A naukri.com initiative
Cyber Security News
TechCrunch
9h
142
Image Credit: TechCrunch
White House scraps plan to block data brokers from selling Americans’ sensitive data
- A plan to block data brokers from selling Americans' sensitive data, including Social Security numbers, has been scrapped by a senior Trump administration official.
- The Consumer Financial Protection Bureau (CFPB) had aimed to close a loophole under the Fair Credit Reporting Act to regulate data brokers like other entities covered by the federal law.
- The rule was withdrawn, with the CFPB's acting director citing it as not aligned with their current interpretation of the law.
- Privacy advocates have long pushed for stricter regulations on data brokers who profit from selling personal data, despite inherent risks like recent data breaches involving sensitive information.
Read Full Article
8 Likes
The Register
10h
164
Image Credit: The Register
Why CVSS is failing us and what we can do about it
- CVSS revolutionized vulnerability management two decades ago, but its reliance on severity scores alone is now holding back security teams in measuring and prioritizing risks posed by vulnerabilities.
- Adversarial exposure validation bridges the gap between theoretical risk and real-world exposure by considering contextual factors like compensating controls, attack paths, and the business context, which CVSS scores overlook.
- Relying solely on CVSS ratings leads to wasted time patching low-risk vulnerabilities, overlooking critical attack paths, and getting trapped in a cycle of vulnerability overload.
- Adversarial Exposure Validation (AEV) shifts the focus from static severity scores to simulations of real-world attack techniques and scenarios specific to an organization, leading to sharper prioritization of vulnerabilities with real attack potential.
- Organizations that embrace exposure validation benefit from clearer prioritization, improved communication, and smarter security control testing, leading to more efficient remediation efforts.
- Exposure validation challenges risk scores, transforms them into dynamic decision-making tools, and empowers organizations to prove their security posture continuously against real attack behaviors.
- AEV enables organizations to adapt faster than adversaries by anchoring their strategies in continuous, real-world validation, elevating cybersecurity from reactive defense to proactive resilience.
- Moving towards dynamic exposure validation from CVSS-based risk scoring is not only a technical upgrade but a strategic imperative in modern cybersecurity to prioritize security efforts with evidence and remediate with confidence.
- The future of cybersecurity demands a shift towards evidence-based security, where organizations supplement prediction with proof, looking beyond traditional risk scoring models like CVSS.
- AEV transforms cybersecurity operations by enabling teams to act with clarity, precision, and focus on vulnerabilities that truly endanger critical assets, establishing a state of sustainable readiness with continuous, automated validation.
Read Full Article
9 Likes
Arstechnica
11h
265
Image Credit: Arstechnica
An $8.4 billion money launderer has been operating for years on US soil
- A Chinese-language service on Telegram operated as an all-purpose underground bazaar offering cash-out services to scammers, money laundering for North Korean hackers, and more.
- Xinbi Guarantee, a U.S.-registered company, facilitated $8.4 billion in transactions through its Telegram-based marketplace, mainly from money stolen from scam victims.
- The marketplace also featured services for child-bearing surrogacy, harassment-for-hire, sex trafficking, and other criminal activities.
- Elliptic's research highlights the extensive criminal offerings and the apparent legality of Xinbi Guarantee, despite its illicit operations.
Read Full Article
15 Likes
Tech Radar
11h
89
Image Credit: Tech Radar
Ivanti Neurons for ITSM could be targeted by authentication bypass flaw, so watch out
- Ivanti has released a patch for a critical-severity vulnerability in Neurons for ITSM IT service management solution, allowing potential admin rights on target systems.
- The vulnerability (CVE-2025-22462) affects on-prem instances before certain versions and can be exploited by remote unauthenticated actors.
- No evidence of exploitation in the wild has been reported yet, but users are urged to apply the fix as a preventive measure.
- Following Ivanti's security guidance can help reduce the risk of potential attacks, as organizations are advised to secure the IIS website and restrict access to specific IP addresses and domains.
Read Full Article
5 Likes
Wired
11h
118
Image Credit: Wired
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
- The CFPB has scrapped plans to implement new rules aimed at restricting US data brokers from selling sensitive information about Americans.
- The proposed rule, titled 'Protecting Americans from Harmful Data Broker Practices,' intended to require data brokers to obtain consent before selling personal information.
- Acting director Russel Vought withdrew the proposal, citing updates to Bureau policies and a misalignment with the current interpretation of the Fair Credit Reporting Act.
