A naukri.com initiative
Cyber Security News
Tech Radar
2w
307
Image Credit: Tech Radar
This devious new malware technique looks to hijack Windows itself to avoid detection
- Security researchers from Akamai discovered a new method to run malware on Windows devices without triggering EDR tools.
- The malware abuses the UI Automation accessibility feature, making it difficult for antivirus programs to detect.
- Admins can monitor the OS for suspicious activity by monitoring the use of UIAutomationCore.dll and the named pipes opened by the UIA.
- UI Automation can be used to execute stealthy command execution, posing risks such as data harvesting and browser redirection.
Read Full Article
18 Likes
Socprime
2w
268
Image Credit: Socprime
CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products
- Security researchers have detected active exploitation of a remote code execution (RCE) vulnerability, CVE-2024-50623, in Cleo Harmony, VLTrader, and LexiCom file transfer products.
- The vulnerability allows threat actors to achieve RCE through the autoruns functionality.
- At least ten businesses have been compromised, and further exploitation activities have been observed.
- The provided patch in version 5.8.0.21 was insufficient, and Cleo is working on a new patch to address the issue.
Read Full Article
16 Likes
Securityaffairs
2w
384
Image Credit: Securityaffairs
Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement
- Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout.
- The surveillance tool, known as EagleMsgSpy, has been active since 2017 and requires physical access to the target device to initiate operations.
- EagleMsgSpy collects extensive data from victim devices, including messages from various apps, screen recordings, audio, contacts, call logs, GPS coordinates, and more.
- The surveillance tool is developed and maintained by Wuhan Chinasoft Token Information Technology Co., Ltd. and is believed to be used by several public security bureaus in mainland China.
Read Full Article
23 Likes
Dataprivacyandsecurityinsider
2w
112
Image Credit: Dataprivacyandsecurityinsider
Rhode Island Becomes First State to Implement PDNS in All School Districts
- Rhode Island becomes the first state to implement PDNS in all school districts.
- PDNS assists in preventing ransomware and cyber attacks by blocking access to harmful websites.
- All 64 public school districts in Rhode Island have pledged to implement PDNS.
- This initiative is supported by the Multi-State Information Sharing and Analysis Center.
Read Full Article
6 Likes
Dataprivacyandsecurityinsider
2w
47
Image Credit: Dataprivacyandsecurityinsider
Privacy Tip #424 – Recent Big Win for Law Enforcement Over Cybercriminals
- Authorities from 40 countries collaborated in Operation HAECHI-V, resulting in 5,500 arrests and $400 million seized.
- The initiative dismantled a voice phishing syndicate responsible for $1.1 billion in losses and 1,900 victims.
- One scheme called the USDT Token Approval Scam drained victims' wallets through phishing and vishing techniques.
- Consumers need to be aware of these techniques used by cybercriminals.
Read Full Article
2 Likes
Global Fintech Series
2w
315
Image Credit: Global Fintech Series
SecurityScorecard Threat Intel Report: 97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024
- A new report by SecurityScorecard reveals that 97% of the top 100 U.S. banks experienced a third-party data breach in the past year.
- The report highlights the growing risks in banking supply chains due to increasing reliance on third-party vendors.
- 97% of the largest U.S. banks reported third-party breaches, exposing significant vulnerabilities in their supply chains.
- The SecurityScorecard team provides cybersecurity recommendations to enhance resilience in the banking sector.
Read Full Article
18 Likes
Tech Radar
2w
17
Image Credit: Tech Radar
Thousands of Bitcoin ATM users may have personal data leaked after breach
- Bitcoin ATM operator Byte Federal has confirmed a data breach in which customer data may have been compromised.
- The breach occurred on September 30, 2024, when attackers accessed the company's servers through a bug in third-party software.
- Sensitive customer data targeted included names, addresses, email addresses, Social Security numbers, and transaction activity.
- Byte Federal performed a hard reset on all customer accounts, notified affected individuals, and is conducting a forensic investigation.
Read Full Article
1 Like
Siliconangle
2w
160
Image Credit: Siliconangle
Comparitech reveals widespread privacy gaps in mobile shopping apps ahead of holiday season
- A new study by Comparitech reveals privacy concerns in mobile shopping apps.
- The study analyzed 91 popular shopping apps and found that on average, these apps request 26 permissions, with 8 classified as 'dangerous' by Android standards.
- Permissions such as access to camera, location, contacts, and device storage raise privacy red flags for consumers.
- The study also highlights that many apps fail to include these permissions in their privacy policies, potentially violating Google's privacy policy standards.
Read Full Article
9 Likes
Siliconangle
2w
341
Image Credit: Siliconangle
Rubrik introduces Turbo Threat Hunting for faster cyber recovery
- Rubrik Inc. has launched Turbo Threat Hunting, a feature designed to accelerate cyber recovery and locate clean recovery points in seconds.
