A naukri.com initiative
Cyber Security News
Wired
7d
137
Image Credit: Wired
CFPB Quietly Kills Rule to Shield Americans From Data Brokers
- The CFPB has scrapped plans to implement new rules aimed at restricting US data brokers from selling sensitive information about Americans.
- The proposed rule, titled 'Protecting Americans from Harmful Data Broker Practices,' intended to require data brokers to obtain consent before selling personal information.
- Acting director Russel Vought withdrew the proposal, citing updates to Bureau policies and a misalignment with the current interpretation of the Fair Credit Reporting Act.
- Data brokers operate a lucrative industry by collecting and selling detailed personal information without individuals' knowledge, leading to privacy concerns.
- Privacy advocates and organizations have criticized the withdrawal, emphasizing the risks posed by data brokers to national security and individuals' privacy.
- The FTA urged the rule's withdrawal, claiming it exceeded the CFPB's mandate and would hinder fraud prevention efforts by financial institutions.
- Experts warn that data brokers' practices can have severe consequences, from enabling scams and fraud to endangering public officials and survivors of domestic violence.
- CFPB employees faced job terminations recently, reducing the agency's staff, amid calls by some to eliminate the agency altogether.
- Concerns have been raised about data brokers' ability to track sensitive information, including military personnel locations, posing risks to national security.
- The withdrawal of the CFPB rule has been met with criticism from various quarters, highlighting the need for regulations to address privacy and national security concerns.
Read Full Article
8 Likes
Medium
7d
294
Image Credit: Medium
How start a cybersecurity career in trivandrum :which is better?
- Trivandrum is emerging as a hub for cybersecurity education and career growth, offering well-paying and stable job opportunities in the field.
- With entry-level salaries starting at INR 3–6 LPA, there is potential for rapid growth in earnings for cybersecurity professionals in Trivandrum.
- The city's expanding ecosystem, quality education, and industry demand make it conducive for budding cybersecurity specialists to flourish, offering various entry points into the field.
- Trivandrum provides ample opportunities for hands-on learning, training, internships, and job placements in the cybersecurity sector, with initiatives like Kerala Police Cyberdome boosting cybersecurity momentum in Kerala.
Read Full Article
17 Likes
Hackernoon
7d
329
Image Credit: Hackernoon
The HackerNoon Newsletter: The Startup Playbook Is a Lie. Ask Better Questions. (5/14/2025)
- The HackerNoon Newsletter brings tech news including articles on DNA data privacy, decoding URLs, and cybersecurity threats like Cactus ransomware.
- Top stories highlighted in the newsletter include 'The Startup Playbook Is a Lie. Ask Better Questions' and 'What Happens When Hackers Get Your DNA Data?'
- One article presents a new Chrome extension for decoding dangerous URLs instantly, while another warns about the evolving cyber threat of Cactus ransomware in 2025.
- The newsletter also encourages readers to answer the greatest interview questions of all time to consolidate technical knowledge and establish credibility in the tech community.
Read Full Article
19 Likes
Pv-Magazine
7d
175
Hidden devices found in Chinese-made inverters in the US, reports Reuters
- Unexplained communication devices found inside Chinese-made inverters in the US are sparking reassessment of risks by US officials.
- The devices include rogue communication devices not listed in product documents, found in some solar inverters and batteries from multiple Chinese suppliers.
- Reuters reports that these hidden devices could potentially create undocumented communication channels, raising concerns about cybersecurity vulnerabilities.
- European Solar Manufacturing Council expressed concern, calling for inverter security measures, amid growing discussion on cybersecurity in the European Union.
Read Full Article
10 Likes
Lastwatchdog
7d
258
News alert: INE Security highlights monthly CVE Labs aimed at sharpening real-world defense
- INE Security emphasizes the importance of hands-on practice with the latest CVEs for security teams to shift from reactive to proactive defense.
- With a surge in CVEs and shrinking exploit windows, practical experience is crucial in stopping attacks effectively.
- INE Security's Skill Dive platform offers exclusive labs for practicing real vulnerabilities in a safe environment.
