Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Siliconangle

375

Image Credit: Siliconangle

Trulioo upgrades document verification with faster processing and improved accuracy

Trulioo Inc. has announced upgrades to its Identity Document Verification service, integrating artificial intelligence and machine learning models.
The advancements aim to tackle the growing issue of advanced fraud techniques like deepfakes and ID alterations, which now make up 16% of all attacks.
The upgrades result in a 60% reduction in document processing times, enabling faster identity verification and a smoother user experience.
Other improvements include advanced face-matching capabilities, intelligent document and liveness authentication, and enhanced fraud detection tools.

Read Full Article

22 Likes

VentureBeat

211

Security teams can respond 80% faster to events with Cyberhaven’s AI-powered data lineage tools

The unauthorized use of AI, known as shadow AI, is on the rise, with up to 96% of AI interactions by employees occurring through non-corporate accounts.
Cyberhaven addresses this issue by utilizing large lineage models (LLiMs) and introducing Linea AI to curb shadow AI and predict high-risk incidents.
By analyzing the workflows of 3 million workers, Cyberhaven observed a 485% growth in AI usage along with a significant sharing of sensitive data outside corporate accounts.
Linea AI leverages LLiMs trained on real enterprise data flows, incorporating computer vision and multi-modal AI to analyze various data formats and assess policy violations.
Cyberhaven's approach has led to a substantial reduction in manual incident reviews, an 80% decrease in mean time to respond to security incidents, and the discovery of critical risks overlooked by traditional tools.
The platform offers intelligent screenshot analysis and content inspection, providing context around data based on lineage traces to enhance data security.
Cyberhaven's Let Linea Decide feature autonomously assesses incident severity to help security teams prioritize alerts and understand anomalous events more efficiently.
By predicting user actions based on historical data, Cyberhaven's platform enhances data comprehension, aiding in the detection of insider risks and potentially malicious activities.
Users have reported significant reductions in mean time to respond to security incidents and improved incident detection with Cyberhaven's Linea AI, showcasing the platform's effectiveness in enhancing data security.
The platform's ability to prevent data exfiltration to unauthorized accounts and provide real-time alerts and education to users demonstrates its proactive approach to data protection.
Customers like DailyPay have experienced notable improvements in incident response times and risk identification due to Cyberhaven's innovative data lineage strategy and AI-powered solutions.

Read Full Article

12 Likes

Damienbod

432

Image Credit: Damienbod

ASP.NET Core delegated Microsoft OBO access token management (Entra only)

This blog focuses on implementing a delegated Microsoft On-Behalf-Of flow in ASP.NET Core for access token management.
The solution uses Microsoft.Identity.Web to facilitate different flows and is straightforward to implement.
It allows requesting delegated access tokens for a user and another application, enabling secure access to protected resources.
Key components include secure token storage, robust handling of token expiration, and support for multi-instance deployments.
The article details setting up a web UI application, an API, and another API implementing the On-Behalf-Of flow.
Token management involves persistence, expiry, safe storage, and seamless operation post-restarts.
The example code provided demonstrates acquiring and using access tokens for the applications involved.
Different examples of Microsoft On-Behalf-Of flow integration with other services are also discussed in the article.
Microsoft's recommended practices for secure, delegated token exchange using the On-Behalf-Of flow are highlighted.
The article delves into various standards related to OAuth 2.0, JWT, and Microsoft identity platform for secure access.

Read Full Article

26 Likes

Siliconangle

Image Credit: Siliconangle

Malicious AI tool mentions surge 200% across dark web channels in 2024

A report by KELA Research and Strategy Ltd. reveals a 200% increase in mentions of malicious AI tools on cybercrime forums in 2024.
The report also highlights a 52% rise in AI jailbreak discussions and the distribution of 'dark AI tools' used for phishing, malware development, and financial fraud.
AI-powered cyber threats are accelerating phishing campaigns, malware development, and deceptive social engineering.
KELA recommends implementing AI-driven security measures and employee training to combat the growing AI-powered cybercrime threat.

Read Full Article

5 Likes

Discover more

Siliconangle

326

Image Credit: Siliconangle

New Chainguard VMs aim to reduce engineering overhead in container host environments

Chainguard Inc. has announced Chainguard VMs, a new product line providing minimal virtual machine images built from source and with no Common Vulnerabilities and Exposures (CVE).
Chainguard VMs are purpose-built for modern, ephemeral workloads in the cloud and offer a cloud-agnostic, threat-resistant environment for deploying and running containers.
By using Chainguard VMs, enterprises can reduce engineering overhead associated with container host maintenance and establish a secure foundation for faster development.
Chainguard VMs are now available to Chainguard customers in early access.

