menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

3d

read

115

img
dot

Image Credit: Tech Radar

Malicious npm packages use devious backdoors to target users

  • Two malicious packages were recently discovered on the npm repository using dubious backdoors to target their users.
  • The malicious packages were named "ethers-provider2" and "ethers-providerz", designed to deceive users into thinking they are related to a legitimate package called "ethers".
  • The packages served as downloaders, patching the legitimate ethers package and granting attackers a reverse shell, enabling them to run commands, steal data, or install malware on target computers.
  • These backdoors specifically target software developers building on the Ethereum blockchain, presenting a risk to their projects and potentially their cryptocurrencies.

Read Full Article

like

6 Likes

share

1 Share

source image

TechJuice

3d

read

115

img
dot

NITB’s Beep App Completes Testing, Set for Deployment to Government Employees

  • The National Information Technology Board (NITB) has completed testing of the Beep app, a secure messaging platform for government employees.
  • The final clearance process is underway, which includes evaluating security protocols, encryption standards, and hosting requirements.
  • The app has a user-friendly interface and employs end-to-end encryption to ensure data protection.
  • The Beep app aims to improve secure internal communication and reduce reliance on third-party messaging platforms.

Read Full Article

like

6 Likes

share

1 Share

source image

Securityaffairs

3d

read

251

img
dot

Image Credit: Securityaffairs

Crooks target DeepSeek users with fake sponsored Google ads to deliver malware

  • Cybercriminals are exploiting the popularity of DeepSeek by using fake sponsored Google ads to distribute malware.
  • Crooks are using DeepSeek as a lure to trap unsuspecting Google searchers.
  • The researchers observed that cybercriminals created a convincing fake DeepSeek website linked to malicious Google ads.
  • The researchers recommend avoiding clicking on sponsored search results and always verifying the advertiser by checking the details behind the URL to ensure it’s the legitimate brand owner.

Read Full Article

like

15 Likes

share

3 Shares

source image

Tech Radar

3d

read

283

img
dot

Image Credit: Tech Radar

Notorious Chinese hackers FamousSparrow allegedly target US financial firms

  • FamousSparrow, a Chinese state-sponsored threat actor, has been targeting government, financial organizations, and research institutes for years.
  • Cybersecurity researchers at ESET discovered new variants of FamousSparrow's malware, revealing the group's activities.
  • FamousSparrow targeted a government institution in Honduras and a research institute in Mexico, indicating it is still active.
  • The group used outdated versions of Windows Server and Microsoft Exchange, gaining access to deploy additional payloads.

Read Full Article

like

17 Likes

share

3 Shares

source image

Tech Radar

3d

read

368

img
dot

Image Credit: Tech Radar

NYU website defaced as hacker leaks info on a million students

  • The NYU website was defaced by a hacking group called "Computer Niggy Exploitation" to expose the university's alleged racism.
  • Sensitive data on millions of NYU applicants was also exposed during the attack.
  • The defacement lasted for approximately two hours before the university's IT team regained control.
  • The exposed data included information such as names, addresses, phone numbers, grade point averages, and email addresses of the students.

Read Full Article

like

22 Likes

share

5 Shares

source image

Global Fintech Series

3d

read

4

img
dot

Image Credit: Global Fintech Series

Yooz Revolutionizes AP Security and Fraud Detection with the Launch of YoozProtect

  • Yooz, a leading cloud-based purchase-to-pay automation provider, launches YoozProtect, an advanced fraud prevention and security solution.
  • YoozProtect combines AI and machine learning to proactively detect and stop fraud in accounts payable operations.
  • Key features of YoozProtect include smart fake detection, atypical amount detection, vendor authentication and management, user authentication and security, and process and audit assurance.
  • YoozProtect is fully integrated into the Yooz AP Automation platform and is available at no additional cost to customers in North America.

Read Full Article

like

Like

share

Share

source image

Siliconangle

3d

read

140

img
dot

Image Credit: Siliconangle

Polyguard launches with real-time defense platform to prevent deepfake and AI-driven fraud

  • Polyguard Inc. has launched a real-time defense platform to prevent deepfake and AI-driven fraud.
  • The company's offering aims to proactively protect against multichannel fraud and impersonation attacks by giving financial institutions, businesses, and individuals control over their communications.
  • Using real-time inbound and outbound number blocking, caller ID spoofing protection, and secure video conferencing, Polyguard helps prevent AI-driven fraud and deepfake scams.
  • The platform integrates with call center software and platforms like Zoom Communications to ensure safe virtual communications.

Read Full Article

like

8 Likes

share

1 Share

source image

Siliconangle

3d

read

24

img
dot

Image Credit: Siliconangle

Rapid7 launches Asset Discovery to strengthen visibility and threat response

  • Rapid7 has launched Asset Discovery, a new capability for managed detection and response customers.
  • The new feature helps security teams identify unknown and unmanaged assets, eliminating blind spots that can lead to security breaches.
  • Asset Discovery extends Rapid7's MDR offering by providing complete visibility of the detection surface and continuous monitoring for changes.
  • The new capability is complemented by the enhanced AI triage models and the Detection and Response Dashboard.

