A naukri.com initiative
Cyber Security News
Cybersecurity-Insiders
4w
231
Image Credit: Cybersecurity-Insiders
Securing Europe’s Digital Future: The Quantum Race to Protect Communications
- Cybercrime is projected to cost the global economy $10 trillion by 2025, driven by escalating geopolitical tensions, emerging technologies, and a cybersecurity skills gap.
- Ransomware attacks are increasing in frequency, sophistication, and impact, with global incidents reaching 4,414 in 2024.
- Quantum computing is poised to revolutionize technology and economy, with experts predicting a trillion-dollar market impact by 2035.
- However, quantum computing also poses a significant cybersecurity threat, as it could break traditional encryption methods within the next few years.
- Governments and organizations need to invest in quantum-safe cybersecurity measures to protect data and prevent potential breaches.
- Quantum technology can offer advanced encryption solutions to safeguard critical infrastructure against cyber threats and quantum computing risks.
- European governments are at the forefront of quantum technology investments and must continue to focus on secure communications to avoid economic and geopolitical disruptions.
- Businesses must assess vulnerabilities, conduct risk assessments, and stay informed about quantum advancements to mitigate security risks related to quantum computing.
- Taking immediate action is crucial for organizations to adapt to the evolving cybersecurity landscape and secure their communications against quantum threats.
- Quantum Industries, a key player in quantum security, aims to support Europe's leadership by manufacturing components locally and contributing to secure communication infrastructure.
Read Full Article
13 Likes
Tech Radar
4w
17
Image Credit: Tech Radar
A worrying Apple Password App vulnerability reportedlyleft users exposed for months
- A bug in Apple's Passwords app left users vulnerable to phishing attacks for over three months.
- The flaw was discovered after security researchers noticed the app using insecure HTTP traffic.
- The app now uses HTTPS for all connections by default to prevent social engineering attacks.
- Password managers have become a target for cybercriminals with an increase in malware attacks.
Read Full Article
1 Like
Tech Radar
4w
414
Image Credit: Tech Radar
Fake DeepSeek installers are infecting your device with dangerous malware
- Cybercriminals are exploiting the hype around DeepSeek by spreading malware through fake apps.
- Victims are infected with a variety of malware, including keyloggers, password stealers, and coin miners.
- In some cases, victims are tricked into downloading a malware dropper through a fake CAPTCHA.
- Hackers often exploit current trends to distribute malware, and DeepSeek is now being targeted.
Read Full Article
24 Likes
Siliconangle
4w
156
Image Credit: Siliconangle
Halliday raises $20M to build AI-driven blockchain agents to do away with smart contracts
- Halliday International Inc. has raised $20 million in funding to develop an agentic AI capability that eliminates the need for writing smart contracts.
- The funding round was led by Andreessen Horowitz's a16z crypto venture capital arm, with participation from other investors.
- Halliday's Workflow Protocol uses AI-powered autonomous agents to perform functions traditionally handled by smart contracts.
- With its workflow engine, Halliday aims to simplify smart contract development, which is often time-consuming and vulnerable to exploits.
Read Full Article
9 Likes
TechCrunch
4w
298
Image Credit: TechCrunch
Analytics company Dataminr secures $85M to fund growth
- Dataminr, an analytics company, has secured $85 million in funding for growth.
- The funding will be used to accelerate growth, expand international go-to-market, and develop new products.
- Dataminr monitors real-time events using AI algorithms.
- Although successful, Dataminr has faced controversy related to social media surveillance and inaccuracies in the past.
Read Full Article
17 Likes
Hackernoon
4w
200
Image Credit: Hackernoon
Is Your AI-Generated Code Really Secure?
- AI-generated code, while efficient, can also be unsafe due to potential security vulnerabilities and inaccuracies.
- The use of AI models like OpenAI Codex and Google BERT in programming raises concerns about security flaws.
- AI-generated code may lack proper type inference, input validations, and data handling techniques, leading to security weaknesses.
