A naukri.com initiative
Cyber Security News
Medium
7d
229
Image Credit: Medium
Is the Children’s Online Privacy Protection Act effective?
- The Children’s Online Privacy Protection Act (COPPA) regulates online data collection for children, empowering parents and guardians.
- Websites targeting children under 13 must comply with COPPA regulations, including informing users about data collection.
- Some platforms ban users under 13, while others require birth dates for registration to enforce age restrictions.
- Concerns remain about users falsifying age, lack of parental awareness, and the importance of reviewing Terms and Conditions for online privacy protection.
Read Full Article
13 Likes
Medium
7d
199
Image Credit: Medium
How can cyberbullying affect me?
- Cyberbullying can affect anyone in modern society through the use of technology to repeatedly harass, hurt, or intimidate others.
- Side effects of cyberbullying include increased anxiety, depression, feelings of worthlessness, trouble sleeping, and in severe cases, suicidal ideation.
- It is crucial to speak up and inform a trusted adult if you are being cyberbullied to get the necessary support and take steps to prevent further harassment.
- Do not respond to cyberbullying, report and block accounts involved, and take a break from technology to stop the bully's harassment and potentially have their account removed.
Read Full Article
12 Likes
Cybersecurity-Insiders
7d
4
The End of VPNs — Part 1: Why Reachability is the New Risk
- VPNs are considered risky due to their design, which exposes vulnerabilities according to Zscaler CSO Deepen Desai.
- Legacy remote access infrastructure is failing modern enterprises, with high concerns about unpatched VPNs leading to ransomware attacks.
- VPNs grant broad network access once authenticated, making them a significant security flaw in today's hybrid and cloud-first environments.
- ThreatLabz tracked over 400 CVEs related to VPN vulnerabilities between 2020 and 2025, with attackers exploiting them faster than patches are deployed.
- The lack of segmentation and containment within VPNs has led to major outages and breaches, resulting in urgent patch cycles.
- The blueprint for VPN exploitation includes finding exposed endpoints, compromising devices, moving laterally, and exfiltrating data or deploying ransomware.
- Attackers are now using AI to automate reconnaissance, plan attacks, and generate exploits faster than traditional defense teams can patch, posing a significant threat.
- Defenders need to adopt Zero Trust architecture and simplify their infrastructure to combat automated threats effectively.
- VPN failures not only pose external threats but also burden IT, security, and end users with outages, performance issues, and internal resource drains.
- VPNs can act as backdoors for third-party risks and expose vulnerabilities during mergers and acquisitions, making them a significant security concern.
Read Full Article
Like
Medium
7d
212
Image Credit: Medium
How to Choose the Best Security Question Answers
- It is important to be cautious while choosing security question answers as honesty can pose a risk.
- When selecting answers, it is advisable to provide false but memorable information rather than truthful details.
- Another strategy is to consistently use unrelated answers for security questions, making it harder for potential attackers to guess.
- Overall, it is crucial to be mindful of the information shared online and to have a plan in place for answering security questions to enhance protection against cyber threats.
Read Full Article
12 Likes
Hackernoon
7d
0
Image Credit: Hackernoon
Continuous CVE Practice Closes Critical Gap Between Vulnerability Alerts and Effective Defense
- Real-world practice with the latest CVEs is crucial for security teams to shift from reactive to proactive defense, according to INE Security.
- Security teams, facing over 26,000 new CVEs annually, are struggling with vulnerability alerts and compressed exploit windows.
- INE Security's Skill Dive platform offers hands-on experience with real vulnerabilities in controlled environments, enhancing incident response times.
- The platform includes monthly updates on high-impact vulnerabilities and exclusive labs for offensive and defensive practice.
- Practitioners gain attack pattern recognition, team coordination skills, and direct career advancement benefits through Skill Dive.
- Hands-on practice allows teams to respond faster to critical CVEs, such as Log4Shell, translating to quicker remediation.
- INE Security focuses on prioritizing actively exploited vulnerabilities in their Skill Dive Collection to provide practical exploitation and defense experience.
- Continuous training on new vulnerabilities helps security teams prevent more breaches and gain a strategic defense advantage.
- INE Security's Skill Dive platform offers individual subscriptions and enterprise packages for team training in cybersecurity.
- INE Security, a leading provider of online networking and cybersecurity training, aims to lower barriers for IT professionals seeking career advancement.
Read Full Article
Like
Digitaltrends
7d
399
Image Credit: Digitaltrends
Proton Drive review: Secure your files and photos with end-to-end encryption
- Proton Drive Plus offers strong end-to-end encryption and privacy, good cross-platform support, a convenient web app for file access, easy file and folder sharing, and a built-in document editor for collaboration.
- However, the photo gallery in Proton Drive isn't searchable, and the Windows app lacks photo access.
- Proton Drive offers free and paid plans, with savings on bundles, starting at $5 monthly for 200 GB of cloud storage with end-to-end encryption.
- The design of Proton Drive allows users to select and manage folders for backup, sync files across devices, and access files via desktop apps and web app.
