A naukri.com initiative
Cyber Security News
Dev
4w
284
Image Credit: Dev
Title: Passwordless Authentication ROI: TCO & Implementation Guide for Devs
- This article discusses the total cost of ownership (TCO) for authentication methods, specifically focusing on passwordless authentication from a developer's perspective.
- Authentication impacts costs through license fees, integration work, support tickets, lost productivity, and security risks.
- Passwordless authentication is becoming a cost-effective standard for SaaS and enterprise solutions, offering benefits like eliminating password reset logic and reducing attack surfaces.
- The cost breakdown compares password-based, password with multi-factor authentication (MFA), and passwordless methods in terms of implementation, support, user productivity loss, security incident risk, and opportunity cost.
- Passwordless authentication can reduce support costs by 70%+ and enhance user experience while minimizing security risks.
- Comparisons between password, password + MFA, and passwordless authentication highlight differences in attack surfaces, developer complexity, support needs, and user experience.
- Key technical details for passwordless implementation include using WebAuthn, push authentication, and magic links.
- Code samples for WebAuthn registration and authentication are provided for frontend JavaScript and backend Python.
- Common challenges like device loss, legacy systems, and user migration are discussed, along with solutions such as offering backup options and providing education.
- Developers are encouraged to share their experiences with passwordless authentication, including using WebAuthn, FIDO2, or other methods.
- Passwordless authentication is highlighted as a way to boost developer productivity, cut authentication costs by 50–65%, and reduce user friction and risk.
- Starting with a pilot using WebAuthn for web and push for mobile is recommended, with a call for readers to share their own passwordless authentication implementations.
- The article concludes by emphasizing the ROI of passwordless authentication and its maturity in technology.
- Readers are invited to share their passwordless authentication implementation experiences.
- The article is adapted from the original blog post 'Why Passwordless Authentication Cuts Costs by 65%'.
Read Full Article
17 Likes
Tech Radar
4w
363
Image Credit: Tech Radar
Researchers discover 40,000 private webcams exposed online: how to secure yours now
- Over 40,000 webcams worldwide are publicly accessible online, potentially exposing private and secure environments.
- Exposed webcams include security cameras, baby monitors, office surveillance systems, and devices in hospitals and factories.
- Accessing these cameras often requires no elite hacking skills, just a web browser and valid IP address.
- Dark web forums are discussing methods to locate exposed cameras and even sell access to live feeds.
- Concerns arise over the wide range of content exposed, from innocuous views to sensitive scenes like homes and data centers.
- Security risks stem from default credentials, open internet access, and outdated firmware on these cameras.
- The U.S. leads with approximately 14,000 exposed cameras, followed by Japan, Austria, Czechia, and South Korea.
- Recommendations include using cybersecurity-vetted products, antivirus software, and parental control solutions.
- Users are advised to check remote accessibility settings, change default passwords, update firmware, and enforce firewall protections.
- It’s crucial for manufacturers to enhance device security and for users to stay vigilant in securing their connected devices.
Read Full Article
21 Likes
Popsci
4w
199
Image Credit: Popsci
That ‘unsubscribe’ button may be a scam
- Online scammers are using sophisticated tactics like fake unsubscription links to trick people.
- Phishing schemes disguised as unpaid highway toll text message alerts are on the rise.
- Digital experts warn that clicking untrustworthy unsubscribe links can lead to security risks.
- 1 in every 644 email unsubscribe links may direct users to malicious sites, according to DNSFilter.
- Scammers use unsubscribe links to confirm active email addresses and potentially steal login credentials.
- Legitimate businesses do not ask for login information via email unsubscribes.
- Tips for spotting scams include using list-unsubscribe headers or marking emails as junk.
- Dummy email accounts and privacy features like Apple's 'Hide My Email' can enhance digital security.
Read Full Article
12 Likes
Tech Radar
4w
217
Image Credit: Tech Radar
Experts warn clicking "unsubscribe" on that boring email could actually be a security risk - here's why
- Experts warn about the risks of clicking on 'unsubscribe' in spam emails, which can redirect users to malicious websites.
- Research reveals that one in every 644 clicks on such links can lead to a harmful webpage, posing a security threat.
- Hackers may use unsubscribe buttons to identify active email addresses for future targeting, even if not directing to phishing sites.
- It is advised to avoid trusting the unsubscribe process in suspicious emails and opt to unsubscribe through the email client directly.
- Email clients often offer list-unsubscribe header buttons for unsubscribing safely and suggest using disposable email addresses or blacklisting senders as alternatives.
