackers to gain full control over vulnerable websites.
Researchers urge website administrators to patch and update the plugin immediately.

Read Full Article

17 Likes

Discover more

Dev

214

Image Credit: Dev

Vishing Scams Explained: What They Are and How to Stay Safe

Vishing is a form of voice-based phishing that preys on your personal information and trust.
In this type of scam, criminals use voicemail messages or phone calls to deceive individuals into disclosing sensitive information like login credentials, credit card data or Social Security numbers.
Caller ID spoofing is a technology used by scammers that imitates the voices of authoritative individuals or companies in order to make it seem as though the call is coming from a reliable source and gain trust.
Bank impersonation, IT support scams, and lottery or prize scams are some common types of vishing schemes.
To avoid falling for these scams, it is important to be vigilant, ask questions concerning unsolicited calls, and be aware of ways to verify the facts.
If you receive an unsolicited call from an unknown number, do not give out personal information, hang up the phone, and verify the caller's identity through official channels.
It's also important to not respond to voicemails that ask for personal information and to report any suspicious calls to your bank, the impersonated company, or the local police.
Implement two-factor authentication (2FA) wherever possible to provide an additional layer of protection.
The best security is skepticism and awareness.
Be informed and stay safe from vishing scams.

Read Full Article

12 Likes

Cybersecurity-Insiders

123

Image Credit: Cybersecurity-Insiders

The Critical Role of a CEO in Bolstering Corporate Cybersecurity

In the digital age, where cyber threats are growing more sophisticated by the day, the role of a CEO in ensuring robust corporate cybersecurity cannot be overstated.
The CEO's public commitment to cybersecurity can foster a security-first mindset throughout the organization.
Cybersecurity cannot be treated as a separate entity from the company’s broader business goals.
The CEO plays a key role in creating a governance structure that ensures accountability at all levels of the organization for cybersecurity.
CEOs must be prepared to lead their companies through a crisis in the event of a breach or attack.
CEOs can work with legislators to advocate for policies that incentivize companies to adopt stronger cybersecurity practices and establish consistent industry standards.
The CEO should champion innovation within their organization to ensure they are using the latest tools and technologies to protect sensitive data.
The CEO’s involvement in cybersecurity is more critical than ever.
Through strong leadership, effective governance, and a proactive approach to crisis management, the CEO plays a pivotal role in securing their company’s future in an increasingly dangerous cyber world.

Read Full Article

7 Likes

Kraken

Image Credit: Kraken

2024 Scam Awareness Week: Empowering users to safeguard their digital finances

Scam awareness week is celebrated to educate users on how to protect themselves from scams and how the industry is creating a safer ecosystem.
Several scam types have emerged in the cryptocurrency space including investment, employment, Pig butchering, impersonation and romance.
To avoid such scams users should avoid offers that are too good to be true, verify identities through official channels and take their time before making any financial decisions.
To reduce fraud, Kraken works with AI, machine learning models and third-party tools to combat suspicious behavior.
The vast majority of cryptocurrency transactions are legitimate, and the industry has the potential to bring significant benefits to users.
Lack of awareness is a significant risk factor in crypto scams, user education is crucial in preventing fraud.
Kraken offers a range of educational resources including a Learn Center, safety-related articles, and shares important resources during Scam Awareness Week.
Personal responsibility is key to protecting oneself in the crypto space, users are expected to be aware of risks and safeguard their assets.
Kraken remains optimistic about the future of cryptocurrency industry and its potential to bring significant benefits to users
Kraken is committed to empowering users and building a safer ecosystem for everyone through its accessible resources.

Read Full Article

1 Like

Silicon

415

Image Credit: Silicon

US Releases Security Advice For AI In Critical Infrastructure

The US Department of Homeland Security has released guidelines for the use of AI in critical infrastructure.
The Roles and Responsibilities Framework for Artificial Intelligence in Critical Infrastructure document addresses security concerns regarding AI deployment.
The framework identifies 16 critical infrastructure sectors and highlights potential risks associated with AI use.
The document lays out best practices for AI developers, infrastructure owners, operators, and public sector entities.

