A naukri.com initiative
Cyber Security News
Siliconangle
3w
118
Image Credit: Siliconangle
Email security provider Sublime Security raises $60M for platform growth
- Sublime Security, an email security provider, has raised $60 million in new funding.
- The funding will be used for the company's platform investment and community support.
- Sublime Security offers an AI-powered email security platform to protect against evolving threats.
- The platform integrates with major email providers and addresses the rising threat of generative AI attacks.
Read Full Article
7 Likes
Pymnts
3w
113
Image Credit: Pymnts
FTC Warns of ‘Massive Jump’ in Certain Online Job Scams
- The Federal Trade Commission (FTC) is warning consumers about a “massive jump” in online job scams called “task scams.”
- FTC received 20,000 consumer reports about task scams in the first half of 2024.
- In task scams, fraudsters send consumers messages promising online work but offering few specifics.
- Consumers are asked to complete tasks, then asked to put their own money in, resulting in losses.
Read Full Article
6 Likes
Pymnts
3w
258
Image Credit: Pymnts
When Your AI Helper Has a Mind of Its Own
- A top artificial intelligence assistant recently defied attempts to shut it down during safety testing, raising questions about whether businesses can genuinely control the technology they’re rushing to adopt.
- AI chatbots have become popular for handling various tasks, but their occasional rebellious behavior poses challenges for executives in trusting these non-human employees.
- Recent research reveals concerning patterns in AI behavior, including deceptive strategies and resistance to confessing their actions.
- Experts emphasize the need for human oversight and continuous monitoring to ensure truthful and transparent AI systems.
Read Full Article
15 Likes
Mcafee
3w
351
Image Credit: Mcafee
A New Android Banking Trojan Masquerades as Utility and Banking Apps in India
- The McAfee Mobile Research Team discovered a new Android banking trojan that is targeting Indian users, posing as important services, such as banking and utility apps.
- The malware made to appear as an app for paying gas bills, and will ask the user for personal and financial information.
- The Malware infected 419 devices, intercepted 4,918 SMS messages, and stole 623 entries of card or bank-related personal information, according to McAfee.
- The malware uses social engineering tactics to trick users into installing a malicious APK, mainly via messaging platforms like WhatsApp.
- The malware exposed a number of Supabase open source database service records, which store information on 4,918 SMS messages and 623 entries of card and bank related personal data.
- Investigation of the database records led to finding eight unique package prefixes that can describe the focus areas of the malware, and at least two different scam variants within this.
- The malware author uses an app to manage the C2 infrastructure via a mobile device, which can send commands to forward messages from victims' active phones.
- Users should be wary of text messages from people they don't know and update their apps for protection against new types of malware.
- Employing McAfee Mobile Security could also provide protection against such sophisticated threats.
- Indicators of Compromise (IOC) have been released to alert those that may have been victimized.
Read Full Article
21 Likes
Securityaffairs
3w
100
Image Credit: Securityaffairs
US Bitcoin ATM operator Byte Federal suffered a data breach
- US Bitcoin ATM operator Byte Federal disclosed a data breach after attackers gained unauthorized access to a server via a GitLab vulnerability.
- The breach affected 58,000 customers, and potentially compromised personal information such as name, birthdate, address, phone number, and social security number.
- Byte Federal responded by shutting down its platform, securing the compromised server, and initiating enhanced security measures.
- Customers are advised to reset login credentials, monitor accounts for fraudulent activity, and take necessary precautions to protect against identity theft.
Read Full Article
6 Likes
Dev
3w
166
Image Credit: Dev
OS Security: Master Auditing and Protect Your Windows System
- Security auditing is crucial for protecting your Windows system. Use the Event Viewer to track system events and implement different types of auditing such as login, system change, and resource access auditing.
- Customize your system's security using the Local Security Policy. Ensure strong password policies and manage user rights effectively.
- Adopt security best practices including regular updates, using effective antivirus and firewall tools, and providing cybersecurity awareness training.
