A naukri.com initiative
Cyber Security News
Silicon
2w
334
Image Credit: Silicon
Meta Slams US House Order For Staffers To Not Use WhatApp
- The US House of Representatives instructed staffers not to use WhatsApp, citing concerns over data privacy and security practices.
- The ban on WhatsApp was issued by the Chief Administrative Officer (CAO) of the US House due to transparency issues regarding WhatsApp's practices.
- House staffers were told not to download WhatsApp on government devices and to remove the app from personal smartphones and computers.
- Meta, the parent company of WhatsApp, expressed disagreement with the ban, emphasizing that WhatsApp messages are end-to-end encrypted for enhanced security.
- Meta aims to work towards enabling House members to officially use WhatsApp, as they already use it for communication.
- Acceptable alternatives to WhatsApp on official devices include Microsoft Teams, Signal, and Apple's iMessage as per the House CAO's guidelines.
Read Full Article
20 Likes
TechCrunch
2w
112
Image Credit: TechCrunch
Canada says telcos were breached in China-linked espionage hacks
- The Canadian government and the FBI report that telcos in Canada were targeted in cyber espionage attacks attributed to the China-backed hacking group Salt Typhoon.
- An unnamed Canadian telecom company was breached in mid-February this year, with hackers manipulating three Cisco routers for stealthy traffic collection.
- The hacking group Salt Typhoon's activities extend beyond telecommunications, having targeted U.S. phone and internet providers, and datacenter hosts previously.
- Salt Typhoon, active since late 2024, is engaged in a broad espionage campaign to gather intelligence on senior U.S. government officials.
- It is suspected that several China-linked hacking groups, including Salt Typhoon, are preparing for a potential Chinese invasion of Taiwan by 2027.
- A joint advisory by Canada and the FBI warns that the hackers are likely to continue targeting Canadian organizations for at least the next two years.
Read Full Article
6 Likes
BGR
2w
8
Image Credit: BGR
Israel-Iran conflict sees massive surge in fake, AI-generated content
- There has been a surge in fake, AI-generated content related to the Israel-Iran conflict.
- Initial disbelief was seen regarding videos showing Iran's missiles falling on Israel, suspected to be AI-generated.
- Verification led to trust in social media posts confirming Iran's attack on Israel.
- Concern arose over the possibility of AI-created content tricking viewers.
- The internet users are creating fake images and videos using generative AI software like ChatGPT and Gemini.
- AI-generated images and videos related to the conflict are going viral with millions of views.
- The authenticity of content is questioned due to the advanced capabilities of AI technology.
- The misleading content impacts public perception of the Israel-Iran conflict.
- The presence of fake AI content raises concerns about misinformation and manipulation on social media.
- The use of AI to create deceptive content is highlighted as a growing issue in online environments.
Read Full Article
Like
Ars Technica
2w
430
Image Credit: Ars Technica
Canadian telecom hacked by suspected China state group
- Hackers suspected of working for the Chinese government exploited a vulnerability to hack a Canadian telecom provider.
- The Cyber Centre in Canada and the FBI believe the hackers are almost certainly PRC state-sponsored actors known as Salt Typhoon.
- Salt Typhoon previously backdoored over 10,000 Cisco devices using a severe vulnerability (CVE-2023-20198) patched 16 months earlier.
- This group has targeted US-based telecom companies before, compromising firms like Verizon and AT&T.
- The hackers likely used their access to monitor wiretap systems used by governmental agencies and other Internet traffic.
- In a campaign this year, the hackers exploited several vulnerabilities in addition to CVE-2023-20198.
- In mid-February 2025, Salt Typhoon compromised three network devices of a Canadian telecom using CVE-2023-20198.
- The hackers created a GRE tunnel to collect network traffic, potentially leading to further compromises.
- The Cyber Center stated that this targeting extends beyond the telecom sector, posing broader risks.
- The lack of action by Canadian Telecom to patch the known vulnerability raises serious security concerns.
- Canadian officials warn that China state hackers are likely to continue targeting Canadian organizations, including telecom providers.
Read Full Article
25 Likes
Dev
2w
360
Image Credit: Dev
I Built the Most Advanced Bolt.new Project Ever - And I'm Hitting Platform Limits
- The article describes building GHOSTVAULT, an enterprise-grade cybersecurity platform, on Bolt.new, hitting project size limits.
- Existing breach monitoring tools' shortcomings led to creating a comprehensive solution at a hackathon in 72 hours.
- GHOSTVAULT integrates client-side encryption, multi-source intelligence, and real-time monitoring.
