A naukri.com initiative
Cyber Security News
Amazon
1d
321
Image Credit: Amazon
Securing Amazon Bedrock Agents: A guide to safeguarding against indirect prompt injections
- Amazon Bedrock Agents offer security controls and strategies to protect AI interactions from indirect prompt injections, which are hidden malicious instructions embedded in external content processed by AI systems.
- Indirect prompt injections are challenging to detect as they can manipulate AI behavior without user visibility, posing risks like system manipulation, unauthorized data exfiltration, and remote code execution.
- Remediation for indirect prompt injections varies based on architecture, requiring multi-layered defense approaches like user confirmation, content moderation, secure prompt engineering, custom orchestration, access control, monitoring, and standard security controls.
- Amazon Bedrock Agents emphasize securing vectors like user input, tool input/output, and final agent responses through techniques such as user confirmation, content moderation with Guardrails, secure prompt engineering, verifiers in custom orchestration, access control, sandboxing, monitoring, and logging.
- Guardrails in Amazon Bedrock can screen user inputs and model responses, tagging dynamically generated prompts for evaluating potential injection vectors from external data sources within prompt boundaries.
- Secure prompt engineering involves crafting system prompts to guide LLMs, detect prompt injections, and prevent malicious instructions within a secure orchestration framework like ReAct.
- Implementing verifiers in custom orchestration strategies like Plan-Verify-Execute and using guardrails can protect against tool invocations and unexpected actions triggered by indirect prompt injections.
- Access control and sandboxing mechanisms are critical in reducing the impact of compromised agents from prompt injections, enforcing least privilege, and establishing security boundaries between content processing and actions.
- Comprehensive monitoring, logging, and standard security controls like authentication and validation are essential for detecting and responding to indirect prompt injections, ensuring a layered defense approach to safeguard AI systems.
- A continuous commitment to evolving security measures is necessary as bad actors develop new exploitation techniques, and integrating these defensive strategies early in the design stages of Amazon Bedrock Agents architecture is crucial for protecting against future threats.
- By implementing these strategies and maintaining vigilance through continuous monitoring, organizations can deploy Amazon Bedrock Agents securely while delivering powerful AI capabilities and ensuring the integrity of their AI-powered applications.
Read Full Article
19 Likes
Silicon
1d
290
Image Credit: Silicon
Marks & Spencer Warns Customers Over Data Theft
- Marks & Spencer informed online customers of data theft during a cyber-attack on 25 April.
- The stolen data included contact details, dates of birth, and online order history.
- No card details, payment information, or account passwords were compromised.
- Customers are advised to change passwords as a precaution, and M&S is working on resolving the issue.
Read Full Article
17 Likes
BGR
1d
245
Image Credit: BGR
8 new Android 16 security features that will make your phone safer than ever
- Google announced several upgrades to Android, enhancing security for users' personal data and valuables.
- Themes of the event included Android 16 design, Gemini AI, and a focus on security, especially relevant due to increased hacking and scams using AI technology.
- New security features aim to protect against various threats, including theft, data extraction, and state-sponsored espionage targeting high-value individuals.
- These security enhancements will benefit both Android 16 devices and older versions, providing a safer user experience.
Read Full Article
14 Likes
Droid-Life
1d
175
Image Credit: Droid-Life
Google’s Find My Device Becomes “Find Hub” Because It’s for Devices and People
- Google has rebranded its Find My Device app to Find Hub to encompass tracking for both devices and people.
- Find Hub will offer features like tracking smart devices, watches, earbuds, smart tags, as well as people, with plans to integrate satellite connectivity.
- Google will expand supported devices for Find Hub, add nearby finding capabilities through UWB and Moto Tag, and partner with airlines for luggage recovery using Bluetooth tags.
- Find Hub will also connect to satellites to enable communication with friends and family in areas with no cellular connectivity.
Read Full Article
10 Likes
TechCrunch
1d
95
Image Credit: TechCrunch
Google announces new security features for Android for protection against scam and theft
- Google announced new security and privacy features for Android at the Android Show, including protections for calls, screen sharing, messages, device access, and system-level permissions.
- The aim is to protect users from scams, secure their details if a device is stolen, and enhance device security against various attacks.
- Actions like tapping on unsafe links or downloading unknown apps are blocked to protect users from potential scams during a call.
- New features include preventing side-loading apps from unverified sources and ensuring users cannot disable Google Play Protect while on a call.
- Google is adding screen-sharing protection and testing warning screens with select banks to prevent fraud through screen-sharing.
- Enhancements in Google Messages now include AI-based detection of various scam types and adding verification keys for encrypted conversations.
- Theft protection measures include Identity Check protection, biometric authentication for critical settings, and better protection for Factory Reset.
- Additional features include improved Google Play Protect detection, new measures for Advanced Protection Mode, and introducing Find My Hub for tracking items, friends, and family.
Read Full Article
5 Likes
TechCrunch
1d
26
Image Credit: TechCrunch
Google is adding new device-level features for its Advanded Protection program
- Google is adding new device-specific features to its Advanced Protection program with the Android 16 release, aimed at protecting public figures from digital threats.
- The new features include storing device logs accessible only by the user, protection from spam calls, auto-restart functionality for locked devices, and intrusion logging for threat analysis.
- Additional features include USB protection that allows charging only from new USB connections, prevention of auto-reconnecting to unsecured Wi-Fi networks, and private conversation processing to detect potential scams during phone calls.
- Advanced Protection devices will automatically restart after 72 hours if locked, and the new measures are designed to enhance security for public figures and prevent device compromises.
