menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Medium

2M

read

161

img
dot

Image Credit: Medium

Weird Leak? Favicon Caching Might Be Exposing You

  • Modern browsers store favicon data in persistent caches that may not get cleared even in private or incognito mode.
  • Some sites pull favicons from third-party domains, potentially exposing users' visits to these sites.
  • Favicon caching could be used as a fingerprintable vector in conjunction with other metadata leaks for tracking purposes.
  • Community discussion is ongoing on whether to actively block or route favicons to prevent potential privacy risks.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

2M

read

147

img
dot

Image Credit: Tech Radar

German consumer protection group calls on Meta to halt its AI training in the EU – will other countries follow suit?

  • A German consumer protection group is calling on Meta to halt its AI training plans in the EU.
  • All public posts and user interactions are set to feed Meta AI starting from May 27, 2025, with EU users needing to actively opt out.
  • Privacy advocates express concerns over the legality of Meta's AI training under GDPR, questioning the use of personal data for training without explicit consent.
  • Other European consumer groups and privacy authorities might take action against Meta AI as Austrian privacy advocacy group noyb raises compliance issues with EU data protection laws.

Read Full Article

like

8 Likes

share

2 Shares

source image

Tech Radar

2M

read

41

img
dot

Image Credit: Tech Radar

CPU microcode hack could infect processors with ransomware directly

  • A security researcher from Rapid7 created a Proof of Concept for CPU ransomware that infects the computer's CPU, making it undetectable by antivirus programs.
  • The ransomware would persist on the device even after the hard drive is replaced, ensuring its continued presence.
  • The Proof of Concept is not expected to be released to the public, as confirmed by the researcher Christiaan Beek.
  • Ransomware continues to pose a significant threat to businesses, with a recent study showing widespread impact and financial losses due to ransomware attacks.

Read Full Article

like

2 Likes

share

Share

source image

Cybersecurity-Insiders

2M

read

400

img
dot

Image Credit: Cybersecurity-Insiders

What should we learn from International Anti Ransomware Day

  • International Anti-Ransomware Day is observed annually on May 12th to raise awareness and promote prevention measures against ransomware attacks.
  • Lessons from the day include emphasizing prevention through regular updates and strong security measures, highlighting the importance of secure backups, raising awareness about cybersecurity for all users, and discouraging ransom payments.
  • The day commemorates the WannaCry attack and underscores the need for collaboration among governments, agencies, and organizations to combat cybercrime effectively.
  • Education on cybersecurity and the implementation of policies to enhance cyber resilience are crucial in mitigating ransomware threats, emphasizing that cybersecurity is a shared responsibility for individuals and organizations.

Read Full Article

like

24 Likes

share

5 Shares

source image

Tech Radar

2M

read

345

img
dot

Image Credit: Tech Radar

Google to pay $1.4 billion in unauthorized biometric data collection and geo-tracking lawsuits

  • Google will pay $1.375 billion to Texas to settle lawsuits over unauthorized tracking and data collection.
  • Unauthorized practices included tracking geolocation without consent, collecting biometrics, and tracking incognito searches.
  • This settlement marks Google's biggest state payout for data privacy issues.
  • The settlement serves as a warning to companies about the consequences of abusing user trust.

