menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

20h

read

3

img
dot

Image Credit: Tech Radar

UK Police wants to spend $100 million to turn millions of hours of VHS footage into digital format — now that's something AI could help with

  • The UK police service plans to spend up to 100 million to digitize VHS and other analog media archives to support investigations through a framework managed by Bluelight Commercial.
  • The digitization aims to facilitate the transition to digital evidence management by converting outdated formats into electronic files and ensuring the correct metadata attachment and secure handling of sensitive material.
  • The procurement process will be split into three lots, covering in-house conversion, outsourcing options, and niche media formats such as microfiche, DVDs, and CDs, with the total work valued at up to 120 million including VAT.
  • AI tools could assist in aspects like tagging and sorting large volumes of footage, but the primary task of converting analog tapes into digital files still relies on specialized hardware and real-time playback.

Read Full Article

like

Like

source image

TechCrunch

21h

read

26

img
dot

Image Credit: TechCrunch

Activision took down Call of Duty game after PC players hacked, says source

  • Activision has taken down the 'Call of Duty: WWII' game after hackers exploited a flaw in a specific PC version of the game, leading to players' computers being hacked.
  • The company announced the offline status of the Microsoft Store version of the game due to investigating reports of an issue, which was later revealed to be related to hacks.
  • Players complained on social media about being hacked while playing the game, with reports of a remote code execution exploit affecting the safety of playing the game on PC.
  • Activision took down the Microsoft Store and Game Pass versions of the game due to an old flaw not patched on these versions, contrasting with the Steam version, with the online status still down as the company works on a fix.

Read Full Article

like

1 Like

source image

Tech Radar

21h

read

33

img
dot

Image Credit: Tech Radar

Be careful where you click in Google search results - it could be damaging malware

  • Cybersecurity researchers warn of a malicious campaign using fake landing pages to distribute Oyster malware, impersonating popular Windows tools PuTTY and WinSCP.
  • The fake landing pages are optimized for SEO and aimed at tricking IT, cybersecurity, and web development professionals into downloading the malware loader.
  • Oyster is a stealthy malware loader that can deliver additional malicious payloads through techniques like process injection and command-and-control via HTTPS.
  • IT professionals are advised to be cautious when downloading software, ensuring they use trusted sources and type in addresses directly to avoid falling for such malicious campaigns.

Read Full Article

like

2 Likes

source image

Droid-Life

21h

read

134

img
dot

Image Credit: Droid-Life

July 2025 Android Update Available for Google Pixel Devices

  • The July 2025 Android update, the first monthly patch after Android 16 release, is now available for Pixel phones.
  • The update (BP2A.250705.008) is for Pixel 6a through Pixel 9 Pro Fold devices and includes a battery performance update for Pixel 6a.
  • Bug fixes in the July update focus on improvements in display, graphics, and Wi-Fi connectivity stability.
  • The update is rolling out gradually and users can check for it in Settings>System>Software updates>System update.

Read Full Article

like

8 Likes

source image

Medium

22h

read

119

img
dot

Image Credit: Medium

Why Governance Is the Job Everyone Should Be Talking About

  • Governance, particularly in the tech industry, is crucial as it involves the intersection of technology, risk, and human behavior to prevent system failures.
  • The increasing popularity of smart and connected electric vehicle chargers has raised cybersecurity concerns, emphasizing the importance of governance to address vulnerabilities.
  • Governance goes beyond compliance and ethics, shaping responsible technology by ensuring systems are secure, visible risks are identified, and accountability is established.
  • The field of governance is rapidly evolving and expanding into various sectors like health, finance, energy, and transportation, making it a critical job in the tech industry.

Read Full Article

like

7 Likes

source image

Securityaffairs

22h

read

120

img
dot

Image Credit: Securityaffairs

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

  • Italian police arrested a Chinese national, Zewei Xu (33), linked to Silk Typhoon APT group at Milan’s Malpensa Airport on a U.S. warrant.
  • Xu is accused of cyberespionage, including attacks on U.S. government entities and 2020 attacks on U.S. COVID-19 vaccine research.
  • Xu's family claims he is innocent and works as an IT manager in Shanghai. His wife opposes extradition, citing his Italian visa as evidence of no wrongdoing.
  • Xu faces extradition proceedings in Italy for charges including wire fraud, ID theft, and unauthorized computer access, with a potential 20-year prison sentence.

Read Full Article

like

6 Likes

source image

Siliconangle

23h

read

93

img
dot

Image Credit: Siliconangle

Silverfort uncovers critical Netlogon flaw affecting Windows domain controllers

  • A new vulnerability in Microsoft's Netlogon protocol, named 'NOTLogon,' was discovered by Silverfort Inc., allowing low-privilege machines to crash Windows domain controllers remotely.
  • The vulnerability was patched by Microsoft in its July 8 update and does not allow for privilege escalation or credential theft, but can disrupt core Active Directory services.
  • Discovered through AI-assisted methods, the flaw stems from the handling of malformed inputs in the NetrLogonSamLogonEx RPC call, causing domain controllers to crash and trigger reboots.
  • Silverfort recommends organizations to apply the July 2025 security update, audit machine account usage, limit account creation permissions, and segment network access to protect domain controllers.

Read Full Article

like

5 Likes

source image

Tech Radar

1d

read

198

img
dot

Image Credit: Tech Radar

This top security platform is being hacked to carry out malware threats

  • Elastic Security Labs reported Shellter Elite being abused in malware delivery campaigns due to a leaked license.
  • Shellter Project released a patch to address the incidents and prevent future abuse of the commercial pentesting tool.
  • The tool designed for ethical red team operations was used to deploy infostealers and bypass antivirus and EDR defenses.
  • The Shellter Project criticized Elastic Security Labs for not notifying them earlier and vowed to distribute the newest version only to vetted customers.

