Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Cybersecurity-Insiders

119

Image Credit: Cybersecurity-Insiders

Proactive Threat Detection: The Role of Network Security

Network security is important for the cybersecurity of companies to lower the cost of recovery and data breaches in the future.
Network monitoring helps detect possible cyber threats before they become full-scale attacks.
Artificial intelligence (AI), machine learning (ML), and behavior analytics are used to detect modern attacks like ransomware, phishing, and zero-day exploits.
Proactive cybersecurity plans focus on predicting, finding, and stopping possible threats before they happen. Reactive plans deal with problems after their occurrence.
Proactive cyber-security strategies include threat intelligence, risk assessment, vulnerability management, and incident reaction planning.
Network Security Monitoring (NSM) finds and stops possible threats before they become actual strikes.
Real-time monitoring helps companies find cyber threats, respond quickly, lessen the damage caused by the breach and improve compliance.
NSM changes advanced security strategies by reducing false positives, controlling resources, identifying strange behavior, and improving visibility into the network.
NSM is a crucial part of cybersecurity because it takes a proactive approach, prevents unauthorized entry, and deals with complex cyber attacks effectively.
Network tracking is crucial for cybersecurity, protecting assets, building trust, and safeguarding the integrity, privacy, and availability of data for companies.

Read Full Article

7 Likes

Dev

194

Image Credit: Dev

🛡️ Why Using OpenZeppelin in Smart Contracts Is Essential

OpenZeppelin is an open-source library that provides a collection of reusable and secure smart contract components
OpenZeppelin's contracts are widely used in production environments, making them battle-tested in real-world applications.
Using OpenZeppelin saves development time, ensures compatibility, and reduces the risk of vulnerabilities.
Integrating OpenZeppelin into smart contracts provides a foundation of trust, security, and reliability.

Read Full Article

11 Likes

Tech Radar

145

Image Credit: Tech Radar

The EU still cant agree on chat control – but it's not over yet

EU members couldn't reach an agreement on the European Commission's proposal to scan private communications to combat child sexual abuse material (CSAM).
The draft bill, known as Chat Control, has faced criticism for its implications on privacy and data security.
Despite the need to address these crimes, 10 EU member nations opposed the current form of the Child Sexual Abuse Regulation (CSAR).
Lawmakers have made changes to the bill, requiring communication service providers to scan shared content with user permission, but privacy concerns persist.

Read Full Article

8 Likes

Tech Radar

357

Image Credit: Tech Radar

Another major WordPress plugin has been hacked to try and hijack your sites

Hackers have found a way to install old, outdated, and vulnerable plugins on WordPress websites, directly from the WordPress plugin repository.
The vulnerability was found in Hunk Companion, a plugin used by over 10,000 websites, allowing crooks to install other plugins with known vulnerabilities.
A threat actor abused the bug to install a vulnerable version of WP Query Console, enabling remote code execution on target sites.
The bug has been patched in Hunk Companion version 1.9.0, but roughly 8,800 sites are still vulnerable.

Read Full Article

21 Likes

Discover more

Tech Radar

211

Image Credit: Tech Radar

Apple fixes Passwords app security bug with new 18.2 update

Apple has fixed a security bug in its Passwords app with the new 18.2 update.
The bug allowed attackers to alter network traffic and put user data at risk.
The vulnerability was reported by security researcher Tommy Mysk and has now been patched.
Users are urged to upgrade their Apple devices to the latest version to fix the critical issue.

Read Full Article

12 Likes

Cybersecurity-Insiders

154

Image Credit: Cybersecurity-Insiders

Cyber Threat from Chinese software powering critical infrastructure in USA

Contrary to strong opposition to Chinese products, Fortress Information Security reports that 90% of the software powering products in the U.S. critical infrastructure contains code that originates from China
The Chinese made software is used widely in the energy, transportation, and telecommunications industries, and is considered highly vulnerable to exploitation.
For instance, there are a staggering 9,535 vulnerabilities across more than 8,700 components used in over 2,000 products sourced from over 240 vendors, putting national security and economic stability at risk.
The findings highlight how deeply embedded Chinese-made software code is within the critical infrastructure that underpins the U.S. economy and security.
Chinese-made software could provide the Chinese government or affiliated hackers with the means to undermine U.S. economic and physical security.
The problem of Chinese-made components in critical infrastructure poses a dilemma as the reliance on these components is integral to the functioning of many electronic devices, yet the security risks are real with the stakes incredibly high.
The development of stronger, more comprehensive policies that mandate greater scrutiny of foreign-sourced software and hardware in critical infrastructure systems is a possible solution to mitigating cyber risks.
The coming years will be pivotal in determining how the U.S. addresses this silent and growing threat.
Policymakers need to take immediate steps to assess and address these vulnerabilities to safeguard the nation's economic and physical security.
As technology becomes increasingly essential to the nation's security, the importance of securing critical infrastructure from foreign influence will only continue to grow.

Read Full Article

9 Likes

Tech Radar

313

Image Credit: Tech Radar

This devious new malware technique looks to hijack Windows itself to avoid detection

Security researchers from Akamai discovered a new method to run malware on Windows devices without triggering EDR tools.
The malware abuses the UI Automation accessibility feature, making it difficult for antivirus programs to detect.
Admins can monitor the OS for suspicious activity by monitoring the use of UIAutomationCore.dll and the named pipes opened by the UIA.
UI Automation can be used to execute stealthy command execution, posing risks such as data harvesting and browser redirection.

