A naukri.com initiative
Cyber Security News
Medium
3w
67
Image Credit: Medium
AI in Cybersecurity: The Global Digital Defense Report
- Cyber threats have rapidly increased, with cyber risks growing by 30% in 2024 compared to the previous year.
- The average cost of a data breach in 2023 was $4.45 million, causing significant disruptions and financial losses.
- AI-powered cybersecurity offers advanced detection of new and unknown threats through behavior-based analysis and anomaly detection.
- AI can automate response systems, detect phishing attacks, enhance penetration testing, and protect against AI-driven malware.
Read Full Article
3 Likes
Medium
3w
114
Image Credit: Medium
Don’t Let Your Phone Reveal Your Location and Private Messages: Follow These Privacy Tips
- Hackers can track your location through your phone number when using mobile apps like Signal, Telegram, WhatsApp that require phone numbers for registration.
- Web-based messages utilize IP addresses for communication; VPNs can help hide your IP address to enhance privacy and security.
- Encrypting messages offline before using platforms like Facebook, WhatsApp, Gmail can protect your privacy from potential hackers.
- Cellular carriers can determine your location through triangulation using signal strengths, potentially selling this data to third-party companies for tracking.
- Phones have unique IDs and geofencing allows drawing boundaries around areas to monitor phones present in that location.
- Apps like Facebook, Instagram, Messenger, and Linkedin collect and share user data, including location and activity details.
- To safeguard privacy, turn off location services, limit app permissions, use VPNs, toggle off cell connections and Wi-Fi, and consider using a Faraday bag.
- Utilize services like Make It Private for message encryption and consider using the Community Alert system for broadcasting alerts to specific groups.
- Protect your privacy online by following tips such as disabling location settings, turning off radios when not in use, using Airplane Mode, limiting app permissions, and resetting advertising IDs regularly.
- Web-based messaging, encryption, and security practices are recommended over cell phone traffics to protect your privacy and whereabouts.
- Various measures, including utilizing VPNs, Faraday bags, and encrypted messaging, can help individuals shield themselves from online tracking and privacy invasions.
Read Full Article
6 Likes
Dev
3w
105
Image Credit: Dev
MedOne: Pioneering Israel's Data Center Landscape with Innovation and Resilience
- MedOne is Israel's leading data center provider, offering secure and high-performance solutions.
- Their facilities serve as interconnection hubs, providing seamless connectivity to global networks.
- MedOne ensures data security through advanced measures and guarantees business continuity.
- With expansion plans and strategic partnerships, MedOne remains at the forefront of innovation in the industry.
Read Full Article
6 Likes
Dev
3w
4
Image Credit: Dev
Login Page for Modern Applications
- The need for a secure yet user-friendly login page for modern applications is crucial to prevent unauthorized access.
- Implementing multi-factor authentication, such as CAPTCHA, helps deter brute-force attacks but can inconvenience users.
- Splitting data entry into multiple steps with temporary tokens can enhance security against brute-force tools.
- Utilizing CSRF tokens and adding random delays to authentication steps further protects against attacks and user enumeration.
- Rate limiting authentication calls per IP address helps prevent anomalies and potential attacks.
- Recommendations include rejecting common passwords, utilizing password strength meters, and encouraging the use of password managers.
- Passwordless login options, such as magic links sent via email, offer a secure and convenient alternative to traditional password-based login systems.
- Implementing mobile authentication through OAuth 2.0 can streamline the login process and enhance user experience for mobile apps.
- Consideration of Credential Service Providers (CSPs) can simplify authentication processes and improve overall security by integrating with third-party services.
- Striking a balance between security and user convenience is essential for creating effective login pages for modern applications.
Read Full Article
Like
Medium
3w
405
Image Credit: Medium
Hackers vs. AI: Who’s Winning the Cyber Battle?
- AI-powered security systems offer advantages in cybersecurity such as analyzing data, detecting threats, and responding faster.
- Hackers are now using AI to enhance their attacks, including AI-generated phishing emails and deepfake technology.
- Traditional cybersecurity still relies on human intervention, and human error remains the biggest security risk.
- The next phase of cybersecurity may involve AI fighting AI, but for now, a combination of AI-driven security, human awareness, and skepticism is the best defense.
Read Full Article
24 Likes
Digitaltrends
3w
57
Image Credit: Digitaltrends
NymVPN review: a private, anonymous, and decentralized service
- NymVPN is a decentralized VPN service that prioritizes privacy and security, utilizing blockchain technology and independently operated servers for anonymity.
- Pros include decentralized VPN network, five-hop mode for increased security, encryption with noise obfuscation, and live chat support on weekdays.
- Cons of NymVPN are slower fast mode, lack of split-tunneling and advanced features, and limited server selection.
- Subscription options include monthly and two-year plans, with the two-year plan offering the most savings, priced at $132.
- NymVPN's interface is user-friendly and offers Fast mode for browsing and streaming speed, and Anonymous mode for heightened privacy.
