Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Cybersecurity-Insiders

368

Image Credit: Cybersecurity-Insiders

Security Silos Are Failing: Why CTEM Is Key to Smarter Cyber Defense

Security teams face challenges due to an abundance of siloed cybersecurity tools, leading to a lack of holistic view of threats.
Continuous threat exposure management (CTEM) aims to address security fragmentation and prioritize critical risks.
Current cybersecurity tools operate in isolation, causing delays in threat detection and response, leading to high costs for organizations.
CTEM focuses on real attack paths and exploitability to streamline security operations and reduce response times.
By bridging gaps between disconnected security tools, CTEM enhances collaboration and effectiveness in security operations.
While CTEM is beneficial in many aspects, it lacks continuous validation of security controls and may lead to a false sense of security.
Organizations should integrate existing tools, prioritize context over data, and involve all stakeholders in cybersecurity efforts for a cohesive defense strategy.
The shift from reactive to proactive risk reduction in cybersecurity is essential for staying ahead of evolving cyber threats.
The key lies in unifying tools, addressing real attack paths, and ensuring continuous security optimization to combat modern cyber threats effectively.
CTEM provides visibility, accelerates response times, and assists in better risk prioritization, enabling organizations to tackle cyber risks strategically.

Read Full Article

22 Likes

TechCrunch

297

Image Credit: TechCrunch

Leaked data exposes a Chinese AI censorship machine

A leaked database reveals China has developed an AI system to enhance its censorship, going beyond traditional limits.
The AI system aims at censoring online content for Chinese citizens, potentially aiding in refining existing censorship models.
The dataset uncovered by a security researcher contained 133,000 examples, implying a focus on using large language models (LLMs) for repression.
The dataset includes recent entries up to December 2024 and targets sensitive topics such as politics, social issues, and the military.
Content related to pollution scandals, financial fraud, labor disputes, and political satire are flagged as 'highest priority.'
The system specifically targets topics like Taiwan politics, military movements, and dissenting voices using historical analogies.
The dataset also addresses social issues like rural poverty, corrupt local officials, and military capabilities, aiming to regulate public discourse.
The 'public opinion work' dataset, though not attributing creators, signifies a tool for censorship and propaganda aligned with Chinese government objectives.
The use of advanced AI tech for censorship, like LLMs, indicates a shift towards more sophisticated repression methods by authoritarian regimes.
While conventional methods focused on blocking specific terms, AI-driven censorship can now identify subtle criticisms and evolve with increased data consumption.

Read Full Article

17 Likes

Cybersecurity-Insiders

226

Image Credit: Cybersecurity-Insiders

Why Healthcare Executives Should Prioritize Security Compliance

Healthcare executives should prioritize security compliance not just for regulatory requirements but also to protect the organization's reputation, reduce risks, and ensure business continuity.
Achieving certifications like HITRUST CSF e1 or i1 can enhance health plan and patient assurance, reduce security risks, and open doors to increased revenue through enhanced trust and compliance practices.
Investing in security compliance can help small to medium-sized healthcare organizations mitigate risks and thrive in a regulated industry, requiring a proactive approach to cyber measures to combat evolving threats effectively.
Ransomware attacks highlight the need to secure healthcare systems for patient safety and care continuity, with breaches potentially leading to identity theft, medical fraud, or exposure of sensitive health data.
Security compliance frameworks ensure data protection, secure backups, and incident response plans to recover quickly from cyber incidents, maintaining healthcare services' smooth delivery.
HITRUST certification is essential in the healthcare industry, signaling seriousness about data security, patient privacy, and compliance, aiding in winning contracts with high demands for security and compliance.
HITRUST e1 or i1 certification requires a thorough risk assessment, detailed cybersecurity framework implementation, and continuous adherence to security standards for ongoing improvement in cybersecurity practices.
By achieving HITRUST certification, healthcare organizations can increase revenue potential, qualify for partnerships, negotiate lower premiums for cyber liability insurance, and avoid high costs related to data breaches.
Healthcare providers benefit from HITRUST e1 and i1 certifications by simplifying compliance efforts, reducing administrative overhead, improving operations efficiency, and maintaining accountability in data security and risk management.
In the face of rising cyber threats and stricter compliance requirements, viewing security compliance as a strategic investment is crucial for healthcare organizations, as HITRUST certification elevates patient trust and regulatory compliance.

Read Full Article

13 Likes

Tech Radar

331

Image Credit: Tech Radar

Top home hardware firm data leak could see millions of customers affected

A major database belonging to Sydney Tools, a top home hardware firm in Australia, was found unsecured online.
The exposed database contained employee and customer data, posing a risk to millions of Australians.
The leaked information included personal identifiable details, purchase records, and even employee salaries.
Despite attempts to contact Sydney Tools, the database remained exposed and leaking sensitive data.

