A naukri.com initiative
Cyber Security News
Wired
3w
433
Image Credit: Wired
As the Mastermind of Far-Right ‘Active Clubs’ Goes to Prison, His Violent Movement Goes Global
- American neo-Nazi Robert Rundo has been sentenced to federal prison for attacking political opponents at rallies in California in 2017. Along with members of the Rise Above Movement, Rundo was convicted in 2018 of conspiracy to violate the federal Anti-Riot Act for planning and training a series of attacks on political opponents. Rundo co-founded the fight club-cum-street gang in Southern California with fellow extremist Ben Daley during the peak of the alt-right movement.
- Since Rundo’s initial arrest, he helped create an international network of RAM clones called 'Active Clubs.' The clubs are a transnational alliance of far-right fight clubs that closely overlap with skinhead gangs and neofascist political movements in North America, Europe, the Antipodes, and South America. There are now dozens of Active Clubs in countries such as the US, UK, France, Germany, Holland, Scandinavia, Australia and Colombia.
- Seemingly harmless from the outside, Active Clubs are small groups of young men who go on hikes, train in combat sports, weight-lift, and build camaraderie. But their membership often overlaps with other extremist organizations, including Patriot Front and skinhead groups like the Hammerskins. US-based Active Clubs are branching out into political intimidation and violence.
- According to extremism researchers, the Active Club model stands out for its low barrier to entry, emphasis on positive community building to draw new recruits from outside extremist circles, and a ready-made international network. Their ideology leans heavily on young male grievances against a world that supposedly singles them out in favor of people of color and LGBTQ+ youth.
- Rundo co-created the concept of an Active Club in 2021 with far-right German-Russian neo-Nazi Denis Nikitin, who started out as a soccer hooligan before moving into combat sports as a fighter, promoter, and organizer of far-right tournaments. Since then, the neo-Nazi fight clubs have proliferated throughout Western Europe, Australia, and the United States and are currently the preeminent organizing model for far-right streetfighters.
- The Active Club network is seeing expanded breadth and growing significance in street politics. Their members have been involved in political violence in the US and France, have been banned and arrested in Germany, and are a growing concern for UK and Irish law enforcement as the place of their recruiting has skyrocketed following this summer's riots.
- Rundo will likely spend years in prison, but it remains unlikely that federal lockup will change his ideologies. He previously served nearly two years for stabbing a rival gang member in Queens in 2009. While he did radicalize during his stint, starting a small white power gang, Rundo’s forthcoming prison term will mark his first federal term as a certified domestic extremist. Prior to the US election, Rundo urged his supporters to vote for Donald Trump in the hope that the president-elect would pardon him and other extremists who plead guilty to federal crimes.
- Rundo “has not renounced the violent extremist ideology that motivated that conduct,” US prosecutors wrote in their sentencing memo. It’s also likely that Rundo will hold out for help from a friendlier government. Since his initial arrest, Rundo helped mastermind an international network of RAM clones known as “Active Clubs.”
- Along with members of the Azov Movement’s 3rd Assault Battalion who have been integrated into the regular units of Ukraine military intelligence directorate, Nikitin hosted a September conference in Lviv that gathered representatives from extreme right-wing organizations across Europe for a strategy conference. Italian fascist organization Casapound, which Rundo visited in 2018 and views as an exemplar, sent a representative, as did Germany’s openly neo-Nazi party, Dritte Weg.
- Active Clubs have proved effective at dodging legal crackdowns in countries like France, where far-right street violence has a decades-long history despite authorities' attempts to ban and dissolve organized groups. The clubs appear to have carried out acts of violence, including an attack on an asylum center near Nantes last year.
- The Active Club model stands out for its low barrier to entry and emphasis on positive community building. Active Clubs are concerning as their membership often overlaps with other extremist organizations. The clubs appear to have carried out acts of violence in the US and France, have been banned and arrested in Germany, and are a growing concern for UK and Irish law enforcement. The founders of Active Clubs are facing imprisonment, however, the movement continues to grow in the United States, Europe, the Antipodes and South America.
Read Full Article
26 Likes
Medium
3w
345
Image Credit: Medium
What Do Smart Home Users Really Think?
- A research project on smart homes and surveillance aimed to understand user perspectives on privacy, personal information collection, benefits and risks, and home safety.
- Many smart home users were found to be misinformed about their devices' surveillance capabilities, with incomplete understandings of collected information and access rights.
- The relationship between surveillance and power poses concerns, including domestic abuse and overreach by big tech companies.
- To ensure better products, policy, and law, understanding and respecting user perspectives is crucial as smart devices become more prevalent in society.
Read Full Article
20 Likes
Cybersecurity-Insiders
3w
319
Image Credit: Cybersecurity-Insiders
Black Hat Europe Recap: Auguria Debuts Newly Enhanced Platform
- Auguria, Inc. announces the newest version of its Security Knowledge Layer Platform at Black Hat Europe.
- The enhanced platform integrates with major data sources including CrowdStrike, SentinelOne, Microsoft Windows Event Logs, and Palo Alto Networks.
