A naukri.com initiative
Cyber Security News
Hackernoon
1M
173
Image Credit: Hackernoon
The Rise of Cyber Militias
- The internet has allowed like-minded individuals to come together and communicate about shared interests, leading to the rise in cyber militias.
- Cyber militias have broadened their causes to include social and environmental aims, becoming more popular over the last several years.
- Wars, climate change, and civil unrest are some of the many factors that led to people's engagement in cyber militias, which are accessible and used for mobilization, communication, and solidarity.
- Traditional activism required printing flyers, but the internet makes it incredibly easy to distribute information to the masses in seconds, leading to the emergence of cyber militias.
- The increasing availability of AI-based video and picture tools has made it difficult to believe everything seen on the internet.
- Cyber militias do not solely operate by creating or publishing doubtful or untruthful content. They also plan coordinated hacks that disrupt websites and online services.
- Some college campuses are like miniature cities and are ideal targets for cyberattacks. Most educational institutions still remain unprepared.
- Cyber militias have caused a shift whereby some participants actively take part in public spaces, inspired by the internet mobilization and activism.
- The internet has increased the speed at which people can create content and how effectively they can engage others.
- The modern difference in militias is that the internet and devices that connect to it have become powerful tools for getting heard and noticed during times of increasing upheaval.
Read Full Article
10 Likes
Medium
1M
187
Image Credit: Medium
Privacy and Security in Web3
- Web3 is a technology aimed at increasing security and privacy on the internet. Crypto-anarchists believed that every person should be able to communicate and exchange information without surveillance and control.
- Modern centralized systems have shortcomings in terms of privacy and data security. Decentralized social platforms propose to solve this.
- In decentralized social platforms, all data belongs only to the user and no one else can see it without permission. All data is encrypted and only you and those you have permitted can collect and read it.
- Decentralized data storage is achieved through breaking data into small pieces and storing them on many different computers around the world. This makes your data resistant to censorship.
- However, lack of centralized control can lead to serious negative consequences. Decentralized networks mainly used for illegal trade and other illegal activities.
- The best solution is a hybrid system that combines the advantages of decentralization with the necessary level of regulation. Moderators still play an important role, but their power is divided and not concentrated in one person or group.
- Web3 offers an alternative to traditional centralized systems, giving users more freedom and protection. It is important to strive for a balance, combining the benefits of decentralization with accountability and control mechanisms.
Read Full Article
11 Likes
Dev
1M
73
Image Credit: Dev
Setting up WireGuard VPN with WAG for Enhanced Security and MFA
- Setting up WireGuard VPN with WAG for Enhanced Security and MFA.
- WAG adds 2FA and device enrollment capabilities to WireGuard making secure VPN access with MFA for specific routes possible.
- This guide walks you through setting up a WireGuard VPN with WAG on an Ubuntu server.
- WireGuard is configured to listen on the chosen port (e.g., 51820).
- ACL policies are used to enforce 2FA for specific networks while allowing general access to others.
- The guide also covers registration, management UI and configuring WAG as a service.
- WAG ensures only authenticated users can access sensitive network resources, securing your VPN further
- The guide assumes that you are working on Ubuntu 20.04 and that iptables is installed and IP forwarding is enabled.
- WAG must be run as root to manage iptables and the WireGuard device.
- Once set up, users can retrieve their VPN configuration file using their generated token.
Read Full Article
4 Likes
Dev
1M
73
Image Credit: Dev
SSRF Attacks: The Silent Threat Hiding in Your Server
- Server-Side Request Forgery (SSRF) is a web vulnerability where attackers trick a server into making unauthorized requests to internal or external systems.
- An attacker sends a malicious URL in a request that the server processes as legitimate, making requests on the attacker's behalf.
- The vulnerability can occur due to access control gaps, recovery features, or hidden interfaces.
- Protecting against SSRF involves validating and sanitizing input URLs, using URL whitelists, and restricting internal service access.
Read Full Article
4 Likes
Dev
1M
383
Image Credit: Dev
Securing CI/CD Pipelines: GitHub Actions vs Jenkins
- Continuous Integration (CI) and Continuous Delivery/Deployment (CD) are popular practices in software development.
- CI/CD pipelines have become key aspects of software delivery processes.
- Securing CI/CD pipelines is important due to vulnerabilities and security challenges that can arise.
- GitHub Actions and Jenkins are two popular CI/CD tools.
- Securing pipelines requires proactive measures, including secrets management, access control, vulnerability scanning, and logging.
- GitHub Actions is a cloud-based solution for automating workflows within GitHub repositories.
- Jenkins is a self-hosted open-source tool that provides flexibility and customization.
- Both GitHub Actions and Jenkins offer strong security features.
- GitHub Actions is user-friendly while Jenkins is ideal for teams that require control over their CI/CD pipeline.
- Choosing a CI/CD tool that aligns with your workflow and security requirements is important.
