A naukri.com initiative
Cyber Security News
Siliconangle
1M
354
Image Credit: Siliconangle
PagerDuty teams up with AWS to enhance incident management with generative AI integrations
- PagerDuty teams up with AWS to enhance incident management with generative AI integrations
- PagerDuty collaborates with AWS to develop generative artificial intelligence and automation features for PagerDuty Advance platform
- The collaboration aims to address the increasing frequency and cost of major service disruptions by leveraging generative AI in incident management
- Integrations include AI-driven incident context within chat applications, AI policies enforcement, and unified interface for incident management
Read Full Article
21 Likes
Scientificworldinfo
1M
372
Image Credit: Scientificworldinfo
Top Cybersecurity Roles to Watch Out For in 2025
- Top Cybersecurity Roles to Watch Out for in 2025 including ethical hackers, cybersecurity analysts, cloud security specialists, forensic analysts, identity and access management specialists, and incident response managers.
- Roles like Security Architects, Incident Responders, and Governance, Risk, and Compliance (GRC) Analysts are also in high demand.
- Emerging roles like AI security specialists, forensic analysts and IoT security experts are also gaining popularity with advancements in technology.
- In 2024 and beyond, the cybersecurity landscape is set to be shaped by advancements in AI, cloud computing, and IoT.
- AI-Driven Threat Detection, Zero-Trust Security Models, Quantum-Resistant Cryptography, and Cloud Security Innovations are the latest trends in cybersecurity for 2025.
- Other trends include targeted social media attacks, IoT Security Enhancements, and Cybersecurity for Remote Work.
- In 2025, Cybersecurity Analyst and Ethical Hacker roles are critical for organizations working to safeguard their digital assets.
- Other in-demand roles include Cloud Security Specialist, Chief Information Security Officer, and incident response managers.
- Enrolling in programs like the iit cyber security course equips professionals with the expertise needed for these roles and offers in-depth training in areas like ethical hacking, cloud security, and incident response.
- From ethical hackers to AI security specialists, cybersecurity professionals are the backbone of secure digital ecosystems, making their contributions increasingly indispensable.
Read Full Article
22 Likes
Tech Radar
1M
80
Image Credit: Tech Radar
Apple employee sues company for allegedly spying on personal worker devices
- An employee is suing Apple for allegedly illegally monitoring worker devices and hindering their free speech.
- The lawsuit claims that software installed on employee personal devices gives Apple excessive access to personal data.
- Apple allegedly restricts employees from discussing working conditions and compensation.
- Separate complaints against Apple allege compensation differences based on sex.
Read Full Article
4 Likes
Medium
1M
309
How Technology Fueled One of the World's Biggest Ponzi Schemes
- MMM operated as a "mutual aid" platform, leveraging technology to automate and obscure the flow of funds.
- MMM's platform used algorithms to match "providers" of help with "receivers," creating an illusion of trustworthiness.
- The scheme collected sensitive user data and applied gamification techniques to encourage more investment.
- The integration of cryptocurrencies and social engineering tactics contributed to MMM's success.
Read Full Article
18 Likes
Lastwatchdog
1M
332
News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform
- Sweet Security has released its unified Cloud Native Detection and Response platform.
- The platform integrates Application Detection and Response (ADR), Cloud Detection and Response (CDR), and Cloud Workload Protection Platform (CWPP) into one solution.
- Sweet Security's platform offers unparalleled detection and response capabilities, providing insights from every layer of the cloud stack.
- The platform decreases Mean Time to Resolution (MTTR) by 90% and empowers organizations to respond faster and more effectively to security threats.
Read Full Article
19 Likes
Dev
1M
49
Image Credit: Dev
Part 4: Cross-Site Scripting (XSS) Series - Stored XSS – A Deep Dive
- Stored Cross-Site Scripting (Stored XSS) is a dangerous type of XSS vulnerability that can affect every user who accesses the affected page.
- Stored XSS vulnerabilities arise in applications that accept and store untrusted user input without proper validation or sanitization.
- The web application stores this input in a database or file system without properly sanitizing it. The input is then displayed to other users who access the page containing this data.
- When another user visits the page containing the stored malicious script, the malicious JavaScript code executes in their browser.
- Attackers exploit stored XSS vulnerabilities by performing reconnaissance, payload crafting, delivering the attack, and exploitation.
- To prevent stored XSS vulnerabilities, developers and security professionals should employ secure coding practices.
- Regular security audits are necessary to identify potential security issues in web applications.
- Detecting stored XSS vulnerabilities can be done through both manual and automated techniques.
- Tools like XSS Hunter and XSStrike can provide more advanced payloads and detect subtle XSS flaws.
- Stored XSS is a powerful and persistent attack vector that can have severe consequences for both users and organizations.
Read Full Article
2 Likes
Dev
1M
278
Image Credit: Dev
Part 3: Cross-Site Scripting (XSS) Series - Recognizing and Identifying XSS Vulnerabilities
- In this 3rd part of our XSS series, we explore the practical aspects of identifying XSS vulnerabilities in web applications.
