Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

329

Image Credit: Medium

Overcome These GRC Hurdles Today

GRC programs often fail due to implementation issues rather than a bad framework.
Clear accountability is crucial in GRC programs to prevent gaps, weak controls, and failed audits.
Collaboration is essential between risk, IT, legal, and compliance teams in GRC.
Alignment and communication are key to prevent risks from being overlooked.
It's important to prioritize effectively and avoid scope creep in GRC initiatives.
Executive engagement is necessary for the success of GRC programs.
GRC should be integrated into the business rather than treated as a standalone project.
Using spreadsheets for GRC operations can lead to structural issues and potential risks.
GRC should drive decisions and not just be a documentative exercise.
Meaningful metrics and measurement are vital in GRC for actionable insights.
Learning from mistakes and implementing changes is crucial for GRC improvement.

Read Full Article

19 Likes

Dev

276

Image Credit: Dev

New Kafka Connect Vulnerability (CVE-2025-27817) Lets Attackers Read Any File

Apache Kafka Connect has a critical vulnerability (CVE-2025-27817) allowing unauthenticated attackers to remotely read arbitrary files.
The flaw stems from insecure handling of specific configuration parameters in Apache Kafka Connect.
Attackers can exploit this vulnerability by crafting malicious URLs to trigger arbitrary file reads or Server-Side Request Forgery (SSRF).
Potential impacts include unauthorized access to sensitive files, no authentication requirement, and the ability to work under default configurations.
Affected versions range from Apache Kafka 3.1.0 to 3.9.0.
Immediate actions include not exposing Kafka Connect to the internet, checking and restricting specific properties in standalone and distributed modes, and utilizing Web Application Firewalls or firewall rules.
Apache has released version 3.9.1 to address the vulnerability, and users are advised to upgrade promptly.
Various products offer support for detecting and protecting against this exploit, such as YunTu, DongJian, SafeLine, and QuanXi.
The timeline of events includes CVE disclosure on June 10, 2025, followed by references to the Apache Mailing List Disclosure and solutions provided by different entities.
Users are encouraged to join the SafeLine community for further information and updates.

Read Full Article

16 Likes

Hackernoon

142

Image Credit: Hackernoon

Bug Bounty Recon Made Easy with Hakrawler

Hakrawler is a Golang-based crawler tool useful for penetration testing, OSINT, and bug bounty activities.
The tool can be easily installed on Ubuntu ARM64 virtual machines by following simple terminal commands.
After installation, Hakrawler can be included in the PATH for easy access.
Various usage examples of Hakrawler include crawling websites, reading URLs from standard input, and processing URLs from files.
In bug bounty scenarios, Hakrawler can be integrated into recon chains for efficient testing.
There are different options and flags available with Hakrawler for customization like subdomains, depth, HTTP headers, JSON output, and proxy settings.
An issue you might encounter is not receiving URLs due to redirects, which can be resolved by handling subdomains or crawling redirected URLs.
Hakrawler also offers a Docker option for those who prefer using Docker instead of installing Go.
The tool is praised for its speed, ease of use, and effectiveness in bug bounty hunting and pentesting activities.
Hakrawler provides flexibility and control over crawling parameters, making it a valuable asset in recon activities.
The tool is beneficial for quickly identifying endpoints and reconfiguring them during security assessments.
Advice is given to stay safe and curious while using tools like Hakrawler.
A video guide for Hakrawler usage is also provided.
The tool is described as essential for recon tasks and useful for security professionals.
The usage scenarios and examples demonstrate the versatility and practicality of Hakrawler.
Hakrawler is recommended for its convenience and efficiency in reconnaissance tasks.

Read Full Article

8 Likes

Pymnts

240

Image Credit: Pymnts

Small Businesses Skip Digital Wallets for Cross-Border Payments

Digital wallets are reshaping international money movement as global commerce becomes more digitized.
Despite 63% of U.S. consumers using digital wallets for cross-border payments, less than half of U.S. small- to medium-sized businesses (SMBs) do the same.
Reasons for SMB reluctance include the lack of industry standardization, concerns about partner acceptance, security, integration, complexity, and regulatory uncertainty.
Financial service providers have an opportunity to cater to SMBs by offering streamlined onboarding, compliance clarity, and global interoperability.
Adopting digital wallets can benefit SMBs through enhanced security, speed, and the advantage of driving usage standards.
Digital wallets reduce payment processing times, fostering trust and goodwill with international partners.
Contrary to popular belief, digital wallets are increasingly seen as more secure than traditional payment methods.
Traceability, real-time tracking, and multi-layer authentication make digital wallets appealing for risk-conscious SMBs.
SMBs advertising their use of digital wallets signal professionalism and reliability to customers and suppliers.
Global interoperability is improving rapidly, with platforms like TerraPay connecting digital wallets across over 150 countries.
Integrating with digital wallets is a form of futureproofing for SMBs in the evolving landscape of global commerce.