Read Full Article

24 Likes

Securityaffairs

Image Credit: Securityaffairs

T-Mobile is one of the victims of the massive Chinese breach of telecom firms

T-Mobile confirmed being a victim of recent hacking campaigns linked to China-based threat actors targeting telecom companies.
The breach is part of a long-running cyber espionage campaign that targeted U.S. telecoms to steal call records and access private communications mainly of government and political figures.
Salt Typhoon, also known as FamousSparrow and GhostEmperor, is a China-linked APT group active since at least 2019 that focused on government entities and telecommunications companies in Southeast Asia.
The cyberattack poses a major national security risk and implicates China's digital army of Cyberspies breaking into valuable computer networks in the United States and around the globe.
The cybersecurity experts warn that Chinese nation-state actors have shifted from stealing secrets to infiltrate critical US infrastructure, suggesting that they are now targeting the core of America’s digital networks.
The Salt Typhoon hacking campaign appears to focus on intelligence gathering rather than crippling infrastructure, unlike the attacks carried out by another China-linked APT group called Volt Typhoon.
Salt Typhoon used sophisticated methods to infiltrate American telecom infrastructure through vulnerabilities, including Cisco Systems routers, and investigators suspect the hackers relied on AI or machine learning to further their espionage operations.
The cyberattack raises concern as T-Mobile has suffered multiple data breaches in recent years, with the most recent breach in August 2021 impacting 54 million customers.
T-Mobile assures its customers that it closely monitors the industry-wide attack: no impact to customer information has been identified, and the authorities are working with relevant peers.
The FBI and CISA are continuing the investigation, and they expect their understanding of these compromises to grow as the investigation continues.

Read Full Article

3 Likes

Cybersecurity-Insiders

178

Image Credit: Cybersecurity-Insiders

T Mobile Hacked and info such as call records and police request data breached

T-Mobile systems were breached by a group of Chinese hackers, known as Salt Typhoon, which may have compromised call records, communication histories, and requests made by law enforcement agencies.
Customer data was deeply affected, but the company is assessing the extent of damage as the intrusion has compromised the privacy of millions of individuals.
The breach raised significant concerns about the vulnerabilities of critical communication networks in the US, including call logs, text message histories, and sensitive data, potentially compromising personal privacy.
Experts believe that the hackers may have been attempting to gather intelligence on key political figures in an effort to sway public opinion or disrupt the electoral process though no definitive evidence has yet emerged.
The Salt Typhoon group, a Chinese-backed hacking group, has allegedly infiltrated critical infrastructure in the US and other countries, leading to mounting anxiety about the security of national telecom networks.
Though T-Mobile has refrained from directly attributing previous attacks to any specific group, the latest attack was the first time a Chinese-linked hacking group was formally identified as the likely culprit behind a series of high-profile cyberattacks on US telecom infrastructure.
China repeatedly denied involvement in the cyberattacks, calling the accusations 'groundless' and 'politically motivated,' blaming the US for conducting widespread surveillance on global communications networks for years.
The T-Mobile breach serves as a wake-up call to the vulnerabilities within the US telecommunications infrastructure, highlighting the growing need for global cooperation to combat the rising tide of cyberattacks and the increasing threat of digital espionage.
It remains to be seen what long-term impact the breach will have on T-Mobile's customers, the broader telecom sector, and US national security.
The incident has further highlighted the growing threat posed by cyberattacks and the increasing need for heightened cybersecurity measures.

Read Full Article

10 Likes

VoIP

155

Image Credit: VoIP

Knightscope Robots Revolutionize Security with Verizon 5G Partnership

California-based Knightscope is revolutionizing public safety with its autonomous robots.
The Knightscope robots, connected through Verizon, provide real-time intelligence in challenging environments.
Equipped with advanced features and sensors, the robots detect unusual activities and enhance public safety.
The partnership with Verizon's Frontline service and future incorporation of 5G connectivity will further enhance the robots' capabilities.

