A naukri.com initiative
Cyber Security News
Global Fintech Series
3w
219
Image Credit: Global Fintech Series
Safe AI Strategy for Community Financial Institutions: Turning Concepts into Action
- The challenge isn’t just about adopting new technology; it’s about harnessing AI’s potential while preserving the very qualities that make CFIs indispensable to their communities.
- CFIs integrate AI into their workflows, aligning AI solutions with ethical use, transparency, and security.
- Before implementing AI in CFIs, it’s crucial to recognize the risks it brings. These risks span content moderation, bias, ethics, and legal compliance.
- Governance, Compliance, and Ethical Stewardship: Establish a strong governance framework to ensure AI systems adhere to financial regulations, maintain ethical standards, and prioritize transparency and accountability in decision-making.
- Member Equity, Inclusion, and Bias Prevention: Develop AI systems that promote fairness, inclusivity, and equitable treatment for all members, while preventing biases that could impact diverse groups.
- Privacy, Security, and Member Data Protection: Embed strong privacy and security measures into AI systems to safeguard member data, prevent breaches, and safeguard compliance with financial data protection regulations such as GLBA, CCPA, and GDPR.
- Transparency, Explainability, and Member Empowerment: Ensure AI operations are transparent and understandable, giving members and staff tools to effectively manage AI interactions.
- Continuous Improvement, Monitoring, and Risk Management: Continuously monitor, update, and adapt AI systems and regulations, while proactively managing risks to maintain financial stability.
- Successfully implementing AI in Credit Financial Institutions (CFIs) requires more than just a technical solution. It demands a comprehensive, strategic approach that aligns with ethical standards, regulatory requirements, and the mission of serving members fairly.
- As we navigate the AI landscape, it’s clear that the future of CFIs doesn’t lie in blindly adopting technology or following industry buzzwords. Instead, success will come from a thoughtful, strategic approach that prioritizes member needs, ethical considerations, and the unique position of community financial institutions.
Read Full Article
13 Likes
Tech Radar
3w
408
Image Credit: Tech Radar
Top file-sharing tools are being hit by security attacks once again
- Security researchers Huntress uncover flaw in LexiCom, VLTransfer, and Harmony tools.
- Flaw was patched, but the patch did not work effectively.
- Hackers are exploiting the vulnerability possibly to steal data.
- 24 compromised businesses identified, with many others at risk.
Read Full Article
24 Likes
Securityaffairs
3w
254
Image Credit: Securityaffairs
Chinese national charged for hacking thousands of Sophos firewalls
- The US has charged the Chinese national Guan Tianfeng (aka gbigmao and gxiaomao) for hacking thousands of Sophos firewall devices worldwide in 2020.
- Tianfeng worked at Sichuan Silence Information Technology Co., faces charges for developing and testing a zero-day exploit used to compromise approximately 81,000 firewalls.
- The man and co-conspirators exploited a zero-day vulnerability, tracked as CVE-2020-12271, in Sophos firewalls to deploy malware.
- At the end of April 2020, cybersecurity firm Sophos released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild.
- The hackers exploited the SQL injection flaw to download malicious code on the device that was designed to steal files from the XG Firewall.
- Hackers exploited the issue to install the Asnarök Trojan that allowed the attackers to steal files from the XG Firewall and use the stolen info to compromise the network remotely.
- The Trojan could steal sensitive data including usernames and hashed passwords for the firewall device admin, and user accounts used for remote access.
- Sophos published a series of reports named ‘Pacific Rim‘ that includes details about the operations conducted by Chinese hackers against network devices of different vendors worldwide for over 5 years.
- Since 2018, Sophos has faced increasingly aggressive campaigns, including the India-based Sophos subsidiary Cyberoam, where attackers exploited a wall-mounted display for initial access.
- The U.S. Treasury’s OFAC has sanctioned Sichuan Silence Information Technology Co. Ltd. and its employee Guan Tianfeng for hacking U.S. critical infrastructure companies.
Read Full Article
15 Likes
Insider
3w
74
Image Credit: Insider
How much do health insurance companies spend on executive security? It might be less than you think.
