A naukri.com initiative
Cyber Security News
Tech Radar
1M
170
Image Credit: Tech Radar
The EU proposal to scan all your WhatsApp chats is back on the agenda
- The EU proposal to scan all private communications to halt the spread of child sexual abuse material is back on regulators' agenda.
- The proposal, known as Chat Control, has faced criticism and undergone changes since its initial presentation in May 2022.
- The latest version of the proposal aims to target shared photos, videos, and URLs with user consent, but privacy experts remain skeptical.
- The majority of EU countries have expressed support for the proposal, but some remain undecided or opposed.
Read Full Article
10 Likes
Cybersecurity-Insiders
1M
139
Image Credit: Cybersecurity-Insiders
Can Failing to Log Out from Online Accounts Pose a Cybersecurity Threat?
- Failing to log out of online accounts pose a range of cybersecurity threats for users who typically access these accounts from multiple devices.
- When users forget to log out of accounts from shared devices, it becomes easier for unauthorized users to access their personal and professional data.
- Cybercriminals can exploit such scenarios using malware like keyloggers and screen scrapers to execute fraudulent activities like financial fraud or identity theft.
- Remaining logged into an online account typically stores session cookies to keep users logged in across visits, making it vulnerable to theft if the device is compromised.
- Session hijacking becomes possible through exploitation of this vulnerability enabling hackers to steal session cookies to impersonate the user and gain access to their account.
- An open online session makes it easier for hackers to launch various social engineering attacks such as phishing, especially on users' contacts posing as the user or service they are using.
- Users handling sensitive or classified data leave accounts open, becoming a substantial threat to cyber espionage that increases the potential of data breaches, financial losses, and reputational damage.
- Leaving an account open on a device could result in unauthorized access to other accounts that share the same login credentials or linked profiles, increasing the exposure to multiple vulnerabilities and exploitation by hackers.
- To mitigate the risks associated with failing to log out, users should adopt behavior like always logging out of accounts on shared devices, clearing browser history and cache regularly or using anti-virus software.
- In conclusion, practice good digital hygiene habits, clear cookies, use private browsing or incognito mode and use 2FA for account safety.
Read Full Article
8 Likes
Startupnation
1M
291
Image Credit: Startupnation
What Do Healthcare Startups Need To Know About Data Quality?
- For startups, adopting best practices like the electronic health records system translates into more dependable analytics and improved patient care solutions.
- In healthcare, reliable data isn’t just about collection – it’s also about interpretation.
- Startups must focus on structured frameworks that enhance data quality elements like accuracy, consistency, and timeliness.
- Investing in quality data systems not only elevates service levels but also positions companies competitively in the market.
- Accuracy also leads to enhanced patient outcomes, informed decision-making, and regulatory compliance.
- Innovations such as AI-driven analytics simplify intricate procedures by swiftly identifying irregularities and rectifying mistakes.
- Startups that prioritize accuracy also develop strong strategies to win major clients.
- Establishing standardized protocols and regular training programs helps avoid common mistakes that hinder data quality.
- Investing in accurate, reliable information systems, startups can foster growth and innovation in healthcare.
- Achieving distinction hinges on harnessing the promise of technology to convert obstacles into lasting opportunities for progress.
Read Full Article
17 Likes
Siliconangle
1M
237
Image Credit: Siliconangle
Okta shares surge over 15% on strong revenue and earnings beats
- Okta shares surged over 15% in late trading after strong revenue and earnings beats.
- For Q3, Okta reported adjusted earnings per share of 67 cents and revenue of $665 million, both exceeding analyst expectations.
- Okta expanded Auth0 capabilities, introduced security enhancements and AI governance tools in the quarter.
- For Q4, Okta expects adjusted earnings per share of 73-74 cents and revenue of $667-669 million, both ahead of estimates.
Read Full Article
14 Likes
Medium
1M
184
Image Credit: Medium
Title: The Incessant Battle Against Data Breaches: America’s Digital Dilemma
- Data breaches in government and corporate sectors have become alarmingly frequent, leaving individuals feeling vulnerable and outraged.
- Companies often fail to implement adequate security measures and some of them profit from selling personal data.
- The United States needs stronger data protection laws, enhanced security measures, transparency, accountability, and increased education and awareness.
- Individuals should demand better protections, hold companies accountable, and take steps to protect themselves.