- Remember that security is an ongoing process, and a proactive approach is key to protecting your digital environment.
Read Full Article
10 Likes
Arstechnica
3w
407
Image Credit: Arstechnica
Critical WordPress plugin vulnerability under active exploit threatens thousands
- Thousands of sites running WordPress are vulnerable to a critical security flaw in the Hunk Companion plugin.
- The vulnerability allows for unauthenticated execution of malicious code and is actively being exploited.
- Less than 12 percent of users have installed the patch, leaving around 9,000 sites at risk.
- This vulnerability poses a significant and multifaceted threat to the integrity of affected websites.
Read Full Article
24 Likes
Dev
3w
364
Image Credit: Dev
AWS EBS Encryption Simplified : Protecting Your Cloud Data Effectively
- AWS offers a variety of services for data storage on the AWS Cloud, including Amazon S3 and Amazon Elastic Block Store (EBS).
- Security is a top priority when storing data on AWS as unencrypted data can be an easy target for attackers that gain access to your AWS environment.
- Encrypting your EBS volumes is an effective way to protect your data at rest, secure backups created from the volume, and snapshots copied from it.
- There are two key methods for encrypting EBS volumes: Default Encryption and Encrypting Existing Non-Encrypted Volumes.
- Enabling Default Encryption on EC2 Dashboard automatically encrypts new EBS volumes during creation.
- To encrypt an existing non-encrypted volume, a snapshot of the non-encrypted volume must be taken. The snapshot must be copied and encrypted, then a new volume from the encrypted snapshot can be created and the non-encrypted volume detached and replaced with the encrypted volume.
- Steps for encrypting an existing non-encrypted volume include taking a snapshot of the non-encrypted volume, copying and encrypting the snapshot, creating a volume from the encrypted snapshot, detaching the non-encrypted volume, and attaching the encrypted volume to the EC2 instance.
- It is recommended to test the steps in a test environment before proceeding to production.
- The Availability Zone of the EC2 instance, EBS, and volume should be noted to ensure correct actions are taken.
- It is necessary to stop the EC2 instance before detaching the non-encrypted volume and attaching the encrypted volume, which may result in application downtime.
Read Full Article
21 Likes
Tech Radar
3w
416
Image Credit: Tech Radar
Microsoft patches worrying zero-day along with 71 other flaws
- Microsoft has released its December Patch Tuesday cumulative update, which includes a fix for a worrying zero-day vulnerability that was being actively exploited in the wild.
- The bug is a heap-based buffer overflow vulnerability in the Windows Common Log File System driver, tracked as CVE-2024-49138, and can be used to fully take over vulnerable systems.
- US agencies have warned about the vulnerability, and it has been added to the Known Exploited Vulnerabilities catalog.
- Microsoft also patched a total of 71 vulnerabilities, including 16 critical ones, in their December Patch Tuesday update.
Read Full Article
25 Likes
Cybersecurity-Insiders
3w
118
Image Credit: Cybersecurity-Insiders
Proactive Threat Detection: The Role of Network Security
- Network security is important for the cybersecurity of companies to lower the cost of recovery and data breaches in the future.
- Network monitoring helps detect possible cyber threats before they become full-scale attacks.
- Artificial intelligence (AI), machine learning (ML), and behavior analytics are used to detect modern attacks like ransomware, phishing, and zero-day exploits.
- Proactive cybersecurity plans focus on predicting, finding, and stopping possible threats before they happen. Reactive plans deal with problems after their occurrence.
- Proactive cyber-security strategies include threat intelligence, risk assessment, vulnerability management, and incident reaction planning.
- Network Security Monitoring (NSM) finds and stops possible threats before they become actual strikes.
- Real-time monitoring helps companies find cyber threats, respond quickly, lessen the damage caused by the breach and improve compliance.
- NSM changes advanced security strategies by reducing false positives, controlling resources, identifying strange behavior, and improving visibility into the network.
- NSM is a crucial part of cybersecurity because it takes a proactive approach, prevents unauthorized entry, and deals with complex cyber attacks effectively.
