A naukri.com initiative
Cyber Security News
Androidauthority
1w
408
Image Credit: Androidauthority
Android and Apple users: Critical RCS messaging protection is still months away despite FBI warning
- The Global System for Mobile Communications (GSMA) is working on bringing end-to-end encryption to messaging platforms that support the RCS protocol.
- No specific timeline has been provided, with the GSMA planning to update the market in a few months.
- As a result, RCS texting between Apple and Android devices will remain vulnerable for an unknown period of time.
- The FBI and CISA have issued a warning to Apple and Android users urging them to stop texting each other using the RCS protocol due to the Salt Typhoon hacking group's telecommunication breach.
Read Full Article
24 Likes
Pymnts
1w
344
Image Credit: Pymnts
Why More Connectivity Means More Vulnerability for Cross-Border Payments
- The increasing connectivity in the global payments landscape brings both advances and risks.
- Credit risk, payment risk, counterparty risk, fraud, security risk, and compliance risk are major threats to trust.
- Proactive risk management and compliance are crucial to maintaining trust and safety in the payment ecosystem.
- Incremental innovation and a data-driven approach to technology integration are essential in addressing fraud and promoting inclusivity.
Read Full Article
20 Likes
Insider
1w
161
Image Credit: Insider
Cloud security startup Wiz turned down a Google takeover. Now, it plans to ride the AI boom to an IPO.
- Cloud security startup Wiz grew rapidly, reaching $500 million in annual recurring revenue in just four years.
- Since rejecting a $23 billion Google acquisition, Wiz plans to double its revenue accumulation and go public via IPO.
- COVID-19 pushed the mass shift towards cloud services, boosting Wiz's client base.
- Wiz specializes in providing cloud security for companies in identifying potential risks with their cloud providers.
- AI is a backbone for cloud computing, and its boom has spelled a new era of intensified focus on security and privacy – boosting Wiz's business growth.
- Powering inorganic growth by acquiring other security startups like Rafft, Gem, and Dazz, Wiz plans to dominate the cybersecurity industry.
- European expansion is a critical move for Wiz, which recently opened its headquarters in London.
- Wiz estimates earning 35% of its revenue from Europe, with a market that's more privacy-aware and constrained by security than the USA.
- In its bid for global expansion, Wiz is on the hunt for a CFO to fulfill its public debut goal.
- Wiz is readying two new products, which it plans to release together with its impending hiring spree.
Read Full Article
9 Likes
Securityaffairs
1w
42
Image Credit: Securityaffairs
Multiple flaws in Volkswagen Group’s infotainment unit allow for vehicle compromise
- Researchers discovered multiple flaws in the infotainment systems of Volkswagen Group vehicles that could allow to track them in real-time.
- A team of security researchers from cybersecurity firm PCAutomotive discovered 12 vulnerabilities in the MIB3 infotainment systems used in Volkswagen Group cars.
- The vulnerabilities include issues with phone book synchronization, contact photo handling, and access restrictions, among others.
- Volkswagen Group confirmed that some vulnerabilities have been fixed and others are being addressed to ensure customer safety.
Read Full Article
2 Likes
Tech Republic
1w
318
Remote Access Checklist
- This Remote Access Checklist is used to ensure employees have necessary items, accounts, access, and instructions for remote work.
- Checklist includes various account access provisions such as Active Directory, FTP/SFTP, VPN, local accounts, cloud-based storage and productivity tools, file sharing, and other specified accounts.
- Customizable to meet organization's needs.
- Available for download at $9 or complimentary access with a Premium annual subscription.
Read Full Article
19 Likes
Hackersking
1w
187
Image Credit: Hackersking
Recent Cyber Attacks: Trends, Tactics, and Countermeasures
- The frequency and complexity of cyber attacks have surged in recent years, with over 700 million attacks reported in 2023 alone.
- Types of recent cyber attacks include ransomware attacks, state-sponsored attacks, supply chain attacks, and phishing/social engineering.
- Cybercriminals are adopting evolving tactics such as AI automation, social media exploitation, and polymorphic malware.