Read Full Article
13 Likes
Siliconangle
4w
247
Image Credit: Siliconangle
Databricks makes its play for AI, Meta plays catch-up, and Chime IPO shines
- Databricks aims to lead AI agents, introducing Lakebase database, focusing on democratizing data analytics for all users.
- Google Cloud faced disruptions, cause unknown, impacting internet services on Thursday.
- Meta strives for AI dominance, acquiring Scale AI, launching J-VEPA 2, and preparing for a superintelligence lab.
- Chime IPO successful, raising $700 million, while Oracle and Adobe report solid earnings, GitLab disappoints.
- Cisco unveils AI-friendly networking products, as AWS emphasizes cloud infrastructure investments for AI at their summits.
- Apple criticized for delays in AI integration, cybersecurity startups raise significant funding, and new AI models and services emerge.
- Several funding rounds for AI and tech companies, as well as cybersecurity investments, highlighted in the tech industry.
- Disruptions include Google Cloud identity failure causing internet disruptions, while AMD and HP introduce new products.
- Various companies raise significant amounts in funding, acquisitions occur, and companies like Uber and Stripe make strategic moves.
- Noteworthy tech figures switching roles, including executives from Google, Alteryx, Genesys, and Upwind.
- The tech landscape sees advancements in quantum, AR, and robotics, with events like Waymo suspending operations due to vehicle damage in protests.
Read Full Article
14 Likes
Siliconangle
4w
4
Image Credit: Siliconangle
Databricks makes its play for AI agents, Meta plays catch-up, and Chime’s IPO shines
- Databricks aims to lead the way to AI agents using its data platform and new database, Lakebase, targeting AI democratization and data analytics simplification.
- Google Cloud faced disruptions impacting internet service, leaving the cause unclear.
- Mark Zuckerberg's Meta makes a move to enhance AI capabilities with Scale AI acquisition and CEO appointment for a 'superintelligence lab.'
- Chime's IPO raises $700 million, reflecting investor optimism, while Oracle and Adobe report solid earnings and GitLab faces revenue outlook challenges.
- Cisco launches AI-friendly networking products, AWS emphasis on data center investment, and Apple criticized for AI delays in Siri.
- Cybersecurity funding highlights include Cyera's $540 million raise and Horizon3.ai's $100 million funding.
- Meta introduces J-VEPA 2 AI model, OpenAI debuts o3-pro reasoning model, and Google develops AI for tropical cyclone forecasting.
- Financial highlights feature Meta's investment talks, OpenAI's $10 billion revenue, and Laurel's $100 million funding for time intelligence tech.
- Recent company acquisitions, product launches, and earnings from various tech giants are detailed in the article.
- Security updates include Cyera's $6 billion valuation raise and new products and services like Vanta's AI Agent for compliance workflows.
- Emerging tech news covers Apple's design and capabilities update, IBM's quantum computer roadmap, Stripe's Privy acquisition, and Uber's robotaxis in London plans.
Read Full Article
Like
Dev
4w
399
Image Credit: Dev
Top Apple Device Management Software for 2025 | Easy & Secure
- Managing Apple devices in a business or educational setting is crucial for seamless operations and security.
- Top Apple device management software for 2025 offers advanced features and adaptability.
- Key features include security and compliance, deployment, user support, and scalability.
- Top options for 2025 include Vantage MDM, Jamf Pro, Kandji, Mosyle Business, and Addigy.
- Vantage MDM offers zero-touch deployment, advanced security, and real-time monitoring.
- Jamf Pro suits large enterprises with comprehensive app management and detailed analytics.
- Kandji focuses on automation and user-friendly features, ideal for organizations valuing simplicity.
- Mosyle Business provides unified endpoint management and dynamic workflows, suitable for businesses of all sizes.
- Addigy offers flexibility with cloud-based management, custom alerts, policy automation, and remote control.
- Consider factors like organization size, budget, IT expertise, and security when selecting Apple device management software.
Read Full Article
24 Likes
Securityaffairs
4w
217
Image Credit: Securityaffairs
Paraguay Suffered Data Breach: 7.4 Million Citizen Records Leaked on Dark Web
- Resecurity researchers discovered 7.4 million records of Paraguay citizens' personally identifiable information (PII) on the dark web, with cybercriminals demanding $7.4 million in ransom payments.
- The stolen data was offered for sale, with a symbolic deadline set by a ransomware group.
- The leaked data includes PII from different government systems, accusing the country's leadership of corruption and lack of data protection.
- The Paraguayan government refused to pay the ransom and did not provide details on how the data of 7.5 million citizens was compromised.
- The leak is suspected to be from various government institutions, including the National Agency for Transit and Road Safety and the Ministry of Public Health and Social Welfare.
- Past data breaches in Paraguay were noted, including incidents in 2025 involving over 7 million people and sensitive data from public institutions.