- Despite using a no-code platform, the project involved advanced cryptography, API orchestration, and enterprise state management.
- Challenges arose due to project size constraints, which required various optimizations for performance and caching.
- The project challenges perceptions about no-code's ability to handle enterprise complexity, innovation, and scalability.
- Impacts include rapid market validation, industry interest, and proving no-code platforms can support complex operations.
- Lessons learned cover technical complexity, rapid validation benefits, and implications for future development.
- Future plans involve backend integration, pricing models, collaborations with StackBlitz, and educational content creation.
- The project signifies a shift towards faster, more complex prototyping, and increased accessibility to advanced technical capabilities.
Read Full Article
21 Likes
TechDigest
2w
252
Image Credit: TechDigest
Rivals cash in as M&S cyber-attack halts online sales
- Marks & Spencer's online sales were halted for nearly seven weeks due to a cyber-attack, leading to a decline in sales while competitors like Next, Zara, and H&M benefited.
- M&S's clothing sales dropped by 20% in a month compared to the previous robust growth, missing crucial summer sales due to the cyber-attack.
- Next, Zara, and H&M experienced sales growth during M&S's online shutdown, with Zara's sales soaring to 27.8% and H&M's to 18.1%.
- Primark, lacking a strong online presence, saw a decline in sales, showing the significance of e-commerce in leveraging M&S's digital issues.
- Despite the setback, M&S emphasized strong store performance and retaining its position as the UK's largest clothing retailer by value.
- Rivals like Next capitalized on M&S's vulnerability, with Next's brand sales growth accelerating post the online shutdown.
- M&S's cyber-attack led to a market shift benefiting competitors with robust online services like Zara and H&M.
- Analysts noted the impact of the cyber-attack on M&S, attributing the rise in sales for rivals to the digital disruption experienced by M&S.
- The cyber-attack lasted from April 25 to June 10, affecting M&S's e-commerce operations that usually contribute a third of its clothing and homeware sales.
- M&S emphasized that the cyber-attack was a temporary setback and highlighted success in its store operations, especially in womenswear.
- The industry-wide clothing sales grew by 4% in the period when M&S's sales declined by 20%, showcasing the impact of the cyber-attack.
- The article discusses how M&S's competitors capitalized on the digital vulnerability caused by the cyber-attack, benefiting from increased sales.
- Online services played a crucial role in driving sales for rivals like Zara and H&M, contrasting Primark's decline in sales due to its limited online presence.
- M&S faced a significant blow to its e-commerce operations from the cyber-attack, leading to missed sales opportunities and market share loss to competitors.
- Despite the challenges, M&S maintains its position as the top UK clothing retailer by value and sees the cyber-attack as 'a moment in time.'
- The article highlights the competitive advantage gained by Next, Zara, and H&M during M&S's online sales suspension, showing the importance of digital readiness in the retail sector.
Read Full Article
15 Likes
Pymnts
2w
53
Image Credit: Pymnts
AT&T’s Proposed Settlement of Data Breach Lawsuit Receives Preliminary Approval
- AT&T's proposed settlement of a class action lawsuit over data breaches received preliminary approval from a judge on Friday.
- The $177 million settlement was deemed fair and reasonable by the judge.
- The lawsuit stemmed from data breaches announced by AT&T in May 2024 and July, affecting tens of millions of customers.
- Under the settlement, affected customers may receive up to $2,500 or $5,000, with remaining funds distributed to others whose information was accessed.
- AT&T denied responsibility for the breaches but agreed to settle to avoid lengthy litigation.
- In a cybersecurity incident, records of calls and texts of almost all wireless customers were stolen, but no content or personal data was taken.
- The stolen data could potentially be used to associate telephone numbers with names through public tools.
- The breach was linked to an earlier incident involving cloud vendor Snowflake.
- In a separate settlement with the FCC, AT&T agreed to pay $13 million and enhance data governance following a 2023 hack.
- The settlement shows AT&T's efforts to address data breach issues and compensate affected customers.
Read Full Article
2 Likes
Hackernoon
2w
178
Image Credit: Hackernoon
Speaker Proposal Deadline Approaches For OpenSSL Conference 2025 In Prague
- The OpenSSL Corporation and the OpenSSL Foundation are seeking speaker proposals for the OpenSSL Conference 2025 in Prague.
- The conference will take place from October 7–9, 2025, and the proposal submission deadline is June 30, 2025.
- The event aims to gather global contributors in academia, industry, and the open-source community.
- The conference will focus on cryptography innovation with four key tracks.
- Confirmed speakers include experts from Oracle Cloud, Netskope, Mercedes-Benz, and others.
