menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Neuways

1M

read

105

img
dot

Image Credit: Neuways

Microsoft Visio Files Used in Sophisticated Phishing Attacks

  • A surge in sophisticated phishing attacks using Microsoft Visio files (.vsdx format) has been flagged by cyber security experts.
  • Attackers leverage the Visio platform to embed malicious URLs that bypass traditional security measures.
  • Phishing attacks using trusted platforms like SharePoint and Visio are becoming more common.
  • To defend against these attacks, experts recommend sender verification, multi-factor authentication, cybersecurity training, and advanced email security solutions.

Read Full Article

like

6 Likes

share

1 Share

source image

Dev

1M

read

178

img
dot

Image Credit: Dev

Understanding the different types of SSH Keys

  • SSH keys are a pair of cryptographic keys - a public key and a private key.
  • The different types of SSH keys are RSA, ECDSA, and Ed25519.
  • RSA keys are widely accepted and supported, ECDSA keys are more efficient and have smaller key sizes, and Ed25519 keys are highly secure.
  • RSA keys are recommended for general purposes, ECDSA and Ed25519 keys are suitable for resource-constrained devices, and Ed25519 keys are recommended for high-security environments.

Read Full Article

like

10 Likes

share

2 Shares

source image

Mcafee

1M

read

380

img
dot

Image Credit: Mcafee

What is the Dark Web?

  • The dark web is a small and highly anonymous portion of the internet associated with criminal activities such as identity theft and data breaches.
  • It is a part of the deep web, which accounts for 95% of the internet not searchable by the public and accessible only through a special browser.
  • The dark web was developed by the US Department of Defense in the 1990s for anonymous and encrypted communications, and is mostly used for legitimate purposes such as circumventing censorship or private communication.
  • However, it is also home to numerous illegal activities and marketplaces for purchasing malware, stolen information, and services for cybercrime.
  • To protect oneself from cybercriminals on the dark web, online protection software, identity monitoring service, credit monitoring, two-factor authentication, strong and unique passwords, and close of unused or risky accounts can be used.
  • McAfee's credit monitoring service and Online Account Cleanup tool can help users monitor their credit score and clean up unnecessary online accounts respectively.
  • Understanding the dark web and its links to cybercrime can help users protect themselves better from online threats and reduce the risk of identity theft.

Read Full Article

like

22 Likes

share

5 Shares

source image

Medium

1M

read

196

img
dot

Image Credit: Medium

Privacy Talk with Kim Hamilton Duffy, Executive Director of Decentralized Identity Foundation: Why…

  • Kim Hamilton Duffy, Executive Director of Decentralized Identity Foundation, shares her journey in the digital identity space and the challenges of balancing trust and privacy online.
  • Duffy discusses how her passion for new, unsolved problems led her to focus on blockchain and decentralized identity solutions.
  • She highlights the importance of verifiable credentials and decentralized identifiers in protecting privacy and allowing individuals to manage their own data.
  • The Decentralized Identity Foundation also focuses on ecosystem growth through demonstrating and showcasing use cases, with regional special interest groups like the Japan special interest group.
  • Duffy's work on credentials began while she was CTO at Learning Machine, where they focused on ensuring learning and working credentials remained usable through blockchain solutions like the Blockcerts standard.
  • She emphasizes the importance of being able to prove your credentials are about yourself to convince others while maintaining privacy.
  • The article is a part of the Privacy Talk series, a global community with diversified experts.
  • Duffy’s technical background includes two decades of experience in software engineering and distributed systems.
  • She has held leadership roles in technical standards and interoperability groups such as World Economic Forum, W3C, and US Chamber of Commerce Foundation.
  • Duffy holds an M.S. in Applied Math from Cornell University and a B.S. in Mathematics from the University of Texas.