Read Full Article

like

11 Likes

source image

Dynamicbusiness

1d

read

292

img
dot

Image Credit: Dynamicbusiness

The cybercrime that tricks even security-savvy workers

  • Business email compromise attacks have become a significant threat, costing over $2.7 billion in losses globally, with cybercriminals impersonating trusted colleagues and authority figures to breach corporate defenses.
  • Sophisticated hackers invest time researching targets, creating convincing impersonations using insider knowledge. They use look-alike domains, request credentials, sensitive data, or wire transfers, aiming for significant monetary gain.
  • The most advanced attacks involve infiltrating corporate email systems, monitoring communications to strike opportunistically. There is a risk of facilitating ransomware attacks, spreading malware, and deploying supply chain attacks.
  • Defense against such attacks requires employee education, robust verification procedures for financial transactions, proactive monitoring of the dark web, and immediate actions like enforcing multi-factor authentication for compromised accounts.

Read Full Article

like

17 Likes

source image

Medium

1d

read

164

img
dot

*Indian Computer Emergency Response Team (CERT-In): Securing India's Cyberspace*

  • CERT-In, India's Computer Emergency Response Team, plays a pivotal role in safeguarding India's cyberspace.
  • Key functions include incident response, issuing threat alerts, conducting security drills, collaboration with global entities, and promoting public awareness of cybersecurity best practices.
  • Noteworthy initiatives include Cyber Swachhta Kendra, Mandatory Reporting Rule (2022), and CII Guidelines for critical sectors.
  • Challenges faced by CERT-In include evolving cyber threats, lack of skilled professionals, and the necessity for improved stakeholder coordination.
  • CERT-In collaborates with international cybersecurity agencies and partners in various countries to enhance threat intelligence sharing and cybersecurity practices.
  • The organization's efforts focus on monitoring, collaboration, and awareness to bolster India's cyber resilience in the face of growing cyber threats.

Read Full Article

like

9 Likes

source image

Tech Radar

1d

read

194

img
dot

Image Credit: Tech Radar

Experts flag a huge amount of cyberattacks coming from this unexpected domain

  • Cybersecurity experts from Cofense reveal a significant increase in malicious campaigns using .es domains, with a 19x rise from Q4 2024 to Q5 2025.
  • Credential phishing attacks made up 99% of the malicious campaigns, while 1% were related to remote access trojans, and Microsoft was the most impersonated brand.
  • .es domains, primarily intended for Spanish-speaking audiences, saw approximately 1,400 malicious subdomains across 450 base domains in the first five months of the year.
  • Despite the significant rise in .es domain usage for cyberattacks, common attack vectors remained unchanged, with most attacks impersonating Microsoft and using tactics like spoofed emails to deliver malware.

Read Full Article

like

11 Likes

source image

Global Fintech Series

1d

read

210

img
dot

Image Credit: Global Fintech Series

Wanna Strengthens Player Protection with Accertify and PayNearMe Collaboration

  • Accertify's fraud prevention solutions have helped Wanna reduce chargeback losses by 27% since the US launch in March Madness 2024.
  • Wanna is enhancing player protection by using Accertify's fraud solutions and PayNearMe's payment services for its US-based DFS platform, Wanna Parlay.
  • Wanna prioritizes player safety and trust, ensuring a secure gaming environment with the collaboration with Accertify.
  • The collaboration between Accertify and PayNearMe aims to provide comprehensive protection and a seamless experience for players while maintaining efficiency and confidence for operators.

Read Full Article

like

12 Likes

source image

TechDigest

1d

read

401

img
dot

Image Credit: TechDigest

M&S Chairman: cyber attack attempt to destroy retail giant

  • Marks & Spencer Chairman Archie Norman revealed that the cyber attack in April was an attempt to 'destroy' the retail giant by hacker group DragonForce.
  • The attack, involving a 'sophisticated impersonation,' led to online orders being suspended, empty shelves in stores, and is expected to impact profits by around £300 million.
  • M&S notified authorities and the FBI, expects to recover a substantial part through insurance claims, and has intensified cybersecurity efforts after the breach.
  • Despite having legacy systems, M&S plans to accelerate technology investments to enhance cybersecurity, and has increased its cybersecurity team and expenditure.

Read Full Article

like

16 Likes

source image

TechCrunch

1d

read

393

img
dot

Image Credit: TechCrunch

Marks & Spencer chair refuses to say if retailer paid hackers after ransomware attack

  • Marks & Spencer chairman declined to disclose whether the company paid hackers following a ransomware attack earlier this year.
  • Chairman Archie Norman mentioned that they are not discussing details of their interaction with the threat actor, citing law enforcement and public interest reasons.
  • Norman stated that nobody at Marks & Spencer directly communicated with the ransomware group DragonForce, attributed to the attack.
  • In May, Marks & Spencer reported a data breach with customer information stolen, leading to disrupted operations. Recovery efforts are expected to continue until October or November.

Read Full Article

like

22 Likes

source image

Securityaffairs

1d

read

139

img
dot

Image Credit: Securityaffairs

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog.
  • CISA included vulnerabilities such as MRLG buffer overflow, PHPMailer command injection, Rails Ruby on Rails path traversal, and ZCS SSRF in the catalog.
  • The vulnerabilities pose risks of memory corruption, arbitrary code execution, file content disclosure, and SSRF, affecting various software versions.
  • Federal agencies are required to address these vulnerabilities by July 28, 2025, in alignment with a security directive to mitigate the risks of known exploited vulnerabilities.

Read Full Article

like

8 Likes

For uninterrupted reading, download the app