A naukri.com initiative
Cyber Security News
Cybersecurity-Insiders
1w
192
Image Credit: Cybersecurity-Insiders
Digital identity fatigue: The hidden impact on security, engagement, and business longevity
- Password fatigue, stemming from the need to manage multiple login credentials, can impact security, engagement, and business success.
- Individuals often resort to weak password practices due to managing numerous accounts, leading to increased support costs and reduced customer loyalty.
- Password managers offer convenience but may not fully address the burden of managing numerous digital identities.
- Exploitation of password fatigue through phishing attacks can jeopardize user data and trust in service providers.
- The solution lies in adopting reusable account systems that simplify authentication without compromising security.
- A reusable account approach allows users to access multiple services with a single set of credentials, enhancing security and user experience.
- By consolidating data into fewer platforms, users can better protect their information and reduce the risk of data breaches.
- Enhanced control over personal data and streamlined account management are benefits of using a reusable account system.
- Intuitive solutions like reusable accounts offer lasting benefits by reducing user frustrations and support requests while improving overall customer satisfaction.
- Addressing digital identity fatigue is crucial for businesses to maintain customer trust, engagement, and long-term success in the evolving digital landscape.
Read Full Article
11 Likes
Dev
1w
267
Image Credit: Dev
Reducing Security Threats Through Strengthened Access Control
- Access control plays a critical role in managing both external threats and internal security risks in the face of increasing security breaches and remote work environments.
- It enforces the principles of confidentiality, integrity, and availability by restricting unauthorized access and minimizing security incidents through the principle of least privilege.
- Establishing clear policies and a management framework is vital in achieving security, with access control serving as a foundational step to enhance security levels.
- Access control regulates who can access resources in an information system, ensuring only authorized entities can view or use specific data or systems.
- Authentication verifies user or system identity, while authorization defines access rights, both essential in securing access control.
- Role-Based Access Control (RBAC) assigns permissions based on user roles, while Attribute-Based Access Control (ABAC) uses attributes for access rights, contributing to enhanced security.
- Multi-Factor Authentication (MFA) strengthens security by requiring multiple authentication factors, reducing unauthorized access risks.
- Corporations, healthcare institutions, and public sectors use access control methods like RBAC, ABAC, and MFA to manage access and protect sensitive data.
- Developing a security policy, regularly reviewing accounts and privileges, and implementing log analysis for early threat detection are crucial strategies to strengthen access control.
- Access control, a fundamental security strategy, can be implemented with user roles and two-factor authentication to counter complex threats effectively.
Read Full Article
16 Likes
Cybersecurity-Insiders
1w
137
Image Credit: Cybersecurity-Insiders
NHS LockBit ransomware attack yields £3.07 million penalty on tech provider
- The UK's Information Commissioner's Office (ICO) has fined technology provider Advanced Computer Software Group £3.07 million for its role in the LockBit ransomware attack on the National Health Service (NHS).
- Around 79,000 individuals, including patients and staff, were affected by the breach, which occurred through a third-party technology provider.
- The ICO determined that Advanced failed to implement proper security measures, such as Multi-Factor Authentication, and exposed sensitive data to cybercriminals.
- The fine demonstrates the ICO's commitment to holding businesses accountable for data breaches and highlights the importance of proactive cybersecurity measures.
Read Full Article
8 Likes
Medium
1w
63
Image Credit: Medium
AI in Cybersecurity: The Global Digital Defense Report
- Cyber threats have rapidly increased, with cyber risks growing by 30% in 2024 compared to the previous year.
- The average cost of a data breach in 2023 was $4.45 million, causing significant disruptions and financial losses.
- AI-powered cybersecurity offers advanced detection of new and unknown threats through behavior-based analysis and anomaly detection.
- AI can automate response systems, detect phishing attacks, enhance penetration testing, and protect against AI-driven malware.
Read Full Article
3 Likes
Medium
1w
108
Image Credit: Medium
Don’t Let Your Phone Reveal Your Location and Private Messages: Follow These Privacy Tips
- Hackers can track your location through your phone number when using mobile apps like Signal, Telegram, WhatsApp that require phone numbers for registration.
- Web-based messages utilize IP addresses for communication; VPNs can help hide your IP address to enhance privacy and security.
- Encrypting messages offline before using platforms like Facebook, WhatsApp, Gmail can protect your privacy from potential hackers.
- Cellular carriers can determine your location through triangulation using signal strengths, potentially selling this data to third-party companies for tracking.
- Phones have unique IDs and geofencing allows drawing boundaries around areas to monitor phones present in that location.
