A naukri.com initiative
Cyber Security News
Tech Radar
4w
160
Image Credit: Tech Radar
Fake CAPTCHAs are being used to spread malware - and we only have ourselves to blame
- Researchers have identified a surge in fake CAPTCHA verification tests, leading to an increase in malware infections.
- Attackers are using convincing but fake authentication challenges to install a remote access trojan on victims' devices.
- The malware campaign involves spreading infostealer malware and gaining access to webcams and microphones.
- Obfuscation and anti-analysis techniques are utilized to delay detection and response of security operations teams.
Read Full Article
9 Likes
Medium
4w
156
Image Credit: Medium
Federated Learning: How AI Can Train Without Sharing Your Data
- Federated Learning is a decentralized approach to training machine learning models where the data stays on the user’s device or local server.
- Model updates (not the data itself) are shared with a central server, ensuring privacy.
- Federated Learning has practical applications in industries like healthcare, finance, and telecommunications.
- While federated learning offers advantages, it also presents challenges in terms of efficiency and scalability.
Read Full Article
9 Likes
Lastwatchdog
4w
214
News alert: SquareX’s “Year of Browser Bugs” project exposes critical cybersecurity blind spots
- SquareX, a pioneer in Browser Detection and Response (BDR) space, has launched the “Year of Browser Bugs” (YOBB) project to raise awareness of cybersecurity blind spots in the browser.
- The project will disclose at least one critical web attack per month throughout 2025, focusing on vulnerabilities in the browser and incumbent solutions.
- Each disclosure will include attack video demonstrations, technical breakdowns, and mitigation strategies, providing new insights to the cybersecurity community.
- SquareX aims to encourage browser and security vendors to address the growing attack surface and solve vulnerabilities that lead to application layer attacks.
Read Full Article
12 Likes
Hackernoon
4w
31
Image Credit: Hackernoon
SquareX Launches "Year Of Browser Bugs" (YOBB) To Expose Critical Security Blind Spots
- SquareX, a pioneer in Browser Detection and Response (BDR), launched the 'Year of Browser Bugs' (YOBB) project.
- The project aims to draw attention to the lack of security research and rigor in browser attacks.
- SquareX will disclose at least one critical web attack per month throughout 2025, focusing on vulnerabilities that exploit architectural limitations of the browser.
- The disclosures will include attack video demonstrations, technical breakdowns, and mitigation strategies.
Read Full Article
1 Like
Dev
4w
151
Image Credit: Dev
VMware Carbon Black Cloud: Revolutionizing Endpoint Security for Modern Threats
- VMware Carbon Black Cloud is a cloud-native endpoint and workload protection platform designed to counter modern cyber threats with advanced analytics and machine learning.
- The platform offers Next-Generation Antivirus (NGAV) and Endpoint Detection and Response (EDR), consolidating security functions into a single lightweight agent to simplify operations.
- Key features include proactive threat hunting, rapid response capabilities, enhanced visibility, cloud-native architecture, and compliance support for industry standards like PCI and HIPAA.
- VMware Carbon Black Cloud integrates with custom and cloud-native threat intelligence, enabling efficient threat hunting to stay ahead of advanced threats.
- The platform provides detailed endpoint visibility, flexible prevention policies, and default best practice policies for enhanced security control.
- VMware Carbon Black Cloud's suite of tools empowers security teams with behavioral analysis, threat intelligence integration, and automated investigation workflows.
- By leveraging vCloudTech's support, organizations can implement and manage VMware Carbon Black Cloud to strengthen their cybersecurity posture against modern threats.
- With a cloud-native architecture and advanced protection capabilities, VMware Carbon Black Cloud stands out as a comprehensive endpoint security solution for organizations.
- vCloudTech, as a leading provider of IT solutions, offers support and expertise in implementing VMware Carbon Black products to enhance cybersecurity posture.
- VMware Carbon Black Cloud revolutionizes endpoint security by combining intelligent system hardening, behavioral prevention, and real-time threat detection to protect against evolving cyber threats.
Read Full Article
9 Likes
Medium
4w
142
Image Credit: Medium
To Post or Not To Post?
- Freedom of speech protects individuals from government censorship but does not shield them from social consequences.
- Expressing free speech may lead to repercussions like job loss, college rejections, or team dismissals.
- Colin Kaepernick's kneeling during the National Anthem was within his rights but had professional repercussions.
- Some TV personalities face consequences for offensive remarks, while others seem to escape unscathed.
- Online comments can have real-life consequences, as seen in the case of a high school student expelled for sharing an inappropriate photo.