- The cybercriminals referred to themselves as 'Cyber PMC' and targeted government systems for profit, raising concerns about potential foreign state involvement.
- The growing number of cyberattacks against Paraguay, possibly linked to Chinese state-sponsored groups like Flax Typhoon, is highlighted.
- No data was leaked in the Flax Typhoon incident, which employed advanced persistent threats to infiltrate systems.
- Paraguay's stance on Taiwan's independence has led to heightened cyber threats, with foreign actors targeting government systems storing citizen PII.
- The trend of increasing cyber threats in South America underscores the need for greater vigilance in safeguarding government information systems and citizen data.
- Flax Typhoon, a cyber-group linked to China, conducted an advanced persistent threat (APT) attack on Paraguayan government networks.
- The Paraguayan government has taken steps to address the cyber threats and emphasized the importance of protecting sensitive information.
- The significant data breach in Paraguay involving 7.4 million citizens signifies a critical cybersecurity incident in the nation's history.
- This incident raises concerns about the vulnerability of government systems and the need for robust cybersecurity measures to safeguard citizen data.
- The extensive scope of the data breach, previous incidents, and potential foreign involvement underscore the urgency for enhanced cybersecurity protocols in Paraguay.
Read Full Article
13 Likes
Medium
4w
213
Image Credit: Medium
Creating a personal VPN using GCP and Terraform
- This article describes a simple implementation of a VPN using GCP and Terraform, focusing on basic functionalities like secure browsing and video streaming.
- Readers need to have Terraform installed and set up in addition to a GCP account with required permissions.
- Steps are provided for setting up credentials in GCP, creating a service account, and managing keys securely.
- The tutorial includes files for setting up a VM, firewall rules, and necessary configurations.
- Deployment commands are provided for setting up the VPN server.
- Upon successful deployment, users can generate a QR code to configure the Wire Guard app for VPN connection.
- Final steps involve installing the Wire Guard app, scanning the QR code, and connecting to the VPN.
- Once connected, users can check their IP address to verify the VPN functionality.
- The process is presented as straightforward and concludes with a note of thanks to the readers.
- The article encourages readers to reach out for help if they encounter any issues.
- Instructions are given to SSH into the VM instance to retrieve the QR Code for configuring the VPN.
- Using the Wire Guard app and scanning the QR Code enables users to establish the VPN connection easily.
- Checking the IP address post-connection confirms the VPN is active.
- The article emphasizes the simplicity of the setup process and offers guidance for troubleshooting.
- The tutorial emphasizes the educational aspect and basic functionality of the VPN created using GCP and Terraform.
- It concludes by thanking the readers and inviting feedback for any challenges faced during the setup.
Read Full Article
12 Likes
Tech Radar
4w
244
Image Credit: Tech Radar
This cyberattack lets hackers crack AI models just by changing a single character
- Researchers from HiddenLayer have devised a new LLM attack called TokenBreaker.
- They can bypass certain protections by adding or changing a single character, while the LLM still understands the original intent.
- The attack targets LLMs using tokenization strategies like Byte Pair Encoding or WordPiece.
- Tokenization breaks text into tokens for LLMs to process.
- By adding characters to keywords, protective models can be fooled into thinking prompts are safe.
- This can bypass defenses to sneak malicious content past filters, potentially leading to malware exposure.
- The end target can still interpret the manipulated text, rendering the protection model ineffective.
- Models employing Unigram tokenizers were found to be more resistant to such manipulation.
- Mitigation strategies include choosing models with stronger tokenization methods.
Read Full Article
14 Likes
Wired
4w
377
Image Credit: Wired
CBP's Predator Drone Flights Over LA Are a Dangerous Escalation
- CBP has confirmed flying Predator drones over Los Angeles during the ongoing protests, providing support to federal law enforcement agencies like ICE.
- Various state-level agencies in the US utilize drones and other vehicles for aerial surveillance, with California also using drones to fight forest fires.
- CBP's MQ-9 Reaper drones are military-grade UAVs used for reconnaissance and have the capability to be armed.
- The deployment of military drones over LA reflects expanding federal involvement in state matters, especially amidst the deployment of active-duty Marines and National Guard units.
- Matthew Feeney from Big Brother Watch emphasizes the significance of using military gear during protests especially when federal troops are deployed against state objections.
- The presence of Predator drones equipped with high-tech sensors can capture detailed footage of events like protests from high altitudes.
- CBP's Air and Marine Operations stated that the drone flights are focused on situational awareness and officer safety support.
- The usage of surveillance drones might increase as protests spread to other cities, according to Patrick Eddington from the Cato Institute.
