Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Pymnts

392

Image Credit: Pymnts

Worldline Defends Itself Against Claims in ‘Dirty Payments’ Probe

Worldline's shares dropped following allegations that the company hid customer fraud.
Allegations from a series of reports known as 'Dirty Payments' accuse Worldline of accepting questionable clients like gambling and porn sites.
Worldline responded by enhancing its merchant risk controls and discontinuing business with noncompliant customers.
The company has implemented stricter oversight on high-brand-risk clients and increased financial crime compliance efforts.

Read Full Article

20 Likes

Cheapsslshop

207

Image Credit: Cheapsslshop

What is the COMODO RSA Certification Authority?

The COMODO RSA Certification Authority is a widely distributed root CA in the world.
It provides security for millions of websites, applications, and digital services.
The root CA was first generated by Comodo CA in 2010 and is now operated by Sectigo.
The name of the root has not changed since it is hardcoded into operating systems and browsers.
Every Comodo or Sectigo-branded TLS certificate ultimately chains up to this 2048-bit RSA root.
The root is trusted and every leaf certificate inherits that trust.
The COMODO RSA root is included in all major desktop and mobile operating systems and mainstream browsers.
It is a foundational element in the chain of trust for digital security.
The root CA provides certificates for various types of security needs.
The widespread distribution of the root CA enhances its trustworthiness.
COMODO RSA Certification Authority is known for its universal trust store coverage.
The root is integral in ensuring secure connections on the internet.
It is a crucial component in establishing secure communication.

Read Full Article

12 Likes

Global Fintech Series

Image Credit: Global Fintech Series

Advanced Credit Risk Decisioning + Digital Identity Intelligence From GDS Link and Zumigo to Strengthen Defense Against Fraud

Zumigo and GDS Link collaborate to enhance front-end fraud detection and maintain user experience for authentic applicants.
GDS Link's Decisioning Platform allows lenders to integrate real-time risk strategies; collaboration with Zumigo adds digital risk signals for fraud prevention.
Mobile and account data details provide early fraud detection indicators, aiding lenders in accurately assessing risk.
The partnership aims to combat identity fraud, including account takeover attacks, by leveraging advanced fraud prevention technologies.
GDS Link's platform balances fraud prevention with user experience, while Zumigo's intelligence aids in enhancing the decision-making process.
The collaboration focuses on countering sophisticated fraud attempts and ensuring seamless onboarding for genuine customers.
By combining mobile and digital identity intelligence, the joint solution aims to halt fraud while maintaining a secure onboarding process.

Read Full Article

1 Like

Pcgamer

315

Image Credit: Pcgamer

DDoS attacks continue to grow ever bigger, with Cloudflare recently blocking the largest ever recorded at 37.5 TB over 45 seconds

Cloudflare recently blocked the largest ever recorded DDoS attack at 37.4 TB over 45 seconds.
The attack targeted a Cloudflare customer's IP address with a flood of UDP packets.
The attack attempted to breach up to 34,517 destination ports.
The DDoS attack came from 5,433 autonomous systems across 161 countries.
Approximately 50% of the attacks originated from Brazil and Vietnam.
Cloudflare's network handles roughly 20% of all Internet traffic across 120 countries.
Cloudflare's chief security officer mentioned substantial increases in DDoS attacks over the last six months.
Cloudflare has seen a series of record-breaking DDoS attacks in recent weeks, reaching up to 6.5 terabits per second.
The company is equipped to handle large-scale attacks and prevent server shutdowns caused by DDoS attacks.
Cloudflare's network architecture allows it to stop attacks at specific locations, preventing widespread disruption.

Read Full Article

18 Likes

Discover more

Socprime

393

Image Credit: Socprime

CVE-2025-49144 Vulnerability: Critical Privilege Escalation Flaw in Notepad++ Leads to Full System Takeover

Critical privilege escalation flaw CVE-2025-49144 in Notepad++ leads to full system takeover.
Attackers exploit vulnerability in installer’s search path logic, allowing SYSTEM-level access.
Risk of full system compromise heightened with proof-of-concept exploit in the wild.
Security teams urged to upgrade to v8.8.2, restrict software installs, and implement additional protections.
Uncover detections and AI-supported threat investigation tools provided to streamline threat defense and mitigation.