Read Full Article

19 Likes

Siliconangle

216

Image Credit: Siliconangle

Chainguard introduces libraries for secure language dependency management

Secure software supply chain solution provider Chainguard Inc. has launched Chainguard Libraries, a product line that offers secure language libraries built directly from source in supply-chain levels.
Chainguard Libraries provides a standardized endpoint for developers to consume language dependencies safely and securely, eliminating the risk of malware and other supply chain security threats.
The public registries such as PyPI, Maven, and NPM, which lack proper vetting and digital attestations, are vulnerable to attackers injecting malware into software packages.
Chainguard is expanding its offering beyond containerized application deployments to deliver safe open source across various compute modalities and the software development lifecycle.

Read Full Article

13 Likes

Siliconangle

176

Image Credit: Siliconangle

Charm Security launches with $8M in funding to tackle AI-driven fraud

Scam prevention platform startup Charm Security Ltd. has raised $8 million in funding to accelerate product development and expand market reach.
Charm Security aims to mitigate scam risks by assessing human vulnerability exposure, analyzing customer risk patterns, and delivering tailored mitigation strategies based on psychological insights, data analysis, and artificial intelligence.
The company adopts a proactive approach to fraud prevention, combining psychological insights, data analysis, and AI to defend against scams before they occur.
Charm Security's platform provides real-time security insights, personalized recommendations, and verification tools to protect customers and frontline staff during high-risk transactions, reducing scam-related losses and operational costs.

Read Full Article

10 Likes

Alleywatch

101

Charm Security Raises $8M to Transform Fraud Prevention with Psychological Insights and AI

Charm Security raises $8M in seed funding to tackle fraud prevention by focusing on human vulnerabilities and psychological patterns.
The company analyzes scams, identifies psychological patterns, and uses real-time AI interventions to disrupt fraudulent activities before financial harm occurs.
Charm Security offers an AI-powered customer security platform to prevent scams, social engineering, and human-centric fraud for financial institutions and digital platforms.
The company targets financial institutions, banks, and digital platforms in a market that faces global losses exceeding $1.03 trillion to scams.
Charm Security operates as a B2B and B2B2C business, providing AI-powered solutions to protect organizations and their customers from fraud.
The company prepares for potential economic slowdowns by addressing increased fraud and scam activities during downturns.
Charm's funding was led by Team8's Venture Creation Fund, leveraging a structured process to streamline fundraising and align interests.
Charm Security plans to achieve milestones like expanding the team, enhancing scam prevention models, and forging strategic partnerships in the next six months.
Companies without fresh capital are advised to focus on market validation and efficient resource management to attract funding, even in challenging times.
Charm Security aims to impact organizations globally by scaling its platform, building partnerships, and reducing fraud losses while enhancing customer security.

Read Full Article

6 Likes

Medium

415

Image Credit: Medium

Directional Privacy

Directional privacy is a concept focused on empowering individuals to restrict their data exposure based on their preferences and trust levels.
It challenges traditional data privacy norms by allowing selective information flow and blocking data access in certain directions.
The framework of directional privacy is particularly crucial for safeguarding sensitive personal data like health or financial information.
It enables individuals to control who can access their data, ensuring it is only shared with trusted entities.
The concept resonates in today's digital landscape, offering users control over data sharing and privacy settings.
Directional privacy is vital in scenarios like IoT, where unauthorized access can compromise privacy.
Implementing directional privacy protocols enhances data security by minimizing unnecessary data exposure.
By restricting data flow to specific directions, directional privacy reduces vulnerabilities and strengthens data governance.
The future of privacy lies in personalized settings, with directional privacy playing a pivotal role in data management.
As technology advances, adopting directional privacy becomes crucial to protect digital identities and ensure data security.

Read Full Article

24 Likes

The Fintech Times

353

Intergiro Teams up With Movitz to Develop New Payment Verification Solutions to Combat Fraud

Intergiro and Movitz have partnered to develop advanced payment verification solutions to combat financial fraud.
Fraudulent transactions in Europe reached €4.3 billion in 2022 and €2 billion in the first half of 2023.
Intergiro plans to integrate the account verification tools within its digital banking product portfolio.
The solutions aim to offer real-time payment verification, reduce fraud risk, and provide customers with secure and immediate transactions.

