A naukri.com initiative
Cyber Security News
Cybersecurity-Insiders
4w
298
Image Credit: Cybersecurity-Insiders
Cyber Threats in the Form of MS Office Email Attachments: A Growing Danger
- MS Office Email Attachments, particularly those involving Microsoft Office documents are the most common and persistent threats in the cyber world.
- Macro-based Malware, Exploiting Vulnerabilities, and Phishing and Social Engineering are the three most common methods used in MS Office Email Attachment Attacks.
- The consequences of opening a malicious MS Office attachment can be devastating, both for individuals and organizations. The impact varies depending on the nature of the malware and the attacker’s goals.
- Ransomware, Network compromise, Financial Loss, and Data Theft and Breaches are some of the most common results of MS Office Email Attachment Cyber Threats.
- In order to protect against cyberattacks involving MS Office email attachments, enable protected view and disable macros, keep software updated, use advanced email filtering, educate users, backup data regularly, and use antivirus and anti-malware software.
- Employee training is one of the most effective ways to prevent email-based attacks
- Adoption of strong cybersecurity practices to protect against these evolving threats is necessary.
Read Full Article
17 Likes
Cybersecurity-Insiders
4w
130
Image Credit: Cybersecurity-Insiders
Mysterious Drone-Like Objects Disrupting Electronics in New Jersey: Is It a New Cyber Threat or Something More?
- Large, car-sized flying objects have been spotted in New Jersey, causing significant disturbances to nearby electronic devices such as car clocks and GPS systems.
- The Federal Bureau of Investigation (FBI) has launched an investigation into the incidents, believing that these objects might be drones or light aircraft being used for surveillance or testing purposes, but have yet to confirm the nature of the objects.
- Law enforcement agencies across eight counties in New Jersey have issued a directive prohibiting the use of drones and similar devices until further notice.
- Many individuals speculate that a state actor may be behind these incidents, using them as a form of cyber warfare, part of a broader campaign of cyber-attacks on the US. Some believe that the targets appear to be exclusively government and official buildings.
- There are growing concerns that GPS jamming and spoofing could escalate into a serious global threat, potentially leading to catastrophic consequences if the attacks continue. The Federal Aviation Administration has raised suspicions about the potential political motives behind these disturbances.
- There is a rising conspiracy theory that these events are part of a targeted campaign, possibly by a foreign power or a shadowy organisation.
- The widespread interference with GPS signals and other electronic devices remains a significant concern, as experts warn that this phenomenon could have long-term negative consequences, particularly for the safety and security of citizens.
- Authorities continue their investigations into the drone-like objects in New Jersey, and the public is captivated by the mystery and is sparking urgent discussions about the future of electronic security.
Read Full Article
7 Likes
Livebitcoinnews
4w
253
Image Credit: Livebitcoinnews
Crypto Scam Targets Web3 Workers with Fake Meeting Apps
- Cybercriminals utilize fake meeting apps to target Web3 professionals.
- Real virus grabs crypto and sensitive data from compromised machines.
- Scam uses deceptive tactics like impersonation on messaging platforms to trick users.
- Users should be cautious while downloading apps from unknown firms or investment opportunities.
Read Full Article
15 Likes
Tech Radar
4w
972
Image Credit: Tech Radar
Popular Python AI library hacked to deliver malware
- Ultralytics YOLO11, an AI model for computer vision and object detection, was compromised in a supply chain attack and used to deploy malware.
- The malicious versions of YOLO11 were uploaded on PyPI, a Python package repository, and users who updated to these versions ended up with a cryptocurrency miner called XMRig installed.
- Ultralytics confirmed the attack and immediately removed the compromised versions from PyPI. They have released a new version and are conducting a full security audit.
- There have been reports of even newer trojanized versions of YOLO11, indicating ongoing security concerns.
Read Full Article
26 Likes
Tech Radar
4w
964
Image Credit: Tech Radar
QR codes can be used to crack this vital browser security tool
- Cybersecurity researchers have discovered a way to communicate with malware through browser isolation using QR codes.
- Browser isolation is a method that protects against web-borne cyberattacks by running scripts in a remote environment.
- Infected devices can receive commands via QR codes, bypassing browser isolation and rendering it ineffective.
- The method has limitations, including a maximum data stream size and latency, but can still be used for destructive malware attacks.
Read Full Article
23 Likes
Medium
4w
315
Image Credit: Medium
Revolutionizing Data Analytics with AI-Powered GPUs
- Start-up Voltron Data is using GPUs for data analytics tasks.
- GPUs are capable of efficiently processing large volumes of data.
- The GPUs are being used for tasks like cybersecurity and telemetry data processing.
- Traditional computing chips can bottleneck when dealing with massive data queries.
Read Full Article
19 Likes
Cybersecurity-Insiders
4w
440
Image Credit: Cybersecurity-Insiders
Hornetsecurity Enhances 365 Total Backup with Self-Service Recovery and Adds Microsoft OneNote Backup
- Hornetsecurity announces upgrades to 365 Total Backup solution.
- New self-service recovery functionality allows end users to restore data independently.
- Full backup and recovery support is extended to Microsoft OneNote.
- These enhancements aim to empower end users and ensure comprehensive data protection.
