A naukri.com initiative
Cyber Security News
Dev
2w
195
Image Credit: Dev
A Beginner’s Trial of MCP Server: SafeLine MCP
- SafeLine is a self-hosted WAF powered by a semantic analysis engine.
- MCP (Model Context Protocol) is a standardized protocol for AI models to connect with different data sources and tools.
- MCP Hosts, Clients, and Servers play key roles in the MCP architecture.
- To enable automated WAF management via AI, an MCP Server for SafeLine has been implemented with features such as creating protected applications, retrieving certificates, and fetching attack events and logs.
Read Full Article
11 Likes
The Fintech Times
2w
65
Image Credit: The Fintech Times
Fraudsters Turn to WhatsApp: Revolut Reveals UK Consumers Lose £2,437 From WhatsApp Scams
- UK consumers are losing an average of £2,437 from scams on WhatsApp, according to Revolut.
- WhatsApp fraud cases in the UK have been rising, with the country being the worst affected in Europe.
- Scams originating on WhatsApp accounted for 21% of all reported fraud cases in the UK.
- Revolut calls for social media companies to share reimbursement for victims of scams and increase public awareness campaigns.
Read Full Article
3 Likes
Cybersecurity-Insiders
2w
186
Image Credit: Cybersecurity-Insiders
Facial Recognition Technology helps fight against AI Deepfake Cyber Threats
- Facial recognition technology is being explored as a countermeasure against deepfake cyber threats.
- Deepfake technology, driven by AI, poses threats such as misinformation campaigns, identity fraud, and cyberbullying.
- Facial recognition technology can detect deepfakes with advanced algorithms, multi-factor authentication, and blockchain-based verification.
- While promising, facial recognition technology faces challenges related to false positives, privacy risks, and an evolving AI arms race.
Read Full Article
11 Likes
Medium
2w
286
Image Credit: Medium
When Personal Convenience Compromises National Security: The Hidden Dangers of Using Gmail for…
- Personal email accounts are vulnerable to phishing attacks, credential theft, and man-in-the-middle exploits.
- Mixing personal and professional tools leads to cascading risks and potential security meltdowns.
- Gmail's Confidential Mode is not a comprehensive solution for secure communication.
- To improve security, measures such as automated archiving, cyber drills, encryption, and zero-trust architecture are recommended.
Read Full Article
17 Likes
Medium
2w
65
Image Credit: Medium
How MCP Turns Dmail and Subhub Into Smart Web3 Assistants
- The Model Context Protocol (MCP) enables Dmail and Subhub to become smart web3 assistants.
- MCP allows Dmail to analyze wallet activity, trigger actions from messages, and adapt to user behavior.
- MCP turns Subhub into a self-optimizing growth engine by sending reminders, suggesting reward tiers, and providing AI-generated tips.
- MCP brings less spam, more value, time saved, and simplifies complex actions in the web3 platforms.
Read Full Article
3 Likes
The Verge
2w
169
Image Credit: The Verge
Trump advisor reportedly used personal Gmail for ‘sensitive’ military discussions
- US National Security Advisor Michael Waltz has reportedly used his personal Gmail account to discuss sensitive military positions and powerful weapons systems.
- Waltz and other members of the National Security Council have used Gmail for highly technical conversations with colleagues at other government agencies, according to emails seen by The Washington Post.
- The emails reveal that while others used their government-issued accounts, Waltz had both less sensitive information such as his schedule and work documents, as well as potentially exploitable information, sent to his personal email.
- National Security Council spokesman Brian Hughes denies that Waltz sent classified information on his personal email.
Read Full Article
10 Likes
Tech Radar
2w
304
Image Credit: Tech Radar
Security firm Check Point confirms data breach, but says users have nothing to worry about
- Check Point confirms an old breach, denies any present security risk or breach.
- A hacker named CoreInjection claims to have stolen a 'highly sensitive' dataset from Check Point.
- Check Point states that the breached dataset includes limited access and does not impact customers or production systems.
- Some experts remain skeptical and suggest the breach involves an administrator account with serious privileges.
Read Full Article
18 Likes
Medium
2w
421
Image Credit: Medium
AI Runtime Security: How to Protect Your GenAI Stack from Real-World Threats
- AI Runtime Security is crucial for protecting agentic AI systems from real-world threats at runtime, due to their increased decision-making and potential vulnerabilities.
- It focuses on safeguarding system-level signals, API responses, and anomalous execution flows within AI ecosystems.
- As AI adoption grows, the risk surface also expands, emphasizing the need for runtime visibility and control for safe deployment.
- Organizations have faced real-world consequences from AI inaccuracies, highlighting the importance of executive-driven AI adoption for scalability and financial impact.
- AI Trust, Risk, and Security Management principles stress the significance of runtime monitoring and governance across the AI lifecycle.
- Continuous monitoring, guardrails enforcement, access control, collaboration with providers, and proactive testing are essential strategies for securing GenAI environments.
- Collaboration between security and ML teams, adherence to industry standards, and regulatory frameworks like the EU AI Act are vital for ensuring security and compliance in AI deployments.
- Embedding security measures throughout AI systems and leveraging comprehensive security platforms can help organizations manage risks associated with GenAI adoption.
