Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Eu-Startups

ETHIACK hacks cybersecurity with AI, raising €4 million

Coimbra-based cybersecurity startup ETHIACK has raised €4 million in seed funding to accelerate the development of its AI-driven solutions and expand its presence internationally.
The funding round was led by Explorer Investments, with participation from investors such as CoreAngels, Paulo Marques, Startup Wise Guys, Aralab, Amena Ventures, and Start Ventures.
ETHIACK combines human expertise with AI to deliver continuous security testing for digital assets and has achieved €1 million in turnover with a client portfolio spanning nine countries.
The fresh funding will be used to launch the next generation of ETHIACK's Automated Continuous Pentesting technology and expand into new markets, starting with the UK and Europe.

Read Full Article

2 Likes

Dev

424

Image Credit: Dev

Don’t make security an afterthought when designing APIs

Use clear naming, idempotency, versioning, pagination, sorting for API design.
Consider security measures like authentication, input validation, HTTPS, rate limiting, data sensitivity classification, monitoring and logging, error handling, versioning, and deprecation policy.
Implement a gateway layer like Kong during API runtime and utilize debugging tools like Apidog for design and development phase.
These measures ensure reliability, security, and efficient troubleshooting in API implementation.

Read Full Article

25 Likes

TechCrunch

Image Credit: TechCrunch

Bitcoin ATM giant Byte Federal says 58,000 users’ personal data compromised in breach

Bitcoin ATM operator Byte Federal has reported a data breach affecting 58,000 customers.
The breach occurred on September 30 and was discovered on November 18.
The hacker gained access to customer data including names, addresses, phone numbers, IDs, and transaction activity.
Byte Federal has performed a hard reset on all customer accounts and updated internal passwords.

Read Full Article

2 Likes

TechJuice

Image Credit: TechJuice

New Chinese Spyware Poses Risk to Android Users

Chinese government authorities are using a new surveillance tool called EagleMsgSpy to steal private data from Android devices in the country.
The malware has been active since at least 2017 and is being used by mainland Chinese public security departments to gather extensive data from mobile devices.
EagleMsgSpy can record audio, capture screen activity, and access contacts, phone history, location data, and messages from apps like WhatsApp and Telegram.
The spyware, developed by Wuhan Chinasoft Token Information Technology, is likely used for domestic monitoring and poses a risk to all individuals traveling to the region.

Read Full Article

Discover more

Dev

294

Image Credit: Dev

Building Cloud Security Efforts with AWS CAF and Well-Architected Framework

Cloud security engineers can enhance their efforts by leveraging the AWS Cloud Adoption Framework (CAF) and Well-Architected Framework (WAF).
The AWS CAF consists of six perspectives: Business, People, Governance, Platform, Security, and Operations.
The AWS WAF focuses on pillars such as Operational Excellence, Security, Reliability, Performance Efficiency, and Cost Optimization.
Engineers can leverage these frameworks by defining organizational policies, implementing IAM best practices, automating detection, and conducting regular Well-Architected Reviews.

Read Full Article

17 Likes

Tech Radar

337

Image Credit: Tech Radar

Google says its next data centers will be built alongside wind and solar farms

Google plans to build its next data centers alongside wind and solar farms.
The move is part of a $20 billion investment to power data centers with clean energy.
Google aims to connect data centers directly to renewable energy sources instead of relying on fossil fuel-powered grids.
The company hopes to create a sustainable blueprint for future data center development.

Read Full Article

20 Likes

TechDigest

129

Image Credit: TechDigest

Scam ads slipping through net too easily on second-hand marketplaces, Which? warns

UK second-hand marketplaces like Gumtree, Facebook Marketplace, and Nextdoor are failing to detect and remove scam ads quickly enough, according to a new investigation by consumer watchdog Which?
These platforms do not offer buyer protection schemes, which can make it difficult for users to get their money back if they're s cammed
A survey of more than 2,000 UK adults by Which? found that many consumers did not know these platforms lacked buyer protection.
To test how easily scam ads can be posted on Gumtree, Facebook Marketplace, and Nextdoor, Which? created a fake identity and posted a suspicious ad for a secondhand Nikon digital camera. In each case, the ad went live and stayed up for several hours despite the obvious signs of fraud.
The report claimed that scams on online marketplaces is a growing problem, with the National Fraud Intelligence Bureau reporting over 56,603 incidents of online fraud and a loss of £104.6m in online shopping and auction fraud in the UK in the year up to October 2020.
Which? has called on the government and Ofcom to implement the Online Safety Act quicker to combat the growing issue of online fraud and crime

