A naukri.com initiative
Cyber Security News
Securityaffairs
1w
4
Image Credit: Securityaffairs
Irish Data Protection Commission (DPC) fined Meta €251 million for a 2018 data breach
- Meta has been fined €251M ($263M) for a 2018 data breach affecting millions in the EU, marking another penalty for violating privacy laws.
- The Irish Data Protection Commission (DPC) fined Meta €251 million ($263M) for a 2018 data breach impacting 29 million Facebook accounts.
- The categories of personal data affected included: user’s full name; email address; phone number; location; place of work; date of birth; religion; gender; posts on timelines; groups of which a user was a member; and children’s personal data.
- Attackers exploited a vulnerability in the “View As” feature that allowed them to steal Facebook access tokens of the users, it allows users to see how others see their profile.
- The DPC fined Meta €251M for GDPR violations, citing insufficient breach notifications (€8M), poor breach documentation (€3M), design flaws (€130M), and default data protection failures (€110M).
- By allowing unauthorised exposure of profile information, the vulnerabilities behind this breach caused a grave risk of misuse of these types of data.”
- The hackers did not affect Facebook-owned Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps or advertising or developer accounts, the company said.
- We now know that fewer people were impacted than we originally thought,” said Facebook vice president of product management Guy Rosen in a conference call.
- The DPC found that MPIL had infringed these provisions, reprimanded MPIL, and ordered it to pay administrative fines of €110 million.
- This enforcement action highlights how the failure to build in data protection requirements throughout the design and development cycle can expose individuals to very serious risks and harms.
Read Full Article
Like
Dev
1w
372
Image Credit: Dev
How to Secure Your Next.js E-commerce Site with RBAC and Permit.io
- When building an e-commerce application, or any application that has to factor in user roles or some role level access, proper authorization becomes a very important business detail.
- In this tutorial, we will be building an e-commerce site that allows a user to sign up, create a store, and add a store manager. We’ll learn how we can use Permit.io to implement role-based access control in our Next.js e-commerce app.
- Permit is a full stack authorization as a service platform that allows you to build and manage permissions for your application with a friendly SDK and API.
- RBAC is a method of regulating access to computer or network resources based on the roles of individual users within an organization. The main components of RBAC include: Roles, Permissions, Users and Resources.
- We need a way to sync the users in our app with the users on permit.io. To achieve this we need a unique way to identify our users. It doesn’t matter what method of authentication we are using, we just need a unique id for each user. For this project, we are using JWT, so we can decode our JWT and use the user ID or email to sync users to permit.
- Using Permit.io for role-based access control (RBAC) allows us to manage roles and permissions for the e-commerce application easily. We can create roles, add resources and manage the permissions for resources in the policy editor.
- We were able to enforce role-based access control by using permit API. With this API, we checked the permissions of the currently signed in user before rendering pages such as create store, inventory and add manager.
- In the add manager page, we checked if the current user had “Admin” rights and only enabled the form for adding managers if the user had permission.
- We have successfully used Permit.io in our Next.js app to enforce permissions and add co-ownership feature for store owners.
- The complete tech stack for this tutorial includes: Vercel Postgres our managed Postgres database, Drizzle for our ORM, and Next.js our full stack framework.
Read Full Article
22 Likes
TechBullion
1w
66
Image Credit: TechBullion
Cybersecurity Trends Shaping IT Support in 2025
- Emerging cybersecurity trends will shape IT support by 2025.
- AI and machine learning will be utilized for proactive security measures.
- The Zero Trust model will become foundational for IT support strategies.
- Transition to quantum-resistant cryptography and cloud-native security solutions is crucial.
Read Full Article
4 Likes
Medium
1w
322
Image Credit: Medium
Stop Being Confused About Tor Relays
- A Tor relay is a server that helps route encrypted traffic through the Tor network.
- Each relay only knows about the ones it's directly connected to.
- Running a relay is about contributing to network infrastructure, not being a cyber-warrior.
- Your relay only sees encrypted packets going in and out, with no special access or magic involved.
Read Full Article
19 Likes
Medium
1w
105
Image Credit: Medium
Setting Up Python Virtual Environments (venv) on Kali Linux.
