menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Securityaffairs

6d

read

354

img
dot

Image Credit: Securityaffairs

CERT-UA: Russia-linked UAC-0125 abuses Cloudflare Workers to target Ukrainian army

  • The Computer Emergency Response Team of Ukraine (CERT-UA) warns that the threat actor UAC-0125 abuses Cloudflare Workers services to target the Ukrainian army with Malware.
  • The threat actor UAC-0125 exploits Cloudflare Workers to spread malware disguised as the mobile app Army+ app from Ukraine's Ministry of Defence.
  • Visitors to the malicious websites are prompted to download an executable file, which triggers a decoy file and a PowerShell script that sets up covert SSH access for attackers via Tor.
  • The UAC-0125 activity is linked to the UAC-0002 cluster (Sandworm/APT44), and previous attacks used trojanized Microsoft Office files for deeper intrusions.

Read Full Article

like

21 Likes

source image

Wired

6d

read

325

img
dot

Image Credit: Wired

This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

  • Teenagers have been using Big Mama VPN to cheat in the VR game Gorilla Tag, leading to access to their home internet connections being sold.
  • Big Mama’s associated proxy services are also associated with cybercrime forums and networks.
  • Using a free VPN like Big Mama’s exposes people to risks related to privacy and security.
  • The Big Mama VPN app is free, doesn’t require users to create an account, and has no data limits to bypass anti-cheat mechanisms in virtual reality games.
  • While VPNs are legal and have several legitimate uses, using them to cheat in online games can lead to potential privacy and security risks.
  • Residential proxies like Big Mama’s allow others to use someone’s connections for malicious purposes without their knowledge.
  • Using proxies to conduct cyberattacks and botnets has become quite commonplace.
  • The hackers using proxies to conduct cyberespionage were mainly from Russia.
  • The Big Mama Proxy Network allows buyers to pay as little as 40 cents for 24 hours of shared access to “real” 4G and home Wi-Fi IP addresses.
  • Many users do not read or understand the terms and conditions of websites, including those of proxy networks.

Read Full Article

like

19 Likes

source image

Dev

6d

read

181

img
dot

Image Credit: Dev

GitHub Compliance – All You Need To Know

  • GitHub has security and compliance regulations companies need to deal with as a set of shared responsibility models.
  • The organizations that use GitHub Enterprise can grant different access permissions to their employees, and customize a set of permissions for teams and users using role-based access control (RBAC).
  • GitHub is compliant with GDPR regulations and provides its customers with the ability to access and control the information it collects and processes about them.
  • The compliance requirements depend on the industry, and the assurance that all the business processes and the sensitive data, including customer’s data, are secure and won’t be accessed by any unauthorized party.
  • GitHub performs backup of its entire system and all the data users have on the platform, but organizations should have an account-level backup of their data in place for all repositories and metadata.
  • The organization should have a response to any disaster scenario - the entire GitHub service outage or the organization’s GitHub environment failure.
  • GitHub has implemented major compliance regulations like AWS, Data Privacy, GDPR, SOC 1 and SOC 2, FedRAMP LI-Saas Authorization to Operate (ATO), Cloud Security Alliance, and ISO/IEC 27001:2013.
  • Organizations that use Git must take measures to protect their source code and adopt the right strategies and practices to boost their GitHub repositories and metadata security.
  • The majority of compliance standards focus on areas like metadata categorisation, access control, permissions, source code integrity, auditing and review of access, backup, and recovery.
  • GitHub Backup plays one of the leading roles and is one of the main requirements for GitHub compliance.

Read Full Article

like

10 Likes

source image

Cybersecurity-Insiders

6d

read

53

img
dot

Image Credit: Cybersecurity-Insiders

2025 Predictions for the Cyberwarfare Landscape

  • As cyberattacks become more frequent and targeted, the potential for significant collateral damage increases, complicating efforts to maintain societal resilience.
  • The distinctions between military and civilian infrastructure are rapidly blurring in the cyber domain.
  • In 2025, the civilian infrastructure is expected to be on the frontlines of cyber warfare.
  • Ransomware has evolved from a financial windfall for cybercriminals to a political weapon for nation-states.
  • Cyber mercenaries and proxy groups are emerging actors on the cyber battlefield complicating attribution.
  • Nation-states seek competitive advantages in emerging technologies will result in intellectual property theft, cyber espionage and targeted attacks.
  • AI-powered attacks that overwhelm cybersecurity teams by generating thousands of variants of malware or exploiting zero-day vulnerabilities will target emerging technologies.
  • The proliferation of IoT devices introduces an alarming attack surface for cyber actors.
  • Breakthroughs in quantum computing may begin to challenge the security of traditional encryption methods and password complexity.
  • Distrust between nations and diverging national interests could lead to fragmented defense efforts.