- Challenges faced by security teams include risk prioritization, testing mitigations, and adapting defenses to diverse system configurations.
- Skill Dive provides practice with current threats, helping prevent future breaches through attack pattern recognition and team coordination.
- Hands-on training on actively exploited vulnerabilities like Log4Shell and Spring4Shell enables faster incident response.
- INE Security's approach focuses on deliberate practice with monthly updates, realistic environments, and documentation on effective mitigations.
- The platform includes labs for top-exploited vulnerabilities such as Cacti Import Packages RCE and Navidrome SQL Injection.
- Regular practice with new vulnerabilities enhances defense capabilities and strategic advantage for security teams.
- INE Security offers individual subscriptions and enterprise packages for Skill Dive, aiming to advance cybersecurity skills globally.
Read Full Article
15 Likes
Cybersecurity-Insiders
1w
70
Image Credit: Cybersecurity-Insiders
The Evolving Nature of DDoS Attacks: A Smokescreen for More Dangerous Threats
- Distributed Denial of Service (DDoS) attacks have long been a common tactic used by cybercriminals to overwhelm websites by flooding them with fake or malicious traffic, disrupting services for legitimate users.
- Recent research indicates a new trend where DDoS attacks are used as smokescreens to divert attention while cybercriminals carry out more targeted and damaging operations like data exfiltration and social engineering.
- Hackers initiate DDoS attacks to draw attention, allowing them to exploit vulnerabilities in systems, steal sensitive data, and conduct stealthy activities while security teams are preoccupied with mitigating the DDoS attack.
- To defend against evolving cyber threats, IT security teams are advised to enhance monitoring, implement layered security measures, develop response plans for dual-stage attacks, conduct regular security audits, and provide employee training on recognizing suspicious activities.
Read Full Article
4 Likes
Medium
1w
146
Image Credit: Medium
Building a Real-Time API Token Leak Detection and Response System Using Python
- API tokens are at risk of exposure through application logs, browser consoles, source code repositories, and error monitoring tools.
- Building a real-time API token leak detection and response system involves scanning log streams, detecting tokens using regex and ML scoring, sending alerts, auto-revoking leaked tokens, maintaining a dashboard, and sending events to various platforms.
- The system can be integrated with Slack, Microsoft Teams, SIEM platforms, and other tools for monitoring and responding to token leaks promptly.
- Implementing this system using Python can enhance security practices and help in safeguarding organizations against financial and reputational damage from data leaks.
Read Full Article
8 Likes
Tech Radar
1w
371
Image Credit: Tech Radar
It's been 3 weeks since M&S suffered a cyberattack and, after suffering a £1 billion drop in marcap, they still aren't taking online orders
- Marks & Spencer is still dealing with the aftermath of a cyberattack, with online orders remaining suspended three weeks after the incident.
- Customer data stolen during the breach includes contact details such as names, addresses, phone numbers, dates of birth, and order histories, but no passwords or payment information.
- The cybercriminals responsible for the attack utilized a cybercrime service called DragonForce, known for ransomware attacks, but no leaked M&S data has been posted on their darknet platform yet.
- M&S has been working with cybersecurity experts to contain the breach and has notified relevant authorities, but full online functionality is still uncertain as the retailer faces the consequences of the cyber incident.
Read Full Article
22 Likes
Medium
1w
371
Stay One Step Ahead: Security Settings You Shouldn’t Ignore
- Enable two-factor authentication (2FA) for added security in banking apps, email accounts, and services linked to money.
- Opt for financial services that allow real-time card freezing and unfreezing to prevent unauthorized spending.
- Set up push notifications or SMS alerts for all card transactions to detect fraud immediately.
- Utilize fingerprint or facial recognition for additional security on financial apps, especially in case of a lost or stolen phone.
Read Full Article
22 Likes
TechDigest
1w
187
Image Credit: TechDigest
McAfee launches AI tool to combat rising tide of scams
- McAfee has launched a new tool, McAfee’s Scam Detector, aimed at protecting individuals from increasing online scams, as Brits face an average of ten scam attempts daily.
