A naukri.com initiative
Cyber Security News
Tech Radar
2w
1.6k
Image Credit: Tech Radar
Data breach at Senior Dating website spills info of 765,000 users
- A data breach has occurred at a senior dating website, exposing the information of 765,000 users.
- The breach also affected another dating site owned by the same company, with 118,000 users exposed.
- The compromised data breach was due to a vulnerability in a Google-backed web development platform.
- Users are at risk of identity theft and are urged to monitor their accounts and be cautious of scams.
Read Full Article
9 Likes
Tech Radar
2w
244
Image Credit: Tech Radar
Many companies have already faced an AI-based security alert
- A growing number of companies are facing AI-accentuated security threats as the technology becomes more widespread.
- One-quarter of firms have encountered AI-enhanced security threats, and three-quarters are concerned about them in the future.
- Despite confidence in security capabilities, more than half of the companies have experienced an API security incident in the past year.
- API security is now a top priority, with measures being taken to counter AI-enhanced attacks, but there are concerns about the difficulty of securing APIs with AI.
Read Full Article
14 Likes
Softwaretestingnews
2w
103
How Smart Cities are Bridging the Digital Divide With AI
- Urbanisation is exposing critical gaps that compromise residents’ quality of life, from inefficient essentials to grid and water-management deficiencies.
- An estimated 14.5m people in the United States alone still lack access to reliable broadband, particularly in low-income or remote communities.
- Network operators have begun utilizing AI to identify and address the digital divide and improve residents' quality of life.
- Building a strong data foundation and adopting a citizen-centric approach can help cities make informed decisions about connectivity infrastructure.
- Municipalities can establish data-driven control rooms and monitor their connectivity infrastructure through AI-driven insights.
- Sand Technologies’ approach has helped increase broadband coverage, launch innovative services, and save millions of dollars in infrastructure investments.
- The AI system should be scalable, adaptable and integrate new data sources without requiring complete overhauls.
- AI-powered scenario planning tools can assist municipalities in anticipating future risks and plan accordingly for the future of smart cities.
- Smart city AI journey must begin with data and identifying areas where AI, digital twins and other technologies can be applied for the greatest impact.
- Bridging the digital divide by leveraging AI is a promising early step toward advancing digital equity and realizing society's shared vision of smart-city success.
Read Full Article
6 Likes
Eletimes
2w
193
Image Credit: Eletimes
8 Trends Reshaping Network Security in 2025
- In 2025, network security will be more dynamic and innovative, transforming the way organizations defend their most valuable assets in the face of an ever-evolving digital world.
- The future of network security depends on a holistic approach that integrates advanced AI technologies and seamless user experience.
- 2025 will be the year enterprises will widely adopt a secure browser, marking the start of a new era in secure digital transformation.
- Governments will invest in modernized and secure systems, including 5G technology, to enable smart cities and support the transition to smarter infrastructure.
- Attacks will leverage post-quantum cryptography (PQC) to evade security defenses, requiring enterprises to decrypt and inspect all data flowing through their networks.
- Preventing attacks will require integrated security services to work together as part of a platform, providing defense-in-depth to address the full spectrum of threat vectors.
- AI-powered copilots will empower cybersecurity professionals to work smarter, filling in the cybersecurity skills gap that continues to outpace supply.
- Workers will demand high-performance access to critical business technologies from anywhere, which is why we’ll see widespread adoption of single-vendor SASE solutions in 2025.
- The rise of AI will create AI-specific attacks, which can be prevented through comprehensive solutions like AI Security Posture Management (SPM) and AI Runtime Security.
- In 2025, enterprises will rely on advanced, AI-powered security protections to defend against user-targeted techniques, like phishing emails, crafted by generative AI (GenAI).
Read Full Article
11 Likes
Socprime
2w
310
Image Credit: Socprime
IBM QRadar: How to Create a Rule for Log Source Monitoring
- You can create a custom rule to generate an offense or send notifications when logs stop coming from any log source.
- Go to the Rules Section: Navigate to Offenses > Rules. Click Actions > New Event Rule.