Read Full Article

23 Likes

Silicon

242

Image Credit: Silicon

Silicon UK In Focus Podcast: From Data to Decisions

Silicon UK's In Focus Podcast, hosted by David Howell, delves into turning AI insights into enterprise action in the latest episode.
The episode explores the challenge of translating data and AI-generated insights into impactful decisions for businesses.
AI's potential lies in enabling smarter actions, moving beyond just informative dashboards.
The discussion focuses on converting predictive models into tangible performance improvements.
Guest James Fisher, Chief Strategy Officer at Qlik, provides insights on activating data for real business outcomes.
James Fisher oversees Qlik's Corporate Strategy and has extensive experience in software and consulting businesses.
Before his current role, James held key positions in strategic marketing and product management.
His background includes working with analytics, performance management, finance, and mobile solutions.
Prior to Qlik, James was involved in product marketing at SAP and held roles at BusinessObjects, Cartesis, and PwC.

Read Full Article

14 Likes

Securityaffairs

289

Image Credit: Securityaffairs

Mainline Health Systems data breach impacted over 100,000 individuals

Mainline Health Systems, a nonprofit health center in Arkansas, disclosed a data breach affecting over 100,000 individuals.
The breach occurred on or about April 10, 2024, impacting the company's network.
The organization promptly investigated the incident, engaged cybersecurity experts, and notified law enforcement.
The breach notification letter to the Maine Attorney General's Office confirmed unauthorized access to protected personal information.
The INC RANSOM group claimed responsibility for the attack and included the organization on its Tor leak site.
INC RANSOM, active since 2023, has targeted several organizations, including the NHS of Scotland and Xerox Corp.

Read Full Article

17 Likes

Medium

397

Image Credit: Medium

The $200B Cybersecurity Software Market: Where We Are, What’s Breaking, and What Comes Next

The global cybersecurity software market is projected to exceed $202 billion in 2025, with growth driven by increasing complexity in organizations' IT environments.
The market is divided into five core segments, including Network Security & Access, Identity & Access Management, SIEM/Threat Intelligence, Endpoint Security, and Governance, Risk & Compliance.
Leaders are consolidating platforms, offering integrated solutions, while laggers continue to sell fragmented features.
Key challenges in the cybersecurity market include unified identity control, predictive AI threat detection, vendor-stack fragmentation, and supply chain risks.
New players are focusing on areas such as Agentic AI Security Ops, Unified Identity Layers, Data-Centric Security, Security-as-a-Service, and Compliance Automation.
The cybersecurity industry sees continuous growth due to the interconnected cycle of digital surface area expansion, breaches, regulation, vendor purchases, integration complexity, and increased risk.
AI-native platforms are seen as the future, with companies embedding AI deeply into their operating models for improved efficiency and security.
Shifts in pricing models are occurring due to vendor sprawl, cloud-native cost disruption, and a trend towards outcome-based pricing with SLA-based security contracts.
The future battlegrounds in the cybersecurity market will focus on industry specialization, SaaS-native embedded security, real-time observability, open API ecosystems, and simplified buyer experiences.
The strategic meta-pattern indicates a move towards simplification, automation, and the integration of defense processes into digital operations.
The cybersecurity landscape is evolving towards fewer tools, larger platforms, deeper AI integration, and simplified buyer models for enhanced security.

Read Full Article

23 Likes

Global Fintech Series

289

Image Credit: Global Fintech Series

On-Chain vs Off-Chain Metadata Indexing: Impacts on NFT Market Efficiency and Trading Latency

Non-fungible tokens (NFTs) have revolutionized digital ownership, providing authenticity and scarcity through blockchain technology.
Metadata indexing choice impacts NFT market efficiency and trading latency, influencing transaction processing speed and reliability.
NFT metadata includes essential asset information like name, description, and traits, determining rarity and value.
On-chain indexing offers immutability, security, automation with smart contracts, but faces high storage costs and scalability issues.
Off-chain indexing lowers costs, offers flexibility for metadata updates but introduces centralization risks and trust dependencies.
Market efficiency relies on seamless metadata access; on-chain indexing enhances transparency and price discovery compared to off-chain options.
On-chain metadata provides instant data access but may face delays due to blockchain congestion; off-chain indexing may have faster retrieval but dependence on external sources can introduce delays.
Hybrid solutions combining on-chain hashing with off-chain storage, decentralized storage networks, and Layer 2 scaling aim to optimize security, efficiency, and trading latency in the NFT market.
The trade-off between on-chain and off-chain metadata indexing impacts NFT market developments, with hybrid approaches and decentralized storage innovations expected to shape the future of metadata management.
The article is eligible for web story generation due to its concise analysis of on-chain vs off-chain metadata indexing's impact on NFT market efficiency and trading latency.