- The conference will provide a platform to discuss open standards and secure critical infrastructure.
- Sponsorship and partnership opportunities are available for organizations.
- The OpenSSL Corporation is a leader in cryptographic solutions, specializing in the OpenSSL Library.
- Interested speakers can submit proposals at https://openssl-conference.org.
- Contact email for sponsorship inquiries: [email protected]
- The OpenSSL Corporation provides services to ensure secure digital communications.
- Collaboration with projects aligned with their mission fosters innovation and enhances security standards.
- Contact person for OpenSSL Conference: Hana Andersen, MarCom Mgr.
- This story is a press release by Cybernewswire under HackerNoon’s Business Blogging Program.
Read Full Article
10 Likes
Tech Radar
2w
0
Image Credit: Tech Radar
Aflac could be the latest US insurance giant hit by a Scattered Spider cyberattack
- AFLAC, the largest supplemental insurance provider in the US, confirms it has experienced a cyberattack, reportedly by the notorious Scattered Spider group.
- Although AFLAC managed to stop the intrusion promptly without ransomware affecting its systems, the source of the breach is believed to be from the Scattered Spider group.
- The Scattered Spider group has a history of targeting UK retailers, and Google has warned US firms to be alert for potential attacks from the group.
- The insurance industry is at risk due to the vast amounts of personal data they hold, making them prime targets for cybercriminals.
- Potential files impacted by the attack contain sensitive information such as claims data, health records, social security numbers, and personal details of customers and employees.
- AFLAC is offering 24 months of free credit monitoring and identity theft protection services to affected individuals and remains committed to supporting its customers.
Read Full Article
Like
Wired
2w
160
Image Credit: Wired
Telegram Purged Chinese Crypto Scam Markets—Then Watched as They Rebuilt
- Telegram banned Chinese-language crypto scam services but they rebranded and resumed business on the platform.
- Elliptic reported the resurgence of Telegram-based Chinese-language black markets for crypto scams post the bans.
- Notably, Tudou Guarantee grew, showing $15 million daily in crypto payments, resembling the defunct Haowang Guarantee.
- Despite Telegram's ban, black markets like Xinbi Guarantee have rebuilt on new accounts, continuing illicit activities.
- Telegram's decision to not ban rebounding black markets is defended as enabling financial autonomy by the spokesperson against claims of facilitating illicit activities.
- Critics argue that Telegram hosting such markets enables scam economies and human trafficking.
- US government's designation of Huione Group as a primary money laundering concern may influence Telegram's actions regarding crypto scam markets.
- Telegram's varied approach to banning crypto scam markets may reflect a balance between avoiding legal issues and cooperating with enforcement.
- The resilience of scammers highlights the challenges tech companies face in combating illicit activities on their platforms.
- The article discusses Telegram's role in hosting illegal activities within Chinese-language crypto scam markets and the challenges faced in regulating such activities.
Read Full Article
9 Likes
VentureBeat
2w
217
Image Credit: VentureBeat
Why we’re focusing VB Transform on the agentic revolution – and what’s at stake for enterprise AI leaders
- VentureBeat's Transform 2025 event in San Francisco is focused on the agentic AI revolution for enterprise leaders.
- A significant gap exists between the potential of agentic AI and its actual integration into enterprise workflows.
- The event aims to address the 'Agentic Infrastructure Gap' by focusing on building the necessary enterprise-grade chassis.
- VB Transform is offering a real-world playbook to help navigate the challenges of the agentic AI revolution.
- Emphasis is placed on orchestrating the right compute resources for agentic AI tasks at both the application and lower stack levels.
- The event features real-world practitioners from companies like Walmart, Bank of America, and American Express sharing insights on deploying agentic systems.
- Attendees will gain practical knowledge through interactive sessions designed for builders and leaders in the industry.
- The event will also honor leaders promoting inclusivity in AI at the Women in Enterprise AI Awards.
- The focus is on empowering enterprise AI leaders by providing a playbook for the agentic revolution with high stakes and immense opportunities.
Read Full Article
13 Likes
Tech Radar
2w
291
Image Credit: Tech Radar
A popular WordPress theme has been hijacked by malware - here's what we know
- A critical privilege escalation flaw (CVE-2025-4322) in the 'Motors' WordPress theme has been exploited by hackers, allowing them to hijack administrator accounts.
- Nearly 22,500 sales of the 'Motors' theme have been recorded on EnvatoMarket, making it a popular choice among automotive websites.
- The vulnerability was discovered on May 2, 2025, and a patch was released with version 5.6.68 on May 14 to protect accounts from potential takeovers.