Read Full Article

7 Likes

TechBullion

Image Credit: TechBullion

Sree Gopinath’s Advocacy for Digital Privacy: Defending Critical National Interests

Sree Gopinath is an expert in cybersecurity strategies and navigating digital privacy and national security.
Sree believes digital privacy is a fundamental right that must be safeguarded as essential infrastructure shifts online.
He advocates for protecting data and digital assets from tampering and advancing technologies that protect privacy without breaching liberties.
Sree’s cybersecurity paradigm is rooted in defensive strategies aimed at averting unauthorized access rather than tracing perpetrators.
He pioneered strategies to secure vital networks by championing proactive digital privacy measures and developing tools that pinpointed vulnerabilities cyber adversaries might exploit.
Sree plays a pivotal role in national security by shielding financial systems from exploitation by malicious entities and identifying illicit transactions.
He advocates for governmental accountability in ensuring companies protect sensitive customer data to the highest standards and suggests governments consider legislation to require strict privacy standards.
Through focused advocacy and education, Sree empowers people to recognize and counter evolving threats, contributing to a secure digital future.

Read Full Article

2 Likes

Arstechnica

Image Credit: Arstechnica

Russia takes unusual route to hack Starlink-connected devices in Ukraine

Russian hackers have used the infrastructure of other threat actors to gather intelligence in Ukraine.
The Russian group known as Turla, Waterbug, Snake, or Venomous Bear has targeted front-line Ukrainian military forces.
They have leveraged the infrastructure of cybercrime group Storm-1919 and Russian threat actor Storm-1837.
The hackers' usual means of access is spear phishing, but the use of other threat actors' infrastructure is unusual.

Read Full Article

Tech Radar

Image Credit: Tech Radar

AMD VM security tools can be bypassed, letting hackers infilitrate your devices, experts warn

AMD Virtual Machine (VM) security tools can be bypassed, allowing hackers to infiltrate devices and steal sensitive data.
Researchers discovered a way to trick AMD's Secure Encrypted Virtualization (SEV) feature and bypass Secure Nested Paging (SNP) enhancement.
The attack, called BadRAM, requires physical access to the target device and involves creating aliases for physical memory.
AMD has released a security advisory with recommended mitigations and is tracking the flaw as CVE-2024-21944.

Read Full Article

4 Likes

Amazon

246

Image Credit: Amazon

Securing the future: building a culture of security

Nearly 70% of data breaches occur due to social engineering or human error.
Investing in a culture of security leads to better employee adoption of controls and improved cybersecurity behavior.
Creating a security mindset, taking accountability for product security, bridging the gap between engineering and security, and equipping builders are key steps in building a culture of security.
AWS emphasizes a culture of security by embedding security advocates, prioritizing security at a leadership level, and empowering innovation while staying secure.

Read Full Article

14 Likes

Pymnts

389

Image Credit: Pymnts

Business Infrastructure Under Siege as Cybercriminals Target Data Transfer Points

Cybercriminals are targeting critical business infrastructure that handles sensitive data.
Exploiting a security flaw in Cleo's enterprise file transfer tools, cybercriminals gain control of affected systems.
Recent attacks on enterprise solutions highlight the shift in cybercriminals' focus on critical infrastructure.
Securing infrastructure that handles data should be a top priority, including regular audits, patching, monitoring, and incident response plans.

