Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Siliconangle

221

Image Credit: Siliconangle

AI context intelligence startup Wald raises $4M, debuts data loss protection platform

Context intelligence startup Wald Inc. has raised $4 million in seed funding.
The company has launched the Wald Context Intelligence Platform, which combines AI assistants with data loss protection and regulatory compliance management.
Wald's platform allows enterprises to generate content, code, and query documents securely without exposing sensitive data.
The platform is available as a software-as-a-service offering and includes access to popular AI models.

Read Full Article

13 Likes

TechCrunch

Image Credit: TechCrunch

Cohesity completes its merger with Veritas; here’s how they’ll integrate

Data protection startup Cohesity has completed its merger with Veritas' enterprise data protection business, creating a single entity valued at $7 billion with 12,000 customers.
The merger was funded by a Series H round led by Haveli Investments, and the new entity has an annual recurring revenue of $1.5 billion.
Cohesity focused on Veritas' data business as a potential acquisition target due to its enterprise focus and differentiated customer base, and aims to consolidate the industry to save costs and innovate faster.
The combined company will continue to invest in both Cohesity's and Veritas' products, with a unified go-to-market strategy and focus on cross-selling to their existing customer bases.

Read Full Article

3 Likes

Medium

Image Credit: Medium

7 PKI and Cybersecurity Trends for 2025

As AI and machine learning advance, their integration into PKI systems is becoming essential.
Organizations and Certificate Authorities must quickly adapt to Quantum computing which poses a significant threat to traditional encryption methods with quantum-resistant cryptographic algorithms.
PKI is vital for ensuring secure and compliant digital interactions. As AI-driven threats and regulatory demands increase, organizations must leverage PKI to safeguard digital identities and meet compliance requirements effectively.
With the continued growth of IoT devices, which is expected to reach 55.7 billion by 2025, PKI is increasingly essential for securing device communication, authentication, and data integrity.
The adoption of Zero Trust models is growing, making PKI essential for identity-based authentication and encrypted communication.
The shift toward cloud-native architectures drives the adoption of PKI for securing cloud-based applications, microservices, and containerized environments.
The momentum toward shorter certificate lifespans continues with a decline in the maximum validity period for SSL/TLS certificates to 1 year and Apple's proposal to shorten the lifespan of public SSL/TLS certificates to 47 days by 2027.
Continuous advancements ensure robust and trustworthy digital security in an increasingly interconnected world. Organizations must stay informed and proactive in adopting trends for building resilient security infrastructures capable of withstanding evolving threats.

Read Full Article

4 Likes

TechBullion

304

Image Credit: TechBullion

Compliance Made Easy: How AWS Supports Data Security for LegalTech Platforms

AWS offers compliance tools and services like GDPR, HIPAA, and SOC 2 to help legaltech platforms meet security standards and protect sensitive data.
Data security is crucial for legaltech platforms as they handle sensitive client information. AWS offers various features to safeguard this data, including Identity and Access Management (IAM), encryption, and security services like KMS and GuardDuty.
AWS Identity and Access Management (IAM) ensures users only get access to the information they need to do their jobs through role-based access control and least privileged access.
AWS supports data encryption at rest and in transit using client-side encryption to encrypt data before it is sent from the device, and server-side encryption after data reaches the server. AWS also provides control over encryption keys, ensuring only authorized users can access sensitive information.
AWS provides various security features like KMS, GuardDuty, AWS Web Application Firewall (WAF), and AWS Shield to protect legaltech platforms against attacks. In addition, incident response, monitoring, and logging capabilities provided by AWS ensure that legaltech platforms remain secure and compliant.
CloudTrail records all actions taken in the AWS account, while AWS CloudWatch helps monitor resources, AWS Inspector automatically checks applications for potential vulnerabilities, and automated compliance checks ensure adherence to regulations.
AWS helps legaltech platforms build trust and compliance with the law in terms of data security. Maruti Techlabs offers cloud security services that help businesses leverage AWS effectively and remain compliant with industry regulations.
Overall, AWS's compliance tools, encryption methods, security features, and incident response strategies ensure that legaltech platforms handle sensitive client information with the utmost care and remain secure from potential threats.

