A naukri.com initiative
Cyber Security News
Medium
4w
142
Image Credit: Medium
GRC for Non-Techies: How to Think Like a Cybersecurity Pro Without Becoming One
- GRC (Governance, Risk, and Compliance) is crucial for all professionals, not just IT experts, to understand and utilize in safeguarding organizations from cyber risks.
- GRC involves governance in managing cybersecurity policies, risk management to identify and mitigate threats, and compliance with laws and standards.
- Common cyber threats like phishing, ransomware, and insider threats pose risks that can be mitigated by recognizing suspicious emails and behaviors.
- Compliance, such as GDPR and HIPAA, plays a vital role in cybersecurity, emphasizing data protection and incident reporting for non-tech professionals.
- Adopting a security-first mindset involves skepticism, verification of unusual requests, and practical decision-making in recognizing and reporting security concerns.
- Simple steps to improve security awareness encompass practices like multi-factor authentication, strong passwords, and safe browsing for better cyber hygiene.
- Real-world scenarios like fake CEO emails and unexpected pop-ups demonstrate the importance of security awareness training and shared responsibilities in organizations.
- Becoming security-conscious involves staying informed, utilizing resources, and following security protocols to effectively combat cyber threats and protect oneself.
- Every decision made with a security-conscious mindset contributes to reducing risks and enhancing overall cybersecurity in organizations and personal environments.
- Understanding GRC empowers individuals to make informed decisions and effectively handle cybersecurity challenges to protect both themselves and their organizations.
Read Full Article
8 Likes
Mcafee
4w
409
Image Credit: Mcafee
How to Recognize an Online Scammer
- Online scams are evolving rapidly with cybercriminals using advanced technologies to deceive users.
- Americans receive an average of 14 scam messages daily, and deepfake scams in North America spiked 1,740%.
- Recognizing online scams is crucial as scammers now impersonate trusted entities, making it harder to detect.
- Common signs of online scams include promised large prizes, requests for specific payment methods like gift cards, and creating a false sense of urgency.
- Scammers often claim to be from government organizations or companies, aiming to instill fear or urgency in their victims.
- Grammatical errors in emails are red flags for scams, as legitimate organizations usually send well-written communications.
- Common online scams include phishing, travel insurance fraud, grandparent scams, advance fee scams, tech support scams, formjacking, scareware, and credit repair fraud.
- If you fall victim to an online scam, report it to local authorities and organizations like the FTC, NCDS, IC3, and econsumer.gov.
- To protect against online scams, stay informed, use secure payment methods, and consider tools like McAfee+ for comprehensive online protection.
- By being vigilant and utilizing cybersecurity measures, individuals can enhance their defense against online scammers.
Read Full Article
24 Likes
Cybersecurity-Insiders
4w
213
The AI Threat: It’s Real, and It’s Here
- Organizations integrating AI into their operations face increased identity vulnerabilities and need comprehensive monitoring mechanisms to avoid devastating attacks.
- The use of AI in cyber attacks and phishing attempts is on the rise, with the potential to disrupt critical infrastructure and organizations essential to modern life.
- Regulations will redefine 'identity' in the cybersecurity landscape, treating human and machine identities as part of a single entity.
- The cybersecurity investment landscape is shifting towards specialized solutions leveraging specific AI models with advanced visibility techniques and proactive measures.
Read Full Article
12 Likes
Siliconangle
4w
353
Image Credit: Siliconangle
Enterprise AI adoption jumps 30-fold as organizations face growing cybersecurity risks
- Enterprise usage of artificial intelligence and machine learning tools has surged more than 30-fold from a year ago.
- Zscaler ThreatLabz 2025 AI Security Report reveals the rapid adoption of AI technologies across industries.
- Enterprises are blocking almost 60% of all AI and machine learning transactions due to security concerns.
- Finance and insurance sectors lead enterprise AI traffic, followed by manufacturing, services, technology, and healthcare.
Read Full Article
19 Likes
Fintechnews
4w
147
Image Credit: Fintechnews
Deepfakes are a Rising Threat, Requiring Organizations to Adopt Advanced AI Defenses
- Deepfakes have become a rampant issue, impacting multiple business functions and leading to significant financial losses, compliance issues and reputational damage.
- Organizations must adopt advanced artificial intelligence (AI) techniques, alongside robust human and procedural defenses, to detect and counteract these risks.
- Deepfakes pose a serious risk to organizations and have infiltrated every digital medium, including call centers, mobile apps, social media, videoconferencing, and livestreaming platforms.
- To address the rising threat of deepfakes, organizations should employ a multi-layered approach, incorporating advanced AI techniques, education and training, as well as enhancing human oversight.