Read Full Article

14 Likes

Discover more

Securityaffairs

338

Image Credit: Securityaffairs

Exposed eyes: 40,000 security cameras vulnerable to remote hacking

Over 40,000 internet-exposed security cameras worldwide are vulnerable to remote hacking, posing serious privacy and security risks.
Bitsight alerts about the vulnerability of security cameras to remote hacking due to unsecured HTTP or RTSP access, enabling live feed streaming that can be easily targeted for spying, cyberattacks, and stalking.
Identification of HTTP-based security cameras is complex due to diverse models; researchers developed a fingerprinting method using favicon hashes, HTTP headers, and HTML titles.
Many HTTP-based cameras allow unauthenticated access to live footage through specific URIs like /out.jpg, which poses a significant privacy risk by bypassing authentication.
RTSP-based cameras lack clear identifiers, making them harder to fingerprint; researchers analyzed RTSP Server headers and common URIs like /live.sdp to capture screenshots.
Bitsight's internet scan revealed over 40,000 exposed cameras, mainly in the U.S., with the Telecommunications sector having the highest exposure due to extensive consumer use.
The risk of privacy breaches and security threats extends to various sectors, including technology, media, utilities, business services, and education, as poorly secured cameras provide access to sensitive areas.
Exposed cameras can capture live footage from homes, offices, retail spaces, factories, and critical areas, enabling spying, robbery planning, and data theft due to insecure setups.
Bitsight warns of cybercriminals searching for exposed cameras on dark web forums and recommends users to update devices, change default passwords, disable unnecessary remote access, secure connections, and monitor unusual logins.
The report underlines the significant exposure of devices in the Telecommunications sector, emphasizing the widespread availability of cameras for personal and professional use.

Read Full Article

20 Likes

Medium

333

Image Credit: Medium

Quantified Entity Evaluation (QEE): A Minimalist Model of Aggregated Realities

Quantified Entity Evaluation (QEE) introduces a minimalist model treating any object, event, or signal as a unit with a numerical value.
The core formula of QEE is R = ∑(vᵢ), for i = 1 to n, where vᵢ is the numerical value of each entity and R is the total systemic result.
An example illustrating QEE involves evaluating a message with four components: data, signal, status, and code, resulting in a total reality score of 33.
The applications of QEE include sensor systems, data fusion, cognitive models, AI weighting, message scoring, and system status estimation.
QEE works because it does not rely on hidden theory, avoids overcomplexity, generates comparable values, and is scalable to various dimensions or elements.
The model focuses on structured numeric weights rather than philosophical or abstract concepts.

Read Full Article

20 Likes

Fintechnews

213

Image Credit: Fintechnews

APAC Fintech Faces 116% Spike in Fraud Linked to Deepfakes, Synthetic IDs

Fraud cases in APAC's fintech and healthtech industries have surged significantly, with a 116% increase in fintech and a steep 723% rise in healthtech fraud cases.
AI-driven tools like deepfakes and synthetic identity documents are being used to bypass digital verification processes, leading to the growing threat.
Deepfake fraud has expanded to cover AI-generated job scams, with Singapore and Hong Kong experiencing substantial surges in deepfake fraud cases.
Synthetic identity document fraud increased by 233% in APAC, surpassing the global rise of 195%, raising concerns in sectors like fintech and healthtech.
Countries like the Philippines, Hong Kong, Thailand, Singapore, and Australia saw significant rises in synthetic identity document fraud.
As fintech and healthtech sectors in APAC expand, projected to reach US$1.15 trillion and nearly US$488.5 billion by 2032 and 2033, respectively, Sumsub warns of escalating fraud risks.
Sumsub's 2024 Identity Fraud Report had already highlighted rising fraud trends in APAC's digital ecosystem.
Penny Chai, Vice President, APAC, Sumsub, emphasized the need for businesses to adopt multi-layered, adaptive defenses to combat AI-powered fraud.
Sumsub will host the What The Fraud Summit in Singapore from 19 to 20 November 2025 to address the rising fraud threats.
The summit aims to bring together industry stakeholders, regulators, and fraud experts to discuss strategies to combat fraud in the region.

