menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Dev

2w

read

189

img
dot

Image Credit: Dev

🛡️ Why Using OpenZeppelin in Smart Contracts Is Essential

  • OpenZeppelin is an open-source library that provides a collection of reusable and secure smart contract components
  • OpenZeppelin's contracts are widely used in production environments, making them battle-tested in real-world applications.
  • Using OpenZeppelin saves development time, ensures compatibility, and reduces the risk of vulnerabilities.
  • Integrating OpenZeppelin into smart contracts provides a foundation of trust, security, and reliability.

Read Full Article

like

11 Likes

share

2 Shares

source image

Tech Radar

2w

read

142

img
dot

Image Credit: Tech Radar

The EU still cant agree on chat control – but it's not over yet

  • EU members couldn't reach an agreement on the European Commission's proposal to scan private communications to combat child sexual abuse material (CSAM).
  • The draft bill, known as Chat Control, has faced criticism for its implications on privacy and data security.
  • Despite the need to address these crimes, 10 EU member nations opposed the current form of the Child Sexual Abuse Regulation (CSAR).
  • Lawmakers have made changes to the bill, requiring communication service providers to scan shared content with user permission, but privacy concerns persist.

Read Full Article

like

8 Likes

share

2 Shares

source image

Tech Radar

2w

read

348

img
dot

Image Credit: Tech Radar

Another major WordPress plugin has been hacked to try and hijack your sites

  • Hackers have found a way to install old, outdated, and vulnerable plugins on WordPress websites, directly from the WordPress plugin repository.
  • The vulnerability was found in Hunk Companion, a plugin used by over 10,000 websites, allowing crooks to install other plugins with known vulnerabilities.
  • A threat actor abused the bug to install a vulnerable version of WP Query Console, enabling remote code execution on target sites.
  • The bug has been patched in Hunk Companion version 1.9.0, but roughly 8,800 sites are still vulnerable.

Read Full Article

like

20 Likes

share

4 Shares

source image

Tech Radar

2w

read

206

img
dot

Image Credit: Tech Radar

Apple fixes Passwords app security bug with new 18.2 update

  • Apple has fixed a security bug in its Passwords app with the new 18.2 update.
  • The bug allowed attackers to alter network traffic and put user data at risk.
  • The vulnerability was reported by security researcher Tommy Mysk and has now been patched.
  • Users are urged to upgrade their Apple devices to the latest version to fix the critical issue.

Read Full Article

like

12 Likes

share

2 Shares

source image

Cybersecurity-Insiders

2w

read

150

img
dot

Image Credit: Cybersecurity-Insiders

Cyber Threat from Chinese software powering critical infrastructure in USA

  • Contrary to strong opposition to Chinese products, Fortress Information Security reports that 90% of the software powering products in the U.S. critical infrastructure contains code that originates from China
  • The Chinese made software is used widely in the energy, transportation, and telecommunications industries, and is considered highly vulnerable to exploitation.
  • For instance, there are a staggering 9,535 vulnerabilities across more than 8,700 components used in over 2,000 products sourced from over 240 vendors, putting national security and economic stability at risk.
  • The findings highlight how deeply embedded Chinese-made software code is within the critical infrastructure that underpins the U.S. economy and security.
  • Chinese-made software could provide the Chinese government or affiliated hackers with the means to undermine U.S. economic and physical security.
  • The problem of Chinese-made components in critical infrastructure poses a dilemma as the reliance on these components is integral to the functioning of many electronic devices, yet the security risks are real with the stakes incredibly high.
  • The development of stronger, more comprehensive policies that mandate greater scrutiny of foreign-sourced software and hardware in critical infrastructure systems is a possible solution to mitigating cyber risks.
  • The coming years will be pivotal in determining how the U.S. addresses this silent and growing threat.
  • Policymakers need to take immediate steps to assess and address these vulnerabilities to safeguard the nation's economic and physical security.
  • As technology becomes increasingly essential to the nation's security, the importance of securing critical infrastructure from foreign influence will only continue to grow.

Read Full Article

like

9 Likes

share

2 Shares

source image

Tech Radar

2w

read

305

img
dot

Image Credit: Tech Radar

This devious new malware technique looks to hijack Windows itself to avoid detection

  • Security researchers from Akamai discovered a new method to run malware on Windows devices without triggering EDR tools.
  • The malware abuses the UI Automation accessibility feature, making it difficult for antivirus programs to detect.
  • Admins can monitor the OS for suspicious activity by monitoring the use of UIAutomationCore.dll and the named pipes opened by the UIA.
  • UI Automation can be used to execute stealthy command execution, posing risks such as data harvesting and browser redirection.

Read Full Article

like

18 Likes

share

4 Shares

source image

Socprime

2w

read

267

img
dot

Image Credit: Socprime

CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products

  • Security researchers have detected active exploitation of a remote code execution (RCE) vulnerability, CVE-2024-50623, in Cleo Harmony, VLTrader, and LexiCom file transfer products.
  • The vulnerability allows threat actors to achieve RCE through the autoruns functionality.
  • At least ten businesses have been compromised, and further exploitation activities have been observed.
  • The provided patch in version 5.8.0.21 was insufficient, and Cleo is working on a new patch to address the issue.

