A naukri.com initiative
Cyber Security News
Medium
2M
326
Image Credit: Medium
“How AI Is Used in Crime Prevention”
- AI in crime prevention involves the use of intelligent systems, machine learning algorithms, and data analytics to predict, detect, and prevent criminal activity.
- AI systems study data from various sources such as surveillance cameras, social media platforms, public records, and historical crime data to detect patterns and trends.
- AI technologies employed in crime prevention include predictive policing, facial recognition, video analytics, cybersecurity, NLP, drones, and robots.
- Predictive policing relies on machine learning algorithms to analyze past crime data and identify areas and times where crimes are likely to occur.
- Facial recognition, used in public spaces like airports and sports stadiums, identifies and tracks potential suspects in real-time by scanning and analyzing facial features.
- AI video analytics enables law enforcement to monitor public spaces by detecting suspicious activities, while post-crime investigations identify key evidence that could help solve complex cases.
- AI-powered cybersecurity detects and blocks cyber crimes by identifying patterns of behavior, vulnerabilities in networks, and new threats.
- Natural Language Processing (NLP) analyzes text data to identify potential threats or patterns of criminal behavior from sources such as social media posts or intercepted emails or texts.
- AI-powered drones and robots are used for surveillance and law enforcement operations in dangerous or difficult-to-reach areas.
- AI solutions help law enforcement agencies make better-informed decisions by automating routine tasks like data analysis, video monitoring, and threat detection, and deploying resources in advance of crime activity.
Read Full Article
19 Likes
VentureBeat
2M
23
Identity management in 2025: 4 ways security teams can address gaps and risks
- Adversaries, including nation-states, state-funded attackers and cybercrime gangs, continue to sharpen their tradecraft using generative AI, machine learning (ML) and a growing AI arsenal to launch increasingly sophisticated identity attacks.
- The overwhelming majority of businesses, 90%, have experienced at least one identity-related intrusion and breach attempt in the last twelve months.
- Identity-based attacks are surging this year, with a 160% rise in attempts to collect credentials via cloud instance metadata APIs and a 583% spike in Kerberoasting attacks.
- Every adversary knows that the quicker they can take control of AD, the faster they control an entire company.
- Recent research on authentication trends finds that 73% of users reuse passwords across multiple accounts, and password sharing is rampant across enterprises today.
- The Telesign Trust Index shows that when it comes to getting cyber hygiene right, there is valid cause for concern.
- Security teams and the leaders supporting them need to start with the assumption that their companies have already been breached or are about to be.
- Every security team needs to assume an identity-driven breach has happened or is about to if they’re going to be ready for the challenges of 2025.
- More security teams and their leaders need to take vendors to task and hold them accountable for their platforms and apps supporting MFA and advanced authentication techniques.
- The following are practical steps any security leader can take to protect identities across their business.
Read Full Article
1 Like
Medium
2M
427
Image Credit: Medium
BugBounty — Mastering the Basics (along with Resources)[Part-3]
- Bug bounty tools list categorized for reconnaissance, scanning, and exploitation purposes.
- Tools for fast subdomains enumeration, in-depth attack surface mapping, DNS subdomain scanners and analysis features are listed.
- Multiple web application security scanners, such as SQL injection and other injection detection and exploitation tools, are provided.
- List of tools to find and exploit subdomain takeovers, and other misconfigured DNS records.
- Resources for learning web application security like PentesterLab, Hack The Box, CTFTime, and vulnerable web applications, such as Juice Shop and WebGoat are offered.
- Vulnerable cloud infrastructure creation through tools like Terraform and CloudGoat is discussed.
- Also includes vulnerable mobile operating systems like Damn Insecure and Vulnerable App for Android, Oversecured Vulnerable Android App, and AndroGoat.
- The author's contact information for feedback, suggestions, or discussion is shared.
Read Full Article
25 Likes
TechCrunch
2M
354
Image Credit: TechCrunch
Upwind, an Israeli cloud cybersecurity startup, is raising $100M at a $850-900M valuation, say sources
- Israeli cloud cybersecurity startup Upwind is in the final stages of closing a $100 million Series B round at a valuation of $850-$900 million.
- The round includes a mix of new and existing investors, such as Craft Ventures, Greylock, CyberStarts, Leaders Fund, Sheva Fund, and Penny Jar.