- Define the Rule Conditions: Steps: In the rule editor, click on Test Group and choose from the drop-down list Log Source Test. Search for and select parameter 'when the event(s) have not been detected by'. Set the 'of these log sources' and 'this many' (e.g., 10 minutes (set in seconds)).
- Add Response to the Rule: Under the Response tab, choose the response(s) to make when an event triggers this rule.
Read Full Article
18 Likes
Wired
2w
425
Image Credit: Wired
As the Mastermind of Far-Right ‘Active Clubs’ Goes to Prison, His Violent Movement Goes Global
- American neo-Nazi Robert Rundo has been sentenced to federal prison for attacking political opponents at rallies in California in 2017. Along with members of the Rise Above Movement, Rundo was convicted in 2018 of conspiracy to violate the federal Anti-Riot Act for planning and training a series of attacks on political opponents. Rundo co-founded the fight club-cum-street gang in Southern California with fellow extremist Ben Daley during the peak of the alt-right movement.
- Since Rundo’s initial arrest, he helped create an international network of RAM clones called 'Active Clubs.' The clubs are a transnational alliance of far-right fight clubs that closely overlap with skinhead gangs and neofascist political movements in North America, Europe, the Antipodes, and South America. There are now dozens of Active Clubs in countries such as the US, UK, France, Germany, Holland, Scandinavia, Australia and Colombia.
- Seemingly harmless from the outside, Active Clubs are small groups of young men who go on hikes, train in combat sports, weight-lift, and build camaraderie. But their membership often overlaps with other extremist organizations, including Patriot Front and skinhead groups like the Hammerskins. US-based Active Clubs are branching out into political intimidation and violence.
- According to extremism researchers, the Active Club model stands out for its low barrier to entry, emphasis on positive community building to draw new recruits from outside extremist circles, and a ready-made international network. Their ideology leans heavily on young male grievances against a world that supposedly singles them out in favor of people of color and LGBTQ+ youth.
- Rundo co-created the concept of an Active Club in 2021 with far-right German-Russian neo-Nazi Denis Nikitin, who started out as a soccer hooligan before moving into combat sports as a fighter, promoter, and organizer of far-right tournaments. Since then, the neo-Nazi fight clubs have proliferated throughout Western Europe, Australia, and the United States and are currently the preeminent organizing model for far-right streetfighters.
- The Active Club network is seeing expanded breadth and growing significance in street politics. Their members have been involved in political violence in the US and France, have been banned and arrested in Germany, and are a growing concern for UK and Irish law enforcement as the place of their recruiting has skyrocketed following this summer's riots.
- Rundo will likely spend years in prison, but it remains unlikely that federal lockup will change his ideologies. He previously served nearly two years for stabbing a rival gang member in Queens in 2009. While he did radicalize during his stint, starting a small white power gang, Rundo’s forthcoming prison term will mark his first federal term as a certified domestic extremist. Prior to the US election, Rundo urged his supporters to vote for Donald Trump in the hope that the president-elect would pardon him and other extremists who plead guilty to federal crimes.
- Rundo “has not renounced the violent extremist ideology that motivated that conduct,” US prosecutors wrote in their sentencing memo. It’s also likely that Rundo will hold out for help from a friendlier government. Since his initial arrest, Rundo helped mastermind an international network of RAM clones known as “Active Clubs.”
- Along with members of the Azov Movement’s 3rd Assault Battalion who have been integrated into the regular units of Ukraine military intelligence directorate, Nikitin hosted a September conference in Lviv that gathered representatives from extreme right-wing organizations across Europe for a strategy conference. Italian fascist organization Casapound, which Rundo visited in 2018 and views as an exemplar, sent a representative, as did Germany’s openly neo-Nazi party, Dritte Weg.
- Active Clubs have proved effective at dodging legal crackdowns in countries like France, where far-right street violence has a decades-long history despite authorities' attempts to ban and dissolve organized groups. The clubs appear to have carried out acts of violence, including an attack on an asylum center near Nantes last year.