Read Full Article

like

3 Likes

source image

Cybersecurity-Insiders

6d

read

53

img
dot

Image Credit: Cybersecurity-Insiders

What 2025 May Hold for Cybersecurity

  • The limitations of large-language models have provided ammunition to the naysayers. Cybercriminals and nation-state actors have shown interest in applying LLMs to some of the mundane tasks they’re faced with when trying to breach organizations.
  • Malware distribution will bounce back in 2025 despite the arrests and takedown of more than 100 servers worldwide. As disruptions impose costs on threat actors, we'd expect targeted malware families will rebound with new versions circulating.
  • Intel 471’s patented malware emulation and monitoring system showed a sharp drop between the Q2 and Q3 in delivered payloads. However, since the distribution of loader or dropper malware is critical for follow-on attacks, there is market demand for access to compromised machines.
  • Geopolitical events and cybersecurity are becoming ever closer entwined. Offensive cyber actions are used by nations for espionage, intellectual property (IP) theft, pre-positioning in case of conflict and spreading misinformation.
  • China and Russia both pose significant cyber threats with their advanced persistent threat (APT) groups. These groups infiltrate supply chains and compromise major software vendors for espionage and IP theft purposes.
  • US Department of Justice has been aggressive in identifying, naming, sanctioning, and indicting threat actors, both in the nation-state and financially motivated cybercrime spheres. A perceived weakening in U.S. approach to accountability could lead to more aggressive activity.
  • The productivity gains of AI are worrisome in that it increases the scale and quality of attacks, be it through polished phishing, better-selected targets, or faster and more complete reconnaissance.
  • Artificial intelligence (AI) will enhance, scale attacks. While threat actors may not be writing exploits with AI, yet, more customized AI tools are being offered on forums making it more accessible to malicious actors to experiment.
  • Intel 471 has observed one targeted malware family, Bumblebee, rebound with a new version circulating in October 2024. The observed changes in development indicate that actors are actively refining their malware despite exhibiting low activity and lacking significant sophistication.
  • Cybersecurity has generally been one of the few non-partisan issues in an increasingly hostile U.S. political environment, and US Department of Justice may continue holding threat actors accountable.

Read Full Article

like

3 Likes

source image

Fintechnews

6d

read

103

img
dot

Image Credit: Fintechnews

Kaspersky Warns of Rising Threat from Crypto-Draining Malware

  • Global cybersecurity company Kaspersky warns of a rising threat from crypto-draining malware, with discussions on the dark web seeing a significant increase.
  • Kaspersky reports a sharp 135% increase in dark web threads discussing crypto-drainers, highlighting the use of tactics such as fake airdrops, phishing sites, and malicious smart contracts to steal funds.
  • The report also reveals a 40% rise in advertisements for corporate database breaches on a popular dark web forum, indicating a growing focus on data breaches by cybercriminals.
  • Kaspersky predicts that the cyber threat landscape will continue to evolve in 2025, with cybercriminals potentially migrating to dark web forums, ransomware groups fragmenting into smaller units, and an increase in hacktivism and ransomware attacks in the Middle East.

Read Full Article

like

6 Likes

source image

Dynamicbusiness

6d

read

123

img
dot

Image Credit: Dynamicbusiness

The Digital Wild West: How 2025’s cyber threats will change everything

  • In 2024 and into 2025, cybersecurity experts foresee an escalating landscape of advanced cyber threats
  • Experts predicted innovative and emerging trends of ransomware, which could replace the disrupted LockBit service.
  • AI-generated and hyper-personalized spam, scams and phishing campaigns are foreseen.
  • In 2025, mobile threats utilizing novel compromise vectors will increase, such as PWAs and WebAPKs.
  • New EU cyber security legislations were approved in 2024 and are expected to continue in 2025, including AI Act, Cyber Resilience Act, the Cyber Solidarity Act.
  • Trend Micro reports also issued warnings about the growing threat of highly customized, AI-powered cyber attacks and the emergence of deepfake-powered malicious digital twins.
  • They suggest that businesses prioritize AI security and ensure staff recognizes new AI-driven threats.
  • Additionally, experts advise implementing multi-layered defenses across cloud systems and supply chains.
  • Training employees, implementing email verification systems, and deploying AI security monitoring could enhance business response to increasing attacks.
  • Experts advise keeping all systems and software updated to mitigate vulnerabilities.

Read Full Article

like

7 Likes

source image

Pymnts

6d

read

404

img
dot

Image Credit: Pymnts

Beyond Breaches: Why Security and Trust Are the Real Currency of Payments

  • The stakes for fraud prevention and data security are rising with innovation across digital payments.
  • Fraud and security breaches loom large over the payments industry, exacerbated by the rapid evolution of cybercrime.
  • With the right technologies and strategies, businesses can transform security from a necessary expense into a competitive advantage.
  • Maintaining trust in the evolving landscape of payments requires a relentless focus on innovation, collaboration, and education.

