menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Hackernoon

1w

read

93

img
dot

Image Credit: Hackernoon

Why Spam Lands in Your Inbox and How To Spot It

  • Spam emails can end up in your inbox due to data breaches, accidental self-exposure, or clicking on links in spam emails.
  • Data breaches, like the one at Medusind Inc. in 2025, can expose personal data, leading to spam emails.
  • If your email is compromised in a breach, update the password on affected sites and services.
  • Spammers can use publicly available information from social media for email scraping.
  • Limit risks of self-exposure by adjusting privacy settings and sharing contact info privately.
  • Clicking on unsubscribe links in spam emails can confirm your active email account to spammers.
  • Avoid interacting with suspicious emails, including unsubscribing, to prevent further spam.
  • Key indicators of spam include suspicious email addresses, impersonal delivery, and a sense of urgency.
  • Spam emails may imitate legitimate companies, request personal data, or exhibit poor grammar.
  • Avoid clicking on links or attachments in suspicious emails and mark them as spam or delete.

Read Full Article

like

5 Likes

share

1 Share

source image

Cybersecurity-Insiders

1w

read

63

img
dot

Image Credit: Cybersecurity-Insiders

Cybersecurity Concerns Arising in Generating Ghibli-Style Content

  • The rise of AI-generated art and animation, including Ghibli-style content, has raised cybersecurity concerns as technology blurs the line between human creativity and artificial intelligence.
  • AI tools like DALL·E and MidJourney have enabled users to create Ghibli-inspired artworks by replicating the studio's iconic aesthetic.
  • Concerns of intellectual property infringement arise when AI generates artwork mimicking Ghibli's style, challenging copyright laws and the distinction between homage and imitation.
  • Data privacy and security risks accompany the use of AI art tools, with potential vulnerabilities in cloud-based systems and the misuse of user data by hackers.
  • The threat of deepfakes and synthetic media emerges as AI advancements could lead to the creation of misleading Ghibli-style content, impacting trust and authenticity in the creative industry.
  • Regulations are essential to address cybersecurity concerns, advocating for stronger copyright protections, data security measures, and ethical guidelines in AI-generated art.
  • The balance between AI assistance and human creativity is crucial to maintaining the integrity of artistry and ensuring that new works do not exploit or infringe upon original creators' intellectual property.
  • To uphold creative integrity and user security, ethical guidelines and robust regulations must be established in the evolving landscape of AI-generated art and animation.

Read Full Article

like

3 Likes

share

Share

source image

Cybersecurity-Insiders

1w

read

296

img
dot

Image Credit: Cybersecurity-Insiders

Hackers launch cyber attacks on British Army, Royal Navy and Office for Nuclear Security

  • Hackers launch cyber attacks on British Army, Royal Navy, and Office for Nuclear Security.
  • The attacks are attributed to the 'Holy League Coalition' hacking group, known for its collaboration between Russian cyber operatives and Pro-Palestinian hackers.
  • The cyber attacks primarily involved Distributed Denial of Service (DDoS) tactics and aimed to overwhelm the targets' systems and distribute malicious software.
  • The attacks may be related to the UK's support of Ukraine, and they raise concerns about the rise of 'lone wolf' hackers affiliating themselves with larger nations or causes.

Read Full Article

like

17 Likes

share

4 Shares

source image

Hackernoon

1w

read

313

img
dot

Image Credit: Hackernoon

Learn to Detect & Prevent JSD Attacks With This Guide

  • The article discusses various cyberattacks on JavaScript (JS) in modern web applications, such as Magecart attacks, and provides preventive measures.
  • Magecart attacks involve injecting malicious JS code in e-commerce websites to steal sensitive data like payment details, resulting in breaches like those at British Airways and Newegg.
  • To detect Magecart attacks, Subresource Integrity (SRI) can be implemented by verifying the integrity of external resources using cryptographic hashes in the code.
  • Content Security Policy (CSP) helps prevent XSS and code injection by restricting which resources can be loaded on a web page, for example in NodeJS applications.
  • Developers are warned about malicious NPM packages, which can contain harmful code to steal sensitive data; techniques like typosquatting are used to spread such packages.
  • To mitigate risks, developers can verify package authenticity before installation and scan for vulnerabilities using commands like 'npm audit'.
  • Cross-Site Scripting (XSS) is a common vulnerability where attackers inject malicious code into websites via areas like comment boxes, forms, or URLs to steal data or perform harmful actions.
  • XSS attacks can be of three types: Reflected XSS, Stored XSS, and DOM-Based XSS, each requiring specific protection measures like input validation, sanitization, and secure coding practices.
  • By implementing best practices like SRI, CSP, secure coding, and vigilant package management, developers can enhance security and protect web applications from JS-driven cyberattacks.
  • Ultimately, maintaining a proactive stance towards cybersecurity is crucial to ensure the safety of user data and prevent potential security breaches in modern web applications.
  • Constant awareness, adherence to security protocols, and staying updated on evolving cyber threats are essential for developers to safeguard their applications effectively.

