A naukri.com initiative
Cyber Security News
Pymnts
7d
161
Image Credit: Pymnts
US Banks ‘Prime Candidate for Exploitation’ by Money Launderers
- Banks in the United States are increasingly being targeted by money launderers connected to drug cartels.
- Money launderers utilize underground networks to deposit cash from drug sales at US bank branches and ATMs.
- Incidents like a Chinese network depositing $92 million in cash at major banks have raised concerns.
- The banking industry is urging the US government to revamp anti-money laundering regulations to combat fraud effectively.
Read Full Article
9 Likes
Tech Radar
7d
360
Image Credit: Tech Radar
Largest US steel manufacturer puts production on the backburner after cyber attack
- Nucor, a major US steel manufacturer, had to halt parts of its operations due to a cyberattack.
- The company confirmed the unauthorized access of certain IT systems by a third party and took measures to contain the incident.
- The decision to temporarily stop production operations has raised speculations of a possible ransomware attack.
- No threat actors have claimed responsibility, and the extent of data breach remains unknown.
Read Full Article
21 Likes
Lastwatchdog
7d
252
GUEST ESSAY: Cybercrime for hire: small businesses are the new bullseye of the Dark Web
- Small businesses are increasingly targeted by cybercriminals due to their lack of cybersecurity expertise and resources.
- The dark web offers easy access to cybercrime-as-a-service tools, making it cheaper and simpler to launch attacks on small businesses.
- AI-powered tools are being used to scale attacks, tailor phishing lures, write malware, and evade detection, posing a significant threat to small businesses.
- To protect themselves, small businesses should prioritize employee training, use AI-powered security tools, invest in cyber insurance, and consider partnering with managed service providers.
Read Full Article
15 Likes
VentureBeat
7d
203
Image Credit: VentureBeat
You.com’s ARI Enterprise crushes OpenAI in head-to-head tests, aims at deep research market
- You.com has launched ARI Enterprise, claiming it outperforms OpenAI in head-to-head tests and excels in accuracy on independent benchmarks.
- ARI achieved 80% accuracy on the FRAMES benchmark, surpassing major competitors.
- This advanced research platform offers 4x greater depth and breadth and connects to internal corporate data sources.
- ARI Enterprise provides 35% more insights and facts per research project, with enhanced integration capabilities.
- Early adopters include venture capital firms, consulting agencies, and research institutions.
- The platform's interactive approach involves collaboration with users to refine research plans and guide analysis.
- Founder Richard Socher emphasizes ARI's role in augmenting analysts' efficiency, not replacing them.
- You.com believes ARI Enterprise democratizes access to high-quality research and transforms professional roles.
- The company raised $99 million to challenge Google's search dominance and has reported significant revenue growth.
- ARI Enterprise changes how businesses process information, offering comprehensive, verified analysis in minutes.
Read Full Article
12 Likes
Tech Radar
7d
286
Image Credit: Tech Radar
SAP NetWeaver woes worsen as ransomware gangs join the attack
- Multiple ransomware operators are targeting a severe vulnerability in SAP NetWeaver Visual Composer, enabling unauthorized actors to upload malicious executables.
- Around 1,200 SAP instances were reported to be at risk from this vulnerability, CVE-2025-31324.
- Ransomware families like BianLian and RansomEXX, along with Chinese state-sponsored actors, have been identified in exploiting the flaw.
- SAP quickly released a patch for the bug but multiple attacks were observed in the wild, emphasizing the critical nature of the security issue.
Read Full Article
17 Likes
Arstechnica
7d
373
Image Credit: Arstechnica
Spies hack high-value mail servers using an exploit from yesteryear
- Threat actors, possibly supported by the Russian government, hacked high-value mail servers globally by exploiting XSS vulnerabilities.
- XSS vulnerabilities allow attackers to execute malicious code in browsers through programming errors in webserver software.
- The exploits originated from a bug class widely exploited in the past and primarily involve the execution of JavaScript.
- The Kremlin-linked hacking group Sednit gained access to email accounts by targeting vulnerabilities in mail server software like Roundcube, MDaemon, Horde, and Zimbra.
Read Full Article
22 Likes
TechCrunch
7d
365
Image Credit: TechCrunch
Coinbase says customers’ personal information stolen in data breach
- Crypto giant Coinbase confirms data breach where customer data, including personal information and government-issued ID documents, were stolen.