- Developers need to be vigilant in identifying security vulnerabilities in code produced by AI models.
- Key indicators of security weaknesses in AI-generated code include non-enforcement of type inference, poor data sharing techniques, and inadequate authentication handling.
- SaaS developers must ensure proper implementation of data handling, context sharing, and authentication in their code.
- Dependence on outdated libraries and insecure authentication methods are common risks associated with AI-generated code.
- To enhance the security of AI-generated code, best practices like code review, automated testing, and compliance checks are essential.
- Using Github actions for security checks on AI-generated code can help identify vulnerabilities and ensure compliance.
- SaaS developers must exercise caution and follow secure coding practices when working with AI-generated code to prevent security breaches.
- Adopting DevSecOps practices and integrating security testing tools are crucial steps to ensure the safety of AI-driven software development.
Read Full Article
12 Likes
Tech Radar
4w
276
Image Credit: Tech Radar
Top California sperm bank suffers embarrassing leak
- California Cryobank, one of the largest sperm banks in the US, has suffered a data breach.
- Sensitive customer data, including Social Security numbers and driver's license numbers, was stolen.
- The company is offering credit monitoring services to affected individuals.
- It is unclear if donor information, such as donor ID numbers, was stolen in the attack.
Read Full Article
16 Likes
TechCrunch
4w
307
Image Credit: TechCrunch
US teachers’ union says hackers stole sensitive personal data on over 500,000 members
- The Pennsylvania State Education Association (PSEA), a teachers' union, reported a cyberattack that led to the theft of sensitive personal data of over 500,000 members.
- The stolen information includes government-issued identification documents, Social Security numbers, passport numbers, medical information, and financial information.
- Member account numbers, PINs, passwords, and security codes were also accessed during the breach.
- PSEA indicated that they took steps to ensure the stolen data was deleted, but paying a ransom does not guarantee data deletion.
Read Full Article
18 Likes
Cybersecurity-Insiders
4w
223
Image Credit: Cybersecurity-Insiders
Europol warns against Hybrid Cyber Threats
- Europol has issued a warning about the rising threat of hybrid cyber attacks.
- These attacks, orchestrated by state and non-state actors like Russia, aim to destabilize European countries and their institutions.
- The attacks involve espionage, disinformation, and cyberattacks on critical infrastructure, posing a significant risk to national security.
- The use of AI amplifies the impact of these attacks, making them harder to detect and defend against.
Read Full Article
13 Likes
Socprime
4w
401
Image Credit: Socprime
Operation AkaiRyū Attacks Detection: China-Backed MirrorFace APT Targets Central European Diplomatic Institute Using ANEL Backdoor
- China-linked threat groups are prominent in global APT campaigns, with MirrorFace expanding targeting to a European diplomatic agency using the ANEL backdoor in the AkaiRyū operation.
- Amid rising geopolitical tensions, APTs pose significant cybersecurity threats, with state-sponsored actors employing zero-day vulnerabilities and advanced malware to infiltrate critical systems.
- SOC Prime Platform offers detection algorithms to counter MirrorFace APT attacks, aligned with MITRE ATT&CK framework for seamless integration into security tools.
- Security professionals can leverage Uncoder AI to parse and utilize IOCs from ESET's Operation AkaiRyū research for tailored SIEM or EDR queries.
- By exploring the Threat Detection Marketplace, defenders can access rules and queries to detect malicious activities associated with state-sponsored APT groups.
- MirrorFace's AkaiRyū operation targeted a Central European diplomatic entity in 2024, utilizing tools like AsyncRAT, ANEL backdoor, Visual Studio Code's remote tunnels, and more.
- MirrorFace, a China-linked threat actor, has targeted various sectors since 2019 and exhibited advanced TTPs, including spearphishing campaigns and the use of LODEINFO and HiddenFace backdoors.
- MirrorFace's operations in 2024 involved spearphishing and the deployment of malicious files through trusted applications, like McAfee and JustSystems, to install the ANEL backdoor.
