menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Medium

20h

read

96

img
dot

Image Credit: Medium

Cyberfraud and it's effects on our society ‍

  • Cybercrime is a major global issue with a significant impact on individuals and businesses.
  • Reports from organizations such as Interpol and cybersecurity firms highlight countries that are often flagged for their role in originating internet fraud schemes.
  • The USA has a vast internet user base, making it a prime target for fraudsters who operate globally.
  • China is known for its fraudulent schemes that include fake investment platforms, counterfeit goods, and hacking, which often affect both domestic and international targets.
  • India is facing an increase in cybercrime, particularly in online banking and mobile payments, with financial fraud and online scams targeting both domestic and international victims being common.
  • Brazil faces a high rate of online fraud, especially through credit card fraud, identity theft, and phishing, as its growing internet penetration leads to an increase in cybercrime, particularly targeting users in e-commerce and financial transactions.
  • Nigeria is infamous for its online fraud schemes that target people worldwide, particularly through fake business deals, romantic scams, and phishing attacks.
  • The UK has a well-developed online infrastructure, but it is also a hotspot for cybercrime, as many online scams, especially investment fraud and phishing, originate from the country.
  • South Korea is one of the most internet-connected countries, which makes it a target for cybercriminals who often engage in phishing and identity theft schemes, particularly from neighboring countries.
  • Germany is a major target for cybercriminals involved in online fraud schemes, particularly involving banking, credit cards, and e-commerce, and reports from organizations like Europol and Interpol highlight significant amounts of online fraud originating from or affecting Germany.

Read Full Article

like

5 Likes

source image

Mjtsai

20h

read

178

img
dot

Meta’s iOS Interoperability Requests

  • Meta has made 15 interoperability requests under the Digital Markets Act (DMA) in the EU, more than any other company.
  • Apple claims that Meta's requests could compromise user security and privacy.
  • Meta argues that Apple is using privacy as an excuse to avoid reasonable interoperability.
  • The European Commission is evaluating Apple's compliance with the DMA and gathering feedback.

Read Full Article

like

10 Likes

source image

Mjtsai

20h

read

245

img
dot

WhatsApp v. NSO Group

  • A U.S. judge ruled in favor of WhatsApp in a lawsuit against NSO Group.
  • WhatsApp accused NSO Group of exploiting a bug to install spy software.
  • The lawsuit claimed unauthorized surveillance of 1,400 people, including journalists and activists.
  • The ruling focused on whether NSO Group exceeded authorization on WhatsApp.

Read Full Article

like

14 Likes

source image

Siliconangle

21h

read

66

img
dot

Image Credit: Siliconangle

Kaseya delivers a next-level cybersecurity playbook for SMBs and MSPs

  • Small-to-midsize businesses are easy prey for cybercriminals, and effective cyber defense for SMBs must evolve to meet rising threats.
  • Kaseya Inc. revealed new tools to support cybersecurity for SMBs and help managed service providers strengthen their security posture.
  • The company introduced Kaseya 365 User, a subscription offering that safeguards user identity and security across software-as-a-service applications.
  • Kaseya also announced its acquisition of SaaS Alerts, integrating the firm’s technology into 365 User to help managed service providers protect clients’ cloud-based applications.
  • Effective cyber defense for SMBs is critical, as these companies generate 52% of the global gross domestic product and employ 53% of the workforce, underscoring their vital role in the global economy.
  • Kaseya’s Datto EDR counters these attacks by recognizing abnormal activity and enabling SMBs and MSPs to intervene before attackers gain control.
  • SaaS Alerts track these patterns in real time and integrate into Kaseya 365 User which strengthens its ability to support SMB cyber defense practices.
  • By reducing the need for costly on-site visits and enabling remote issue resolution, Kaseya’s platform minimizes operational friction.
  • Kaseya’s approach positions the platform as more than just a technology solution: It’s a growth engine for sustainable business development.
  • Kaseya’s commitment to MSPs extends beyond boosting profit margins and by aligning its platform with the growing need for SMBs cyber defense practices, enables MSPs to achieve margins closer to 35%.