Read Full Article

23 Likes

Dev

Image Credit: Dev

Protect Sensitive Data on AWS: A Beginner’s Guide to Amazon Macie

As organizations adopt Cloud technology like Amazon Web Services (AWS) to modernize their data capabilities and innovate around it, they face the complexity of managing vast information spread across multiple AWS accounts.
Amazon Macie is a data security service on AWS that uses machine learning and pattern matching to identify sensitive data in Amazon S3, offering insights into security risks and automated protection.
Macie plays a pivotal role in understanding the data storage, assessing data exposure, near real-time data classification, identifying sensitive information, and automating compliance and security that are essential for robust data security and compliance.
Organisations subject to regulations like GDPR, HIPAA, or PCI-DSS can use Macie to automatically discover and classify sensitive data, ensuring compliance by identifying where this data resides and how it’s being used or accessed.
Amazon Macie brings compliance assurance, automated monitoring and actions, and global data visibility, enhancing an organisation's security posture.
First-time users receive a 30-day free trial, and Amazon Macie uses a usage-based pricing model, charging based on the volume of data processed for sensitive data discovery.
Setting up Amazon Macie is an easy task, and it offers various customization options for defining specific buckets, criteria, and detection rules as per your organization’s need.
In addition to the AWS-defined custom identifiers, one can create custom data identifiers to detect specific detection criteria, like employee IDs, customer account numbers, or internal data classifications.
Amazon Macie is useful for various industries seeking to secure student records, safeguard patient data, detect and protect intellectual property, and assess data security posture during M&A activities.
Amazon Macie has been helpful in safeguarding sensitive data from data breaches and significant losses, and its importance has become undeniable in this data-driven world.

Read Full Article

2 Likes

Hackernoon

Image Credit: Hackernoon

Resecurity Introduces Government Security Operations Center (GSOC) At NATO Edge 2024

Resecurity unveiled its advanced Government Security Operations Center (GSOC), specifically tailored for MSSPs that protect aerospace and defense organizations at NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. The GSOC leverages cutting-edge AI through Context AI and innovative VR capabilities, revolutionizing the future of cybersecurity operations. By processing data from various sources, including threat intelligence feeds, network logs, and endpoint devices, Resecurity identifies suspicious activities and potential vulnerabilities with speed and precision.
Context AI employs natural language processing (NLP) and machine learning to generate actionable insights, enabling operators to make faster, more informed decisions, even under significant stress. The use of VR offers a unique and immersive way for operators to interact with cybersecurity data and operational environments, creating a more intuitive and interactive approach to managing cybersecurity threats.
The GSOC enables a centralized approach to security operations, ensuring real-time monitoring and response capabilities across agencies and infrastructure. It consolidates security operations and provides a holistic view of all potential threats across critical systems, such as energy grids, transportation networks, and communication platforms.
Resecurity’s GSOC represents a paradigm shift in how governments and organizations approach cybersecurity, and the integration of AI and VR is just the beginning of what GSOCs can achieve in the future. Advances in AI, such as predictive analytics and autonomous systems, will enable GSOCs to anticipate and neutralize threats before they materialize.
The use of VR in GSOCs will incorporate augmented reality (AR) tools for field operatives and remote teams. GSOCs will play a key role in fostering global partnerships, allowing nations to pool resources, share intelligence, and build collective defense strategies.
Resecurity® is a cybersecurity company that delivers a unified endpoint protection, fraud prevention, risk management, and cybersecurity intelligence platform. Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks.
Most recently, Resecurity was named one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California, by Inc. Magazine. Resecurity was selected as an Official Partner of the Cybercrime Atlas by the World Economic Forum (WEF), a Member of InfraGard National Members Alliance (INMA), AFCEA, NDIA, SIA, FS-ISAC, Cloud Security Alliance (CSA), and the American Chamber of Commerce in multiple countries.
Resecurity’s GSOC is designed to serve as a comprehensive cybersecurity framework for governments and allied organizations, with unified security monitoring, threat intelligence aggregation, and cross-agency collaboration.
NATO Edge 2024 emphasized the importance of leveraging advanced technologies, such as AI and VR, to bolster member states’ defense capabilities.
Resecurity’s GSOC is not just a technological solution; it symbolizes improving cybersecurity operations.
To learn more about Resecurity, users can visit https://resecurity.com.

Read Full Article

4 Likes

Insider

320

Image Credit: Insider

Krispy Kreme says hackers disrupted its online ordering, likely hurting its 'financial condition'

Krispy Kreme has disclosed a cybersecurity incident that is causing operational disruptions, particularly in online ordering in the US.
The company expects the incident to have a material impact on its financial condition, including loss of revenues from digital sales and costs associated with restoring impacted systems and engaging cybersecurity experts.
Krispy Kreme is actively investigating and addressing the incident with the assistance of cybersecurity experts and federal law enforcement.
In the meantime, customers can still place orders in person at Krispy Kreme shops.

Read Full Article

19 Likes

For uninterrupted reading, download the app