Cyber Security News, Latest Updates and Recent Announcements on Techminis

A naukri.com initiative

New

Home

Cyber Security News

Dev

334

Image Credit: Dev

Addressing The Growing Challenge of Generic Secrets: Beyond GitHub's Push Protection

The landscape of credential security has drastically changed, with a significant rise in generic secrets embedded in code.
Generic secrets lack standardized patterns, making them harder to detect and leading to increased vulnerability.
The detection challenge lies in distinguishing between specific and generic secrets within code repositories.
Contextual understanding is crucial for identifying generic secrets as their legitimacy depends on the code context.
The proliferation of generic secrets is fueled by factors like custom APIs, varied developer practices, and AI-assisted development.
GitHub's push protection enhances security by scanning code for known credential patterns before pushing, but has limitations in detecting generic secrets.
GitHub's push protection offers preventative security, immediate feedback, reduced risk, and integration capabilities.
Limitations of GitHub's push protection include coverage of generic patterns, pattern-based detection challenges, and lack of historical detection.
GitGuardian provides advanced protection against generic secrets through ML-powered detection, pre-commit security, and comprehensive historical scanning.
Organizations should adopt a multi-layered security approach to combat both specific and generic credential leaks amidst the evolving threat landscape.

Read Full Article

20 Likes

The Verge

116

Image Credit: The Verge

Why Google made a $32 billion bet on Wiz

Google acquired cloud security startup Wiz for $32 billion, its most expensive acquisition yet.
The acquisition is a bet that Wiz can help strengthen Google's cloud business, which lags behind its competitors.
Google's cloud revenue in 2024 was just $43 billion, while Microsoft and Amazon reported revenues over $100 billion.
Security concerns and integration challenges may arise from this high-profile acquisition.

Read Full Article

6 Likes

Ghacks

254

Image Credit: Ghacks

Windows has an 8-year-old security issue that is exploited and known by Microsoft for some time

A security vulnerability in .lnk shortcuts, which triggers malware downloads, has been known by Microsoft since 2017.
The vulnerability has been exploited since at least 2017, with attacks originating from North Korea, China, Russia, and Iran.
The majority of attacks are state-sponsored and target governments, critical infrastructure, private organizations, think tanks, and the financial sector.
Microsoft has classified the issue as low severity and has not taken action to patch it.

Read Full Article

15 Likes

Tech Radar

419

Image Credit: Tech Radar

These malicious Android apps were installed over 60 million times - here's how to stay safe

More than 300 Android apps, installed over 60 million times, were part of an ad fraud campaign that displayed unwanted ads and attempted to steal sensitive data.
The apps mimicked utility apps such as QR scanners, expense tracking apps, health apps, and wallpaper apps.
Most of the affected apps were removed from the Google Play Store, but users who have already installed them remain at risk.
To stay safe, users are advised to remove any unwanted or unused apps and ensure they are running the latest version of Android.

Read Full Article

25 Likes

Discover more

Cybersecurity-Insiders

Image Credit: Cybersecurity-Insiders

Reimagining the future of connectivity with Network 2.0

The bidirectional nature of the current internet architecture poses cybersecurity risks like phishing and malware, leading to the need for Network 2.0's unidirectional approach based on Zero Trust principles.
Network 2.0 treats users as 'objects' with control over connections, resembling concepts of trust seen in older technologies like telephone switchboards.
It aims to empower users with data sovereignty, allowing them to control digital interactions and personal data access, in contrast to current centralized data storage practices.
Network 2.0 envisions a hierarchical model of data management, involving individual control (data droplets), regional compliance (data puddles), and controlled aggregation for analytics (data lakes).
Challenges include disrupting marketing practices and data analytics, requiring cultural shifts in organizations to prioritize security and adapt to new connectivity norms.
Recommended steps for implementing Network 2.0 include embracing Zero Trust, prioritizing data sovereignty, classifying data, and strategically distributing data to limit breach impact.
This shift to Network 2.0 reimagines a secure, user-centric digital ecosystem that prioritizes privacy, security, and individual control over data, requiring collaboration across businesses, tech experts, and policymakers.
The transition may face resistance due to existing business processes, but the potential benefits of a safer, more resilient digital world make the effort worthwhile.
Network teams are increasingly being aligned with security teams, signaling a shift towards integrated security considerations in network strategies.
Implementing Network 2.0 requires upskilling IT teams, embracing technology changes, and adhering to evolving data regulations to ensure a successful transition.
By championing data sovereignty and reshaping connectivity norms, Network 2.0 promises a future where individuals have greater control over their digital lives in a secure online environment.