- Data brokers operate a lucrative industry by collecting and selling detailed personal information without individuals' knowledge, leading to privacy concerns.
- Privacy advocates and organizations have criticized the withdrawal, emphasizing the risks posed by data brokers to national security and individuals' privacy.
- The FTA urged the rule's withdrawal, claiming it exceeded the CFPB's mandate and would hinder fraud prevention efforts by financial institutions.
- Experts warn that data brokers' practices can have severe consequences, from enabling scams and fraud to endangering public officials and survivors of domestic violence.
- CFPB employees faced job terminations recently, reducing the agency's staff, amid calls by some to eliminate the agency altogether.
- Concerns have been raised about data brokers' ability to track sensitive information, including military personnel locations, posing risks to national security.
- The withdrawal of the CFPB rule has been met with criticism from various quarters, highlighting the need for regulations to address privacy and national security concerns.
Read Full Article
7 Likes
Medium
12h
245
Image Credit: Medium
How start a cybersecurity career in trivandrum :which is better?
- Trivandrum is emerging as a hub for cybersecurity education and career growth, offering well-paying and stable job opportunities in the field.
- With entry-level salaries starting at INR 3–6 LPA, there is potential for rapid growth in earnings for cybersecurity professionals in Trivandrum.
- The city's expanding ecosystem, quality education, and industry demand make it conducive for budding cybersecurity specialists to flourish, offering various entry points into the field.
- Trivandrum provides ample opportunities for hands-on learning, training, internships, and job placements in the cybersecurity sector, with initiatives like Kerala Police Cyberdome boosting cybersecurity momentum in Kerala.
Read Full Article
14 Likes
Hackernoon
12h
285
Image Credit: Hackernoon
The HackerNoon Newsletter: The Startup Playbook Is a Lie. Ask Better Questions. (5/14/2025)
- The HackerNoon Newsletter brings tech news including articles on DNA data privacy, decoding URLs, and cybersecurity threats like Cactus ransomware.
- Top stories highlighted in the newsletter include 'The Startup Playbook Is a Lie. Ask Better Questions' and 'What Happens When Hackers Get Your DNA Data?'
- One article presents a new Chrome extension for decoding dangerous URLs instantly, while another warns about the evolving cyber threat of Cactus ransomware in 2025.
- The newsletter also encourages readers to answer the greatest interview questions of all time to consolidate technical knowledge and establish credibility in the tech community.
Read Full Article
17 Likes
Pv-Magazine
12h
151
Hidden devices found in Chinese-made inverters in the US, reports Reuters
- Unexplained communication devices found inside Chinese-made inverters in the US are sparking reassessment of risks by US officials.
- The devices include rogue communication devices not listed in product documents, found in some solar inverters and batteries from multiple Chinese suppliers.
- Reuters reports that these hidden devices could potentially create undocumented communication channels, raising concerns about cybersecurity vulnerabilities.
- European Solar Manufacturing Council expressed concern, calling for inverter security measures, amid growing discussion on cybersecurity in the European Union.
Read Full Article
9 Likes
Cybersecurity-Insiders
13h
61
Image Credit: Cybersecurity-Insiders
The Evolving Nature of DDoS Attacks: A Smokescreen for More Dangerous Threats
- Distributed Denial of Service (DDoS) attacks have long been a common tactic used by cybercriminals to overwhelm websites by flooding them with fake or malicious traffic, disrupting services for legitimate users.
- Recent research indicates a new trend where DDoS attacks are used as smokescreens to divert attention while cybercriminals carry out more targeted and damaging operations like data exfiltration and social engineering.
- Hackers initiate DDoS attacks to draw attention, allowing them to exploit vulnerabilities in systems, steal sensitive data, and conduct stealthy activities while security teams are preoccupied with mitigating the DDoS attack.
- To defend against evolving cyber threats, IT security teams are advised to enhance monitoring, implement layered security measures, develop response plans for dual-stage attacks, conduct regular security audits, and provide employee training on recognizing suspicious activities.
Read Full Article
3 Likes
Medium
13h
126
Image Credit: Medium
Building a Real-Time API Token Leak Detection and Response System Using Python
- API tokens are at risk of exposure through application logs, browser consoles, source code repositories, and error monitoring tools.
- Building a real-time API token leak detection and response system involves scanning log streams, detecting tokens using regex and ML scoring, sending alerts, auto-revoking leaked tokens, maintaining a dashboard, and sending events to various platforms.