- A Python virtual environment is an isolated workspace where you can install Python packages without affecting the global Python installation.
- To create a virtual environment, verify the presence of 'pip' and 'venv' module.
- Activate the virtual environment to start using it and install required Python packages.
- To manage the virtual environment, you can delete it, reactivate it later, freeze dependencies, and install from requirements file.
Read Full Article
6 Likes
Tech Republic
1w
217
How to Manage Your Organization’s Cloud Security Posture
- Cloud adoption is on the rise, bringing along increased productivity and reduced costs.
- However, cloud environments can be vulnerable to security issues, requiring a comprehensive cloud security posture management (CSPM).
- Effective CSPM involves continuous monitoring, cloud hardening, and achieving visibility and compliance.
- Human error is a significant factor contributing to cloud security risks, and Gartner predicts that 99% of cloud security failures by 2025 will be the customer's fault.
Read Full Article
13 Likes
Lastwatchdog
1w
0
LW ROUNDTABLE: Compliance pressures intensify as new cybersecurity standards take hold
- Global pressure on companies to implement advanced data protection measures intensified, with new standards in encryption and software transparency raising the bar.
- AI security and safety standards, responsible AI adoption, AI red teaming, and other technologies - Quantum-resilient cryptography and Software Bill of Material (SBOM) requirements aimed at bolstering supply chain security explored are reshaping compliance expectations.
- Organizations will face increased pressure to measure and demonstrate their security posture, especially as regulatory requirements expand. With new regulations like NIS2, companies will need to prove they have the necessary security controls in place to avoid penalties.
- Vendors will need to demonstrate tangible outcomes, and privacy-enhancing technologies (PETs) such as trusted execution environments (TEEs) and fully homomorphic encryption (FHE) will receive investment from businesses to mitigate risks.
- New global regulations like the EU AI Act, GDPR updates, Malaysia's privacy laws, and U.S. state privacy laws are reshaping compliance.
- The NIST Cybersecurity Framework 2.0 emphasizes governance, while the SEC mandates cyber risk reporting and incident disclosures.
- AI-driven compliance tools are expected to dominate as regulatory demands grow, replacing manual GRC processes, and businesses to adopt agile GRC systems.
- Establishing rules to address emerging risks from Generative AI and defining issues with regulators and the risk management community is critical to this landscape.
- Fostering cross-department collaboration between compliance, IT and legal teams can help organizations stay ahead - and maintain stakeholders' trust.
- Businesses need to proactively detect and address risks in the software supply chain. Amazon's third-party property management vendor was the latest victim in the MOVEit Transfer incident.
Read Full Article
Like
Securityaffairs
1w
276
Image Credit: Securityaffairs
The Mask APT is back after 10 years of silence
- The Mask APT, a cyber espionage group, has resurfaced after 10 years of silence.
- Kaspersky researchers have linked recent targeted attacks to The Mask group.
- The group targeted an organization in Latin America and used an MDaemon email server for persistence.
- The Mask APT is known for its sophisticated techniques and has been active since at least 2007.
Read Full Article
16 Likes
Eu-Startups
1w
16
Rome’s rising stars: 10 early-stage startups you should keep and eye on
- Bufaga is a clean-tech startup focused on reducing vehicle emissions through patented filtration technology.
- Colossus focuses on helping institutions securely stake digital assets.
- CyLock is a cybersecurity platform specialising in AI-powered penetration testing and threat intelligence.
- DataKrypto specializes in protecting sensitive data through advanced encryption technology.
- E23 Retail focuses on developing tailored marketing strategies for the travel sector.
- Ocean Twist Biotechnology develops sustainable, high-performance aquaculture feeds using biotechnological processes.
- MyBiros provides an AI-powered solution to automate document processing.
- Syllo Tips integrates machine learning into its SaaS platform to revolutionise knowledge management for businesses.
- Ticketoo is an innovative startup offering a secure platform for buying and selling e-tickets in the secondary market.
- Wetacoo simplifies storage and moving services for individuals and businesses with just a few clicks.
