menu
techminis

A naukri.com initiative

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Wired

3d

read

259

img
dot

Image Credit: Wired

Mystery Drone Sightings Lead to FAA Ban Despite No Detected Threats

  • Hackers can ‘jailbreak’ digital license plates, allowing them to change the license plate number to avoid tolls and tickets, or change their plate to be the same as their enemy.
  • Cybersecurity and Infrastructure Security Agency employees fear that the incoming Trump administration will scrap programs that keep Americans safe, or dismantle the agency itself.
  • Interpol officials say it's time to rebrand cryptocurrency scams called 'pig butchering' due to its potential to shame victims of the crime to not report it.
  • Authorities in Europe warn of drug dealers advertising illegal goods on open web platforms like Instagram, X, and Snapchat.
  • FAA temporarily bans drones over critical infrastructure and utility sites in NJ and NY for 30 days due to panic over mysterious drone sightings.
  • FAA warns of dangers of people pointing lasers at aircraft, which has been on the rise due to the recent drone hysteria.
  • Google to allow advertisers to use fingerprinting starting in Feb 2025, despite previously stating that fingerprinting is a subversion of user choice and is wrong.
  • Rostislav Panev, an Israeli citizen and alleged developer of Lockbit ransomware, is facing US extradition for receiving over $230,000 in Bitcoin and developing ransomware tools.
  • Organizers of LockBit ransomware claim they have created a new ‘4.0’ version of their tools and will be launching them in February.
  • TP-Link, a Chinese technology company and router maker, may be banned in the US due to potential cybersecurity and national security concerns around its routers.

Read Full Article

like

15 Likes

source image

Securityaffairs

3d

read

35

img
dot

Image Credit: Securityaffairs

Romanian national was sentenced to 20 years in prison for his role in NetWalker ransomware attacks

  • Romanian national Daniel Christian Hulea, 30, was sentenced to 20 years in prison for his role in NetWalker ransomware attacks, pleading guilty to fraud charges in June.
  • Hulea admitted to extorting 1,595 bitcoin (~$21.5M) in ransom payments from organizations worldwide, including healthcare during COVID-19.
  • Romanian authorities arrested Hulea in July 2023 and extradited him to the U.S. under the U.S.-Romania extradition treaty.
  • The NetWalker ransomware group has targeted various victims, including K-Electric, Dirección Nacional de Migraciones, and the University of California San Francisco.

Read Full Article

like

2 Likes

source image

Medium

3d

read

228

img
dot

Image Credit: Medium

Hashing in Python Sets and Dictionaries

  • Hashing is a process that converts data into a fixed-size numerical value, known as a hash code.
  • In Python, sets and dictionaries are implemented as hash tables.
  • Sets use a hash function to determine the position of elements in memory.
  • This allows for fast membership tests and efficient insertion, lookup, and deletion operations.

Read Full Article

like

13 Likes

source image

Hackersking

3d

read

83

img
dot

Image Credit: Hackersking

How Generative AI Is Powering a New Era of Cybersecurity

  • Generative AI is revolutionizing cybersecurity by enhancing threat detection, automating responses, and fortifying defenses.
  • Key applications of generative AI in cybersecurity include threat detection and analysis, simulating cyberattacks, automating incident response, and developing adaptive security measures.
  • Challenges and risks of generative AI in cybersecurity include the potential misuse by cybercriminals and concerns about data privacy and false positives/negatives.
  • The future of generative AI in cybersecurity may include AI collaboration, personalized security, and predictive defense.

Read Full Article

like

5 Likes

source image

Cybersecurity-Insiders

3d

read

259

img
dot

Image Credit: Cybersecurity-Insiders

How Fraudsters Are Adopting Cybersecurity Techniques to Bypass Detection

  • Each year, companies lose around 5% of their annual revenue to fraud, which is a conservative estimate as most fraud goes undetected.
  • Fraudsters are using advanced cybersecurity techniques to launch increasingly sophisticated attacks, leveraging machine learning (ML), artificial intelligence (AI), and cloud services.
  • The challenge is compounded by the silos separating cybersecurity and fraud prevention teams within organizations, creating blind spots that sophisticated attackers exploit.
  • To combat such attacks effectively, companies need to embrace an integrated approach that bridges the gap between these departments, requiring a fundamental reimagining of how organizations detect, prevent and respond to hybrid threats.
  • Resource constraints further compound this issue, with cyber teams prioritizing enterprise infrastructure, leaving minimal bandwidth for direct involvement in fraud prevention efforts.
  • Fraudsters are weaponizing ML and AI to scale their attacks, using algorithms to harvest and analyze social media and digital trails for personalized phishing emails and business email compromise (BEC) schemes.
  • The explosive growth of IoT devices presents new vulnerabilities for exploitation.
  • In a troubling new trend, fraudsters are finding ways to manipulate large language models (LLMs), weaponizing these tools for phishing scripts, chatbot scams, and social engineering.
  • Deepfake technology has evolved into a serious security threat, providing fraudsters with the ability to circumvent KYC procedures through synthetic identities.
  • Organizations must respond by dismantling operational silos and fostering seamless collaboration between cybersecurity and fraud teams, creating a dynamic defense framework that adapts to emerging threats in real-time.