- The Active Club model stands out for its low barrier to entry and emphasis on positive community building. Active Clubs are concerning as their membership often overlaps with other extremist organizations. The clubs appear to have carried out acts of violence in the US and France, have been banned and arrested in Germany, and are a growing concern for UK and Irish law enforcement. The founders of Active Clubs are facing imprisonment, however, the movement continues to grow in the United States, Europe, the Antipodes and South America.
Read Full Article
25 Likes
Medium
2w
339
Image Credit: Medium
What Do Smart Home Users Really Think?
- A research project on smart homes and surveillance aimed to understand user perspectives on privacy, personal information collection, benefits and risks, and home safety.
- Many smart home users were found to be misinformed about their devices' surveillance capabilities, with incomplete understandings of collected information and access rights.
- The relationship between surveillance and power poses concerns, including domestic abuse and overreach by big tech companies.
- To ensure better products, policy, and law, understanding and respecting user perspectives is crucial as smart devices become more prevalent in society.
Read Full Article
20 Likes
Cybersecurity-Insiders
2w
313
Image Credit: Cybersecurity-Insiders
Black Hat Europe Recap: Auguria Debuts Newly Enhanced Platform
- Auguria, Inc. announces the newest version of its Security Knowledge Layer Platform at Black Hat Europe.
- The enhanced platform integrates with major data sources including CrowdStrike, SentinelOne, Microsoft Windows Event Logs, and Palo Alto Networks.
- Auguria introduces the Explainability Graph feature, providing visual, context-rich threat data for security teams.
- The expanded integrations allow organizations to consolidate, prioritize, and analyze data from multiple sources, simplifying processes and facilitating faster security decisions.
Read Full Article
18 Likes
Socprime
2w
120
Image Credit: Socprime
Using Roles and Users for Data Access in Elasticsearch
- Elasticsearch uses a security model to control access to data through roles and users.
- Enabling security features in Elasticsearch is crucial for data security and operational integrity.
- Roles define the permissions for users, specifying the indices they can access and the operations they can perform.
- Users are mapped to one or more roles to determine their permissions.
Read Full Article
7 Likes
Cybersecurity-Insiders
2w
90
Image Credit: Cybersecurity-Insiders
2025 Outlook: Turning Threats into Opportunities in a New Era of Innovation
- As we step into 2025, the cybersecurity landscape is at a pivotal juncture.
- Continued government regulation and the rising cost and consequences of data breaches will pressure companies to uplevel data privacy initiatives to a strategic business imperative.
- Many non-technology industries need to be faster to update their legacy infrastructure, but struggle due to cost constraints and limited resources.
- DataKrypto Prediction: Companies will increasingly address data privacy strategically and operationally.
- Data breaches will lessen as cyber developers focus on building “secure by design” applications that protect data throughout its lifecycle.
- Sophisticated attackers exploit vulnerabilities left by traditional encryption methods, exposing organizations to costly breaches.
- New FHE innovations will help companies maintain continuous data protection and minimize the impact of many prominent attacks.
- As quantum computing advances, organizations worldwide are growing increasingly concerned about its potential impact on cybersecurity.
- Organizations will prioritize implementing advanced quantum-resistant cryptographic techniques.
- As we look ahead to the coming year, we’re standing on the precipice of a new era in cybersecurity.
Read Full Article
5 Likes
Cheapsslshop
2w
12
Image Credit: Cheapsslshop
EV vs OV Code Signing Certificate: What are the differences?
- Code signing certificates are essential for ensuring software integrity and protecting users.
- There are two types of code signing certificates: Organization Validation (OV) and Extended Validation (EV).
- EV Code Signing Certificates undergo a rigorous validation process and are used to sign software, drivers, applications, and executable files.
- OV Code Signing Certificates have less strict validation requirements and are commonly used for signing software.
Read Full Article
Like
The Register
2w
275
Image Credit: The Register
Taming the multi-vault beast
- Partner Content With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.
- GitGuardian addresses this challenge with its latest release of multi-vault integrations, providing centralized visibility and control over secrets in HashiCorp Vault, CyberArk Conjur, AWS Secrets Manager, Google Cloud Secrets Manager, and Azure Key Vault.
- Key capabilities include automated detection of stale and unused secrets, cross-vault incident resolution, streamlined vault migration and consolidation, and policy enforcement across platforms.