- Using end-to-end encryption, Proton Drive ensures secure storage, quick sync of data, and convenient browsing of backups, files, documents, and media.
- The file sharing feature in Proton Drive is secure, allowing specific contacts or anyone with a link to access shared media, files, and folders.
- Proton Drive provides support through a support center and email assistance, with quick and helpful responses.
- Privacy and security are strong points of Proton Drive, with end-to-end encryption ensuring data safety and protection.
- Proton Drive is recommended for secure cloud backups and syncing files across devices securely, especially for those concerned about data security and privacy.
- Despite some limitations like the non-searchable photo gallery, Proton Drive is a good option for those looking for enhanced privacy and data protection online.
Read Full Article
24 Likes
Securityaffairs
7d
254
Image Credit: Securityaffairs
U.S. CISA adds Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
- U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog.
- CVE-2025-30397, CVE-2025-30400, CVE-2025-32701, CVE-2025-32706, and CVE-2025-32709 are the recently added vulnerabilities with their respective descriptions and severity scores.
- Microsoft addressed these flaws with the Patch Tuesday Security updates for May 2025 and confirmed their exploitation in the wild.
- CISA has issued a directive requiring federal agencies to address the vulnerabilities by June 3rd, 2025, and experts recommend private organizations to review and fix these vulnerabilities.
Read Full Article
15 Likes
Tech Radar
7d
216
Image Credit: Tech Radar
I sat down with two cooling experts to find out what AI's biggest problem is in the data center
- AI's growth in data centers is straining traditional air cooling systems as power and heat levels rise.
- Liquid cooling is increasingly crucial due to the surge in server density driven by AI developments.
- Hybrid cooling methods have emerged to address power and water consumption concerns in data centers but face adoption challenges.
- Experts Daren Shumate and Stephen Spinazzola highlight the increasing energy demands and cooling challenges posed by AI in data centers.
- AI's deployment in high-density clusters requires innovative cooling solutions like direct liquid cooling (DLC) due to the limitations of traditional air-cooling.
- The shift towards liquid cooling is driven by AI's substantial energy requirements and the need for more efficient cooling methods than air cooling.
- Power distribution to high-density AI computing racks poses challenges in terms of UPS power delivery and utility power management.
- Different cooling techniques like emersion cooling and cold plate cooling offer unique advantages and challenges in server cooling efficiency.
- The Hybrid-Dry/AdiabaticCooling (HDAC) design offers a dual-temperature cooling fluid system with significantly reduced water and energy usage for data centers.
- Despite its economic and environmental benefits, the adoption of HDAC faces reluctance and challenges due to the hesitance of being the first to implement new cooling technologies.
- In conclusion, data centers are adapting to the evolving cooling demands driven by AI's growth, necessitating innovative solutions to enhance efficiency and sustainability.
Read Full Article
13 Likes
Wired
7d
200
Image Credit: Wired
The Internet's Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge
- The internet's biggest-ever black market, Haowang Guarantee, was shut down on Telegram after the platform banned thousands of accounts linked to illicit finance operations.
- Haowang Guarantee facilitated tens of billions of dollars in illicit finance through third-party vendors offering services like money laundering and more to crypto scammers in East Asia.
- The closure of Haowang Guarantee followed a ban on its NFT, channels, and groups by Telegram, prompting the market to cease operations.
- Elliptic's findings revealed that Haowang Guarantee had conducted over $27 billion in total transactions, making it the largest black market operation in internet history.
- Telegram banned accounts of other markets like Xinbi Guarantee, which facilitated deals involving money laundering, stolen data, and sex trafficking.
- Telegram's move was praised as a significant win against online fraud by Elliptic's co-founder, signaling a dent in scammers' capabilities.
- Telegram reiterated its stance against criminal activities like scamming and money laundering, stating that such activities are forbidden on its platform.
- Despite the shutdown, there are concerns about potential relaunches by platforms like Xinbi Guarantee and Tudou Guarantee, which may face obstacles due to increased scrutiny.
- The involvement of powerful entities linked to the Cambodian ruling family in Haowang Guarantee highlights the challenges in combating the crypto scam industry.
- While the takedowns are a setback, they may not signal the end of online crime, with crypto scam operators potentially seeking less regulated platforms.
Read Full Article
12 Likes
Tech Radar
7d
70
Image Credit: Tech Radar
Chinese energy tech exports found to contain hidden comms and radio devices
- Rogue communication devices have been discovered in Chinese made solar inverters, prompting US energy officials to re-assess risks of emerging Chinese technologies in the renewable energy sector.
- These hidden communication devices could potentially destabilize power grids by evading firewalls, switching off inverters remotely, and causing widespread blackouts.
- The exact number and intent of these communication devices remain unknown, highlighting significant challenges with manufacturers disclosing functionalities and risks associated with emerging technologies.
- Amidst vulnerabilities in solar grids, the US may consider shifting production to domestic plants for a more secure supply chain, as Huawei remains the world's largest supplier of inverters, accounting for 29% of shipments globally in 2022.