- While NymVPN may be slower compared to other VPNs, it offers enhanced security through multi-hop connections, using AmneziaWG protocol for encryption.
- The service lacks advanced features like split-tunneling and port forwarding, with plans to add more options in the future.
- NymVPN's Anonymous mode provides a five-hop connection for extreme security, hindering tracking and enhancing anonymity.
- NymVPN's customer support includes a live chat option on weekdays, with helpful assistance, but operating hours might be inconvenient for some users.
- NymVPN places a strong emphasis on privacy, with no data collection, anonymous payments, and secure, multi-hop encrypted tunnels.
- Overall, NymVPN is recommended for users prioritizing privacy and anonymity, despite potential speed trade-offs and pricing compared to other VPN options.
Read Full Article
3 Likes
Securityaffairs
3w
79
Image Credit: Securityaffairs
New ReaderUpdate malware variants target macOS users
- Multiple versions of the ReaderUpdate malware variants, written in Crystal, Nim, Rust, and Go, are targeting macOS users, according to SentinelOne researchers.
- ReaderUpdate, a macOS malware loader, first appeared in 2020 and was later found delivering Genieo adware.
- The malware variants are distributed in five different source languages, including Go, Crystal, Nim, Rust, and compiled Python.
- The malware obfuscates strings and URLs, making it difficult to analyze and detect the threats it poses.
Read Full Article
4 Likes
Medium
3w
299
Image Credit: Medium
Kids on VR… Know the Impacts
- Virtual reality (VR) and other emerging technologies are transforming the way we experience technology.
- VR is designed to make you think and feel things that are not real, with potential impacts on kids' emotions.
- Common Sense Media has released a report on the safety of VR for kids, highlighting the need for further research.
- On the positive side, VR has the potential to serve as a teaching tool and enable interactive experiences for groups of people.
Read Full Article
18 Likes
Siliconangle
3w
207
Image Credit: Siliconangle
Security moves upstream as Chainguard redefines the software supply chain
- Software supply chain is evolving to address the gap between speed and security, with a focus on integrating security into the coding process.
- Chainguard, led by Dan Lorenc, is reshaping software supply chain security by embedding trust and automation into development workflows.
- The industry shift towards security at every level of the stack includes leveraging tools like Chainguard Libraries and minimal VM images.
- Kit Merker of Plainsight Technologies highlights the scaling challenges faced by enterprises in implementing computer vision.
- Shift5 Inc.'s partnership with Chainguard streamlines compliance work, allowing focus on building secure defense systems.
- Chainguard's nano-update strategy introduces continuous, incremental updates to improve system resilience.
- Jason van Zyl discusses Chainguard Libraries, emphasizing the need for open-source libraries to be secure by default.
- Chainguard's focus on reducing the attack surface and providing actionable visibility contributes to a strategy of rapid updates and precision remediation.
- The industry recognizes the importance of security from source to runtime, with a shift towards securing every step in the software development process.
- The industry event Chainguard Assemble, discussed by experts like Lorenc, Lewandowski, Merker, and Kirkland, highlights the latest advancements in software supply chain security.
Read Full Article
12 Likes
BGR
3w
57
Image Credit: BGR
Update Chrome immediately to patch Google’s first first zero-day of 2025
- Google has patched a critical Chrome zero-day vulnerability
- The vulnerability was discovered during an investigation into a phishing campaign targeting Russian media outlets, universities, and government agencies.
- The exploit bypassed Chrome's sandbox protection and allowed the deployment of spyware-grade malware.
- Google issued a fix for the zero-day vulnerability with Chrome version 134.0.6998.178 and users are advised to update immediately.
Read Full Article
3 Likes
Dev
3w
378
Image Credit: Dev
Can AI outsmart Human beings?
- Software developers play a vital role in our increasingly software-driven world, but their role is evolving due to technological advancements.
- The integration of artificial intelligence (AI) and automation in development workflow is changing the game – from AI-assisted coding to automated testing and deployment.
- The scope of software development is expanding, including domains like IoT, edge computing, quantum computing, VR/AR, and cybersecurity.
- Apart from technical skills, soft skills and adaptability are becoming increasingly crucial, and specialized roles are on the rise in the field of software development.
Read Full Article
22 Likes
Wired
3w
374
Image Credit: Wired
SignalGate Isn’t About Signal
- The scandal known as SignalGate involving a Signal group chat mistakenly including The Atlantic's editor is not about Signal itself, as security experts clarify.
- Blaming Signal for the security breach in the chat where US airstrikes were planned against Houthi rebels is deemed incorrect by experts like Kenn White and Matt Green.
- The issue in SignalGate is attributed to operator error in inviting untrusted contacts into a confidential conversation rather than a flaw in Signal's technology.
- Using consumer apps like Signal for highly sensitive government communications poses risks due to potential vulnerabilities in non-restricted devices.
- The Trump administration's discussion on Signal highlights concern about using unauthorized platforms and devices for classified military operations.
- Issues like disappearing message features in apps like Signal pose challenges for meeting federal record retention laws in government communications.
