Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Medium

363

Image Credit: Medium

Hotels are Always Watching

Hotels, similar to airports and banks, extensively use surveillance cameras in their public areas like lobbies, entrances, and elevators.
Guests often overlook the extent of surveillance in hotels, from the front desk to public spaces, raising questions about privacy boundaries.
Security cameras are commonly found in all public areas, leading to concerns about the extent of monitoring guests are subject to.
Understanding the prevalence of surveillance in hotels sheds light on the balance between security measures and guests' privacy.

Read Full Article

21 Likes

Securelist

Image Credit: Securelist

Using a Mythic agent to optimize penetration testing

Researchers are using post-exploitation frameworks like Mythic to enhance penetration testing practices to stay ahead of threat actors.
A proactive approach in learning new technologies and techniques employed by threat actors is crucial for security professionals.
Kaspersky emphasizes detecting tools and techniques used by threat actors in real-world attacks for enhanced security.
Behavioral analysis, exploit prevention, and fileless threats protection are integral in countering sophisticated attacks.
Layered security solutions like EDR, NDR, and XDR are essential for quick detection and response to potential threats.
Pentesters face challenges due to the detectability of popular tools by security solutions.
Open-source pentesting frameworks like Sliver and Havoc have limitations in payload size and stability.
Balancing in-house solutions and open-source tools is crucial for effective pentesting.
Pentesting payloads are divided into modules to manage execution and maintain covert communications.
The Stage 1 module of the pentesting payload requires dynamic functionality, minimal system traces, and compliance with OPSEC principles.

Read Full Article

1 Like

Tech Radar

182

Image Credit: Tech Radar

Suspect arrested with links to €4.5M DoppelPaymer ransomware attacks

A 45-year-old foreign national was arrested in Moldova on suspicion of mounting multiple cyberattacks, including a ransomware attack causing €4.5 million in damages.
The suspect is wanted for committing cybercrimes such as ransomware attacks, blackmail, and money laundering on companies based in the Netherlands.
The ransomware attack targeted the Dutch Scientific Research Organization, leading to substantial material damage and data exposure when a ransom payment was not met.
During the arrest, authorities seized various electronic devices and cash from the suspect, who is currently awaiting extradition.

Read Full Article

10 Likes

Global Fintech Series

371

Image Credit: Global Fintech Series

Federated Learning for AML: Fighting Money Laundering

Federated Learning (FL) presents a groundbreaking approach to AML, allowing multiple institutions to collaborate on AI-driven detection models without sharing customer data.
FL enhances AML systems by improving detection accuracy while maintaining data privacy and regulatory compliance.
Traditional AML systems struggle with limited data sharing, high false positives, evolving laundering techniques, and regulatory compliance challenges.
FL facilitates collaborative AML model training without sharing raw data and enhances detection through exposure to diverse money laundering patterns.
FL reduces false positives and compliance costs by training AI models on broader datasets and adapting to emerging laundering tactics.
Challenges in implementing FL for AML include standardization, computational costs, security risks, and balancing privacy with regulatory oversight.
Future implications of FL in AML include AI-powered regulatory sandboxes, cross-border collaboration, integration with blockchain, and real-time detection systems.
FL revolutionizes AML efforts by enabling secure collaboration, reducing false positives, and ensuring compliance with data privacy laws.

Read Full Article

22 Likes

Discover more

TechDigest

236

Image Credit: TechDigest

M&S admits customer data was stolen in cyber attack

Marks & Spencer has confirmed a cyber attack resulted in stolen customer data and disruptions to their operations.
The incident affected customers' personal information, prompting password resets, but no payment details were compromised.
The cyber attack led to online order halts, empty shelves, and a drop in M&S's share price.
M&S is taking measures to investigate the breach, improve security, and recover from the incident that impacted its supply chain.

