A naukri.com initiative
Cyber Security News
Amazon
3w
251
Image Credit: Amazon
Securing the future: building a culture of security
- Nearly 70% of data breaches occur due to social engineering or human error.
- Investing in a culture of security leads to better employee adoption of controls and improved cybersecurity behavior.
- Creating a security mindset, taking accountability for product security, bridging the gap between engineering and security, and equipping builders are key steps in building a culture of security.
- AWS emphasizes a culture of security by embedding security advocates, prioritizing security at a leadership level, and empowering innovation while staying secure.
Read Full Article
15 Likes
Pymnts
3w
397
Image Credit: Pymnts
Business Infrastructure Under Siege as Cybercriminals Target Data Transfer Points
- Cybercriminals are targeting critical business infrastructure that handles sensitive data.
- Exploiting a security flaw in Cleo's enterprise file transfer tools, cybercriminals gain control of affected systems.
- Recent attacks on enterprise solutions highlight the shift in cybercriminals' focus on critical infrastructure.
- Securing infrastructure that handles data should be a top priority, including regular audits, patching, monitoring, and incident response plans.
Read Full Article
23 Likes
Dev
3w
48
Image Credit: Dev
Protect Sensitive Data on AWS: A Beginner’s Guide to Amazon Macie
- As organizations adopt Cloud technology like Amazon Web Services (AWS) to modernize their data capabilities and innovate around it, they face the complexity of managing vast information spread across multiple AWS accounts.
- Amazon Macie is a data security service on AWS that uses machine learning and pattern matching to identify sensitive data in Amazon S3, offering insights into security risks and automated protection.
- Macie plays a pivotal role in understanding the data storage, assessing data exposure, near real-time data classification, identifying sensitive information, and automating compliance and security that are essential for robust data security and compliance.
- Organisations subject to regulations like GDPR, HIPAA, or PCI-DSS can use Macie to automatically discover and classify sensitive data, ensuring compliance by identifying where this data resides and how it’s being used or accessed.
- Amazon Macie brings compliance assurance, automated monitoring and actions, and global data visibility, enhancing an organisation's security posture.
- First-time users receive a 30-day free trial, and Amazon Macie uses a usage-based pricing model, charging based on the volume of data processed for sensitive data discovery.
- Setting up Amazon Macie is an easy task, and it offers various customization options for defining specific buckets, criteria, and detection rules as per your organization’s need.
- In addition to the AWS-defined custom identifiers, one can create custom data identifiers to detect specific detection criteria, like employee IDs, customer account numbers, or internal data classifications.
- Amazon Macie is useful for various industries seeking to secure student records, safeguard patient data, detect and protect intellectual property, and assess data security posture during M&A activities.
- Amazon Macie has been helpful in safeguarding sensitive data from data breaches and significant losses, and its importance has become undeniable in this data-driven world.
Read Full Article
2 Likes
Hackernoon
3w
83
Image Credit: Hackernoon
Resecurity Introduces Government Security Operations Center (GSOC) At NATO Edge 2024
- Resecurity unveiled its advanced Government Security Operations Center (GSOC), specifically tailored for MSSPs that protect aerospace and defense organizations at NATO Edge 2024, the NATO Communications and Information Agency’s flagship conference. The GSOC leverages cutting-edge AI through Context AI and innovative VR capabilities, revolutionizing the future of cybersecurity operations. By processing data from various sources, including threat intelligence feeds, network logs, and endpoint devices, Resecurity identifies suspicious activities and potential vulnerabilities with speed and precision.
- Context AI employs natural language processing (NLP) and machine learning to generate actionable insights, enabling operators to make faster, more informed decisions, even under significant stress. The use of VR offers a unique and immersive way for operators to interact with cybersecurity data and operational environments, creating a more intuitive and interactive approach to managing cybersecurity threats.
- The GSOC enables a centralized approach to security operations, ensuring real-time monitoring and response capabilities across agencies and infrastructure. It consolidates security operations and provides a holistic view of all potential threats across critical systems, such as energy grids, transportation networks, and communication platforms.
- Resecurity’s GSOC represents a paradigm shift in how governments and organizations approach cybersecurity, and the integration of AI and VR is just the beginning of what GSOCs can achieve in the future. Advances in AI, such as predictive analytics and autonomous systems, will enable GSOCs to anticipate and neutralize threats before they materialize.
- The use of VR in GSOCs will incorporate augmented reality (AR) tools for field operatives and remote teams. GSOCs will play a key role in fostering global partnerships, allowing nations to pool resources, share intelligence, and build collective defense strategies.
- Resecurity® is a cybersecurity company that delivers a unified endpoint protection, fraud prevention, risk management, and cybersecurity intelligence platform. Resecurity's services and platforms focus on early-warning identification of data breaches and comprehensive protection against cybersecurity risks.
