A naukri.com initiative
Cyber Security News
VentureBeat
1M
64
Image Credit: VentureBeat
Qwen2.5-Coder just changed the game for AI programming—and it’s free
- Alibaba Cloud has released Qwen2.5-Coder, a new AI coding assistant.
- The release includes six model variants, making advanced AI coding accessible to developers with different computing resources.
- Qwen2.5-Coder's success stems from refined data processing, synthetic data generation, and balanced training datasets.
- Unlike its closed-source competitors, most Qwen2.5-Coder models carry the permissive Apache 2.0 license, allowing free integration into products.
Read Full Article
3 Likes
Semiengineering
1M
119
Image Credit: Semiengineering
Systems-in-Package: Authenticated Partial Encryption Protocol For Secure Testing (U. of Florida)
- Researchers at the University of Florida and University of Central Florida have published a technical paper titled "GATE-SiP: Enabling Authenticated Encryption Testing in Systems-in-Package".
- The paper proposes GATE-SiP, an authenticated partial encryption protocol for secure testing in heterogeneous integrated Systems-in-Package (SIP) systems.
- GATE-SiP ensures that sensitive testing data designated for a specific chiplet is only sent to the authenticated chiplet, preventing blocking, tampering, or sniffing by malicious chiplets.
- Simulation results demonstrate that GATE-SiP protocol incurs minimal penalties on area and timing overhead, with only 6.74% and 14.31% increase, respectively.
Read Full Article
7 Likes
Tech Radar
1M
0
Image Credit: Tech Radar
US plans to support controversial cybercrime UN treaty despite fears it could be misused
- The latest draft of the UN Cybercrime Convention faces key vote.
- The US is set to support the treaty.
- Human rights advocates say the convention will make it easier for authoritarian regimes to expand surveillance.
- Concerns raised that the treaty focuses more on surveillance than protecting against cybercrime.
Read Full Article
Like
TechBullion
1M
403
Image Credit: TechBullion
Revolutionizing Cybersecurity with Deep URL Profiling: Stephanie Ness’s Approach to Malware Detection
- Stephanie Ness has pioneered research on Deep URL Profiling for malware detection.
- Her approach leverages machine learning and AI to analyze URL structures and behaviors.
- Ness's work is transforming cybersecurity by developing adaptive solutions and integrating them into national security frameworks.
- She aims to refine her methodology by incorporating real-time data analysis and predictive AI models.
Read Full Article
24 Likes
Medium
1M
50
Image Credit: Medium
Magnet AXIOM and DuckDuckGo: Parsing Forensic Artifacts of Current Tabs on Android Devices
- DuckDuckGo's mobile app on Android devices stores snapshots of the currently open tabs in a cache directory for fast loading.
- Magnet AXIOM, a digital forensics tool, can extract and analyze these tab screenshots, providing insights into a user's recent browsing activity.
- The cached tab previews can reveal URLs, search terms, and other identifying information visible in the snapshots, even using OCR to convert text into searchable data.
- While these cached images offer valuable forensic insights, their accessibility is temporary, and ethical considerations regarding user privacy must be taken into account.
Read Full Article
3 Likes
Tech Radar
1M
119
Image Credit: Tech Radar
Has Pakistan begun the crackdown on "unregistered" VPNs?
- Residents in Pakistan experienced issues accessing their VPN services due to a 'technical glitch'.
- Pakistan Telecommunication Authority (PTA) plans to regulate VPN usage to curb misuse and security risks.
- Proton VPN witnessed a spike in usage during the reported VPN outages.
- While VPNs are not illegal, authorities urge VPN providers to register their services with PTA to avoid future disruptions.
Read Full Article
7 Likes
TechDigest
1M
96
Image Credit: TechDigest
How AI is Transforming User Experience (UX)
- AI is revolutionizing user experience design across various industries by tailoring seamless experiences to users.
- AI transforms how we interact with products and services, and personalizes experience to cater to users' needs.