Read Full Article

19 Likes

Discover more

Siliconangle

339

Image Credit: Siliconangle

Unified data intelligence: Google Cloud and Databricks fuel AI innovation

Databricks and Google Cloud collaboration aims to democratize data and AI through a unified data intelligence platform that scales AI and analytics efficiently.
The partnership between Databricks and Google Cloud Marketplace facilitates businesses to adopt AI and analytics solutions without heavy infrastructure overhead.
Databricks' evolution includes Unity Catalog for centralized governance and integration with Google Cloud to connect with Google's data ecosystem seamlessly.
Databricks launched a fully containerized deployment on Google Cloud, optimizing resource allocation and enhancing cost efficiencies for organizations.
Technical synergy between Google Cloud and Databricks allows for interoperability with tools like BigQuery and Vertex AI, improving workflow efficiency.
Companies like Uplight leverage Databricks through Google Cloud Marketplace to process real-time insights and optimize energy use at scale.
Uplight's AI-driven insights enabled significant energy savings and rapid application deployment during a severe California heat wave in 2022.
Financial institutions and companies worldwide utilize Databricks for critical applications such as fraud detection and trade settlement, benefiting from unified data intelligence.
The partnership success is attributed to the optimization of Databricks to run effectively on Google Cloud, enhancing performance and user experience.
The integration between Databricks and Google Cloud Marketplace showcases the power of unified data intelligence for transforming raw data into valuable insights efficiently.

Read Full Article

20 Likes

TechCrunch

Image Credit: TechCrunch

Has GetReal cracked the code on AI deepfakes? $18M and an impressive client list say yes

GetReal, a startup co-founded by Hany Farid, has raised $17.5 million in funding to combat the spread of deepfakes in audio, video, and images.
The startup is launching a forensics platform as a service with features like threat exposure dashboard, tools for executives' protection, media screening, and deeper analysis.
Forgepoint Capital is leading the Series A funding, with notable firms like Ballistic Ventures, Evolution Equity, and K2 Access Fund participating.
The firm has roots in cybersecurity and focuses on cyber-forensics, addressing the lack of expertise in this area.
GetReal aims to combat malicious deepfakes, which are considered a ubiquitous and serious threat in today's digital environment.
The technology behind GetReal combines new app functionalities with decades-old techniques developed by Farid for detecting doctored images.
The startup has received investments from companies like Cisco Investments, Capital One Ventures, and In-Q-Tel, reflecting interest from heavily regulated industries and government entities.
Industries like financial institutions are showing interest in GetReal's product to combat deepfaked impersonations, with named customers including John Deere and Visa.
Government officials are also seeking solutions like GetReal to counter deepfake threats in intelligence operations and national security.
While GetReal's focus is currently on audio, video, and image deepfakes, there are potential plans to expand to address text-based impersonation threats in the future.

Read Full Article

2 Likes

Cybersecurity-Insiders

301

Image Credit: Cybersecurity-Insiders

Third-Party Data Breaches: The Hidden Threat Lurking in Vendor Networks

The prevalence of third-party data breaches reveals significant cybersecurity vulnerabilities in vendor supply chains, as shown in Black Kite's 2024 Third-Party Breach Report, where breaches through 92 vendors affected 227 companies.
Undetected supply chain weaknesses may impact over 700 organizations, emphasizing the risks of 'silent breaches' and unseen vulnerabilities within interconnected ecosystems.
Understanding modern threat behaviors is crucial for cybersecurity providers to assist organizations in strengthening their defenses against systemic risks posed by third-party breaches.
Common vulnerabilities exploited in vendor supply chains include unsecured remote access, unpatched software, overprivileged access, and lack of real-time monitoring.
Unauthorized network access stood out as the top attack vector for third-party breaches, with over 50% of such breaches in 2024 attributed to this vulnerability.
Ransomware attacks, often leveraging third-party vectors, were notably disruptive in 2024, highlighting the importance of implementing an immutable backup strategy.
Software vulnerabilities and unpatched systems pose ongoing security risks, with zero-day vulnerabilities and internet-facing device weaknesses continuing to be exploited by threat actors.
Credential misuse, powered by dark web credentials, automated tools, and session hijacking techniques, accounted for 8% of third-party breaches in 2024.
To combat credential misuse, organizations should enforce phishing-resistant MFA, implement JIT access, monitor login anomalies, and leverage dark web monitoring for compromised credentials.
Prioritizing supply chain security validation, enforcing strong security requirements in vendor contracts, and adopting a zero-trust model are pivotal in preventing costly third-party breaches.

Read Full Article

18 Likes

Medium

Image Credit: Medium

To Pay Or Not To Pay: A Hacking Victim’s Dilemma

Ransomware is commonly delivered via phishing or by exploiting security holes in computer's operating systems.
Once infected, the hacker demands a ransom in order to restore access to the encrypted data.
Law enforcement agencies advise against paying the ransom, as it encourages hackers to create more ransomware.
It is important to verify if you are a victim of actual ransomware and take steps to remove the malware while ensuring data protection.