Read Full Article
1 Like
Wired
1d
374
Image Credit: Wired
Google Is Using On-Device AI to Spot Scam Texts and Investment Fraud
- Google is expanding its AI flagging feature, Scam Detection, to alert users about potential scams like crypto scams, financial impersonation, gift card scams, and more in the Google Messages app.
- Scammers, particularly from Chinese groups, send fraudulent messages demanding payments or personal information, leading to data theft when users click on provided links.
- AI on-device allows detection of sophisticated scams like investment or romance scams that evolve over time, where scammers build trust before exploiting victims.
- Companies like O2 and scam baiter Kitboga use AI to combat scammers, while Meta introduces pop-up warnings in chat messages for potential payments.
- F-Secure has created a tool to identify and block scam messages, aiming to reduce the success rate of scammers by adding friction to contacting unknown accounts.
- Google has seen positive impacts from using machine learning to detect scam messages in real time, with plans to expand these protections to third-party communication platforms.
- The company is testing scam detection for phone calls and aims for broader deployment in the future to combat various forms of fraudulent activities.
Read Full Article
22 Likes
The Verge
1d
333
Image Credit: The Verge
Android launches new protections against phone call scammers
- Google is introducing new features on Android to protect users from phone call scams, such as automatically blocking app installations while on a call with an unknown contact.
- Android will prevent users from granting accessibility permissions to apps during phone calls to safeguard against potential device takeovers.
- A new Android feature will discourage users from opening banking apps while screen-sharing during calls to combat screen-sharing scams.
- These protections add to Android's existing scam detection tools like AI caller identification and scam detection in Google Messages for various types of scams.
Read Full Article
20 Likes
TechCrunch
1d
33
Image Credit: TechCrunch
Google is adding new device-level features for its Advanced Protection program
- Google is adding new device-specific features to its Advanced Protection program with the Android 16 release.
- The new features include storing device logs accessible only by the user, protection from spam calls, and an auto-restart feature.
- Additional security measures such as intrusion logging, USB protection, auto-restart after 72 hours, and prevention from connecting to insecure Wi-Fi networks are being implemented.
- The program will also include a feature to process conversations on the device to detect potential scams during phone calls.
Read Full Article
1 Like
Pymnts
1d
367
Image Credit: Pymnts
Adyen and JCB Roll out Card-on-File Tokenization Service
- Adyen partners with JCB to offer and implement card-on-file (COF) tokenization service for eCommerce merchants.
- JCB plans to implement COF tokens globally to enhance the security of credit card transactions.
- The COF tokenization service replaces sensitive card data with secure tokens, reducing the risk of data breaches.
- Tokenization offers increased convenience and improved transaction authorization rates, benefiting both customers and merchants.
Read Full Article
22 Likes
Tech Radar
1d
45
Image Credit: Tech Radar
Co-op hackers may still be “in the system” as cyberattack disruption continues
- Co-op is facing disruptions from a cyberattack, leading to critical systems being offline and hindering restocking in some stores.
- Hackers may still have access to Co-op's networks, causing concerns about potential data breaches.
- Co-op's CEO confirmed that a limited amount of customer data was accessed by the cybercriminals, emphasizing the importance of data protection.
- The cyberattack on Co-op follows a similar incident at M&S, leading to disruptions in operations and deliveries from large depots.
Read Full Article
2 Likes
Tech Radar
1d
333
Image Credit: Tech Radar
Browser extensions are increasing the attack surface, putting employees and businesses at risk
- Browser extensions are increasing the attack surface, putting employees and businesses at risk according to the 2025 Enterprise Browser Extension Security Report by LayerX.
- Almost all enterprises have at least one extension installed with over half running more than ten, exposing sensitive data to potential risks.
- More than half of extensions have 'high' or 'critical' risk permissions, with 53% of them allowing access to sensitive data.
- To mitigate the threats, enterprises are advised to audit all browser extensions, categorize them based on risk profiles, and analyze permissions meticulously to enforce adaptive security policies.
Read Full Article
20 Likes
TechCrunch
1d
164
Image Credit: TechCrunch
Government email alert system GovDelivery used to send scam messages
- An email notification system used by U.S. federal and state government departments, GovDelivery, has been used to send scam emails, targeting residents with fake toll messages.
- The U.S. state of Indiana is investigating fraudulent messages concerning unpaid tolls purportedly sent by state agencies through GovDelivery, which contained disguised links to malicious sites.
- Indiana confirmed a contractor's account was hacked to send scam messages, but stated that no current state systems were compromised.
- Granicus, the company behind GovDelivery, confirmed the breach was due to a compromised user account but asserted that their systems were not breached.
Read Full Article
9 Likes
Pymnts
1d
98
Image Credit: Pymnts
Crypto’s Institutional Future Could Hinge on Solving the Risk Puzzle
- Institutional adoption of digital assets like cryptocurrencies requires mature blockchains for institutional use.
- Risk poses a significant obstacle to the increased interest in digital assets by regulated institutions.
- The regulatory landscape for digital assets is evolving, with major financial institutions exploring stablecoins and blockchain adoption.
- To unlock the future of payments with digital assets, the industry must address the challenges of risk exposure and control.
Read Full Article
5 Likes
Cybersecurity-Insiders
1d
241
Image Credit: Cybersecurity-Insiders
Now ransomware starts infecting Central Processing Units aka CPUs
- Ransomware is now targeting Central Processing Units (CPUs), a critical component of computing devices.
- This new form of malware infects the CPU itself, making it difficult to remove even after hardware changes.
- Malicious actors can manipulate the microcodes of a processor, potentially compromising the entire system.
- The development of CPU-targeting malware represents a significant evolution in cybercriminal tactics, posing new challenges for cybersecurity professionals.
Read Full Article
14 Likes
For uninterrupted reading, download the app