menu
techminis

A naukri.com initiative

New

google-web-stories
Home

>

Cyber Security News

Cyber Security News

source image

Tech Radar

1M

read

358

img
dot

Image Credit: Tech Radar

Hackers are building bespoke Mac malware using GenAI

  • Cybersecurity experts warn of increasing prevalence of sophisticated macOS malware created with generative AI.
  • Hackers are using tools like ChatGPT to create Mac-bound malware without coding experience.
  • AI has become an ally for cybercriminals launching macOS-focused campaigns.
  • Although macOS was considered safer than Windows, experts advise treating it like any other OS and being cautious of social engineering attacks.

Read Full Article

like

21 Likes

share

5 Shares

source image

Dev

1M

read

4

img
dot

Image Credit: Dev

Strengthening Email Security: A Comprehensive Guide to SPF, DKIM, and DMARC Implementation

  • Email security has become increasingly critical in today's digital landscape.
  • This article explores three key technologies that form the foundation of modern email security: SPF, DKIM, and DMARC.
  • SPF verifies the authorization of sending mail servers, DKIM ensures the integrity of email content, and DMARC coordinates and enforces security policies.
  • Implementing SPF, DKIM, and DMARC is crucial for organizations to ensure reliable email delivery and protect their domain reputation.

Read Full Article

like

Like

share

Share

source image

Dev

1M

read

22

img
dot

Image Credit: Dev

Simplify Form Validation with FormGuardJS: A Lightweight and Flexible Solution

  • FormGuardJS is a lightweight and flexible JavaScript library that simplifies form validation.
  • Key features of FormGuardJS include multiple validation rules, custom error messages, lightweight size, and easy integration.
  • FormGuardJS can be included via CDN or installed using npm and offers simple initialization and rule definitions.
  • It stands out for its simplicity, flexibility, and minimalistic approach, making it suitable for various form validation use cases.

Read Full Article

like

1 Like

share

Share

source image

Lastwatchdog

1M

read

426

img
dot

News alert: Green Raven study shows cybersecurity to be a black hole in more ways than just budget

  • A majority of senior cybersecurity professionals at the UK's largest organisations struggle with feelings of helplessness and professional despair, according to cybersecurity firm Green Raven Limited.
  • Most practitioners say these same feelings spill over into and impact their personal lives.
  • A survey of 200 cybersecurity professionals showed that 70% of them admit to feelings of professional despair, despite a rapid increase in cybersecurity budgets.
  • Almost three-quarters say they would consider a major breach as a personal failure.
  • 59% of respondents admit that feelings of professional despair have a negative impact on their personal lives and/or mental health.
  • 70% are under pressure from senior management/boards to better justify their next annual cybersecurity budget against the actual risks and threats faced by their organisation.
  • Fewer than half of respondents believe their organisation is investing sufficiently in cybersecurity, despite nearly 90% of respondents reporting that their cybersecurity budgets are increasing.
  • 79% of respondents recognize that the 'gold standard' process for risk and compliance management comprises the four steps of identification, assessment, treatment, and monitoring.
  • Two-thirds of respondents say that not knowing from where the next cyberattack will come feels like permanently working with a blindfold on.
  • Practitioners have high hopes for new, AI-based tools to give them an advantage over threat actors in the form of better cyber threat intelligence which tells them from where an attack will likely come and/or where it will land.

Read Full Article

like

25 Likes

share

5 Shares

source image

TechCrunch

1M

read

215

img
dot

Image Credit: TechCrunch

Senators say U.S. military is failing to secure its phones from foreign spies

  • Two U.S. senators accuse the Department of Defense of not doing enough to protect military personnel communications from foreign spies.
  • Senators highlight vulnerabilities in outdated communication methods and reliance on unencrypted cellular calls and texts.
  • Chinese hacking campaign targeting American phone and internet giants raises concerns over national security.
  • Senators call for DOD to renegotiate contracts with telcos for better cyber defenses and audits.

Read Full Article

like

12 Likes

share

3 Shares

source image

Androidauthority

1M

read

156

img
dot

Image Credit: Androidauthority

FBI encourages you to use encrypted chat apps, even if it doesn’t like it

  • In response to the Salt Typhoon hack, two high-ranking FBI officials have encouraged Americans to use encrypted chat apps.
  • Previously, the FBI has tried to access encrypted chats during investigations, but its stance on encryption has changed.
  • The bureau now encourages people to use encryption while still wanting to break it when necessary.
  • US officials conducted a news call discussing the Salt Typhoon hack, where FBI agents emphasized the importance of encrypted chat apps to protect against targeted attacks.

Read Full Article

like

9 Likes

share

2 Shares

source image

Identityiq

1M

read

107

img
dot

Image Credit: Identityiq

What Is a Fake Package Delivery Scam?

