menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Socprime

1d

read

140

img
dot

Image Credit: Socprime

Creating a Regex Pattern Set in AWS WAF

  • AWS Web Application Firewall (WAF) allows protection against various types of attacks.
  • Regex Pattern Sets help filter malicious requests or enforce specific rules.
  • Step-by-step guide on creating a Regex Pattern Set in AWS WAF.
  • Best practices for using and updating Regex Pattern Sets.

Read Full Article

like

8 Likes

source image

Socprime

1d

read

284

img
dot

Image Credit: Socprime

OpenSearch Flush, Translog, and Refresh

  • OpenSearch flushing is the process of permanently storing data onto disk for all operations that have been temporarily stored in memory.
  • When new documents are indexed in OpenSearch, they are recorded on disk in the translog and stored in memory in a buffer.
  • Flushing in OpenSearch refers to the process of writing the in-memory segments onto disk and closing the current translog generation.
  • Elasticsearch offers several distinct advantages over OpenSearch, including a richer feature set, enhanced optimizations, and a superior user experience.

Read Full Article

like

17 Likes

source image

Socprime

1d

read

368

img
dot

Image Credit: Socprime

Additional Settings for Optimizing Elasticsearch Cluster Performance

  • Adjusting Timeout for Unassigned Shards can improve indexing throughput for write-heavy workloads.
  • Optimizing Recovery Speed by setting the indices.recovery.max_bytes_per_sec can reduce downtime and bottleneck performance.
  • Recommendations include monitoring the cluster, testing in a staging environment, and customizing settings based on workload requirements.
  • These settings enhance resilience and efficiency in dynamic data flows or large datasets.

Read Full Article

like

22 Likes

source image

TechDigest

1d

read

159

img
dot

Image Credit: TechDigest

How to protect your financial information online?

  • Protecting your financial information online is essential in today’s digital age, with cybercriminals always developing new techniques to steal personal and financial data.
  • When shopping, depositing, or withdrawing funds online, choose reputable and secure platforms with advanced encryption technology like online casinos with fast withdrawals that prioritize security.
  • Use strong and unique passwords to safeguard your financial information online. It is recommended to use a password manager to store and generate complex passwords for multiple accounts.
  • Enable two-factor authentication to enhance your security by adding an extra layer of protection for your accounts beyond just a password.
  • Ensure the website you’re using is secure by checking that it starts with “https://” and has a padlock symbol next to the URL.
  • Be wary of phishing scams in the form of emails, text messages, or phone calls, and avoid public Wi-Fi for financial transactions which can be a breeding ground for cybercriminals.
  • Use virtual credit cards to provide an added layer of security by generating unique card numbers for each transaction, which can only be used for a specific purchase.
  • Following best practices for online security like these guidelines can help you engage in online transactions without compromising your privacy or safety.

Read Full Article

like

9 Likes

source image

Wired

1d

read

49

img
dot

Image Credit: Wired

The Invisible Russia-Ukraine Battlefield

  • Ukraine and Russia are engaged in an unseen battle for control of the electromagnetic spectrum. Both sides are trying to innovate better ways to spoof, jam, and disrupt enemy communications, particularly drones, while simultaneously working to harden their own systems against hostile signals. Electronic warfare began to mature during WWII. Kyiv identified winning the upper hand in this battle as one of its key priorities against Russia. It's a cat-and-mouse game in which both countries are competing to develop more sophisticated technologies.
  • With Russia advancing across eastern Ukraine, the need to gain control of the electromagnetic space has only grown more important. Hundreds of portable electronic-warfare weapons, including Electronic Drone Mitigation 4 System from Lithuania, have been donated to Ukraine over the past two years. Ukraine has developed a secretive mesh network of EW systems called Pokrova to spoof the Shahed navigation systems of drones and bring them down for analysis.
  • Russia’s EW program is being challenged by Ukraine's efforts to produce larger volumes of cheaper EW solutions that can be quickly adapted. Kvertus, a Ukrainian electronic warfare company, was producing tens of devices in 2022, and by 2023, it was producing hundreds, whereas now it's producing thousands. UP Innovations, a Ukrainian defense tech start-up, has been working on special helmet pads with fabric that acts as a Faraday cage to protect the wearer’s radios from jamming.
  • The Battle of the Beams was on track toward an electromagnetic stalemate. Then, England innovated with early aircraft interception radar on Bristol Beaufighter. Now, the idea of innovation in EW is about iterating with counter-measures quickly rather than behind held back by bureaucracy. Igor, a defense executive from Ukraine, has been working on an anti-drone drone or “fire and forget” solution, that could loiter in the skies, target all incoming Russian drones, and destroy them without human intervention.
  • The United States hasn’t yet handed over the EW crown jewels. Mick Ryan, an independent military analyst, suggests that the US and its closet partners need to change the paradigm on how they look at EW technologies and how best to use them against Russia. Ukraine is now toe-to-toe with Russia and has achieved “parity”, although it needs superiority — a real breakthrough may have to come from Washington.