Read Full Article

like

24 Likes

source image

Pymnts

6d

read

53

img
dot

Image Credit: Pymnts

Mastercard: New Use Cases Prep for ‘Total’ eCommerce Tokenization by 2030

  • Mastercard plans to phase out the need for entering card numbers, passwords, and one-time codes by 2030, aiming for all transactions to be tokenized.
  • Tokenization has been successful in streamlining digital payments, reducing fraud, and enabling secure transactions across platforms.
  • Mastercard's tokenization service, MDES, currently tokenizes over 30% of transactions globally.
  • The company is exploring new use cases for tokenization, such as car payments and commercial transactions, to increase security and transparency.

Read Full Article

like

3 Likes

source image

Socprime

6d

read

123

img
dot

Reindexing in Elasticsearch: A Guide for Administrators

  • Reindexing is an essential Elasticsearch operation that enables administrators to copy documents from one index to another.
  • Basic reindexing example provided with source and destination index information.
  • Monitoring reindexing tasks using the '_tasks' API to check the status of ongoing and completed tasks.
  • Reindexing across clusters can be done by specifying the remote cluster details.

Read Full Article

like

7 Likes

source image

Devopsonline

6d

read

61

img
dot

Image Credit: Devopsonline

4 key AI Predictions for 2025

  • Based on the close collaborations between Fadata and its clients, the major trends that Fadata predicts will shape the future of insurance are Internalization, Prevention, Cloud Migration, Embedded Insurance, Ecosystem Development and Talent Transformation.
  • Insurers are looking to streamline operations, reduce costs, and boost data security which can be achieved by the enhanced control of processes that internalisation affords.
  • Proactive risk prevention is becoming a cornerstone of the insurance industry, thus prevention-driven insurance models can reduce claim frequency and create opportunities for insurers to engage with policyholders in more meaningful ways.
  • Fadata expects more insurers to adopt technology that enables them to leverage the data required to deliver prevention-driven insurance.
  • Cloud-based solutions are making digital transformation more cost-effective and serve as the most effective host to make the best use of digital tools, supporting more seamless integration of third-party technologies.
  • Embedded insurance is becoming a major catalyst for transforming the insurance landscape as it makes insurance more integrated, accessible, and customer-centric.
  • The main drivers for leveraging digital ecosystem models in 2025 are improving customer engagement and broadening market reach.
  • As the industry embraces Artificial Intelligence, data analytics, and automation, there is a rising need for talent skilled in data science, cyber risk, and technology integration.
  • Fadata has over 30 years of experience working with insurance companies all over the world, identifying exactly what the industry needs to be efficient in daily business and to successfully progress.
  • Enter the Digital Transformation Awards 2025 here.

Read Full Article

like

3 Likes

source image

Cybersecurity-Insiders

6d

read

94

img
dot

Image Credit: Cybersecurity-Insiders

The AI Threat: It’s Real, and It’s Here

  • Organizations integrating AI face increased identity vulnerabilities and need enhanced visibility within networks.
  • AI amplifies cyber threats, making hackers more powerful and scalable.
  • Regulations will redefine identity security and require unified protection for human and machine identities.
  • The identity security market has shifted towards specialized solutions leveraging AI models.

Read Full Article

like

5 Likes

source image

Cybersecurity-Insiders

6d

read

351

img
dot

Image Credit: Cybersecurity-Insiders

The 2025 cyber security threat landscape

  • AI-driven cybercrime becomes pervasive, with advancements in artificial intelligence revolutionizing cybercrime.
  • NFC-based attacks on tokenized payments expected to rise, exploiting vulnerabilities in payment systems.
  • Cyberattacks on the crypto industry will intensify as cryptocurrency becomes more regulated and integrated.
  • Ransomware attacks will adapt, focusing on disrupting business operations to drive higher ransom payments.

Read Full Article

like

21 Likes

source image

Securityaffairs

6d

read

53

img
dot

Image Credit: Securityaffairs

US considers banning TP-Link routers over cybersecurity concerns

  • The U.S. government is investigating whether TP-Link routers pose a national security risk.
  • TP-Link holds 65% of the U.S. market and is the top choice on Amazon.
  • U.S. authorities are considering banning TP-Link routers starting in 2025.
  • Concerns arise over the potential use of TP-Link routers in cyberattacks and China's involvement.

Read Full Article

like

3 Likes

source image

Cybersecurity-Insiders

6d

read

408

img
dot

Image Credit: Cybersecurity-Insiders

TP Link routers to be banned for data security concerns

  • The Biden administration is considering a ban on TP-Link routers due to data security concerns.
  • Reports suggest that TP-Link routers have been involved in illicit data surveillance, raising national security risks.
  • If compromised, these routers could serve as gateways for cyberattacks, potentially exposing sensitive user information.
  • The ban could have significant implications for TP-Link users, including federal agencies, and may benefit Netgear, a competitor in the market.

Read Full Article

like

24 Likes

For uninterrupted reading, download the app