- Most recently, Resecurity was named one of the Top 10 fastest-growing private cybersecurity companies in Los Angeles, California, by Inc. Magazine. Resecurity was selected as an Official Partner of the Cybercrime Atlas by the World Economic Forum (WEF), a Member of InfraGard National Members Alliance (INMA), AFCEA, NDIA, SIA, FS-ISAC, Cloud Security Alliance (CSA), and the American Chamber of Commerce in multiple countries.
- Resecurity’s GSOC is designed to serve as a comprehensive cybersecurity framework for governments and allied organizations, with unified security monitoring, threat intelligence aggregation, and cross-agency collaboration.
- NATO Edge 2024 emphasized the importance of leveraging advanced technologies, such as AI and VR, to bolster member states’ defense capabilities.
- Resecurity’s GSOC is not just a technological solution; it symbolizes improving cybersecurity operations.
- To learn more about Resecurity, users can visit https://resecurity.com.
Read Full Article
5 Likes
Insider
3w
327
Image Credit: Insider
Krispy Kreme says hackers disrupted its online ordering, likely hurting its 'financial condition'
- Krispy Kreme has disclosed a cybersecurity incident that is causing operational disruptions, particularly in online ordering in the US.
- The company expects the incident to have a material impact on its financial condition, including loss of revenues from digital sales and costs associated with restoring impacted systems and engaging cybersecurity experts.
- Krispy Kreme is actively investigating and addressing the incident with the assistance of cybersecurity experts and federal law enforcement.
- In the meantime, customers can still place orders in person at Krispy Kreme shops.
Read Full Article
19 Likes
Dev
3w
141
Image Credit: Dev
TIL: One Missing 'Encrypted' Prefix = $2.3M Android Security Breach
- A food delivery app's simple SharedPreferences implementation led to a massive data breach.
- The app failed to encrypt sensitive data in SharedPreferences, resulting in a security vulnerability.
- A simple fix involving the implementation of encrypted SharedPreferences could have prevented the breach.
- The breach led to the compromise of 200k users and $2.3M in losses.
Read Full Article
8 Likes
Tech Radar
3w
305
Image Credit: Tech Radar
Should you ditch unencrypted messaging apps? Here's what the experts say about the FBI's warning
- The FBI has advised Americans to use encrypted messaging apps to keep their mobile communications secure. This comes in response to the Salt Typhoon, a group linked to China, using a new backdoor malware to hack network operators including AT&T and Verizon, spying on the activity of their customers. WhatsApp, Signal and Facebook Messenger all offer end-to-end encryption, adding an important layer of security to digital conversations. However, end-to-end encryption is not the total solution as the key to the encrypted messages is held on the device, which can be accessible by anyone.
- Cyberattacks have become rampant with hackers exploiting backdoors that are meant to allow law enforcement agencies to obtain communication data from suspected criminals. Privacy experts have long advocated for wider use of encrypted communication systems especially with heavily targeted industries such as government agencies and political figures. Regular SMS messages aren't encrypted while encrypted messages are secure, only as far as the device receiving them is protected.
- According to the FBI, once hackers have compromised networks, they were able to deploy further malware and gather information, including the contents of phone calls and text messages. Encrypted messages cannot be read or intercepted, making it impossible for even adversaries to gain access to important information. However, cybersecurity experts have long warned that any backdoor access, even if put in place with good intentions, is at risk of being used for nefarious purposes.
- Greg Nojeim, Senior Counsel and Director of the Security and Surveillance Project at the Center for Democracy & Technology, has commented that if anti-encryption advocates had their way, the United States would be defenseless to this type of mass snooping from a foreign power. While end-to-end encryption is important, it isn’t the complete solution that the FBI seems to suggest.
- It is recommended to use end-to-end encrypted messaging services like Signal, FaceTime or Messages. End-to-end encryption ensures that your data is scrambled into a form that's unreadable if accessed by a third-party and the contents can only be unscrambled with the key - only known to the sender and receiver. SMS and RCS are unencrypted messaging protocols, which can be easily read if intercepted by cybercriminals. To ensure privacy, you can use the best password generators to help you choose a strong password.
- It's also important to secure personal devices, including keeping them updated with the latest software versions and ensuring the use of a strong password. For added security, users can consider using two-factor authentication to strengthen critical internet accounts.
Read Full Article
18 Likes
Pymnts
3w
366
Image Credit: Pymnts
Featurespace Receives US Patent for AI-Powered Fraud Detection Technology
- UK-based technology company Featurespace has been granted a US patent for its adaptive behavioral analytics technology.
- The AI-powered technology uses transactional data to learn the behavior of genuine customers, enabling it to detect and prevent fraud in real-time without requiring sensitive information.
- Featurespace's ARIC Risk Hub, which delivers adaptive behavioral analytics, has been successfully used to monitor individual behaviors and catch fraud attacks for years.
- The patent grant recognizes Featurespace's innovation and its mission to make the world a safer place to transact.
Read Full Article
22 Likes
Securitysales
3w
110
Image Credit: Securitysales
Security Industry Association Announces the 2025 Security Megatrends
- The Security Industry Association (SIA) has announced the 2025 Security Megatrends.
- The trends selected for the report were based on fall 2024 survey data and focus group input from industry leaders.