- Accessibility in UX design is being transformed through AI by being more user-friendly and inclusive.
- AI-driven analytics provide valuable insights into user behavior, which helps designers improve user experiences.
- In customer support, AI-powered chatbots and virtual assistants provide instant support and guide users through complex processes, improving efficiency and user experience.
- AI is transforming security in various industries, like finance, healthcare, and retail, without sacrificing user convenience.
- AI ushers in automated processes for UX designers and allows for quick work and innovation to focus on more creative strategical aspects.
- Online gaming experiences are being tailored to fit individual player abilities and preferences through adaptive gaming interfaces.
- Online courses are also being adjusted based on individual learner preferences, enhancing accessibility for student with varying skills.
- AI-enhanced biometric technology offers a more user-friendly approach to secure access compared to traditional password methods.
Read Full Article
5 Likes
Tech Radar
1M
221
Image Credit: Tech Radar
Microsoft says unexpected Windows Server 2025 automatic upgrades were due to faulty third-party tools
- Microsoft's recent launch of Windows Server 2025 caused unexpected upgrades for some firms.
- Microsoft blames third-party tools for the automatic upgrades.
- The issue has been fixed, but no information on how to roll back the update has been provided.
- The update was supposed to be optional and introduced advanced features for security and performance.
Read Full Article
13 Likes
TechCrunch
1M
394
Image Credit: TechCrunch
Snowflake hackers identified and charged with stealing 50 billion AT&T records
- Two hackers, Connor Moucka and John Binns, have been identified and charged with stealing around 50 billion customer call and text records from AT&T.
- The stolen records were taken from AT&T's systems hosted on Snowflake, a provider of cloud services for data analysis.
- The indictment reveals that the hackers accessed billions of sensitive customer records and successfully extorted at least three victims.
- AT&T is one of several companies who had sensitive data stolen from their Snowflake instances, making these Snowflake-related breaches some of the worst cyberattacks of the year.
Read Full Article
23 Likes
Pymnts
1M
155
Image Credit: Pymnts
Mastercard and Tap Payments to Launch Click to Pay With Payment Passkey
- Mastercard and Tap Payments have partnered to introduce a Click to Pay with Payment Passkey service for eCommerce transactions.
- The service will be launched in the UAE and expanded to other markets in Eastern Europe, the Middle East, and Africa.
- Payment Passkeys use device-based biometric authentication methods for faster and more secure transactions.
- Click to Pay with Payment Passkey allows shoppers to select their Mastercard stored with Click to Pay for seamless checkout.
Read Full Article
9 Likes
Siliconangle
1M
114
Image Credit: Siliconangle
DeepTempo exits stealth with AI-powered cybersecurity app on Snowflake Marketplace
- DeepTempo has launched Tempo, an AI-powered cybersecurity app on Snowflake Marketplace.
- Tempo allows organizations to leverage AI-powered security capabilities within their Snowflake environment.
- The app improves the detection of potential cyberattacks by analyzing log data and detecting anomalies in network traffic.
- Customers can benefit from faster detection of attack indicators and optimize their security spending using DeepTempo's software.
Read Full Article
6 Likes
Fb
1M
352
Image Credit: Fb
How Meta built large-scale cryptographic monitoring
- Meta has shared insightful details from their own cryptographic monitoring system with the industry, including challenges faced during its implementation. The system has helped their engineers detect and remove weak cryptographic algorithms and have assisted with general change safety and reliability efforts. This has been instrumental in ensuring its reliability as well as in helping their engineers understand how cryptography is used at Meta so they can make informed development decisions. To avoid introducing any sampling, in which most logs would be omitted, the logging uses a “buffering and flushing” strategy on a preconfigured interval.
- The strategy of aggregation during buffering maintains a count for every unique cryptographic event. When it comes time to flush, this count is exported along with the log. Since machines often compute millions of cryptographic operations per day, this strategy can lead to significant compute savings in production.
