Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Mcafee

204

Image Credit: Mcafee

Your Social Security Number Could be for Sale: AT&T Data Breach Exposes 44M SSN Numbers

AT&T data breach exposes 44 million SSN numbers for sale on underground hacking forums.
Included data: full names, birthdates, phone numbers, email addresses, physical addresses, and decrypted SSNs.
Actions to take: check credit reports, change AT&T password, set up fraud alerts, monitor for identity theft, and protect digital life.
Previous breaches by AT&T and compromised data covering May 1, 2022, to October 31, 2022.
Hackers gained access through a third-party cloud platform account.
Exposure of call and text records, but not personal details like SSNs or dates of birth.
AT&T claims data isn't publicly available, has secured access point, and collaborating with law enforcement.
Following a previous leak affecting over 70 million AT&T customers.
Steps taken by AT&T post-breach to notify affected customers and offer protection resources.
Guidelines for protecting oneself include setting up fraud alerts, monitoring accounts, changing passwords, and enabling two-factor authentication.
Importance of staying informed and proactive to safeguard personal information in the digital age.

Read Full Article

12 Likes

Lastwatchdog

169

RSAC Fireside Chat: Operationalizing diverse security to assure customers, partners–and insurers

Endpoint security, cyber insurance, and monoculture risk are converging, reshaping security programs.
Endpoint security has evolved into real-time telemetry for operational resilience, not just threat detection.
Security leaders now prioritize visibility, context, and integration with insurance expectations in procurement.
Ransomware incidents require defensible proof of tool effectiveness during critical moments.
AI is now a boardroom topic, with emphasis on operationalizing it effectively in security.
Endpoint security is central to insurance negotiations, due diligence, and trust-building in deals.
Concerns over monoculture risk in homogenous infrastructure creating shared blind spots are raised.
Insurers seek proof that security tools are actively working, shifting insurability currency to live telemetry.
Showing the effectiveness of security stacks during system disruptions is crucial.
Endpoint security needs to demonstrate functionality beyond detection and complimenting existing tools.

Read Full Article

10 Likes

VentureBeat

Image Credit: VentureBeat

‘Generative AI helps us bend time’: CrowdStrike, Nvidia embed real-time LLM defense, changing how enterprises secure AI

Generative AI adoption has surged by 187% while security investments focused on AI risks grew by 43%, creating a preparedness gap.
More than 70% of enterprises had at least one AI-related breach last year, with generative models as primary targets.
State-sponsored attacks on AI infrastructure increased 218% as per CrowdStrike's Global Threat Report.
CrowdStrike embeds Falcon Cloud Security within NVIDIA's Universal LLM NIM for real-time defense.
Security challenges arise from deploying AI models at scale, requiring a shift in traditional tactics.
The solution integrates security into NVIDIA's AI framework to secure LLM deployments.
CrowdStrike leverages telemetry-driven security and threat intelligence for rapid threat detection and neutralization.
Falcon scans containerized AI models for vulnerabilities, ensuring runtime protection.
Embedding security in the AI lifecycle helps tackle prompt injection, model tampering, and data exfiltration threats.
CrowdStrike and NVIDIA's integration automates compliance with emerging regulations, enhancing model safety and auditability.

Read Full Article

2 Likes

The Verge

Image Credit: The Verge

How to secure your phone before attending a protest

Protests against systemic racism and police brutality have led to nationwide demonstrations.
The recent actions of ICE in Los Angeles have sparked huge protests across the country.
Amid escalating tensions, the Trump administration has deployed national guard and military forces.
Protest participants may face arrest or detention, leading to potential confiscation of phones.
Securing your phone's data has become crucial in case of confrontation or arrest.
Here are some tips to help secure your data when carrying a phone.
Awareness is key when attending protests to protect your personal data.

Read Full Article

5 Likes

Discover more

Tech Radar

Image Credit: Tech Radar

Hackers are now pretending to be jobseekers to spread malware

Hackers are using fake jobseeker personas to spread malware targeting recruiters and HR managers.
DomainTools identified FIN6 creating fake LinkedIn profiles and resume websites anonymously hosted on AWS.
The hackers build rapport with targets before sharing resume websites that filter visitors based on OS and connection type.
Recruiters served a .ZIP archive, thinking it contains a resume, but it actually drops the 'More Eggs' backdoor.
The 'More Eggs' malware can execute commands, steal credentials, deliver payloads, and use social engineering.
AWS acknowledges the findings and stresses that such campaigns violate its terms of service.