Read Full Article

14 Likes

Dev

247

Image Credit: Dev

Real-Time Attack Monitoring with SafeLine: Setting Up Syslog Integration

SafeLine supports forwarding detailed logs via Syslog for better visibility into real-time web attacks.
To set up Syslog integration in SafeLine, configure Syslog settings in the dashboard with the required server address and port.
SafeLine logs are formatted in structured JSON, providing detailed context about HTTP requests, attack events, and enforcement actions.
Integration with Syslog centralizes WAF logs, offers real-time threat insights, and enables automated responses using external systems.

Read Full Article

14 Likes

Lastwatchdog

321

Author’s Q&A: It’s high time for CISOs to start leading strategically — or risk being scapegoated

The cybersecurity landscape is rapidly evolving, putting Chief Information Security Officers (CISOs) under immense pressure to defend critical assets and demonstrate fluency in the boardroom.
CISOs often lack authority, resources, or organizational alignment, leading to burnout, scapegoating, and, in extreme cases, criminal charges.
The GenAI wave has flooded security vendors with tools but also disrupted organizational dynamics, creating uncertainty and blurring responsibility lines.
Steve Tout's book, 'The CISO on the Razor’s Edge,' presents Strategic Performance Intelligence (SPI) as a model to help CISOs regain influence and align cybersecurity with business outcomes.
SPI differs from traditional approaches by considering environment variables like team health, leadership alignment, and strategy-execution gaps, in addition to tech monitoring.
CISOs are urged to move beyond technical focus, enhance leadership skills, and align cybersecurity with real business objectives to avoid being reduced to purely technical roles.
Agentic AI presents opportunities for CISOs by enhancing defense capabilities, providing insights, and offering performance improvements for lean teams.
To avoid being scapegoated, CISOs are advised to negotiate shared goals and liabilities, prioritize transparency, and consider contractual protections amid growing cybersecurity threats.
The persistence of 'strategic amnesia' in organizations, where hard lessons are forgotten after crises, is attributed to a focus on technology, compliance, and short-term survival over long-term investment in cybersecurity.
CISOs are encouraged to shift from tactical defense to strategic influence by demonstrating cybersecurity's role as a business enabler with measurable ROI and aligning security initiatives with business outcomes.

Read Full Article

19 Likes

Global Fintech Series

352

Image Credit: Global Fintech Series

Softstack Completes Smart‑Contract Audit of Fetch AI’s Agentverse Launchpad, and Eliminates Risks

Softstack audits Fetch AI’s Agentverse launchpad, fixes key risks, and strengthens security for tokenized AI agents and bonding-curve sales.
Softstack finalized a comprehensive smart-contract audit for Fetch AI’s Agentverse Launchpad, reviewing Solidity code governing AgentCoin deployments, bonding-curve sales, liquidity listing, and multisig governance.
Auditors identified one high-severity, one medium-severity, and two low-severity issues in the audit, which were promptly addressed by Fetch AI.
Fetch AI aims to create a decentralized machine-to-machine economy using AI, multi-agent systems, and blockchain, while Softstack specializes in securing Web3 projects and has audited over $100 billion in user funds.

Read Full Article

21 Likes

Medium

135

Image Credit: Medium

RAILGUN: Elevating Privacy in Decentralized Finance

RAILGUN is a smart contract-based privacy system that enables private transactions on public blockchains like Ethereum.
Founded by Emmanuel Goldstein and Alan Scott, RAILGUN gained attention when Ethereum co-founder Vitalik Buterin publicly endorsed the protocol.
RAILGUN uses zk-SNARKs to provide privacy for DeFi transactions without the need for standalone privacy coins.
The $RAIL token plays a crucial role in supporting and growing the RAILGUN ecosystem, offering an innovative solution for privacy in decentralized finance.

Read Full Article

8 Likes

Siliconangle

275

Image Credit: Siliconangle

Riverbed introduces new SteelHead 90 network acceleration appliances

Riverbed Technology LLC has introduced a new line of network acceleration appliances called the SteelHead 90 series with four devices powered by RiOS 10 operating system.
The SteelHead appliances compress data to boost network speeds and are designed to increase data throughput by up to 60 gigabits per second.
The RiOS 10 operating system includes performance optimizations and cybersecurity features like Intel's TDX technology for data protection.
In addition to the hardware appliances, Riverbed also offers a cloud edition called SteelHead Cloud, and will be launching SteelHead RS software for storing backup copies of files on edge computing devices.