Read Full Article
1 Like
Fintechnews
1w
385
Image Credit: Fintechnews
Revolut to Roll Out Enhanced Security Tool for Crypto Transactions in 2025
- Revolut plans to introduce its upgraded security tool, Revolut Pay, to crypto customers in 2025.
- The platform aims to address the rising fraud risks in digital asset transactions and has shown a 50% reduction in fraud attempts during a pilot test.
- Revolut Pay integrates advanced features such as KYC name matching, fraud alerts, proof of crypto delivery, and transaction risk scores.
- The system provides end-to-end control over transactions, blocking fraudulent activities and aims to create a more secure transactional environment for merchants and users.
Read Full Article
23 Likes
Cybersecurity-Insiders
1w
62
Image Credit: Cybersecurity-Insiders
How to Prevent Cyber Threats in the Chemical Sector
- The chemical sector faces increasing cyber threats that include industrial espionage, data breaches and ransomware. These risks can have serious implications, ranging from production downtime to safety risks. With the advancement of technology, cyber threats are increasing and an effective cybersecurity strategy is important. Companies should use a comprehensive approach to cybersecurity that includes employee training and effective policy implementation. Key strategies for preventing cyber threats include establishing strong access controls, isolating industrial control systems and protecting intellectual property.
- Chemical plants rely on both IT and operational technology (OT), so strong cybersecurity infrastructure is necessary for proper threat protection. Cybersecurity tools including network segmentation, threat detection systems and regular patching can assist with creating a cybersecurity infrastructure that is robust and effective. To ensure a cybersecurity-aware workforce, employee cybersecurity training should be a key priority.
- An effective cybersecurity governance framework is also necessary. Cybersecurity policy, risk assessments and compliance with industry standards are key. A cybersecurity incident response plan can also mitigate the effects of a cyberattack and maintain long-term success.
Read Full Article
3 Likes
Cybersecurity-Insiders
1w
121
Image Credit: Cybersecurity-Insiders
Ransomware attacks on Texas University and Namibia Telecom
- Interlock ransomware group targets Texas Tech University Health Sciences Center, exposing sensitive data of 1.46 million patients.
- Texas Tech has notified affected patients and advises them to remain vigilant against potential identity theft and phishing attacks.
- Telecom Namibia becomes the latest victim of Hunters International Ransomware Gang, exposing personal information of government officials.
- Attackers leaked stolen data on the dark web and encrypted messaging platforms to apply pressure and profit from the sale.
Read Full Article
7 Likes
Tech Radar
1w
1.1k
Image Credit: Tech Radar
Fake CAPTCHA pages used to spread infostealer malware
- Fake CAPTCHA pages are being used to spread the Lumma infostealer malware.
- The campaign called 'DeceptionAds' tricks victims through fake ads and redirects them to a fake CAPTCHA page.
- The CAPTCHA page contains JavaScript code that copies a malicious PowerShell command into the clipboard.
- To solve the CAPTCHA, users are instructed to paste the code into CMD and run it, leading to the download and execution of Lumma Stealer.
Read Full Article
23 Likes
Fintechnews
1w
108
Image Credit: Fintechnews
Visa Ramps Up AI-Powered Fraud Prevention During Holiday Shopping Globally
- Visa's fraud prevention system blocked nearly 85% more suspected fraudulent transactions globally this Cyber Monday compared to last year.
- Suspected fraudulent activity surged by 200% worldwide over the holiday weekend, with fraudsters using advanced AI tools to target transactions.
- Visa deployed its own AI and machine learning technologies to detect and prevent fraudulent activity across all shopping platforms.
- Visa has invested $11 billion in technology to combat fraud, including the development of the Visa Account Attack Intelligence Score.
Read Full Article
6 Likes
Pymnts
1w
230
Image Credit: Pymnts
AI Signal Vulnerability May Invite Model Theft
- Researchers have discovered a potential method to extract AI models by capturing electromagnetic signals from computers, posing a threat to commercial AI development.
- The real-world implications and defenses against such techniques remain unclear.
- Hackers targeting AI models can undermine businesses' investments, erode trust, and enable competitors to leapfrog innovation.
- The susceptibility of AI models to attacks may lead companies to invest in improved security measures.
Read Full Article
13 Likes
For uninterrupted reading, download the app