Read Full Article

like

18 Likes

share

4 Shares

source image

Tech Radar

1w

read

12

img
dot

Image Credit: Tech Radar

Massive Europcar data breach affects around 200,000 customers

  • Europcar has reportedly suffered a data breach involving sensitive data on hundreds of thousands of customers.
  • A threat actor claiming to have breached Europcar's systems stole over 9,000 SQL files and 269 .ENV files.
  • Names and email addresses of Goldcar and Ubeeqo users were stolen, but payment information was not exposed.
  • The investigation is ongoing, and it is unclear how the hackers gained access to Europcar's GitHub account.

Read Full Article

like

Like

share

Share

source image

Cybersafe

1w

read

275

img
dot

Image Credit: Cybersafe

PoisonSeed exploits CRM tools to steal Cryptocurrency Wallets

  • A cyber campaign called PoisonSeed is targeting cryptocurrency users by exploiting customer relationship management (CRM) platforms and email marketing tools.
  • Attackers use stolen login credentials to send spam emails with fake cryptocurrency recovery phrases, tricking victims into giving them access to their funds.
  • The campaign targets both individuals and enterprises, including well-known crypto firms like Coinbase and Ledger.
  • The phishing kits used in PoisonSeed differ from those of other threat actors, suggesting it may be a new actor using similar methods.

Read Full Article

like

16 Likes

share

3 Shares

source image

The Register

1w

read

415

img
dot

Image Credit: The Register

What native cloud security tools won’t catch

  • AWS provides security services like GuardDuty, Inspector, Config, and Security Hub, but there are limitations to relying solely on them.
  • Amazon GuardDuty focuses on threat detection at the infrastructure level and doesn't address application vulnerabilities or misconfigurations.
  • Amazon Inspector is a vulnerability management service for EC2 instances and Lambda functions, but it requires agents and doesn't cover all AWS services.
  • AWS Config provides configuration tracking and compliance, but its risk assessment capabilities are limited, and pricing is based on the number of configuration items.

Read Full Article

like

24 Likes

share

5 Shares

source image

Securityaffairs

1w

read

245

img
dot

Image Credit: Securityaffairs

EDR-as-a-Service makes the headlines in the cybercrime landscape

  • Cybercriminals are utilizing compromised accounts for EDR-as-a-Service (Emergency Data Requests), targeting major platforms.
  • A detailed analysis by Meridian Group reveals the rise of 'EDR-as-a-Service' in the cybersecurity landscape.
  • Criminal groups exploit stolen credentials to forward false Emergency Data Requests, obtaining sensitive information.
  • The model has evolved to cover every aspect of the process, making it easier for non-technical individuals to access confidential data for a fee in cryptocurrencies.
  • Payment dynamics involve transactions in Bitcoin or Monero on underground forums with escrow services for secure exchanges.
  • Operational manuals and deception strategies guide the use of EDR services, facilitating social engineering and doxxing campaigns.
  • The illicit sector's professionalization poses risks to cybersecurity and privacy, potentially affecting governmental infrastructures and citizens' privacy.
  • Ransomware groups are showing interest in EDR techniques, hinting at a future blend of ransomware attacks with specific data obtained through fraudulent EDRs.
  • Recommendations include strengthening validation procedures and authentication systems to mitigate risks and safeguard digital security and privacy.
  • Urgent collaboration and process enhancement are crucial to prevent the proliferation of this threat and protect institutional channels and citizens' privacy.

Read Full Article

like

14 Likes

share

3 Shares

source image

Pymnts

1w

read

80

img
dot

Image Credit: Pymnts

Validating Checking Accounts Gives the Good Guys a Chance

  • Many firms struggle with outdated risk assessment processes, putting them at risk for fraud and financial losses.
  • ValidiFI, a banking solutions provider, offers a multilayered line of defense using AI and machine learning to validate bank accounts and detect fraud.
  • By triangulating data points including payment performance, identity elements, and bank account level data, ValidiFI can identify fraudulent patterns and prevent adverse events.
  • ValidiFI's solution helps banking clients improve operational efficiencies by eliminating invalid payments and fraudulent transactions while minimizing the impact on legitimate transactions.