Read Full Article

Siliconangle

Image Credit: Siliconangle

AI-native data security firm Cyera raises $540M at $6B valuation

Cyera Ltd. raises $540 million in late-stage funding, doubling valuation to $6 billion with Series E round led by Georgian, Greenoaks, and Lightspeed Venture Partners.
The company offers an AI-driven platform for data security, focusing on discovering, classifying, and protecting sensitive data within organizations' systems to address risks in the 'AI era.'
Cyera's solution includes continuous monitoring of data assets, proactive remediation, compliance maintenance, and risk reduction to prevent data breaches and unauthorized data transfers.
The company's growth includes a 353% year-over-year increase among Fortune 500 customers, expanding operations to over 10 countries, and growing to over 800 employees worldwide.
Cyera's acquisition of Israeli data loss prevention company Trail Security Ltd. for $162 million led to the launch of the Omni DLP product for comprehensive data loss protection.
The global data protection market is projected to grow significantly, with North America dominating and the industry valuation expected to increase from $172 billion in 2025 to $505 billion in 2032.
Cyberattacks and data breaches are on the rise, with IBM reporting the average cost of a data breach globally at around $4.88 million in 2024.
Investors see Cyera's focus on data security as crucial for AI adoption, with plans to use the latest funding to grow in strategic markets, develop product offerings, and enhance security capabilities through acquisitions and talent hiring.

Read Full Article

Pymnts

410

Image Credit: Pymnts

Worldpay and Visa Team to Help Merchants Combat Fraud

Worldpay is expanding its partnership with Visa to enhance the 3D Secure solution, aimed at helping merchants combat fraud and improve authorizations.
The partnership focuses on reducing fraud, minimizing consumer friction, and increasing authorization rates to enhance overall security and customer experience.
Merchants need to balance security, authentication, authorization, fraud detection, and user experience to effectively combat fraud.
False positive declines and checkout process complexity can challenge fraud mitigation strategies, affecting customer satisfaction and revenue.
Over half of U.S. shoppers abandon transactions if they experience difficulties, highlighting the importance of seamless payments.
Research shows that a considerable number of consumers face false payment declines, impacting customer trust and satisfaction.
Open payments platforms aim to improve authorization rates by optimizing transaction processes and connections to mitigate false declines.
A recent study with Worldpay emphasizes the significance of convenience, payment choice, and speed in driving customer satisfaction and loyalty.
Consumers prioritize convenient, secure, and familiar payment methods, influencing their spending decisions and brand loyalty.

Read Full Article

24 Likes

The Register

205

Image Credit: The Register

Analysis to action: Operationalizing your threat intelligence

Security teams often struggle to quickly translate high-quality threat intelligence into actionable defense strategies, leaving organizations exposed to new threats.
Threat intelligence loses value over time as threat actors adapt, highlighting the importance of rapid implementation.
Understanding how security tools and configurations align with frameworks like MITRE ATT&CK can help identify gaps and optimize defenses.
Manual mapping of tools to threat intelligence remains a challenge for most security teams, given the complexity of multiple tools and settings.
Automating the mapping process can significantly reduce the time between threat intelligence receipt and mitigation action.
Continuous exposure management through automated mapping enhances operational efficiency and strengthens overall security posture.
Mapping existing tools and policies to frameworks like MITRE enables organizations to proactively validate and optimize defenses in real time.
By bridging the gap between threat analysis and implementation, organizations can stay ahead of evolving cybersecurity threats.
Improved response time and utilization of existing tools are key benefits of efficiently operationalizing threat intelligence.
The article emphasizes automating the mapping process to enable organizations to continuously improve their security posture.

