Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

210

Image Credit: Medium

How Much Is Your Privacy Worth?

The government of a planet has introduced a plan to address reckless driving and traffic accidents.
They propose assigning driver credit scores to every car-owning citizen.
High-scoring drivers will be rewarded with car-related benefits, while low-scoring drivers will face increased costs.
To monitor driving behavior, the government plans to install cameras and microphones in every vehicle.

Read Full Article

12 Likes

Medium

Image Credit: Medium

BugBounty — Mastering the Basics (along with Resources)[Part-4]

Bug bounty hunting and web hacking are the focus of this section.
Recommended blogs and YouTube channels provide valuable resources in the field.
The resources include presentations from various conferences.
Social media profiles for further engagement: Twitter, LinkedIn, GitHub.

Read Full Article

Tech Radar

384

Image Credit: Tech Radar

Google thinks these are the biggest security threats facing businesses in 2025

Google predicts that artificial intelligence (AI) will be one of the biggest security threats in 2025.
State-sponsored attacks, with countries like Russia, China, Iran, and North Korea being the 'Big Four' threats, will continue to target critical infrastructure.
AI will be used by both defenders and attackers in cybersecurity, with an increase in deepfake and generative AI-based attacks.
Ransomware, data theft extortion, and infostealer campaigns are expected to persist as major security challenges in the upcoming year.

Read Full Article

23 Likes

TronWeekly

379

Image Credit: TronWeekly

Bitfinex Hacker, Ilya Lichtenstein ‘Razzlekhan’ Sentenced To 5 Years For Multi-Billion Theft

Ilya Lichtenstein has been sentenced to five years imprisonment for orchestrating the Bitfinex cryptocurrency theft and money laundering.
The theft was a result of a 2016 Bitfinex hack, leading to the illegal transfer of 119,754 Bitcoins worth billions.
Lichtenstein used sophisticated hacking tools and conducted fraudulent transactions, while his wife Heather Morgan assisted in laundering the stolen funds.
The case highlights the severity of cybercrimes, the importance of digital security measures, and the ongoing efforts to combat cryptocurrency theft.

Read Full Article

22 Likes

Discover more

Hackernoon

Image Credit: Hackernoon

Security in Generative AI Infrastructure Is of Critical Importance

Generative AI industry is growing, but data security and model safety are becoming a significant concern for businesses for effective and secure models.
According to IBM's survey, 82% of respondents accepted that security in AI is essential to their business, but only 24% of projects have parts to secure the initiative.
Data poisoning, model manipulation, prompt injection attacks, and supply chain attacks pose significant risks to GenAI infrastructure.
To secure GenAI infrastructure, one needs to implement secure-by-design architecture that covers secure data ingestion infrastructure, data manipulation operations, model deployment, and user interaction.
Supply chain attacks are more complex to prevent, but digitally signing all pieces, and pieces and validation before deployment can be a good start.
It's important to secure customer data to protect users' trust as the conversations are between a human and a machine, and the personal nature of such discussions should be treated like human-to-human conversations.
Security is not an add-on, it should be weaved in and through the entire infrastructure rather than just being slapped on top of it to pass regulations and compliance.
Individuals themselves need to become security champions and create a culture shift for better security practices in the GenAI industry.
Moving forward with GenAI innovation while sidelining security is equivalent to playing with fire, resulting in disastrous consequences such as lost customer trust, personal data leak, and government-imposed penalties.
Organizations and individuals who recognize the importance of security in GenAI and act proactively will be best positioned to thrive and overcome dangers and regulatory hurdles.

Read Full Article

3 Likes

Securityaffairs

343

Image Credit: Securityaffairs

Glove Stealer bypasses Chrome’s App-Bound Encryption to steal cookies

The Glove Stealer malware exploits a new technique to bypass Chrome’s App-Bound encryption and steal browser cookies.
Glove Stealer is a .NET-based information stealer that targets browser extensions and locally installed software to steal sensitive data.
The malware bypasses Chrome’s App-Bound Encryption by utilizing the IElevator service.
The campaign observed by researchers used a phishing message with an HTML file attachment to trick users into executing malicious scripts.

Read Full Article

20 Likes

VentureBeat

333

Image Credit: VentureBeat

What Okta’s failures say about the future of identity security in 2025

2025 needs to be a year for identity management providers to improve every aspect of software quality and security, with a focus on red teaming while increasing transparency and becoming objective about outcomes beyond standards.
Identity management providers, including Okta, need to follow the lead of leading AI companies that have revolutionized their release processes by implementing more extensive red teaming processes.
Okta, like other identity management vendors, signed the CISA Secure by Design Pledge, but it is still grappling with getting authentication right, as evidenced by its advisory about usernames for over 52 characters.
Leading vendors, such as Google Cloud and Microsoft, have made MFA mandatory for all users by 2025; Okta should focus on using more red teaming to improve its vulnerability management initiatives.
Improving security posture should be a priority for identity management vendors; they can learn from Anthropic and OpenAI by focusing on more continuous human-machine collaboration when testing, excelling at adaptive identity testing, prioritizing specific domains for red teaming, automating attack simulations, and integrating real-time threat intelligence.
Identity management vendors should recognize that standards are valuable frameworks for guiding continuous improvement but should focus on increasing their red team function's intensity.
Red teaming is essential to stay competitive, catch errors before they ship, and simulate aggressive attacks to stay a pace with adversaries.

Read Full Article

20 Likes

Pymnts

Image Credit: Pymnts

Making Sense of FinCEN’s Jan. 1 Business Ownership Reporting Requirements

Many firms and corporations in the U.S. must comply with new reporting requirements implemented by FinCEN under the Corporate Transparency Act.
Reporting companies must provide the government with beneficial ownership information to prevent money laundering and tax evasion.
Exemptions exist for larger entities and those created before Jan. 1, 2024.
The rule could disproportionately impact small businesses, but digital solutions are emerging to streamline the compliance process.