Read Full Article

like

11 Likes

share

2 Shares

source image

Medium

1M

read

334

img
dot

Image Credit: Medium

Privacy Talk with Kim Hamilton Duffy, Executive Director of Decentralized Identity Foundation: What…

  • Learning Machine started with a focus on educational and workforce credentials, where lifelong learners could access, manage, and decide who they share them with, in contrast to the current models.
  • The challenges were still the adoption for relying parties or consumers especially in regards to the self-sovereign identity stack, which is pretty complex.
  • People can lead their own educational and workforce journeys, and then be able to find new opportunities by being able to establish trust in these micro credential certifications of competency.
  • Academics like MIT were involved in this space, with a focus on public claims or credentials and anchoring hashes rather than storing the full credential.
  • They immediately became aware of risks, where public data can be used against them, especially if someone changes their mind, is going into witness protection or for any reasons, do not want to be traceable.
  • The way GDPR was characterised, it addressed any form of correlatable data, which led to dvelopment of did methods that are not on-chain.
  • Personal data on blockchain is too risky as re-identification can be too easy.
  • In their paper Decentralized Identity Foundation mentioned on the blogs and article, privacy identification in the AI period focused on sifting into the data minimization and inclusions of the processes of the credential issuing.
  • They discuss how to achieve the equivalent interest in privacy identification in the AI period.
  • Kim highlights that decentralized identity types of approaches are becoming more appealing where reusability of KYC credential, within organization to satisfy multiple jurisdiction KYC use cases.

Read Full Article

like

20 Likes

share

4 Shares

source image

Medium

1M

read

18

img
dot

Image Credit: Medium

Privacy Talk with Kim Hamilton Duffy, Executive Director of Decentralized Identity Foundation: How…

  • The challenge of balancing privacy and identification with AI is enormous, and creating trust in online interactions is becoming increasingly difficult.
  • Identity verification techniques across the board are broken.
  • The paper's premise is that although AI can pretend to be human in certain ways, there are other things they cannot do.
  • They propose a method called personhood credentials that uses a verifiable credential type approach.
  • The requirements in the paper are a good start, but people need to be precise about the problem that they're solving.
  • One of the requirements is unlinkable pseudonymity, where a real identity cannot be determined from the interactions within a service provider.
  • Kim Hamilton Duffy, Executive Director of Decentralized Identity Foundation, suggests that blockchain space might be helpful in this area and helps make use of AI tools.
  • The Foundation is focused on understanding the problem parts and raising awareness through a hackathon that will explore what a verifiable credential might look like.
  • Decentralized identity solutions are standing out as an opportunity to build better foundations, and Kim invites anyone interested to join their conversations.
  • The paper had a great initial list of risks of personhood credentials, but they want to build that out even more, and that's an issue that needs a lot of focus on.

Read Full Article

like

1 Like

share

Share

source image

Tech Radar

1M

read

270

img
dot

Image Credit: Tech Radar

Data broker has database of over 100 million people swiped and put up for sale online

  • A hacker is selling a database of 183 million contact details, including email addresses, stolen from a data broker.
  • The data broker confirmed that the information was scraped from public sources and does not include sensitive personal information.
  • The database includes business email addresses, postal addresses, phone numbers, employer names, job titles, and links to social media.
  • At the time of reporting, it is unknown if the database has been sold or if there has been any abuse of the information.

Read Full Article

like

16 Likes

share

3 Shares

source image

TechJuice

1M

read

361

img
dot

Image Credit: TechJuice

Pakistan Set to Unveil Its First AI Policy by 2025

  • Pakistan is set to unveil its first AI Policy by 2025.
  • The policy aims to strengthen cybersecurity and the country's digital economy.
  • It will focus on using AI to monitor the internet for suspicious activity and secure private information.
  • Pakistan is forming CERTs for specific areas and aiming for a safe digital economy.

