A naukri.com initiative
Cyber Security News
TechCrunch
1w
85
Image Credit: TechCrunch
Rhode Island says personal data likely breached in social services cyberattack
- Hundreds of thousands of Rhode Island residents could be affected by a cyberattack on the state's online portal for social services.
- The attack targeted RIBridges, used by residents to access programs such as Medicaid and SNAP.
- Personal data including names, addresses, Social Security numbers, and banking information may have been breached.
- The state is working with Deloitte to address the threat, and residents can use paper applications in the meantime.
Read Full Article
5 Likes
Securityaffairs
1w
8
Image Credit: Securityaffairs
IOCONTROL cyberweapon used to target infrastructure in the US and Isreael
- Iran-linked threat actors target IoT and OT/SCADA systems in US and Israeli infrastructure with IOCONTROL malware.
- IOCONTROL is a custom-built, modular malware used to target devices in critical infrastructure.
- Multiple device families were affected, including IP cameras, routers, PLCs, and firewalls.
- The malware is believed to be part of a global cyber operation against western IoT and OT devices.
Read Full Article
Like
Dev
1w
106
Image Credit: Dev
Secure-by-Design: How AWS, Microsoft, and Others Are Embracing CISA's Cyber Goals
- The Cybersecurity and Infrastructure Security Agency's (CISA) secure-by-design pledge has driven substantial cybersecurity enhancements across the software industry.
- Major companies like Amazon Web Services (AWS), Fortinet, Microsoft, Okta, and Sophos have embraced the pledge and made notable advancements.
- AWS mandates multi-factor authentication (MFA) and offers phishing-resistant authentication through FIDO2 passkeys.
- Microsoft has increased MFA enforcement, committed to faster cloud vulnerability patching, and improved customer access to logging data.
- The industry agrees that the pledge has elevated security standards and hopes it will attract more developers to contribute to a resilient cybersecurity ecosystem.
Read Full Article
6 Likes
Scientificworldinfo
1w
81
Image Credit: Scientificworldinfo
What is Managed Security Service Provider (MSSP)? Explained
- A Managed Security Service Provider (MSSP) is a third-party organization that delivers outsourced cybersecurity services to businesses.
- MSSPs are responsible for managing and monitoring a company’s security infrastructure, ensuring robust protection against threats such as malware, ransomware, phishing, and unauthorized access.
- MSSPs provide a wide range of services tailored to meet the unique needs of their clients.
- MSSPs monitor networks, systems, and endpoints 24/7 to detect and respond to potential threats in real time.
- MSSPs leverage advanced tools and threat intelligence to identify suspicious activities.
- MSSPs manage and maintain firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) to protect against unauthorized access and malicious traffic.
- MSSPs provide endpoint protection solutions to secure these devices against cyber threats.
- MSSPs use SIEM systems to collect and analyze log data from various sources.
- MSSPs ensure that their clients remain compliant with industry standards, helping them avoid penalties and reputational damage.
- MSSPs bridge gaps in an organization's cybersecurity infrastructure by offering specialized services, advanced tools, and round-the-clock monitoring, making them an invaluable resource for organizations lacking the resources or knowledge to manage cybersecurity internally.
Read Full Article
4 Likes
Medium
1w
355
Image Credit: Medium
GOOSE VPN Anonymous Browsing review
- GOOSE VPN is a solution for anonymous browsing and enhanced data protection.
- It creates a secure tunnel between your device and the internet, protecting your privacy.
- Users report impressive connection speeds with minimal lag.
- GOOSE VPN allows you to access geo-restricted content and browse anonymously.
Read Full Article
21 Likes
Securityaffairs
1w
209
Image Credit: Securityaffairs
U.S. CISA adds Cleo Harmony, VLTrader, and LexiCom flaw to its Known Exploited Vulnerabilities catalog
- The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CVE-2024-50623 vulnerability to its Known Exploited Vulnerabilities (KEV) catalog.
- The flaw impacts multiple Cleo products including Harmony, VLTrader, and LexiCom.
- Cleo advises customers to upgrade to the latest patch (version 5.8.0.21) to address the vulnerability.