- By erasing evidence and employing techniques like running malware in Windows Sandbox, MirrorFace has enhanced operational security, emphasizing the need for heightened cybersecurity vigilance globally.
- The surge in cyber-espionage campaigns by China-backed groups underscores the importance of proactive defense measures and global collaboration to mitigate evolving cyber threats.
Read Full Article
24 Likes
Medium
4w
49
Image Credit: Medium
Are AI Chatbots Replacing Traditional Customer Support? The Truth You Need to Know!
- AI chatbots handle repetitive queries, reducing wait times and freeing up human agents.
- With NLP, AI chatbots provide personalized interactions, understanding context and emotions better than ever.
- Businesses save up to 30% on customer support costs while providing 24/7 global support.
- AI chatbots enhance support, but complex issues still require human intervention. A hybrid model ensures the best of both worlds.
Read Full Article
2 Likes
Securityaffairs
4w
352
Image Credit: Securityaffairs
California Cryobank, the largest US sperm bank, disclosed a data breach
- California Cryobank, the largest US sperm bank, suffered a data breach exposing customer information.
- CCB discovered unauthorized activity on its IT systems on April 21, 2024.
- Threat actors potentially accessed and/or acquired customers' personal information.
- CCB is offering affected individuals free credit monitoring services and implementing enhanced security measures.
Read Full Article
21 Likes
Tech Radar
4w
432
Image Credit: Tech Radar
Not even fairy tales are safe - researchers weaponise bedtime stories to jailbreak AI chatbots and create malware
- Researchers have developed a technique to jailbreak multiple AI chatbots, including popular models like ChatGPT and Microsoft Copilot.
- The technique, called 'Immersive World', involves creating a fictional scenario to bypass security controls and develop an effective infostealer malware.
- This highlights the increased risk of cybercriminals with no prior experience in coding being able to create sophisticated malware.
- The rise of AI-powered cyber threats is a serious concern, as it allows criminals to craft more sophisticated attacks with ease.
Read Full Article
26 Likes
TechCrunch
4w
138
Image Credit: TechCrunch
Cape opens $99/month beta of its privacy-first mobile plan, inks Proton deal, raises $30M
- Cape, a mobile carrier startup, has introduced a privacy-first mobile service that does not collect any user data, attracting attention in the cybersecurity space.
- Founded by a former Palantir executive, Cape has launched a $99/month subscription plan, formed a partnership with Proton, and secured $30 million in funding.
- The funding includes $15 million in equity and $15 million in debt, highlighting the growing focus on security services amid geopolitical shifts.
- Cape's products cater to both consumers and high-risk individuals, with an emphasis on privacy and security.
- The company's open beta received significant interest from consumers looking to enhance their privacy online.
- Cape's mobile plan includes unlimited voice minutes, texts, data, and encrypted voicemail, with protection against threats like SIM swapping and signaling attacks.
- As part of its expansion, Cape plans to offer roaming services and MVNO-based plans in other countries, focusing on the European market.
- The company has partnered with Proton to offer users discounted access to Proton's premium services, emphasizing privacy and security.
- Cape's CEO, John Doyle, aims to provide consumers with control over their digital identity and privacy without the need to invest in specialized hardware.
- By addressing the growing concerns around mobile security and privacy, Cape is positioned to tap into the demand for secure mobile services globally.
Read Full Article
8 Likes
Tech Radar
4w
57
Image Credit: Tech Radar
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
- An unpatched Windows zero-day vulnerability has been exploited by 11 nation-state attackers and financially motivated groups.
- The vulnerability allows attackers to craft malicious shortcut (.lnk) files, enabling the execution of hidden commands when opened by the user.
- The bug has been in use since 2017, with 70% of the attacks attributed to nation-state actors, primarily from North Korea.
- Microsoft considers the vulnerability a UI issue rather than a critical security issue, but may address it in a future feature release.
Read Full Article
3 Likes
For uninterrupted reading, download the app