Read Full Article

Socprime

129

Image Credit: Socprime

Weaver Ant Attack Detection: China-Linked Group Targets a Telecom Provider in Asia Using Multiple Web Shells, Including China Chopper

Researchers report an offensive operation by the Weaver Ant group, a China-linked APT, targeting a telecommunications services provider in Asia for cyber-espionage.
Weaver Ant utilized sophisticated web shell tactics to infiltrate the network, using an unprovisioned ORB network and compromised Zyxel CPE routers for pivoting between telecoms.
The group deployed various payloads, including the China Chopper backdoor and a custom web shell called 'INMemory', to maintain persistence, facilitate lateral movement, and exfiltrate data.
To defend against Weaver Ant attacks, implementing internal network traffic controls, enabling logging, enforcing least privilege principles, and frequently rotating user credentials is recommended.

Read Full Article

7 Likes

VentureBeat

Image Credit: VentureBeat

Groq and PlayAI just made voice AI sound way more human — here’s how

Groq and PlayAI have partnered to bring Dialog, an advanced text-to-speech model, to market using Groq's high-speed inference platform.
The partnership offers one of the most natural-sounding and responsive text-to-speech systems available, addressing shortcomings in existing voice AI technologies.
Dialog is available in English and Arabic, making it the first voice AI designed for the Middle East region.
Groq's specialized processing infrastructure allows Dialog to generate text up to 10 times faster than real-time, providing a significant advantage in latency for conversational AI applications.

Read Full Article

4 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

TikTok to take help of Microsoft or Google to banish data security concerns

TikTok faces data security concerns and potential shutdown in the U.S. due to Chinese ownership.
ByteDance is negotiating with Microsoft and Google to store user data in U.S.-based data centers to address data privacy concerns.
Microsoft is not only exploring ways to support TikTok's operations but also in talks to acquire the platform's American business entirely.
The next few weeks will be critical in determining the future of TikTok in the U.S.

Read Full Article

4 Likes

Tech Radar

352

Image Credit: Tech Radar

Third-party security issues could be the biggest threat facing your business

Third-party security issues are the biggest threat businesses are facing, according to a new report.
Over a third (35.5%) of all breaches in 2024 were related to third parties, with retail and hospitality sectors being the most heavily hit.
The report also highlighted the diversification of attack surfaces, with less than half (46.75%) of third-party breaches involving technology products and services.
Ransomware attacks starting through third parties have increased, with more than two in five (41.4%) ransomware attacks originating from them.

Read Full Article

21 Likes

Cybersecurity-Insiders

402

Image Credit: Cybersecurity-Insiders

The Importance of Secure Data Management Tools in Higher Education (+ 6 Best-Value Tools for Universities)

Data management tools in higher education streamline information retrieval, reporting, and security by consolidating distributed databases into a single secure location.
These tools enable setting access parameters for enhanced security, especially crucial amid rising cybercrime rates in education.
Standardization of content by data management tools makes data more user-friendly, accessible, and reliable.
Watermark offers an Educational Impact Suite providing integrated tools for strategic insights from student and faculty data.
Ellucian's data management solutions enable data consolidation, analytics, and customized recommendations for strategic decision-making.
Informatica's cloud-based platform supports unified views of student data, regulatory compliance, and seamless data sharing across systems.
Edify by EAB presents powerful storage capabilities, self-service analytics, and scalability, enhancing decision-making and privacy.
Own, a Salesforce product, prioritizes security with automated backups, compliance support, and data masking capabilities for privacy.
Komprise aids in identifying, managing, and categorizing unstructured data in higher education, facilitating better storage policies and migration.
Selecting the right data management tool can increase productivity, data-driven insights, and cost savings, benefiting higher education institutions.

Read Full Article

24 Likes

The Verge

234

Image Credit: The Verge

The Atlantic releases strike group chat messages

The Atlantic’s editor-in-chief published a story about being added to the ‘Houthi PC Small Group’ on Signal by Trump’s national security adviser Mike Waltz, gaining access to high-level military operation planning.
On March 26th, The Atlantic released the texts, revealing weather conditions for targeted strikes, descriptions of targets, confirmations, names of specific drones used, and more.
Government officials, including President Trump, claimed the chat contents were 'nonclassified', but The Atlantic published unredacted messages, omitting the name of a CIA intelligence officer.
The incident has drawn criticism and calls for resignation from politicians on both sides, highlighting concerns about mishandling classified information and operational security.

Read Full Article

14 Likes

Popsci

121

Image Credit: Popsci

How to use the Signal app to keep your chats secure

The Signal app has been making headlines for its secure messaging features.
Signal is known for its end-to-end encryption, ensuring message security against hacks.
Users can create profiles on Signal with names and photos for identification.
The app allows inviting friends through links shared on various messaging platforms.
Creating group chats and managing security permissions is simple on Signal.
Signal offers end-to-end encrypted audio and video calls for up to 50 participants.
Advanced features include disappearing messages and customization options for chats.
Users can adjust settings such as appearance, linked devices, account security, and privacy.
Signal users can sync messages between phone and desktop for convenience.
The app provides options for enhancing privacy, like read receipts and screenshot blockers.

Read Full Article

7 Likes

For uninterrupted reading, download the app