Read Full Article

like

20 Likes

share

4 Shares

source image

TechBullion

2M

read

290

img
dot

Image Credit: TechBullion

NymVPN: A Privacy-Powered VPN Backed by Privacy Icons

  • NymVPN is a decentralized VPN app aiming to enhance security and privacy online by utilizing a decentralized mix network (mixnet) to encrypt metadata and content.
  • It differs from traditional VPNs by offering multi-hop architecture which routes data through multiple nodes, enhancing anonymity and privacy protection.
  • NymVPN provides two privacy protection levels: 'Fast' mode routes data through two independent proxy nodes, while 'Anonymous' mode routes through a Noise Generating Mixnet with five hops for higher anonymity.
  • The mixnet mode introduces 'noise' to combat network surveillance, enhancing data privacy by shuffling data packets and making online activities untraceable.
  • By dispersing metadata across a decentralized network of nodes, NymVPN minimizes the risk of tracking by advertisers and other online entities, ensuring enhanced privacy protection.
  • Node operators in the NymVPN network are incentivized with NYM tokens to maintain network reliability, security, and performance.
  • With over 600 nodes in approximately 60 countries, NymVPN offers a global decentralized system prioritizing security and privacy for users worldwide.
  • Its multi-hop mixnet architecture provides robust protection against cyber threats and third-party surveillance, making it an attractive option for those concerned about online privacy.
  • NymVPN supports various operating systems like Android, iOS, Windows, macOS, and Linux, making it accessible to users across different devices.
  • In a digital age plagued by data vulnerabilities and privacy issues, NymVPN stands out as a secure alternative to traditional VPNs, offering uncompromised privacy and protection for online activities.

Read Full Article

like

17 Likes

share

4 Shares

source image

Tech Radar

2M

read

290

img
dot

Image Credit: Tech Radar

This DOGE workers' credentials have allegedly been exposed by infostealing malware

  • A DOGE worker's personal computer was allegedly compromised by infostealer malware multiple times, leading to concerns about US government's security practices.
  • Researcher Micah Lee found the data of the supposed DOGE software engineer in four different infostealer logs.
  • However, not everyone agrees with Lee's assessment, with Alon Gal from Hudson Rock stating that the employee was not infected by malware.
  • Recent scrutiny on US government employees' security hygiene stems from various incidents, including the Signal fiasco involving Mike Waltz.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

2M

read

230

img
dot

What You Should Learn Now to Be Relevant in 2030

  • By 2030, AI and ML will be essential in every industry, from tech to healthcare to finance to education.
  • Cloud computing has become integral, allowing access to data and services over the internet without complex hardware.
  • Cybersecurity will be in great demand due to the increase in digital threats and attacks on networks, devices, and data.
  • Data science plays a crucial role in analyzing data to predict trends and make smart decisions, influencing services like YouTube and food delivery apps.

Read Full Article

like

13 Likes

share

3 Shares

source image

Securityaffairs

2M

read

73

img
dot

Image Credit: Securityaffairs

Threat actors use fake AI tools to deliver the information stealer Noodlophile

  • Threat actors are using fake AI tools to distribute the information stealer Noodlophile, as warned by Morphisec researchers.
  • Attackers exploit the AI hype through viral posts and Facebook groups to trick users into downloading Noodlophile Stealer, a new malware that steals browser credentials and crypto wallets.
  • Noodlophile Stealer, a previously undisclosed malware, is being sold on cybercrime forums as part of malware-as-a-service schemes and is often bundled with tools for credential theft.
  • Fake AI tools like 'Dream Machine' or 'CapCut' spread through social media, attracting users seeking free video/image editors, but instead delivering malware like Noodlophile or XWorm.

Read Full Article

like

4 Likes

share

1 Share

source image

Tech Radar

2M

read

18

img
dot

Image Credit: Tech Radar

These North Korean IT workers have been infiltrating Western businesses since 2016

  • North Korean hackers have been infiltrating Western firms by impersonating job applicants since 2016 as part of the Nickel Tapestry campaign.
  • The fraudulent job applicants target European and Japanese organizations by posing as professionals from various countries and industries, including defense, aerospace, and cybersecurity.
  • The hackers aim to fund the government interests of North Korea and have been involved in record-breaking crypto scams, earning the Lazarus hacking group $1.5 billion.
  • Organizations are advised to be vigilant in verifying candidate identities, conducting thorough checks on CVs and addresses, and considering in-person interviews to prevent such infiltrations.

Read Full Article

like

1 Like

share

Share

source image

Tech Radar

2M

read

50

img
dot

Image Credit: Tech Radar

Outdated and unsecured IoT devices are a serious risk for UK businesses

  • IoT devices in the enterprise pose a significant security risk, according to a report commissioned by the UK government.
  • The report highlighted that many organizations are running outdated software and are not following security standards.
  • Vulnerabilities were found that could lead to remote code execution attacks, potentially allowing threat actors to gain full control over devices.
  • The majority of tested devices were found to have insecure configurations, with some running highly privileged processes that could lead to serious consequences in case of a breach.