Read Full Article

16 Likes

Medium

220

Image Credit: Medium

The Internet Computer’s Privacy, Security, and Speed

The Internet Computer network consists of over 571 high-performance computer nodes distributed in 37 subnets across 32 countries, offering exceptional speed and surpassing blockchains like Solana, Bitcoin, and Ethereum, achieving over 12,000 transactions per second.
Each subnet is decentralized, resilient, and ranges from 13 to 34 and 40 nodes, making network failure difficult as even if 25% of the nodes fail, the network continues to function normally.
The Internet Computer blockchain offers robust security measures with decentralized nodes requiring thorough evaluation, hardware investment, and compliance with hosting regulations in Tier-3 data centers across recommended countries.
The Internet Computer's sophisticated cryptographic technology, decentralized network, and efficient consensus protocol make it a highly advanced and secure blockchain platform, emphasizing privacy and performance.

Read Full Article

13 Likes

Fintechnews

193

Image Credit: Fintechnews

AUSTRAC to Expand Fintel Alliance Following Success in Combating Financial Crime

AUSTRAC is expanding its Fintel Alliance initiative which has been successful in combating financial crime through collaborative intelligence sharing.
Fintel Alliance, established in 2017, involves major banks, remittance and gambling service providers, and law enforcement agencies sharing real-time data and insights.
The alliance's efforts have led to the detection of serious crimes including money laundering, child exploitation, and tax evasion by analyzing millions of cash deposit transactions.
To support its growth, AUSTRAC is increasing staff capacity, enhancing the analytics hub, and engaging more industry partners, with a focus on tackling organized crime and expanding its regulatory oversight.

Read Full Article

11 Likes

Dev

225

Image Credit: Dev

OAuth 1.0 vs OAuth 2.0 in .NET Core

OAuth 1.0 and OAuth 2.0 are compared in the context of .NET Core development.
OAuth 1.0 is strict, uses cryptographic signatures, and is more complex, while OAuth 2.0 is framework-based, uses bearer tokens, and is simpler.
OAuth 1.0 focuses on access tokens, whereas OAuth 2.0 supports multiple token types and relies on HTTPS for security.
OAuth 2.0 is recommended for modern web APIs, mobile apps, and integrations with providers like Google, Facebook, etc., due to its flexibility and industry-wide adoption.

Read Full Article

13 Likes

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Are Cloud Storage Solutions 100% Secure with Regards to Cybersecurity?

Cloud storage solutions are not 100% secure in terms of cybersecurity, but major providers offer robust security measures like encryption, redundancy, access controls, and constant monitoring.
Potential security risks include human error, account compromise, insider threats, and service outages or breaches, highlighting the importance of user awareness and best practices.
The shared responsibility model in cloud security divides responsibility between providers securing the infrastructure and users securing their data and access points.
While cloud storage is generally secure when used correctly, businesses handling sensitive data need to implement additional precautions like end-to-end encryption, data classification, and regulatory compliance.

Read Full Article

Cybersecurity-Insiders

248

Image Credit: Cybersecurity-Insiders

Malware emerging from AI Video generation tools

Cybercriminals are exploiting AI video generation platforms to distribute malware, with the recent emergence of the Noodlophile malware, an info-stealer targeting sensitive user data.
Recent investigations by cybersecurity researchers reveal that hackers are leveraging seemingly legitimate AI video tools to infect users' devices with malware, aiming to generate income through ad revenue and malware distribution.
To attract users, cybercriminals promote fake AI tools like Luma Dreammachine AI and gratislibros on social media, making it crucial for users to be cautious and avoid clicking on suspicious links.
Authorities are facing challenges in combating malware embedded within popular applications and websites, highlighting the need for users to be vigilant, download software from reputable sources, and avoid engaging with dubious services promoted on social media.

Read Full Article

14 Likes

For uninterrupted reading, download the app