- Hacker obtained customer account information and demanded $20 million ransom, which Coinbase refuses to pay.
- The hacker accessed customer names, addresses, phone numbers, Social Security numbers, bank account details, and government IDs.
- Less than 1% of Coinbase's customers were affected by the breach, with estimated incident remediation and reimbursement costs between $180 million to $400 million.
Read Full Article
21 Likes
Kaspersky
7d
132
Image Credit: Kaspersky
Apple beefs up parental controls: what it means for kids | Kaspersky official blog
- Apple announced new initiatives for safer environment for kids using their devices, including easier setup of kids' accounts and sharing children's age with app developers for content control.
- Updates will be available later this year, with simplified Child Account creation and age editing options for parents.
- Apple will apply age-appropriate web content filters if parents don't set up devices for under-13 children; parental consent will be required for app downloads.
- New Declared Age Range API aims to address online age verification issue, allowing parents to authorize sharing age category with app developers.
- Apple introduces an updated age rating system with five categories to provide clearer app appropriateness information.
- Apple and Meta disagree on responsibility for online child safety, with Meta advocating age verification by app stores and Apple emphasizing app developer responsibility.
- There are concerns about entrusting child safety to tech giants profit from addictive products; Apple and Meta have faced criticisms over targeting young users.
- Child psychology experts warn about negative effects of unlimited digital content consumption on children's mental and physical health.
- Apple's advancements may be futile if third-party app developers do not cooperate; relying solely on tech giants' solutions is cautioned against.
- Kaspersky Safe Kids offers parental control solution to monitor child's activity, customize restrictions, and prevent digital addiction.
Read Full Article
7 Likes
Kaspersky
7d
95
Image Credit: Kaspersky
How phishing emails are sent from [email protected] | Kaspersky official blog
- Scammers are using a phishing scheme that impersonates genuine Google services to deceive victims.
- Phishing emails mimic official Google notifications, using a legitimate Google address: [email protected].
- Victims receive an email claiming Google has been subpoenaed for their account data, with a link to a fake Google support page.
- The link appears genuine with an official Google domain but actually leads to a phishing site on sites.google.com.
- Attackers exploit trust in the Google domain, making it challenging to spot the scam without close inspection.
- Scammers registered a domain, set up a fake Google Workspace account, and used OAuth technology for this phishing scheme.
- Although Google OAuth doesn't share credentials, it can provide limited account access to scammers.
- Victims were directed to download potentially malicious 'legal documents' on the fake Google Support page.
- Users are advised to carefully examine email headers, avoid clicking suspicious links, and use robust security solutions to prevent falling for phishing scams.
- Google is working on fixing the OAuth vulnerability that scammers exploited in this phishing campaign.
Read Full Article
5 Likes
Tech Radar
7d
66
Image Credit: Tech Radar
Millions seized and 17 arrested in Europol criminal banking bust
- Europol has successfully dismantled a criminal banking network involving 17 arrests across Europe.
- The arrested individuals, mainly of Chinese and Syrian nationality, are accused of providing money laundering services to criminals.
- Assets worth €4.5 million, electronic devices, firearms, €183,000 in cryptocurrency, and 77 bank accounts were seized in the takedown.
- Criminals are increasingly utilizing alternative banking methods to evade law enforcement and conduct illegal activities.
Read Full Article
3 Likes
Medium
7d
107
this is how small Instagram pages for earning large per month
- Many micro-Instagram pages in India with 10K–100K followers are earning ₹1–5 lakhs per month through various revenue streams and smart strategies.
- The revenue streams include paid shoutouts & collabs, affiliate marketing, digital products, paid newsletters, service offers, UGC licensing, and Instagram Shop/dropship. They typically earn ₹1 lakh – ₹4 lakhs+ per month.
- Influencers and content creators focus on niche positioning, content repurposing, trending formats, engagement loops, batching & scheduling to maximize their reach and engagement.
- Automation tools like ManyChat, PhantomBuster, Meta Business Suite, Later/Planoly, Jarvee, ChatGPT, Canva Pro, and Link-in-Bio tools help in automating tasks, scheduling posts, and optimizing content creation for increased efficiency.
