A naukri.com initiative
Cyber Security News
Medium
1M
252
Image Credit: Medium
COPPA Compliance: Top 5 Website Security Tips for Kids
- The Children’s Online Privacy Protection Act (COPPA) mandates strict guidelines for websites targeting children under 13, emphasizing the importance of online privacy protection.
- Key COPPA requirements include obtaining verifiable parental consent before collecting any personal information from children and ensuring data minimization and transparency.
- Websites must monitor and control third-party scripts to prevent inadvertent collection of children’s personal information and establish strong age verification systems for privacy protection.
- Real-time compliance monitoring is essential to address evolving technologies and regulations, with compliance viewed as an opportunity for growth and trust-building.
- Strong COPPA compliance practices strengthen brand trust with privacy-conscious families, boost retention through ethical experience design, and reduce legal risks.
- Compliance isn't just about avoiding risks but also about future-proofing brands, with ethical UX/UI design playing a critical role in safeguarding younger users.
- Website design considerations include avoiding deceptive dark patterns, using visual cues to reinforce privacy-aware behavior, limiting in-app purchases, and providing accessible support channels.
- Feroot's AlphaPrivacy AI offers a comprehensive solution for COPPA compliance, automating processes and protecting children's online privacy effectively.
- Implementation of robust security measures such as parental consent mechanisms and age verification systems is crucial for COPPA compliance and aligning with privacy regulations.
- Leveraging tools like Feroot AlphaPrivacy AI simplifies compliance challenges, emphasizing the moral imperative of protecting children's online privacy.
Read Full Article
15 Likes
Pymnts
1M
317
Image Credit: Pymnts
The M&A Files: How CFOs Can Architect Post-Merger Supplier Synergy
- Chief Financial Officers (CFOs) play a crucial role in post-merger integration of vendor relationships in M&A deals.
- CFOs are now expected to assess supplier performance, eliminate underperformers, and standardize vendor contracts to achieve cost synergies.
- Modern contract intelligence tools powered by AI help identify contract inconsistencies, while prioritizing cybersecurity audits of B2B partners is essential to mitigate risks.
- CFOs must align procurement strategies, integrate AP and AR systems, and ensure clean, actionable data for effective post-merger supplier synergy.
Read Full Article
18 Likes
Tech Radar
1M
225
Image Credit: Tech Radar
Public DevOps tools targeted by criminals to steal crypto
- Security researchers found cybercriminals exploiting misconfigurations in popular public DevOps tools to deploy cryptocurrency miners.
- The campaign was attributed to a threat actor named JINX-0132, targeting DevOps tools like Nomad, Consul, Docker Engine API, and Gitea.
- Approximately a quarter of all cloud environments are running at least one of the vulnerable technologies, with 20% running HashiCorp Consul.
- To mitigate risks, companies are advised to implement strict access controls, conduct security audits, apply patches promptly, monitor systems for unusual activity, and strengthen authentication measures.
Read Full Article
13 Likes
Secureerpinc
1M
180
The Importance of Cybersecurity Training for Employees
- Cybersecurity training is crucial for all employees to understand security best practices and their role in keeping the company safe.
- Regular cybersecurity awareness training is essential to create a security-first culture, reduce the risk of data breaches, and improve response to incidents.
- Businesses should make cybersecurity training an ongoing effort, including regular sessions, phishing simulations, and communication about new security trends.
- Empowering employees with cybersecurity knowledge helps in preventing threats and building a safer business environment.
Read Full Article
10 Likes
Global Fintech Series
1M
382
Image Credit: Global Fintech Series
Introducing DMind and DMind-1: Web3-Native AI for the Future of Digital Finance
- DMind.ai is an open-source AGI research organization focused on developing AI infrastructure tailored for digital finance, starting with Web3 technologies.
- DMind-1 is a Web3-native expert language model released by DMind.ai, providing enhanced accuracy and reasoning in complex crypto topics at a fraction of the cost of general-purpose models.
- DMind.ai introduced the DMind Web3 Benchmark, a comprehensive evaluation standard for Web3-specific reasoning, which quickly became popular in the industry.
- DMind's dedication to open-source research, data curation, and community-driven innovation sets it apart, with plans for future model development and building a global network of developers and researchers in the digital finance sector.
Read Full Article
23 Likes
Hitconsultant
1M
391
Image Credit: Hitconsultant
Healthcare Cybersecurity a Low Priority Despite Growing Threats Impacting Patient Safety, Omega Systems Finds
- Healthcare cybersecurity is a low priority for many industry leaders, despite increasing cyber threats that impact patient safety, according to Omega Systems' '2025 Healthcare IT Landscape Report'.