Read Full Article

like

3 Likes

share

Share

source image

Siliconangle

2M

read

96

img
dot

Image Credit: Siliconangle

Commvault teams with Deloitte to strengthen enterprise cyber resilience

  • Commvault Systems Inc. has formed a strategic alliance with Deloitte & Touche LLP to enhance cyber resilience and incident response.
  • The collaboration integrates Commvault's data protection technologies with Deloitte's cyber defense expertise to provide protection across all stages of a cyber incident.
  • They address the increasing need for incident response and comprehensive cyber resilience strategies as cyber threats evolve.
  • The alliance offers proactive prevention, detection, response, and recovery capabilities to safeguard critical assets and ensure operational integrity.

Read Full Article

like

5 Likes

share

1 Share

source image

Tech Radar

2M

read

436

img
dot

Image Credit: Tech Radar

Most businesses can't fill cyber roles leaving huge gaps in defense

  • Most businesses are struggling to fill vacant roles for cybersecurity professionals, leaving significant gaps in their defenses.
  • Cisco's 2025 Cybersecurity Readiness Index report, based on a survey of 8,000 security and business leaders, highlights the critical shortage of skilled cybersecurity professionals.
  • Investing in AI-driven solutions, simplifying security infrastructures, and enhancing AI threat awareness are recommended to address the talent shortage in cybersecurity roles.
  • Cisco warns that only 4% of organizations worldwide are mature enough to effectively withstand today's cybersecurity threats, highlighting the need for enhanced cybersecurity measures.

Read Full Article

like

13 Likes

share

5 Shares

source image

Dev

2M

read

78

img
dot

Image Credit: Dev

A smarter way to use imagePullSecrets in Kubernetes Cluster using ServiceAccounts

  • Using imagePullSecrets in a Kubernetes cluster is necessary for fetching images from a private registry for reasons like security.
  • When fetching images from a private registry, Kubernetes needs imagePullSecrets to authenticate with the registry.
  • Creating a secret with registry credentials and details is the first step, and it can be done imperatively or declaratively.
  • To attach the created secret to a pod, it should be added to the pod's YAML file under imagePullSecrets.
  • Without proper imagePullSecrets, image pulls from private registries will fail with ImagePullBackOff.
  • Managing imagePullSecrets in multiple YAML files and Kubernetes objects can be simplified using helm charts or serviceaccounts.
  • By attaching imagePullSecrets to serviceaccounts, they are automatically used wherever the serviceaccount is referenced.
  • This approach streamlines the process of updating secrets for multiple Kubernetes objects based on changes in credentials or naming conventions.
  • The use of imagePullSecrets in Kubernetes is essential for private registry access, and by integrating them with serviceaccounts, the process becomes more efficient.
  • Ultimately, automating the management of imagePullSecrets through serviceaccounts simplifies the handling of secrets across Kubernetes objects.

Read Full Article

like

4 Likes

share

1 Share

source image

Dev

2M

read

271

img
dot

Image Credit: Dev

So They Asked for Your Security Certs — Now What?

  • When clients ask for security certifications like VAPT report or SOC 2, it can be overwhelming with technical terms and audits to navigate.
  • VAPT, short for Vulnerability Assessment and Penetration Testing, involves hiring someone to test your systems for vulnerabilities and providing a detailed report, not a certificate.
  • SOC 2 focuses on proving that a company follows security policies regarding data access, logging, etc., requiring a rigorous process and external audit for validation.
  • ISO 27001 is an international certification that delves deep into how a company handles information, emphasizing risk assessments, controls, audits, and accountability in daily operations.

Read Full Article

like

16 Likes

share

3 Shares

Prev

160
161
162
163
164
165
166
167
168
169
170

Next

For uninterrupted reading, download the app