A naukri.com initiative
Cyber Security News
Medium
1d
23
Image Credit: Medium
Conquer The Audit! Your Guide to ISO 27001 Internal Audit Requirements
- ISO 27001 is a globally recognized standard for information security management.
- Internal audits are crucial for ensuring the effectiveness of the Information Security Management System (ISMS).
- ISO 27001 outlines key requirements for internal audits, including assessing the implementation of security controls.
- Automation tools like Secureslate can streamline ISMS implementation and make internal audits more efficient.
Read Full Article
1 Like
Cybersecurity-Insiders
1d
357
Image Credit: Cybersecurity-Insiders
Commvault projects Cleanroom Recovery for ransomware thwarting customers
- Commvault's Cleanroom Recovery leverages Microsoft Azure cloud infrastructure to provide customers with a secure space for immutable data backups.
- Cleanroom Recovery doubles as a testing environment for companies seeking to fortify their ransomware recovery strategies.
- Customers gain access to a flexible and scalable infrastructure for testing data recovery plans across diverse IT environments.
- Cleanroom Recovery facilitates seamless conversion of virtual machines from any hypervisor to Azure VMs.
Read Full Article
21 Likes
Gbhackers
1d
88
Redline Malware Using Lua Bytecode to Challenge the SOC/TI Team to Detect
- Redline Stealer malware variant discovered using Lua bytecode to obfuscate its code
- Malware found on GitHub, exploiting its popularity and trust to distribute malicious files
- Redline Stealer communicates with C2 server over HTTP and steals victim information
- Malware leverages Lua's FFI to bypass monitored channels and evade detection
Read Full Article
5 Likes
Siliconangle
1d
277
Image Credit: Siliconangle
Secure browser Island raises $175M, doubling valuation to $3B
- Island Technology Inc. has raised $175 million in a late-stage funding, doubling its valuation to $3 billion.
- The funding round was led by Coatue and Sequoia Capital.
- Island aims to provide enterprise businesses with a secure browsing experience.
- The company's enterprise browser embeds security features, including safe browsing and web isolation, directly into the browser itself.
Read Full Article
16 Likes
Tech Radar
1d
80
Image Credit: Tech Radar
Hibernating cluster wakes up to map the entire Internet - but what could it be planning?
- Chinese state-sponsored actors are mapping out the entire internet, raising concerns of a potential large-scale cyberattack.
- An activity cluster called Muddling Meerkat has recently become active after being dormant since 2019.
- Muddling Meerkat primarily manipulates global DNS systems and mail exchange records through the Great Firewall.
- The motive behind the campaign is unclear, with speculations ranging from mapping networks for future attacks to creating DNS noise to mask simultaneous attacks.
Read Full Article
4 Likes
Medium
1d
215
Image Credit: Medium
Cyber Security Awareness by Sanjay Kumar (ADGP), Cyber Crime Wing
- Ensuring cyber security awareness is crucial in the digital age.
- Tamil Nadu Police actively promotes cyber security through workshops and campaigns.
- The police department has established a dedicated helpline (1930) for reporting cyber threats.
- Collectively, we can create a safer digital environment through proactive measures.
Read Full Article
12 Likes
Tech Radar
1d
181
Image Credit: Tech Radar
Change Helathcare hackers took advantage of Citrix vulnerability to break in, CEO says
- Hackers took advantage of a vulnerability in a Citrix remote desktop access product to break into Change Healthcare's IT systems.
- The CEO of UnitedHealth, Change Healthcare's parent company, revealed this information ahead of his testimony in front of the House Energy and Commerce Committee.
- The attackers used a compromised username/password combination to access the company's Citrix portal, which did not have multi-factor authentication (MFA) at the time.
- ALPHV, a notorious ransomware-as-a-service vendor, breached Change Healthcare, stole sensitive customer data, and demanded $22 million in cryptocurrency as ransom.
Read Full Article
10 Likes
Medium
1d
73
Image Credit: Medium
How to secure encrypt and decrypt data within the browser with AES-GCM and PBKDF2
- Directly using user passwords as encryption keys is not advisable due to their predictability and vulnerability to being guessed or cracked through brute-force attacks.
