A naukri.com initiative
Cyber Security News
Pv-Magazine
4w
315
Cybersecurity for resilient energy storage projects
- Compliance with cybersecurity regulations is challenging for many in the energy storage industry but presents opportunities for risk mitigation.
- Robust cybersecurity safeguards are essential for the resilience of grid infrastructure as the energy storage sector evolves.
- The digitalization of grid operations has increased the cyber attack surface, necessitating the implementation of cybersecurity measures.
- North American Electric Reliability Corporation highlighted the rise in vulnerable points in US power grids, emphasizing the need for cybersecurity.
- Energy storage investors are advised to address evolving cybersecurity risks and regulations to prevent revenue losses and project disruptions.
- Fluence views cybersecurity as a way to enhance customer value by reducing project risk associated with cyber non-compliance and incidents.
- Cybersecurity is crucial in mitigating revenue loss and ensuring project availability amidst changing regulatory requirements and cyber threats.
- Fluence experts Katherine Hutton and Lars Stephan emphasize the importance of cybersecurity measures in energy storage projects.
- Investing in robust cybersecurity strategies can help safeguard energy storage projects against cyber-related disruptions and potential revenue impacts.
- For more information, readers are encouraged to visit the ESS News website for further insights on cybersecurity in energy storage projects.
Read Full Article
18 Likes
Dev
4w
302
Image Credit: Dev
GeoServer Hit by Critical SSRF and XXE Vulnerabilities — Patch Now!
- GeoServer, widely used for geospatial data, is affected by critical SSRF and XXE vulnerabilities (CVE-2024-29198, CVE-2025-30220) allowing unauthenticated access to sensitive files.
- The SSRF vulnerability arises from misconfigured PROXY_BASE_URL allowing attackers to exploit the TestWfsPost endpoint.
- The XXE flaw in GeoTools library can lead to arbitrary file read or network access due to improper EntityResolver configuration.
- Both vulnerabilities pose a high-risk, remote network exploitation threat with no need for authentication.
- GeoServer versions prior to 2.24.4, 2.25.2, 2.27.1, 2.26.3, 2.25.7 are affected along with corresponding GeoTools and GeoNetwork versions.
- Temporary mitigation for SSRF involves blocking TestWfsPost access, while permanent fix requires updating to specified patched versions.
- For XXE, providing a secure EntityResolver is a temporary workaround with an upgrade to patched versions advised for permanent solution.
- Several security platforms like Yuntu, Dongjian, SafeLine, and Quanxi are responding to these vulnerabilities with detection and support services.
- The advisory for these vulnerabilities was released on June 12, 2025, urging immediate patching due to the severity of these issues.
- Action is highly recommended for GeoServer users to prevent potential full system compromise and unauthorized file access.
- Community support is available for SafeLine users through updates and resources shared in the SafeLine community.
- Patching these critical vulnerabilities is crucial for system security and prevention of unauthorized data access.
- GeoServer users are advised to follow the provided mitigation steps and promptly update to the patched versions to secure their systems.
- Immediate action is necessary for GeoServer users to safeguard against the exploitation of these high-risk vulnerabilities.
- Stay informed and updated within the SafeLine community to address security concerns and implement necessary measures.
- If you run GeoServer, patch immediately to avoid potential system compromise as these vulnerabilities pose a serious threat to server security.
Read Full Article
18 Likes
Dev
4w
4
Image Credit: Dev
Scaling GitOps in the Enterprise: Secure Secrets, Policy as Code, and Multi-Cluster Strategies
- The foundational principles of GitOps have revolutionized how organizations manage infrastructure and applications, but scaling GitOps in the enterprise poses challenges with secrets management, policy enforcement, and multi-cluster strategies.
- Challenges with secrets management in GitOps include secret sprawl and security risks, leading to the emergence of strategies like encrypted secrets in Git using tools like SOPS and Sealed Secrets, or reference-based management with tools like the External Secrets Operator.
- Policy as code (PaC) tools like OPA Gatekeeper and Kyverno help enforce security and compliance in Kubernetes clusters by defining and automating policies stored in Git repositories.
- Multi-cluster deployment strategies in GitOps utilize tools like Argo CD and FluxCD, adopting approaches such as the 'Hub-and-Spoke' model, ensuring consistent deployments across diverse environments.
- Security principles for GitOps focus on least privilege, immutability, auditing, and secure CI/CD pipelines, while scaling considerations include efficient repository organization, reconciliation loop efficiency, and observability.
- Future trends in GitOps include edge computing, AIOps integration, tooling maturity, and application in data and machine learning pipelines, emphasizing the continuous evolution and adoption of GitOps in the enterprise.
