menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Securityaffairs

6d

read

28

img
dot

Image Credit: Securityaffairs

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

  • Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure.
  • The vulnerability (CVE-2023-34990) allows a remote, unauthenticated attacker to read sensitive files through relative path traversal.
  • The vulnerability impacts FortiWLM versions 8.6.0 through 8.6.5 and 8.5.0 through 8.5.4.
  • The vulnerability can be chained with another vulnerability to achieve remote arbitrary code execution.

Read Full Article

like

1 Like

source image

TechBullion

6d

read

358

img
dot

Image Credit: TechBullion

How Cybersecurity Can Save Our World: Expert Opinion by Philipp Lebedev

  • The importance of cybersecurity has reached a critical juncture with increasing interconnectivity through digital networks and the expansion of the attack surface. The need for a proactive and adaptive approach to cybersecurity is emphasized, including the use of strong passwords, regular software updates, and data backup, and employee training. National cybersecurity policies and international cooperation are necessary to combat global threats. The financial institutions and digital service providers must learn to stay one step ahead to effectively counter the ever-growing cybersecurity threats. The basic principles that should be considered in cybersecurity include Confidentiality, Integrity, Availability, Authentication, Authorisation, Disclaimer, Resilience, and Maintaining trust and confidentiality. Effective cyber security measures, such as using strong passwords, regularly updating software and backing up data, are fundamental in preventing and minimizing cyber-attacks.
  • The cybersecurity strategies must take a proactive and adaptive approach, including regularly updating security protocols with robust defenses such as encryption, multi-factor authentication, and auditing systems for vulnerabilities. Cybersecurity should be a high priority for businesses by training employees and protecting critical infrastructure from state-level cyber attacks.
  • Financial institutions need to adopt innovative technologies and stay one step ahead of ever growing cybersecurity threats, including cyber warfare, cryptojacking, anti-democratic cyberattacks, cyber espionage, and data breaches.
  • The basic principles that should be considered in Cybersecurity include Confidentiality (safeguarding sensitive information), Integrity (ensuring accuracy and consistency), Availability (minimizing downtime), Authentication, Authorisation, Disclaimer (providing reliable evidence of actions), Resilience (recovering disruptions), and Maintaining trust and confidentiality (protecting privacy).
  • 61% of organisations that have been victims of a hack reported having taken remedial action, which usually involved forensic analysis and temporary shutdown of systems. 53% of organisations that were hacked had their data stolen, and 30% had the potential for data theft.
  • Effective cybersecurity measures, such as using strong passwords, regularly updating software and backing up data, are fundamental in preventing cyber attacks and minimising their impact on different sectors. To protect the data, organizations must notify regulators and affected individuals.
  • To protect important information, people must use strong passwords, regularly update software, and back up data. They should also connect only to encrypted Wi-Fi networks, such as WPA2 or WPA3, and use strong passwords for protection.
  • Investing in cybersecurity and educating employees contributes to a secure digital environment, which in turn builds user confidence and protects society as a whole. Effective cybersecurity measures are fundamental in preventing cyber attacks and minimizing their impact on different sectors.
  • National cybersecurity policies and international cooperation are necessary to combat global threats. Cybersecurity must be seen as a way of life to effectively counter the ever-growing threats.
  • With cybercriminals becoming increasingly resourceful, it is important that both organizations and individual users embrace cyber security as a way of life. In this way, cybersecurity not only protects individual data, but also ensures the stability and security of our world.

Read Full Article

like

21 Likes

source image

Pymnts

6d

read

12

img
dot

Image Credit: Pymnts

ValidiFI: Cross-Referencing Identity Elements Helps Spot Fraud Risk

  • ValidiFI found that cross-referencing identity elements against bank account data can help spot fraud risk.
  • Consumers with multiple Social Security numbers, email addresses, or phone numbers linked to the same account are at a higher fraud risk.
  • Organizations need to implement a multilayered approach to fraud detection beyond standard account validation.
  • Heads of payment are experiencing rising uncertainty and direct losses from fraud.

Read Full Article

like

Like

source image

Medium

6d

read

321

img
dot

Image Credit: Medium

Flask Authentication and Authorization: A Beginner’s Guide

  • Flask Authentication and Authorization: A Beginner's Guide
  • This guide helps you understand the basics of building a Flask app with authentication and authorization.
  • Key components include setting up a database to hold user information, enabling user registration, login, and logout functionalities, and implementing role-based access control.
  • Templates are also important for creating a visually appealing user interface.