- Upwind plans to use the funding for R&D and hiring, aiming to add around 100 people to its staff.
- The startup focuses on assessing and securing cloud infrastructure, reducing alerts by 90% to enhance security operations.
Read Full Article
21 Likes
Digitaltrends
2M
18
Image Credit: Digitaltrends
How to set up a VPN
- A VPN is a good way to protect your online activity and keep your IP address anonymous.
- Most top VPNs offer software for Windows, macOS, and Linux computers, as well as mobile apps for Android and iOS.
- If you want to appear to be located in a particular country or want to stream services like Netflix, you'll need to pick a specific server.
- The easiest way to get started is to use the VPN app. Download the program from the appropriate app store or the VPN's website and install it as usual.
- Manually configuring your VPN under Windows 11 gives you more control over how the tunneling works, but you should know your way around Windows 11 before getting started.
- You can also set up a VPN connection on MacOS, which is very similar to the process on Windows.
- The cost of service is usually affordable if you subscribe for one or more years at a time, but you might want to check our list of the latest and best VPN deals to make sure you aren't spending more than you need.
- Some good VPN options include NordVPN, Surfshark, and ExpressVPN.
- A good VPN ensures your online privacy and security while unblocking streaming video content worldwide
- Setting up a VPN manually gives more control to the user and using IKEv2 protocol is highly recommended for Windows and Mac users.
Read Full Article
1 Like
Securityaffairs
2M
165
Image Credit: Securityaffairs
Texas oilfield supplier Newpark Resources suffered a ransomware attack
- Texas oilfield supplier Newpark Resources suffered a ransomware attack.
- The attack disrupted access to information systems and business applications.
- The company activated its cybersecurity response plan and launched an investigation.
- Manufacturing and field operations remain largely unaffected.
Read Full Article
9 Likes
BGR
2M
179
Image Credit: BGR
FBI reportedly thinks China targeted iPhones of presidential campaign officials
- The FBI is reportedly investigating a hack believed to be carried out by state-sponsored Chinese hackers known as Salt Typhoon.
- The hack targeted the iPhones of senior presidential campaign officials ahead of the US election.
- The FBI suspects that China targeted the iPhones of presidential campaign officials.
- China has denied involvement in the hack.
Read Full Article
10 Likes
Dev
2M
193
Image Credit: Dev
Schema Validation in Amazon DynamoDB
- Validating data in DynamoDB is crucial for maintaining data integrity, ensuring application reliability, and reducing errors.
- Without strict schema enforcement, data in DynamoDB can end up in inconsistent or incorrect formats.
- In serverless architectures, AWS Lambda is a common approach for server-side validation.
- Validating data in DynamoDB is a fundamental step to ensure data quality and avoid issues down the line.
Read Full Article
11 Likes
Mjtsai
2M
114
iPhones Mysteriously Rebooting Themselves
- Law enforcement officials in Detroit, Michigan are warning of iPhones rebooting when stored for forensic examination.
- The rebooting makes it harder to unlock the devices with brute force methods.
- Officials believe it could be due to a security feature added in iOS 18.
- A cryptographer and professor expressed skepticism but found the concept impressive.
Read Full Article
6 Likes
Dev
2M
243
Image Credit: Dev
Security news weekly round-up - 8th November 2024
- Autonomous Discovery of Critical Zero-Days: Researchers have used AI to find zero-day vulnerabilities. However, the traditional SAST tools have limitations due to pattern matching. The researchers have used automation in vulnerability discovery using their methodology.
- The biggest underestimated security threat of today? Advanced persistent teenagers: A previously underestimated security threat has come to light – Advanced Persistent Teenagers. These skilled hackers, who are financially motivated, have used credible email lures and convincing phone calls posing as a company’s help desk, to fool employees into giving away passwords or network access.
- Thousands of hacked TP-Link routers used in yearslong account takeover attacks: Criminals have managed to hack thousands of routers to compromise user credentials. Although the group responsible for the attacks is known- Storm-0940, it is unclear how the hackers are able to access the routers
- Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine: Google’s AI tool, Big Sleep, has found a previously undiscovered zero-day vulnerability in SQLite. The vulnerability is a stack buffer underflow - resulting in a crash or arbitrary code execution.