  • A fake package delivery scam is a type of phishing scam where fraudsters send deceptive emails or text messages claiming to be legitimate shipping notifications from reputable carriers or retailers. The goal of fake package delivery scams is to trick recipients into revealing sensitive personal information, such as login credentials or credit card information. To avoid falling victim to these scams, it is essential to verify the legitimacy of the sender, use official websites instead of clicking on links in emails or text messages, keep antivirus software up to date, and be cautious with QR codes. Although scammers may send fake tracking numbers that seem real, it's essential to check tracking information on the official website of the carrier or retailer. Report scams to the FTC, the U.S. Postal Inspection Service, and the fraud department of the shipping company. Signing up for IdentityIQ identity theft protection can help protect personal information and receive alerts if scammers use personal information.
  • Fake package delivery scams are designed to trick individuals to react quickly by creating a false sense of urgency to prompt recipients to click on links, provide payment information, or download attachments. Recognizing the warning signs of these scams can help individuals avoid falling victim to these scams.
  • Fake delivery notifications often use generic greetings such as “Dear Customer” instead of the actual name. A lack of personalization could be a sign of a scam.
  • Fake shipping delivery scams fall under the broader category of phishing scams. Phishing is a type of social engineering attack where bad actors pose as trustworthy companies or organizations to deceive victims into providing sensitive information or performing actions that compromise their security, their identity, and their finances.
  • Hover over links in an email to see where they lead before clicking. If the URL looks unfamiliar or mismatched, do not click.
  • Identity theft protection is crucial, as staying vigilant against fake shipping notification and other phishing scams extends beyond an immediate threat. When scammers have access to personal information, it can lead to several consequences, including financial loss, damage to the credit score, unauthorized access to various accounts, and identity thieves opening up new accounts in your name.
  • To avoid falling victim to these scams, it is essential to verify the legitimacy of the sender, use official websites instead of clicking on links in emails or text messages, keep antivirus software up to date, and be cautious with QR codes.
  • Recognizing the signs of fake delivery notification scams, understanding phishing scams, adopting proactive security device measures and signing up for IdentityIQ identity theft monitoring can help ensure a safe and secure holiday shopping experience for everyone.
  • Scammers may use email addresses or phone numbers that look similar to those of legitimate companies but have subtle differences.
  • By signing up for IdentityIQ identity theft protection, individuals can help protect personal information and finances. They can also receive alerts if a scammer uses personal information – one of the first signs of identity theft.

Read Full Article

like

6 Likes

share

1 Share

source image

Tech Radar

1M

read

403

img
dot

Image Credit: Tech Radar

Cisco warns a decade-old vulnerability is back and targeting users

  • Cisco has issued a warning that a decade-old vulnerability in its Adaptive Security Appliance (ASA) software is being actively exploited in the wild.
  • The vulnerability, known as CVE-2014-2120, is a cross-site scripting (XSS) flaw affecting the WebVPN login page of the ASA software.
  • Cisco has observed additional attempts to exploit the bug and US federal agencies have been advised to patch the vulnerability within three weeks.
  • It is crucial for ASA users to promptly apply the patch, as cybercriminals often target old vulnerabilities that have working exploits.

Read Full Article

like

24 Likes

share

5 Shares

source image

Wired

1M

read

8

img
dot

Image Credit: Wired

Senators Warn the Pentagon: Get a Handle on China’s Telecom Hacking

  • Senators Ron Wyden and Eric Schmitt are calling on the Pentagon to investigate its own 'failure to secure its unclassified telephone communications from foreign espionage.'
  • The FBI and the Cybersecurity and Infrastructure Security Agency confirmed publicly on November 13 that the China-linked hacking group known as Salt Typhoon has been embedded in major United States telecom companies for more than a year, running a sophisticated espionage operation.
  • US officials have been investigating the espionage campaign for months which has reportedly targeted high-profile targets like president-elect Donald Trump and his campaign officials.
  • The senators attached to their letter two DOD white papers in which the Pentagon acknowledged that the telecoms it has contracts with have security vulnerabilities that could be exploited by foreign entities for surveillance.
  • T-Mobile was reportedly breached in the Salt Typhoon campaign, but has seen no signs of compromise.
  • T-Mobile has contracts with the Army, Air Force, Special Operations Command, and many other divisions of the DOD.
  • The senators provide evidence in their letter that US telecoms have worked with third-party cybersecurity firms to conduct audits of their systems related to the telecom protocol known as SS7 but have declined to make the results of these evaluations available to the Defense Department.
  • The Pentagon contracts with major US carriers for much of its telecom infrastructure.
  • T-Mobile's assertion that it did not suffer a breach in this instance is noteworthy.
  • The senators wrote, "We urge you to consider whether DOD should decline to renew these contracts, and instead renegotiate with the contracted wireless carriers, to require them to adopt meaningful cyber defenses against surveillance threats."