Read Full Article

17 Likes

TechJuice

Image Credit: TechJuice

A Spyware Is Stealing Your Private Photos And You Might’ve Helped It

A new mobile malware called SparkKitty is targeting both iPhones and Android phones, stealing users' private photos and screenshots.
The malware has been active since early 2024 and has infiltrated the Apple App Store and Google Play through seemingly innocent apps.
Apps like '币coin' on iOS and the SOEX messaging app on Android request photo-gallery permissions and silently upload images to hackers' servers.
SparkKitty Spyware differs from its predecessor by focusing on entire photo libraries and using optical character recognition to identify sensitive content.
Once permission is granted, the spyware operates silently by bypassing App Store rules on iOS and hiding within legitimate-looking apps on Android.
It uploads existing images and new ones in near real time, particularly targeting screenshots containing financial or identity-related text.
Experts recommend limiting screenshots of sensitive information and using physical backups instead, along with enabling Google Play Protect and antivirus software for Android users.
iPhone users might require third-party Mac-based tools to detect hidden malware.
The spyware poses a significant threat to user privacy and data security.
Researchers advise caution when granting permissions to apps, especially those requesting access to sensitive data like photos.
Users are encouraged to stay vigilant and take necessary steps to protect their personal information from malicious actors.
Kaspersky discovered this spyware and provided recommendations for users to safeguard their devices against such threats.
The emergence of SparkKitty highlights the ongoing challenges of mobile security and the need for continuous vigilance.
It serves as a reminder for users to be cautious while downloading and using apps that request sensitive permissions.
Ensuring device security through software updates, antivirus programs, and safe browsing practices is crucial in combating such malicious threats.
The threat of mobile malware underscores the importance of cybersecurity awareness and proactive measures to prevent unauthorized access.
SparkKitty reinforces the importance of maintaining a secure digital environment and being mindful of potential security risks in the digital landscape.

Read Full Article

2 Likes

Securityaffairs

198

Image Credit: Securityaffairs

Disrupting the operations of cryptocurrency mining botnets

Cybersecurity researchers devised two attack techniques to disrupt the operations of cryptocurrency mining botnets.
Akamai Researchers uncovered two novel techniques to disrupt cryptocurrency mining botnets by exploiting flaws in common mining topologies.
Current methods to stop cryptocurrency mining botnets are pool bans or infrastructure takedowns, however, both are slow and complex.
Researchers developed two techniques exploiting vulnerabilities in the stratum protocol to disrupt operations by targeting proxies or wallets, potentially forcing attackers to abandon campaigns.
XMRogue tool was developed to disrupt cryptomining botnets using mining proxies by submitting consecutive bad shares and potentially banning the mining proxy from the pool.
Crafted invalid shares through Stratum to malicious proxies trigger pool-level bans, halting the attacker’s operation.
In tests conducted by Akamai, one campaign's annual revenue was reduced from $50K to $12K, a 76% drop, by banning proxies.
Akamai's second method targets miners connected directly to public pools without proxies by flooding the pool with over 1,000 login attempts using the attacker's wallet.
The disruption can significantly hinder the attack, as the wallet gets temporarily banned for an hour.
Researchers demonstrated the technique targeting Monero miners, which can be adapted to other cryptocurrencies.
Defenders can disrupt malicious cryptominer campaigns by exploiting mining pool policies without affecting legitimate miners.
Attacks targeting wallet addresses added an additional layer of disruption for cryptominers, making it challenging for attackers to monetize effectively.
Implementing these attack techniques with XMRogue tool helps in disrupting attacker's operations effectively.
The report concludes that the threat of cryptominers will continue to grow, but defenders now have tools to fight back and make it challenging for attackers to monetize effectively.

Read Full Article

11 Likes

Dev

380

Image Credit: Dev

Microsoft 365 Business Standard Security and Productivity Features: What You Get in 2025

Microsoft 365 Business Standard in 2025 offers a productivity suite for small to medium-sized businesses, combining power and simplicity.
Key features include full desktop Office applications, business-class Outlook and Exchange for email and calendar, OneDrive for Business for secure cloud storage, Microsoft Teams for digital collaboration, and SharePoint Online for organization and collaboration.
Security features in Business Standard include Exchange Online Protection, basic identity protection, role-based access control, data encryption, and security defaults.
It lacks advanced features like Microsoft Intune for device management and Defender for Business but targets companies with lighter security needs.
Business Standard offers ease of administration through the Microsoft Admin Center, supports mobility and cross-device sync, and remains cost-effective for SMBs in 2025.
User examples include professional services firms, retail businesses, nonprofits, remote teams, and startups scaling beyond free tools.
Business Standard in 2025 prioritizes usability, integration, and default security measures, simplifying collaboration and reducing software sprawl.
It is suitable for businesses not needing complex device management or deep threat protection, offering dependable security and seamless tool integration.
Microsoft 365 Business Standard is a well-rounded option that empowers small to medium-sized businesses to grow confidently in a digital-first world.

