menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Cybersecurity-Insiders

4w

read

71

img
dot

Image Credit: Cybersecurity-Insiders

Protecting Your Online Accounts: Essential Password Security Tips

  • Passwords are the first line of defense in protecting your online accounts
  • Create long, complex passwords
  • Incorporate special characters and mix uppercase and lowercase letters
  • Enable two-factor authentication and use a password manager

Read Full Article

like

4 Likes

share

1 Share

source image

Siliconangle

4w

read

400

img
dot

Image Credit: Siliconangle

It’s Jensen Huang’s AI world. We just live in it.

  • Nvidia CEO Jensen Huang introduced new GPUs, AI supercomputers, and software at the GTC conference to enable AI factories and revenue growth.
  • Nvidia made a $30 billion consortium investment and acquired synthetic data startup Gretel to strengthen its AI infrastructure.
  • CoreWeave filed for a $2.7 billion IPO, showcasing continued demand for GPUs.
  • Stealth AI use poses challenges for data security in companies.
  • SoftBank acquired AI chipmaker Ampere Computing for $6.5 billion, aligning with the rising demand for AI chips.
  • Google's $32 billion acquisition of cybersecurity startup Wiz indicates a focus on enhancing Google Cloud.
  • The EU found Apple and Google in breach of antitrust rules, intensifying their campaign against U.S. Big Tech.
  • Nvidia emphasized AI development at the GTC event, showcasing advancements in GPUs, AI models for robots, and silicon photonics switches.
  • Nvidia's AI Factory concept focuses on generating AI models efficiently, necessitating powerful chips like the upcoming Blackwell Ultra and Rubin.
  • The AI industry is seeing continued growth, with enterprises transitioning from AI prototypes to full production, although challenges in AI adoption persist.

Read Full Article

like

24 Likes

share

5 Shares

source image

Tech Radar

4w

read

53

img
dot

Image Credit: Tech Radar

Cisco smart licensing system sees critical security flaws exploited

  • Security researchers claim two Cisco Smart Licensing Utility bugs are being abused in the wild.
  • One of the bugs is a hardcoded admin account.
  • Both bugs were fixed in 2024, so users should update now.
  • Abusing these flaws requires running the CSLU app in the background.

Read Full Article

like

3 Likes

share

Share

source image

Cybersecurity-Insiders

4w

read

128

img
dot

Image Credit: Cybersecurity-Insiders

Learn Malware Analysis with This Hands-on Course

  • ANY.RUN's Security Training Lab offers a learning environment for analyzing real-world malware and enhancing threat detection skills.
  • The program provides static and dynamic analysis, encryption algorithms, malware capabilities, and analysis of scripts and office files.
  • Audiences include security teams, students, and independent researchers who can benefit from practical tools and interactive tasks.
  • The course equips students with skills such as understanding malware behavior, mapping malware behaviors to known tactics, and using professional tools.

Read Full Article

like

7 Likes

share

1 Share

source image

Cybersecurity-Insiders

4w

read

306

img
dot

Image Credit: Cybersecurity-Insiders

Examining the State of IGA

  • Organizations face challenges managing digital identities due to technological advancements and regulatory compliance requirements.
  • A survey highlighted difficulties with current IGA solutions, including user access control, customization needs, and high TCO.
  • Enterprises struggle with upgrading IGA solutions due to resource constraints and functionality gaps.
  • Increased IT security investment points to the growing importance of cybersecurity and IGA in business operations.
  • Cyber Liability Insurance is gaining popularity as a means to offset costs from potential breaches, with insurers demanding stricter security measures.
  • The desire for efficiency and automation drives investments in IGA tools, particularly to address access governance and manual processes.
  • Advanced IGA features like enhanced access visibility and RBAC can greatly impact ROI for companies implementing cloud-based solutions.
  • Organizations are encouraged to address security gaps, conduct audits, and invest in modern SaaS-based IGA platforms with AI capabilities to manage digital identities effectively.
  • Improving IGA strategies is essential for organizations to navigate the complexities of identity security and access control in today's technology-driven landscape.