- Accounts running versions up to 5.6.67 are at risk, as the theme did not properly validate a user's identity before updating their password.
- Attacks exploiting this vulnerability were observed starting on May 20, with over 23,000 blocked attempts reported by Wordfence.
- Wordfence recommended updating to version 5.6.68 to secure accounts and prevent takeovers.
- Multiple IP addresses engaging in attacks have been identified by Wordfence, with some making thousands of attempts.
- Users experiencing login issues or unauthorized password changes should consider their sites possibly infected.
- Updating to version 5.6.68 is crucial for 'Motors' theme users to close the vulnerability and protect against attacks.
- Wordfence has actively monitored and blocked attack attempts to safeguard affected WordPress sites.
- Hacker attacks started on June 7 after the vulnerability was disclosed.
- The key action recommended is to update to version 5.6.68 which contains the necessary security patch.
- The 'Motors' WordPress theme vulnerability underscores the importance of timely updates and security measures for website protection.
- The theme's developer, StylemixThemes, addressed the critical flaw with the release of version 5.6.68.
- Wordfence's prompt response in reporting the vulnerability and providing guidance demonstrates the importance of security monitoring in the WordPress ecosystem.
- Timely updates and vigilant monitoring are essential to mitigate the risks associated with WordPress vulnerabilities.
Read Full Article
17 Likes
TechCrunch
2w
78
Image Credit: TechCrunch
US insurance giant Aflac says customers’ personal data stolen during cyberattack
- Aflac, a major insurance company in the U.S., reported a recent cyberattack where hackers stole customers' personal data.
- The breach occurred on June 12, with the company confirming the intrusion and containing it.
- The stolen personal information includes customers' claims, Social Security numbers, and health data.
- The breach also impacted data of Aflac's beneficiaries, employees, and agents.
- Aflac stated that ransomware was not involved in the attack but attributed it to a cybercrime group targeting the insurance sector.
- The hackers used social engineering tactics to gain access to Aflac's network.
- Despite having around 50 million customers, it is unclear how many are affected by the breach.
- Aflac is not the only U.S. insurance company facing cyberattacks, with warnings of increased targeting in the industry.
- Recent disclosures indicate cyberattacks on companies like Erie Insurance and Philadelphia Insurance Companies by the same hacker group.
- The hackers linked to these attacks are known for financial motivations and have a history of intrusions in various sectors.
Read Full Article
4 Likes
Dev
2w
247
Image Credit: Dev
The Role of AI and Compliance in Modern Risk Management: ShowMeCon 2025
- ShowMeCon 2025, held in St. Charles, focused on security, compliance, and risk management discussions.
- Key themes included the importance of context, rigor, and adaptive posture in real security practices.
- Jeff Man highlighted the evolution of PCI compliance, emphasizing the need for continuous security operations beyond mere compliance.
- Dan Yarger discussed the role of AI in policy creation, emphasizing human oversight and validation.
- Tim Malcolm-Vetter emphasized the importance of fundamentals over flashy AI models in cybersecurity defense.
- The event underscored the message that compliance should serve as a foundation for security, with continuous, adaptive measures built around it.
- Practitioners were urged to focus on operationalizing controls, identity threat detection, and the dual nature of AI as both a partner and a threat.
- The sessions stressed the need for teamwork, continuous enforcement, and merging policy with security practices for operational resilience.
- A forward-thinking approach involves viewing compliance as a scaffold rather than a fortress, aiming for real-time security readiness and response.
- The call to action is to shift focus from mere compliance to ensuring current security effectiveness and readiness.
Read Full Article
14 Likes
Tech Radar
2w
266
Image Credit: Tech Radar
Microsoft says “Responsible AI” is now its biggest priority - but what does this look like?
- Microsoft has released its 2025 Responsible AI Transparency Report highlighting its focus on responsible AI models.
- The report outlines Microsoft's plans to invest in tools, policies, and practices to ensure responsible AI.
- The company is preparing for new regulations concerning the use of AI by taking a proactive approach to compliance.
- Microsoft is making investments in managing risks associated with AI beyond textual modalities.
- They are engaging in continued research and development to enhance safety and efficiency in AI systems.
- Microsoft plans to build adaptable tools to manage risks across various AI deployment scenarios.
- The company is supporting effective governance in the AI supply chain and clarifying roles and expectations.
- They are working on AI risk measurement and evaluation tools to support safer norms and standards.
- Microsoft aims to collaborate with the ecosystem to advance AI governance and foster trust in AI systems.
Read Full Article
Like
For uninterrupted reading, download the app