Read Full Article

like

21 Likes

share

5 Shares

source image

Dev

1M

read

421

img
dot

Image Credit: Dev

Kubernetes Custom Resources

  • Custom resources allow extending the Kubernetes API and defining new resource types to tailor the environment according to specific application needs.
  • Custom resources appear or disappear dynamically depending on their registration to allow more modular cluster setups.
  • Custom controllers extend the functionalities of Kubernetes resources in working with custom resources.
  • Custom controllers allow declaring a desired state of a resource and ensuring the actual state is consistent with that declaration.
  • Custom resources are appropriate alternatives for configuring APIs using a declarative model.
  • In a Kubernetes dashboard, custom resources should be aggregated to be presented with the native resource types.
  • ConfigMaps are a good fit for frequently rolling updates, as they can easily be fitted into any given deployment strategy.
  • Aggregated APIs are flexible in terms of custom storage solutions, validation features, and custom business logic, making them suitable for advanced usage.
  • When using custom resources, exhaustive testing and monitoring, as well as proper authentication and access privileges, are necessary to prevent unauthorized access and resource overloading.
  • Understanding when to use CRDs versus Aggregated APIs is crucial for effectively leveraging extensibility in Kubernetes.

Read Full Article

like

25 Likes

share

5 Shares

source image

Wired

1M

read

358

img
dot

Image Credit: Wired

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity

  • Donald Trump’s second term as president will be a breath of fresh air for spyware firms and hackers trying to break AI systems. Trump will eliminate or significantly curtail Biden’s efforts to restrict the spread of spyware, apply guardrails to AI, and combat online misinformation. The incoming Trump administration is likely to scrap Biden’s ambitious effort to impose cyber regulations on sectors of US infrastructure and focus on protecting critical infrastructure, government networks, and key industries from cyber threats.
  • Trump’s election likely spells doom for CISA’s work to counter mis- and disinformation, especially around elections. Trump is also unlikely to continue the Biden administration’s campaign to limit the proliferation of commercial spyware technologies, which authoritarian governments have used to harass journalists, civil-rights protesters, and opposition politicians.
  • Biden’s purity push in tech sector will be watered down. Policies requiring corporate responsibility, efforts to prevent hackers from abusing products, and proposals to make software vendors liable for damaging vulnerabilities are unlikely to receive strong support from the incoming Trump administration.
  • Elements of Biden’s AI safety agenda that focus on AI’s social harms, like bias and discrimination, as well as his requirement for large AI developers to report to the government about their model training may be on the chopping block.
  • Trump is likely to embrace a more muscular response against cyberattacks from foreign adversaries like Russia, China, Iran, and North Korea. The Trump administration may look more favorably on creating a separate military cyber service and take a more skeptical view of the joint leadership of Cyber Command and the National Security Agency.
  • China could come under further constraints, with authorities already created during Trump’s first term to block the use of risky technology in the US. The Trump administration will look at the full set of policy levers when deciding how to push back on China in cyberspace.
  • The final rule requiring CISA to create cyber incident reporting regulations for critical infrastructure operators could be revised to be more industry-friendly. New appointees could force this agency staff to rewrite the rules to be more industry-friendly.
  • The secure-by-design campaign that encourages companies to create secure products will remain at most a rhetorical slogan under Trump’s administration.
  • Trump will put emphasis on cyber strategies that benefit business interests, downplay human-rights concerns, and emphasize aggressive offense against the cyber armies of Russia, China, Iran, and North Korea.
  • Trump will discard Biden’s efforts to impose cyber regulations on sectors of US infrastructure that currently lack meaningful digital-security safeguards.

Read Full Article

like

21 Likes

share

5 Shares

source image

TechBullion

1M

read

239

img
dot

Image Credit: TechBullion

Cybersecurity Leadership with Nishant Sonkar: Insights on Safeguarding the Digital Frontier