- The secure cryptographic key generation starts with the user’s password, processed through the PBKDF2 algorithm using SHA-256 hashing.
- When it comes to encrypting data with AES-GCM, there are essential steps to follow, including generating an IV and transforming plaintext data into ciphertext.
- The decryption process reverses the encryption steps, using the same key, IV, and authentication tag to ensure the data’s integrity has not been compromised.
Read Full Article
4 Likes
Medium
1d
343
Image Credit: Medium
How good is the Nord VPN 2024
- NordVPN is a leading choice for secure and private internet connection.
- It employs advanced encryption and security features, including a strict no-log policy.
- With servers in over 60 countries, it offers global server coverage for secure internet access.
- NordVPN provides high-speed connections, compatibility across devices, and comprehensive customer support.
Read Full Article
20 Likes
Socprime
1d
188
Image Credit: Socprime
CVE-2024-4040 Detection: A Critical CrushFTP Zero-Day Vulnerability Exploited in the Wild Targeting U.S. Organizations
- A critical zero-day vulnerability, identified as CVE-2024-4040, is being exploited in the wild, targeting U.S. organizations that use CrushFTP servers.
- The vulnerability allows remote attackers to bypass system security, download files, and potentially gain full system control.
- The flaw impacts versions prior to 10.7.1 and 11.1.0 of CrushFTP, as well as all legacy CrushFTP 9 installations.
- Organizations are advised to update their systems to the patched version and implement additional security measures to mitigate the risk.
Read Full Article
11 Likes
Docker
1d
223
Image Credit: Docker
Docker and JFrog partner to further secure Docker Hub and remove millions of imageless repos with malicious links
- Docker Hub, a popular platform for container images, has partnered with JFrog to enhance security and remove millions of imageless repositories containing malicious links.
- JFrog discovered the presence of spam repositories on Docker Hub, lacking actual Docker images but containing deceptive documentation to redirect users to harmful websites.
- No malicious container images were found, but pages with malicious links were identified and promptly removed.
- Docker emphasizes its commitment to security and urges users to verify the credibility of repositories and report any suspicious activities.
Read Full Article
13 Likes
Medium
1d
61
Image Credit: Medium
A Deep Dive into Ransomware in 2024
- Ransomware attacks have increased by 22% in the first half of 2024 compared to last year.
- Average ransom payments have surged to $3 million in Q2 of 2024, up from $1.8 million in 2023.
- Healthcare organizations have seen a 35% increase in ransomware attacks in 2024.
- Modern ransomware attacks incorporate 'double extortion' tactics and target third-party vendors.
Read Full Article
3 Likes
Medium
1d
274
Image Credit: Medium
Unveiling the Threat: How Malware Propagates & Defensive Strategies
- Malware spreads through phishing, software downloads, infected websites, and removable media.
- Phishing involves deceiving victims through persuasive language and stealing personal data.
- Software downloads can trick users into installing malware disguised as legitimate software.
- Infected websites and drive-by downloads exploit vulnerabilities in browsers and systems.
- Removable media like flash drives can transfer malware to other systems.
- Tips for protection include checking for phishing indicators, avoiding untrustworthy software downloads, using updated browsers, and scanning external media for threats.
Read Full Article
16 Likes
Medium
1d
301
Image Credit: Medium
Change Healthcare’s Alleged Authentication Blunder
- Change Healthcare's alleged authentication blunder led to financial losses and security breaches.
- The incident highlights the need for stricter regulations in cybersecurity, especially in sensitive sectors like healthcare.
- A proactive approach incorporating rigorous security protocols is crucial for safeguarding data and privacy.
- The role of cybersecurity professionals is essential in shaping the future of digital security.
Read Full Article
18 Likes
Medium
1d
166
Creating Secure Bases: Safe Coding Techniques for Robust Web Applications in Hosting Settings
- Secure coding is crucial for defending against cyber threats in hosting environments.
- Key principles of secure coding include security by design and code reviews.
- Developers can reduce the risk of security flaws by adopting secure coding techniques.
- Investing in secure coding methods is essential for guaranteeing the security of online applications.
Read Full Article
9 Likes
For uninterrupted reading, download the app