Read Full Article

like

19 Likes

source image

Hackernoon

6d

read

395

img
dot

Image Credit: Hackernoon

The Sneaky Way Web Browsers Are Identifying You (Even When You Turn Off Cookies)

  • Browser fingerprinting, not to be confused with cookies, is a method of canvasing various metrics about your browsing session to build an “image” of your activity.
  • Browser fingerprints are unique and are built over time from the activities you perform and the locations you visit on the web.
  • Browser fingerprints are collected in the background, mostly using a small piece of JavaScript, scanning all available browser and system parameters to create an image of you and your behaviors.
  • Fingerprinting has exploded in popularity due to its use in advertising and marketing, and is present on over a quarter of the Alexa Top 10,000 websites.
  • Unlike cookies, which need consent and can be blocked or deleted, fingerprints are invisible and track you silently.
  • Fingerprints use your hardware and browsing patterns, making them more persistent and harder to avoid than cookies, as they collect data passively.
  • Browser fingerprinting raises significant ethical concerns due to its covert and invasive nature, raising issues of privacy, transparency and discrimination.
  • Anti-detect browsers are designed to randomise or mask the unique signatures that fingerprinting tools rely on.
  • Privacy-focused tools like Privacy Badger, Ghostery, or uBlock Origin can also play a key role in preventing fingerprinting.
  • Browser fingerprinting is legal in many territories and is used within the boundaries of existing digital laws.

Read Full Article

like

23 Likes

source image

TechCrunch

6d

read

185

img
dot

Image Credit: TechCrunch

North Korea-linked hackers accounted for 61% of all crypto stolen in 2024

  • North Korea-linked hackers accounted for 61% of all crypto stolen in 2024.
  • A Chainalysis report reveals that hackers affiliated with North Korea stole $1.34 billion worth of cryptocurrency in 47 cases.
  • Hacking events decreased after North Korea's alliance with Russia, possibly due to a change in cybercrime tactics.
  • Decentralized finance platforms and centralized services were primary targets of crypto hacking in 2024.

Read Full Article

like

11 Likes

source image

Tech Radar

6d

read

267

img
dot

Image Credit: Tech Radar

Microsoft really wants users to ditch passwords and switch to passkeys

  • Microsoft is strongly pushing for a passwordless future
  • Passkeys are a more secure alternative to passwords
  • Microsoft has been rolling out passkeys to its platforms
  • Microsoft aims to phase out passwords and introduce a totally passwordless login experience

Read Full Article

like

16 Likes

source image

Socprime

6d

read

189

img
dot

Image Credit: Socprime

OpenSearch Split Index API

  • The Split Index API in OpenSearch allows you to split an existing index into multiple smaller indices.
  • The Split Index API enables you to divide a large index into smaller ones by increasing the number of primary shards.
  • Requirements for splitting an index include setting it to read-only state, defining routing allocation, and ensuring the new number of shards is a multiple of the original.
  • The Split Index API is useful for improving performance, scaling the index, or rebalancing data without re-ingesting it.

Read Full Article

like

11 Likes

source image

TechCrunch

6d

read

342

img
dot

Image Credit: TechCrunch

Bugs in a major McDonald’s India delivery system exposed sensitive customer data

  • A major McDonald’s delivery system in India exposed the personal information of its customers and drivers due to several security flaws.
  • Bugs in the API allowed unauthorized access to orders, invoices, customer contact details, and real-time location of drivers.
  • The vulnerabilities were reported by a security researcher and fixed by McDonald’s India in September.
  • This is not the first time McDonald’s India has faced data exposure issues, with a previous incident in 2017.

Read Full Article

like

20 Likes

source image

Socprime

6d

read

177

img
dot

ArcSight Administrator Guide: Renewing the Self-Signed Certificate

  • This article provides a step-by-step guide for ArcSight administrators to replace the self-signed certificate used by the ArcSight Manager.
  • The process involves using the managersetup utility to generate a new key pair and restarting the ArcSight services to apply changes.
  • Administrators need to execute the Manager Setup command and choose to replace the certificate with a new self-signed key pair.
  • After filling in the certificate fields and restarting the services, the new self-signed certificate becomes active.