  • Nishant Sonkar, a cybersecurity trailblazer and seasoned compliance professional at Cisco, highlights sophisticated ransomware attacks as one of today’s top threats. Automation is indispensable, particularly for repetitive tasks like monitoring and threat detection, but Nishant warns that automation must be complemented by human oversight. Zero-trust architecture shifts the focus from perimeter-based defenses to verifying every user and device. Managing third-party risk requires a strategic and layered approach, according to Nishant. AI and machine learning are transforming cybersecurity, especially in areas like threat detection and predictive analysis.
  • True cybersecurity excellence requires viewing compliance as an integral part of comprehensive risk management strategy, not just a regulatory checkbox. Risk management starts with identifying potential threats unique to the organization and mapping out the controls required to mitigate them effectively. Strong access controls and data encryption—both at rest and in transit—are fundamental. Regular training on phishing awareness, secure password practices, and social engineering can make a substantial impact.
  • Nishant recommends regular audits, access reviews, and clear contractual obligations to hold third-party vendors accountable for data security, reducing potential exposure across partnerships. Zero-trust architecture minimizes the risk of unauthorized access and lateral movement by requiring that each access request be authenticated and authorized based on contextual information. Nishant cautions that AI models are still susceptible to adversarial attacks.
  • With the growth of IoT and remote work, Nishant sees new challenges emerging in endpoint security and attack surface management. The future of cybersecurity, he believes, will increasingly focus on real-time threat detection and predictive analytics, enabling organizations to stay ahead of increasingly sophisticated adversaries.

Read Full Article

like

14 Likes

share

3 Shares

source image

Hackernoon

1M

read

169

img
dot

Image Credit: Hackernoon

Dependency Management is Critical for Disaster Recovery After a Security Incident

  • Dependency management is critical for businesses to recover data and restore services after a cyber attack.
  • To ensure service availability and reliability, organizations require a comprehensive data and dependency catalog including relationships between each entity.
  • Following a disaster recovery maturity model, businesses can progressively approach each level to reach their desired state of capability.
  • In a 4-level system, understanding and managing dependencies can be somewhere between Level 2 or Level 3.
  • Technical dependencies should be identified first, including direct and transitive dependencies, forming a directed acyclic graph.
  • Process dependency defines how different stakeholders work together to move forward, outlining release process or runbooks to invoke during an incident.
  • Continuous integration tools can enumerate and track direct code and library dependencies.
  • Dependency validation should be set up through automation with alerts in place to notify the appropriate people of any issues.
  • Dependencies requiring updating or removal can be identified and resolved at Level 3.
  • Manual and automated disaster recovery drills ensure businesses have robust contingency plans in place.

Read Full Article

like

10 Likes

share

2 Shares

source image

TechCrunch

1M

read

36

img
dot

Image Credit: TechCrunch

US confirms China-backed hackers breached telecom providers to steal wiretap data

  • Hackers with links to China breached U.S. telecommunication providers to access wiretap systems used by law enforcement.
  • AT&T, Lumen, and Verizon are among the telecom providers whose networks were breached.
  • The breaches led to the theft of customer call records data and compromised private communications of a limited number of individuals involved in government or political activity.
  • The hacking campaign, conducted by a China-linked group named 'Salt Typhoon,' also involved copying information subject to U.S. law enforcement requests.

Read Full Article

like

2 Likes

share

Share

source image

Fintechnews

1M

read

73

img
dot

Image Credit: Fintechnews

LSEG Taps IDVerse to Combat Deepfakes, Enhance Digital Identity Verification

  • The London Stock Exchange Group (LSEG) has partnered with IDVerse to strengthen its digital identity verification services.
  • This collaboration aims to combat digital deception threats, including synthetic media and deepfakes.
  • IDVerse's advanced technology, including its 'Zero Bias AI', will be integrated into LSEG's existing risk solutions.
  • The partnership focuses on improving document and biometric checks, addressing accessibility and fraud prevention.

Read Full Article

like

4 Likes

share

1 Share

source image

Blockonomi

1M

read

358

img
dot

Image Credit: Blockonomi

Phantom Wallet iOS Update Error Results in User Fund Access Problems

  • A technical malfunction in the latest Phantom wallet iOS update has resulted in some users losing access to their cryptocurrency funds.
  • Reports of losses have varied in scale, with one user claiming to have lost access to $600,000 worth of cryptocurrency.
  • Phantom operates as a non-custodial wallet and has released a new update to prevent the bug from affecting additional users.
  • The incident follows a previous downtime in October during the GRASS token airdrop.

Read Full Article

like

21 Likes

share

5 Shares

Prev

150
151
152
153
154
155
156
157
158
159
160

Next

For uninterrupted reading, download the app