- Apps like Facebook, Instagram, Messenger, and Linkedin collect and share user data, including location and activity details.
- To safeguard privacy, turn off location services, limit app permissions, use VPNs, toggle off cell connections and Wi-Fi, and consider using a Faraday bag.
- Utilize services like Make It Private for message encryption and consider using the Community Alert system for broadcasting alerts to specific groups.
- Protect your privacy online by following tips such as disabling location settings, turning off radios when not in use, using Airplane Mode, limiting app permissions, and resetting advertising IDs regularly.
- Web-based messaging, encryption, and security practices are recommended over cell phone traffics to protect your privacy and whereabouts.
- Various measures, including utilizing VPNs, Faraday bags, and encrypted messaging, can help individuals shield themselves from online tracking and privacy invasions.
Read Full Article
6 Likes
Dev
1w
100
Image Credit: Dev
MedOne: Pioneering Israel's Data Center Landscape with Innovation and Resilience
- MedOne is Israel's leading data center provider, offering secure and high-performance solutions.
- Their facilities serve as interconnection hubs, providing seamless connectivity to global networks.
- MedOne ensures data security through advanced measures and guarantees business continuity.
- With expansion plans and strategic partnerships, MedOne remains at the forefront of innovation in the industry.
Read Full Article
6 Likes
Dev
1w
4
Image Credit: Dev
Login Page for Modern Applications
- The need for a secure yet user-friendly login page for modern applications is crucial to prevent unauthorized access.
- Implementing multi-factor authentication, such as CAPTCHA, helps deter brute-force attacks but can inconvenience users.
- Splitting data entry into multiple steps with temporary tokens can enhance security against brute-force tools.
- Utilizing CSRF tokens and adding random delays to authentication steps further protects against attacks and user enumeration.
- Rate limiting authentication calls per IP address helps prevent anomalies and potential attacks.
- Recommendations include rejecting common passwords, utilizing password strength meters, and encouraging the use of password managers.
- Passwordless login options, such as magic links sent via email, offer a secure and convenient alternative to traditional password-based login systems.
- Implementing mobile authentication through OAuth 2.0 can streamline the login process and enhance user experience for mobile apps.
- Consideration of Credential Service Providers (CSPs) can simplify authentication processes and improve overall security by integrating with third-party services.
- Striking a balance between security and user convenience is essential for creating effective login pages for modern applications.
Read Full Article
Like
Medium
1w
385
Image Credit: Medium
Hackers vs. AI: Who’s Winning the Cyber Battle?
- AI-powered security systems offer advantages in cybersecurity such as analyzing data, detecting threats, and responding faster.
- Hackers are now using AI to enhance their attacks, including AI-generated phishing emails and deepfake technology.
- Traditional cybersecurity still relies on human intervention, and human error remains the biggest security risk.
- The next phase of cybersecurity may involve AI fighting AI, but for now, a combination of AI-driven security, human awareness, and skepticism is the best defense.
Read Full Article
23 Likes
Digitaltrends
1w
54
Image Credit: Digitaltrends
NymVPN review: a private, anonymous, and decentralized service
- NymVPN is a decentralized VPN service that prioritizes privacy and security, utilizing blockchain technology and independently operated servers for anonymity.
- Pros include decentralized VPN network, five-hop mode for increased security, encryption with noise obfuscation, and live chat support on weekdays.
- Cons of NymVPN are slower fast mode, lack of split-tunneling and advanced features, and limited server selection.
- Subscription options include monthly and two-year plans, with the two-year plan offering the most savings, priced at $132.
- NymVPN's interface is user-friendly and offers Fast mode for browsing and streaming speed, and Anonymous mode for heightened privacy.
- While NymVPN may be slower compared to other VPNs, it offers enhanced security through multi-hop connections, using AmneziaWG protocol for encryption.
- The service lacks advanced features like split-tunneling and port forwarding, with plans to add more options in the future.
- NymVPN's Anonymous mode provides a five-hop connection for extreme security, hindering tracking and enhancing anonymity.
- NymVPN's customer support includes a live chat option on weekdays, with helpful assistance, but operating hours might be inconvenient for some users.
- NymVPN places a strong emphasis on privacy, with no data collection, anonymous payments, and secure, multi-hop encrypted tunnels.
- Overall, NymVPN is recommended for users prioritizing privacy and anonymity, despite potential speed trade-offs and pricing compared to other VPN options.
Read Full Article
3 Likes
Securityaffairs
1w
75
Image Credit: Securityaffairs
New ReaderUpdate malware variants target macOS users
- Multiple versions of the ReaderUpdate malware variants, written in Crystal, Nim, Rust, and Go, are targeting macOS users, according to SentinelOne researchers.