- Countermeasures against these attacks include regular updates and patching, employee training, MFA, incident response planning, and advanced threat detection tools.
Read Full Article
11 Likes
Silicon
1w
199
Image Credit: Silicon
North Korean IT Workers ‘Made Millions’ From US Companies
- A group of North Korean IT workers have been indicted for allegedly making at least $88 million from fraudulently obtained US IT jobs and extortion payments.
- The scheme involved using false identities of people in the US and other countries to gain IT jobs at US companies.
- The workers received monthly wages of $10,000 and also stole sensitive information, threatening to publish it unless additional extortion payments were made.
- The larger scheme is ongoing, and US authorities have disrupted one group while offering a reward of up to $5 million for information on the suspects and front companies.
Read Full Article
12 Likes
Fintechnews
1w
365
Image Credit: Fintechnews
How Tech Is Combating the Rise of Scammers Exploiting Human Vulnerabilities in Asia
- Frauds and scams have surged significantly in Singapore and Hong Kong.
- Scammers exploit human vulnerabilities to initiate fraudulent transactions particularly in Southeast Asia.
- Organisations must adopt a holistic approach to combat evolving fraud trends in Southeast Asia incorporating cutting-edge technology.
- Account takeover fraud rates in Southeast Asia climbed 105% compared to the baseline period before the Covid-19.
- The Global Anti-Scam Alliance revealed that globally 78% of respondents encountered at least one scam in the previous 12 months; 59% reported encountering scams monthly.
- Scammers in Southeast Asia often impersonate legitimate entities such as government agencies, banks or tech companies.
- Deepfakes, which use artificial intelligence (AI) to create highly convincing fake images, videos or audio recordings, pose a growing threat in Southeast Asia.
- Effective strategies for fraud prevention today rely on advanced technology and data analytics, according to Stephen Topliss, Vice President of Fraud and Identity at LexisNexis Risk Solutions.
- Multi-layered tools combining AI and technology providers like LexisNexis Risk Solutions can combat fraudulent activities, build trust and improve customer experience.
- Collaborating across the banking industry is essential for identifying mules, as pooling data allows banks to track the movement of money and flag suspicious accounts.
Read Full Article
22 Likes
Lastwatchdog
1w
195
LW ROUNDTABLE: Lessons learned from the headline-grabbing cybersecurity incidents of 2024
- Experts reflect on the cybersecurity incidents of 2024, emphasizing the need for risk management, supply chain visibility, and identity protection.
- Software supply chain attacks targeting commercial software were a major threat in 2024 and require rigorous independent testing and verification.
- Organizations must prioritize risk management beyond reactive patching to manage software sprawl and reduce vulnerabilities, ensuring better supply chain risk management.
- Nation-state APTs and cybercriminals pose an escalating risk, and countermeasures could become far more aggressive if the U.S. treats ransomware as state-sponsored terrorism.
- Organizations must diversify systems to reduce the risk of uniform digital infrastructure and prevent potentially catastrophic consequences.
- API-powered infrastructure faces increasing attacks, and defenders must prioritize full API visibility and evaluate AI integrations for preventing subtle targeted attacks.
- Supply chain breaches highlighted the need for vendor visibility, strong security contracts, and proactive supply chain risk management to mitigate breaches and protect sensitive data.
- Identify-based attacks are prompting insurers to intensify scrutiny, shifting questions from MFA implementation to assessments of least privilege and real-time identity protection.
- Building a strong culture of security and preparedness helps organizations respond quickly and effectively, keeping operations steady when disruptions happen.
- Defensive teams must understand how to integrate AI into the full range of people, process, and technology to stop attackers sooner with more precision and with broad coverage.
Read Full Article
11 Likes
Cybersecurity-Insiders
1w
97
Image Credit: Cybersecurity-Insiders
How Man-in-the-Middle Attacks Can Be Thwarted
- Man-in-the-middle (MITM) attacks are a significant cybersecurity threat, where an attacker intercepts and potentially alters communication between two parties without their knowledge.