Read Full Article
Like
Siliconangle
4w
186
Image Credit: Siliconangle
Sam Altman-backed network infrastructure startup Meter raises $170M
- Meter Inc., a network infrastructure startup, raised $170 million in funding led by General Catalyst.
- Investors in this round include Baillie Gifford, J.P. Morgan, Microsoft Corp., and Sequoia Capital.
- The company automates the process of connecting new offices to corporate networks using its networking devices.
- Meter offers switches, wireless access points, PDUs, and cybersecurity appliances.
- The startup supplies, installs, and manages networking equipment for its customers.
- It provides a software platform for automated issue resolution and troubleshooting.
- Meter is developing an AI model to automate more tasks and has high-profile customers like Lyft and Reddit.
- The company plans to focus on data center adoption and international expansion with the new funding.
- Meter aims to grow its hardware presence in the market.
- The investment will also support the development of its AI troubleshooting capabilities.
- Meter's model uses billions of parameters and data collected from its network infrastructure.
- Microsoft, one of the investors, is supplying tens of thousands of graphics cards for training the AI model.
- The company intends to enhance its observability tools and network security features.
- Meter's technology helps prevent malware spread in corporate networks.
- The company's platform can switch between internet providers in case of technical issues.
Read Full Article
11 Likes
Ars Technica
4w
88
Image Credit: Ars Technica
Coming to Apple OSes: A seamless, secure way to import and export passkeys
- Apple introduced a new feature to address limitations with passkeys, a secure authentication standard used for websites and apps.
- The import/export feature demonstrated at the Worldwide Developers Conference will be available in upcoming releases of iOS, macOS, iPadOS, and visonOS.
- Passkeys have been criticized for lacking transferability across different platforms or devices.
- The FIDO Alliance is working on interfaces to enhance passkey syncing flexibility across various systems.
- Developers from companies like Google, Dashlane, 1Password, Bitwarden, and others are actively implementing import/export tools.
- The move to passkeys aims to mitigate the issues associated with passwords, such as weak choices, reuse, leaks, and phishing.
- Under the FIDO2 spec, passkeys involve a unique keypair for each account, enhancing security and preventing data compromise.
- Passkeys do not share secrets outside the user's device, making them resilient to common security threats.
- The main challenge with passkeys currently is their lack of usability and interoperability.
- Apple's demonstration suggests progress in improving passkey usability and functionality.
- The transfer feature will also work with passwords and verification codes, providing users with more control over their credentials.
- Passkeys aim to provide a more secure means of authentication compared to traditional passwords.
- The feature ensures credentials are managed where users choose, improving data control and flexibility.
- The development of passkey import/export tools signals a move towards a more user-friendly and secure authentication ecosystem.
- Passkeys are designed to prevent credential phishing, password leaks, and other common attack methods.
- The passkey feature enhances security by creating unique keypairs for each account and preventing shared secrets.
- Passkeys aim to address the limitations of traditional passwords and enhance data security for users.
Read Full Article
5 Likes
Dev
4w
200
Image Credit: Dev
The Business-First Approach to Cybersecurity: Why Technical Excellence Isn't Enough in 2025
- Traditional cybersecurity often fails to protect businesses due to a lack of understanding of business impact.
- Merely technical soundness is insufficient; effective security programs integrate technical risks with business context.
- Real-life examples illustrate the importance of business acumen in cybersecurity decision-making.
- A business-first approach considers both technical risk and business criticality for security decisions.
- Security decisions should align with business priorities to optimize security efficacy and operational efficiency.
- Translating security measures into business terms enhances communication and enables better decision-making.
- The article offers insights on asset classification, risk communication, and ROI-driven security investments.
- The evolving cybersecurity landscape in 2025 demands business-context responses to AI-powered attacks and multi-cloud environments.
- Practical steps are suggested for technical professionals and business leaders to bridge the business-security gap.
- Success in cybersecurity involves combining technical expertise with business acumen to protect business value effectively.
Read Full Article
12 Likes
Siliconangle
4w
66
Image Credit: Siliconangle
What to expect at the AppDev Done Right Summit: Join theCUBE June 17
- The modern application development lifecycle is under pressure to modernize and accelerate delivery while embedding security and reducing tooling friction for developers.
- DevSecOps has become crucial, enabling speed and resilience in software development.
- The AppDev Done Right Summit, hosted by theCUBE Research, will focus on modernizing apps, empowering developers, and streamlining development pipelines.
- Platform engineering and internal developer platforms are key to modern application development, allowing for autonomy and delivery velocity.
- GitOps is gaining traction for infrastructure automation, leading to improved deployment success and developer productivity.
- Observability and security are fundamental for application resilience in Day 2 Operations, ensuring performance tuning, faster incident response, and automation.
