menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Medium

1M

read

91

img
dot

Image Credit: Medium

Pakistan NADRA Data Leak: A Wake-Up Call for National Security and Privacy

  • Pakistan NADRA Data Leak raises concerns about national security and privacy.
  • The leak involves millions of sensitive information of Pakistanis, including biometrics, ID numbers, and addresses.
  • Potential damage includes identity theft and threats to national security.
  • Experts point out inadequate safety measures and cyber attack as possible causes of the leakage.

Read Full Article

like

5 Likes

share

1 Share

source image

Siliconangle

1M

read

448

img
dot

Image Credit: Siliconangle

Data breach exposes 122M records from DemandScience following initial denials

  • A database with information on 122 million people has been confirmed to have been stolen from DemandScience US LLC.
  • The data was initially denied by DemandScience but later confirmed as authentic.
  • The leaked data originated from a system that had been decommissioned two years ago.
  • The data breach raises concerns about data exposure and the impact on DemandScience's business.

Read Full Article

like

26 Likes

share

6 Shares

source image

Securityaffairs

1M

read

398

img
dot

Image Credit: Securityaffairs

Hackers target critical flaw CVE-2024-10914 in EOL D-Link NAS Devices

  • Hackers have started targeting the critical flaw CVE-2024-10914 in end-of-life (EOL) D-Link NAS devices.
  • The vulnerability is a command injection issue that affects certain D-Link NAS devices.
  • The flaw allows remote OS command injection via the cgi_user_add function.
  • Exploitation attempts have been observed since November 12th.

Read Full Article

like

23 Likes

share

5 Shares

source image

Siliconangle

1M

read

73

img
dot

Image Credit: Siliconangle

Bitsight acquires threat intelligence provider Cybersixgill for $115M

  • Bitsight Technologies acquires cybersecurity startup Cybersixgill Inc. for $115 million.
  • Bitsight provides cybersecurity solutions and ranks vulnerabilities by severity.
  • Cybersixgill collects data about hacker activities through its threat intelligence platform.
  • Bitsight plans to integrate Cybersixgill's technology to offer deeper insights to customers.

Read Full Article

like

4 Likes

share

1 Share

source image

Digitaltrends

1M

read

160

img
dot

Image Credit: Digitaltrends

Windows 11 takes a break on updates until 2025

  • Microsoft has confirmed that it is going on holiday break for Windows 11 updates, indicating that any major software features won’t be released until January 2025.
  • There won’t be any preview updates released in December 2024, outside of monthly security releases.
  • Microsoft is halting the progress of the Preview Build OS version of Windows 11 during the holiday season, as many staff members will be on break.
  • Recent security update addressed 91 vulnerabilities in Windows 11, including four actively exploited zero-day vulnerabilities.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

1M

read

297

img
dot

Image Credit: Tech Radar

This devious new malware is going after macOS users with a whole barrel of tricks

  • Security researchers discover new macOS malware likely built by North Korean Lazarus group.
  • Malware named RustyAttr abuses extended attributes for macOS files to deploy payload.
  • Malware uses novel obfuscation methods and was signed using a legitimate Apple developer ID.
  • Researchers believe the malware was built to test new delivery and obfuscation methods on macOS devices.

Read Full Article

like

17 Likes

share

4 Shares

source image

Dev

1M

read

228

img
dot

Image Credit: Dev

Protect Your Wi-Fi: 3 Steps to Maximum Security! 🛡️

  • Wi-Fi security is crucial to protect personal data and prevent cyberattacks.
  • Understanding Wi-Fi security protocols: WEP is weak, WPA2 is the standard, and WPA3 offers advanced protection.
  • Authentication modes: Use complex passwords, prioritize WPA2-Personal or WPA3, disable WPS, and consider MAC address filtering.
  • Practical tips: Change router password, hide SSID, keep router updated, and enable connection alert notifications.