Read Full Article
6 Likes
Tech Radar
7d
145
Image Credit: Tech Radar
Dior fashion brand hit by cyberattack and customer data leaked - here's what we know
- Global fashion brand Dior has confirmed a cyberattack where sensitive customer data was compromised.
- No passwords or payment data was taken in the attack.
- Dior is investigating the incident with the help of cybersecurity experts and no groups have claimed responsibility yet.
- Although passwords and payment information were not accessed, customer names, addresses, phone numbers, and purchase history were compromised.
Read Full Article
8 Likes
Global Fintech Series
7d
365
Image Credit: Global Fintech Series
Experimentation Frameworks for Fintech Product Iteration
- Experimentation frameworks play a vital role in helping Fintech companies adapt to evolving user expectations and regulatory environments, driving sustainable growth and delivering customer value.
- Key components of an effective experimentation framework in Fintech include hypothesis-driven development, segmentation, A/B testing, sequential testing, and defining success metrics.
- Fintech experimentation frameworks must consider compliance and risk factors, such as GDPR, PSD2, and AML directives, due to the sensitive nature of financial data.
- Successful experimentation leads to continuous improvement, guiding product pivots, informing pricing models, and inspiring new features in Fintech products.
- As AI and machine learning advance in Fintech, experimentation will focus on testing intelligent systems like personalized loan offers and predictive fraud detection.
- The future of experimentation in Fintech includes integrating explainable AI (XAI) to help stakeholders understand the reasoning behind changes, promoting transparent and compliant innovation.
- Building a culture of experimentation is mission-critical for Fintech companies to stay agile, competitive, and deliver user-centric solutions while addressing risk and compliance challenges.
- Continuous learning, scalability testing, and controlled rollouts are essential steps post-successful experimentation to ensure consistent feature performance across a broader user base.
- Fintech companies invest in data platforms and experimentation tools like Optimizely, LaunchDarkly, and product analytics tools to support robust experimentation frameworks.
- Collaboration between legal, compliance, product, and data science teams is crucial to ensure Fintech experiments align with regulatory standards and innovation goals.
- Experimentation frameworks in Fintech enable teams to test, learn, and iterate rapidly and efficiently, making data-driven decisions to enhance user engagement and business outcomes.
Read Full Article
21 Likes
Insider
7d
211
Image Credit: Insider
A European defense startup is making drone submarines that can lurk underwater for 3 months at a time
- German defense tech startup Helsing is developing AI-equipped submarine drones that can operate underwater for up to three months at a time.
- The drones, controlled by a single operator, use AI software to detect subsea threats, identify ships, and submarines based on sound patterns.
- With European militaries increasing sea monitoring efforts, Helsing's drones aim to bolster defenses amid growing threats to critical subsea cable infrastructure.
- NATO's focus on defending underwater infrastructure and collaboration with startups like Helsing reflects the importance of using advanced technology for maritime security.
Read Full Article
12 Likes
Dev
7d
315
Image Credit: Dev
How to Effectively Vet Your Supply Chain for Optimal Performance
- SafeDep's vet tool helps guard software supply chains by checking libraries for hidden risks, preventing potential security breaches and malware spread.
- Supply chain attacks, such as malicious code injection, require a comprehensive solution like vet, which goes beyond conventional scanning methods.
- vet uses CEL to automate compliance, customize risk thresholds, and leverage vulnerability feeds, popularity metrics, and more for risk assessment.
- Key features of vet include code analysis, OSV integration, popularity checks, license compliance, OpenSSF Scorecards, and transitive dependency coverage.
- Installation of vet involves using CLI commands for setting up filter suites and running scans to ensure supply chain security.
- Integration with CI/CD workflows, like GitHub Actions, allows vet to assess policies on every pull request, facilitating early security checks.
- Real-world case studies show significant reductions in high-severity vulnerabilities and unmaintained packages after implementing vet in organizations.
- By enforcing policies and automating remediation workflows, vet enhances security, reducing vulnerabilities and accelerating response times.
- vet revolutionizes software supply chain security by integrating policy-as-code principles and metadata from various sources for comprehensive protection.
- Organizations can define security requirements in CEL filters, enforce them in CI/CD pipelines, and improve risk management with vet's real-time defense capabilities.
Read Full Article
18 Likes
For uninterrupted reading, download the app