Read Full Article

like

10 Likes

source image

Tech Radar

6d

read

185

img
dot

Image Credit: Tech Radar

Developers targeted by malicious Microsoft VSCode extensions

  • Software developers, especially those working on web3 and cryptocurrency projects, are being targeted in a brand new software supply chain attack.
  • Malicious Visual Studio Code extensions were found on the VSCode marketplace, designed to download hidden second-stage payloads from shady domains.
  • The campaign started in October 2024 and involved heavily obfuscated files as part of the malicious packages.
  • Developers are advised to be cautious when downloading software packages and not to trust without verifying.

Read Full Article

like

11 Likes

source image

Tech Radar

6d

read

193

img
dot

Image Credit: Tech Radar

US government mulls entire TP-Link product ban - routers, switches and more all set to be blocked

  • The US Government is considering an all-out ban on TP-Link devices due to national security concerns.
  • TP-Link routers supply roughly 65% of US homes and small businesses.
  • The routers were targeted in a series of cyberattacks earlier in 2024.
  • TP-Link has faced criticism for refusing to engage with security researchers.

Read Full Article

like

11 Likes

source image

Securityaffairs

6d

read

354

img
dot

Image Credit: Securityaffairs

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

  • The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware.
  • The threat actor UAC-0125 exploits Cloudflare Workers to spread malware disguised as the mobile app Army+ app from Ukraine's Ministry of Defence.
  • Visitors to the malicious websites are prompted to download an executable file, which triggers a decoy file and a PowerShell script that sets up covert SSH access for attackers via Tor.
  • The UAC-0125 activity is linked to the UAC-0002 cluster (Sandworm/APT44), and previous attacks used trojanized Microsoft Office files for deeper intrusions.

Read Full Article

like

21 Likes

source image

Wired

6d

read

325

img
dot

Image Credit: Wired

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

  • Teenagers have been using Big Mama VPN to cheat in the VR game Gorilla Tag, leading to access to their home internet connections being sold.
  • Big Mama’s associated proxy services are also associated with cybercrime forums and networks.
  • Using a free VPN like Big Mama’s exposes people to risks related to privacy and security.
  • The Big Mama VPN app is free, doesn’t require users to create an account, and has no data limits to bypass anti-cheat mechanisms in virtual reality games.
  • While VPNs are legal and have several legitimate uses, using them to cheat in online games can lead to potential privacy and security risks.
  • Residential proxies like Big Mama’s allow others to use someone’s connections for malicious purposes without their knowledge.
  • Using proxies to conduct cyberattacks and botnets has become quite commonplace.
  • The hackers using proxies to conduct cyberespionage were mainly from Russia.
  • The Big Mama Proxy Network allows buyers to pay as little as 40 cents for 24 hours of shared access to “real” 4G and home Wi-Fi IP addresses.
  • Many users do not read or understand the terms and conditions of websites, including those of proxy networks.

Read Full Article

like

19 Likes

source image

Dev

6d

read

181

img
dot

Image Credit: Dev

GitHub Compliance – All You Need To Know

  • GitHub has security and compliance regulations companies need to deal with as a set of shared responsibility models.
  • The organizations that use GitHub Enterprise can grant different access permissions to their employees, and customize a set of permissions for teams and users using role-based access control (RBAC).
  • GitHub is compliant with GDPR regulations and provides its customers with the ability to access and control the information it collects and processes about them.
  • The compliance requirements depend on the industry, and the assurance that all the business processes and the sensitive data, including customer’s data, are secure and won’t be accessed by any unauthorized party.
  • GitHub performs backup of its entire system and all the data users have on the platform, but organizations should have an account-level backup of their data in place for all repositories and metadata.
  • The organization should have a response to any disaster scenario - the entire GitHub service outage or the organization’s GitHub environment failure.
  • GitHub has implemented major compliance regulations like AWS, Data Privacy, GDPR, SOC 1 and SOC 2, FedRAMP LI-Saas Authorization to Operate (ATO), Cloud Security Alliance, and ISO/IEC 27001:2013.
  • Organizations that use Git must take measures to protect their source code and adopt the right strategies and practices to boost their GitHub repositories and metadata security.
  • The majority of compliance standards focus on areas like metadata categorisation, access control, permissions, source code integrity, auditing and review of access, backup, and recovery.
  • GitHub Backup plays one of the leading roles and is one of the main requirements for GitHub compliance.

Read Full Article

like

10 Likes

For uninterrupted reading, download the app