- The Summit will cover topics like sustainability, evolving practices in platform engineering, and observability-driven operations in modern app development.
- It will address the importance of embedded security, infrastructure choices, and sustainability in the context of modern app development.
- theCUBE Research’s AppDev Done Right Summit will feature industry experts discussing the landscape of application development and modernization.
- Join the community on YouTube to support the mission of providing free, deep, and relevant content.
Read Full Article
4 Likes
Pymnts
4w
186
Image Credit: Pymnts
Nacha Updates Resources to Help Financial Institutions Protect Seniors From Fraud
- Nacha's Payments Innovation Alliance has updated tools to protect seniors from financial fraud.
- The Alliance created an infographic on elder financial exploitation statistics.
- They also developed an Elder Financial Exploitation Awareness Financial Institution Checklist to assist institutions.
- Elder financial exploitation typically involves fraud targeting individuals 55 years and older.
- The resources were released in conjunction with World Elder Abuse Awareness Day on June 15.
- These tools aim to help institutions safeguard account holders and support fraud victims.
- Elder financial fraud has increased as more seniors conduct banking online.
- The FBI reported a 14% increase in elder fraud complaints in 2023.
- In 2023, individuals 60 years and older lost $3.4 billion to fraud, with an average victim loss of $33,915.
- Federal financial regulatory agencies released a joint statement to help prevent elder financial exploitation.
Read Full Article
11 Likes
Wired
4w
244
Image Credit: Wired
How to Protest Safely in the Age of Surveillance
- Protesters need to consider digital security in addition to physical safety during nationwide protests against the second Trump administration, as surveillance tools are used by authorities.
- Digital surveillance risks for protesters include data authorities could collect from their phones and interception of identifying information at protests.
- Simple measures can enhance digital security, making it harder for surveillance and interception of communications.
- Using secondary or burner phones with limited personal data, encrypted messaging, and avoiding traditional calls and texts are recommended.
- Precautions like full device encryption, strong passcodes, and disabling biometric unlocking can protect phones in case of confiscation.
- Wearing face masks, sunglasses, and avoiding identifiable clothing can reduce the risk of face recognition during protests.
- Consider the risks of online presence, social media posts, and livestreams that can be used by authorities for identification and tracking.
- Protesters should assess privacy concerns versus documenting events, being mindful of what they share online and cautious about revealing identifying information.
- The article emphasizes the importance of privacy protections for protesters and staying vigilant against new forms of digital surveillance.
- Protesters are advised to be prepared for escalated responses and potential mass surveillance, with individual privacy measures crucial in empowering them to participate.
- Article qualifies for web story generation as it provides relevant and timely information on digital security considerations for protesters during protests.
Read Full Article
14 Likes
Dev
4w
226
Image Credit: Dev
Mastering Docker from Scratch to Scale – A Hands-On Guide with Labs, CI/CD, Security & DCA Prep
- Sudipta Biswas, a cybersecurity architect and author, has released a lab-driven Docker book titled 'Mastering Docker from Scratch to Scale.'
- The book aims to provide hands-on guidance for developers, SREs, DevOps engineers, and Docker certification aspirants.
- Sudipta Biswas wrote the book to address the shortcomings of existing Docker tutorials by offering step-by-step guidance, security best practices, CI/CD, and hands-on labs.
- The book is structured into three parts: Foundations, Intermediate to Advanced, and Security & Scaling, covering topics ranging from Docker architecture and CLI to security hardening and scaling.
- Bonus materials in the book include 50+ hands-on labs, DCA practice questions, real-world case studies, GitHub CLI and DockerHub CLI cheatsheets, and a glossary of Docker & DevOps terms.
- The book is suitable for developers, SREs, security professionals, students preparing for the DCA exam, and teams adopting DevSecOps practices.
- Useful links provided include Amazon for purchasing the book and the GitHub Labs Repository for additional resources.
- Feedback is welcomed from readers, and collaboration opportunities are open for teaching or community groups.
- Sudipta Biswas expresses gratitude to supporters and encourages continuous improvement in building better systems.
Read Full Article
13 Likes
Medium
4w
186
Sivanandh CC: The Visionary Behind RECILENS — A Company Redefining Cybersecurity and Digital…
- Sivanandh CC is the visionary behind RECILENS, a company redefining cybersecurity and digital solutions.
- He advocates for skills over degrees and launched RECILENS Internship 2k25, a no-cost internship program aiming to empower students and professionals.
- RECILENS offers a platform for real project collaborations and meaningful career building, focusing on hands-on experiences.
- Sivanandh aims to combine AI and Blockchain to innovate threat detection and intelligence sharing in cybersecurity.