- Using strong encryption (TLS/SSL) for communication between clients and servers is one of the best ways to protect against MITM attacks. Multi-factor authentication (MFA) adds an additional layer of security by requiring multiple forms of authentication.
- Public Key Infrastructure (PKI) ensures that both server and client identities are verified before communication begins, preventing attackers from impersonating either party. DNS Security (DNSSEC) helps prevent DNS-related MITM attacks.
- Avoiding public Wi-Fi networks for conducting sensitive transactions or using VPN for public Wi-Fi networks add additional security layers. Certificate pinning helps mitigate SSL/TLS interception attacks, and educating users about common attack vectors can help prevent MITM attacks.
- Keeping software updated with latest patches and using strong passwords, including mixed letters, numbers, and symbols, will reduce the likelihood of MITM attacks. An effective multi-layered approach to security can effectively prevent and mitigate MITM attacks.
- Man-in-the-middle attacks represent a serious threat to both individuals and organizations, but with sound security measures, both businesses and consumers can protect sensitive information from interception and manipulation.
Read Full Article
5 Likes
Cybersecurity-Insiders
1w
344
Image Credit: Cybersecurity-Insiders
Cybersecurity News Headlines Trending on Google
- Tech giants like Google, Amazon, Microsoft, and Facebook are leading the adoption of passkey security technology.
- Long-lived credentials pose a serious security threat to cloud service providers and require regular rotation and management.
- Mastercard introduces biometric Payment Passkey Service in Latin America, aiming to phase out traditional passwords by 2030.
- Iran-linked IOCONTROL malware targets critical infrastructure in the US and Israel, posing a surveillance and disruption threat.
Read Full Article
20 Likes
Medium
1w
159
Image Credit: Medium
Top 10 Cybersecurity Trends to Watch in 2024
- AI-powered cyberattacks are on the rise, with hackers utilizing AI to create sophisticated malware and automated attacks.
- Zero Trust Architecture (ZTA) is becoming the standard practice, assuming that every connection is potentially malicious.
- Quantum computing poses a threat to current encryption methods, leading to investments in post-quantum cryptography.
- Ransomware-as-a-Service (RaaS) platforms make ransomware attacks more accessible, emphasizing the need for data backups and incident response plans.
Read Full Article
9 Likes
Medium
1w
357
Image Credit: Medium
The Transformative Power of Artificial Intelligence
- AI plays a crucial role in early disease detection and personalized treatment.
- Adaptive learning platforms powered by AI provide tailored education to students.
- AI enables automation and efficient decision making in various processes.
- AI has the potential to revolutionize sectors like transportation and improve road safety.
Read Full Article
21 Likes
Pymnts
1w
1.9k
Image Credit: Pymnts
Yearlong Cyberattack Targets Security Workers
- A yearlong cyberattack has been targeting security personnel by stealing their login credentials using Trojanized versions of open-source software.
- The attack, reported by Checkmarx and Datadog Security Labs, infects the devices of security researchers and installs a backdoor to gather sensitive information.
- The hackers, known as MUT-1244, have also conducted spear phishing campaigns and installed cryptomining software on infected machines.
- This attack is part of a wave of similar incidents highlighting the need for improved security measures in protecting sensitive data and preventing data breaches.
Read Full Article
20 Likes
Fintechnews
1w
63
ASIC Sues HSBC Australia Over Scam Failures Leading to A$23 Million in Losses
- The Australian Securities and Investments Commission (ASIC) is taking legal action against HSBC Australia over alleged systemic failures in protecting customers from financial scams.
- ASIC claims that HSBC failed to implement adequate controls to prevent unauthorized transactions and did not promptly investigate scam reports or reinstate access to blocked accounts.
- Between January 2020 and August 2024, HSBC received around 950 reports of unauthorized transactions, resulting in customer losses of A$23 million.
- ASIC is seeking court orders for declarations of contraventions, pecuniary penalties, and adverse publicity measures against HSBC Australia.
Read Full Article
3 Likes
For uninterrupted reading, download the app