- ReaderUpdate, a macOS malware loader, first appeared in 2020 and was later found delivering Genieo adware.
- The malware variants are distributed in five different source languages, including Go, Crystal, Nim, Rust, and compiled Python.
- The malware obfuscates strings and URLs, making it difficult to analyze and detect the threats it poses.
Read Full Article
4 Likes
Medium
1w
284
Image Credit: Medium
Kids on VR… Know the Impacts
- Virtual reality (VR) and other emerging technologies are transforming the way we experience technology.
- VR is designed to make you think and feel things that are not real, with potential impacts on kids' emotions.
- Common Sense Media has released a report on the safety of VR for kids, highlighting the need for further research.
- On the positive side, VR has the potential to serve as a teaching tool and enable interactive experiences for groups of people.
Read Full Article
17 Likes
Siliconangle
1w
196
Image Credit: Siliconangle
Security moves upstream as Chainguard redefines the software supply chain
- Software supply chain is evolving to address the gap between speed and security, with a focus on integrating security into the coding process.
- Chainguard, led by Dan Lorenc, is reshaping software supply chain security by embedding trust and automation into development workflows.
- The industry shift towards security at every level of the stack includes leveraging tools like Chainguard Libraries and minimal VM images.
- Kit Merker of Plainsight Technologies highlights the scaling challenges faced by enterprises in implementing computer vision.
- Shift5 Inc.'s partnership with Chainguard streamlines compliance work, allowing focus on building secure defense systems.
- Chainguard's nano-update strategy introduces continuous, incremental updates to improve system resilience.
- Jason van Zyl discusses Chainguard Libraries, emphasizing the need for open-source libraries to be secure by default.
- Chainguard's focus on reducing the attack surface and providing actionable visibility contributes to a strategy of rapid updates and precision remediation.
- The industry recognizes the importance of security from source to runtime, with a shift towards securing every step in the software development process.
- The industry event Chainguard Assemble, discussed by experts like Lorenc, Lewandowski, Merker, and Kirkland, highlights the latest advancements in software supply chain security.
Read Full Article
11 Likes
BGR
1w
54
Image Credit: BGR
Update Chrome immediately to patch Google’s first first zero-day of 2025
- Google has patched a critical Chrome zero-day vulnerability
- The vulnerability was discovered during an investigation into a phishing campaign targeting Russian media outlets, universities, and government agencies.
- The exploit bypassed Chrome's sandbox protection and allowed the deployment of spyware-grade malware.
- Google issued a fix for the zero-day vulnerability with Chrome version 134.0.6998.178 and users are advised to update immediately.
Read Full Article
3 Likes
Dev
1w
360
Image Credit: Dev
Can AI outsmart Human beings?
- Software developers play a vital role in our increasingly software-driven world, but their role is evolving due to technological advancements.
- The integration of artificial intelligence (AI) and automation in development workflow is changing the game – from AI-assisted coding to automated testing and deployment.
- The scope of software development is expanding, including domains like IoT, edge computing, quantum computing, VR/AR, and cybersecurity.
- Apart from technical skills, soft skills and adaptability are becoming increasingly crucial, and specialized roles are on the rise in the field of software development.
Read Full Article
21 Likes
Wired
1w
356
Image Credit: Wired
SignalGate Isn’t About Signal
- The scandal known as SignalGate involving a Signal group chat mistakenly including The Atlantic's editor is not about Signal itself, as security experts clarify.
- Blaming Signal for the security breach in the chat where US airstrikes were planned against Houthi rebels is deemed incorrect by experts like Kenn White and Matt Green.
- The issue in SignalGate is attributed to operator error in inviting untrusted contacts into a confidential conversation rather than a flaw in Signal's technology.
- Using consumer apps like Signal for highly sensitive government communications poses risks due to potential vulnerabilities in non-restricted devices.
- The Trump administration's discussion on Signal highlights concern about using unauthorized platforms and devices for classified military operations.
- Issues like disappearing message features in apps like Signal pose challenges for meeting federal record retention laws in government communications.
- The involvement of high-level officials like Pete Hegseth in conversations on Signal raises questions about proper security protocols for classified information.
- Signal's use in the cabinet chat points to the necessity for stricter control over software and devices in government agencies like the Department of Defense.
- Experts emphasize the importance of maintaining security standards and ensuring sensitive information is protected, regardless of its classification status.
- Despite criticism following the SignalGate scandal, Signal itself remains highly recommended by security experts for secure communications in high-risk environments.
Read Full Article
21 Likes
For uninterrupted reading, download the app