Read Full Article

12 Likes

Secureerpinc

262

Image Credit: Secureerpinc

Ransomware Gangs Exploit Kickidler in New Attacks

Ransomware gangs are exploiting Kickidler in new attacks against businesses.
Hackers are using Kickidler's features such as screen monitoring and keystroke logging against victims.
The attacks involve spreading malware, stealing login information, and utilizing the Smokedham backdoor for secret system access.
Antivirus software often fails to detect these attacks as legitimate software is being misused.
Businesses using Kickidler should audit software installations, watch for unusual behavior, and use endpoint detection tools.
Securing admin and cloud credentials, training employees, and staying vigilant are crucial steps to protect against such attacks.
The misuse of monitoring tools like Kickidler underscores the importance of cybersecurity measures and employee awareness.

Read Full Article

15 Likes

Medium

294

Image Credit: Medium

The Sky Race

The article discusses the advancement and challenges of drone delivery services by companies like Amazon and Walmart.
Key challenges include public trust issues, economic viability, noise, weather sensitivity, and payload capacity limitations.
Amazon's Prime Air program aims for 500 million drone deliveries annually, integrating drones into existing networks for cost-effectiveness.
Walmart's collaboration with Google's Wing extends drone delivery to major U.S. cities, leveraging their vast infrastructure.
Public concerns include privacy, noise disturbances, safety, and potential malfunctions or package drops by drones.
Drones excel in time-sensitive rural deliveries or light packages but face challenges in urban areas due to airspace congestion and return trips.
The business case for drones varies in cost efficiency based on delivery speed and volume, with concerns about the exclusion of larger items in current drone capacities.
Regulatory initiatives like the FAA's BEYOND program aim to facilitate commercial drone operations and manage airspace for drone traffic.
The article also delves into the societal implications of increased drone surveillance, discussing privacy concerns, government control over airspaces, and the balance between protection and intrusion.
It raises questions about the erosion of privacy rights under increasing drone surveillance and the potential risks of unchecked drone deployment for law enforcement and public trust.
The narrative shifts to a dystopian view of drone surveillance akin to Orwell's '1984', reflecting on the fine line between progress and ethics as drones reshape the modern landscape.

Read Full Article

17 Likes

TechBullion

258

Image Credit: TechBullion

Risk Management Strategies Every Tech Business Should Know

Tech firms often overlook risk management in favor of product development and market expansion.
Effective risk reduction ensures survival while innovation drives growth.
Strategies discussed in this article include cybersecurity, legal protections, insurance insights, and operational foresight.
Key strategies for tech businesses include implementing multi-layered security measures, encrypting sensitive data, and considering cyber liability insurance.
Building a culture of security from the start is essential for startups to mitigate risks.
Legal compliance is crucial, especially concerning user data and intellectual property. Understanding regulations like GDPR and HIPAA is vital.
Vetting vendors, securing service level agreements, and considering business auto insurance for vehicle-related risks are recommended.
Understanding the difference between liability and full coverage insurance is important to protect assets and avoid disruptions.
Diversifying revenue, maintaining an emergency fund, and regularly reviewing financial forecasts can help mitigate cash flow fluctuations for scaling tech businesses.
Investing in hiring pipelines, defining roles clearly, and implementing retention strategies aligned with company values can prevent team-related challenges during rapid growth.
Successful scaling businesses strike a balance between risky decisions and safety precautions, revising recruiting practices, evaluating insurance coverage, and encrypting user data.
Regularly reviewing risk exposure is crucial for long-term success in the technology industry.

Read Full Article

15 Likes

TechCrunch

Image Credit: TechCrunch

23andMe says 15% of customers asked to delete their genetic data since bankruptcy

23andMe's interim CEO stated that 15% of its customers, around 1.9 million people, requested deletion of their genetic data following the company's bankruptcy protection filing in March.
During a House Oversight Committee hearing, concerns were raised about the sale of 23andMe after bankruptcy, with fears of customers' data falling into wrong hands.
Regeneron, a pharmaceutical giant, won the bankruptcy auction for 23andMe with a bid of $256 million, pledging to maintain privacy practices and utilize the genetic data for drug discovery.
A federal court is set to review Regeneron's bid for 23andMe in June.
23andMe's bankruptcy follows a data breach affecting 6.9 million customers due to lack of multi-factor authentication, with blame initially placed on customers.
Several states, including Florida, New York, and Pennsylvania, have sued 23andMe over concerns about the sale of customers' private data without explicit consent.
Customers seeking to delete their 23andMe data can refer to a guide available on TechCrunch.

