Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

146

Image Credit: Medium

Communicate securely with MakeItPrivate.org

China's hackers, according to the FBI, are targeting the entire nation.
The Trump administration has access to technology that can hack your phone.
Companies like Google track and collect private information about users.
It is important to protect your privacy and communicate securely.

Read Full Article

8 Likes

Tech Radar

Image Credit: Tech Radar

Critical infrastructure being hit by dangerous new malware - routers, firewalls and fuel systems all under threat

A new piece of malware called IOCONTROL is targeting IoT devices in critical infrastructure organizations.
The malware, suspected to be developed by an Iranian state-sponsored group known as CyberAv3ngers, can target routers, firewalls, fuel systems, and other devices.
IOCONTROL is modular and capable of data exfiltration and service disruption.
The majority of the attacks have occurred in late 2023, with new campaigns spotted in mid-2024.

Read Full Article

2 Likes

The Register

147

Image Credit: The Register

Cyber protection made intuitive and affordable

Cynet was the only vendor to achieve 100 percent Visibility and 100 percent Protection in the 2024 Evaluation.
MITRE ATT&CK Evaluation is regarded as the fairest and most unbiased technical test of competing security vendor solutions.
The ability to detect threats is the fundamental measure of an endpoint protection solution.
Cynet delivered 100 percent Detection Visibility, perfectly detecting every attack action using no configuration changes and no delays.
Cynet had ZERO misses in this year's MITRE testing and detected 100 percent of attacks over and MacOS devices as well as Linux servers.
Cynet also delivered 100 percent Protection, blocking every attack sequence attempted.
Cynet is the only vendor to achieve 100 percent Prevention - blocking every one of the 21 Protection sub-steps from executing.
By demonstrating that highly effective protection can be truly intuitive and affordable, Cynet sets an example competing vendors must now strive to emulate.
MITRE uses simulated attacks in a controlled lab environment to evaluate how vendor solutions behave against a set of threats introduced in the exact same manner.
Cynet's All-in-One Cybersecurity Platform is an increasingly popular solution for fast-growing SMEs and MSPs.

Read Full Article

8 Likes

Tech Radar

Image Credit: Tech Radar

Thousands of servers potentially at risk from Prometheus security flaw

Prometheus, an open source monitoring and alerting toolkit, has been found to have several vulnerabilities.
Researchers have identified flaws that allow cybercriminals to steal sensitive information, execute arbitrary code, and launch DoS attacks.
Prometheus servers or exporters often lack proper authentication, making them susceptible to credential theft and DoS attacks.
Hackers can introduce malicious exporters through abandoned or renamed GitHub repositories, enabling remote code execution.