Read Full Article

like

1 Like

share

Share

source image

Securityaffairs

3d

read

252

img
dot

Image Credit: Securityaffairs

U.S. CISA adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog

  • U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Sitecore CMS and XP, and GitHub Action flaws to its Known Exploited Vulnerabilities catalog.
  • CISA added Sitecore CMS and XP deserialization vulnerabilities (CVE-2019-9875 and CVE-2019-9874) and GitHub Action embedded malicious code vulnerability (CVE-2025-30154).
  • CVE-2019-9875 allows authenticated attackers to execute arbitrary code in Sitecore CMS and Experience Platform.
  • CISA orders federal agencies to fix the vulnerabilities by specified dates.

Read Full Article

like

15 Likes

share

3 Shares

source image

Mcafee

3d

read

40

img
dot

Image Credit: Mcafee

How to Spot Phishing Emails and Scams

  • Phishing emails continue to target millions of inboxes daily with the intention of stealing personal information or money.
  • These emails often appear to be from trusted companies like banks or service providers but contain deceptive links or malware.
  • Scammers utilize bait-and-hook tactics in phishing emails to steal sensitive information or install malicious software.
  • In 2022, over 300,000 victims reported phishing attacks to the FBI in the U.S., with worldwide attempts increasing by 61%.
  • Spear phishing targets specific individuals, often with authority over financial matters, resulting in substantial financial losses.
  • Phishing emails may create a sense of urgency, posing as notifications from companies like PayPal or credit card providers.
  • Advanced phishing attacks mimic genuine messages, making it harder to differentiate between legitimate and fraudulent emails.
  • Scammers employ various tactics like fear, urgency, and unconventional payment requests to deceive recipients.
  • Key indicators of phishing emails include mismatched addresses, urgent demands for action, and payment through untraceable methods.
  • To stay safe, verify email sources, refrain from downloading suspicious attachments, and hover over links to verify URLs before clicking.
  • Using online protection software can help identify and block phishing attempts, as well as remove personal information from risky data broker sites.

Read Full Article

like

2 Likes

share

Share

source image

Global Fintech Series

3d

read

8

img
dot

Image Credit: Global Fintech Series

Scam Survey: UK Consumers Lack Confidence in Real-Time Payments Security

  • UK consumers have concerns about the security of real-time payments (RTP).
  • 23% of UK consumers are unsure if RTP processes have enough security checks.
  • UK usage of RTP is lower than the global average.
  • Increased education about RTP and improved security measures can lead to wider adoption.

Read Full Article

like

Like

share

Share

source image

The Verge

3d

read

104

img
dot

Image Credit: The Verge

Vivaldi bundles Proton VPN into its web browser

  • Vivaldi has integrated the free version of Proton VPN directly into its browser, making it easier for users to explore the web privately.
  • Currently, the feature is only available on the desktop version of Vivaldi, and users can access the free version of Proton VPN by logging into a Vivaldi account.
  • The free version of Proton VPN allows users to connect to servers in five randomly selected countries, while the paid version offers faster VPN speeds and the ability to choose servers across more than 110 countries.
  • Vivaldi and Proton are both European companies, and the partnership offers an alternative to Silicon Valley's dominance and China's state-driven oversight.

Read Full Article

like

6 Likes

share

1 Share

source image

Tech Radar

3d

read

296

img
dot

Image Credit: Tech Radar

NHS IT supplier hit with major fine following ransomware attack

  • Software firm Advanced Computer Group Ltd has been fined £3.07 million by the ICO following a ransomware attack in which NHS data was stolen and systems were encrypted.
  • This is the first fine from the ICO for a data processor, highlighting the risks of not having robust security measures in place.
  • 79,404 people's personal information was put at risk, including patient phone numbers, medical records, and access details for the homes of 890 people receiving care at home.
  • The ICO found that Advanced Computer Group Ltd lacked sufficient security measures, including comprehensive vulnerability scanning and adequate patch management.

Read Full Article

like

17 Likes

share

4 Shares

source image

Medium

3d

read

384

img
dot

Image Credit: Medium

Building a Bulletproof Android App: Best Security Practices You Must Follow

  • Use Secure Authentication and Authorization to protect user data.
  • Encrypt Data at All Levels to secure sensitive information.
  • Secure API Communication using HTTPS, JWT, and request validation.
  • Secure Code by obfuscating, avoiding sensitive information in source code, and regular code scanning.

Read Full Article

like

23 Likes

share

5 Shares

source image

Siliconangle

3d

read

31

img
dot

Image Credit: Siliconangle

Straiker launches with $21 million in funding to secure enterprise AI applications

  • Straiker, an artificial intelligence-native security company, has raised $21 million in funding.
  • The company aims to secure enterprise AI applications by addressing critical security and safety risks.
  • Straiker's solutions include automated assessment, runtime safety, and security guardrails for continuous analysis and blocking.
  • Two AI-native models, Ascend AI and Defend AI, have been introduced to provide in-depth attack simulation and protection for AI applications and agents.

Read Full Article

like

1 Like

share

Share

Prev

1
2
3
4
5
6
7
8
9
10

Next

For uninterrupted reading, download the app