- CISA orders federal agencies to fix this vulnerability by January 3, 2025.
Read Full Article
12 Likes
Dev
1w
218
Image Credit: Dev
From Paper to Code: Why Security is Now a Business Imperative for Developers
- Software isn’t just about making businesses efficient anymore — it’s about making them secure.
- Developers must prioritize security from the beginning, focusing on encryption of data in transit and at rest, validating all user inputs, and avoiding misconfigurations.
- During deployment, managing secrets securely and strengthening the CI/CD pipeline are essential for maintaining security.
- In the maintenance phase, monitoring for vulnerabilities, planning for incident response, adopting a zero-trust architecture, and considering advanced security measures like securing serverless apps and protecting APIs are critical.
Read Full Article
13 Likes
Medium
1w
94
Image Credit: Medium
What is a VPN? A Complete Guide to Understanding Virtual Private Networks
- A Virtual Private Network (VPN) is a system that establishes an encrypted path between the device and a network.
- By using a VPN, traffic from the internet is routed to a VPN server, and the IP address and traffic data are masked.
- VPN improves privacy and allows access to blocked content in certain areas.
- It enables your online activity to appear as if it originates from a different location.
Read Full Article
5 Likes
Cybersecurity-Insiders
1w
372
Image Credit: Cybersecurity-Insiders
CSC 2025 Predictions: From Surges in AI-Generated Malware to Machine Learning in SOCs
- AI will enable creating malware and phishing campaigns faster, making cybercrime more accessible and distributed at an unprecedented pace.
- Supply chain cyberattacks are growing exponentially in sophistication; comprehensive strategies and continuous monitoring are crucial.
- Automation of SSL/TLS certificate management is necessary due to shorter lifespans and increasing cybersecurity requirements.
- Machine learning in Security Operation Centers (SOCs) will help identify and respond to threats faster, augmenting the demand for skilled professionals.
Read Full Article
22 Likes
Cybersecurity-Insiders
1w
5
Image Credit: Cybersecurity-Insiders
Addressing the Disconnect in External Attack Surface Awareness
- External vulnerability scans have become a staple in the cybersecurity toolkit of most organizations.
- However, while external vulnerability scans can provide a baseline level of security if used correctly, they can create a false sense of safety if not used effectively.
- Challenges in Discovering External Assets include tedious work, resource and time intensive, a shot in the dark, sporadic scanning, and the impact of scanning on production.
- As a result of these challenges, we end up with a patchwork of partial information, leaving gaping holes in our understanding of our attack surface.
- To bridge this gap, organizations should adopt the following best practices: Regular Scanning, Automation, Prioritization, Policy and Governance, and Continuous Monitoring.
- By recognizing the limitations of current approaches and adopting automated, process-driven solutions, organizations can bridge this critical gap.
- Regular scanning, strong processes, and continuous monitoring are key to staying ahead of emerging threats and ensuring a secure external attack surface.
- External scanning is part of that equation, which can uncover vulnerabilities like cross-site scripting, authentication, and other security misconfigurations.
- Many organizations struggle to know what external assets they own, which requires significant labor time and computing resources that get deprioritized amidst security alerts and incidents.
- The proliferation of shadow-IT and orphaned infrastructure —unknown and unmanaged external assets— makes knowing what assets you own to scan an immense challenge.
Read Full Article
Like
Cybersecurity-Insiders
1w
47
Image Credit: Cybersecurity-Insiders
Legacy VPNs: A Ticking Time Bomb for Modern Organizations
- Virtual Private Network (VPN) solutions have become a significant liability for modern organizations and are now seen as outdated, vulnerable, and ill-suited to combat the sophisticated threats facing today’s enterprises.
- VPNs have several shortcomings that make them a weak link in modern security architectures such as security risks, poor user experience, and operational complexity.
- To overcome the limitations of the VPN, Zero Trust Network Access (ZTNA) has emerged as a transformative solution that provides granular, context-aware access to specific applications and resources.
- ZTNA eliminates traditional network perimeter to secure individual interactions, enhancing security and offering seamless and secure access to resources, regardless of location or device.