Read Full Article
4 Likes
TechCrunch
7d
166
Image Credit: TechCrunch
White House scraps plan to block data brokers from selling Americans’ sensitive data
- A plan to block data brokers from selling Americans' sensitive data, including Social Security numbers, has been scrapped by a senior Trump administration official.
- The Consumer Financial Protection Bureau (CFPB) had aimed to close a loophole under the Fair Credit Reporting Act to regulate data brokers like other entities covered by the federal law.
- The rule was withdrawn, with the CFPB's acting director citing it as not aligned with their current interpretation of the law.
- Privacy advocates have long pushed for stricter regulations on data brokers who profit from selling personal data, despite inherent risks like recent data breaches involving sensitive information.
Read Full Article
10 Likes
The Register
7d
191
Image Credit: The Register
Why CVSS is failing us and what we can do about it
- CVSS revolutionized vulnerability management two decades ago, but its reliance on severity scores alone is now holding back security teams in measuring and prioritizing risks posed by vulnerabilities.
- Adversarial exposure validation bridges the gap between theoretical risk and real-world exposure by considering contextual factors like compensating controls, attack paths, and the business context, which CVSS scores overlook.
- Relying solely on CVSS ratings leads to wasted time patching low-risk vulnerabilities, overlooking critical attack paths, and getting trapped in a cycle of vulnerability overload.
- Adversarial Exposure Validation (AEV) shifts the focus from static severity scores to simulations of real-world attack techniques and scenarios specific to an organization, leading to sharper prioritization of vulnerabilities with real attack potential.
- Organizations that embrace exposure validation benefit from clearer prioritization, improved communication, and smarter security control testing, leading to more efficient remediation efforts.
- Exposure validation challenges risk scores, transforms them into dynamic decision-making tools, and empowers organizations to prove their security posture continuously against real attack behaviors.
- AEV enables organizations to adapt faster than adversaries by anchoring their strategies in continuous, real-world validation, elevating cybersecurity from reactive defense to proactive resilience.
- Moving towards dynamic exposure validation from CVSS-based risk scoring is not only a technical upgrade but a strategic imperative in modern cybersecurity to prioritize security efforts with evidence and remediate with confidence.
- The future of cybersecurity demands a shift towards evidence-based security, where organizations supplement prediction with proof, looking beyond traditional risk scoring models like CVSS.
- AEV transforms cybersecurity operations by enabling teams to act with clarity, precision, and focus on vulnerabilities that truly endanger critical assets, establishing a state of sustainable readiness with continuous, automated validation.
Read Full Article
11 Likes
Arstechnica
7d
308
Image Credit: Arstechnica
An $8.4 billion money launderer has been operating for years on US soil
- A Chinese-language service on Telegram operated as an all-purpose underground bazaar offering cash-out services to scammers, money laundering for North Korean hackers, and more.
- Xinbi Guarantee, a U.S.-registered company, facilitated $8.4 billion in transactions through its Telegram-based marketplace, mainly from money stolen from scam victims.
- The marketplace also featured services for child-bearing surrogacy, harassment-for-hire, sex trafficking, and other criminal activities.
- Elliptic's research highlights the extensive criminal offerings and the apparent legality of Xinbi Guarantee, despite its illicit operations.
Read Full Article
18 Likes
Hackers-Arise
7d
266
Image Credit: Hackers-Arise
Hacking Artificial Intelligence (AI) Large Language Models (LLMs)
- Large Language Models (LLMs) like ChatGPT, Claude, and Llama have opened up new attack surfaces despite offering tremendous capabilities.
- Techniques like the Context Ignoring Attack exploit the limitations in how LLMs process information to potentially bypass safeguards.
- Prompt Leaking involves trying to extract system prompts to understand model limitations and create targeted attacks.
- Role Play Attacks leverage the creative scenarios of LLMs to bypass safety measures by engaging the model in unethical roles.
- Prefix Injection manipulates model responses by adding specific text at the beginning of queries, influencing the output.
- Refusal Suppression attacks aim to stop LLMs from declining harmful queries by instructing them to avoid refusal statements.
- Sophisticated attackers combine techniques like refusal suppression and context ignoring for more successful attacks.
- Understanding vulnerabilities in LLMs is crucial as they become more integrated, leading to an escalating battle between exploiters and defenders.
Read Full Article
16 Likes
Tech Radar
7d
104
Image Credit: Tech Radar
Ivanti Neurons for ITSM could be targeted by authentication bypass flaw, so watch out
- Ivanti has released a patch for a critical-severity vulnerability in Neurons for ITSM IT service management solution, allowing potential admin rights on target systems.
- The vulnerability (CVE-2025-22462) affects on-prem instances before certain versions and can be exploited by remote unauthenticated actors.
- No evidence of exploitation in the wild has been reported yet, but users are urged to apply the fix as a preventive measure.
- Following Ivanti's security guidance can help reduce the risk of potential attacks, as organizations are advised to secure the IIS website and restrict access to specific IP addresses and domains.
Read Full Article
6 Likes
For uninterrupted reading, download the app