- Recognizing potential entry points for XSS involves spotting common patterns of insecure coding and insufficient input/output handling.
- Manual testing techniques include testing for reflected XSS, stored XSS, and DOM-based XSS using different contexts and payloads.
- Automated tools such as Burp Suite, OWASP ZAP, XSS Hunter, DalFox, and XSStrike can also be used to detect XSS vulnerabilities.
Read Full Article
16 Likes
Tech Radar
1M
341
Image Credit: Tech Radar
Corrupted Microsoft Word files used to launch phishing attacks
- Cybercriminals have been using corrupted Microsoft Word files in phishing attacks.
- These corrupted files bypass email protection solutions.
- Email security tools cannot scan and flag the files if they are corrupted.
- The goal of these attacks is to steal people's cloud credentials.
Read Full Article
20 Likes
Googleblog
1M
13
Image Credit: Googleblog
Making the Play Integrity API faster, more resilient, and more private
- Google Play is enhancing the Play Integrity API to make it faster, more resilient, and more private.
- The Play Integrity API helps protect businesses from revenue loss and improve user safety.
- The new enhancements include faster and less spoofable verdicts, device security update checks, standardized verdict signals, and more.
- Developers can start using the improved Play Integrity API now, with full integration set for May 2025.
Read Full Article
Like
TechBullion
1M
8
Image Credit: TechBullion
Essential Cybersecurity Tips to Protect Your Digital World
- Passwords are the primary line of defense against digital threats. Use strong and unique passwords and consider using a password manager.
- Enable multifactor authentication (MFA) for extra security. It adds an additional layer of verification to protect your accounts.
- Keep your software and operating system up to date to prevent cyberattacks that exploit vulnerabilities in outdated software.
- Be cautious of phishing attacks, particularly in unsolicited emails asking for personal information. Verify the source before providing any sensitive data.
- Regularly backup your data to prevent data loss in case of hardware failure, cyberattacks, or human errors.
Read Full Article
Like
Tech Radar
1M
323
Image Credit: Tech Radar
Russian censorship is getting tougher – and Tor needs your help
- The Tor Browser is calling for volunteers within the internet community willing to support its fight against tougher Russian censorship.
- The team aims to deploy 200 new WebTunnel bridges by the end of December 2024, to open secure access for users in Russia.
- A Tor bridge is a non-public server run by volunteers that helps users bypass censorship and establish a connection to the Tor network.
- Tor's urgent call follows an escalation in Russian censorship efforts targeting access to Tor and other circumventing tools.
Read Full Article
19 Likes
Tech Radar
1M
148
Image Credit: Tech Radar
MOVEit breach chaos continues, data on hundreds of thousands leaked from Nokia, Morgan Stanley
- Hackers are still leaking sensitive information stolen via the MOVEit flaw, more than a year after it was first disclosed.
- A threat actor with the alias 'Nam3L3ss' recently started leaking sensitive data from six major companies to BreachForums.
- The leaked information includes people's full names, phone numbers, email addresses, job addresses, employee badges, job titles, and usernames.
- MOVEit is a managed file transfer tool used by large companies to securely share sensitive files.
Read Full Article
8 Likes
Secureerpinc
1M
170
Image Credit: Secureerpinc
Trust in Passwords Persists Despite AI Security Threats
- Passwords continue to be trusted by 39% of people as the best way to authenticate users.
- However, passwords are vulnerable to AI security threats, such as sophisticated phishing attacks.
- AI tools enable cybercriminals to create undetectable phishing scams and conduct more widespread attacks.
- To address password vulnerabilities, companies should implement multi-factor authentication and enhance employee education on cybersecurity.
Read Full Article
10 Likes
Cybersecurity-Insiders
1M
309
Image Credit: Cybersecurity-Insiders
Apple espionage on its employees iPhones and iCloud accounts
- Apple Inc. is facing accusations of spying on its employees' personal iPhones and iCloud accounts.
- A lawsuit filed by a former employee alleges that Apple installed surveillance software on employees' personal devices to monitor their private information.
- The lawsuit claims that Apple required employees to consent to the installation of this software and had strict rules regarding confidentiality and whistleblowing.
- Apple denies the allegations and states that any software installed on employees' devices was done with their consent for health and safety monitoring purposes.
Read Full Article
18 Likes
Tech Radar
1M
273
Image Credit: Tech Radar
Javascript files loaded with RATs hits thousands of victims
- Hackers are targeting people and businesses in Russia with malicious JavaScript to install backdoors on their devices.
- The campaign, known as 'Horns&Hooves', started in March 2023 and has infected approximately 1,000 endpoints.
- Phishing emails impersonating individuals and businesses are used to deliver the malicious JavaScript payload.
- The payload deploys Remote Access Trojans (RATs), such as NetSupport RAT and BurnsRAT, to install infostealers like Rhadamanthys and Meduza.
Read Full Article
16 Likes
For uninterrupted reading, download the app