Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

BGR

Image Credit: BGR

Hackers are now using AI to break AI – and it’s working

Hackers are using artificial intelligence to attack AI models using a technique called Fun-Tuning.
Fun-Tuning makes prompt injection attacks more effective and achieved up to 82% success rates on Google's Gemini models.
These attacks exploit subtle clues in the fine-tuning process to increase the chances of successful prompt injections.
Defending against these attacks is challenging and removing key data from training would make the tool less useful for developers.

Read Full Article

2 Likes

TechBullion

218

Image Credit: TechBullion

AI-Driven Threat Detection: The Next Frontier in Cybersecurity

AI-driven threat detection is revolutionizing cybersecurity by leveraging machine learning, behavioral analytics, and automated response mechanisms.
Traditional rule-based systems are being replaced by AI-powered solutions that analyze vast amounts of data in real time, reducing time to detection.
Multi-tiered machine learning architectures, including supervised and unsupervised models, enhance threat detection accuracy and identify complex attack scenarios.
AI-driven response systems automatically contain threats, employ adaptive defense mechanisms, and reduce the burden on security teams.

Read Full Article

13 Likes

Gizchina

176

Image Credit: Gizchina

Hackers Steal Data and Blackmail U.S. Hospitals in Oracle Breach

Hackers breached Oracle's servers, stole sensitive patient data, and blackmailed several US medical institutions.
The breach highlights security concerns in the healthcare sector and the need for improved security protocols for patient records.
Oracle notified affected firms and authorities are investigating the ransom demands.
The incident emphasizes the importance of collaboration between healthcare and technology companies to protect patient data and privacy.

Read Full Article

10 Likes

Dev

111

Image Credit: Dev

FB Marketplace Phishing Website Analysis

A Facebook Marketplace phishing scam was recently encountered, using a phishing website to steal user credentials.
Phishing attacks target individuals through emails, messages, or social media platforms, tricking them into revealing their credentials.
The analyzed phishing website used PHP for its backend and attempted to make the login process feel more legitimate with a loading overlay.
Phishers often use cheap shared hosting services to avoid high hosting costs and credit card cancellations.

Read Full Article

6 Likes

Discover more

Insider

107

Image Credit: Insider

Okta's CEO tells us his thoughts on the Signal group chat snafu

Okta CEO Todd McKinnon believes that the Signal military group chat mishap is a usability issue, not a cybersecurity problem.
McKinnon suggests that Signal could improve its features to prevent accidental contact additions, such as displaying more than just initials as contact icons.
He emphasizes that usability challenges can undermine encrypted messaging platforms and lead to mistakes when sending messages quickly.
McKinnon also highlights the importance of securing the endpoints (devices) on which messaging apps are used, as they contribute to overall security.

Read Full Article

6 Likes

Wired

188

Image Credit: Wired

Top Trump Officials’ Passwords and Personal Phone Numbers Discovered Online

After senior Trump administration members mistakenly included The Atlantic editor Jeffrey Goldberg in a secret group chat about bombing Houthi targets in Yemen, encrypted messaging app Signal found itself at the center of a storm this week.
The incident labeled 'SignalGate' highlighted errors in handling sensitive information rather than flaws in the Signal app's security. Signal actually experienced a surge in US downloads following the news.
Amidst revelations from the Houthi group chat, national security adviser Mike Waltz left his Venmo account accessible to the public, exposing his connections, which could pose risks from foreign spies and hackers.
Der Spiegel reported that sensitive personal information of top Trump administration security officials, including passwords, phone numbers, and email addresses, was easily accessible online, potentially compromising their security.
The earthquake in Myanmar revealed how internet restrictions under the military junta hindered the dissemination of information about the disaster, hampering recovery and humanitarian efforts.
Alleged Snowflake hacker Connor Moucka agreed to be extradited to the US to face charges related to a massive data exfiltration incident involving the cloud storage company.
London is set to deploy its first permanent face recognition cameras, raising concerns among privacy advocates about the expansion of surveillance in the city.
Increased use of face recognition technology by UK police forces and the permanent installation of such cameras in London spark debates over privacy and potential widespread surveillance.
The handling of sensitive information and the risks posed by online exposure are key themes in recent security incidents involving high-level officials and technology.
Cybersecurity threats, privacy concerns, and the impact of surveillance technologies feature prominently in the evolving landscape of digital security.

Read Full Article

11 Likes

Medium

265

Image Credit: Medium

The Dark Truth About Instagram: Why You Need to Make Your Account Hacking-Proof

Being a content creator on Instagram comes with the risk of having your account hacked, and recovery is difficult.
To make your Instagram account hacking-proof, using an Authenticator App for 2FA is recommended.
Additionally, it is essential to avoid logging into Instagram from unofficial apps or sketchy websites
Regular security checkups, using unique and complex passwords, and being cautious of phishing emails are also important preventive measures.

Read Full Article

15 Likes

Hackernoon

250

Image Credit: Hackernoon

SquareX Discloses Browser-Native Ransomware That Puts Millions At Risk

SquareX has disclosed the emergence of browser-native ransomware, which poses a significant threat to enterprises.
Unlike traditional ransomware, browser-native ransomware does not require file downloads, making it undetectable by endpoint security solutions.
This type of attack targets the victim's digital identity, exploiting the shift towards cloud-based storage and browser-based authentication.
Browser-native ransomware can potentially gain access to enterprise-wide resources, posing a higher risk than traditional ransomware.