Read Full Article

12 Likes

TechJuice

Image Credit: TechJuice

The DeepSeek Scam That’s Spreading Like Wildfire Across the Internet

Security researchers have uncovered a malicious campaign where DeepSeek Malware poses as a DeepL Translator installer to gather sensitive information.
DeepSeek employs evasion tactics like examining virtual environments and using code obfuscation to avoid detection.
The malware adds persistence to the system to operate unnoticed and focuses on stealing credentials and valuable user data.
To safeguard against DeepSeek, users are advised to download software from official sources and avoid suspicious links.
Security teams can utilize behavior-based detection tools and strong endpoint protection to detect the malware.
The discovery of DeepSeek underscores attackers hiding malware within trusted software, emphasizing the need for multilayered security measures.
This disguised malware exemplifies the importance of user awareness and proactive security planning.
The DeepSeek scam highlights the weaponization of user trust by attackers in stealing valuable data.
DeepSeek Malware detection signifies an evolving trend of concealing malware within familiar software packages.
The article discusses the significance of cautious software sourcing and proactive defensive strategies.
The discovery of DeepSeek Malware emphasizes the importance of security awareness and multilayered security measures in combating evolving cyber threats.

Read Full Article

2 Likes

TechBullion

222

Image Credit: TechBullion

Amit Singh Urges Smarter Scam Prevention as Cyber Threats Surge for Australian Businesses

Amit Singh, founder of evince Consulting, is advocating smarter scam prevention for Australian businesses amidst rising cyber threats.
Singh emphasizes the importance of having a structured approach to protecting people and systems from scams, as it is often overlooked.
He highlights the lack of ownership and a shared plan as reasons why businesses fall victim to scams.
Singh introduces the 'Three T’s of Cyber Maturity' framework to enhance scam defenses, focusing on simple, high-impact actions.
The Australian Competition and Consumer Commission (ACCC) reported small businesses losing over $13.7 million to scams in 2023, with expectations of increased losses due to sophisticated attacks.
Singh stresses that cyber education is crucial for all businesses, particularly those lacking dedicated IT teams, as cybersecurity is now considered a leadership issue.
He advocates for accessible cyber education programs for business operators and frontline staff to build confidence and enhance decision-making in cyber-related situations.
Singh warns that scams pose significant risks to smaller organisations, impacting finances and reputation, and underlines the necessity of a clear scam prevention strategy.

Read Full Article

13 Likes

Medium

293

Image Credit: Medium

Your Loyalty Card Might Be Loyal to Hackers (and So Might Your Cat App)

Many shopping apps, loyalty cards, and social media accounts have the potential to expose users to unwanted spam and hacking.
Some apps may request extensive personal information in exchange for rewards, leading to privacy and security concerns.
Incidents of hacking and data breaches involving well-known retail and service companies have been on the rise in recent years.
Consumers face the risk of receiving targeted ads and encountering security threats due to the data shared on these platforms.
Anecdotes of users experiencing unwanted spam and suspicious login attempts highlight the vulnerabilities associated with digital loyalty programs and apps.
Personal data shared on these platforms can be exploited by hackers for malicious purposes, raising concerns about privacy invasion.
The proliferation of data breaches serves as a reminder for users to be cautious about the information they disclose online.
Companies offering loyalty cards and apps should prioritize cybersecurity measures to safeguard customers' personal information.
A lack of transparency regarding data practices and security protocols can leave users unaware of the risks associated with using these platforms.
Maintaining a balance between convenience and privacy protection is crucial for individuals engaging with loyalty programs and shopping apps.
Users are encouraged to review permissions granted to apps, monitor account activities, and implement strong security measures to mitigate potential risks.
Educating consumers about the importance of data security and the potential implications of sharing personal information online is essential in today's digital age.
As cyber threats evolve and become more sophisticated, vigilance and proactive measures are necessary to combat potential privacy breaches.
Consumers should stay informed about cybersecurity best practices and regularly update their digital security knowledge to stay protected online.
While loyalty programs offer benefits, users should exercise caution and be aware of the security implications associated with sharing personal data on these platforms.
Maintaining a healthy skepticism towards requests for personal information and being mindful of cybersecurity risks can help users protect their privacy online.

Read Full Article

17 Likes

Livebitcoinnews

365

Image Credit: Livebitcoinnews

Rare Werewolf Hackers Target Russian Devices for Crypto Theft

Rare Werewolf hackers target Russian devices for cryptojacking and data theft.
The group utilizes advanced phishing techniques, posing as legitimate organizations to infiltrate systems.
Crypto mining by the hackers starts at 1 a.m. and ends at 5 a.m. to remain undetected.
Phishing emails kick off the Rare Werewolf campaign, leveraging Russian language and password-protected archives.
Malware from opened files grants hackers remote access to victims' systems.
XMRig software is deployed for crypto mining while stealing log-ins and operational data.
The hackers evade detection by using legitimate third-party tools and scheduled system operations.
The campaign targets industrial and academic institutions in Russia, Belarus, and Kazakhstan.
Detection is complicated by PowerShell scripts and batch files managing system wake-sleep cycles.
Rare Werewolf attacks suggest vulnerabilities in organizational cybersecurity in Russia and CIS countries.
Organizations are advised to strengthen email security, monitor unauthorized access, and update antivirus software.