- CBP claims that their operations do not involve surveillance of First Amendment activities, as per a commitment made by DHS in 2015.
- However, there are concerns about how the drone surveillance could support federal law enforcement efforts without monitoring protests.
- While the use of Predator drones over LA is not unprecedented, it raises worries about the normalization of military technology on civilian populations.
- Researchers and UAV experts urge people to reject the normalization of such surveillance tactics by the federal government.
- Concerns remain about the potential future deployment of surveillance drones by the government regardless of a state's handling of situations.
- The deployment of military drones during protests raises questions about civil liberties and the appropriate use of technology.
- The article discusses the concerns raised by experts about the deployment of military drones during protests and the implications on civil liberties and surveillance practices.
Read Full Article
22 Likes
Pcgamer
4w
0
Image Credit: Pcgamer
'225,000,000,000 attacks per day': Computer users and gamers are significantly more at risk of cybercrime than at any other time in the past
- The risk of cybercrime affecting gaming has never been greater, with over 200 billion cyberattacks a day targeting PCs, consoles, and phones worldwide.
- Cloudflare's chief security officer mentioned handling about 225 billion attacks daily, emphasizing the substantial cyber threat present.
- PC gamers face significantly higher risks of cybercrime compared to a decade ago, with more sophisticated and targeted attacks prevalent.
- Common gaming attacks include phishing for account takeovers and luring gamers with fake free item websites.
- Traditional indicators like the lock icon in browsers may no longer guarantee safety, making it easier for scammers to trick users.
- Proper gaming companies use services like Cloudflare for hosting to enhance security measures against malicious activities.
- Tips for gamers include keeping software updated, securing network devices, and being cautious of downloading software from untrusted sources.
- Cloud gaming, while offering some security benefits, still requires users to implement additional safeguards like multi-factor authentication.
- Individual actions like enabling MFA and using unique passwords can enhance personal cybersecurity measures against cyber threats.
- Staying vigilant and implementing security best practices can help reduce the risk of falling victim to cybercrime in the gaming world.
Read Full Article
Like
Amazon
4w
182
Image Credit: Amazon
AWS CIRT announces the launch of the Threat Technique Catalog for AWS
- AWS CIRT has launched the Threat Technique Catalog for AWS to help customers during security investigations.
- The catalog includes metadata on tactics and techniques used by threat actors against AWS customers.
- Data from investigations is used to improve AWS services and enhance security measures.
- Feedback from customers led to collaboration with MITRE to make techniques available globally.
- AWS CIRT's findings have been integrated into MITRE ATT&CK® for broader dissemination.
- The Threat Technique Catalog for AWS provides specific AWS-related adversarial techniques.
- Organizations can leverage the catalog to bolster AWS infrastructure security.
- It offers information on mitigation and detection methods for identified threats.
- Customers can access the catalog for guidance on securing their AWS environment.
- Collaboration with MITRE aims to keep the catalog updated with new threat actor techniques.
Read Full Article
10 Likes
Tech Radar
4w
349
Image Credit: Tech Radar
Over 80,000 Microsoft Entra ID accounts hit by password spraying attacks
- Over 80,000 Microsoft Entra ID accounts were targeted by password-spraying attacks using a legitimate penetration testing tool, resulting in a few compromised accounts.
- Hackers utilized the TeamFiltration tool to automate attacks on Entra ID accounts, abusing Microsoft Teams API and AWS servers globally.
- The campaign, referred to as UNK_SneakyStrike, began around December 2024 and originated from various geographies including the US, Ireland, and Great Britain.
- In several instances, attackers successfully accessed Microsoft Teams, OneDrive, and Outlook data after infiltrating user accounts.
- No specific threat actor has been identified in the campaign, with focus on the misuse of legitimate tools for malicious purposes.
- Researchers anticipate an increase in the adoption of advanced intrusion tools by threat actors.
Read Full Article
20 Likes
Medium
4w
182
Image Credit: Medium
The True Dangers of Young Teenagers on Instagram
- Social media poses dangers for young teenagers by exposing them to potential online predators through platforms like Instagram.
- Statistics show that a significant percentage of teens have encountered predatory behaviors online.
- The explore page on Instagram allows easy access for predators to target vulnerable teens.
- Parents are urged to educate themselves on online dangers and safeguard their children's social media accounts.
- Emphasizing the need for privacy settings and refraining from sharing personal information online is crucial.
- Teens should be informed about online threats and equipped with tools to protect themselves.
- Educating children on recognizing predatory behaviors and practicing internet safety measures is essential.
- Tips such as creating strong passwords and limiting personal information online can enhance online safety for teenagers.
Read Full Article
10 Likes
For uninterrupted reading, download the app