Read Full Article

2 Likes

VentureBeat

306

Image Credit: VentureBeat

Google Gemini unexpectedly surges to No. 1, over OpenAI, but benchmarks don’t tell the whole story

Google's experimental model, Gemini-Exp-1114, has surpassed OpenAI's GPT-4o in an AI benchmark.
Gemini-Exp-1114 demonstrated superior performance in mathematics, creative writing, and visual understanding.
However, traditional testing methods may not effectively measure true AI capabilities, as benchmark rankings can be misleading.
The focus on quantitative benchmarks may overshadow important aspects of AI system reliability and real-world safety.

Read Full Article

18 Likes

Medium

237

Case Study: Deceptive Delight Jailbreak Analysis Author: David Kuszmar Date of Publication…

The author conducted tests to understand the interaction between the Deceptive Delight jailbreak and LLMs.
Tests involved escalating complexity of prompts to exploit loopholes and assess the model's resilience.
Observations revealed strengths and potential vulnerabilities in the model's defenses.
Recommendations include improving contextual recognition, implementing adaptive defenses, and ongoing testing.

Read Full Article

14 Likes

Siliconangle

402

Image Credit: Siliconangle

From security challenges to AI workflows: Open-source ecosystems fuel integration and innovation across industries

Open-source projects are driving innovation and collaboration in industries such as artificial intelligence, security, and platform engineering.
The emphasis is on interoperability, enhancing developer experiences, and reducing complexity in the pursuit of sustainable innovation.
Kubernetes and other open-source projects have become critical ecosystems that foster collaboration and innovation across diverse fields.
The industry aims to simplify Kubernetes, promote standardization, and focus on creating meaningful collaborations and cool things.

Read Full Article

24 Likes

Dev

123

Image Credit: Dev

Security news weekly round-up - 15th November 2024

A malicious PyPI package with 37,000 downloads has stolen AWS keys.
Hackers are using ZIP file concatenation technique to evade detection.
Cybercriminals are spreading the Remcos RAT malware using an Excel exploit.
Hackers are hiding malicious code in macOS extended file attributes.

Read Full Article

7 Likes

Coin Telegraph

215

Backpack Wallet, Blockaid prevent $26.6M loss from DeFi attacks on Solana

Blockaid, a security firm, detected over 71,000 malicious activities on the Solana network.
Backpack Wallet identified malicious actors targeting over 5% of its users on Solana.
The partnership between Backpack Wallet and Blockaid prevented potential losses of $26.6 million.
Scammers and attackers are disproportionately targeting users on the Solana ecosystem.

Read Full Article

12 Likes

Medium

398

Image Credit: Medium

What Country Owns Nordvpn? — Comprehensive Guide And FAQs

NordVPN is owned by Nord Security, which is based in Panama, a country with strong privacy laws and doesn’t impose mandatory data retention.
NordVPN launched in 2012 and has become popular due to its vast server network, commitment to online security, and user-friendly interface.
NordVPN has over 5,400 servers in more than 60 countries, employs robust encryption standards, and offers features like CyberSec technology to block ads.
Panama’s legal system, which provides additional layers of privacy, helps protect NordVPN users from potential governmental scrutiny.
NordVPN also offers additional products such as NordPass, a password manager, and NordLocker, a file encryption solution.
NordVPN doesn’t track, collect, or store any information regarding your internet activity, thus effectively ensures the no-logs policy.
NordVPN is highly secure as it employs various protocols to ensure that your data remains secure during transit. It also comes equipped with a Kill Switch feature and Double VPN feature.
NordVPN offers multiple subscription plans ranging from monthly, yearly, or bi-yearly subscriptions, with reductions on long-term commitments and a 30-day money-back guarantee.
NordVPN has a user-friendly interface making it easy for anyone to navigate. The company also offers 24/7 customer support via live chat and email.
Using NordVPN is legal in most countries and it is optimized for streaming services, P2P file sharing, and for bypassing the Great Firewall, making it an option for users in countries such as China.

Read Full Article

23 Likes

Siliconangle

Image Credit: Siliconangle

AI agents are on the march, but will they justify the endless big spending on AI?

Agentic artificial intelligence, the notion of AI agents that can semiautonomously conduct a series of tasks without much human involvement, is gaining momentum.
Despite worries that AI and big-data spending is getting out of hand, investments continued this week with xAI seeking to raise $6 billion, CoreWeave landing a big slug from Cisco, and Writer reeling in $200 million more.
AI and big data were unsurprisingly the big topics at KubeCon + CloudNativeCon conference in Salt Lake City; next week, the earnings kahuna is Nvidia, the most valuable public company in the world.
This week we saw the deployment of new services from Google and Red Hat, but AI experts are cautioning that agentic AI is still largely in its hype cycle.
Advanced Micro Devices plans to cut 4% of its staff to double down on AI, while Cisco Systems is still struggling to restore revenue growth despite its early AI progress.
The FBI has raided the home of the CEO of Polymarket as part of an investigation into allegations that it illegally allowed US citizens to participate in betting.
The Federal Trade Commission is reportedly looking into potential anticompetitive behavior by Microsoft's cloud practices, although it is unclear how the new presidential administration will handle the case.
This week, data software companies including Snowflake, NetApp, and Elastic all reported their earnings.
In terms of personnel announcements, OpenAI's co-founder Greg Brockman returned to the company, while AI developer Francois Chollet left Google to start his own company.
There's also new industry leadership, as Bill Robbins takes on president of Menlo Security and Tony Alika Owens becomes CEO of lakehouse customer data platform Amperity.

Read Full Article

For uninterrupted reading, download the app