Read Full Article

4 Likes

Discover more

Securityintelligence

Image Credit: Securityintelligence

Making smart cybersecurity spending decisions in 2025

Companies are set to increase cybersecurity spending by 15% in 2025, from $183.9bn to $212bn. Security services lead the way for spending growth, followed by security software and network security. Generative AI and the global cybersecurity skills shortage are the main factors contributing to the increase. Businesses are advised to break down spending into cybersecurity components such as labour, technology, training and incident response to ensure their budgets do consider all needs. Meanwhile, the increasing stress on cybersecurity professionals due to the complexity of threat landscape and underfunded budgets is also highlighted.
As businesses in the US looks ahead to the budget year 2025, cybersecurity is expected to be top of mind. According to recent data, companies may be smart to boost their budget for this critical area. Cybersecurity spending is expected to climb 15% in 2025 to $212bn, up from $183.9bn in 2023. Meanwhile, security services are set to lead the way for spending growth, followed by security software and network security.
BSA | The Software Alliance reports that many people don’t feel fully protected online, or that they’re not in control of their personal data. BSA recently conducted its Global Data Privacy Survey, which found that many adults in the US feel concerned about misuse of their personal data. The survey revealed that 40% of US consumers are uninterested in online privacy policies, while 8% have no idea what they say.
Cybersecurity spending is expected to go beyond historical rates in 2025, with businesses increasing it by 15%. This is up to $212bn from $183.9bn, according to research by Gartner. Security services are expected to top the list, followed by growth in security software and network security. Businesses are now being advised to break down spending into cybersecurity components to make sure they are well considered and to ensure they are doing everything they can to keep their systems secure.
According to Gartner, spending on cybersecurity is expected to jump by 15% from 2023 to 2025, going from $183.9bn to $212bn. Security services will lead the way for spending growth, followed by security software and network security. The budget should cover components of cybersecurity including labour costs, technology, training and incident response to cover all bases.
Gartner predicts that cybersecurity spending will increase 15% from 2023 to 2025, from $183.9bn to $212bn. Generative AI and specifically the lack of in-house cybersecurity skills are expected to drive much of the spending. The budget can be broken down into the different cybersecurity components including labor, technology, training and incident response. Companies are advised to get their hands-on cybersecurity team members involved in budget discussions and ask them to share current challenges.
Research by Gartner predicts that cybersecurity spending will increase 15% from 2023 to 2025. According to the research, the increased use of generative AI in organisations and a lack of skilled cybersecurity staff are two of the reasons behind the spending increase. Security services are predicted to lead the growth in spending, followed by security software and network security.
A report by Gartner suggests that cybersecurity spending will increase by 15% across the years 2023 to 2025, rising from $183.9bn to $212bn. While security services are set to lead the way for spending growth, security software is close behind, as is network security. When creating cybersecurity budgets, companies are being advised to break out all of the components of an effective cybersecurity programme including labour costs, technology, training and incident response, to be sure that everything that is required is being considered.
The year 2025 is expected to see cybersecurity spending stand at $212bn, up by 15% from the $183.9bn witnessed in 2023, with security services remaining the top spend, according to a report from Gartner. Meanwhile, the use of generative AI has required additional security measures to be put in place, leading to companies purchasing additional software. Additionally, the report noted that a shortage of skilled cybersecurity talent is affecting many companies, which are seeking the aid of security services, driving expenditure.
With cybersecurity at the sacred top of businesses' priority lists, it is important to make the right spending decisions in order to avoid become a data breach statistic. Businesses are set to increase cybersecurity spending by 15% in 2025, up to $212bn from $183.9bn in 2023. Security services lead spending growth, followed by security software and network security. Two main factors contributing to the increase include generative AI and the global skills shortage in cybersecurity.
Gartner predicts that cybersecurity spending will increase by 15% from 2023 to 2025, rising to $212bn. The report highlights generative AI and global skills shortage as the main factors contributing to the increase. Organisations need to take additional steps to secure their environment when using generative AI, leading to additional software purchase costs. Additionally, organisations are hiring external cybersecurity professionals, such as security consulting services, to address the skill shortage in-house.

Read Full Article

2 Likes

Wired

266

Image Credit: Wired

Human Misuse Will Make Artificial Intelligence More Dangerous

OpenAI CEO and Elon Musk have different predictions for when artificial general intelligence (AGI) will be achieved.
In the meantime, AI poses a significant risk due to human misuse.
Unintentional misuses include lawyers relying on AI-generated content without realizing its inaccuracies.
Intentional misuses involve the creation and spread of non-consensual deepfakes.

Read Full Article

16 Likes

Tech Radar

197

Image Credit: Tech Radar

Chinese police found using spyware to monitor Android devices

Chinese law enforcement is using surveillance tools to collect extensive information from mobile devices.
A surveillance tool called EagleMsgSpy is being used to target Android devices.
The spyware requires physical installation and collects messages, call logs, audio recordings, and more.
There are concerns that these surveillance tools could be exploited by threat actors.

Read Full Article

11 Likes

Medium

206

Should I worry about AI?

AI systems can exhibit biases and discrimination if trained on biased data.
AI poses privacy concerns due to surveillance and data aggregation for training.
There is a growing dependency on AI, which can lead to skill degradation in human workforce.

Read Full Article

12 Likes

Tech Radar

425

Image Credit: Tech Radar

Environmental groups may have been targeted by Exxon lobbyists in hack-and-leak operations

A group lobbying on behalf of Exxon Mobil is allegedly being investigated for hack-and-leak operations targeting critics of the oil industry.
Over 500 email accounts were attacked in an apparent effort to stifle investigations and lawsuits against Exxon Mobil.
Environmental groups are calling for an investigation into the hacking and for greater accountability on Exxon Mobil.
Exxon Mobil denies involvement and condemns hacking if it took place; the implicated group denies hacking allegations as well.