- 19% of healthcare leaders acknowledge that a cyberattack has disrupted patient care, while 52% believe a fatal cyber-related incident in a U.S. healthcare facility is inevitable within the next five years.
- Key findings reveal that 80% of healthcare organizations experienced at least one cyberattack in the past year, with social engineering attacks and ransomware being the most common.
- Critical cybersecurity gaps include inadequate employee training, deficient incident response plans, stretched in-house teams, infrequent vulnerability assessments, and outdated systems. Partnering with a Managed Security Service Provider is highlighted as beneficial in enhancing resilience against cyber threats.
Read Full Article
23 Likes
VentureBeat
1M
175
Image Credit: VentureBeat
Mistral AI’s new coding assistant takes direct aim at GitHub Copilot
- Mistral AI unveiled its enterprise coding assistant, Mistral Code, to compete with GitHub Copilot and other coding assistants.
- Mistral Code offers customization and on-premise deployment for large enterprises, emphasizing data privacy and European regulatory compliance.
- The platform addresses barriers faced by enterprises using AI coding assistants, providing a vertically-integrated offering with models, plugins, controls, and support.
- Four specialized AI models by Mistral Code support over 80 programming languages and offer customization on private code repositories.
- The product leverages talent acquisition from Meta, showcasing deep expertise in large language model development.
- Mistral Code's open-source model, Devstral, outperforms competitors while offering local deployment capabilities.
- Enterprise customers like Abanca, SNCF, and Capgemini have deployed Mistral Code for advanced AI assistance while prioritizing data security and compliance.
- Mistral's approach blends open-source models and enterprise services, with a focus on data sovereignty and regulatory compliance.
- The platform's retrieval-augmented generation capabilities enhance project workflow understanding and provide accurate code suggestions.
- Mistral Code's success in the market will depend on its ability to improve developer productivity while meeting security and customization needs.
- The company's European heritage and emphasis on on-premise deployment distinguish it from American competitors in the evolving AI coding assistant market.
Read Full Article
10 Likes
Securityaffairs
1M
144
Image Credit: Securityaffairs
HPE fixed multiple flaws in its StoreOnce software
- Hewlett Packard Enterprise (HPE) addressed multiple flaws in its StoreOnce data backup and deduplication solution.
- HPE released security patches for eight vulnerabilities in its StoreOnce backup solution, including remote code execution, authentication bypass, data leaks, and more.
- The vulnerabilities in HPE StoreOnce software could lead to remote code execution, disclosure of information, server-side request forgery, authentication bypass, arbitrary file deletion, and directory traversal information disclosure.
- The most severe vulnerability addressed by HPE is an Authentication Bypass issue (CVE-2025-37093) impacting all versions prior to 4.3.11, with a CVSS score of 9.8.
Read Full Article
8 Likes
Tech Radar
1M
351
Image Credit: Tech Radar
Top US dental firm spills over 8 million user files online
- A large database containing millions of US citizens' personally identifiable information and dental appointment records was found unsecured online by Cybernews researchers.
- The database, with around 2.7 million patient profiles and 8.8 million appointment records, included names, dates of birth, emails, postal addresses, phone numbers, gender information, and more.
- Clues suggest the database may have belonged to Gargle, a digital marketing company specializing in dental marketing, but it is unclear if they directly managed the data.
- Security researchers emphasize the importance of securing databases, as unsecured databases remain a common cause of data leaks.
Read Full Article
21 Likes
Dev
1M
175
Image Credit: Dev
Dumping Credentials with Python: Automating LSASS Access and Credential Extraction Post-Exploitation
- Accessing LSASS in post-exploitation scenarios provides valuable data such as passwords, hashes, and credentials, making it a prime target for red teamers and attackers.
- Extracting data from LSASS with Python offers a powerful tool for red teamers, giving insight into detection and defense measures that might obstruct such attempts.
- LSASS plays a crucial role in storing authentication artifacts, enabling attackers with the right access to perform pass-the-hash or pass-the-ticket attacks.
- Microsoft has hardened LSASS against unauthorized access through measures like running it as a Protected Process Light and utilizing Virtual Secure Mode.
- Python-based approaches for LSASS dumping include direct memory access using ctypes and Windows APIs, minidump creation with MiniDumpWriteDump, and parsing dumps with pypykatz.
- Evasion techniques to stay stealthy during credential dumping involve using legitimate processes, forking LSASS, and avoiding disk I/O to prevent detection.
