menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Cybersecurity-Insiders

2M

read

234

img
dot

Image Credit: Cybersecurity-Insiders

CFPB Rule Changes Presents New Open Banking Challenge – Ensuring Compliance with API Standards

  • APIs are increasingly important for banks, retailers, and enterprises, but they also need to comply with regulatory standards.
  • The Consumer Financial Protection Bureau (CFPB) has recently passed rule 1033 to protect consumer financial data.
  • Open banking interfaces must be available and fast with uptime of at least 99.5% each month.
  • The UK has long led the open banking movement and has set the foundation for API best practices.
  • Securing APIs is crucial, as poorly designed APIs can expose vulnerabilities and increase the risk of exploitation.
  • Companies should establish effective monitoring systems for their APIs to maintain compliance and prevent API drift.
  • Recent studies show that 75% of tested APIs had endpoints that didn’t conform to standards, highlighting the need for continuous oversight.
  • API performance and monitoring are now at the heart of financial data access and privacy regulations.

Read Full Article

like

14 Likes

share

3 Shares

source image

Medium

2M

read

252

img
dot

Image Credit: Medium

Show this to anyone who says privacy doesn’t matter.

  • Privacy matters for several reasons:
  • 1. Personalized Prison: When companies gather your information, they create a personalized environment that limits your freedom.
  • 2. Target for Crime: Personal data can be used by criminals to target individuals.
  • 3. Security Starts with Privacy: Protecting privacy is crucial to safeguarding personal assets and identity.
  • 4. Social Trust: Respecting privacy is essential for healthy relationships and societal trust.

Read Full Article

like

15 Likes

share

3 Shares

source image

Securityaffairs

2M

read

211

img
dot

Image Credit: Securityaffairs

Security Affairs newsletter Round 497 by Pierluigi Paganini – INTERNATIONAL EDITION

  • Mazda Connect flaws allow to hack some Mazda vehicles
  • Veeam Backup & Replication exploit reused in new Frag ransomware attack
  • Texas oilfield supplier Newpark Resources suffered a ransomware attack
  • Palo Alto Networks warns of potential RCE in PAN-OS management interface

Read Full Article

like

12 Likes

share

2 Shares

source image

Cybersecurity-Insiders

2M

read

41

img
dot

Image Credit: Cybersecurity-Insiders

Unleashing the Power of Purple Teaming: A Collaborative Approach to Cybersecurity

  • Purple teaming is a collaborative approach in cybersecurity that bridges the gap between red and blue teams.
  • It involves close collaboration and a shared understanding of cyber threats and defense effectiveness.
  • By using the MITRE ATT&CK framework and automated breach and attack simulation platforms, purple teaming allows continuous testing of security controls.
  • The benefits of purple teaming include focused red team testing, enhanced blue team capabilities, and improved security outcomes.

Read Full Article

like

2 Likes

share

Share

source image

Dev

2M

read

37

img
dot

Image Credit: Dev

SQL Injection (SQLi) Vulnerabilities in WordPress: Prevention Tips

  • SQL Injection (SQLi) is a common security vulnerability in WordPress that allows attackers to manipulate databases.
  • SQLi in WordPress can lead to unauthorized access to sensitive data and even full control of the site.
  • To protect your WordPress site from SQLi, validate input fields, use security plugins, and run automated security checks.
  • Additional measures include using prepared statements, regular updates, limiting user permissions, and employing a Web Application Firewall (WAF).

Read Full Article

like

2 Likes

share

Share

source image

Tech Radar

2M

read

299

img
dot

Image Credit: Tech Radar

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

  • Phishing attacks are becoming more complex and harder to detect
  • Attackers are using new techniques such as QR codes and deepfakes
  • Some businesses are receiving 36 phishing emails per day
  • Phishing attacks are increasingly using AI-powered tools and multi-channel tactics

Read Full Article

like

17 Likes

share

4 Shares

source image

Cybersecurity-Insiders

2M

read

105

img
dot

Image Credit: Cybersecurity-Insiders

Fortinet Expands Generative AI Integration Across Cybersecurity Portfolio to Enhance Security Operations