Read Full Article

like

2 Likes

source image

Fintechnews

1d

read

327

img
dot

Image Credit: Fintechnews

Mastercard Completes Acquisition of Recorded Future in US$2.65 Billion Deal

  • Payment giant Mastercard has completed its acquisition of Recorded Future, a cybersecurity firm, for US$2.65 billion.
  • The acquisition aims to bolster Mastercard's cybersecurity services and improve AI models for smarter threat detection and response.
  • Mastercard plans to offer enhanced services and intelligence to a broader customer base, while increasing the effectiveness of existing cybersecurity tools.
  • The acquisition aligns with the increased focus on securing digital interactions and transactions against evolving cyber threats.

Read Full Article

like

19 Likes

source image

Devopsonline

1d

read

281

img
dot

Image Credit: Devopsonline

How Smart Cities are Bridging the Digital Divide With AI 

  • Urban areas are expected to house 68% of the world's population, putting significant strain on infrastructure and critical services.
  • There are still around 14.5mn people in the US alone without reliable broadband, often leaving rural or urban communities behind and exacerbating social and economic divides.
  • AI and machine learning is being used to help close the digital divide by identifying areas where broadband can be brought to underserved communities.
  • In order to use AI to create smart cities that are more technologically advanced and equitable, city planners must first focus on building a robust data foundation and establishing a strong data infrastructure.
  • To ensure that citizens from low-income or remote regions have equal access to healthcare, education, and other critical connected services, municipalities can also establish data-driven control rooms through integration of data from various departments.
  • It is essential to keep the needs and experiences of residents at the forefront when incorporating AI into city operations, which allows technology deployment to be guided by the actual needs of the community.
  • Scalable and adaptable AI solutions should be planned for smart city projects to include pilot projects and expand as the technology proves its value.
  • AI-powered scenario planning tools can help municipalities develop long-term resilience strategies to meet evolving urban dynamics without requiring complete overhauls.
  • The smart city journey must begin with data by keeping citizens at the center of the smart-city plan, identifying areas where AI can be applied for the greatest impact.
  • Leveraging AI to bridge the digital divide is a promising early step to advancing digital equity and creating smart city success.

Read Full Article

like

16 Likes

source image

Medium

1d

read

312

img
dot

Image Credit: Medium

Content Security Policy (CSP)

  • CSP is a computer security standard introduced in 2004.
  • It helps protect websites from attacks by specifying allowed content sources.
  • CSP prevents execution of malicious scripts, addressing vulnerabilities like XSS and MITM attacks.
  • It also disallows dynamic code injection methods like eval().

Read Full Article

like

18 Likes

source image

Securityaffairs

1d

read

137

img
dot

Image Credit: Securityaffairs

Lazarus APT targeted employees at an unnamed nuclear-related organization

  • The North Korea-linked Lazarus Group targeted employees of an unnamed nuclear-related organization in January 2024.
  • The attacks are believed to be part of the cyber espionage campaign Operation Dream Job.
  • Lazarus used a complex infection chain involving multiple types of malware.
  • The group used compromised WordPress web servers as command and control servers.

Read Full Article

like

8 Likes

source image

Silicon

1d

read

3

img
dot

Image Credit: Silicon

North Koreans Stole $1.34bn In Crypto This Year

  • Hackers linked to North Korea have stolen a record $1.34 billion in cryptocurrency this year.
  • The hacks accounted for over half of the total amount stolen in all cryptocurrency hacks.
  • North Korea uses the funds obtained from hacking to finance its missile and nuclear programs.
  • The hacking activity has slowed down in the second half of the year after a strategic partnership was signed.