Read Full Article
8 Likes
Cybersecurity-Insiders
4w
133
Image Credit: Cybersecurity-Insiders
List of Countries which are most vulnerable to Cyber Attacks
- Denmark, Sweden, Ireland, Norway, and Finland have the lowest malware infection rates.
- Tajikistan, Bangladesh, China, Vietnam, and Pakistan have the highest malware infection rates.
- India, United States, Germany, Brazil, and Russia are the most affected by ransomware attacks.
- The United States, Brazil, Germany, and the United Kingdom are most targeted by web application attacks.
Read Full Article
8 Likes
Banking Frontiers
4w
356
Image Credit: Banking Frontiers
Govt saves Rs 4,386 crore from cyber frauds, strengthens security in financial sector
- The government's cyber fraud prevention measures have saved approximately Rs 4,386 crore from being siphoned off in financial frauds.
- Ministry of Home Affairs (MHA) has launched initiatives, including the Indian Cyber Crime Coordination Centre (I4C) and the National Cyber Crime Reporting Portal to enhance cybersecurity in the financial sector.
- Reserve Bank of India (RBI) has introduced an AI-based tool to identify money mules used in fraudulent transactions and issued stringent security guidelines for digital payments.
- National Payments Corporation of India (NPCI) has implemented measures such as device binding, two-factor authentication, and fraud monitoring solution to secure UPI transactions.
Read Full Article
21 Likes
Dev
4w
361
Image Credit: Dev
Why can deleted files be recovered?
- Solid State Drives (SSDs) consist of DRAM for caching, NAND Memory for storage, and a Controller for managing operations.
- DRAM is volatile memory used as a cache to speed up read/write operations in SSDs.
- The SSD controller manages data operations, including translating commands and wear leveling.
- NAND Memory organizes data in pages and blocks within memory cells.
- When files are deleted on SSDs, the space is marked as free but data remains until overwritten, allowing potential recovery.
- Forensic experts can recover deleted data from SSDs due to delayed data overwrite and FTL.
- The TRIM command helps erase unused data blocks on SSDs, making deleted file recovery harder.
- Encryption methods like software and hardware encryption help secure data on SSDs.
- File deletion may not guarantee permanent removal, and physical destruction is a secure data disposal method.
- Adopting comprehensive data protection practices is crucial, including encryption and secure destruction when necessary.
Read Full Article
21 Likes
Lastwatchdog
4w
325
News alert: Knocknoc raises seed funding to scale its just-in-time network access control technology
- Sydney-based cybersecurity software company Knocknoc has raised a seed round of funding from US-based venture capital firm Decibel Partners with support from CoAct and SomethingReal.
- The funding will be used for go-to-market initiatives, new hires, customer onboarding, and product development. Adam Pointon has been appointed as the CEO of Knocknoc.
- Knocknoc's network access control technology ties users' network access to their Single Sign-On (SSO) authentication status, eliminating attack surface and addressing compliance challenges.
- The company's technology is already being used by critical infrastructure, large telecommunications networks, and media companies in Australia and the US.
Read Full Article
19 Likes
TechCrunch
4w
420
Image Credit: TechCrunch
How a $6M bet on Wiz turned into a massive 200x return for one early backer
- Wiz, a cybersecurity startup, is being acquired by Google's parent company, Alphabet, for $32 billion.
- Sequoia, an early backer of Wiz, is expected to make a profit of $3 billion, 25 times the amount invested.
- Cyberstarts, another early backer, will make a massive 222 times return on their original investment, totaling $1.42 billion.
- Index Ventures, with a 12% stake in Wiz, is set to make over $3.8 billion from the acquisition.
Read Full Article
25 Likes
Lastwatchdog
4w
147
News alert: SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security
- SecPod launches ‘Saner Cloud’ — CNAPP platform for real-time, automated security.
- Saner Cloud integrates security using AI-driven automation to remediate threats in real-time.
- The platform continuously detects, prioritizes, and remediates vulnerabilities, misconfigurations, identity risks, and compliance violations.
- Saner Cloud secures the full attack surface, covering endpoints, servers, network infrastructure, cloud environments, and cloud workloads.
Read Full Article
8 Likes
Securityaffairs
4w
348
Image Credit: Securityaffairs
WhatsApp fixed zero-day flaw used to deploy Paragon Graphite spyware
- WhatsApp has fixed a zero-click, zero-day vulnerability that was used to install Paragon's Graphite spyware on targeted devices.
- The hacking campaign targeting 90 users, which was suspected to be carried out by Paragon, an Israeli commercial surveillance vendor.
- Citizen Lab group from the University of Toronto shared its analysis of Paragon's infrastructure with WhatsApp, which later discovered and mitigated the exploit.