Read Full Article

like

4 Likes

source image

Siliconangle

22h

read

179

img
dot

Image Credit: Siliconangle

Cyber resilience redefined: Commvault’s Cloud Rewind and recovery capabilities shape the future of cybersecurity

  • At AWS re:Invent, experts from Commvault Systems shared advancements in data protection, cloud recovery, and modern cyber resilience.
  • Commvault's SaaS solutions now deeply integrate with AWS' cloud-native capabilities, enabling organizations to streamline data protection processes.
  • Air Gapped Protect is one of Commvault's latest technologies that offers an isolated environment for secure data storage and recovery.
  • Commvault recently debuted its Cloud Rewind capability that provides comprehensive protection for the entire cloud environment, including critical components.
  • By replicating an application's environment across AWS regions, organizations can achieve near-high availability and quickly recover from regional failures.
  • Recovery-as-Code, a feature of Cloud Rewind, automates the process and enables businesses to resume operations with minimal downtime.
  • Configuration drift, where changes in settings accumulate over time, poses a challenge for automated solutions.
  • Commvault's ability to address these challenges ensures that enterprises can rely on a unified platform for seamless data management and resilience.
  • The technology allows anyone to be able to bring any of their workloads.
  • Commvault Systems sponsored this segment of theCUBE, an exclusive interview on theCUBE, SiliconANGLE Media's livestreaming studio.

Read Full Article

like

10 Likes

source image

Medium

23h

read

183

img
dot

Image Credit: Medium

All about Motherboards

  • A motherboard is like the ultimate multi-tasker, managing and integrating various components of your computer.
  • Built-in features of most motherboards include Ethernet ports for wired internet connections and basic sound capabilities.
  • The motherboard serves as a hub for connecting components such as the CPU and peripherals.
  • Motherboards also support discrete devices that can be swapped out for upgrades.

Read Full Article

like

11 Likes

source image

Blockonomi

23h

read

56

img
dot

Image Credit: Blockonomi

Hyperliquid Token Falls 21% Following North Korean Hacking Concerns

  • HYPE token dropped 21% following reports of potential North Korean hacker activity on Hyperliquid platform
  • Security expert Taylor Monahan identified suspicious wallet activity, suggesting North Korean hackers are probing for vulnerabilities
  • Hyperliquid completed a $1.6 billion token airdrop in November 2024, reaching $11 billion market cap
  • Over $211 million in USDC withdrawn from platform amid security fears

Read Full Article

like

3 Likes

source image

Dev

1d

read

131

img
dot

Image Credit: Dev

Enhancing SDLC with Security: A Guide to SSDL and CI/CD Pipelines

  • SDLC integrates security measures into every stage of software development.
  • SSDL enhances SDLC by setting security objectives and preliminary threat modeling.
  • CI/CD pipelines help automate security tasks, accelerate development, and ensure software is functional and secure.
  • In the Planning phase, SSDL sets security objectives and aligns with compliance requirements.
  • The Requirement Analysis phase identifies security-specific requirements like authentication, data encryption, and compliance integration.
  • In the Design phase, secure design principles like least privilege and defense in depth are applied.
  • SAST tools are integrated into the Development phase to detect potential threats, and code review is performed as part of secure coding practice.
  • Automated tests in the Testing phase include unit, integration, performance, and security testing.
  • Continuous monitoring with SIEM tools helps detect unusual activities in the Maintenance phase.
  • Regular patch management ensures updates to libraries, frameworks, and tools to mitigate vulnerabilities.

Read Full Article

like

7 Likes

source image

Sdtimes

1d

read

330

img
dot

Image Credit: Sdtimes

Techniques to secure open source software

  • Open source projects are increasingly targeted by attackers seeking to exploit software vulnerabilities.
  • There has been a significant increase in software supply chain attacks, with incidents reaching 245,000 in 2023.
  • Open source leaders need to prioritize security and implement measures to address potential threats proactively.
  • Zero-trust builds and Software Bill of Materials (SBOM) can enhance open source software security.

Read Full Article

like

19 Likes

source image

Arstechnica

1d

read

123

img
dot

Image Credit: Arstechnica

Health care giant Ascension says 5.6 million patients affected in cyberattack

  • Health care company Ascension lost sensitive data for nearly 5.6 million individuals in a cyberattack attributed to a ransomware gang.
  • The attack caused disruptions, errors, delayed or lost lab results, and diversions of ambulances to other hospitals.
  • Investigation revealed that affected individuals' data included names, medical information, payment information, insurance information, government identification, and other personal information.

Read Full Article

like

7 Likes

source image

Tech Radar

1d

read

202

img
dot

Image Credit: Tech Radar

US Government officials urged to lock down devices amid telecoms breach

  • CISA has released an advisory for US government communications.
  • Government officials are encouraged to lock down their devices.
  • This follows the discovery foreign actors have breached US telecoms networks.
  • The advisory includes best practices for mobile communications and emphasizes the use of strict security measures and encryption.

Read Full Article

like

12 Likes

source image

Securityintelligence

1d

read

330

img
dot

Image Credit: Securityintelligence

2024 trends: Were they accurate?