- Auguria introduces the Explainability Graph feature, providing visual, context-rich threat data for security teams.
- The expanded integrations allow organizations to consolidate, prioritize, and analyze data from multiple sources, simplifying processes and facilitating faster security decisions.
Read Full Article
19 Likes
Socprime
3w
122
Image Credit: Socprime
Using Roles and Users for Data Access in Elasticsearch
- Elasticsearch uses a security model to control access to data through roles and users.
- Enabling security features in Elasticsearch is crucial for data security and operational integrity.
- Roles define the permissions for users, specifying the indices they can access and the operations they can perform.
- Users are mapped to one or more roles to determine their permissions.
Read Full Article
7 Likes
Cybersecurity-Insiders
3w
91
Image Credit: Cybersecurity-Insiders
2025 Outlook: Turning Threats into Opportunities in a New Era of Innovation
- As we step into 2025, the cybersecurity landscape is at a pivotal juncture.
- Continued government regulation and the rising cost and consequences of data breaches will pressure companies to uplevel data privacy initiatives to a strategic business imperative.
- Many non-technology industries need to be faster to update their legacy infrastructure, but struggle due to cost constraints and limited resources.
- DataKrypto Prediction: Companies will increasingly address data privacy strategically and operationally.
- Data breaches will lessen as cyber developers focus on building “secure by design” applications that protect data throughout its lifecycle.
- Sophisticated attackers exploit vulnerabilities left by traditional encryption methods, exposing organizations to costly breaches.
- New FHE innovations will help companies maintain continuous data protection and minimize the impact of many prominent attacks.
- As quantum computing advances, organizations worldwide are growing increasingly concerned about its potential impact on cybersecurity.
- Organizations will prioritize implementing advanced quantum-resistant cryptographic techniques.
- As we look ahead to the coming year, we’re standing on the precipice of a new era in cybersecurity.
Read Full Article
5 Likes
Cheapsslshop
3w
13
Image Credit: Cheapsslshop
EV vs OV Code Signing Certificate: What are the differences?
- Code signing certificates are essential for ensuring software integrity and protecting users.
- There are two types of code signing certificates: Organization Validation (OV) and Extended Validation (EV).
- EV Code Signing Certificates undergo a rigorous validation process and are used to sign software, drivers, applications, and executable files.
- OV Code Signing Certificates have less strict validation requirements and are commonly used for signing software.
Read Full Article
Like
The Register
3w
280
Image Credit: The Register
Taming the multi-vault beast
- Partner Content With Non-Human Identities (NHIs) now outnumbering human users 100 to one in enterprise environments, managing secrets across multiple vaults has become a significant security concern.
- GitGuardian addresses this challenge with its latest release of multi-vault integrations, providing centralized visibility and control over secrets in HashiCorp Vault, CyberArk Conjur, AWS Secrets Manager, Google Cloud Secrets Manager, and Azure Key Vault.
- Key capabilities include automated detection of stale and unused secrets, cross-vault incident resolution, streamlined vault migration and consolidation, and policy enforcement across platforms.
- This release marks GitGuardian's evolution from secrets detection to comprehensive Non-Human Identity (NHI) governance, offering organizations scalability, reduced operational costs, improved security posture, and simplified compliance reporting.
Read Full Article
16 Likes
Cybersecurity-Insiders
3w
319
Image Credit: Cybersecurity-Insiders
How the Cyber Grinch Stole Christmas: Safeguard Your Festive Season
- The holiday season creates the perfect environment for increased cyberattacks due to increased online shopping during Black Friday and Cyber Monday, followed by December festivities.
- Organisations are becoming prime targets for cybercriminals, with the rise of remote work and distracted teams, it is vital that businesses protect themselves from becoming victims of festive-season threats.
- Phishing emails are particularly convincing during this time, leveraging festive themes and urgent requests. Common scams include fake charity appeals, holiday e-cards, and counterfeit shopping sites advertising too good to be true discounts.
- Cybercriminals use AI-powered phishing scams, deepfakes and advanced malware all of which make it harder to detect and more personalised, using employee’s specific dates to make the breach more personal.
- Remote working was one of the biggest game-changers that happened over the past year.
- Remote devices, often the weakest link in cybersecurity, are particularly vulnerable, lacking the same level of security as office-based desktops.
- Organisations must adopt a robust cyber resilience posture that embraces endpoint security and enables them to respond and react in a timely manner. Centralised IT teams require real-time visibility into the network and must act decisively against suspicious activity.
- According to the Cyber Resilience Risk Index, Endpoint Protection Platforms and network security applications fail to operate effectively 24 percent of the time on managed PCs.
- Downtime—when systems, devices, or networks are unavailable due to a cyberattack—can severely disrupt operations impacting productivity and may result in significant financial losses, particularly during critical business periods like the holiday season.
- By adopting a proactive approach to cyber resilience, businesses can reduce downtime and ensure rapid recovery from security issues, protecting sensitive data and maintaining operations.
Read Full Article
19 Likes
Cybersecurity-Insiders
3w
56
Image Credit: Cybersecurity-Insiders
The three top cybersecurity predictions for 2025
- The cyberthreat landscape has shifted rapidly over the past several years, and this evolution will continue in 2025.