Read Full Article
26 Likes
Securityaffairs
4w
382
Image Credit: Securityaffairs
Romanian energy supplier Electrica Group is facing a ransomware attack
- Romanian energy supplier Electrica Group is facing a ransomware attack.
- The attack hasn't affected critical systems but may cause temporary disruptions in customer services.
- Electrica is implementing internal cybersecurity protocols and collaborating with national cybersecurity authorities.
- The attack is believed to be a retaliation for Romania annulling its presidential election over alleged Russian interference.
Read Full Article
23 Likes
Medium
4w
302
How to Safeguard Your Web-based Protection in 2024?
- Hoody.com is a creative stage intended to safeguard your protection while perusing the web.
- It offers types of assistance, for example, hindering promotion following and enhancing security while sharing information.
- Hoody.com guarantees the protection of individual information and offers a user-friendly interface.
- To begin with Hoody.com, visit their website at https://hoody.com/?af=ERHNOZJB7 and experience secure and confidential perusing.
Read Full Article
18 Likes
Inside
4w
387
Quality Outreach Heads-Up - Security Properties Files Inclusion
- The OpenJDK Quality Group is promoting the testing of FOSS projects with OpenJDK builds as a way to improve the overall quality of the release.
- Including additional properties files in the main security properties file allows for better management of security properties across multiple JDK releases.
- The inclusion mechanism ensures robust security and prevents misconfigurations by listing files explicitly and throwing a fatal error for missing or inaccessible files.
- Including other properties files offers benefits such as override priority, automatic propagation of updates, and consistent security policies.
Read Full Article
23 Likes
Medium
4w
57
Image Credit: Medium
Understanding Communication Privacy Management Theory: A Guide for Everyday Life
- CPM (Communication Privacy Management) is a theory that explains how people handle private information.
- CPM is based on five core principles: ownership and control of private information, rules for concealing and revealing, disclosure creates co-ownership, negotiating privacy boundaries, and boundary turbulence.
- An example of boundary turbulence is when private information shared with a colleague at work gets disclosed to the boss, leading to an awkward situation.
- CPM is especially relevant in the digital age due to the challenges of privacy management posed by social media and online platforms.
Read Full Article
3 Likes
Medium
4w
26
Image Credit: Medium
AI for Cybersecurity and Cybersecurity for AI: A Win-Win
- AI can automate tasks for pentesters and SOC analysts, improving efficiency and productivity.
- AI helps cybersecurity professionals explore different domains and automate processes.
- AI amplifies human expertise and allows for the integration of AI into cybersecurity tools.
- Securing AI systems is crucial to prevent manipulation and ensure resilience against attacks.
Read Full Article
1 Like
Medium
4w
4
Image Credit: Medium
Register Windows Object Callbacks from Kernel Driver
- This article demonstrates how to monitor access to Windows process objects using a kernel driver.
- A kernel driver is employed to intercept handle creation and duplication events for process objects.
- The driver registers callbacks using the ObRegisterCallbacks function to hook into these operations.
- By leveraging kernel-mode access, this approach allows for deeper system monitoring and control.
Read Full Article
Like
Wired
4w
182
Image Credit: Wired
Police Arrest UHC CEO Shooting Suspect, App Developer Luigi Mangione
- Luigi Mangione, an app developer, has been arrested in connection with the shooting death of UnitedHealthcare CEO Brian Thompson in New York City.
- Mangione was apprehended in Altoona, Pennsylvania after visitors at a McDonald’s noticed his resemblance to the suspect and contacted authorities.
- Authorities discovered bullet casings at the scene with words related to health insurance denial, and Mangione was found carrying a manifesto criticizing healthcare companies.
- Mangione's online presence reveals his interest in gaming and technology, along with references to back pain and health care in his account history.
Read Full Article
10 Likes
Lastwatchdog
4w
320
Shared Intel Q&A: A thriving ecosystem now supports AWS ‘shared responsibility’ security model
- Amazon has come a long way with AWS Shared Responsibility Model introduced in 2013 to divide cloud security obligations between AWS and its patrons.
- AWS has introduced and promoted a range of tools and 3rd party cybersecurity vendors have been innovating to address the obvious gaps in cybersecurity.
- Meanwhile, standards bodies and regulators have kept up the pressure for companies to do the right thing when it comes to cloud security giving rise to a steadily growing momentum of companies living up to their part of AWS shared responsibility.
- High-profile breaches, especially stemming from misconfigured services like S3 buckets or exposed APIs, have emphasised the need for shared responsibility.
- AWS does provide a rich set of security-focused tools, but ultimately securing an organization's environment is company's responsibility.
- Amazon GuardDuty, WAF, Shield, and SSM Patch Manager are some of AWS's tools that help businesses manage their security posture.
- AWS has built a robust network of partners and vendors, enabling businesses to leverage specialized solutions tailored to their unique needs.
- Compliance will shift from being a competitive advantage to a baseline expectation and compliance requirements directly into infrastructure and software development lifecycle will become essential.
- Strengthening security needs to be embedded across operations and championed by management to be truly effective as it is a 'must-have' today.
- Nimbus Stack is a DevOps consultancy specialising in AWS security and excels in identifying potential threats and mitigating them, making compliance a critical factor for businesses aiming to grow and remain credible in the market.
Read Full Article
19 Likes
For uninterrupted reading, download the app