Read Full Article

like

15 Likes

source image

Dev

3d

read

255

img
dot

Image Credit: Dev

Introducing Altikrity: A Multi-Layer Encryption Library

  • Introducing Altikrity: A Multi-Layer Encryption Library
  • Altikrity is a multi-layer encryption library designed to provide robust protection for Python code.
  • Key features include multi-layer encryption, easy-to-use API, and secure execution of encrypted code.
  • Altikrity can be installed using pip and offers examples for encrypting and running encrypted code.

Read Full Article

like

15 Likes

source image

Cybersecurity-Insiders

3d

read

12

img
dot

Image Credit: Cybersecurity-Insiders

Maryland Association of Community Colleges and BCR Cyber Receive TEDCO Grant

  • The Maryland Association of Community Colleges (MACC) and BCR Cyber have received a $935,680 grant for their Cyber Workforce Accelerator (CWA) through the new Equitech Growth Fund from TEDCO.
  • The CWA provides Maryland's 16 community colleges with access to BCR Cyber Series 3000 cyber ranges for training and certifying entry-level IT and cyber practitioners.
  • The Equitech Growth Fund award will facilitate the procurement, configuration, and deployment of three additional cyber ranges, bringing the total to 13 cyber ranges available for all Maryland community colleges.
  • The grant aims to enhance Maryland's cybersecurity training and job placement capabilities, providing opportunities for thousands of community college cyber students and trainees.

Read Full Article

like

Like

source image

Cybersecurity-Insiders

3d

read

252

img
dot

Image Credit: Cybersecurity-Insiders

Combatting phantom secrets: have you heard of historical secrets scanning?

  • Phantom secrets have the potential to cause major cybersecurity issues, yet a worrying number of developers aren’t aware of their existence.
  • Developers often embed credentials, API tokens, and passkeys directly into their code, which must be removed before the code is pushed to production.
  • However, anti-secret scanning tools miss these secrets due to a design flaw in Git-based infrastructure- many secrets are accessible in the commit history.
  • Recently Aqua Nautilus conducted research on the top 100 organisations on GitHub, which collectively had 52,268 different repositories.
  • Around 17.78% of potential secrets in repositories can be missed if users only rely on regular git-clone based scanning tools.
  • Historical secret scanning eliminates oversights in scanning tools by identifying and addressing secrets that, though deleted from the code, remain accessible in the commit history.
  • Adopting historical secret scanning will help gain complete oversight of all secrets without blind spots by including those buried deep within the commit history.
  • Enhancing detection and reducing attack surface are some key benefits of historical secret scanning.
  • It is critical to realise credentials, API tokens, and passkeys remain exposed for many years, even after being deleted, leading to significant security risk.

Read Full Article

like

15 Likes

source image

Cybersecurity-Insiders

3d

read

20

img
dot

Image Credit: Cybersecurity-Insiders

New Report Shows That The U.S. Leads in Anonymous Open-Source Contributions

  • A recent report by Lineaje AI Labs reveals that the United States leads in open-source contributions and anonymous contributions, raising concerns about transparency and security in the software supply chain.
  • The U.S. accounts for 34% of global open-source contributions, followed by Russia at 13%. 20% of open-source contributions in the U.S. are anonymous, posing potential risks of hidden backdoors or vulnerabilities.
  • Industries such as defense, water, electricity, banking, and retail face challenges in software maintenance due to contributions from multiple countries.
  • Open-source software has maintenance gaps, with security weaknesses originating within open-source dependencies and 70% of components being poorly maintained.

Read Full Article

like

1 Like

source image

Cybersecurity-Insiders

3d

read

253

img
dot

Image Credit: Cybersecurity-Insiders

HackerOne Cybersecurity Platform Joins AWS Marketplace

  • HackerOne’s suite of cybersecurity tools, including bug bounty programs and vulnerability disclosure services, is now available through the AWS Marketplace.
  • The platform provides tools for penetration testing, AI-assisted threat assessments, and secure code audits.
  • By integrating with the AWS Marketplace, HackerOne aims to provide seamless access to its services, particularly for testing digital assets within AWS cloud environments.
  • HackerOne’s offerings can now be found in the Security, Testing, and Assessment sections of the AWS Marketplace.