Read Full Article

18 Likes

Discover more

Dev

100

Image Credit: Dev

picoCTF "Breadth" Walkthrough

This article is a walkthrough of the picoCTF challenge called Breadth, where we had to examine and compare two binaries using Ghidra to find the flag.
The challenge has two binaries, and the first step is to go through the list of function calls, including the 'main' function, to find any interesting ones.
The random functions contain a lot of strings starting with picoCTF, indicating that the challenge involves comparing binary differences between the two versions.
The function 'main' holds no clues, and so we compare the two binaries using radiff2, which shows the differences at two addresses - 0x000002d4 and 0x0009504e.
The address 0x000002d4 contains metadata, while the address 0x0009504e contains the potential flag - picoCTF{VnDB2LUf1VFJkdfDJtdYtFlMexPxXS6X}.
Submitting the potential flag revealed that it was indeed the right one, and it completed the challenge.
The author found the challenge to be marked as hard but thought it was simple and should be classified as easy or medium.
This article serves as a guide for individuals looking to take on similar challenges in the future.
The author concludes by promising to come back with more interesting and challenging walkthroughs in the future.

Read Full Article

6 Likes

Siliconangle

134

Image Credit: Siliconangle

Now-patched macOS and iOS vulnerability allowed undetected access by bypassing data protections

A vulnerability in iOS and macOS allowed unauthorized access to sensitive user data without user consent or notification.
The vulnerability exploited a flaw in Apple's TCC framework, allowing malicious apps to bypass data protections.
The vulnerability involved a symlink attack, enabling attackers to redirect file operations and access sensitive files stored in iCloud undetected.
Apple addressed the vulnerability in iOS 18 and macOS 15 by reinforcing symlink checks and strengthening the TCC framework.

Read Full Article

8 Likes

Siliconangle

200

Image Credit: Siliconangle

Astrix Security secures $45M to strengthen nonhuman identity protection in enterprise

Astrix Security has raised $45 million in new funding to strengthen nonhuman identity protection in enterprises.
The startup provides visibility into nonhuman identities (NHIs) and helps prevent supply chain attacks and data leaks.
Astrix offers an agentless solution to discover and manage all NHIs, ensuring secure access to critical systems.
With the new funding, the company plans to expand its customer base and further develop its NHI security platform.

Read Full Article

12 Likes

TechDigest

Image Credit: TechDigest

Only 1 in 5 using two-factor authentication, Uswitch research finds

A survey by Uswitch Broadband shows that while eight in 10 people knew of two-factor authentication (2FA), used to confirm identities, but only 22% enabled 2FA on all their accounts. Over 33,600 cyber-fraud victims reported losing a collective £1.4m ($1.9m) digital attacks last year.
Over 60% of Britons use work equipment for personal uses, potentially risking their professional information. WiFi, a public Wi-Fi service available in cafés, libraries, and hotels, is used by 64% (81% of Gen Z and 75% of millennials).
Victims of online fraud reported financial losses to the tune of £1.4m last year, with online account hacks affecting 33,600 cyber-fraud victims over the same period.
Of the respondents from the UK, 51% of public WiFi users accessed work-related files or banking details, making them vulnerable to online cyber threats.
The survey also showed that 39% of all people aged between 18 and 24 in the UK had had at least one account hacked over the past year.
Over the past year, online fraudsters on social media targeted Gen Z, with 37% of those affected by fraud in the UK aged between 18 and 24.
The aforementioned survey additionally revealed that 45% of all email-related fraudulent activity impacted people over the age of 50.
Uswitch's survey advises people to be cautious about phishing scams and to only purchase goods from providers they believe to be authentic.
Uswitch's expert, Max Beckett, says internet users should be wary of cyber threats, adopting stronger security measures such as setting up two-factor authentication on critical accounts.
Uswitch also advises that users create strong, separate passwords for their various accounts, keep WiFi password-protected and secure, and regularly check routers for connected devices.