- Thanks to our long retention window, our monitoring service provides data insights to preemptively identify clients using cryptography in risky ways and work with them to mitigate these issues before they become real security vulnerabilities. We can also detect key overuse and rotate keys proactively. Furthermore, we can monitor what versions of our library are running across our fleet in real-time.
- Supporting cryptographic logging at Meta’s scale has challenges, including occasional increased load on Scribe and Scuba, which have been managed through design optimizations. A few more optimizations are planned to optimize Scribe throughput and Scuba storage utilization.
- Additional challenges of flushing logs when a job is being shut down have been addressed to support cryptographic monitoring at scale.
- In summary, Meta’s cryptographic monitoring system using a “buffering and flushing” strategy has been instrumental in helping the engineers in detecting and removing weak cryptographic algorithms at scale, aiding infrastructure reliability and ensuring the security posture of cryptographic apps.
Read Full Article
20 Likes
Idownloadblog
1M
435
Image Credit: Idownloadblog
iOS 18.2: Authenticate the “Trust This Computer” prompt using Face ID
- iOS 18.2 and iPadOS 18.2 introduce a feature that allows users to authenticate the 'Trust This Computer' prompt using Face ID.
- Previously, users could only approve the prompt by typing their passcode.
- Trusting a computer grants it access to the files on the iPhone or iPad.
- Other new features in iOS 18.2 include AI image creation, location sharing for AirTags, and the ability to change default apps.
Read Full Article
26 Likes
Dev
1M
174
Image Credit: Dev
How I'm Learning SpiceDB
- The author shares their learning journey of SpiceDB as a Developer Advocate at AuthZed.
- Starting with the basics, they read the Google Zanzibar paper and watched a presentation to understand how SpiceDB works.
- Schema designis central to SpiceDB and the author watched a video to learn how to model objects and permissions in a system.
- They recommend building something from a point of familiarity for those with an application development background using client libraries.
- The author used ChatGPT to debug errors but caution against blindly copying code without understanding what's under the hood.
- Lastly, they encourage enjoying the learning process while experimenting with their playground and contributing to the open-source project.
- SpiceDB is inspired by Google Zanzibar but differs in some key concepts, which the author explains in a Q&A format.
- Experimenting with modeling schemas for SpiceDB provides valuable practice for designing the types of objects and permissions.
- Background knowledge in Cloud, Compute, and Serverless technologies helps in understanding how SpiceDB integrates into Amazon EKS.
- The author also recommends checking out their guide on protecting a Blog Application with SpiceDB.
Read Full Article
10 Likes
Dev
1M
151
Image Credit: Dev
Amazon Inspector Deep-Dive : CIS Benchmark, Container image and SBOM
- Amazon Inspector involves several features like ECR scanning, CIS benchmarks, and SBOM generation which enhance the security strategy to detect vulnerabilities, ensure compliance, and gain visibility into software components.
- ECR in Amazon Inspector scans container images in Elastic Container Registry (ECR) for software vulnerabilities, generating findings on package risks.
- Scanning Docker images in ECR with Amazon Inspector gives us an insight into CVEs that need to be fixed.
- CIS benchmarks assess EC2 instance configurations against security standards using Amazon Inspector.
- CIS scans can be done for specific instances and can also be applied across multiple accounts if you're a delegated administrator.
- The Software Bill of Materials (SBOM) provided by Amazon Inspector generates a detailed inventory of software components in your codebase which allows the identification and addressing of vulnerabilities more effectively.
- SBOM export is not currently supported for Windows EC2 instances.
- By exporting an SBOM, you gain transparency, documentation of all components within the software, and faster response and mitigation efforts in case of a security incident.
- Amazon Inspector can be connected to Athena to search for specific packages, integrated with OpenSearch to build a package search engine, and analyzed with Lambda as soon as the SBOM export is done for a specific package.
- In the next part of the Inspector series, the integration of Amazon Inspector with other services will be discussed.
Read Full Article
9 Likes
For uninterrupted reading, download the app