Read Full Article

Tech Radar

138

Image Credit: Tech Radar

Texas government reports 300,000 plus crash records stolen in cyberattack

The Texas Department of Transportation (TxDOT) confirmed a cyberattack that resulted in the loss of over 300,000 crash records.
A threat actor gained access to the system using compromised credentials, exposing names, addresses, and personally identifiable information (PII).
The attacker downloaded nearly 300,000 crash reports from the Crash Records Information System (CRIS).
Sensitive data stolen includes full names, addresses, driver’s license numbers, license plate numbers, and car insurance policy numbers.
TxDOT disabled access from the compromised account, notified affected individuals, and warned about potential phishing attacks themed around car crashes.
The agency is implementing additional security measures for accounts to prevent similar incidents in the future.
Government agencies are often targeted due to the sensitive citizen information they hold.

Read Full Article

8 Likes

Pymnts

196

Image Credit: Pymnts

Velera Debuts Real-Time Account Validation for Credit Unions

Velera has introduced a new real-time account validation feature for credit unions, allowing them to process payments via the ACH network instantly.
The tool helps credit unions verify account status and ownership, reducing fraud risks and enhancing digital experiences for members.
It eliminates the standard five-day waiting period typically required for new or updated accounts.
The tool incorporates predictive attributes, artificial intelligence, machine learning, and third-party data sources to enhance fraud prevention measures.
It adds a layer of security to account validation to identify fraudulent accounts and reduce payment failures and ACH returns.
The tool maintains user privacy through a non-credentialed verification process.
This development aligns with credit unions adapting to meet the digital expectations of their members.
Velera's collaboration with PYMNTS assesses credit unions' readiness in providing modern financial services.
The "2025 Credit Union Innovation Readiness Index" emphasizes the importance of digital modernization for credit unions to stay competitive.
Failure to adapt to digital services could threaten credit unions' relevance against traditional lenders.
Top-performing credit unions have significantly increased their consumer innovation readiness in the past two years.
These credit unions are now 49% closer to offering the full range of financial products desired by their members.
The report emphasizes the importance for credit unions to evolve digitally to maintain market share in comparison to regional and national lenders.
Velera's new account validation tool addresses the growing need for credit unions to enhance security and efficiency in their operations.
The tool's real-time capabilities can help credit unions adapt to the digital landscape and meet the evolving needs of their members.
The partnership between Velera and PYMNTS highlights the ongoing efforts to analyze and improve credit unions' innovation readiness.

Read Full Article

11 Likes

VentureBeat

160

Image Credit: VentureBeat

Outset raises $17M to replace human interviewers with AI agents for enterprise research

Outset, a San Francisco startup, raised $17 million in Series A funding to accelerate adoption of its AI-moderated research platform among enterprises.
The platform conducts video interviews with research participants using AI moderators and has major customers like Nestlé and Microsoft.
Outset's technology is positioned as faster, more cost-effective, and providing broader reach than traditional market research methods.
AI moderators prompt and interact with participants through voice, text, images, and videos, synthesizing results for instant reporting and analytics.
The company competes with traditional research incumbents and other AI startups, offering a comprehensive enterprise platform with security features and customization.
Outset's AI excels in concept testing, usability research, market strategy studies, and longitudinal research, but not in scenarios requiring deep personal connections or complete improvisation.
The funding will be used to expand the go-to-market team and develop more advanced AI agents to enhance customer understanding.
Outset aims to become the world's first end-to-end, AI-native enterprise research platform and achieve over 5x revenue growth within 12 months.
The success of AI-moderated research at Outset may disrupt traditional market research methods, offering faster, scalable, and cost-effective alternatives.
AI's potential to enhance customer insights and behaviors, coupled with Outset's enterprise focus and security features, positions the company as a leading option in AI-moderated research.
The emergence of AI interviewers challenging traditional human-led research methods indicates a shift towards automated solutions for customer understanding and data collection.

Read Full Article

9 Likes

For uninterrupted reading, download the app