  • Fortinet has expanded its application of generative AI (GenAI) technology across its cybersecurity portfolio.
  • The company has introduced two new capabilities through FortiAI, its GenAI-powered security assistant.
  • The enhancements aim to optimize security analysts' workflows by providing efficient guidance, automation, and support for threat detection and response.
  • The GenAI integrations are available in various Fortinet products, including FortiNDR Cloud, FortiCNAPP, FortiAnalyzer, FortiManager, FortiSIEM, FortiSOAR, and FortiDLP.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

2M

read

165

img
dot

Image Credit: Securityaffairs

U.S. agency cautions employees to limit phone use due to Salt Typhoon hack of telco providers

  • The US government's Consumer Financial Protection Bureau (CFPB) advises employees to avoid using cellphones for work after China-linked APT group Salt Typhoon hackers breached major telecom providers.
  • The agency has issued a directive to employees to reduce the use of their phones and invite them to use Microsoft Teams and Cisco WebEx for their meetings and conversations that involve nonpublic data.
  • China-linked threat actors have breached several U.S. internet service providers in recent months as part of a cyber espionage campaign code-named Salt Typhoon.
  • Intelligence and cybersecurity experts warn that Chinese nation-state actors have shifted from stealing secrets to infiltrate critical U.S. infrastructure, suggesting that they are now targeting the core of America's digital networks.

Read Full Article

like

9 Likes

share

2 Shares

source image

Medium

2M

read

59

img
dot

Image Credit: Medium

Exploring the World of Onion Services on Tor: Safe, Mysterious, or Full of Hidden Risks?

  • Onion services, part of the Dark Web, offer anonymity but come with risks and challenges.
  • Phishing is a significant risk on onion services, as fake sites can easily mimic legitimate ones.
  • Finding specific onion sites is difficult without a dedicated search engine, making navigation frustrating.
  • Despite the risks, onion services are seen as a refreshing approach to digital security and could inspire similar platforms tailored to specific needs.

Read Full Article

like

3 Likes

share

Share

source image

Cybersecurity-Insiders

2M

read

381

img
dot

Image Credit: Cybersecurity-Insiders

AsyncRAT’s Infection Tactics via Open Directories: Technical Analysis

  • ANY.RUN has released a technical analysis authored by RacWatchin8872 documenting new infection tactics used in multi-stage attacks involving AsyncRAT.
  • AsyncRAT is a Remote Access Trojan (RAT) malware used for spying, data theft, and compromised system manipulation.
  • Two open directories using unique methods were discovered distributing and infecting victims with AsyncRAT.
  • First technique involved several file and script types including VBS, JPG, BAT and PowerShell to complete the infection process
  • Second technique had two stages; involving a VBS and PowerShell script to ensure the infection persists with a scheduled task
  • Indicators of compromise are provided to identify and detected AsyncRAT
  • The report highlights the persistent threat posed by this malware and its diverse infection strategies.
  • The investigation uncovered two IPs actively spreading AsyncRAT through different methods.
  • ANY.RUN reports can be used for free to gather more information about the command and control (C2) infrastructure.
  • The analysis provides insight into the techniques employed by attackers in the never-ending arms race for cyber control.

Read Full Article

like

22 Likes

share

5 Shares

source image

Medium

2M

read

195

img
dot

Image Credit: Medium

Playing CTF Challenges Co-op With Copilot (Part 2)

  • The challenge involves analyzing ciphertexts and decrypting them using a repeated key.
  • The solution requires understanding the problem domain, including not concatenating ciphertexts that have been encrypted separately.
  • Copilot generates code for testing and makes assumptions about the key length and padding.
  • The resulting plaintexts are examined and compared, and adjustments are made to the key based on the differences.