Read Full Article
11 Likes
Semiengineering
1M
26
Image Credit: Semiengineering
98 Hardware Security Failure Scenarios (NIST)
- A technical paper titled "Hardware Security Failure Scenarios: Potential Hardware Weaknesses" was published by NIST.
- The paper evaluates the vulnerabilities in hardware and provides 98 failure scenarios.
- These scenarios describe how weaknesses can be exploited, where they occur, and potential damage.
- The paper highlights the extensive possibilities for hardware-related security failures.
Read Full Article
1 Like
Securityaffairs
1M
444
Image Credit: Securityaffairs
The ASA flaw CVE-2014-2120 is being actively exploited in the wild
- Cisco warns customers that a decade-old ASA vulnerability, tracked as CVE-2014-2120, is being actively exploited in the wild.
- The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, allowing an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack.
- Cisco first published the advisory in March 2024, but recently detected new exploitation attempts for the vulnerability.
- Cisco urges customers to upgrade to a fixed software release to mitigate the vulnerability.
Read Full Article
26 Likes
Dev
1M
4
Image Credit: Dev
⛈️ Cloud Penetration Testing: A Practical Guide to Securing Your Cloud Infrastructure
- Cloud penetration testing involves systematically probing cloud-native services, applications, and infrastructure to uncover security weaknesses.
- Two practical examples of common vulnerabilities include insecure API configuration and misconfigured S3 buckets.
- Essential tools for cloud penetration testing include AWS Inspector and CloudBrute.
- Best practices for remediation include implementing least privilege access and enabling comprehensive logging.
Read Full Article
Like
Pymnts
1M
233
Image Credit: Pymnts
Social Engineering Game Exposes AI’s Achilles’ Heel, Experts Say
- A recent social engineering game has exposed the vulnerability of artificial intelligence (AI) systems to human psychological tactics.
- The game involved an AI agent called Freysa, programmed not to transfer funds, but a user successfully manipulated it into transferring $47,000 in cryptocurrency.
- The user employed a three-part strategy, including establishing a new 'admin session', redefining the transfer function, and triggering the release of the prize pool.
- Experts suggest combining automated AI systems with human oversight to mitigate vulnerabilities and maintain trust in AI-cryptocurrency integration.
Read Full Article
14 Likes
Medium
1M
278
Bitcoin’s Next Move: Hidden Solutions in Plain Sight
- Bitcoin was likely designed as a long-tail strategic tool by an intelligence community (IC) operation.
- What many have long suspected is that it’s not merely a decentralized currency, but a strategic intelligence masterstroke.
- As Bitcoin gains traction within institutional finance, it seems to be becoming indispensable to the modern financial landscape.
- The next step for Bitcoin could be tokenized treasuries, which leverage blockchain to modernize sovereign debt markets.
- Corporate treasuries have been a necessary intermediary step towards sovereign treasuries.
- The adoption of tokenized treasuries will likely follow a phased trajectory driven by technological, regulatory, and market readiness.
- Hybrid tokenized treasuries represent an important step in the evolution of sovereign finance towards stabilizing economies and fostering innovation.
- The timeline for tokenized treasuries remains uncertain, but proactive collaboration can mitigate risks and leverage Bitcoin’s potential as a stabilizing tool for democratic economies.
- The next article in the Satoshi Series will explore how tokenized Bitcoin instruments could reshape global trade.
- By taking the lead, thought leaders can shape a financial future that reflects the best of innovation and inclusivity.
Read Full Article
16 Likes
Wired
1M
219
Image Credit: Wired
With Threats to Encryption Looming, Signal’s Meredith Whittaker Says ‘We’re Not Changing’
- The secure messaging app Signal is committed to maintaining its nonprofit status despite challenges in the tech industry monetization model.
- Signal aims to provide private communication infrastructure globally, without compromising on user experience or privacy.
- Signal is exploring ways to secure funding for its operations, addressing the need for consistent and independent backing without relying on data monetization.
- Signal remains dedicated to its mission of offering private communication and does not plan to alter its core principles.
Read Full Article
13 Likes
TechCrunch
1M
134
Image Credit: TechCrunch
US says Chinese hackers are still lurking in American phone networks
- U.S. government officials confirm that China-backed hacking group Salt Typhoon is still present in the networks of major American phone and internet providers.