- Citizen Lab identified Paragon's tool 'Graphite' through digital fingerprints and certificates, indicating its global spyware operations involving several countries.
Read Full Article
20 Likes
Lastwatchdog
4w
365
News alert: SpyCloud study shows Darknet identity exploitation arising to become a primary cyber risk
- SpyCloud's 2025 Annual Identity Exposure Report highlights the rise of darknet-exposed identity data as a primary cyber risk for enterprises.
- Cybercriminals are leveraging a sophisticated approach to identity exploitation by accessing data from multiple sources, posing a challenge to organizations' security measures.
- The collection of recaptured darknet data by SpyCloud has grown 22% in the past year, including over 53.3 billion distinct identity records.
- An individual's identity exposure is more extensive than traditional tools indicate, with attackers piecing together historical and present-day records to exploit vulnerabilities.
- On average, a single corporate user now has 146 stolen records linked to their identity, indicating the correlation of historical data to uncover enterprise access points.
- Consumer exposures are even higher, with an average of 229 records per consumer, including sensitive PII such as Social Security numbers and financial information.
- Cybercriminals are increasingly exfiltrating credentials through malware and utilizing stealthy tactics like infostealing to enable targeted data theft in enterprise attacks.
- SpyCloud's report also reveals a notable increase in password reuse, PII assets, and phishing activity, emphasizing the need for proactive identity threat protection measures.
- Businesses must evolve their cybersecurity strategies to address the expanding pool of exposed identity data and mitigate identity-based threats effectively.
- SpyCloud's holistic identity analytics provide a comprehensive view of identity risk, helping organizations strengthen their security posture and combat cybercrime.
Read Full Article
21 Likes
VentureBeat
4w
370
Image Credit: VentureBeat
Hugging Face submits open-source blueprint, challenging Big Tech in White House AI policy fight
- Hugging Face is advocating for open-source and collaborative AI development as America's competitive advantage in the White House AI policy landscape.
- The company's submission to the White House AI Action Plan highlights the success of open-source models such as OlympicCoder and AI2's OLMo 2 in matching or even surpassing closed commercial systems at lower costs.
- This submission contrasts with the stances of commercial AI leaders like OpenAI, which stress light-touch regulation and private-public partnerships over state laws.
- Hugging Face's recommendations focus on democratizing AI technology through open research, open-source software, and investments in research infrastructure.
- The company argues that open approaches not only support innovation but also contribute to economic growth by allowing reuse and adaptation of AI systems.
- Hugging Face suggests addressing resource constraints for AI adopters by supporting smaller, more efficient models that can run on limited resources.
- On the security front, Hugging Face proposes that open and transparent AI systems could offer enhanced safety certifications and manage information risks effectively.
- The AI industry's policy divisions are exemplified by differing approaches from players like OpenAI, Google, and venture capital firm Andreessen Horowitz (a16z).
- While OpenAI prioritizes speed and competitive advantage, Hugging Face argues for the effectiveness of distributed, open development to achieve comparable results.
- The outcomes of the AI Action Plan discussions will shape America's technological development, with the ultimate question being how to balance commercial advancement with broader access and innovation.
Read Full Article
22 Likes
TechCrunch
4w
222
Image Credit: TechCrunch
Hacked, leaked, exposed: Why you should never use stalkerware apps
- There is a rising trend of stalkerware companies being hacked or experiencing data breaches, with at least 25 known cases since 2017, exposing sensitive personal information of victims and customers.
- Companies like SpyX, Spyzie, Cocospy, and mSpy have been breached, compromising millions of user data, leading to potential real-world harm and violence.
- Stalkerware companies promote illegal behavior by marketing their apps as tools to spy on partners, leading to unethical surveillance practices.
- Hackers target these companies due to their lack of concern for customer data protection, making using such apps risky and irresponsible.
- Various stalkerware companies have been targeted and hacked multiple times, resulting in significant data exposures and privacy violations.
- Despite some companies shutting down after breaches, many rebrand and continue operations, contributing to the persistence of the stalkerware industry.
- Using stalkerware is illegal and unethical, as it involves unlawful surveillance, jeopardizes data security, and can lead to severe consequences for victims and users.
- Security experts advise against using stalkerware and suggest utilizing legitimate parental control tools for monitoring children responsibly.
- The exposure of stalkerware data highlights the risks associated with using such apps and emphasizes the importance of safeguarding personal privacy and digital security.
- If assistance is needed regarding domestic abuse or stalkerware concerns, resources like the National Domestic Violence Hotline and the Coalition Against Stalkerware are available for support.
Read Full Article
13 Likes
For uninterrupted reading, download the app