- DocuSign Abused to Deliver Fake Invoices: Cybercriminals have abused the legitimate service of DocuSign to send bogus requests to sign documents that may result in direct payments to the attackers’ accounts.
- Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps: Players using non-official sources to download game installers are vulnerable to infection from malware like Winos 4.0. The malware creates a multi-stage infection process.
Read Full Article
14 Likes
Pymnts
2M
455
Image Credit: Pymnts
AI Retail Race Heats Up as Shopify, Amazon and Google Launch New Tools
- Coveo partners with Shopify Plus to enhance AI personalization for online merchants, enabling real-time customization of search results and product recommendations.
- Jeff Bezos invests $400 million in Physical Intelligence, a company developing dexterous robots that can handle objects like humans, as major retailers accelerate automation efforts.
- Google's camera search tool, Lens, processes 20 billion searches monthly, with shopping queries making up 20% of traffic. New AI features allow users to instantly see product details and prices by photographing items.
- Google's security team warns of increasing AI vulnerabilities in commerce, urging companies to overhaul cybersecurity practices to defend against sophisticated AI-powered attacks.
Read Full Article
27 Likes
Medium
2M
308
Image Credit: Medium
Is Nordvpn Russian? — Comprehensive Guide And FAQs
- NordVPN is based in Panama, founded by a team of childhood Russian friends in Lithuania, but its infrastructure is not located in Russia.
- NordVPN is known for providing excellent security features, encryption protocols, and a no-logs policy that assures customers their browsing habits are not stored.
- Panama’s lack of mandatory data retention laws means that NordVPN is not obliged to store user data for law enforcement purposes.
- NordVPN is outside the 14 Eyes intelligence-sharing alliance, suggesting that user data is less likely to be accessed or shared with foreign governments.
- NordVPN offers AES-256 encryption, Double VPN, and Onion Over VPN features for additional layers of privacy and security.
- NordVPN has a pedigree for high performance, allowing seamless browsing, downloading, and streaming of shows in high definition without significant lag.
- NordVPN transparency reports, showcasing their commitment to user privacy, encourage external audits to validate their claims about the no-logs policy.
- NordVPN is legal in most countries and supports torrenting on specific servers, but using it for illegal activities is not permitted.
- NordVPN offers 24/7 customer support through live chat and email and has a comprehensive knowledge base available on their website.
- Weighing your needs against the offerings of a service like NordVPN can help ensure you make an informed decision and maintain your online safety.
Read Full Article
18 Likes
Medium
2M
404
Image Credit: Medium
Cloud Storage Showdown: Picking the Right Provider
- When choosing a cloud storage provider, consider factors like storage capacity, security, file sharing, offline access, and pricing.
- Dropbox is known for collaboration tools and easy sharing, but has some security concerns.
- iDrive and Sync.com offer strong security and unlimited storage.
- pCloud provides robust security, end-to-end encryption, and flexible pricing options.
Read Full Article
24 Likes
Securityaffairs
2M
128
Image Credit: Securityaffairs
Palo Alto Networks warns of potential RCE in PAN-OS management interface
- Palo Alto Networks warns customers to restrict access to their next-generation firewalls due to a potential remote code execution (RCE) vulnerability in the PAN-OS management interface.
- The company recommends following best practice guidelines for securing the management interface, including isolating it on a dedicated management VLAN, using jump servers for access, and limiting inbound IP addresses to approved management devices.
- Palo Alto Networks is actively monitoring for signs of exploitation but has no details on the specific vulnerability or any indicators of compromise at this time.
- The cybersecurity firm states that Prisma Access and cloud NGFW are believed to be unaffected by the potential vulnerability.
Read Full Article
7 Likes
Tech Radar
2M
110
Image Credit: Tech Radar
A new form of macOS malware is being used by devious North Korean hackers
- Devious North Korean state-sponsored hackers, known as BlueNoroff, have deployed a new piece of macOS malware.
- The malware targets cryptocurrency businesses and individuals in the West.
- BlueNoroff uses phishing emails and a fake PDF file to redirect victims to a malicious website.
- The malware establishes persistence, opens a back door, and can download additional payloads and run shell commands.
Read Full Article
6 Likes
For uninterrupted reading, download the app