- Unified ZTNA (UZTNA) extends Zero Trust principles across the entire IT ecosystem, covering all users and devices. This comprehensive approach is essential for securing modern, dynamic environments that include legacy systems, Internet of Things (IoT) devices, and hybrid infrastructures.
- By adopting UZTNA, organizations can achieve a level of security that is both comprehensive and adaptive, positioning them to address current and future threats.
- The journey from ZTNA to SSE and ultimately to UZTNA represents more than a series of technological upgrades, it is a strategic evolution toward a security model that aligns with the demands of the modern enterprise.
- Organizations that integrate ZTNA, SSE, and UZTNA into a cohesive Zero Trust strategy gain unparalleled visibility, control, and resilience.
- By unifying their security architectures, they eliminate silos and redundancies, creating a more efficient and effective defense mechanism.
- Organizations that embrace the full spectrum of Zero Trust capabilities position themselves as leaders in the cybersecurity landscape.
Read Full Article
2 Likes
Dev
1w
278
Image Credit: Dev
Cerbos:-> Authorization-as-a-Service
- Cerbos enables easy implementation and management of fine-grained access controls for role-based policy protection. Cerbos policies are defined in YAML configuration files, providing simple and efficient control rules for specific roles based on the developer's policies. Cerbos authorization services can be used to read data from any authentication techniques for RBAC implementations, while offering heightened efficiency to manage roles and permissions based on requirements. Cerbos Hub provides a cloud-hosted solution for large-scale applications, testing and deploying policy bundles to connected policy decision points.
- Cerbos assists developers in creating policies and allows for specific access rules based on a role instead of using nested conditional statements, providing better security and a more adaptable solution compared to traditional authorization systems. Cerbos policies can be validated, tested, and compiled efficiently with the use of Cerbos Hub, and policy updates can take effect seamlessly, ensuring a smoother and faster solution against unauthorized operations.
- Cerbos offers Playground for developers to test the roles, policies, and access rules before deploying it into a current system. Playground allows users to make users of specific roles, to write policies, test them against the authorized resources for each role, and assigning access to resources for a specific role. Cerbos SDKs can be integrated into any programming stack and languages, including .NET, JavaScript, Python, Java, Ruby, Rust, and more.
Read Full Article
16 Likes
Dev
1w
107
Image Credit: Dev
Top 20 Ethical Hacking Interview Questions for 2025
- Ethical hacking is an essential profession for safeguarding sensitive data and securing systems.
- The role of ethical hackers is to identify vulnerabilities in computer systems.
- Employers ask about the role of ethical hackers to assess the candidate's understanding of the profession.
- Penetration testing is a focused effort to exploit vulnerabilities in a system.
- Reconnaissance, scanning, gaining access, maintaining access, and covering tracks are the five stages of ethical hacking.
- Tools like Nmap, Metasploit, Wireshark, Burp Suite, and Kali Linux are staples for ethical hackers.
- SQL injection is a code injection technique used to attack databases.
- A firewall monitors and controls incoming and outgoing network traffic based on predetermined security rules.
- XSS is a vulnerability where attackers inject malicious scripts into web pages.
- Ethical hackers prioritize vulnerabilities based on their severity, exploitability, and potential impact on the organization.
Read Full Article
6 Likes
Medium
1w
115
Image Credit: Medium
How Palo Alto Networks Empowers Small Businesses with Advanced Security
- Palo Alto Networks recognizes the cybersecurity challenges faced by small businesses and offers solutions tailored to their needs.
- Their Next-Generation Firewalls provide advanced real-time threat protection.
- Prisma Access ensures secure access to business data and applications from anywhere.
- Palo Alto Networks offers scalable and cost-effective solutions for small businesses, with access to threat intelligence and dedicated support.
Read Full Article
6 Likes
Hackersking
1w
419
Image Credit: Hackersking
HTML Smuggling To Bypass Restrictions On Certain Files
- File smuggling is a technique used by attackers to bypass restrictions on certain file types.
- It involves disguising prohibited files within a different, permitted format.
- The disguised file can pass through security filters undetected.
- This technique can be used to send malicious files even on platforms like Gmail.
Read Full Article
25 Likes
For uninterrupted reading, download the app