- The internet remembers actions, and poor online choices can impact future opportunities and reputations.
- Consider the potential repercussions before posting online and strive to maintain civility and empathy in digital interactions.
- Being mindful of your online behavior can prevent long-lasting negative consequences and preserve your reputation.
- Ultimately, it is important to exercise free speech thoughtfully and remember the impact it can have on your life and others.
- Think before you act online to avoid jeopardizing future opportunities and relationships.
Read Full Article
8 Likes
Medium
4w
187
Image Credit: Medium
A Credit Freeze Can Keep You And Your Loved Ones Safe
- Children are at a higher risk of identity theft, 51 times more likely than adults, as their identities can be used for years without detection.
- Older Americans are also vulnerable to fraud and identity theft.
- Freezing your credit can help protect your private information and prevent unauthorized accounts from being opened in your name.
- Placing a credit freeze on a child's identity is more demanding and time-consuming, but necessary to prevent identity theft.
Read Full Article
11 Likes
Medium
4w
263
Image Credit: Medium
Girls Don’t Play Video Games, Do They?
- The U.S. has been influential in shaping the gaming industry through the introduction of arcade gaming, personal computers, and home gaming consoles.
- Gaming is a major industry with worldwide video game sales reaching 75 billion in 2015 and expected to hit 90 billion by 2020.
- Women made up 42 percent of all gamers in the U.S. in 2017, challenging the stereotype that video games are only for boys.
- While half of solitary role-playing game players are women, social role-playing games are predominantly male due to issues like sexual harassment in gaming communities.
- There is a debate on whether girls should be encouraged to play video games to bridge the gender gap in STEM fields.
- Encouraging girls to engage with video games may lead to early interest in computer science and tech careers, as backed by Sheryl Sandberg and a University of Toronto study.
- Parents are urged to consider the messages video games send their children and actively participate in shaping their digital experiences.
- Educator Rosalind Wiseman highlights that games can teach young people valuable skills like teamwork and creative expression.
- Parents are advised to engage in digital parenting by understanding and influencing their children's gaming experiences.
- It is crucial for parents to have conversations with their children about the positive and negative aspects of gaming to shape the future of gaming and tech leadership.
- Children today are the future of the gaming industry and tech leadership, emphasizing the need for constructive dialogue and involvement in their gaming activities.
Read Full Article
15 Likes
Siliconangle
4w
8
Image Credit: Siliconangle
In its largest-ever acquisition, Google buys cybersecurity startup Wiz for $32B
- Google has announced its acquisition of cybersecurity startup Wiz for $32 billion, making it the tech giant's largest-ever acquisition.
- The deal values Wiz at $20 billion higher than its previous funding round and includes a $3.2 billion termination fee if the acquisition falls through.
- Wiz, founded in 2020, provides a cybersecurity platform used by over half of the Fortune 100 companies to secure their cloud environments and defend against cyberattacks.
- The three components of Wiz's platform include Wiz Cloud for spotting vulnerabilities, Wiz Defend for detecting attacks, and Wiz Code for identifying software flaws.
- Google plans to maintain Wiz's availability across major public clouds post-acquisition and combine its technology with Google Security Operations to create a unified security platform.
- This move follows Google's previous $5.4 billion acquisition of Mandiant in 2022 and is aimed at enhancing its cybersecurity offerings.
- Google aims to close the Wiz acquisition in 2026 pending regulatory approvals and continues to contribute to the cybersecurity community with initiatives like BeyondCorp and SLSA.
- The acquisition signifies Google's commitment to bolstering its security capabilities and providing comprehensive cybersecurity solutions across various cloud environments.
- Wiz's innovative technology, strong customer base, and rapid growth in revenue have positioned it as a strategic addition to Google's cybersecurity portfolio.
- Google Cloud CEO Thomas Kurian emphasized that Wiz will maintain compatibility with rival clouds and existing cybersecurity solutions post-acquisition.
Read Full Article
Like
Securityaffairs
4w
35
Image Credit: Securityaffairs
Nation-state actors and cybercrime gangs abuse malicious .lnk files for espionage and data theft
- At least 11 state-sponsored threat groups have been abusing Windows shortcut files for espionage and data theft, according to Trend Micro's Zero Day Initiative.
- These threat actors have exploited the vulnerability ZDI-CAN-25373, with 1,000 malicious .lnk files discovered by ZDI researchers.
- The vulnerability has been targeted by APT groups from North Korea, Iran, Russia, and China, with attacks aimed at various sectors and regions.
- Microsoft has been notified of the vulnerability but has not addressed it with a security patch.