- Health insurance companies appear to spend less on executive protection compared to high-profile CEOs like Mark Zuckerberg or Elon Musk.
- The death of UnitedHealthcare CEO, Brian Thompson, highlights that even executives who aren't as high-profile or famous as others may not always have bodyguards with them.
- The amount companies pay for executive security varies widely, with some CEOs known for having multimillion-dollar security packages while some have more modest protection services worth hundreds of thousands of dollars.
- Walmart CEO Doug McMillon and McDonald's CEO Chris Kempczinski, for example, appear to have individual security expenses of less than $25,000 for 2023, according to company filings.
- Typically, company-paid security costs are disclosed in annual corporate filings called proxy statements, and include a breakdown of the salary, benefits, bonuses, and other perks provided for top executives' total compensation packages.
- UnitedHealth Group appear to allocate less expense on executive protection as some of the Big Tech giants, and don't specify any personal security cost for CEO, Brian Thompson, in last year's filings.
- Other insurance companies, including CVS (owner of Aetna), Cigna, Humana, and Elevance (owner of Anthem), also do not specify personal security costs in their proxy statements, while Kaiser Permanente is a nonprofit and not subject to the same reporting requirements.
- Different executives may have their own personal preference for the level of security they require, which is very much driven on the executives' preference.
- Elon Musk, the world's wealthiest person, has spoken out about personal security concerns in recent years and has more than one bodyguard in his security team.
- Executives at health insurance companies, who may not be as recognizable as someone like Musk or Zuckerberg, may consider reviewing executive protection costs following Thompson's death.
Read Full Article
4 Likes
Cybersecurity-Insiders
3w
1.7k
Image Credit: Cybersecurity-Insiders
Apple iPhone Users Warned About Data-Stealing Vulnerability in TCC Feature
- Apple iPhone users are being alerted to a critical security flaw that could potentially allow hackers to steal sensitive data.
- The vulnerability exists within the Transparency, Consent, and Control (TCC) feature of Apple's operating system.
- The bug, known as the 'TCC Bypass,' enables attackers to bypass security prompts and gain unauthorized access to iCloud data.
- Apple has released a patch (iOS 18.2) to address the vulnerability, but users need to ensure they install the update to maintain device security.
Read Full Article
3 Likes
Dynamicbusiness
3w
13
Image Credit: Dynamicbusiness
Cyber trouble? Here’s free help for small businesses
- The Australian Government has launched the Small Business Cyber Resilience Service to protect small businesses from cyber threats.
- The free service offers customized cyber security plans, actionable recommendations, recovery assistance, case management support, and referrals to additional resources.
- Eligible businesses include those with 19 or fewer full-time employees, registered in Australia, actively trading, and holding a valid ABN.
- The service aims to empower small businesses in navigating the digital landscape, staying ahead of threats, and recovering effectively from cyber incidents.
Read Full Article
Like
Mcafee
3w
312
Image Credit: Mcafee
The Stealthy Stalker: Remcos RAT
- McAfee Labs has identified a significant rise in the Remcos RAT threat in Q3 2024.
- The malware is often delivered through phishing emails and malicious attachments, allowing cybercriminals to remotely control infected machines and compromising sensitive data.
- In a technical analysis of two Remcos RAT variants, highly obfuscated PowerShell scripts are executed to download and inject multiple files into a legitimate Microsoft .NET executable, eventually leading to the installation of the Remcos payload.
- In variant 2, the Remcos RAT comes from an Office Open XML document, which is downloaded from a spam email attachment and imported using the CVE-2017-11882 Equation Editor vulnerability.
- The VBS script from variant 2, which is highly obfuscated, launches PowerShell using Base64 encoded strings as the command.
- Once the assembly “dnlib.dll” is loaded, it calls a method VAI from a type dnlib.IO.Home within the loaded assembly.
- Organizations can better protect their systems and sensitive data from Remcos RAT by implementing robust defenses such as regular software updates, email filtering, and network monitoring.
- By staying vigilant and informed about emerging threats like Remcos RAT, organizations can safeguard against future cyberattacks.
- IOCs and detections for each variant are also provided in the article.