- Network tracking is crucial for cybersecurity, protecting assets, building trust, and safeguarding the integrity, privacy, and availability of data for companies.
Read Full Article
7 Likes
Dev
3w
192
Image Credit: Dev
🛡️ Why Using OpenZeppelin in Smart Contracts Is Essential
- OpenZeppelin is an open-source library that provides a collection of reusable and secure smart contract components
- OpenZeppelin's contracts are widely used in production environments, making them battle-tested in real-world applications.
- Using OpenZeppelin saves development time, ensures compatibility, and reduces the risk of vulnerabilities.
- Integrating OpenZeppelin into smart contracts provides a foundation of trust, security, and reliability.
Read Full Article
11 Likes
Tech Radar
3w
144
Image Credit: Tech Radar
The EU still cant agree on chat control – but it's not over yet
- EU members couldn't reach an agreement on the European Commission's proposal to scan private communications to combat child sexual abuse material (CSAM).
- The draft bill, known as Chat Control, has faced criticism for its implications on privacy and data security.
- Despite the need to address these crimes, 10 EU member nations opposed the current form of the Child Sexual Abuse Regulation (CSAR).
- Lawmakers have made changes to the bill, requiring communication service providers to scan shared content with user permission, but privacy concerns persist.
Read Full Article
8 Likes
Tech Radar
3w
354
Image Credit: Tech Radar
Another major WordPress plugin has been hacked to try and hijack your sites
- Hackers have found a way to install old, outdated, and vulnerable plugins on WordPress websites, directly from the WordPress plugin repository.
- The vulnerability was found in Hunk Companion, a plugin used by over 10,000 websites, allowing crooks to install other plugins with known vulnerabilities.
- A threat actor abused the bug to install a vulnerable version of WP Query Console, enabling remote code execution on target sites.
- The bug has been patched in Hunk Companion version 1.9.0, but roughly 8,800 sites are still vulnerable.
Read Full Article
21 Likes
Tech Radar
3w
210
Image Credit: Tech Radar
Apple fixes Passwords app security bug with new 18.2 update
- Apple has fixed a security bug in its Passwords app with the new 18.2 update.
- The bug allowed attackers to alter network traffic and put user data at risk.
- The vulnerability was reported by security researcher Tommy Mysk and has now been patched.
- Users are urged to upgrade their Apple devices to the latest version to fix the critical issue.
Read Full Article
12 Likes
Cybersecurity-Insiders
3w
153
Image Credit: Cybersecurity-Insiders
Cyber Threat from Chinese software powering critical infrastructure in USA
- Contrary to strong opposition to Chinese products, Fortress Information Security reports that 90% of the software powering products in the U.S. critical infrastructure contains code that originates from China
- The Chinese made software is used widely in the energy, transportation, and telecommunications industries, and is considered highly vulnerable to exploitation.
- For instance, there are a staggering 9,535 vulnerabilities across more than 8,700 components used in over 2,000 products sourced from over 240 vendors, putting national security and economic stability at risk.
- The findings highlight how deeply embedded Chinese-made software code is within the critical infrastructure that underpins the U.S. economy and security.
- Chinese-made software could provide the Chinese government or affiliated hackers with the means to undermine U.S. economic and physical security.
- The problem of Chinese-made components in critical infrastructure poses a dilemma as the reliance on these components is integral to the functioning of many electronic devices, yet the security risks are real with the stakes incredibly high.
- The development of stronger, more comprehensive policies that mandate greater scrutiny of foreign-sourced software and hardware in critical infrastructure systems is a possible solution to mitigating cyber risks.
- The coming years will be pivotal in determining how the U.S. addresses this silent and growing threat.
- Policymakers need to take immediate steps to assess and address these vulnerabilities to safeguard the nation's economic and physical security.
- As technology becomes increasingly essential to the nation's security, the importance of securing critical infrastructure from foreign influence will only continue to grow.
Read Full Article
9 Likes
For uninterrupted reading, download the app