- The system can be integrated with Slack, Microsoft Teams, SIEM platforms, and other tools for monitoring and responding to token leaks promptly.
- Implementing this system using Python can enhance security practices and help in safeguarding organizations against financial and reputational damage from data leaks.
Read Full Article
7 Likes
VentureBeat
13h
14
Image Credit: VentureBeat
Meet AlphaEvolve, the Google AI that writes its own code—and just saved millions in computing costs
- Google DeepMind has unveiled AlphaEvolve, an AI agent that creates new computer algorithms and implements them in Google's computing systems.
- AlphaEvolve uses Google's Gemini language models and an evolutionary approach to refine and enhance algorithms automatically.
- The system has been integrated into Google's data centers, chip designs, and AI training systems, improving efficiency and solving complex mathematical problems.
- AlphaEvolve discovered an algorithm that boosts Google's computing resource efficiency by 0.7% and optimized Google's hardware design for Tensor Processing Units.
- It also improved the matrix multiplication kernel, cutting overall training time by 1% and reducing energy consumption for AI systems.
- AlphaEvolve developed new matrix multiplication algorithms and surpassed a mathematical record that had stood for 56 years.
- This AI system matched or improved state-of-the-art solutions in various mathematical areas, including geometry and number theory.
- AlphaEvolve uses an evolutionary approach to propose and refine code changes, exploring novel solutions that humans may not have considered.
- The system's potential extends to material sciences, drug discovery, and other fields requiring complex algorithms.
- Google DeepMind plans to launch an Early Access Program and envisions broader applications for AlphaEvolve beyond Google's infrastructure.
Read Full Article
Like
Tech Radar
13h
323
Image Credit: Tech Radar
It's been 3 weeks since M&S suffered a cyberattack and, after suffering a £1 billion drop in marcap, they still aren't taking online orders
- Marks & Spencer is still dealing with the aftermath of a cyberattack, with online orders remaining suspended three weeks after the incident.
- Customer data stolen during the breach includes contact details such as names, addresses, phone numbers, dates of birth, and order histories, but no passwords or payment information.
- The cybercriminals responsible for the attack utilized a cybercrime service called DragonForce, known for ransomware attacks, but no leaked M&S data has been posted on their darknet platform yet.
- M&S has been working with cybersecurity experts to contain the breach and has notified relevant authorities, but full online functionality is still uncertain as the retailer faces the consequences of the cyber incident.
Read Full Article
19 Likes
Medium
14h
324
Stay One Step Ahead: Security Settings You Shouldn’t Ignore
- Enable two-factor authentication (2FA) for added security in banking apps, email accounts, and services linked to money.
- Opt for financial services that allow real-time card freezing and unfreezing to prevent unauthorized spending.
- Set up push notifications or SMS alerts for all card transactions to detect fraud immediately.
- Utilize fingerprint or facial recognition for additional security on financial apps, especially in case of a lost or stolen phone.
Read Full Article
19 Likes
TechDigest
15h
164
Image Credit: TechDigest
McAfee launches AI tool to combat rising tide of scams
- McAfee has launched a new tool, McAfee’s Scam Detector, aimed at protecting individuals from increasing online scams, as Brits face an average of ten scam attempts daily.
- The tool utilizes advanced AI to identify and block scams delivered via text, email, and video in real-time.
- McAfee's Scam Detector offers high accuracy in text scam detection and goes beyond analyzing URLs by using contextual analysis to identify scams.
- The tool is designed with a mobile-first approach and works across various apps and platforms, including iMessage, WhatsApp, Messenger, Gmail, Microsoft, and Yahoo.
Read Full Article
9 Likes
Medium
15h
241
Image Credit: Medium
PRIVACY: Is it a Myth? or just Perspective?
- Privacy in the digital age is a complex and dynamic concept, constantly evolving due to the vast amount of personal information collected through social media and online platforms.
- Various theories exist on the definition of privacy, with different perspectives on the importance of protecting personal information from misuse by companies and third parties.
- The misuse of personal data, as seen in the Facebook-Cambridge Analytica scandal, highlights the challenges in understanding and controlling the extent of data collection by online services.
- To protect privacy, measures such as implementing clearer privacy policies, laws, self-regulation efforts, and privacy-enhancing tools are essential in minimizing the collection of sensitive metadata.
Read Full Article
14 Likes
For uninterrupted reading, download the app