- References to the original source of the article are given at the end of the blog post.
Read Full Article
18 Likes
Nordicapis
3w
325
Image Credit: Nordicapis
Why APIs Need Better Identity and Access Management
- Identity-based breaches account for 80% of cyberattacks with more than one-third of data breaches involving internal actors. Comprehensive identity and access management (IAM) policies, like a common identity platform leveraging OpenID Connect and OAuth standards, are essential in regulating access.
- API unsecuritization remains a risk-level threat because IAM is not efficient or robust enough. Inconsistent or weak processes undermines organizational integrity against the risk of non-compliance penalties or unapproved data access.
- Zero trust architectures mitigate credential theft risks and unauthorized access; multi-factor authentication, real-time threat identification and reporting can further strengthen IAM policies.
- Least privilege mechanisms for access control, as well as granular access control and JWTs will be relevant for IAM and APIs for the foreseeable future.
- Unfortunately, even with advanced IAM policies, vulnerabilities, such as the recent 2023 OAuth vulnerability, may go unaddressed by an organization without a comprehensive and proactive approach to risk mitigation.
- Employees have inappropriate access to sensitive data. About 70% may obtain insufficient access after leaving organizations.
- IAM seeks to balance compliance and security risks for all stakeholders. Cloud-based IAM solutions, a common identity platform leveraging OpenID Connect and OAuth standards, hardware keys, and passwordless authentication methods are replacing on-premise solutions.
- APIs need a robust IAM system and modern access control like a common identity platform to integrate with API management tools. OAuth's access token can match passwordless authentication to regulate usage control policies.
- IAM is essential in the API space with robust mechanisms like multi-factor authentication, least privilege, granular access control, and JWTs being relevant for the foreseeable future.
- As identity and access management continues to evolve, so will the methods employed by cyber criminals. Organizations cannot afford to rest on their laurels and must constantly review and improve identity and access management policies to maintain organizational integrity and customer trust.
Read Full Article
19 Likes
Cybersecurity-Insiders
3w
391
Image Credit: Cybersecurity-Insiders
Pros and Cons of Differentiating Cloud Security Tools
- As organizations increasingly migrate their operations to the cloud, securing sensitive data and ensuring privacy have become top priorities.
- Differentiating cloud security tools involves selecting distinct security solutions tailored to the specific requirements of various cloud providers or use cases.
- Pros of Differentiating Cloud Security Tools.
- Tailored Security Solutions: Optimized Performance for Each Cloud Platform, Better Integration with Platform-Specific Features, Specialized Security Features, and Flexibility in Security Strategy.
- Improved Threat Detection: Enhanced Threat Intelligence.
- Cons of Differentiating Cloud Security Tools.
- Increased Complexity: Management Overhead and Lack of Centralized Visibility.
- Higher Costs: Increased Costs for Multiple Solutions and Overlapping Features.
- Integration Challenges: Inconsistent Security Policies and Integration Difficulties with Existing Infrastructure.
- Resource Intensive: Dedicated Expertise Needed and Increased Incident Response Times.
Read Full Article
23 Likes
Securityaffairs
3w
92
Image Credit: Securityaffairs
Cybercriminals Impersonate Dubai Police to Defraud Consumers in the UAE – Smishing Triad in Action
- A large-scale fraud campaign has been uncovered in the UAE where cybercriminals impersonate law enforcement, particularly Dubai Police, to defraud consumers.
- Scammers target victims through phone calls, phishing, smishing, and vishing activities, asking them to pay non-existent fines online for traffic violations or license renewals.
- The fraudulent activities have increased during the winter holidays and particularly around the UAE National Day celebrations, resulting in financial losses for victims.
- UAE authorities have warned residents against sharing financial details over the phone and highlighted that official institutions will never request this information through phone calls.
Read Full Article
5 Likes
Fintechnews
3w
320
Image Credit: Fintechnews
Swift and Google Cloud Join Forces to Combat Fraud with AI Innovations
- Swift is collaborating with Google Cloud to develop anti-fraud technologies.
- The partnership will leverage AI and privacy-enhancing technologies.