Read Full Article

like

Like

share

Share

source image

Medium

1M

read

197

img
dot

Reshaping Global Trade: Bitcoin’s Strategic Role

  • Bitcoin-backed tokenized financial instruments could revolutionize global trade by providing decentralized trust and merging it with the efficiency of digital finance.
  • Integrating Bitcoin into global trade requires significant preparation across technological, regulatory, and market dimensions.
  • Tokenized financial instruments must enable nations and corporations to transact securely without reliance on intermediaries or centralized oversight.
  • The integration of Bitcoin into global trade hinges on Bitcoin-backed financial instruments, which merge decentralized trust with the efficiency of digital finance.
  • Smart contracts could ensure payment is released only when goods are verified at their destination, reducing fraud and enhancing trust.
  • By positioning Bitcoin as a counterweight to authoritarian control, democratic nations can foster a fairer, more transparent global economy.
  • Bitcoin can strengthen economic alliances among democratic nations by integrating Bitcoin-backed systems into trade agreements, creating decentralized yet cooperative economic frameworks.
  • Differing global regulations present significant challenges to Bitcoin’s integration into trade systems, highlighting the need for international collaboration to harmonize standards and facilitate cross-border adoption.
  • The timeline for Bitcoin’s integration into trade systems will likely unfold in three phases: pilot programs, initial deployments in niche markets, and broader adoption with fully Bitcoin-backed instruments, supported by mature blockchain infrastructure and regulatory frameworks.
  • Bitcoin’s evolution is entering its most transformative phase as tokenized instruments reshape global trade, which represents a paradigm shift toward decentralized global cooperation.

Read Full Article

like

11 Likes

share

2 Shares

source image

Identityiq

1M

read

363

img
dot

Image Credit: Identityiq

How to Spot an Employment Scam

  • Employment scams are fraudulent job offers or recruitment efforts designed to deceive individuals and steal their money or personal information.
  • Employment scammers try to trick job seekers using the same methods that real employers do – with job ads online, in newspapers and even on TV or radio.
  • Scammers often mimic legitimate companies and use enticing job opportunities to lure victims.
  • To help avoid scams, verify employers, avoid sharing sensitive data, and never pay upfront fees.
  • Employment scams can have serious consequences, including financial loss, emotional and psychological toll, and damage to personal reputation.
  • Knowing common warning signs can help you identify and avoid employment scams.
  • Common warning signs include immediate job offers, payment requests, and vague job descriptions.
  • Before accepting a job offer or responding to a recruiter inquiry, research the employer and avoid sharing personal information.
  • IdentityIQ provides tools and services to help protect you from employment scams, including credit monitoring, identity restoration, and proactive protection features.
  • Employment scams are rising, surging by 118% last year compared to 2022

Read Full Article

like

21 Likes

share

5 Shares

source image

Tech Radar

1M

read

161

img
dot

Image Credit: Tech Radar

Cloudflare developer domains increasingly abused by threat actors

  • Cybercriminals are increasingly abusing two Cloudflare domains, 'pages.dev' and 'workers.dev', to facilitate phishing attacks and push malware to their victims.
  • The domains allow attackers to bypass endpoint protection tools and successfully compromise targets due to Cloudflare's good reputation.
  • The phishing attacks start with emails urging victims to address an urgent problem and either contain a PDF file or a link to Cloudflare's domains.
  • There has been a significant surge in abuse, with a 198% increase in phishing attacks on Cloudflare Pages and a 104% increase on Cloudflare Workers compared to the previous year.

Read Full Article

like

9 Likes

share

2 Shares

source image

TechCrunch

1M

read

367

img
dot

Image Credit: TechCrunch

FBI recommends encrypted messaging apps to combat Chinese hackers

  • The China-backed hacking group Salt Typhoon remains inside the networks of some of America's largest phone and internet providers, with unclear intentions.
  • The hackers have accessed real-time unencrypted calls, text messages, and metadata of targeted telecom companies, including AT&T, Verizon, and Lumen.
  • U.S. officials suspect the hacks are part of a wide-ranging spying operation by China, targeting U.S. officials and senior Americans.
  • To combat Chinese hackers, the FBI and CISA recommend using encrypted messaging apps like Signal and WhatsApp for secure communication.

Read Full Article

like

22 Likes

share

5 Shares

source image

TechCrunch

1M

read

58

img
dot

Image Credit: TechCrunch

UnitedHealthcare CEO Brian Thompson shot and killed in New York

  • UnitedHealthcare CEO Brian Thompson was shot and killed in New York.
  • Thompson was walking to the New York Hilton Midtown for his company's annual investor conference when he was shot.
  • The masked gunman fired on Thompson from approximately 20 feet away and escaped on a bicycle.
  • Thompson became CEO of UnitedHealthcare in April 2021 and was instrumental in dealing with the aftermath of a major ransomware attack on one of its subsidiaries.

Read Full Article

like

3 Likes

share

Share

source image

Tech Radar

1M

read

49

img
dot

Image Credit: Tech Radar

Top vodka brand Stoli files for bankruptcy following ransomware attack

  • Stoli, a top vodka brand, filed for bankruptcy in the USA in November 2024.
  • The bankruptcy filing cited various reasons including a ransomware attack that occurred in August 2024.
  • The attack caused operational issues and hindered daily operations.
  • The company is still working on restoring its systems and expects to be fully operational by the first quarter of 2025.

Read Full Article

like

2 Likes

share

Share

Prev

90
91
92
93
94
95
96
97
98
99
100

Next

For uninterrupted reading, download the app