Read Full Article
23 Likes
Securityaffairs
1M
27
Image Credit: Securityaffairs
Palo Alto Networks confirmed active exploitation of recently disclosed zero-day
- Palo Alto Networks confirmed active exploitation of a zero-day in its PAN-OS firewall and released new indicators of compromise (IoCs).
- Last week, Palo Alto Networks warned customers about a potential remote code execution vulnerability in PAN-OS, but had no details on active exploitation.
- Now, Palo Alto Networks has confirmed that the zero-day in its PAN-OS firewall is actively being exploited and has released indicators of compromise.
- The cybersecurity firm observed malicious activities originating from specific IP addresses and recommended secure management access practices.
Read Full Article
1 Like
TechCrunch
1M
329
Image Credit: TechCrunch
T-Mobile says it was hacked, linked to Chinese breaches of telecom networks
- U.S. phone giant T-Mobile confirms being hacked in an industry-wide attack on telecom networks.
- T-Mobile's systems and data have not been significantly impacted, and there is no evidence of customer information being compromised.
- The attack is part of a series of cyberattacks targeting telecom companies, including AT&T, Verizon, and Lumen (formerly CenturyLink), linked to hackers working for the Chinese government.
- This is the ninth cyberattack targeting T-Mobile in recent years, with the most recent breach occurring in 2023 and impacting 37 million T-Mobile customers.
Read Full Article
19 Likes
TechCrunch
1M
146
Image Credit: TechCrunch
T-Mobile hack linked to Chinese breaches of telecom networks
- U.S. phone giant T-Mobile was hacked as part of a broad cyberattack on U.S. and international phone and internet companies
- T-Mobile is closely monitoring the attack, but their systems and data have not been significantly impacted
- The cyberattack is linked to a series of breaches targeting telecom companies, including AT&T, Verizon, and Lumen
- The FBI and CISA have warned about the cyber espionage campaign, accusing China of involvement
Read Full Article
8 Likes
TechBullion
1M
246
Image Credit: TechBullion
10 Tips for Enhancing Cloud Security and Preventing Data Breaches
- As more businesses move their operations and data to the cloud, the need for strong protection against cyber threats has become more critical than ever.
- Conduct a thorough assessment of your infrastructure to pinpoint weak spots.
- Utilizing comprehensive cloud protection solutions is crucial for maintaining full visibility across your cloud environment.
- One of the easiest and most effective ways to protect your cloud accounts is by using multi-factor authentication (MFA).
- Regular monitoring and auditing are essential for detecting unusual activity and identifying potential risks.
- Encryption is a vital tool for protecting your data in the cloud.
- Setting up robust Identity and Access Management (IAM) policies is crucial for controlling who can access your environment.
- Ensure that all services, applications, and plugins are regularly updated.
- Regular security assessments and penetration testing are key strategies for identifying weaknesses in your setup before attackers can exploit them.
- An incident response plan outlines the steps your team should take in the event of a data breach or security threat.
Read Full Article
14 Likes
TechCrunch
1M
160
Image Credit: TechCrunch
What a second Trump term means for the future of ransomware
- The US government has been making big strides in the fight against ransomware over the last four years.
- The Biden administration declared ransomware as a national security threat and successfully targeted ransomware operators.
- Despite the government’s efforts, cyberattacks targeting US organizations continue to rise.
- President-elect Donald Trump is expected to inherit the major ransomware problem in January.
- It is hard to predict what the next four years of cybersecurity policy could look like.
- Trump’s first term was a mixed bag, but cybersecurity didn’t feature heavily in his messaging since.
- However, the Republican National Committee said during the 2024 election cycle that an incoming Republican administration would 'raise the security standards for our critical systems and networks.'
- Trump’s push to slash federal budgets raised concerns that agencies may have fewer resources available for cybersecurity, which could make US networks more vulnerable to cyberattacks.
- With a scaled back focus on regulation, a second Trump term could pick up where it left off with offensive cyberattacks.
- A second Trump term is expected to pursue initiatives that would deter enemies to US sovereign security such as the use of offensive cyber capabilities and ramping up of the ‘hack-back’ activities.
Read Full Article
9 Likes
Medium
1M
16
Image Credit: Medium
Hide data inside images: cyber security project using Steganography
- Hackers are exploiting personal information shared on social media platforms for fraudulent activities.
- A project has been developed to hide sensitive information using steganography.
- The project includes an extra encryption layer for added security.
- It aims to empower users with a tool to safeguard their data in the face of increasing data breaches and cybercrimes.
Read Full Article
Like
TechBullion
1M
205
Image Credit: TechBullion
The Future of Finance: Exploring Innovative Inclusive Banking Solutions
- The banking landscape is being transformed through innovative and inclusive banking solutions that democratize access and redefine what it means to be banked in the 21st century.
- Inclusive banking solutions serve diverse communities, particularly the marginalized and have the potential to empower underserved populations.