- The initiative aims to enhance fraud detection capabilities while ensuring data confidentiality.
- A sandbox environment will be launched in 2025 for financial institutions to prototype learning.
Read Full Article
19 Likes
Dev
3w
382
Image Credit: Dev
Unveiling the Unseen: A Journey from Simple Recon Using Shodan to Leaking AWS Secrets
- Found an exposed IP via Shodan and identified open ports using Naabu, leading to further investigation.
- Discovered admin email leakage and internal app details through brute forcing directories.
- Downloaded and Decompiled an APK that uncovered hardcoded AWS credentials, enabling unauthorized access to S3 buckets.
- Part 9: Protection Measures for AWS Keys.
Read Full Article
23 Likes
Hackernoon
3w
8
Image Credit: Hackernoon
Strengthening Cybersecurity: Breaking Down inDrive’s Bug Bounty Program
- In a world where digital technology is infiltrating every aspect of our lives, cybersecurity is of paramount importance.
- Companies around the world are investing heavily in protecting their data and systems from cyber threats.
- Organizing a bug bounty program and collaborating with white hat hackers is one of the most effective methods of strengthening security.
- The bug bounty program at inDrive worked in closed mode initially to track and improve internal processes.
- inDrive uses automatic integration with Slack and Jira to quickly and efficiently identify and triage vulnerabilities.
- Triggers in HackerOne are a powerful tool that help to automate various actions in response to certain events related to new vulnerability reports.
- inDrive maintained a high level of engagement in its bug bounty program through Telegram channel and campaigns.
- The company's experience in organizing and developing a bug bounty program at inDrive is a vivid example of how hiring external security experts can significantly strengthen a company’s cyber defense.
- Together, companies and white hat hackers can make the digital world safer.
Read Full Article
Like
Wired
3w
70
Image Credit: Wired
The ‘Ghost Gun’ Linked to Luigi Mangione Shows Just How Far 3D-Printed Weapons Have Come
- Police claim that a 3D-printed ghost gun was used in the fatal shooting of United Healthcare CEO Brian Thompson by suspect Luigi Mangione.
- The 3D-printed handgun, called a Chairmanwon V1, is a homemade weapon with no serial number that is created by assembling a mix of commercial and DIY parts.
- The FMDA 19.2, on which the Chairmanwon V1 is based, is one of the most well-known and well-tested printable ghost gun designs.
- Despite being a relatively old model by 3D-printed gun standards, the FDMA 19.2 is still practical and lethal.
- It is only partially 3D printed and uses commercially produced parts like barrels, slides, and magazines, along with a homemade frame.
- The use of commercially produced metal rails instead of homemade ones makes the FDMA 19.2 the most reliable 3D-printed glock design available.
- The fact that the 3D-printed ghost gun was allegedly used in such a high-profile shooting shows how far DIY weapons tech has come.
- The FDMA 19.2 can be fired hundreds or even thousands of times without its plastic components breaking, unlike earlier 3D-printed gun models.
- 3D-printing the regulated body of the gun allows DIY gunmakers to skirt gun-control laws and build so-called ghost guns with no serial number.
- It is still unclear why Mangione allegedly used a 3D-printed gun in the killing of Brian Thompson, but experts suggest he may have been attracted to the idea as a coder and technologist.
Read Full Article
4 Likes
Pymnts
3w
382
Image Credit: Pymnts
OFAC Sanctions Parties Involved in Compromise of 81,000 Firewalls
- The Office of Foreign Assets Control (OFAC) has sanctioned a China-based cybersecurity company and one of its employees for their involvement in the compromise of 81,000 firewalls.
- Sichuan Silence Information Technology Company and its employee Guan Tianfeng were found to have used a zero-day exploit in a firewall product to deploy malware, aiming to steal data and infect victims' systems.
- Over 23,000 of the compromised firewalls were in the United States, including those protecting critical infrastructure companies.
- The Department of Justice has charged Guan Tianfeng with conspiracy to develop and deploy the malware, and the Department of State has announced a reward of up to $10 million for information about Guan Tianfeng or Sichuan Silence.
Read Full Article
23 Likes
For uninterrupted reading, download the app