Read Full Article

21 Likes

Hackernoon

176

Image Credit: Hackernoon

The High Stakes of Big Game Hunting in Cybersecurity

Cybercriminals are targeting larger organizations for higher ransom payouts, with demands exceeding $1 million and doubling between quarters of 2022.
Enterprises must enhance their defenses due to increased targeting of bigger firms relying on remote work, digitalized operations, and cloud services.
To safeguard against cybersecurity threats, organizations can implement measures like employee training, data backups, software updates, and network segmentation.
Employee training is crucial for raising awareness about ransomware risks and proper response frameworks.
Backing up critical data using the 3-2-1 methodology helps protect against attacks, with offline storage and cloud options being recommended.
Regular software updates and strong password practices are essential to prevent ransomware attacks, with up to 21% of attacks due to weak passwords.
Installing reputable firewalls, antivirus software, segmenting networks, and updating email protections are vital ransomware defense strategies.
Application whitelisting, end-user device protections, and intrusion testing also play key roles in mitigating ransomware threats.
Regular penetration testing and staying informed about evolving cybersecurity threats are essential to protect organizations from ransomware attacks.
The rise of 'big fish hunting' in cybercrime emphasizes the importance of proactive cybersecurity measures for medium and large organizations.

Read Full Article

10 Likes

Tech Radar

154

Image Credit: Tech Radar

Interpol operation arrests 300 suspects linked to African cybercrime rings

Interpol and seven African law enforcement agencies have arrested over 300 people and seized nearly 2,000 electronic devices in a major crackdown on cybercrime.
The operation, known as Operation Red Card, aimed to disrupt and dismantle cross-border criminal networks involved in mobile banking scams, investment fraud, online casino scams, and more.
Over $305,000 was stolen through social engineering scams in Rwanda, and approximately $100,000 was recovered.
The operation led to the seizure of 26 vehicles, 16 houses, 39 plots of land, and 685 devices, suggesting potential links to money laundering.

Read Full Article

9 Likes

Banking Frontiers

304

Protectors and their Practices

Mobile banking has led to an increase in phishing, SIM swapping, and mobile malware attacks, emphasizing the need for robust security measures.
Various cyber fraud tactics include phishing, smishing, credential stuffing, SIM swapping, malware attacks, fake banking apps, QR code scams, and more.
Detecting cyber fraud involves analyzing data points like user behavior, transaction patterns, IP addresses, device information, and log locations.
Real-time link analysis, geospatial data, and behavioral biometrics play vital roles in cyber fraud detection.
Financial organizations protect WFH employees from phishing, social engineering, and malware attacks through multi-factor authentication, VPNs, and training.
Endpoint security, multi-factor authentication, secure VPNs, and Zero Trust Security models are crucial for safeguarding remote work environments.
To combat evolving cyber threats, organizations must update protection systems regularly, conduct vulnerability assessments, and adopt new technologies.
Using AI, machine learning, and a multi-layered security approach is essential to stay ahead of emerging patterns of phishing and malware.
Cyber threats are becoming more complex, requiring agile, proactive strategies, frequent updates, and modern defense systems.
Adopting a Zero Trust Model, employing EDR, web filters, and DLP systems, and maintaining constant vigilance are key in today's cybersecurity landscape.

Read Full Article

18 Likes

Mcafee

881

Image Credit: Mcafee

New Android Malware Sneaks Past Security by Pretending to Be Real Apps

A new Android malware is pretending to be real apps to sneak past security measures.
The malware utilizes the .NET MAUI development toolkit to create fake apps that resemble banking apps, dating apps, and social media platforms.
These fake apps trick users by appearing legitimate, while secretly stealing personal information.
To protect yourself, it is recommended to only download apps from official app stores, avoid clicking on links from untrusted sources, install security software, and keep apps and software updated.

Read Full Article

5 Likes

Tech Radar

Image Credit: Tech Radar

Critical security flaw in Next.js could spell big trouble for JavaScript users

Researchers have discovered a critical vulnerability in the Next.js web development framework.
The flaw allows threat actors to bypass authorization checks in older versions of Next.js.
A patch and a temporary workaround are available, urging users to update their versions.
The vulnerability has existed in Next.js for several years and is widely used across critical sectors.

Read Full Article

1 Like

For uninterrupted reading, download the app