- His work on an AI-driven, blockchain-integrated cybersecurity platform has positioned RECILENS as a forefront player in global security innovation.
- Apart from running a company, Sivanandh actively builds a community where innovation and impact converge, turning students into professionals.
- He shares his knowledge through blogs, workshops, and technical events to contribute to a safer digital world.
Read Full Article
11 Likes
Dev
4w
275
Image Credit: Dev
The AI Revolution in Ethical Hacking: Empowering Defenders in the Digital Age
- The AI Revolution in Ethical Hacking is empowering defenders in the constantly evolving cybersecurity landscape.
- AI-driven tools in ethical hacking automate manual tasks, enhancing efficiency and accuracy in vulnerability assessments.
- Automated Vulnerability Scanners powered by AI identify complex vulnerabilities using machine learning algorithms.
- AI excels in Intelligent OSINT Gathering, efficiently processing public data to pinpoint attack vectors.
- AI-Enhanced Penetration Testing Platforms simulate sophisticated attack scenarios for comprehensive testing.
- AI models revolutionize Threat Hunting by analyzing network traffic and detecting anomalies in real-time.
- The core advantage of AI in ethical hacking lies in processing massive datasets for precise vulnerability identification.
- AI frees up ethical hackers from mundane tasks, allowing them to focus on strategic challenges.
- Ethical hackers will work in a symbiotic relationship with AI, combining human expertise with machine intelligence.
- While AI benefits defenders, ethical hackers must also understand AI's offensive capabilities to strengthen security defenses.
Read Full Article
16 Likes
Tech Radar
4w
382
Image Credit: Tech Radar
Holidaymakers under threat from devious new cyber threat - here's how to stay safe
- Hackers are targeting holidaymakers with remote access trojans through fake Booking.com websites.
- The fake sites mimic Booking.com but have blurred content and a deceptive cookie banner.
- Clicking 'Accept cookies' triggers a download of a malicious JavaScript file installing a RAT called XWorm.
- XWorm allows attackers to control compromised devices, access files, webcams, microphones, disable security tools, deploy malware, and steal data.
- The campaign was first spotted in peak summer booking period Q1 2025, exploiting users' 'click fatigue' during rush times.
- Users are advised to slow down when browsing, avoid clicking on links in emails or social media, and type website addresses manually.
Read Full Article
23 Likes
Wired
4w
75
Image Credit: Wired
Social Media Is Now a DIY Alert System for ICE Raids
- Around 300 migrants have been detained in California in recent ICE raids, following an administration order.
- Concerns over due process violations and lack of access to legal representation for those targeted by ICE have been raised.
- Social media platforms are being used by migrant-rights organizations to alert about ICE activities and provide support.
- Various groups and pages on digital platforms disseminate real-time alerts about ICE checkpoints, patrols, and raids.
- Users can report immigration agents' presence and receive legal guidance anonymously through these platforms.
- Organizations like Chirla, Stop ICE Raids Alert Network, and others actively engage in alerting and offering assistance to those affected by ICE operations.
- Citizen-developed applications like SignalSafe provide real-time alerts on ICE activity and help migrants avoid potential checkpoints.
- The use of social networks among migrants has become instrumental in resisting immigration policies and providing vital resources.
- By 2023, a significant percentage of migrants had access to smartphones and social networks, emphasizing their importance in facilitating communication and support.
- These digital spaces have transformed into key tools for the resistance movement against harsh immigration policies.
Read Full Article
4 Likes
TechCrunch
4w
240
Image Credit: TechCrunch
Apple fixes new iPhone zero-day bug used in Paragon spyware hacks
- Apple has fixed a zero-day bug that was used by the Paragon spyware to hack iPhones of two European journalists.
- The Citizen Lab report mentioned that the flaw was mitigated in iOS 18.3.1 that was released on February 10.
- The security update initially only addressed an unrelated flaw, but was later updated to include details about a logic issue in processing media via an iCloud Link.
- The flaw was exploited in an attack against specific individuals, including Italian journalist Ciro Pellegrino and another European journalist.
- Apple did not disclose the existence of this patched flaw until four months after the iOS update release.
- The Paragon spyware scandal started in January with WhatsApp notifying users of being targeted with Graphite spyware.
- Several iPhone users later received notifications from Apple about being targets of mercenary spyware.
- The Citizen Lab's findings confirmed that two journalists targeted with Apple's notification were hacked with Paragon spyware.
- It's uncertain if all Apple users who received the notification were targeted with Graphite.
- Apple did not provide a comment on the reason for the delayed disclosure of the patched flaw.
- The report mentions users in 100 countries received notifications about being affected by the spyware campaign.
Read Full Article
14 Likes
For uninterrupted reading, download the app