Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Securityaffairs

370

Image Credit: Securityaffairs

Bitfinex hacker Ilya Lichtenstein was sentenced to 5 years in prison

Bitfinex hacker Ilya Lichtenstein has been sentenced to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex.
Over 96% of the stolen funds have been recovered, with most remaining unspent, according to defense attorney Samson Enzer and with assistance from Lichtenstein.
In February 2022, Lichtenstein and his wife were arrested for alleged conspiracy to launder $4.5 billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.
Lichtenstein used advanced hacking tools and techniques to breach Bitfinex’s network and laundered the stolen funds with the help of his wife.

Read Full Article

22 Likes

TechCrunch

169

Image Credit: TechCrunch

Think you need a VPN? Start here.

Thinking about getting a VPN? Before you take the plunge, consider whether you actually need one or if there are better options out there.
VPNs make a lot of promises, from protecting your privacy to improving internet speeds and protecting against malicious threats. However, it is not safe to trust that a VPN provider will protect all your internet browsing information.
If you are trying to circumvent government censorship or browse the web anonymously, Tor is the gold standard for private browsing.
Tor encrypts and routes users’ internet traffic through thousands of servers around the world, hiding their activity from outside sources.
If you are trying to bypass content geoblocking or remote access a computer or server located elsewhere, a VPN may help.
While VPNs may help in these cases, make sure to research any provider before trusting them with your private information.
If you do end up needing a VPN, consider making your own encrypted VPN server using open-source software.
Using the flowchart provided in the article can help you determine if you need a VPN or if there are better options available.
Remember, no matter what measures you take, no product or service is completely free from security flaws.
Always stay safe by researching and assessing any tool you plan on using.

Read Full Article

10 Likes

Amazon

402

Image Credit: Amazon

Secure by Design: AWS enhances centralized security controls as MFA requirements expand

AWS has enhanced its security measures by requiring the use of multi-factor authentication (MFA) for root users in the AWS Management Console.
Enabling MFA is an effective way to prevent unauthorized users from gaining access to systems or data.
The typical workplace now has complex security boundaries, which have contributed to user passwords being the new weakness in the security perimeter.
AWS monitors online sources for compromised credentials, blocks the use of them on its platform, and guards against setting weak passwords or suggesting default passwords.
AWS launched support for FIDO2 passkeys as an MFA method to offer customers a highly secure but user-friendly way to align with security requirements.
Customers can now enable centralized root access, which enhances security and reduces the number of passwords they have to manage and operational overhead.
Beginning in Spring 2025, customers who have not enabled central management of root access will be required to use MFA for their AWS Organizations member account root users.
Customers are recommended to use centralized root access feature to experience reduced operational effort while maintaining strong controls.
AWS continue to expand its MFA requirements to member accounts in organizations and roll this change out gradually.
Customers can learn more about how to use MFA at AWS from AWS MFA in IAM User Guide.

Read Full Article

24 Likes

Tech Radar

420

Image Credit: Tech Radar

Thousands of web domains hijacked in "sitting ducks" attack

"Sitting Ducks" attack allows crooks to take full control of target domain
Almost a million websites vulnerable to takeover, experts warn
Tens of thousands of websites already compromised this way
Attackers gain control of target domain's DNS configurations, redirecting web traffic to malicious sites

Read Full Article

25 Likes

Discover more

Tech Radar

269

Image Credit: Tech Radar

Chinese hackers are using this open-source VPN to mask spying activities

Chinese hackers are using the open-source SoftEther VPN to mask their illegal activities, according to a report by ESET.
Webworm APT group, linked to China, has been observed using SoftEther VPN Bridge to establish direct communication with compromised machines of EU governmental organizations.
Other APT groups like GALLIUM, Flax Typhoon, and MirrorFace have also been using SoftEther VPN during the research period.
It is recommended for organizations to be cautious of any SoftEther VPN executables on their network and block them if not necessary.

Read Full Article

16 Likes

The Register

Image Credit: The Register

Simplifying endpoint security

Managing the security of diverse endpoints has become complex and time-consuming.
Kaseya experts will discuss the benefits of consolidating security tools into a single platform.
Topics to be covered include reducing complexity, automating processes, and leveraging integrated solutions.
Register for the webinar to learn how unified endpoint management can enhance security and reduce operational headaches.

Read Full Article

1 Like

BGR

297

Image Credit: BGR

Brilliant AI bot imitates a granny to keep phone scammers on the line for hours

O2 has developed an AI chatbot called Daisy, designed to waste scammers' time by mimicking a friendly elderly lady.
The chatbot aims to prevent scammers from reaching vulnerable individuals, especially the elderly.
Daisy engages scammers in conversation, keeping them on the line for as long as possible.
This solution helps protect potential victims from falling for scams and giving away personal information.

Read Full Article

17 Likes

Dev

356

Image Credit: Dev

What's New in Open Source WAF, SafeLine V7.2.3?

Open Source WAF SafeLine V7.2.3 has been released.
Fixed compatibility issues with the waiting room in older browser versions.
Improved compatibility of the waiting room in scenarios where WS is not supported, such as on CDN.
Optimized the configuration interface for custom rules.