Read Full Article

3 Likes

Medium

221

Image Credit: Medium

Your IP for Sale: The Dark Side of Residential Proxies

Residential proxies are commonly used to route network traffic through residential IP addresses to bypass security mechanisms.
Some sellers of residential proxies are selling access to people's home internet networks without their knowledge.
The use of residential proxies can be both legal and ethical, but there are also illicit and unethical uses such as DDoS attacks and click fraud.
Caution should be taken before installing shady software or using residential proxies, and consideration should be given to finding ethically sourced IPs.

Read Full Article

13 Likes

Hackersking

286

Image Credit: Hackersking

TGPT AI Based Chat Bot For Your Linux Terminal

TGPT is an OpenAI chatbot designed for terminal environments, allowing users to interact with their systems more intuitively.
TGPT doesn't require API integration and provides advanced natural language processing capabilities.
Users can use TGPT for coding assistance, accessing documentation, and automating repetitive tasks.
TGPT can be installed on Linux and offers various providers, including Blackbox AI, OpenAI, Duckduck Go, Ollama, Groq, etc.

Read Full Article

17 Likes

Dev

Image Credit: Dev

What is the Mina Protocol? A Simple Guide

Mina Protocol is a succinct blockchain that remains lightweight at just 22KB in size.
It utilizes zk-SNARKs technology to reduce data needs and enable decentralized transactions.
Mina Protocol aims to provide scalability, privacy, and web3 compatibility.
By using zk-SNARKs, Mina compresses the blockchain into a single proof, making it accessible and efficient.

Read Full Article

2 Likes

Tech Radar

391

Image Credit: Tech Radar

Romanian energy supplier struck in ransomware attack in latest cybercrime assault

Romanian energy supplier Electrica Group confirms suffering a cyberattack
Investigation underway with local law enforcement
No details revealed about the nature or goal of the attack
The attack is suspected to be a ransomware attack

Read Full Article

23 Likes

Pymnts

2.4k

Image Credit: Pymnts

Scam-Related Fraud Jumped 56% in 2024, Surpassing Digital Payment Crimes

Scam-related fraud increased by 56% in 2024, surpassing digital payment fraud.
Financial losses from scams rose 121%, accounting for 23% of all fraudulent transactions.
Fraudsters exploit vulnerabilities in human behavior and use deceptive tactics to manipulate individuals into authorizing fraudulent transactions.
Financial institutions are investing in advanced technologies such as behavioral analytics and fraud score solutions to combat the growing threat of scams.

Read Full Article

26 Likes

Socprime

Image Credit: Socprime

Standard Logstash Template for Event Processing (Gold Template)

This standard template for configuring Logstash pipelines, commonly referred to as a 'gold template,' ensures consistent metadata enrichment for events processed through Logstash, making it particularly useful in environments where data comes from diverse sources.
Key features of this template include a Ruby block for metadata enrichment, host field renaming based on content type (IP address or hostname), and adding Logstash type information to mark events processed by Logstash.
To use the template, replace 'TYPE_NAME' with the appropriate event type, insert it into the Logstash configuration, test the configuration, and deploy to production.
Using this gold template ensures consistent metadata enrichment, standardized field names, and adaptability to multiple use cases, making event processing in Logstash more efficient and facilitating troubleshooting and downstream analytics.

Read Full Article

5 Likes

Tech Radar

247

Image Credit: Tech Radar

Termite ransomware gang claims it carried out Blue Yonder attack

The Termite group claims responsibility for the recent cyberattack on Blue Yonder.
Termite claims to have stolen sensitive information including DB dumps, email lists, documents, and reports.
Blue Yonder is currently investigating the claims and working with cybersecurity experts.
The ransomware attack disrupted Blue Yonder's services and impacted its customers, including Starbucks and major UK grocery stores.

Read Full Article

14 Likes

For uninterrupted reading, download the app