Read Full Article

21 Likes

Fintechnews

231

Image Credit: Fintechnews

Meet Grey Nickel, the AI Crime Syndicate Targeting Banks and Crypto Across Asia

Grey Nickel is a cybercriminal group targeting banks and crypto in Asia-Pacific using deepfakes and AI-powered attack tools to exploit weak security systems.
They focus on breaching banks, crypto exchanges, and digital payment platforms with sophisticated and planned operations.
The group's operations are primarily in the Asia-Pacific region, exploiting weaknesses in remote identity verification systems.
Their use of AI for industrial-scale identity fraud poses a significant threat to digital banking security.
Grey Nickel utilizes advanced techniques like face-swap technology, metadata manipulation, and mobile apps for fraudulent activities.
Their synthetic identity fraud termed 'Frankenstein Fraud' combines real and fake information to create hard-to-detect digital personas.
The rise of synthetic identity fraud is challenging financial platforms with outdated security measures, requiring advanced liveness detection technology.
Regulatory gaps in APAC jurisdictions contribute to the challenges in combating cybercrime and protecting financial institutions.
Better biometric technology and continuous monitoring are recommended to combat deepfakes and fraudulent activities in real-time.
Asia-Pacific's digital economy faces a threat from AI-enabled attacks, emphasizing the need for enhanced fraud prevention measures.

Read Full Article

13 Likes

Dev

360

Image Credit: Dev

Testing OTP codes in Selenium with dummy authenticators

Developers often use services like Auth0, Firebase, and Azure AD/Entra for building user login flows with MFA and 2FA using verification codes and TOTP.
The article discusses testing OTP codes in Selenium with dummy authenticators for secure applications.
Demonstrates testing a MFA authentication flow using Auth0 integration and TOTP to sign-up and verify user accounts.
Uses MailSlurp for disposable email accounts and virtual MFA authenticators in testing.
Guides on testing OTP in Selenium by setting up MailSlurp, creating email accounts, filling sign-up forms, and extracting OTPAuth URLs.
Describes creating a virtual TOTP device with MailSlurp to generate valid confirmation codes for account verification.
Shows how to generate a time-based one-time password and submit it to complete the sign-up process with Auth0.
The process includes validating the account, testing log out/login functionality, and asserting the successful MFA connection.
Demonstrates testing a multifactor authentication user flow using Selenium and MailSlurp's free test TOTP API.
Using dummy authenticator devices helps verify security compliance and app functionality in QA and automation environments.

Read Full Article

21 Likes

Siliconangle

Image Credit: Siliconangle

Securonix acquires threat intelligence startup ThreatQuotient

Securonix Inc. has acquired cybersecurity startup ThreatQuotient Inc. to enhance breach prevention capabilities.
The terms of the deal were not disclosed.
Securonix, based in Addison, Texas and backed by over $1 billion in funding, focuses on AI-powered cybersecurity products.
Securonix's EON product uses AI agents to detect and respond to malicious activity in corporate networks.
Securonix also offers a SIEM platform to analyze cybersecurity logs from various sources and store data for up to a year.
ThreatQuotient, founded in 2013, specializes in threat intelligence analysis for enterprises.
ThreatQuotient's platform consolidates data from multiple sources to provide comprehensive information on hacker activity.
The company's software automates tasks like prioritizing threat intelligence based on relevance and urgency.
Securonix plans to use ThreatQuotient's technology to improve cybersecurity alerts and reduce false positives by up to 90%.
Securonix intends to offer ThreatQuotient as a standalone product and as part of a broader cybersecurity toolkit.

Read Full Article

2 Likes

Pymnts

391

Image Credit: Pymnts

GrailPay Raises $6.7 Million to Expand Risk Layer for Bank Payments

GrailPay raised $6.7 million to expand its risk and data platform for bank payments aimed at making ACH payments safer, smarter, and faster.
The funding will be used to grow product and engineering teams, expand go-to-market efforts, and enhance the platform's capabilities.
GrailPay plans to provide fraud tools, risk engines, and analytics for bank payments similar to those developed for credit cards over the years.
The company's tools are utilized by over 10,000 businesses, including payment platforms, lenders, FinTechs, and software vendors.
Businesses leverage GrailPay's tools for predictive analytics and real-time signals to optimize account enrollment, transaction monitoring, and merchant underwriting.
Construct Capital led the funding round, recognizing GrailPay's creation of an intelligent risk layer tailored for bank payments, essential for modern payment companies.
Pay by bank is gaining popularity, with 91% of companies interested in adopting it due to benefits like lower cart abandonment rates, enhanced data security, and consumer ease of use.
GrailPay initially built a bank payment processing platform focusing on ACH before developing a trust layer for bank payments, leveraging their data asset from processing transactions.

Read Full Article

23 Likes

For uninterrupted reading, download the app