Read Full Article

25 Likes

Socprime

425

Image Credit: Socprime

Secret Blizzard Attack Detection: The russia-Linked APT Group Targets Ukraine via Amadey Malware to Deploy the Updated Kazuar Backdoor Version

The Secret Blizzard (also known as Turla) hacking group has been observed deploying custom malware in its latest attacks on Ukrainian targets.
The group is thought to have used the Amadey bot malware to deploy its own samples of malware on systems connected to the Ukrainian military.
The Microsoft threat intelligence team has stated that Secret Blizzard launched a similar campaign in 2022, whilst its most recent attack occurred in the spring of 2024.
Microsoft found that Secret Blizzard's malware also deployed a custom reconnaissance tool to target Ukrainian military devices connected to STARLINK IPs.
The investigation suggests that Secret Blizzard used the PowerShell dropper to deploy the Tavdig backdoor and a vulnerable Symantec binary for DLL sideloading.
Tavdig malware was used to gather user data, network statistics and patch information, it also installed registry keys for KazuarV2 backdoor persistence.
The Secret Blizzard hacking group, also associated with Turla, Venomous Bear and Krypton, primarily focuses on government, diplomatic and military organizations.
Since February 2022, Turla has been heavily involved in cyberespionage campaigns aimed at Ukraine.
Security teams can use the SOC Prime Platform to fight back against the group's evolving tactics.
The platform offers the world's largest collection of CTI-enriched detections, as well as automated threat hunting and AI-powered detection engineering services.

Read Full Article

25 Likes

Medium

335

Image Credit: Medium

Startup VCs and Angels: Are You Protecting the Intangibles You’re Investing In?

When venture capitalists (VCs) and angel investors put their money into startups, they’re not just buying shares in physical assets. They’re investing in intangible assets like goodwill, intellectual property, and customer trust.
Startups that don't prioritize information security are at risk of losing their intangible assets due to cyberattacks, data breaches, or code exposure, potentially rendering them worthless.
The gaps in security strategy among startups make them vulnerable to cyberattacks, putting both their future and the investments of VCs and angel investors at risk.
Investors should consider factors like phishing simulation success rates, security budget allocation, incident history, compliance with standards, and the frequency of security audits and penetration tests to assess a startup's security readiness.

Read Full Article

20 Likes

Tech Radar

330

Image Credit: Tech Radar

Millions of credit card details leaked online - watch out if you're paying for Christmas

Millions of credit and debit card details were recently leaked online, exposing people to wire fraud and identity theft.
Researchers discovered an unsecured Amazon S3 bucket containing 5 terabytes of screenshots, including sensitive information entered in fake promotional forms.
The exposed data includes full names, billing addresses, email addresses, phone numbers, and credit card details.
Law enforcement and Amazon AWS Abuse Team have been notified to secure the data and prevent further access.

Read Full Article

19 Likes

Securityaffairs

249

Image Credit: Securityaffairs

U.S. authorities seized cybercrime marketplace Rydox

The U.S. Department of Justice (DoJ) seized cybercrime marketplace Rydox, which facilitated over 7,600 sales of stolen personal data and cybercrime tools.
Three Kosovo nationals, Ardit Kutleshi, Jetmir Kutleshi, and Shpend Sokoli, were arrested in connection with Rydox.
Rydox operated since February 2016, generating $230,000 through the sale of over 321,000 products to 18,000 users.
The U.S. authorities coordinated with international partners to seize the Rydox domain and servers, along with $225,000 in cryptocurrency.

Read Full Article

14 Likes

Silicon

Image Credit: Silicon

Mozilla Drops ‘Do Not Track’ For Upcoming Firefox Browser

Mozilla is removing the 'Do Not Track' (DNT) option from its upcoming Firefox 13.5 browser release.
Most websites are ignoring DNT requests, making the feature ineffective.
Mozilla suggests using the 'Tell websites not to sell or share my data' setting instead.
Some browsers like Firefox and DuckDuckGo offer the Global Privacy Control (GPC) option, but Chrome and Edge do not.

Read Full Article

Tech Radar

111

Image Credit: Tech Radar

Skoda security flaws could let hackers remotely track cars

Experts have discovered 12 security vulnerabilities in Skoda Superb III cars.
The flaws can allow hackers to access GPS and speed information, record conversations, and access the infotainment screen remotely.
Over 1.4 million vehicles could be affected, including law enforcement vehicles.
Last year, the same model car was found to have similar vulnerabilities.

Read Full Article

6 Likes

For uninterrupted reading, download the app