- This release marks GitGuardian's evolution from secrets detection to comprehensive Non-Human Identity (NHI) governance, offering organizations scalability, reduced operational costs, improved security posture, and simplified compliance reporting.
Read Full Article
16 Likes
Cybersecurity-Insiders
2w
313
Image Credit: Cybersecurity-Insiders
How the Cyber Grinch Stole Christmas: Safeguard Your Festive Season
- The holiday season creates the perfect environment for increased cyberattacks due to increased online shopping during Black Friday and Cyber Monday, followed by December festivities.
- Organisations are becoming prime targets for cybercriminals, with the rise of remote work and distracted teams, it is vital that businesses protect themselves from becoming victims of festive-season threats.
- Phishing emails are particularly convincing during this time, leveraging festive themes and urgent requests. Common scams include fake charity appeals, holiday e-cards, and counterfeit shopping sites advertising too good to be true discounts.
- Cybercriminals use AI-powered phishing scams, deepfakes and advanced malware all of which make it harder to detect and more personalised, using employee’s specific dates to make the breach more personal.
- Remote working was one of the biggest game-changers that happened over the past year.
- Remote devices, often the weakest link in cybersecurity, are particularly vulnerable, lacking the same level of security as office-based desktops.
- Organisations must adopt a robust cyber resilience posture that embraces endpoint security and enables them to respond and react in a timely manner. Centralised IT teams require real-time visibility into the network and must act decisively against suspicious activity.
- According to the Cyber Resilience Risk Index, Endpoint Protection Platforms and network security applications fail to operate effectively 24 percent of the time on managed PCs.
- Downtime—when systems, devices, or networks are unavailable due to a cyberattack—can severely disrupt operations impacting productivity and may result in significant financial losses, particularly during critical business periods like the holiday season.
- By adopting a proactive approach to cyber resilience, businesses can reduce downtime and ensure rapid recovery from security issues, protecting sensitive data and maintaining operations.
Read Full Article
18 Likes
Cybersecurity-Insiders
2w
55
Image Credit: Cybersecurity-Insiders
The three top cybersecurity predictions for 2025
- The cyberthreat landscape has shifted rapidly over the past several years, and this evolution will continue in 2025.
- Cybercriminals are using AI to launch sophisticated phishing attacks, conduct surveillance on potential targets, and manipulate victims with deepfakes.
- AI is being used to detect cyberthreats as well, but isn’t keeping up and the cost of data breaches and other attacks is rising.
- CISOs and other security leaders should have an all-of-the-above approach to cybersecurity, which includes everything from zero-trust security architecture and AI-powered threat detection.
- Cybersecurity programs that combine security awareness and technology like automation and AI will be a key focus in 2025.
- According to IBM, the average cost of a data breach has reached an all-time high of $4.88 million.
- AI-powered social engineering is driving the surging cost of cyberattacks and Google’s 2025 Cybersecurity Forecast anticipates that AI will be used to develop and scale more convincing phishing attacks.
- It has never been more important for companies across all industries to prioritize cybersecurity.
- According to Allianz Risk Barometer, cyber incidents comprise the top global business risk for the first time by a clear margin.
- Cybersecurity awareness training must adapt to the new era and be personalized, employees must be aware of the latest cybercriminal tactics, and there should be clear policies around device usage, account security, and incident reporting.
Read Full Article
3 Likes
Neuways
2w
249
The Biggest Scams of 2024
- Deepfake Videos: Scammers use AI to create deepfake videos impersonating high-profile figures to promote fake investments.
- Fake Customer Service Accounts: Fraudsters pose as customer service representatives on social media to extract sensitive information from disgruntled customers.
- Copycat Websites: Scam websites replicate legitimate brands to harvest personal details for future scams.
- QR Code Scams: Scammers use tampered QR codes to infect devices with malware or unauthorized subscriptions.
- WhatsApp and Messaging Scams: Scammers exploit messaging apps like WhatsApp to trick victims into sharing sensitive information or transferring funds.
Read Full Article
15 Likes
For uninterrupted reading, download the app