Read Full Article

like

13 Likes

share

3 Shares

source image

Sdtimes

1M

read

242

img
dot

Image Credit: Sdtimes

Report: Less complex applications are more likely to have security vulnerabilities than their more complex counterparts

  • A recent analysis from Black Duck found that less complex applications are more likely to have security vulnerabilities than their more complex counterparts.
  • Small and medium complexity applications were found to have more critical vulnerabilities compared to larger complexity applications.
  • High-risk industry sectors such as finance and insurance, healthcare, and information services had the most critical vulnerabilities.
  • Common vulnerabilities include cryptographic failures, injection vulnerabilities, and security misconfigurations.

Read Full Article

like

14 Likes

share

3 Shares

source image

Pymnts

1M

read

448

img
dot

Image Credit: Pymnts

Intellicheck CEO Sees Demand for Banking ID Verification as Fraudsters Grow Bolder

  • Intellicheck shares fell by 12% after revenue slightly missed expectations.
  • The company sees potential for growth in identity verification in real estate and banking sectors.
  • Third-quarter revenue was $4.7 million, similar to last year, with SaaS revenue leading the way.
  • Intellicheck has secured multiyear agreements with regional banks and is witnessing growth in the automobile and real estate segments.

Read Full Article

like

26 Likes

share

6 Shares

source image

Dataprivacyandsecurityinsider

1M

read

73

img
dot

Image Credit: Dataprivacyandsecurityinsider

Joint Advisory Lists Top Routinely Exploited Vulnerabilities

  • The Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the National Security Agency, along with security partners, issued a cybersecurity advisory on the '2023 Top Routinely Exploited Vulnerabilities'.
  • Threat actors exploited more zero-day vulnerabilities in 2023 compared to the previous year.
  • The advisory recommends implementing secure software development practices, prioritizing secure default configurations, applying timely patches, and using security tools.
  • Additional resources and a list of the top exploited vulnerabilities are provided in the advisory.

Read Full Article

like

4 Likes

share

1 Share

source image

TechCrunch

1M

read

54

img
dot

Image Credit: TechCrunch

New Apple security feature reboots iPhones after 3 days, researchers confirm

  • Apple's new iPhone software has a security feature that reboots the phone if it remains unlocked for 72 hours.
  • The feature, known as 'inactivity reboot', locks the user's encryption keys in the iPhone's secure enclave chip, making it harder for thieves to access data.
  • Security researchers confirmed the 72-hour timer for the feature, which puts iPhones in a more secure state.
  • While this feature makes it challenging for law enforcement to access data, it doesn't completely lock them out within the three-day timeframe.

Read Full Article

like

3 Likes

share

Share

source image

Tech Radar

1M

read

320

img
dot

Image Credit: Tech Radar

Another major US healthcare organization has been hacked, with potentially major consequences

  • American Associated Pharmacies (AAP) has suffered a ransomware attack.
  • The attackers, known as Embargo, claim to have stolen almost 1.5TB of sensitive data.
  • AAP paid $1.3 million to have its systems restored, and the attackers are demanding an additional $1.3 million to keep the stolen files private.
  • The leaked data could potentially lead to class-action lawsuits and regulatory pressure on AAP.

Read Full Article

like

19 Likes

share

4 Shares

source image

VentureBeat

1M

read

357

img
dot

Securing the AI frontier: Protecting enterprise systems against AI-driven threats

  • Weaponized AI attacks targeting identities will be the greatest enterprise cybersecurity threat by 2025.
  • Large Language Models (LLMs) are the new power tool of choice for rogue attackers, cybercrime syndicates and nation-state attack teams.
  • 84% of IT and security leaders found AI-powered tradecraft more complex to identify and stop, according to a recent survey.
  • Deepfakes lead all other forms of adversarial AI attacks, and were involved in nearly 20% of synthetic identity fraud cases.
  • Synthetic identity fraud is on pace to defraud financial and commerce systems by nearly $5 billion this year alone.
  • Ivanti’s recent report finds that 74% of businesses are already seeing the impact of AI-powered threats.
  • Adversarial AI techniques are expected to advance faster than many organizations’ existing approaches to securing endpoints.
  • Every security and IT team needs to treat endpoints as already compromised, focus on new ways to segment them and minimize vulnerabilities at the identity level.
  • The answer is not necessarily spending more money, but about finding practical ways to harden existing systems.
  • AI’s ability to protect identities and enforce least privileged access will become more pronounced in 2025.