- The tool utilizes advanced AI to identify and block scams delivered via text, email, and video in real-time.
- McAfee's Scam Detector offers high accuracy in text scam detection and goes beyond analyzing URLs by using contextual analysis to identify scams.
- The tool is designed with a mobile-first approach and works across various apps and platforms, including iMessage, WhatsApp, Messenger, Gmail, Microsoft, and Yahoo.
Read Full Article
11 Likes
Medium
1w
275
Image Credit: Medium
PRIVACY: Is it a Myth? or just Perspective?
- Privacy in the digital age is a complex and dynamic concept, constantly evolving due to the vast amount of personal information collected through social media and online platforms.
- Various theories exist on the definition of privacy, with different perspectives on the importance of protecting personal information from misuse by companies and third parties.
- The misuse of personal data, as seen in the Facebook-Cambridge Analytica scandal, highlights the challenges in understanding and controlling the extent of data collection by online services.
- To protect privacy, measures such as implementing clearer privacy policies, laws, self-regulation efforts, and privacy-enhancing tools are essential in minimizing the collection of sensitive metadata.
Read Full Article
16 Likes
Siliconangle
1w
258
Image Credit: Siliconangle
Linux Foundation debuts Cybersecurity Skills Framework to address enterprise talent gaps
- The Linux Foundation, with the Open Source Security Foundation and Linux Foundation Education, launched the Cybersecurity Skills Framework to address talent gaps in enterprises.
- The framework aims to help organizations identify and improve cybersecurity competencies across various IT job families beyond cybersecurity specialists.
- Despite high demand for cybersecurity roles, there are significant talent readiness gaps, with organizations facing challenges in hiring and onboarding skilled technical staff.
- The Cybersecurity Skills Framework provides an easily adaptable and globally relevant guide for organizations to assess, develop, and incorporate essential cybersecurity skills into all IT roles to enhance security readiness.
Read Full Article
15 Likes
Tech Radar
1w
338
Image Credit: Tech Radar
Hacker advertises alleged database of 89 million Steam 2FA codes, source of leak unknown
- A known cybercriminal and leaker, EnergyWeaponUser, is selling a new database allegedly containing more than 89 million Steam user records, phone numbers, and one-time access codes on the dark web.
- The source of the leaked database remains unknown, with speculation that it may have originated from a supply chain attack on Twilio, a cloud communications platform that provides SMS and MMS messaging services for companies.
- Twilio denied being breached and stated that there is no evidence to support the claim that the leaked data was obtained from their platform.
- Steam is advising its users to enable Steam Guard Mobile Authenticator and monitor their account activity in response to this potential data leak.
Read Full Article
20 Likes
VentureBeat
1w
58
Image Credit: VentureBeat
Patronus AI debuts Percival to help enterprises monitor failing AI agents at scale
- Patronus AI has launched Percival, a monitoring platform that automatically identifies failures in complex AI agent systems to address enterprise concerns about reliability.
- Percival is the first solution capable of detecting various failure patterns in AI agent systems, suggesting fixes, and optimizations automatically.
- The software can detect over 20 failure modes across four categories, offering benefits such as reduced debugging time for enterprises.
- The market for AI monitoring tools is expected to grow significantly as companies transition from experimental to mission-critical AI applications, and Patronus AI aims to cater to the enterprise AI safety market.
Read Full Article
3 Likes
Mcafee
1w
271
Image Credit: Mcafee
Keep It Real: How McAfee Is Using AI to Fight AI—and End Scam Stigma
- McAfee launched a digital ad with a rotating head to showcase AI's ability to mimic reality using generative AI, blurring the line between real and surreal.
- The campaign aims to highlight the importance of tools like McAfee's Scam Detector in detecting sophisticated AI-based deceptions.
- Alongside the ad campaign, McAfee introduced Scam Stories to share real experiences of scams, partnering with FightCybercrime.org to help people recognize and recover from scams.
- The campaign is not just about raising awareness but also taking action by donating $50,000 worth of McAfee protection and expanding education efforts through the Online Safety for Kids initiative.
Read Full Article
16 Likes
For uninterrupted reading, download the app