Read Full Article

9 Likes

Securityaffairs

438

Image Credit: Securityaffairs

Increased GDPR Enforcement Highlights the Need for Data Security

GDPR protects sensitive data like health and financial details, and its enforcement underscores the growing need for stronger data security measures.
Uber received a €290 million fine from the Dutch Data Protection Authority (DPA).
Maximum fine organizations can face for GDRP violation is €20 million or 4% of their global annual revenue from the previous fiscal year.
The penalties for failing to comply with GDPR can be severe and may reach €10 million or 2% of annual global revenue.
Meta, Amazon, Instagram have previously faced GDPR violations and gigantic fines.
Advanced Data Security Posture Management (DSPM) tools can help organizations minimize GDPR compliance risks.
Data mapping and classification, Cross-border data transfer controls, and continuous monitoring are some strategic measures companies can adopt for GDPR compliance and data protection.
As the regulatory environment tightens, global companies must realize that non-compliance with data protection laws can have dire consequences
Those who prioritize security and compliance will be best positioned for long-term success.
By adopting advanced data security solutions, businesses can maintain a robust data protection posture, mitigate risks, and avoid the severe consequences that come with non-compliance.

Read Full Article

26 Likes

Global Fintech Series

232

Image Credit: Global Fintech Series

Why Network Traffic Monitoring is Essential for Robust Cybersecurity in Financial Services

Network traffic monitoring has become a strategic imperative for financial services firms to maintain reliability, security and regulatory compliance.
Financial data is an attractive target for cybercriminals, making network traffic monitoring an essential safeguard for the integrity of the financial ecosystem.
For financial institutions, network traffic monitoring prevents costly outages and shields against security breaches with proactive oversight and detection of bottlenecks, bandwidth constraints, and unusual activity.
With numerous specialized security monitoring solutions available, banks are equipped to tackle various network management and security demands addressing resource and expertise limitations, balancing time constraints and competing responsibilities, and adapting to stringent regulatory requirements.
Banks increasingly invest in integrated monitoring tools for patch management, antivirus monitoring, performance monitoring, alert systems, and remote monitoring and management (RMM) tools.
Banca Marche implemented WhatsUp Gold for seamless network performance and real-time monitoring capabilities, enabling the bank to transition from a reactive to a proactive approach, managing approximately 2,500 endpoints with greater agility and accuracy.
Financial institutions undergoing rapid digitization of services are exposed to increasingly sophisticated cyber threats such as ransomware, phishing, and insider attacks, requiring a dynamic approach to cybersecurity.
The rapid digitization of financial services expands the attack surface, exposing institutions to increasingly sophisticated cyber threats such as ransomware, phishing, and insider attacks.
Financial institutions manage vast amounts of sensitive data, making them attractive targets for cybercriminals seeking financial gain.
Monitoring tools like Intermapper empower IT teams to respond swiftly, minimizing risks to network reliability and security and some of the world's leading high-frequency trading operations depend on Intermapper to maintain uninterrupted network performance.

Read Full Article

14 Likes

Dev

155

Image Credit: Dev

Dataverse Security Roles

Security roles in Dataverse tables are important for access control to custom tables on Power Platform, especially after the move to solutions.
A custom security role is required for access to tables, and System Administrators are the only ones with permission to create/edit them.
Roles can be created using the Power Platform Admin Centre or in a solution, and can be assigned to team members with privileges according to their roles or a combination of their roles and teams.
Permissions include creating, reading, writing, deleting, and sharing access to custom tables, along with miscellaneous and privacy-related permissions.
Tables are grouped into various sections, and the custom tables section has over 350 tables. Permission levels are granted for user, business unit, parent/child business unit, and organization levels.
Security roles are stored in the Dataverse table called roles, but they are meta data that do not have the actual permissions.
Security roles can be moved using solutions, but environment makers cannot create roles, so a custom role created by a System Administrator can be split out from the component owned by the environment makers.
Business units are not solution aware and cannot be deployed across environments, so if a security role is set to a business unit, it cannot be migrated.
Roles can be set to teams and automatically switch to that business unit, making teams a better option for permission control.
Security roles can be inherited by teams, user, or team and user.

Read Full Article

9 Likes

Securityaffairs

Image Credit: Securityaffairs

Critical Really Simple Security plugin flaw impacts 4M+ WordPress sites

A critical vulnerability in the Really Simple Security plugin affects over 4 million WordPress sites.
The vulnerability allows attackers to gain full admin access to affected sites.
The flaw is an authentication bypass vulnerability in the plugin's two-factor authentication feature.
The vulnerability has been patched in version 9.1.2 of the plugin.

Read Full Article

3 Likes

For uninterrupted reading, download the app