Read Full Article

like

15 Likes

source image

Cybersecurity-Insiders

3d

read

148

img
dot

Image Credit: Cybersecurity-Insiders

Navigating AI Risks: Best Practices for Compliance and Security

  • Organizations are facing escalating governance, security, and regulatory compliance challenges as AI adoption accelerates.
  • Henry Umney, Managing Director of GRC Strategy at Mitratech, provides actionable insights and strategies for businesses to navigate these complexities.
  • Key recommendations include building an inventory of AI models, prioritizing AI security in budgeting, conducting penetration testing and vulnerability assessments, and implementing continuous governance.
  • With AI playing a more prominent role in business strategies, Henry Umney's expertise offers guidance for navigating the complex AI landscape.

Read Full Article

like

8 Likes

source image

Cybersecurity-Insiders

3d

read

244

img
dot

Image Credit: Cybersecurity-Insiders

How to Increase Your Cyber Resilience – and Customer Trust

  • Organizations across industries must ensure they take the proper steps to prepare, mitigate and quickly recover from a cyberattack as it is no longer a matter of if one will happen – but a matter of when.
  • One of the first steps organizations can take to increase their cyber resilience is identify any potential system threats and vulnerabilities before bad actors can exploit them.
  • Autonomous penetration testing is designed to provide companies with an unbiased and comprehensive view of their system.
  • Implementing continuous monitoring and threat detection allows organizations to analyze network traffic and detect unusual activity that may pose a security threat.
  • Business continuity plans are a critical component of a comprehensive cybersecurity strategy.
  • By implementing a comprehensive plan, organizations can reduce the overall downtime from a cyber incident.
  • Investing in regular cybersecurity awareness and training programs is one of the most effective ways to mitigate risk and cultivate a well-informed and vigilant workforce.
  • A comprehensive training program should involve simulations of different types of cyberattacks.
  • While cyber threats are always looming, there are steps organizations can take to be better prepared.
  • Being proactive when it comes to cybersecurity is critical for organizations to avoid being the next cyberattack making headlines.

Read Full Article

like

14 Likes

source image

Medium

3d

read

172

img
dot

Image Credit: Medium

The Role of AI in Revolutionizing Cybersecurity: Opportunities and Challenges

  • AI can detect and stop cyberattacks faster than humans.
  • AI can perform monotonous tasks, freeing up cybersecurity teams.
  • AI-powered tools can provide predictive attack prevention.
  • However, hackers can also use AI to create more sophisticated attacks.

Read Full Article

like

10 Likes

source image

Cybersecurity-Insiders

3d

read

244

img
dot

Image Credit: Cybersecurity-Insiders

How to Implement a Balanced Approach to Cybersecurity: Prioritizing Mission, Safety, and Compliance

  • Companies need to balance mission objectives, data safety, and compliance while adopting new technologies.
  • Regular risk assessments help determine where security needs to be improved and maintained.
  • The development and testing of incident response plans help ensure that companies are not caught off guard.
  • It is necessary to carry out practical exercises such as simulated ransomware attacks or phishing campaigns to provide practical experience on security concerns.
  • Regular employee training on current and emerging threats will help improve cybersecurity.
  • Businesses need to incorporate security solutions while not compromising on growth and profitability.
  • Common safety approaches include data encryption, multifactor authentication, and zero trust network access.
  • Failure to meet standards and regulations may lead to fines, operational penalties, or legal action.
  • Too much emphasis on mission objectives opens companies to security threats.
  • Overfocus on safety and compliance can hamstring growth and revenue plans.

Read Full Article

like

14 Likes

source image

Cybersecurity-Insiders

3d

read

332

img
dot

Image Credit: Cybersecurity-Insiders

Could better backups reduce cyber insurance premiums?

  • Premiums for cyber insurance have fallen 6% over last year as the market matures and providers become more accurate at assessing risk.
  • Insurers are becoming more specific over what is covered. Ransomware, supply chain attacks and data breaches were identified as key risks.
  • They are also becoming more exacting in their requirements, including security measures such as the use of encryption, access controls and secure storage.
  • A robust backup policy is also an essential component of cyber defence strategy. However, half of all businesses questioned had to resort to recovering from backups in the past year but a third were unable to completely recover their data.
  • Key considerations in meeting insurance demands include password hygiene, employee training and awareness, encrypted storage, patch updates and access controls.
  • The use of air-gapped offline backups is critical given the reliance on repositories and the fact that they are a key target of threat actors.
  • Collaboration between insurers and their business clients is needed to ensure transparent policies that address current and emerging threats on the insurance side and to add contingency storage on the part of the enterprise.
  • Businesses need to read the terms and conditions of their policy and pay attention to any changes that are typically made by insurers on an annual basis to ensure they have adequate cover.
  • While reducing the likelihood of it happening should be everyone’s interests, cyber insurance is not a substitute for risk assessment but should instead be seen as a means of guarding against residual risk once measures have been enacted.

Read Full Article

like

20 Likes

For uninterrupted reading, download the app