Read Full Article

like

11 Likes

share

2 Shares

source image

Medium

2M

read

353

img
dot

Image Credit: Medium

Cheap Multi-device VPN Offers

  • In a world increasingly dominated by digital interactions, privacy and security may feel like elusive goals. That’s where a VPN comes into play. One of the most renowned providers in the market is NordVPN.
  • NordVPN uses cutting-edge technology that foils even the most advanced cyber threats. While robust security features are paramount, you also want a service that makes your life easier. NordVPN’s interface makes it a breeze to connect to a secure server.
  • A multi-device VPN allows you to connect multiple gadgets under one subscription, enhancing convenience without compromising security. By allowing you to connect up to 10 devices simultaneously under one account, it takes the stress away from maintaining individual subscriptions.
  • Adding a VPN to your digital arsenal is a step towards an elevated level of online security. But why stop there? NordVPN bundles various features that enhance your security even further. With options for safe browsing, password management, and file encryption, you can elevate your digital defense in ways you may not have considered.
  • There’s a lot to consider when selecting a VPN plan, yet NordVPN makes it straightforward with various options to suit different needs. When diving into the world of VPNs, affordability is likely on your mind. During Black Friday, you might find offers that go as high as 70% off.
  • Navigating through the digital realm should not entail sacrificing your privacy or security. With options like NordVPN, you can walk through life confidently, knowing that your data is well-guarded against external threats.
  • If you found this article helpful, don’t forget to clap for it! I’d love to hear your thoughts on cheap multi-device VPN offers or any experiences you’ve had with NordVPN. Please leave a comment below, sharing your insights or questions.

Read Full Article

like

21 Likes

share

4 Shares

source image

Medium

2M

read

399

img
dot

Image Credit: Medium

Get Secure VPN Today

  • A Virtual Private Network (VPN) is a technology designed to create a secure connection over the internet, establishing a private tunnel for your data, protecting it from prying eyes.
  • With an increasing number of cyber threats lurking around, having a VPN can be a game-changer for your online security and privacy.
  • When you connect to an unsecured public Wi-Fi network, you invite potential risks into your digital life. With a secure VPN, you shield your data from these threats.
  • A secure VPN masks your IP address, making it challenging for entities such as internet service providers (ISPs) and advertisers to track your activities.
  • When deciding which VPN to use, it’s essential to consider various features, including encryption method, no-logs policy, and high-speed connections.
  • Different VPNs may use varying protocols to keep your data secure. OpenVPN, L2TP combined with IPsec, and IKEv2 are some of the most widely used protocols.
  • A secure VPN can help you bypass content restrictions effortlessly and maintain a steady speed while streaming.
  • A secure VPN can enhance productivity and ensure confidentiality in your remote work environment.
  • Free VPN services often come with significant drawbacks, including limited data, slower speeds, and potentially invasive data collection practices. Investing in a reputable paid VPN is recommended.
  • Before settling on a VPN, take the time to read reviews and customer feedback, and look for a VPN with accessible customer support options.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

2M

read

303

img
dot

Image Credit: Securityaffairs

Mazda Connect flaws allow to hack some Mazda vehicles

  • Multiple vulnerabilities in the Mazda Connect infotainment system could allow attackers to execute arbitrary code with root access.
  • The vulnerabilities are caused by improper input sanitization in the Mazda Connect CMU, allowing attackers with physical access to exploit the system using a crafted USB device.
  • The vulnerabilities impact the Mazda Connect CMU system installed in Mazda 3 models from 2014 to 2021.
  • The vulnerabilities could result in arbitrary code execution, command injections, and unauthorized firmware uploads, potentially affecting vehicle functions and safety.

Read Full Article

like

18 Likes

share

4 Shares

source image

Neuways

2M

read

165

img
dot

Image Credit: Neuways

The Microsoft Digital Defence Report: Facing Increasing Cyber Threats

  • The Microsoft Digital Defence Report reveals that over 600 million cyber attacks are launched daily against organizations, critical infrastructure, and individuals worldwide.
  • Password-based attacks and MFA evasion remain concerning, with identity-related attacks dominating the landscape.
  • Nation-state actors and cybercriminal groups are forming alliances, making critical infrastructure more vulnerable to state-sponsored attacks.
  • Ransomware continues to be a major threat, with human-operated attacks surging and becoming a potent political weapon.

Read Full Article

like

9 Likes

share

2 Shares

Prev

170
171
172
173
174
175
176
177
178
179
180

Next

For uninterrupted reading, download the app