Read Full Article

18 Likes

Socprime

273

Image Credit: Socprime

CVE-2024-50623 Detection: Attackers Actively Exploit a RCE Vulnerability in Cleo Harmony, VLTrader, and LexiCom File Transfer Products

Security researchers have detected active exploitation of a remote code execution (RCE) vulnerability, CVE-2024-50623, in Cleo Harmony, VLTrader, and LexiCom file transfer products.
The vulnerability allows threat actors to achieve RCE through the autoruns functionality.
At least ten businesses have been compromised, and further exploitation activities have been observed.
The provided patch in version 5.8.0.21 was insufficient, and Cleo is working on a new patch to address the issue.

Read Full Article

16 Likes

Securityaffairs

392

Image Credit: Securityaffairs

Experts discovered surveillance tool EagleMsgSpy used by Chinese law enforcement

Chinese law enforcement uses the mobile surveillance tool EagleMsgSpy to gather data from Android devices, as detailed by Lookout.
The surveillance tool, known as EagleMsgSpy, has been active since 2017 and requires physical access to the target device to initiate operations.
EagleMsgSpy collects extensive data from victim devices, including messages from various apps, screen recordings, audio, contacts, call logs, GPS coordinates, and more.
The surveillance tool is developed and maintained by Wuhan Chinasoft Token Information Technology Co., Ltd. and is believed to be used by several public security bureaus in mainland China.

Read Full Article

23 Likes

Dataprivacyandsecurityinsider

114

Image Credit: Dataprivacyandsecurityinsider

Rhode Island Becomes First State to Implement PDNS in All School Districts

Rhode Island becomes the first state to implement PDNS in all school districts.
PDNS assists in preventing ransomware and cyber attacks by blocking access to harmful websites.
All 64 public school districts in Rhode Island have pledged to implement PDNS.
This initiative is supported by the Multi-State Information Sharing and Analysis Center.

Read Full Article

6 Likes

Dataprivacyandsecurityinsider

Image Credit: Dataprivacyandsecurityinsider

Privacy Tip #424 – Recent Big Win for Law Enforcement Over Cybercriminals

Authorities from 40 countries collaborated in Operation HAECHI-V, resulting in 5,500 arrests and $400 million seized.
The initiative dismantled a voice phishing syndicate responsible for $1.1 billion in losses and 1,900 victims.
One scheme called the USDT Token Approval Scam drained victims' wallets through phishing and vishing techniques.
Consumers need to be aware of these techniques used by cybercriminals.

Read Full Article

2 Likes

Global Fintech Series

322

Image Credit: Global Fintech Series

SecurityScorecard Threat Intel Report: 97% of Leading U.S. Banks Impacted by Third-Party Data Breaches in 2024

A new report by SecurityScorecard reveals that 97% of the top 100 U.S. banks experienced a third-party data breach in the past year.
The report highlights the growing risks in banking supply chains due to increasing reliance on third-party vendors.
97% of the largest U.S. banks reported third-party breaches, exposing significant vulnerabilities in their supply chains.
The SecurityScorecard team provides cybersecurity recommendations to enhance resilience in the banking sector.

Read Full Article

19 Likes

Tech Radar

Image Credit: Tech Radar

Thousands of Bitcoin ATM users may have personal data leaked after breach

Bitcoin ATM operator Byte Federal has confirmed a data breach in which customer data may have been compromised.
The breach occurred on September 30, 2024, when attackers accessed the company's servers through a bug in third-party software.
Sensitive customer data targeted included names, addresses, email addresses, Social Security numbers, and transaction activity.
Byte Federal performed a hard reset on all customer accounts, notified affected individuals, and is conducting a forensic investigation.

Read Full Article

1 Like

Siliconangle

163

Image Credit: Siliconangle

Comparitech reveals widespread privacy gaps in mobile shopping apps ahead of holiday season

A new study by Comparitech reveals privacy concerns in mobile shopping apps.
The study analyzed 91 popular shopping apps and found that on average, these apps request 26 permissions, with 8 classified as 'dangerous' by Android standards.
Permissions such as access to camera, location, contacts, and device storage raise privacy red flags for consumers.
The study also highlights that many apps fail to include these permissions in their privacy policies, potentially violating Google's privacy policy standards.

Read Full Article

9 Likes

Siliconangle

348

Image Credit: Siliconangle

Rubrik introduces Turbo Threat Hunting for faster cyber recovery

Rubrik Inc. has launched Turbo Threat Hunting, a feature designed to accelerate cyber recovery and locate clean recovery points in seconds.
Turbo Threat Hunting allows organizations to quickly identify clean recovery points and recover from cyber incidents with minimal disruption.
The feature allows scanning up to 75,000 backups in less than 60 seconds, eliminating the need for file-by-file scanning and reducing recovery time.
Turbo Threat Hunting is now available in beta for Rubrik Enterprise Edition and cloud customers.

Read Full Article

20 Likes

For uninterrupted reading, download the app