Read Full Article

15 Likes

Cybersecurity-Insiders

351

Image Credit: Cybersecurity-Insiders

PCI DSS 4.0.1 and Non-Human Identity Management: What You Need to Know

PCI DSS 4.0.1 introduces stricter security requirements around Non-Human Identities (NHIs), such as service accounts and roles, emphasizing their critical role in modern IT environments.
New requirements focus on least privilege, identity and authentication policies, deactivating unused accounts, managing shared IDs, revoking access for terminated users, interactive login capabilities, and credential rotation based on risk.
Attacks targeting NHIs have increased, leading to a need for dedicated focus on securing NHIs to mitigate cybersecurity threats.
Service accounts are common targets for attackers due to weak authentication, resulting in significant security risks for organizations.
PCI DSS 4.0.1 highlights the importance of stringent controls to address vulnerabilities related to NHIs and service accounts, stressing secure authentication practices.
Organizations are advised to assign ownership, automate access management, enforce authentication best practices, monitor anomalies, secure application credentials, review access rights regularly, and rotate secrets to ensure compliance.
Compliance with PCI DSS 4.0.1 requires proactive steps like mapping NHIs, automating access management, enforcing authentication practices, and regularly reviewing and rotating credentials.
Ensuring compliance with evolving standards and enhancing security posture are crucial for organizations in preparation for PCI DSS 4.0.1 requirements.
Adopting an NHI management solution can assist organizations in navigating the new requirements and ensuring compliance with PCI DSS 4.0.1.

Read Full Article

21 Likes

Cybersecurity-Insiders

204

Image Credit: Cybersecurity-Insiders

Personal Data Exposure: The Silent Cybersecurity Threat That You Need to Address

Personal data exposure poses a significant cybersecurity threat due to potential unauthorized access to stored information on websites.
Exposed data can be shared across platforms or accessed by data brokers, leading to privacy risks and unauthorized third-party access.
The risks of data exposure include identity theft, financial fraud, cyberattacks, and phishing attempts.
Protecting personal data from exposure is crucial but can be challenging due to low awareness, long-term effort, repopulation of data, and far-sighted consequences.
Minimizing data exposure involves steps like scanning for old accounts, adjusting privacy settings, using a VPN, managing passwords, utilizing data removal services, and being cautious of deceptive websites.
Even top cybersecurity companies like Microsoft face challenges in addressing personal data exposure.
Data exposure consequences may not be immediate, making it a hidden yet major cybersecurity threat.
Proactive protection and keeping personal information private are essential to mitigate risks associated with personal data exposure.
Understanding the risks of data exposure and taking preventative measures are key to safeguarding personal data in the digital age.
Overall, personal data exposure is a critical issue that demands attention to ensure online privacy and security.

Read Full Article

12 Likes

Pymnts

354

Image Credit: Pymnts

Google Suspends Account of Advertiser That Distributed Malware

Google suspended the account of an advertiser that distributed malware through sponsored Google ads.
The ads pretended to offer access to DeepSeek but actually delivered malware.
Google detected the malware campaign and suspended the advertiser's account.
This incident is part of a series of cyberthreats reported in recent months.

Read Full Article

21 Likes

Idownloadblog

315

Image Credit: Idownloadblog

Technical analysis by Verichains confirms sandbox escape use by certain banking apps to detect TrollStore, jailbreak apps

Certain banking apps in the Apple App Store are using 0-day sandbox escape technique to detect unfavorable apps on users' devices.
Finance security firm Verichains conducted an analysis and identified at least two banking apps using this technique: BIDV SmartBanking and Agribank.
The apps are exploiting a private iOS API to check for the presence of certain apps, including popular package manager apps, jailbreak apps, and TrollStore.
Using private APIs without user consent violates Apple's guidelines and risks app removal from the App Store.

Read Full Article

18 Likes

Securityaffairs

277

Image Credit: Securityaffairs

Crooks are reviving the Grandoreiro banking trojan

Crooks are reviving the Grandoreiro banking trojan.
Grandoreiro is a modular backdoor with various capabilities including keylogging, command execution, and web-injects.
The trojan has been active since 2016 and initially targeted Brazil but expanded to Mexico, Portugal, and Spain.
The recent phishing campaigns use VPS hosting, obfuscation, and malicious ZIP files to evade detection and steal credentials.

Read Full Article

16 Likes

BGR

378

Image Credit: BGR

Microsoft wants you to delete your password and no, it’s not a gimmick

Microsoft is making it clear—it’s time to ditch your Microsoft account password for good.
Microsoft will begin rolling out a new sign-in and account creation experience that puts passkeys at the center.
A passkey is tied to your physical device and unlocked by something only you have, like a fingerprint, face scan, or device PIN.
Having a passkey as the default option makes accounts more secure and less vulnerable to phishing, brute-force attacks, and social engineering scams.

Read Full Article

22 Likes

Digitaltrends

179

Image Credit: Digitaltrends

Proton VPN vs. NymVPN: which multi-hop service is the most secure?

Proton VPN and NymVPN offer multi-hop technology to enhance security by routing traffic through encrypted tunnels.
Proton VPN has a free version with fast speeds and no data limits but lacks server selection, while NymVPN is pricier and emphasizes decentralized network security.
Proton VPN offers various service tiers with affordable long-term plans, including additional services like Proton Mail and Drive.
NymVPN, though more expensive, provides privacy through a decentralized network and advanced encryption methods.
Proton VPN boasts a large server network, offering fast streaming speeds and privacy protection.
NymVPN doesn't have a single-server mode, routing traffic through multiple servers which may impact performance.
Proton VPN's SecureCore feature and NymVPN's multi-hop mode ensure enhanced privacy but may reduce speed significantly.
Proton VPN and NymVPN offer live chat support with differing availability hours based on their headquarters in Switzerland.
Both VPNs prioritize privacy, with Proton VPN supporting anonymous account creation and payments with cryptocurrency.
CERN scientists back Proton Mail, while NymVPN features a mixnet concept for decentralized server anonymity.

Read Full Article

10 Likes

For uninterrupted reading, download the app