Read Full Article
2 Likes
TechCrunch
4w
424
Image Credit: TechCrunch
Here’s why Google pitched its $32B Wiz acquisition as ‘multicloud’
- Google's acquisition of security startup Wiz for $32 billion aims to position Wiz as a 'multicloud' offering, not limited to Google services.
- Google's decision was driven by the need for customer retention, as Wiz brought a large customer base with annual revenue of $700 million.
- Wiz customers value its support for multiple cloud platforms, which Google hopes to maintain post-acquisition to prevent alienating them.
- Antitrust regulations were a concern with the acquisition, as Google has faced scrutiny over its dominance in various tech sectors.
- Google's move towards a multicloud approach could help alleviate antitrust concerns, as it does not dominate in cloud services and cybersecurity.
- Google's lag behind AWS and Azure in the cloud market necessitated the embrace of a multicloud model to cater to customers who do not use Google Cloud.
- Despite Google's efforts to catch up in the cloud market, it still trails AWS and Azure due to various factors like Microsoft's enterprise dominance.
- Google Cloud CEO Thomas Kurian highlighted the importance of multicloud capabilities for meeting customer demands and promoting competition.
- Kurian believes AI could potentially change the game, leading to centralization of data and possibly reducing the need for multicloud solutions in the future.
- The acquisition of Wiz is aimed at enhancing Google's capabilities in identifying and defending against cyber threats across different cloud platforms.
Read Full Article
25 Likes
Gizchina
4w
103
Image Credit: Gizchina
Google to acquire cloud security firm Wiz in $32 billion deal
- Google has announced the acquisition of Wiz, a leading cloud security company, in a $32 billion deal.
- The acquisition reflects Google Cloud's commitment to strengthening security and multi-cloud capabilities.
- The deal aims to improve cloud security, lower costs for users, and guard against new risks from AI.
- Wiz will continue to support all major cloud firms and provide wide safety tools through market and partner links.
Read Full Article
6 Likes
TechJuice
4w
192
Chinese Telecom Firms Accused of Operating Fraudulent Scam Centers in Islamabad
- Chinese telecom firms, including Starwin and Dgvertex, have been accused of operating fraudulent scam centers in Islamabad and other major cities.
- These scam centers exploit Pakistani youth and defraud international victims, operating under multiple aliases and targeting unsuspecting individuals through fake investment schemes and online job offers.
- The scam centers in Islamabad, including locations such as G-9/4, G-8, and GT Road near phase 7, are involved in deceiving victims and disappearing after collecting large sums of money.
- Despite mounting evidence and reports, authorities have yet to take decisive action, raising concerns about corruption and regulatory failures of law enforcement agencies.
Read Full Article
11 Likes
TechJuice
4w
134
Chinese Companies Accused of Operating Scam ‘IT Centers’ in Islamabad, Pakistan
- Chinese companies, including Starwin and Dgvertex, have established scam centers in Islamabad, Pakistan.
- These fraudulent companies exploit Pakistani youth and defraud international victims through fake investment schemes and online job offers.
- Victims have revealed a multilevel fraud system run by Chinese-backed fraudulent enterprises.
- Authorities have yet to take decisive action, raising concerns about the corruption and regulatory failures of law enforcement agencies.
Read Full Article
8 Likes
Dev
4w
303
Image Credit: Dev
Windows Security Alert: Signs of a Hack & How to Remove Malware
- Windows OS being targeted by hackers is a common concern, requiring immediate action when a hack is suspected.
- Steps to contain a hack include disconnecting the system from the internet, quarantining the affected machine, and changing passwords on a separate device.
- Investigation involves checking for unknown users, recent logins, network connections, and scanning for malware/rootkits.
- Recovery involves removing threats, restoring the system, and reinstalling Windows if necessary.
- To strengthen security, enabling multi-factor authentication, updating software, using a firewall, and monitoring for threats are recommended.
- In case of a serious breach, contacting cybersecurity professionals and authorities is advised.
- Taking back control of a hacked Windows PC involves quick detection, malware removal, and proactive security measures.
- Keeping systems updated, using strong passwords, running scans, and enabling firewalls are key to preventing hacks.
- By staying vigilant and proactive, users can safeguard their Windows PCs against cyber threats and maintain data security.
- Securing personal information and minimizing vulnerabilities are essential practices in the face of evolving cybersecurity challenges.
- Being aware, informed, and prepared is crucial in maintaining a secure digital presence and protecting against potential hacks.
Read Full Article
18 Likes
For uninterrupted reading, download the app