Read Full Article

like

21 Likes

share

5 Shares

source image

VentureBeat

1M

read

212

img
dot

Anthropic’s new AI tools promise to simplify prompt writing and boost accuracy by 30%

  • Anthropic has launched a new suite of tools designed to automate and improve prompt engineering in its developer console.
  • The new features aim to help developers create more reliable AI applications by refining the instructions—known as prompts—that guide AI models like Claude in generating responses.
  • The core of the updates is the Prompt Improver, a tool that uses best practices in prompt engineering to automatically refine existing prompts.
  • Anthropic’s tools aim to bridge the gap between different AI platforms, allowing developers to adapt prompts designed for other AI systems to work seamlessly with Claude.
  • The quality of prompts plays a key role in determining the performance of AI systems such as customer service and data analysis. Anthropic's new tools directly respond to the growing complexity of prompt engineering, which has become a critical skill in AI development.
  • Anthropic's new release includes an example management feature which allows developers to manage and edit examples directly in the Anthropic Console.
  • The flexibility to refine prompts and request changes without the need for extensive manual intervention could be a key differentiator in the competitive AI landscape.
  • Anthropic's approach stands out for its practical focus, aiming to make AI work better, faster, and more reliably, delivering quantifiable improvements—like a 30% boost in accuracy—while giving technical teams the flexibility to adapt and refine as needed.
  • As businesses increasingly integrate AI into their operations, they need to fine-tune models to meet their specific needs and Anthropic’s new tools aim to ease this process.
  • Anthropic has built its reputation on responsible AI, championing safety and reliability—two pillars that align with the needs of businesses navigating the complexities of AI adoption.

Read Full Article

like

12 Likes

share

2 Shares

source image

Infoblox

1M

read

54

img
dot

Image Credit: Infoblox

DNS Predators Hijack Domains to Supply their Attack Infrastructure

  • A report by Infoblox Threat Intel estimates that over 1 million registered domains could be vulnerable to Sitting Ducks attack, an underreported domain hijacking attack that uses misconfigured Domain Name System (DNS) settings to take over a website and use it to establish an attack infrastructure.
  • The most common victims of the Sitting Ducks attack are well-known brands, non-profits and government entities with well-reputed domain names.
  • The attack vector is relatively easy to execute and is often exploited by cybercriminals to evade existing detections and strengthen their malicious campaigns.
  • Researchers have seen cases of rotational hijacking, where a domain is hijacked by multiple actors over time.
  • Infoblox Threat Intel has identified two groups, Vextrio Viper and Vacant Viper, who have used this vector to strengthen their cyber-attacks, including malicious spam operations, porn delivery, establishing remote access trojan (RAT) control channels, and dropping malware.
  • Horrid Hawk and Hasty Hawk are the latest groups using Sitting Ducks attack. Horrid Hawk has been hijacking domains and using them for investment fraud schemes, while Hasty Hawk has hijacked over 200 domains to operate widespread phishing campaigns.
  • Organizations or businesses that own the vulnerable domains, as well as individuals who inadvertently access the malicious content or infrastructure, are the main victims of Sitting Ducks attack.
  • Sitting Ducks attacks are relatively easy to perform and difficult to detect. DNS misconfigurations are an oversight arising from many factors. However, this attack vector is entirely preventable with correct configurations at the domain registrar and DNS providers.
  • Infoblox Threat Intel experts created an extensive report that explains the details behind how Sitting Ducks attacks work and how to identify a compromised domain.
  • The report also explores how Vipers and Hawks execute Sitting Ducks attacks to create an infrastructure resistant to security vendor detection.

Read Full Article

like

3 Likes

share

Share

Prev

150
151
152
153
154
155
156
157
158
159
160

Next

For uninterrupted reading, download the app