A naukri.com initiative
Cyber Security News
Tech Radar
1d
18
Image Credit: Tech Radar
One of the biggest security threats to Apple systems just got a major upgrade - here's what we know
- Atomic Stealer (AMOS), a dangerous infostealer malware on macOS, has been upgraded with a backdoor and persistence mechanism.
- The new variant allows attackers persistent access, survives reboots, and enables deployment of other malware on compromised devices.
- AMOS has been used in major hacking campaigns, extracting various data, bypassing macOS security features, and being distributed via fake apps and malicious websites.
- Security experts warn that AMOS malware campaigns have expanded globally, affecting over 120 countries, including the US, France, Italy, UK, and Canada.
Read Full Article
1 Like
Siliconangle
1d
18
Image Credit: Siliconangle
New Barracuda backup tool extends Microsoft Entra ID data retention
- Barracuda Networks Inc. has launched Barracuda Entra ID Backup Premium to protect Microsoft Entra ID environments from data loss.
- The solution offers centralized visibility, backup status monitoring, and long-term data retention for single and multi-tenant environments.
- Barracuda Entra ID Backup Premium helps organizations mitigate the risk of data loss in Microsoft Entra ID environments and provides fast recovery capabilities.
- The software-as-a-service solution requires no installation and offers features like advanced search, real-time monitoring, and role-based access control for efficient identity protection management.
Read Full Article
1 Like
Siliconangle
1d
131
Image Credit: Siliconangle
Morphisec warns of Iran-backed ransomware campaign driven by political motives
- Morphisec Inc. warns of the resurgence of Pay2Key ransomware operation linked to Iran's Fox Kitten APT group, now rebranded as Pay2Key.I2P, utilizing RaaS model and Mimic ransomware techniques.
- Pay2Key.I2P has amassed $4 million from over 50 attacks within four months, with affiliates incentivized through an 80% profit share, particularly targeting adversaries of Iran for financial and ideological reasons.
- The ransomware group employs advanced evasion techniques, including a multi-stage attack chain, with recent expansions to target Linux systems and incorporate obfuscation methods to evade detection.
- While profit remains a motive, Morphisec emphasizes Pay2Key.I2P's ideological agenda, positioning the campaign as a tool of cyber warfare against Western targets aligned with Iran's geopolitical stance.
Read Full Article
7 Likes
Siliconangle
1d
279
Image Credit: Siliconangle
Sonatype report finds 188% spike in open-source malware in the second quarter
- Sonatype Inc. reported a 188% increase in open-source malware in the second quarter of 2025, with 16,279 newly discovered malicious packages across popular ecosystems.
- Data exfiltration was the primary threat, with 55% of malicious packages designed to steal sensitive data. Malware targeting data corruption more than doubled during the quarter, now representing over 3% of all malicious packages.
- Cryptomining malware decreased to 5% of packages, indicating a shift towards more impactful outcomes like credential theft and espionage. The Lazarus Group, a North Korea-linked APT, was associated with 107 malicious packages.
- Sonatype's Open Source Malware Index noted a rise in advanced nation-state actors using open-source software for cyber espionage and financial crimes. The report is based on the company's proprietary detection systems monitoring npm, PyPI, and Maven Central.
Read Full Article
16 Likes
Siliconangle
1d
285
Image Credit: Siliconangle
Splunk uncovers surge in social engineering through fake CAPTCHA attacks
- Splunk Inc. warns of a surge in social engineering campaigns using fake CAPTCHA systems to deliver malware without relying on software vulnerabilities.
- These attacks, dubbed 'ClickFix' and 'FakeCAPTCHA,' trick users into self-infecting their systems by exploiting familiarity with verification systems and using clipboard manipulation techniques.
- The attacks lure victims to malicious websites resembling Google's reCAPTCHA or Cloudflare CAPTCHA pages, prompting users to trigger hidden JavaScript that downloads and executes second-stage payloads.
- To combat this threat, Splunk researchers have introduced open-source tools like ClickGrab and PasteEater, along with detection queries to help organizations monitor for FakeCAPTCHA activity.
Read Full Article
13 Likes
Medium
1d
310
Image Credit: Medium
ChatGPT: Help or Risk?
- ChatGPT, an AI tool by OpenAI, has become essential in daily life for tasks like writing emails, asking questions, and content creation, with around 180 million users globally.
- While beneficial, users need to heed safety and privacy precautions while using ChatGPT to avoid mishaps like the accidental uploading of sensitive data that led Samsung to ban such AI tools in 2024.
- Samsung's decision to ban ChatGPT stemmed from fears of data security breaches and unintended data sharing as seen with an employee uploading sensitive company code to the platform.
- Users are urged to use AI tools like ChatGPT responsibly and securely to prevent data mishandling and unauthorized sharing, emphasizing the importance of data privacy awareness.
Read Full Article
18 Likes
Tech Radar
1d
534
Image Credit: Tech Radar
Your employee logins are more valuable to criminals than ever - here's how to keep them protected
- Hackers are increasingly targeting employee login credentials with advanced tools that are cheap and easily accessible.
- Identity-based attacks have surged by more than twofold (156%) since 2023, with more than half (59%) of cyber-incidents in Q1 2025 being attributed to this type of attack.