Read Full Article

like

18 Likes

share

4 Shares

source image

Tech Radar

4w

read

440

img
dot

Image Credit: Tech Radar

US government warns agencies to make sure their backups are safe from NAKIVO security issue

  • The US government warns agencies to ensure the safety of their backups from NAKIVO security issue.
  • CISA has added the NAKIVO bug, tracked as CVE-2024-48248, to its Known Exploited Vulnerabilities (KEV) catalog, indicating in-the-wild abuse.
  • The bug has a severity score of 8.6/10 and can lead to remote code execution.
  • Federal Civilian Executive Branch (FCEB) agencies have until April 9 to apply the patch or stop using NAKIVO product.

Read Full Article

like

26 Likes

share

6 Shares

source image

Socprime

4w

read

289

img
dot

Image Credit: Socprime

CVE-2025-24813 Detection: Apache Tomcat RCE Vulnerability Actively Exploited in the Wild

  • A newly revealed RCE vulnerability in Apache Tomcat is actively being exploited.
  • The vulnerability, known as CVE-2025-24813, allows remote code execution by leveraging unsafe deserialization.
  • The successful exploitation of the vulnerability can lead to remote code execution on targeted systems.
  • Organizations are advised to update to the latest versions of Apache Tomcat to mitigate the risk.

Read Full Article

like

17 Likes

share

4 Shares

source image

Tech Radar

4w

read

320

img
dot

Image Credit: Tech Radar

Veeam urges users to patch security issues which could allow backup hacks

  • Veeam released a patch for a critical-level vulnerability found in its Backup & Replication software, which allows for remote code execution (RCE) attacks.
  • The vulnerability, tracked as CVE-2025-23120, is described as a deserialization flaw and has a severity score of 9.9/10 (critical).
  • The bug affects Veeam Backup & Replication 12.3.0.310 and all earlier versions, and was fixed with version 12.3.1 (build 12.3.1.1139).
  • The bug only impacts Veeam Backup & Replication installations joined to a domain, and any domain user can exploit it.

Read Full Article

like

19 Likes

share

4 Shares

source image

TechCrunch

4w

read

235

img
dot

Image Credit: TechCrunch

Russian zero-day seller is offering up to $4 million for Telegram exploits

  • A Russian zero-day seller, Operation Zero, is offering up to $4 million for exploits targeting the messaging app Telegram, with prices ranging from $500,000 to $4 million based on the type of exploit.
  • Exploit brokers like Operation Zero acquire or develop security vulnerabilities to sell at higher prices, with a focus on Telegram due to its popularity in Russia and Ukraine.
  • The public offer provides insight into Russia's zero-day market priorities, with Operation Zero possibly responding to demand from the Russian government for Telegram exploits.
  • Zero-days, unknown to software makers, are highly sought-after in the exploit market, offering hackers opportunities to target technology with minimal defense.
  • Remote code execution (RCE) exploits, particularly zero-click ones, are valuable for allowing control without interaction from the target, making them lucrative in the hacking realm.
  • Telegram's security has been criticized compared to competitors like WhatsApp and Signal, with concerns about encryption and visibility of conversations on Telegram's servers.
  • Operation Zero's pricing for Telegram exploits is seen as relatively low, possibly indicating plans for higher pricing upon resale to customers, according to industry experts.
  • The zero-day market has seen escalating prices, with a zero-day for WhatsApp reportedly costing up to $8 million, reflecting the increasing difficulty in hacking popular apps.
  • Operation Zero previously offered $20 million for iOS and Android hacking tools and currently offers $2.5 million for such bugs, showcasing the high-stakes and evolving nature of the exploit market.

Read Full Article

like

14 Likes

share

3 Shares

source image

Tech Radar

4w

read

177

img
dot

Image Credit: Tech Radar

Hackers are targeting unpatched ServiceNow instances that exploit 3 separate year-old vulnerabilities

  • There has been a “notable resurgence” in the abuse of three concerning ServiceNow security vulnerabilities, experts are warning.
  • The vulnerabilities can be abused separately, but when they’re chained, they grant “full database access,” putting vulnerable organizations at immense risk.
  • The attackers target unpatched ServiceNow instances and inject a payload to check for specific results in the server response.
  • Attackers have been observed targeting Israeli firms, as well as organizations in Germany, Japan, and Lithuania.