- The most impactful trend identified is the evolution of the channel, driven by factors like AI, cloud technology, and changing end-user requirements.
- Other trends identified include IT-OT security convergence, growth of advanced detection technologies, and the shift from hardware to software influence.
Read Full Article
6 Likes
Medium
3w
4
Image Credit: Medium
Protect Your Privacy: The Best VPNs for 2025
- NordVPN offers robust security features and access to geo-restricted content, making it one of the best VPNs in the market.
- Its advanced encryption protocols, such as OpenVPN and IKEv2/IPSec, ensure online activities remain private and secure.
- NordVPN also offers specialized servers for streaming, gaming, and torrenting, optimizing users' online experience.
- PureVPN stands out in the VPN industry for its advanced technology and dedication to protecting online identities.
- Military-grade encryption and a vast network of servers across 140 countries allow for seamless streaming and browsing experiences.
- ProtonVPN provides advanced security protocols, including AES-256 encryption, to ensure a secure and trustful online experience.
- ProtonVPN's no-logs policy means that user activities remain private and confidential.
- Windscribe VPN offers robust security features, flexibility in pricing structure, and a generous free version with 10GB of data per month.
- Its use of AES-256 encryption ensures data is secure, while the TrustedServer technology eliminates the risk of data breaches.
- ExpressVPN is known for its advanced security protocols, fast connection speeds, and exceptional user interface.
Read Full Article
Like
Tech Radar
3w
39
Image Credit: Tech Radar
Security flaw in top WordPress plugin could allow for Stripe refunds on millions of sites
- Security researchers discovered a vulnerability in the WPForms WordPress plugin that could allow for Stripe refunds on millions of sites.
- The bug allows users with low-level accounts to issue arbitrary Stripe refunds and cancel subscriptions.
- The developers have released a patch and users are advised to update to the latest version or disable the plugin.
- WPForms is installed on over six million websites, with many still running the vulnerable versions.
Read Full Article
2 Likes
Tech Radar
3w
274
Image Credit: Tech Radar
Microsoft says Russia is hacking Ukrainian military tech by stealing points of entry from third-parties
- Microsoft warns Russian state-sponsored threat actor is cracking into Ukrainian military tech
- The Anadey bot malware is dropped onto devices to gather information
- Secret Blizzard could use hacked devices to escalate compromise to the Ministry level
- Microsoft recommends mitigation strategies to protect against this attack vector
Read Full Article
16 Likes
Siliconangle
3w
97
Image Credit: Siliconangle
Cloud complexity reshapes identity security strategies for enterprises
- Identity security is reshaping enterprise strategies by shifting from traditional perimeters to identity-based frameworks.
- Permissions and entitlements play a critical role in securing access to data in cloud and SaaS environments.
- Veza Inc. is addressing access management challenges by providing solutions to improve visibility and secure data effectively.
- Veza's solution integrates data across SaaS platforms, cloud environments, and legacy systems to simplify identity management.
Read Full Article
5 Likes
Medium
3w
185
AI Meets Cybersecurity: How Machine Learning is Detecting Threats in Real-Time
- As the digital landscape continues to expand, so does the sophistication of cyber threats. Traditional security measures are struggling to keep pace with the growing volume and complexity of attacks. AI and ML address these challenges by providing scalable, efficient, and adaptive solutions that go beyond rule-based systems.
- Machine Learning’s ability to analyze massive datasets, identify patterns, and make predictions has positioned it as a game-changer in cybersecurity.
- Modern cyberattacks are not just more frequent; they are also more sophisticated, often bypassing traditional security systems.
- Machine Learning's ability to detect anomalies, minimize the impact of false alerts and detect evolving threats, make it ideal for predictive security.
- AI solutions demand significant computational power and expertise, which can be resource-intensive for smaller organizations.
- AI and Machine Learning are redefining how we approach cybersecurity. By enabling real-time threat detection, predictive analytics, and automated responses, these technologies provide a robust defense against the ever-evolving threat landscape.
- Future advancements may include Federated Learning, Explainable AI (XAI), proactive threat mitigation, hybrid threat models.
- The integration of AI into cybersecurity is still evolving, but its trajectory is promising.
- The key to maximizing the potential of AI and ensuring a harmonious balance between machine intelligence and human expertise.
- The future of cybersecurity is undoubtedly AI-driven, and organizations that embrace these innovations will be better equipped to safeguard their digital assets in an increasingly hostile cyberspace.
Read Full Article
11 Likes
TechCrunch
3w
198
Image Credit: TechCrunch
Krispy Kreme discloses cyberattack that is disrupting online orders
- Krispy Kreme disclosed a cyberattack, causing operational disruptions, including online ordering in parts of the US.
- The company has taken steps to investigate, contain, and remediate the incident with the help of cybersecurity experts.
- Shops worldwide remain open, with no interruption to deliveries, but disruptions are present in the US.
- The full scope, nature, and impact of the incident are still under investigation.
Read Full Article
11 Likes
For uninterrupted reading, download the app