- Python's flexibility allows red teamers to automate LSASS credential extraction quietly and efficiently, navigating the evolving landscape of detection by defenders.
- Understanding the mechanisms of LSASS credential extraction and employing evasive workflows are essential for red teamers to maintain their capabilities effectively.
- Automating LSASS credential dumping using Python provides red teamers with a potent capability when executed with precision and stealth.
- LSASS access and credential extraction offer red teamers key insights into Windows systems, enabling them to navigate networks effectively and escalate privileges.
- For further information and updates, follow DevUnionX at https://x.com/DevUnionX.
Read Full Article
10 Likes
Tech Radar
1M
112
Image Credit: Tech Radar
Breaking encryption with quantum computers may be easier than we thought
- New research suggests that quantum computers may find it 20 times easier to break current encryption methods.
- Experts recommend advancing next-generation cryptography in response to the threat of quantum computers.
- It is advised that vulnerable systems should be phased out by 2030 and completely disallowed after 2035.
- RSA-based encryption, widely used since the late 1970s, is at risk of being compromised by quantum computers due to their superior computational power.
- Lead researchers like Craig Gidney highlight the urgency for deploying quantum-safe cryptosystems amidst the advancing capabilities of quantum machines.
- Multiple tech companies, including Microsoft, are already transitioning to quantum-proof solutions to enhance data security.
- NIST has released quantum-resistant encryption standards to guide the future of cryptography and address the challenges posed by quantum computing.
- Companies like Tuta Mail and NordVPN have begun integrating quantum-resistant encryption solutions to stay ahead of potential threats.
- Experts emphasize the importance of adapting to post-quantum encryption to safeguard data against future quantum computing threats.
- While there is no definitive timeline for the quantum era, the industry is actively preparing for a potential shift by investing in quantum-resistant technologies.
Read Full Article
6 Likes
Siliconangle
1M
360
Image Credit: Siliconangle
Merlin Ventures secures $75M+ for seed-stage cybersecurity fund
- Merlin Ventures has exceeded its $75 million target for its inaugural fund, aiming to support seed-stage cybersecurity tech startups and accelerate market opportunities.
- The fund will focus on growing the Israeli tech ecosystem and providing pathways to scale for startups with next-generation cybersecurity technologies.
- Merlin Ventures has made early investments in collaboration with Lightspeed Venture Partners LP and Norwest Venture Partners LP, targeting high-growth startups.
- To support its portfolio companies, Merlin Ventures has introduced the Genesis program, offering market insights and operational assistance to fast-track product development and go-to-market readiness.
Read Full Article
21 Likes
Medium
1M
0
Image Credit: Medium
Are we sharing too much?
- Social media is a popular platform for sharing personal updates and connections with a global audience, but concerns arise about oversharing personal information, particularly about children.
- A scenario is presented where a parent shares extensive details about their child's life, including full name, date of birth, school, and current location in a birthday post, potentially exposing the child to identity theft risks.
- Child identity theft involves someone using a child's personal information, such as Social Security number, name, and address, for fraudulent activities like applying for government benefits, opening accounts, or renting properties.
- To safeguard children from identity theft, it is crucial for parents to avoid disclosing sensitive details online and take proactive measures like freezing their child's credit and being cautious about oversharing personal information.
Read Full Article
Like
Medium
1M
387
Image Credit: Medium
The importance of freezing your child’s credit and your own
- Children are 51 times more likely to be victims of identity theft than adults, with thieves using their social security numbers to create false identities.
- Freezing your credit is essential to prevent unauthorized accounts being opened in your name without a secret pin, protecting your credit and financial security.
- Seniors and parents of children should prioritize placing a credit freeze due to the targeting of these demographics by identity thieves.
- Placing a credit freeze on a child's identity is a more complex process, requiring checks with all three credit agencies and potentially lengthy verification processes if a theft is discovered.
Read Full Article
23 Likes
Medium
1M
4
Image Credit: Medium
How to keep your child safe while playing video games
- Video games have become increasingly popular among tweens and teens, with 71% of American kids under 18 playing them.
- Playing video games can have educational, health, and social benefits, such as promoting problem-solving skills, teamwork, and financial literacy.
- While gaming provides many advantages, it also poses risks like sextortion, cyberbullying, and privacy violations, making it crucial for parents to prioritize their child's online safety.
- Jenna Greenspoon, the Head of Parenting at Kidas, emphasizes the importance of educating children about online risks and implementing safety measures to protect them while gaming.
Read Full Article
Like
For uninterrupted reading, download the app