- Securing GenAI involves controlling every layer of the stack, from inputs to orchestration layers, to mitigate risks and ensure safe innovation at scale.
- By prioritizing security in AI systems, organizations can accelerate adoption, comply with regulations, and protect data and user privacy effectively.
Read Full Article
25 Likes
Tech Radar
2w
69
Image Credit: Tech Radar
American cyber brass calls for retaliatory strikes against China, but is the US really ready?
- American cyber brass calls for retaliatory strikes against China.
- The US is underregulated and underprepared for cyber warfare escalation with China.
- US critical infrastructure is vulnerable to cyber attacks and relies on outdated technology.
- China has robust cybersecurity regulations, making it difficult for the US to catch up.
Read Full Article
4 Likes
Microsoft
2w
347
Image Credit: Microsoft
Important Update: Server Name Indication (SNI) Now Mandatory for Azure DevOps Services
- Starting from April 23rd, 2025, Server Name Indication (SNI) will be mandatory for all incoming HTTPS connections to Azure DevOps Services.
- SNI is an extension to the TLS protocol that allows clients to specify the hostname they are connecting to.
- Some client software may be incompatible with SNI, causing connection errors such as ERR_SSL_PROTOCOL_ERROR or javax.net.ssl.SSLHandshakeException.
- To test SNI compatibility, users can call the status endpoint of Azure DevOps or temporarily override DNS settings when testing legacy software.
Read Full Article
20 Likes
Securityaffairs
2w
82
Image Credit: Securityaffairs
Microsoft warns of critical flaw in Canon printer drivers
- Microsoft’s offensive security team discovered a critical code execution vulnerability impacting Canon printer drivers.
- The vulnerability is an out-of-bounds issue that resides in certain printer drivers for production printers, office/small office multifunction printers and laser printers.
- An attacker can exploit the flaw to prevent printing and/or potentially execute arbitrary code under certain conditions.
- Canon will upload fixed printer drivers on local sales websites and advises customers to install the latest versions.
Read Full Article
4 Likes
Medium
2w
95
Image Credit: Medium
AISPM — A Comprehensive Technical Framework for Enterprise Cybersecurity
- AI Security Posture Management (AISPM) is an emerging discipline addressing cybersecurity challenges in the AI/ML lifecycle, from data collection to deployment.
- AISPM extends classical cybersecurity paradigms to cover the AI pipeline, emphasizing continuous monitoring and security controls.
- Key imperatives include data lineage tracking, secure data collection, cryptographic frameworks, and threat modeling.
- AISPM practices involve secure build pipelines, model verification, runtime monitoring, and aligning with regulatory frameworks.
- It recommends utilizing FHE for privacy-preserving ML, enforcing formal bounds on input perturbations, and employing multi-factor authentication.
- AISPM emphasizes the importance of version control, unit testing, vulnerability scanning, and adversarial testing in MLOps environments.
- Robust Intelligence, Fiddler AI, Arize AI, Seldon Core, and Truera are evaluated as market-leading AISPM solutions with distinct technical strengths.
- AISPM frameworks help organizations proactively defend against adversarial threats, ensure compliance, and maintain trust in AI outputs.
- Future developments in cryptographic techniques and dynamic adversarial defenses will enhance the security posture of enterprise AI systems.
- The author, Asad Faizi, is a Seattle-based entrepreneur, technologist, and social activist.
Read Full Article
5 Likes
TechCrunch
2w
34
Image Credit: TechCrunch
Genetic sharing site openSNP to shut down, citing concerns of data privacy and ‘rise in authoritarian governments’
- OpenSNP, a repository for user-uploaded genetic data, will shut down and delete all its data by the end of April.
- The closure is attributed to concerns of data privacy following the financial collapse of 23andMe and the rise in authoritarian governments around the world.
- OpenSNP was founded in 2011 as an open repository for customers of genetic testing kits to upload their test results and find others with similar genetic variations.
- The shutdown also reflects concerns over potential abuse of genetic data and the removal of public data from US government websites.
Read Full Article
2 Likes
Medium
2w
204
Image Credit: Medium
You need to stop making this mistake in Bug Bounty!
- When choosing bug bounty programs, consider newer programs or those with fewer resolved vulnerabilities for better opportunities.
- Private bug bounty programs with fewer hunters can provide a more exclusive environment for testing and finding vulnerabilities.
- Evaluate the scope of the program, including specific system parts and types of vulnerabilities that are recognized and rewarded.
- Consider targeting less competitive programs to increase your chances of finding unique vulnerabilities and gaining a competitive edge.
Read Full Article
12 Likes
Tech Radar
2w
52
Image Credit: Tech Radar
A key WordPress feature has been hijacked to show malicious code, spam images
- A special directory in WordPress, called mu-plugins, has been abused by threat actors to host malicious code.
- The malicious code in mu-plugins allows threat actors to execute arbitrary code, redirect visitors to malicious websites, and display spam and ads.
- Sucuri researchers found three variants of malicious code in mu-plugins, including redirect.php, index.php, and custom-js-loader.php.
- To mitigate the risk, website admins should conduct regular security checks, scan for malicious files, update plugins and themes, and monitor file integrity.
Read Full Article
3 Likes
For uninterrupted reading, download the app