  • Artificial intelligence played a crucial role in cybersecurity, protecting systems, critical information, and sensitive data during the Paris Olympics. Threat actors also employed AI to more effectively execute cyberattacks, with many automating processes such as vulnerability scanning, exploitation, and data exfiltration. Deepfake technology too became an increasing threat, with attackers using it to generate convincing fake calls and content to deceive and steal from individuals and companies. Quantum computing also emerged as a top concern, with harvest-now, decrypt-later attacks becoming increasingly common. Unfortunately, the jury is still out on whether there was a recession in ransomware attacks.
  • Throughout 2024, there was a growing use of artificial intelligence in the cybersecurity sector. For example, Microsoft's internal response teams used a large language model to manage requests and tickets, saving 20 hours per person each week.
  • The use of AI technology for cyberattacks also increased, making it easier for attackers to log in than to hack in. Large-scale social engineering attacks are predicted to involve generative AI by 2027.
  • The use of deepfake technology increased in 2024, with a number of high-profile cases making headlines. Even the Paris Olympics became a target of deepfake campaigns.
  • Quantum computing became an increasingly urgent concern in 2024, as symmetric cryptography was predicted to be unsafe by 2029 and even asymmetric cryptography is expected to be fully breakable by 2034.
  • Experts predicted ransomware attacks would decrease as more companies pledged not to pay ransoms. However, Wired reported that ransomware showed no signs of slowing down in 2024.
  • Despite the increase in cyberthreats, the experts were largely on target with their 2024 cybersecurity predictions.
  • As we move into 2025, the prediction game starts all over again as we wonder what's in store for the future of cybersecurity.

Read Full Article

like

19 Likes

source image

Dev

1d

read

112

img
dot

Image Credit: Dev

Forward Proxy vs Reverse Proxy vs Load Balancers

  • Forward proxies, reverse proxies, and load balancers are part of the backbone of modern web infrastructure and help organizations scale, secure, and optimize their systems.
  • A forward proxy acts as a middleman between a client and the webserver holding the desired data, while a reverse proxy manages incoming requests on behalf of backend servers.
  • Forward proxies can provide protection and filtering, logging, and monitoring, and cache responses.
  • Reverse proxies conceal the backend servers' details from clients, distribute incoming traffic across many backend servers, and offer centralized traffic management.
  • Load balancers distribute incoming network or application traffic evenly across many servers, ensuring no single server is overwhelmed and helps maintain performance, availability, and reliability.
  • Forward proxies manage outbound traffic, reverse proxies manage inbound traffic, and load balancers distribute incoming traffic among multiple servers.
  • Forward proxies focus on client anonymity and filtering, reverse proxies optimize and secure server traffic, and load balancers prioritize traffic distribution and server efficiency.
  • Forward proxies protect users, reverse proxies protect servers, and load balancers ensure reliability without a primary focus on security.
  • All these components complement each other in building efficient and high-performing systems when put together.
  • Understanding how these components work and how to use them would help optimize traffic flow, enhance security, and make web applications scalable and reliable.

Read Full Article

like

6 Likes

source image

Medium

1d

read

71

img
dot

Image Credit: Medium

Hey Cyber Warriors! Cybersecurity: The Adventure of a Lifetime

  • Cybersecurity is an exciting journey into the digital world, filled with challenges and mysteries.
  • There is always something new to learn, a hack to thwart, or a defense to craft.
  • The author invites readers to share their thoughts and questions about cybersecurity.
  • The journey is described as an educational and epic adventure in securing the digital frontier.

Read Full Article

like

4 Likes

source image

Dev

1d

read

112

img
dot

Image Credit: Dev

Enforcing guardrails in the AWS environment

  • AWS offers its customers multiple ways to enforce guardrails – a mechanism to allow developers or DevOps teams to achieve their goals while keeping pre-defined controls.
  • Service control policies (SCPs) allow configuring maximum allowed permissions identities have over resources within an AWS organization.
  • Resource control policies (RCPs) allow configuring the maximum allowed permissions on resources within an AWS organization.
  • Declarative policies allow customers to centrally enforce desired configuration state for AWS services using AWS Organizations console, AWS CLI, CloudFormation templates, and AWS Control Tower.
  • Permission boundaries define the maximum permissions granted using identity-based policies attached to an IAM user or IAM role.
  • Each alternative serves a slightly different purpose for accessing resources within AWS Organizations at a large scale.
  • AWS does not grant any access by default - if an AWS service has not been allowed using an SCP somewhere in the AWS Organization hierarchy, no identity will be able to consume it.
  • Designing SCPs, RCPs, and Declarative policies as guardrails have limitations and a maximum size of 5120 and 10000 characters, respectively.
  • Permission boundaries also have their limitations and a maximum size of 6144 characters.
  • It is recommended to read AWS documentation and watch the lecture 'Security invariants: From enterprise chaos to cloud order from AWS re:Invent 2024' for better understanding.

Read Full Article

like

6 Likes

For uninterrupted reading, download the app