- Cybercriminals are using AI to launch sophisticated phishing attacks, conduct surveillance on potential targets, and manipulate victims with deepfakes.
- AI is being used to detect cyberthreats as well, but isn’t keeping up and the cost of data breaches and other attacks is rising.
- CISOs and other security leaders should have an all-of-the-above approach to cybersecurity, which includes everything from zero-trust security architecture and AI-powered threat detection.
- Cybersecurity programs that combine security awareness and technology like automation and AI will be a key focus in 2025.
- According to IBM, the average cost of a data breach has reached an all-time high of $4.88 million.
- AI-powered social engineering is driving the surging cost of cyberattacks and Google’s 2025 Cybersecurity Forecast anticipates that AI will be used to develop and scale more convincing phishing attacks.
- It has never been more important for companies across all industries to prioritize cybersecurity.
- According to Allianz Risk Barometer, cyber incidents comprise the top global business risk for the first time by a clear margin.
- Cybersecurity awareness training must adapt to the new era and be personalized, employees must be aware of the latest cybercriminal tactics, and there should be clear policies around device usage, account security, and incident reporting.
Read Full Article
3 Likes
Neuways
3w
253
The Biggest Scams of 2024
- Deepfake Videos: Scammers use AI to create deepfake videos impersonating high-profile figures to promote fake investments.
- Fake Customer Service Accounts: Fraudsters pose as customer service representatives on social media to extract sensitive information from disgruntled customers.
- Copycat Websites: Scam websites replicate legitimate brands to harvest personal details for future scams.
- QR Code Scams: Scammers use tampered QR codes to infect devices with malware or unauthorized subscriptions.
- WhatsApp and Messaging Scams: Scammers exploit messaging apps like WhatsApp to trick victims into sharing sensitive information or transferring funds.
Read Full Article
15 Likes
Securityaffairs
3w
288
Image Credit: Securityaffairs
Experts discovered the first mobile malware families linked to Russia’s Gamaredon
- The Russia-linked APT Gamaredon used two new Android spyware tools called BoneSpy and PlainGnome against former Soviet states.
- Lookout researchers linked the BoneSpy and PlainGnome Android surveillance families to the Russian APT group Gamaredon, making them the first known mobile malware families linked to the Russian APT.
- BoneSpy and PlainGnome were used in attacks against Russian-speaking victims in former Soviet states, likely due to strained relations post-Ukraine invasion.
- Both BoneSpy and PlainGnome collect various data from infected devices and show similarities in infrastructure, techniques, and targeting, leading researchers to conclude that they are operated by Gamaredon.
Read Full Article
17 Likes
Cybersecurity-Insiders
3w
346
Image Credit: Cybersecurity-Insiders
Operation Power Off: International Effort Targets DDoS-for-Hire Networks
- Operation Power Off is a global crackdown that has successfully disrupted over 27 major platforms facilitating DDoS attacks for hire.
- Authorities from multiple countries collaborated to take down botnet networks operating across 12 nations.
- The operation aims to combat the increased demand for DDoS services during the holiday season.
- Europol led the operation and arrested three administrators of illicit platforms providing DDoS attacks for a fee.
Read Full Article
20 Likes
TechJuice
3w
420
Image Credit: TechJuice
PTA Issues Alert on “regreSSHion” Vulnerability in OpenSSH for Linux Systems
- The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory regarding a critical vulnerability in OpenSSH’s server component on Linux systems.
- The flaw, known as CVE-2024-6387, or “regreSSHion”, enables unauthenticated remote code execution (RCE) with root privileges, posing a significant threat of complete system compromise.
- OpenSSH versions 8.5p1 through 9.7p1 are impacted by this vulnerability.
- PTA advises OpenSSH users to upgrade to the recent version (9.8p1) and take additional security measures to prevent exploitation.
Read Full Article
25 Likes
TechCrunch
3w
1.3k
Image Credit: TechCrunch
Yahoo cybersecurity team sees layoffs, outsourcing of ‘red team,’ under new CTO
- Yahoo has laid off around 25% of its cybersecurity team, known as The Paranoids, over the past year.
- 40 to 50 people from the cybersecurity team have been laid off or lost due to attrition since the start of 2024.
- The red team, responsible for conducting cyberattack simulations, was completely eliminated.
- Yahoo confirmed the layoffs and stated that offensive security operations will be transitioned to an outsourced model.
Read Full Article
24 Likes
Dev
3w
148
Image Credit: Dev
Cybersecurity Challenges in AI-Powered Medical Devices (SaMD):
- AI-powered medical devices pose unprecedented cybersecurity challenges that go beyond traditional security paradigms.
- Innovative protection strategies include adaptive immune system architecture, quantum encryption and blockchain verification, and neuromorphic security modeling.
- Developmental imperatives include interdisciplinary training, ethical AI security frameworks, and global collaborative platforms.
- Regulatory and compliance evolution is needed for dynamic frameworks and global standardization of AI security protocols.
Read Full Article
8 Likes
For uninterrupted reading, download the app