Read Full Article

4 Likes

Medium

Image Credit: Medium

Cybersecurity for Career Survival: Why Knowing GRC Basics Can Save Your Job

In the digital age, cybersecurity is crucial for career survival, as highlighted by a phishing scam experienced by a marketing manager named Emma.
Every professional, regardless of their field, needs to understand Governance, Risk, and Compliance (GRC) basics to protect against cyber threats.
Statistics show that human errors contribute significantly to cybersecurity breaches, emphasizing the need for cyber awareness in all roles.
GRC involves governance, risk identification, and compliance to manage cybersecurity risks effectively within organizations.
Real-world examples demonstrate how lack of GRC knowledge can lead to data breaches, fines, job loss, and career setbacks.
Employers increasingly value cybersecurity awareness, with many considering it a critical factor in hiring and promotion decisions.
Understanding GRC basics not only protects organizations but also adds value to individual careers by preventing costly mistakes and demonstrating competency.
By learning basic cybersecurity terms, following best practices, and taking relevant training, non-tech professionals can enhance their cybersecurity knowledge and safeguard their careers.
In the digital-first world, professionals who integrate cybersecurity knowledge with their core expertise are more likely to thrive and succeed in their careers.
In conclusion, cybersecurity knowledge, particularly GRC basics, is essential for both organizational protection and long-term career success in the current digital landscape.

Read Full Article

4 Likes

TechCrunch

107

Image Credit: TechCrunch

Researchers name several countries as potential Paragon spyware customers

A report by The Citizen Lab suggests certain countries, including Australia, Canada, Cyprus, Denmark, Israel, and Singapore, are likely customers of Paragon Solutions, an Israeli spyware maker.
Paragon has been involved in scandals, including WhatsApp notifying users of being targeted with Paragon spyware, leading to investigations.
The company has tried to position itself as a responsible vendor, claiming not to sell to authoritarian regimes.
Recently, reports indicated that U.S. venture capital firm AE Industrial Partners acquired Paragon for at least $500 million.
Citizen Lab uncovered details on Paragon's spyware tool Graphite, identifying servers linked to suspected customer countries based on certificates and server locations.
The report highlights an operational mistake by Paragon, pointing to a digital certificate registered to Graphite.
Citizen Lab noted other potential governmental customers of Paragon, including Canada's Ontario Provincial Police.
TechCrunch reached out to several governments and Paragon for comments, but received limited responses and denials of inaccurate information.
Meta confirmed the association of a spyware indicator called BIGPRETZEL with Paragon, emphasizing the need to hold spyware companies accountable.
Despite challenges in detecting Paragon's spyware, Citizen Lab stresses the importance of collaboration and information sharing to combat such threats.

Read Full Article

6 Likes

Siliconangle

276

Image Credit: Siliconangle

AI-driven threats fuel rise in phishing and zero-day attacks

A report from Menlo Security Inc. reveals a 140% increase in browser-based phishing attacks in 2024.
The rise in browser-based attacks is driven by artificial intelligence-powered attacks, phishing-as-a-service, and zero-day vulnerabilities.
Generative AI attacks, particularly phishing attacks, have increased by 140%.
Microsoft, Facebook, and Netflix are the most commonly impersonated brands in browser-based phishing attempts.