Read Full Article

22 Likes

Medium

272

Image Credit: Medium

Leading the Charge: Cheyanne Mallas on Project Management in Cyber Security

Cheyanne Mallas plays a crucial role in bridging business and technical teams in cyber security projects.
She emphasizes that cyber security should be a shared responsibility with tangible outcomes like uptime, compliance, and customer trust.
Defining scope and stakeholder roles is the initial step in securing cloud infrastructure or implementing MFA across a workforce.
Mallas ensures everyone understands their role; legal teams focus on data privacy, CFOs on budget risks, and IT teams on clarity to prevent burnout.
Regular touchpoints like standups and risk briefings are held to maintain project momentum and evolution rather than following a static checklist.
Aligning technical work with business priorities is key, where a solution reducing breach probability can be seen as a business win, not just a security fix.
Mallas highlights the importance of training employees, as even new hires unaware of phishing emails can become vulnerabilities if not educated.
Demonstrating the business value of cyber security helps earn long-term executive support for future projects.
Mallas believes in showcasing results over technical jargon to persuade executives to view cyber security as an investment rather than a cost.
The ability to adapt quickly without losing momentum distinguishes strong cyber security project leaders.
Her leadership style combines discipline with empathy, providing the necessary structure and flexibility for effective cyber security project management.

Read Full Article

16 Likes

Global Fintech Series

281

Image Credit: Global Fintech Series

83% of Americans Are Worried About AI-Powered Fraud, but Many Also Trust AI to Help Stop It

A survey by Abrigo reveals that over 83% of Americans are concerned about AI-powered fraud, with about 60% extremely worried.
Financial fraud is increasing due to digital transactions, data breaches, and sophisticated AI-powered attacks, resulting in over $12.5 billion lost in 2024.
Despite concerns, 43% of Americans believe AI-powered fraud detection would increase their confidence in financial institutions.
Nearly 72% of Americans show interest in AI-powered fraud detection tools, highlighting the potential for AI in combating fraud.
Although 81.6% of fraud victims were satisfied with their bank's response, 62% would be likely to reduce their banking relationship if they experienced fraud.
Consumer reliance on digital payments is increasing, with 64.1% no longer writing checks, and PayPal being the most trusted digital payments provider.
51.4% of consumers feel they need more education on AI-powered fraud detection, creating an opportunity for financial institutions to educate consumers.
Fraud concerns are higher among older Americans, with just 10.1% feeling extremely prepared against emerging fraud techniques like AI-based attacks.
Only 34.1% of Americans feel very safe with their current bank or credit union.

Read Full Article

16 Likes

VoIP

Image Credit: VoIP

Many UK SMEs Lack Cyber Training Despite Rising Threats

A study by BT and Be the Business reveals that 39% of UK SMEs have not provided cybersecurity training to their employees, despite heightened cyber attack risks.
42% of small businesses and 67% of medium-sized companies have experienced cyber attacks in the last year.
On average, micro and small businesses spend around £7,960 to recover from disruptive breaches.
Phishing affects 85% of UK businesses, while ransomware incidents have doubled in the past year, impacting 1 in 100 businesses.
Businesses with proactive cybersecurity strategies exhibit a 20% higher growth rate.
BT launched a security training program for SMEs to combat cyber threats like those from AI and quantum computing, as well as account takeovers and QR code scams.
Tris Morgan, MD for Security at BT, stresses the importance of cybersecurity for SMEs, stating it is crucial for business survival.
Effective cybersecurity is achievable for SMEs with proper training, even without extensive resources.
18% of UK SMEs are concerned about AI-related threats, with 69% considering AI tools to mitigate cyber risks.
Nearly half of business leaders seek cybersecurity advice from industry experts.
The article discusses the lack of cyber training among UK SMEs despite the increasing cyber threats and the benefits of proactive cybersecurity measures.
BT's security training initiative aims to equip SMEs with the knowledge to protect against evolving cyber threats.
Phishing and ransomware are highlighted as prevalent threats impacting a significant number of businesses.
Benefits of investing in cybersecurity include reduced risk exposure and potential for higher business growth.
SMEs are encouraged to recognize cybersecurity as essential for long-term business success.
Many UK SMEs are looking to AI tools and external expertise to enhance their cybersecurity measures.

Read Full Article

4 Likes

For uninterrupted reading, download the app