- Phishing-as-a-Service platforms like Tycoon 2FA and inexpensive infostealing malware are contributing to the rise in identity-based attacks, allowing hackers to intercept credentials and session data.
- These obtained credentials are often used in Business Email Compromise (BEC) attacks, where criminals either infiltrate executives' emails or impersonate corporate officers to deceive employees into transferring money or sharing sensitive information.
Read Full Article
8 Likes
Tech Radar
1d
239
Image Credit: Tech Radar
OpenAI is reportedly upping security following rumored foreign threats
- OpenAI is reportedly boosting its security measures to counter corporate espionage rumors and potential foreign threats.
- DeepSeek, a Chinese startup, has released a competing AI model using distillation to replicate OpenAI's technology.
- OpenAI has implemented new security policies restricting employee access, keeping proprietary technologies offline, and enhancing physical security.
- The company is funding AI security research initiatives and strengthening its cybersecurity teams in response to the increasing threats and challenges.
Read Full Article
10 Likes
Siliconangle
1d
158
Image Credit: Siliconangle
Coralogix and AWS team up to enhance AI observability and threat detection
- Coralogix and AWS have announced a new collaboration agreement to enhance AI-powered observability and security solutions.
- The collaboration aims to utilize Amazon Bedrock for advanced monitoring, moving beyond static rules for anomaly detection.
- Integration of Amazon Bedrock with Coralogix's platform enables proactive anomaly detection and improved system reliability.
- The partnership also includes solutions for AWS WAF and Amazon CloudFront monitoring, delivering comprehensive threat detection for AWS customers.
Read Full Article
9 Likes
Medium
1d
45
Image Credit: Medium
Is your phone acting weird? Here’s what might be going on.
- Experiencing significant battery drain on your phone could be a sign of malware, especially if an unfamiliar app is consuming a large portion of the battery.
- If your phone becomes excessively warm even when not in use, it may indicate malware forcing the processor to work excessively.
- Sudden spikes in data usage without explanation could be a result of malware uploading data without your knowledge, so monitoring data usage is important.
- Unexpected behavior like apps launching on their own, random restarts, or strange messages may indicate malware presence on your phone.
Read Full Article
2 Likes
Tech Radar
1d
197
Image Credit: Tech Radar
CitrixBleed 2 exploits are now in the wild, so patch now
- CitrixBleed 2, a vulnerability in Citrix NetScaler ADC and NetScaler Gateway, is actively being exploited in the wild by threat actors.
- The flaw allows hijacking user sessions and access to environments. Security researchers warn that the majority of instances remain unpatched.
- WatchTowr Labs found a significant portion of users had not patched against CitrixBleed 2, urging immediate action as exploitation is ongoing.
- Citrix is redirecting media inquiries to a blog post stating there is currently no evidence of exploitation, but also stresses the importance of immediate updates due to active exploitation.
Read Full Article
11 Likes
Global Fintech Series
1d
1.3k
Image Credit: Global Fintech Series
Global Fintech Interview with Radha Suvarna, Chief Product Officer of Payments at Finastra
- Radha Suvarna discusses evolution of payment processing systems and impact of AI.
- Finastra collaborates on ISO 20022 transition, modern payment infrastructure, and innovation.
- Payment systems evolving with AI automation, faster processing, and improved customer experiences.
- Global tech innovations focus on ISO 20022, cloud platforms, and customer-centric solutions.
- Fintech landscape shifting towards seamless, connected payment ecosystem with advanced technology.
Read Full Article
20 Likes
Securelist
1d
292
Image Credit: Securelist
Approach to mainframe penetration testing on z/OS. Deep dive into RACF
- Dissecting mainframe penetration testing techniques on z/OS, particularly focused on RACF security package.
- Deep dive into RACF database structure, internal architecture, and its decision-making logic.
- Developed utility racfudit, facilitates offline analysis of RACF database, provides insights for security analysis.
- Exploring RACF profile relationships, user authorization flows within z/OS, and password hashing algorithms.
- Detailed overview of DES and KDFAES encryption algorithms for RACF password and phrase hashes.
Read Full Article
17 Likes
Tech Radar
1d
277
Image Credit: Tech Radar
Many companies are still failing to budget for cybersecurity
- Despite increasing cyber threats, a report by ESET reveals that 38% of businesses lack cybersecurity budgets or have no plans to increase them.
- Small companies are less likely to have cybersecurity budgets compared to larger companies.
- Reputational damages from cyberattacks can be as damaging as financial losses, as highlighted by recent attacks on M&S and Co-op.
- ESET Global Cybersecurity Advisor emphasizes the importance of collaborative efforts among industries, cybersecurity providers, and governments to enhance digital defenses.
Read Full Article
16 Likes
The Register
1d
159
Image Credit: The Register
Is your password ecosystem ready for the regulators?
- Regulators push companies to enhance password security amidst rising credential theft incidents.
- Frameworks like PCI-DSS enforce strict password complexity rules and multi-factor authentication.
- NIST recommends longer passwords over complexity, warns against hints, and emphasizes MFA.
- Specops Password Auditor aids in assessing password security posture and compliance with regulations.
Read Full Article
9 Likes
For uninterrupted reading, download the app