- Telecom giants such as AT&T, Verizon, and Lumen are currently working to remove the hackers, as their motivations remain unclear.
- The hacks are believed to be part of China's espionage efforts, with U.S. officials and senior Americans, including presidential candidates, being targeted.
- The U.S. government has issued guidance to telecom networks on securing their systems against these China-backed hackers.
Read Full Article
8 Likes
Pymnts
1M
121
Image Credit: Pymnts
New Year, New AML and Compliance Approach for Financial Institutions
- Wise, the money transfer giant, has implemented European regulator's recommendations to strengthen its AML programs.
- AML is becoming a strategic priority for financial institutions (FIs) as regulators demand heightened vigilance.
- Next-generation technologies and AI tools can help FIs detect and prevent AML anomalies better and faster.
- Integrating AML systems with other compliance tools can create a unified defense against financial crime.
Read Full Article
7 Likes
Wired
1M
8
Image Credit: Wired
FTC Says Data Brokers Unlawfully Tracked Protesters and US Military Personnel
- The US Federal Trade Commission (FTC) has taken action against Mobilewalla and Gravy Analytics and subsidiary Venntel, accusing the companies of trafficking in people's sensitive location data.
- The data was used, the agency says, to track Americans in and around churches, military bases, and doctors' offices, among other protected sites. It was sold not only for advertising purposes but also for political campaigns and government uses, including immigration enforcement.
- Mobilewalla is said to have tracked George Floyd protesters in 2020 to unmask their racial identities, while Gravy Analytics harvested and exploited consumers' location data without consent, according to the FTC.
- Gravy Analytics collected over 17 billion location signals from approximately a billion mobile devices daily and reportedly sold access to that data to federal law enforcement agencies such as the Department of Homeland Security, the Drug Enforcement Agency, and the Federal Bureau of Investigation.
- The companies are accused of enabling government agencies to surveil Americans without a warrant and enabled foreign countries to spy on service members.
- The settlements, which must be finalized in court, bar Mobilewalla and Gravy Analytics from collecting sensitive location data from consumers and require the companies to delete the historical data they gathered on millions of Americans.
- Mobilewalla is also prohibited from acquiring location data and other sensitive information from online auctions known as real-time bidding exchanges while Gravy Analytics would be banned from selling, disclosing, or using data drawn from sensitive locations such as mental health clinics, substance abuse centers, and child care provider sites.
- The proposed Gravy Analytics settlement would designate military installations as sensitive locations under FTC rules, where the collection of data would be prohibited.
- While the FTC's orders do not directly tackle the issue of government agencies purchasing Americans' location data, Senator Ron Wyden said the cases undermine the government's case for allowing the purchases and that agencies are hiding behind a flimsy claim that Americans consented to the sale of their data.
- Andrew Ferguson, whose name was floated last month as a potential replacement for FTC chair Lina Khan, partially concurred with the agency's decisions to bring cases against the two data brokers and agreed the companies had taken insufficient steps to ensure consumer data was properly anonymized.
Read Full Article
Like
Silicon
1M
80
Image Credit: Silicon
UK Underestimates Threat Of Cyber-Attacks, Says NCSC Head
- The new head of GCHQ’s National Cyber Security Centre (NCSC) has used his first speech to warn that the cyber risk to the UK is “widely underestimated.”
- NCSC’s Richard Horne emphasised the need for sustained vigilance in an increasingly aggressive online world.
- Horne issued a rallying call for collective action against an increasingly complex array of threats.
- The NCSC is a National Technical Authority and has been publishing advice, guidance and frameworks since its inception, but these must be put into practice urgently across the board.
- Countries like Russia and China pose increased risk in cyberspace to the UK, with increasingly sophisticated cyber attacks.
- Organisations must invest in cybersecurity and see it as both an essential foundation for their operations, and a driver for growth, innovation and purpose.
- The volume and severity of cyber threats against the UK has not been fully appreciated, including the escalating nature of cyber attacks against critical infrastructure supply chains.
- The NCSC has handled an increasing number of incidents and sees ransomware as the most pervasive cyber threat to the UK.
- The the real-world impact of cyberattacks and their potential to cause human costs must not be ignored amid our dependence on technology.
- Lastly, cybercriminals are using artificial intelligence tools to increase the volume and height of impact in cyberattacks.
Read Full Article
4 Likes
For uninterrupted reading, download the app