- Traditional banking started with brick and mortar establishments, while the introduction of ATMs and online banking revolutionized how people managed their finances.
- Mobile banking apps offer easy access to financial services at the user's fingertips, while Blockchain technology and Artificial Intelligence enhance security and personalized assistance in transactions.
- Inclusive banking solutions create pathways to savings, credit, and investments necessary for people to build wealth and improve their living conditions.
- Examples of successful inclusive banking solutions include M-Pesa in Kenya, Grameen Bank in Bangladesh, and PMGDISHA initiative in India.
- Inclusive banking solutions have numerous advantages that extend beyond individual financial empowerment. It stimulates economic growth, fosters local businesses and promotes a culture of savings.
- While implementing inclusive banking solutions present challenges such as technology access, regulatory frameworks, cultural barriers, funding, and measuring impact, the future of finance is bright.
- The future of finance lies in technology advancement, personalized financial services, blockchain technology, mobile banking, partnership between fintech startups and traditional banks, evolving regulatory frameworks, and the focus on sustainability.
- Investing in inclusive banking should be an ongoing commitment contextualized around financial literacy and empowerment within underserved communities for sustainable growth, economic stability, and improved quality of life.
Read Full Article
12 Likes
Securityaffairs
1M
100
Image Credit: Securityaffairs
NSO Group used WhatsApp exploits even after Meta-owned company sued it
- NSO Group developed malware that relied on WhatsApp exploits to infect target individuals even after the Meta-owned instant messaging company sued the surveillance firm.
- NSO Group continued using WhatsApp exploits, including spyware called 'Erised,' even after being sued for violating anti-hacking laws.
- NSO employees violated WhatsApp's Terms of Service by reverse-engineering, transmitting harmful code, and accessing the platform illegally.
- Court filings reveal that NSO Group had minimal control over customers' use of its spyware, contradicting prior claims by the company.
Read Full Article
6 Likes
Wired
1M
91
Image Credit: Wired
Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist
- A trio of Indian technologists found a way to enable Apple AirPods Pro 2s’ hearing aid feature for their grandmas by circumventing the location restrictions using a homemade Faraday cage and microwave.
- The US military is testing an AI-enabled machine gun called the Bullfrog designed to auto-target swarms of drones.
- An 18-year-old from California has admitted to making or orchestrating over 375 swatting attacks across the US.
- The US government has recovered more than $10bn in assets following the orchestrated hack on Bitfinex cryptocurrency exchange in 2016, for which Ilya Lichtenstein and Heather Morgan were arrested after laundering $4.5bn. Lichenstein was this week sentenced to five years in jail.
- O2 and Virgin Media have created an AI system, AI Granny, for answering incoming calls from scammers that responds immediately according to what the scammer is saying.
- Human rights nonprofit Iridia accused Omri Lavie and Shalev Hulio, among others, founders of notorious spyware vendor NSO Group, of hacking crimes in a Catalan court. The claimant is lawyer Andreu Van den Eynde.
- Hackers linked to North Korea have been discovered trying to implant macOS malware to cryptocurrency targets using infrastructure previously used by the country's Lazarus Group.
- Microsoft has spotlighted a trend for using print spoolers as a focal point in cyberattacks. The latest campaigns are often carried out by the Russian state-backed group NOBELIUM.
- Russian hacking group Sandworm, almost blamed for disrupting New York’s healthcare system earlier this week, has now been revealed as behind a number of attacks on US nuclear targets.
- An open-source software community that let anyone review parts of Facebook's code has now closed. The move follows numerous debacles for the social media giant around security and misinformation.
Read Full Article
5 Likes
TechBullion
1M
429
Image Credit: TechBullion
Alastair Monte Carlo: Navigating the Future of AI, Cybersecurity, and Human Progress
- Alastair Monte Carlo discusses the impact of AI on the society and the challenges that come along with it.
- He predicts a future where AI systems will be capable of recursive self-improvement, outpacing human oversight, making ability to Intent a more significant question.
- The Singularity Project aims to monitor AI evolution to ensure it aligns with human autonomy.
- As AI evolves at a self-sustaining pace, there is a need for future-proof security and regulatory frameworks in regions like the middle-east to stay ahead of AI capabilities.
- AI could democratize innovation, allowing to create indigenous innovation hubs without traditional infrastructure.
- While AI may one day achieve sentience, it will likely diverge from human consciousness.
- AI will eliminate certain roles, but it will also create new ones, making industries more efficient and specialized.
- Complacency is a catastrophic risk in fast-evolving technology, and excellence is essential for staying competitive in the AI era.
- The AI ecosystem surrounding AI and the speed of adoption has surprised him.
- AI risks are not only technical but philosophical as well and require guiding our designs particularly in regions with sociopolitical landscapes.
Read Full Article
25 Likes
For uninterrupted reading, download the app