Read Full Article

like

4 Likes

share

1 Share

source image

Medium

1w

read

216

img
dot

Symmetric or Asymmetric? Picking the Right Lock for Digital Security

  • Shared Key (or Symmetric Key) Cryptography is a type of encryption where both the sender and receiver use the same key to lock and unlock the message.
  • In Shared Key Cryptography, no one else can decrypt the message without the designated receiver's private key.
  • Public Key Cryptography is about 1,000 times slower than Shared Key Cryptography, but it is often combined with it in real-world systems.
  • SSL/TLS (used in HTTPS) is an example of a system that combines both asymmetric and symmetric encryption to ensure secure communication.

Read Full Article

like

13 Likes

share

3 Shares

source image

Fintechnews

1w

read

177

img
dot

Image Credit: Fintechnews

Sumsub Academy Launched, Providing Expert-Led Fraud Prevention Courses

  • Sumsub has launched Sumsub Academy, an educational initiative aimed at empowering professionals in compliance, risk, and fraud prevention.
  • The courses provide practical knowledge, real-world compliance strategies, and career-boosting credentials through free, expert-led modules.
  • The launch of Sumsub Academy addresses the rise in fraud cases and growing financial risks faced by businesses.
  • The Academy offers accessible, expert-led training to help professionals stay ahead of evolving regulations and combat financial crime.

Read Full Article

like

10 Likes

share

2 Shares

source image

Medium

1w

read

399

img
dot

Image Credit: Medium

Declaration of Human – AI Collaboration

  • The declaration emphasizes the unique qualities humans possess, such as heart, will, consciousness, and choice.
  • In contrast to AI, humans can ask critical questions and consider the impact of technology on various aspects of society.
  • The human goal is not to compete with AI but to use it with integrity, clarity, and in the service of humanity.
  • The declaration highlights the importance of the human layer in the collaboration with AI and emphasizes the need to build a team of digital collaborators.

Read Full Article

like

23 Likes

share

5 Shares

source image

Banking Frontiers

1w

read

207

img
dot

Shift Employees to VPN; Shift Data to Cloud

  • Mobile reliance has led to an increase in cyber frauds, including impersonation scams, UPI frauds, and credit card scams, often targeting the less tech-savvy.
  • Regularly monitoring transaction history is crucial for customers to detect suspicious activities, while banks focus on real-time notifications to prevent online frauds.
  • Hackers target WFH employees through phishing attacks due to decentralized work setups, leading financial organizations to secure employees with VPNs and multi-factor authentication.
  • Saving data on centralized cloud services and conducting training sessions on cybersecurity measures are advised to mitigate risks of data loss and cyber-attacks.
  • It is essential for organizations to continuously update their protection systems against emerging phishing and malware patterns, integrating security into digital transformation strategies.
  • Utilizing cutting-edge cybersecurity solutions, AI capabilities, and regular updates for security software are crucial to proactively combat cyber threats.
  • Cyber insurance policies offer financial protection against identity theft and online crimes, emphasizing the importance of cybersecurity education for individuals and businesses.
  • Governments and financial institutions should collaborate to educate people on fraud prevention and response to digital theft in the era of increasing digital financial services.
  • Overall, the shift to VPNs for remote work security and data migration to the cloud is crucial in enhancing cybersecurity measures for organizations in the evolving digital landscape.

Read Full Article

like

12 Likes

share

2 Shares

source image

Securityaffairs

1w

read

295

img
dot

Image Credit: Securityaffairs

Oracle privately notifies Cloud data breach to customers

  • Oracle confirms a cloud data breach, quietly informing customers while downplaying the impact of the security breach.
  • A threat actor claims to possess millions of data lines tied to over 140,000 Oracle Cloud tenants.
  • The hacker has published 10,000 customer records as proof of the hack.
  • Oracle privately notifies customers of the breach, denying that any customer data was compromised.

Read Full Article

like

17 Likes

share

4 Shares

source image

TechCrunch

1w

read

229

img
dot

Image Credit: TechCrunch

White House reportedly blames auto-suggested iPhone contact for Signal scandal

  • The White House's internal investigation into how Atlantic editor-in-chief Jeffrey Goldberg became part of a Signal group chat with Trump administration officials found that an iPhone auto-suggestion played a key role.
  • It was revealed that after Goldberg emailed the White House for comment on a story, a Trump spokesperson, Brian Hughes, texted the contents of Goldberg's email to National Security Adviser Mike Waltz.
  • As a result, Waltz's iPhone saved Goldberg's phone number under Hughes' name as a contact suggestion update.
  • When Waltz tried to add Hughes to the Signal chat, he accidentally added Goldberg instead.

Read Full Article

like

13 Likes

share

3 Shares

Prev

30
31
32
33
34
35
36
37
38
39
40

Next

For uninterrupted reading, download the app