Read Full Article

like

Like

source image

Dev

1d

read

104

img
dot

Image Credit: Dev

Password Composition Policies Are Bad and Here's Why

  • Password composition policies are rules that dictate what constitutes an acceptable password to the user before they can proceed to create it.
  • Requirements include a minimum length, a mix of uppercase and lowercase letters, numbers, and special characters.
  • Research shows that users respond to these requirements in predictable ways when forced.
  • Composition policies can fail to deliver their intended security benefits.
  • Checking passwords against a blacklist is a more effective way to improve password security.
  • Evaluating password strength, not complexity, is also useful.
  • Length is the primary factor in characterizing password strength, so users should be encouraged to make their passwords as lengthy as they want.
  • A significant subset of users still choose easy-to-guess passwords, like P@ssword1, that meet policy requirements but remain highly vulnerable to attackers.
  • Improving password security can be done without sacrificing user experience.
  • Multi-Factor Authentication (MFA) is also a useful option for improving security.

Read Full Article

like

6 Likes

source image

TechBullion

1d

read

145

img
dot

Image Credit: TechBullion

Iqra Naseer on the Evolution Of Artificial Intelligence and Block chain In Cybersecurity

  • Artificial Intelligence (AI) and cybersecurity have evolved hand in hand over the years, showcasing human ingenuity and adaptability.
  • Deep learning in AI has allowed for the analysis of behaviors and network traffic, improving the detection of complex threats.
  • Generative AI has further democratized the use of AI in cybersecurity, allowing for the detection and anticipation of new attack vectors.
  • Iqra Naseer has implemented a blockchain and AI-based data integrity system to protect data from cyberattacks, ensuring immutability, dependability, and transparency.

Read Full Article

like

8 Likes

source image

Cybersecurity-Insiders

1d

read

142

img
dot

Image Credit: Cybersecurity-Insiders

Top 5 Ransomware Attacks and Data Breaches of 2024

  • HealthCorps healthcare network fell victim to a targeted Hades ransomware attack (formerly linked to the notorious Conti group) in March 2024, compromising 5.6 million patient records.
  • In June 2024, MetroLink, a major public transportation network in the US was compromised by the Lazarus Group, a hacking collective linked to North Korea. The cyberattack compromised the personal data of over 15 million riders.
  • BluePeak Financial was infiltrated by a former employee who used stolen credentials to gain access to the company’s internal network. The breach led to the exfiltration of data related to 2.3 million customers.
  • BlackCat ransomware group (ALPHV) targeted GlobalBank in July 2024. The attack, which began with the breach of a cloud-based third-party service provider, affected over 30 financial institutions across 50 countries.
  • eComX, one of the world’s largest e-commerce platforms, suffered a devastating data breach that exposed 110 million customer accounts in September 2024.
  • These cyber-attacks underscore the vulnerability of the healthcare, public transportation, finance, and e-commerce sectors.
  • Organizations must implement stronger cybersecurity hygiene, multi-layered defenses, and comprehensive incident response plans to prevent sophisticated attacks.
  • Third-party risk management is a critical component of cybersecurity strategies, as attackers frequently exploit supply chain vulnerabilities.
  • Detecting attacks early is important - organizations should implement advanced intrusion detection systems (IDS) to monitor unusual activity.
  • Staying ahead of the curve is crucial to safeguarding both sensitive data and organizational integrity.

Read Full Article

like

8 Likes

source image

Cybersecurity-Insiders

1d

read

88

img
dot

Image Credit: Cybersecurity-Insiders

Germany Investigates BadBox Malware Infections, Targeting Over 192,000 Devices

  • Germany has launched an investigation into reports of a significant cyber threat believed to be linked to the BadBox Malware, which has allegedly infected over 192,000 devices across the country.
  • The malware primarily targets devices running outdated or unsupported operating systems, bypassing traditional security features and engaging in activities such as data exfiltration, ad fraud and espionage, ransomware distribution, and acting as a proxy.
  • Experts emphasize the importance of regular device updates, installing reliable security software, being cautious about suspicious apps or downloads, and following best practices for mobile security to protect against such threats.
  • Ongoing investigations aim at mitigating the impact of BadBox and similar malware, highlighting the need for global cooperation in cybersecurity and ongoing education and awareness around digital safety practices.

Read Full Article

like

5 Likes

source image

Dev

1d

read

84

img
dot

Image Credit: Dev

Understanding SSH: Secure Shell Protocol

  • SSH, or Secure Shell, is a network protocol that provides secure remote access to computers over unsecured networks, ensuring encrypted data communications and strong authentication.
  • SSH is widely used by network administrators for secure remote management of systems, executing commands, and transferring files between computers over a network.
  • SSH supports both password and public key authentication, with the latter being more secure. SSH keys consist of a public and a private key, where the public key is shared and the private key is kept secure.
  • SSH uses encryption techniques like symmetric and asymmetric encryption, along with hashing, to secure data transmission and authenticate users and hosts.

Read Full Article

like

5 Likes

For uninterrupted reading, download the app