Read Full Article

like

10 Likes

share

2 Shares

source image

Securityaffairs

4w

read

177

img
dot

Image Credit: Securityaffairs

RansomHub affiliate uses custom backdoor Betruger

  • Symantec researchers have identified a custom backdoor, named Betruger, linked to an affiliate of the RansomHub operation in recent ransomware attacks.
  • Betruger is a multi-function backdoor used for ransomware attacks that combines several features to minimize detection, such as screenshot capture, credential theft, keystroke logging, network scanning, and privilege escalation.
  • The backdoor is disguised as 'mailer.exe' or 'turbomailer.exe' to appear legitimate, but lacks mailing functions.
  • RansomHub, run by the cybercrime group Greenbottle, has become the most prolific ransomware operation, attracting affiliates by offering better terms and a higher percentage of ransom payments.

Read Full Article

like

10 Likes

share

2 Shares

source image

TechDigest

4w

read

297

img
dot

Image Credit: TechDigest

Cybersecurity faces talent shortage despite growing female interest

  • The cybersecurity industry is facing a critical talent shortage, with 67% of organizations reporting a shortage of cybersecurity staff.
  • A new study reveals that cybersecurity is now the third most appealing tech sector for women entering the workforce in Central and Eastern Europe.
  • The complex nature of cybersecurity roles and persistent gender bias are identified as barriers to addressing the talent shortage.
  • To bridge the gap, companies are urged to invest in training and upskilling local talent, eliminate gender bias, and implement inclusive hiring practices.

Read Full Article

like

17 Likes

share

4 Shares

source image

Tech Radar

4w

read

404

img
dot

Image Credit: Tech Radar

The UK releases timeline for migration to post-quantum cryptography

  • The UK Government releases guidelines for post-quantum migration.
  • The timeline aims for full migration by 2031.
  • SMEs benefit from updated guidance.
  • Migration to post-quantum cryptography is necessary to defend against future threats posed by quantum computers.

Read Full Article

like

24 Likes

share

5 Shares

source image

Dev

4w

read

177

img
dot

Image Credit: Dev

Revolutionizing Educational Data Management with Blockchain: A New Era of Security and Transparency

  • Blockchain technology offers a transformative solution to the secure management of student data in the educational sector.
  • Traditional systems face challenges such as time-consuming verification processes and vulnerability to cyber threats.
  • Blockchain provides decentralized and tamper-proof storage of academic records, enhancing data security and trust among stakeholders.
  • In addition to data management, blockchain can revolutionize personalized education through decentralized learning platforms and micro-credentialing.

Read Full Article

like

10 Likes

share

2 Shares

source image

Wired

4w

read

422

img
dot

Image Credit: Wired

How to Avoid US-Based Digital Services—and Why You Might Want To

  • Law enforcement requests for user data from Apple, Google, and Meta give these companies control over our personal information and constitutional rights.
  • Big Tech's collaboration with the Trump administration began before his inauguration, with companies like Amazon and Meta donating to his inauguration.
  • Moving digital life off US-based systems is an option for those concerned about the Trump administration's influence on Silicon Valley.
  • US data services are seen as 'no longer safe' by Europeans, leading to concerns about privacy and civil liberties.
  • Meta and Google made policy changes aligning with the Trump administration's values, affecting issues like hate speech and moderation.
  • Google altered Maps and Search results to rename the Gulf of Mexico to the Gulf of America following a Trump executive order.
  • Tech companies like Meta, Google, and Apple hold significant power in deciding how much personal data they collect and store.
  • The stance on encrypted communication under Trump's administration led to conflicts between tech companies and federal law enforcement.
  • Considering secure non-US options is advised to reduce potential risks related to data privacy and government surveillance.
  • Numerous alternative services outside the US, from email providers to social media platforms, are available for those seeking to cut ties with US-based digital services.

Read Full Article

like

25 Likes

share

5 Shares

Prev

80
81
82
83
84
85
86
87
88
89
90

Next

For uninterrupted reading, download the app