Read Full Article

16 Likes

Tech Radar

Image Credit: Tech Radar

Billions of credentials were stolen from businesses around the world in 2024

Over 3.2 billion credentials were compromised in 2024, a 33% increase compared to the previous year.
Stolen credentials were used to fuel illegal campaigns, with 75% obtained through information stealing malware.
Ransomware attacks increased by 10% in 2024, contributing to the worst year for ransomware on record.
Data breaches led to the exposure of over 16.8 billion records, funding cybercriminal organizations globally.

Read Full Article

1 Like

Securityaffairs

352

Image Credit: Securityaffairs

Rules File Backdoor: AI Code Editors exploited for silent supply chain attacks

The 'Rules File Backdoor' attack targets AI code editors like GitHub Copilot and Cursor.
Threat actors exploit hidden Unicode characters and evasion tactics to inject undetectable malicious code.
The attack uses rule files to trick AI tools into generating code with security vulnerabilities or backdoors.
Researchers published a video proof-of-concept showcasing the manipulation of AI-generated files through instruction files.

Read Full Article

21 Likes

Siliconangle

379

Image Credit: Siliconangle

JFrog’s Conan introduces Conan Audit to strengthen C/C++ dependency security

JFrog's Conan introduces Conan Audit, a new security feature for analyzing dependencies in C/C++ development environments.
Conan Audit integrates with JFrog Platform to provide detailed vulnerability insights and proactive risk management.
The service identifies vulnerabilities in dependencies before compilation and allows cross-platform compatibility.
Conan Audit automates dependency management and security checks, improving efficiency and reducing human error.

Read Full Article

22 Likes

Socprime

406

Image Credit: Socprime

UAC-0200 Attack Detection: Cyber-Espionage Activity Targeting Defense Industry Sector and the Armed Forces of Ukraine Using DarkCrystal RAT

The UAC-0200 hacking group resurfaces in the cyber threat arena, targeting the defense industry sector and the Armed Forces of Ukraine using DarkCrystal RAT (DCRAT).
CERT-UA has identified a surge in targeted cyber-attacks against defense industry employees and individual members of the Armed Forces of Ukraine.
The UAC-0200 hacking collective has been linked to previous cyber-attacks using similar offensive tools and the Signal messenger to spread the DarkCrystal RAT malware.
The use of popular messengers creates uncontrolled communication channels that bypass security measures, requiring heightened responsiveness from defenders.

Read Full Article

24 Likes

VoIP

Image Credit: VoIP

FCC Commissioner Geoffrey Starks Announces Departure

FCC Commissioner Geoffrey Starks announces departure.
Starks highlighted efforts in connecting Americans, promoting innovation, and safeguarding national security.
Colleagues praise Starks' understanding of national security, consumer protection, and technological advancements.
Starks' advocacy has played a significant role in reducing the digital divide.

Read Full Article

1 Like

Silicon

407

Image Credit: Silicon

Google To Acquire Wiz For $32bn In Cloud Security Mega-Deal

Google to acquire New York-based cloud security company Wiz in a $32 billion all-cash deal.
Google aims to expand its offerings and compete with cloud rivals Microsoft Azure and Amazon Web Services.
The acquisition will help scale Wiz’s services, which will continue to work on competitors' platforms.
Wiz, founded in 2020, has reached $100 million in annual recurring revenue in just 18 months.

Read Full Article

24 Likes

Pymnts

263

Image Credit: Pymnts

Australia’s eCommerce Merchants Want Help as They Battle Chargebacks

Ecommerce merchants in Australia are seeking assistance from payment service providers (PSPs) in dealing with chargebacks.
Chargebacks can have a negative impact on the top and bottom lines of merchants, as well as on cash flow and customer relationships.
44% of merchants identified chargebacks as a key concern, especially in relation to card-not-present transactions and the risks involved.
However, only 18% of merchants in Australia receive automatic updates from their PSPs regarding chargebacks and dispute resolution tools.

Read Full Article

15 Likes

100

For uninterrupted reading, download the app