Read Full Article

like

16 Likes

share

3 Shares

source image

Securityaffairs

2w

read

383

img
dot

Image Credit: Securityaffairs

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

  • Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout.
  • The surveillance tool, known as EagleMsgSpy, has been active since 2017 and requires physical access to the target device to initiate operations.
  • EagleMsgSpy collects extensive data from victim devices, including messages from various apps, screen recordings, audio, contacts, call logs, GPS coordinates, and more.
  • The surveillance tool is developed and maintained by Wuhan Chinasoft Token Information Technology Co., Ltd. and is believed to be used by several public security bureaus in mainland China.

Read Full Article

like

23 Likes

share

5 Shares

source image

Dataprivacyandsecurityinsider

2w

read

112

img
dot

Image Credit: Dataprivacyandsecurityinsider

Rhode Island Becomes First State to Implement PDNS in All School Districts

  • Rhode Island becomes the first state to implement PDNS in all school districts.
  • PDNS assists in preventing ransomware and cyber attacks by blocking access to harmful websites.
  • All 64 public school districts in Rhode Island have pledged to implement PDNS.
  • This initiative is supported by the Multi-State Information Sharing and Analysis Center.

Read Full Article

like

6 Likes

share

1 Share

source image

Dataprivacyandsecurityinsider

2w

read

47

img
dot

Image Credit: Dataprivacyandsecurityinsider

Privacy Tip #424 – Recent Big Win for Law Enforcement Over Cybercriminals

  • Authorities from 40 countries collaborated in Operation HAECHI-V, resulting in 5,500 arrests and $400 million seized.
  • The initiative dismantled a voice phishing syndicate responsible for $1.1 billion in losses and 1,900 victims.
  • One scheme called the USDT Token Approval Scam drained victims' wallets through phishing and vishing techniques.
  • Consumers need to be aware of these techniques used by cybercriminals.

Read Full Article

like

2 Likes

share

Share

source image

Global Fintech Series

2w

read

314

img
dot

Image Credit: Global Fintech Series

SecurityScorecard Threat Intel Report: 97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024

  • A new report by SecurityScorecard reveals that 97% of the top 100 U.S. banks experienced a third-party data breach in the past year.
  • The report highlights the growing risks in banking supply chains due to increasing reliance on third-party vendors.
  • 97% of the largest U.S. banks reported third-party breaches, exposing significant vulnerabilities in their supply chains.
  • The SecurityScorecard team provides cybersecurity recommendations to enhance resilience in the banking sector.

Read Full Article

like

18 Likes

share

4 Shares

source image

Tech Radar

2w

read

17

img
dot

Image Credit: Tech Radar

Thousands of Bitcoin ATM users may have personal data leaked after breach

  • Bitcoin ATM operator Byte Federal has confirmed a data breach in which customer data may have been compromised.
  • The breach occurred on September 30, 2024, when attackers accessed the company's servers through a bug in third-party software.
  • Sensitive customer data targeted included names, addresses, email addresses, Social Security numbers, and transaction activity.
  • Byte Federal performed a hard reset on all customer accounts, notified affected individuals, and is conducting a forensic investigation.

Read Full Article

like

1 Like

share

Share

source image

Siliconangle

2w

read

159

img
dot

Image Credit: Siliconangle

Comparitech reveals widespread privacy gaps in mobile shopping apps ahead of holiday season

  • A new study by Comparitech reveals privacy concerns in mobile shopping apps.
  • The study analyzed 91 popular shopping apps and found that on average, these apps request 26 permissions, with 8 classified as 'dangerous' by Android standards.
  • Permissions such as access to camera, location, contacts, and device storage raise privacy red flags for consumers.
  • The study also highlights that many apps fail to include these permissions in their privacy policies, potentially violating Google's privacy policy standards.

Read Full Article

like

9 Likes

share

2 Shares

source image

Siliconangle

2w

read

340

img
dot

Image Credit: Siliconangle

Rubrik introduces Turbo Threat Hunting for faster cyber recovery

  • Rubrik Inc. has launched Turbo Threat Hunting, a feature designed to accelerate cyber recovery and locate clean recovery points in seconds.
  • Turbo Threat Hunting allows organizations to quickly identify clean recovery points and recover from cyber incidents with minimal disruption.
  • The feature allows scanning up to 75,000 backups in less than 60 seconds, eliminating the need for file-by-file scanning and reducing recovery time.
  • Turbo Threat Hunting is now available in beta for Rubrik Enterprise Edition and cloud customers.

Read Full Article

like

20 Likes

share

4 Shares

source image

VentureBeat

2w

read

0

img
dot

IP Copilot wants to use AI to turn your Slack messages into patents

  • IP Copilot, a startup using AI to modernize intellectual property management, has raised $4.2 million in seed funding.
  • The company aims to streamline how enterprises discover and protect innovative ideas using AI to analyze internal communications and documents.
  • IP Copilot integrates with platforms like Slack and Jira to identify potentially patentable ideas as they emerge in everyday work conversations.
  • The startup's roadmap includes plans to expand into trade secret management and introduce natural language interfaces for portfolio analysis.

Read Full Article

like

Like

share

Share

Prev

30
31
32
33
34
35
36
37
38
39
40

Next

For uninterrupted reading, download the app