- Turbo Threat Hunting allows organizations to quickly identify clean recovery points and recover from cyber incidents with minimal disruption.
- The feature allows scanning up to 75,000 backups in less than 60 seconds, eliminating the need for file-by-file scanning and reducing recovery time.
- Turbo Threat Hunting is now available in beta for Rubrik Enterprise Edition and cloud customers.
Read Full Article
20 Likes
VentureBeat
2w
0
IP Copilot wants to use AI to turn your Slack messages into patents
- IP Copilot, a startup using AI to modernize intellectual property management, has raised $4.2 million in seed funding.
- The company aims to streamline how enterprises discover and protect innovative ideas using AI to analyze internal communications and documents.
- IP Copilot integrates with platforms like Slack and Jira to identify potentially patentable ideas as they emerge in everyday work conversations.
- The startup's roadmap includes plans to expand into trade secret management and introduce natural language interfaces for portfolio analysis.
Read Full Article
Like
Silicon
2w
190
Image Credit: Silicon
Which AI Skills Does Your Business Need?
- Businesses need a balanced approach to skill development for AI integration to effectively harness its potential. The core technical competencies required for AI adoption include machine learning, data engineering and proficiency in programming languages like Python and SQL. But, soft skills such as problem-solving, creativity, and collaboration also play an essential role. Non-technical employees can contribute effectively to a business's AI strategy by developing AI ethics and bias awareness and data literacy.
- Organizations must ethically manage AI challenges like data privacy, bias, and job displacement for sustainable and trustworthy AI systems. Companies need to prioritize upskilling, address these ethical challenges, and foster creativity to become leaders in the AI-driven economy. Upskilling includes in-house expertise, continuous learning, and ethical training for employees to use AI responsibly. Companies face a choice of upskilling their existing workforce or risk falling behind as AI advances at an unprecedented pace.
- A Hybrid approach of upskilling and hiring AI specialists can be ideal. AI specialists can bring deep and niche understanding of AI, whereas, upskilling can build a more adaptable workforce. Soft skills like problem-solving and creativity enable teams to tailor AI to the real-world contexts, ensuring that models align with the organization's business goals. Employees should develop AI ethics and bias awareness and data literacy to contribute effectively to the business's AI strategy. Continuous learning, AI community exposure, and hands-on experimentation can prepare AI talent for future advancements.
Read Full Article
11 Likes
Dev
2w
233
Image Credit: Dev
Importance of Compliance (GDPR, HIPAA)
- Compliance with frameworks like GDPR and HIPAA is critical for handling sensitive data.
- Importance of Compliance: Protecting data, avoiding legal penalties, building customer trust, ensuring business continuity.
- DevOps Role in Compliance: Integrating compliance requirements into workflows.
- Specific Compliance Requirements: GDPR - Data minimization, user rights, breach notification. HIPAA - Privacy rule, security rule, breach notification rule, audit controls.
- Tools and Best Practices: Compliance automation, cloud security, encryption, CI/CD pipelines.
- Continuous Compliance: Regular audits, team training, documentation.
- Example Scenario: Secure CI/CD Pipeline for HIPAA Compliance - code security, encryption, access controls, audit logging, testing.
Read Full Article
14 Likes
Medium
2w
229
Image Credit: Medium
The Transformative Impact of Artificial Intelligence on Society and Industries
- AI has transformed healthcare by analyzing vast amounts of data, aiding in early disease diagnosis and personalized treatment plans.
- In education, AI enables individualized learning and reduces paperwork for educators, but issues like depersonalization and the digital divide arise.
- AI has had a positive impact on businesses through automation, predictive analytics, and improved customer satisfaction.
- In media and entertainment, AI is used for creating music, paintings, and content recommendations, raising questions about copyright and the role of human artists.
- The introduction of AI has both potential job loss and creation, necessitating training and retraining of workers to complement AI.
Read Full Article
13 Likes
Tech Radar
2w
116
Image Credit: Tech Radar
Krispy Kreme orders across the US disrupted after cyberattack
- Krispy Kreme confirms cyberattack in late November 2024.
- Details about the attackers and their motives are unknown.
- Certain operational disruptions experienced, including online ordering in parts of the US.
- Investigation ongoing with potential financial impact and cybersecurity insurance coverage.
Read Full Article
7 Likes
Securityaffairs
2w
207
Image Credit: Securityaffairs
Operation PowerOFF took down 27 DDoS platforms across 15 countries
- Operation PowerOFF took down 27 DDoS stresser services globally, disrupting illegal platforms used for launching cyberattacks.
- Law enforcement agencies from 15 countries participated in the operation, seizing popular platforms for DDoS attacks.
- Booter and stresser services enable DDoS attacks and are misused for malicious purposes.
- Authorities arrested three administrators of these platforms in France and Germany and identified over 300 users.
Read Full Article
12 Likes
For uninterrupted reading, download the app