Read Full Article

21 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

The Rising Threat of Cloud Ransomware: A Global Concern for Businesses of All Sizes

Cloud ransomware has emerged as one of the most formidable and rapidly evolving cybersecurity threats in recent years, targeting cloud storage businesses of all sizes worldwide.
Researchers from SentinelLabs have highlighted the growing trend of ransomware gangs specifically targeting the IT systems that power cloud service providers (CSPs) such as Amazon Web Services (AWS) and Microsoft Azure.
The core reason behind this shift in tactics is simple yet alarming: attacking Cloud Service Providers offers distinct advantages over traditional endpoint attacks.
The rising frequency of cloud-based ransomware attacks signals a disturbing reality: cybercriminals are rapidly recognizing the enormous potential for profit that comes with encrypting large-scale cloud data.
Mitigating the Risks: Best Practices for Securing Cloud Workloads
Cloud providers must enforce stringent identity management practices, ensuring that only authorized users and applications can access sensitive cloud resources.
Organizations should also adopt a defense-in-depth strategy, integrating a combination of encryption, continuous monitoring, and incident response protocols to detect and mitigate potential threats before they escalate.
Additionally, businesses should ensure that their cloud backups are regularly updated and stored separately from their production environments.
As cloud computing continues to evolve and expand, so too will the sophistication of the ransomware threats targeting it.
Ultimately, securing cloud workloads is not just the responsibility of CSPs but also of the businesses that rely on these services.

Read Full Article

3 Likes

Tech Radar

339

Image Credit: Tech Radar

Congress questions Amazon over ‘dangerous and unwise’ TikTok partnership

The House Select Committee on China has expressed concerns over Amazon’s ecommerce partnership with TikTok.
Lawmakers met with representatives from Amazon to discuss the partnership, stating their concerns about the grave national security threat posed by TikTok.
Amazon's collaboration with TikTok may make it more difficult for the US to ban the app, given Amazon's size and influence.
TikTok has previously faced possible bans in the US over concerns about data sharing and national security, but has successfully fought against them.

Read Full Article

20 Likes

Pymnts

242

Image Credit: Pymnts

Apple Security Feature Reboots Phones After 72 Hours of Inactivity

Apple reportedly added a security feature to its latest iPhone operating system, iOS 18, that reboots the phone after it has remained unlocked for 72 hours.
This feature puts the phone in a more secure state, making it harder for thieves with less sophisticated forensic tooling to unlock a stolen phone, while also giving law enforcement three days to access the data of a criminal’s phone.
Rebooting the phone puts the device in a state into which its data remains encrypted and nearly impossible to access without the user’s passcode.
This report comes about two months after Apple unveiled its new smartphone lineup, iPhone 16, and its suite of artificial intelligence (AI) features called Apple Intelligence.

Read Full Article

14 Likes

Tech Radar

439

Image Credit: Tech Radar

Children's shoemaker Start-Rite confirms major security incident, full customer details leaked

Children's shoemaker Start-Rite confirms major security incident.
Customer payment information, including credit card data, exposed.
Details about the attackers and the extent of the breach are unknown.
Customers advised to disable cards and monitor transactions from October 14 onward.

Read Full Article

26 Likes

Securityintelligence

215

Image Credit: Securityintelligence

Cybersecurity dominates concerns among the C-suite, small businesses and the nation

Cybersecurity has become a boardroom topic of the utmost importance in many organizations around the world.
The 2024 Allianz Risk Barometer named cyber events the top global business risk.
According to Gartner, global information security spending is expected to grow 15% by 2025.
Cybersecurity expenditure is increasing due to a variety of factors including a widespread threat environment, cloud technology adoption and cybersecurity skills gaps.
Small businesses' cloud adoption and use of remote work has made them attractive targets as cybercriminals look to exploit vulnerabilities.
Generative AI tools have introduced a new dimension to the cybersecurity landscape with attackers increasingly using large language models and generative AI.
Gartner predicts that by 2027, 17% of total cyberattacks and data leaks will involve generative AI.
Organizations are ramping up their cybersecurity investments in response to the growing complexity and scale of cyber risk.
The market share of cloud-native security solutions is expected to grow significantly, driven by the growing number of businesses moving operations to the cloud.
The shortage of cybersecurity talent is driving force behind the increased spending as the demand for security services is expected to continue.

Read Full Article

12 Likes

Medium

379

Image Credit: Medium

Geofencing: A Technical Cybersecurity Deep Dive — Code, Concepts, and Privacy Safeguards

Geofencing leverages mobile device location data to create virtual boundaries around real-world locations.
Geofencing can be implemented using JavaScript and Python, with the use of Google Maps API and a Python server.
There are cybersecurity risks associated with geofencing, including potential threats to user privacy.
Developers and users can adopt privacy safeguards to mitigate cybersecurity risks and protect user data.

Read Full Article

22 Likes

Mcafee

384

Image Credit: Mcafee

How to Secure Your Digital Wallet

Digital Wallets are a convenient and secure way to store various payment methods on your smartphone. You can use apps like Apple Pay, Google Pay, Samsung Pay, PayPal, and others to store debit cards, credit cards, gift cards, and bank accounts.
To keep your digital wallet safe, it is important to protect your smartphone just as closely as you would your physical wallet. Here are a few tips:
Firstly, use a lock screen on your phone and set a unique passcode for your wallet. Never use the same passcode as your phone, and avoid common combinations such as birthdays, anniversaries, and phone numbers.
Secondly, always download the latest software updates and turn on automatic updates to ensure you never miss a new release. Developers are constantly finding and patching security holes, so the most up-to-date software is often the most secure.
Thirdly, download digital wallet apps directly from official websites and check how many downloads and reviews the app has. Make sure you’re downloading an official app and not an imposter.
Finally, learn how to remotely lock or erase your smartphone in case it gets lost or stolen. You can also prevent others from using your phone and erase it if you’re worried that it’s in the wrong hands.
Comprehensive online protection like McAfee+ plans can protect your phone, your privacy, and your identity. It blocks sketchy links, protects your identity, removes your personal information from shady data brokers, locks down your privacy settings on social media, and provides identity theft coverage.

Read Full Article

23 Likes

For uninterrupted reading, download the app