- The involvement of high-level officials like Pete Hegseth in conversations on Signal raises questions about proper security protocols for classified information.
- Signal's use in the cabinet chat points to the necessity for stricter control over software and devices in government agencies like the Department of Defense.
- Experts emphasize the importance of maintaining security standards and ensuring sensitive information is protected, regardless of its classification status.
- Despite criticism following the SignalGate scandal, Signal itself remains highly recommended by security experts for secure communications in high-risk environments.
Read Full Article
22 Likes
Cybersecurity-Insiders
3w
387
Image Credit: Cybersecurity-Insiders
Security Silos Are Failing: Why CTEM Is Key to Smarter Cyber Defense
- Security teams face challenges due to an abundance of siloed cybersecurity tools, leading to a lack of holistic view of threats.
- Continuous threat exposure management (CTEM) aims to address security fragmentation and prioritize critical risks.
- Current cybersecurity tools operate in isolation, causing delays in threat detection and response, leading to high costs for organizations.
- CTEM focuses on real attack paths and exploitability to streamline security operations and reduce response times.
- By bridging gaps between disconnected security tools, CTEM enhances collaboration and effectiveness in security operations.
- While CTEM is beneficial in many aspects, it lacks continuous validation of security controls and may lead to a false sense of security.
- Organizations should integrate existing tools, prioritize context over data, and involve all stakeholders in cybersecurity efforts for a cohesive defense strategy.
- The shift from reactive to proactive risk reduction in cybersecurity is essential for staying ahead of evolving cyber threats.
- The key lies in unifying tools, addressing real attack paths, and ensuring continuous security optimization to combat modern cyber threats effectively.
- CTEM provides visibility, accelerates response times, and assists in better risk prioritization, enabling organizations to tackle cyber risks strategically.
Read Full Article
23 Likes
TechCrunch
3w
312
Image Credit: TechCrunch
Leaked data exposes a Chinese AI censorship machine
- A leaked database reveals China has developed an AI system to enhance its censorship, going beyond traditional limits.
- The AI system aims at censoring online content for Chinese citizens, potentially aiding in refining existing censorship models.
- The dataset uncovered by a security researcher contained 133,000 examples, implying a focus on using large language models (LLMs) for repression.
- The dataset includes recent entries up to December 2024 and targets sensitive topics such as politics, social issues, and the military.
- Content related to pollution scandals, financial fraud, labor disputes, and political satire are flagged as 'highest priority.'
- The system specifically targets topics like Taiwan politics, military movements, and dissenting voices using historical analogies.
- The dataset also addresses social issues like rural poverty, corrupt local officials, and military capabilities, aiming to regulate public discourse.
- The 'public opinion work' dataset, though not attributing creators, signifies a tool for censorship and propaganda aligned with Chinese government objectives.
- The use of advanced AI tech for censorship, like LLMs, indicates a shift towards more sophisticated repression methods by authoritarian regimes.
- While conventional methods focused on blocking specific terms, AI-driven censorship can now identify subtle criticisms and evolve with increased data consumption.
Read Full Article
18 Likes
Cybersecurity-Insiders
3w
237
Image Credit: Cybersecurity-Insiders
Why Healthcare Executives Should Prioritize Security Compliance
- Healthcare executives should prioritize security compliance not just for regulatory requirements but also to protect the organization's reputation, reduce risks, and ensure business continuity.
- Achieving certifications like HITRUST CSF e1 or i1 can enhance health plan and patient assurance, reduce security risks, and open doors to increased revenue through enhanced trust and compliance practices.
- Investing in security compliance can help small to medium-sized healthcare organizations mitigate risks and thrive in a regulated industry, requiring a proactive approach to cyber measures to combat evolving threats effectively.
- Ransomware attacks highlight the need to secure healthcare systems for patient safety and care continuity, with breaches potentially leading to identity theft, medical fraud, or exposure of sensitive health data.
- Security compliance frameworks ensure data protection, secure backups, and incident response plans to recover quickly from cyber incidents, maintaining healthcare services' smooth delivery.
- HITRUST certification is essential in the healthcare industry, signaling seriousness about data security, patient privacy, and compliance, aiding in winning contracts with high demands for security and compliance.
- HITRUST e1 or i1 certification requires a thorough risk assessment, detailed cybersecurity framework implementation, and continuous adherence to security standards for ongoing improvement in cybersecurity practices.
- By achieving HITRUST certification, healthcare organizations can increase revenue potential, qualify for partnerships, negotiate lower premiums for cyber liability insurance, and avoid high costs related to data breaches.
- Healthcare providers benefit from HITRUST e1 and i1 certifications by simplifying compliance efforts, reducing administrative overhead, improving operations efficiency, and maintaining accountability in data security and risk management.
- In the face of rising cyber threats and stricter compliance requirements, viewing security compliance as a strategic investment is crucial for healthcare organizations, as HITRUST certification elevates patient trust and regulatory compliance.
Read Full Article
14 Likes
For uninterrupted reading, download the app