A naukri.com initiative
Info. Security News News
Cybersecurity-Insiders
6d
351
Image Credit: Cybersecurity-Insiders
NSA issues warning to iPhone users on data security
- The National Security Agency (NSA) has issued a global advisory for iPhone users regarding a device setting that poses data security risks.
- Users are advised to review and adjust their privacy settings, specifically limiting location-sharing and disabling advertising permissions for downloaded apps.
- Location-sharing settings can be exploited by hackers and third-party entities to track a user's movements and activities in real-time.
- Similar vulnerabilities exist in the Android ecosystem, and unregulated data collection can lead to severe privacy breaches.
Read Full Article
21 Likes
Hackersking
6d
148
Image Credit: Hackersking
Forget your Instagram Password? Roadmap to Quick Fixes
- Forgetting your Instagram password is a common occurrence with various reasons behind it.
- You can recover your Instagram account by accessing the Login Help feature, using Facebook login, or reaching out to the Instagram Support Center.
- To avoid forgetting passwords in the future, it is recommended to use password managers, enable two-factor authentication, and regularly update and save passwords.
- If all else fails, contacting Instagram Support with relevant details and proof of identity is the next step to recover your account.
Read Full Article
8 Likes
Hackingblogs
6d
33
Image Credit: Hackingblogs
15,000 Fortinet firewall configurations with VPN passwords leaked on the darknet
- Over 15,000 plaintext VPN passwords and Fortinet firewall configurations were leaked on the darknet.
- The data breach, caused by the Belsen Group, affects 145 nations, with significant impact in Germany, the US, and Mexico.
- The leaked data includes SSH keys, administrator credentials, and encrypted Wi-Fi passwords.
- The breach highlights the need for firmware upgrades and disabling remote access to mitigate further cyber attacks.
Read Full Article
1 Like
Qualys
7d
62
Image Credit: Qualys
Cybersecurity 2025: Qualys’ Predictions for Navigating the Evolving Threat Landscape
- Cybersecurity predictions for 2025 suggest an urgent need for proactive, intelligence-driven strategies as nation-state attacks, AI misuse and cloud security risks are poised to test organizations' resilience. Experts in Qualys' predictions anticipate a growing desire among security teams to strike a balance between anarchic digital transformation and safeguarding enterprise assets against potential AI-related risks. The team also predicts a need for upgraded agentic AI end-to-end security, a renewed focus on risk management, consolidation of security capabilities and the drive for a unified platform approach. Breach recovery will be made more difficult by the increasing frequency of nation-state attacks, long-term cloud compromises and data leakage risks.
- The Qualys team highlights the importance of striking a balance between innovation and robust risk management practices to achieve effective cybersecurity in 2025.
- Handling agentic AI will be a key consideration requiring additional privileged access as AI machines become more prevalent in organizations.
- CISOs' adoption of a risk management approach will help to operationally focus on the massive risks facing the business while justifying investments in the correct controls and offsetting residual risk with appropriate insurance premiums.
- Businesses will increasingly favor a unified platform approach that provides a centralized risk view across the organization and a well-integrated partner ecosystem of additional capabilities.
- CISA's FOCAL Plan for 2025 will emphasize enhanced asset and vulnerability management across federal agencies through solutions that continually identify assets and vulnerabilities, correlate asset contexts and accurately prioritize risks using threat intelligence.
- Adversaries are increasingly able to maintain 'stealth for survival', resulting in increased nation-state attacks and cloud-based compromises with long dwell times, exacerbating incident and breach recovery.
- Challenges such as accidental disclosure and insider threat risks for exfiltration, DevSecOps, API and cloud solutions are set to emerge as leading cybersecurity threats in 2025.
- Expert views on cybersecurity trends and predictions suggest that a balance between proactive, intelligence-driven strategies and robust risk management practices to strike is crucial to successfully combat escalating threats and transformative technologies in 2025.
- It is essential for organizations to invest in innovative security solutions to enhance digital transformation securely while safeguarding enterprise assets against potential risks.
Read Full Article
3 Likes
Securityaffairs
7d
203
Image Credit: Securityaffairs
Prominent US law firm Wolf Haldenstein disclosed a data breach
- Prominent US law firm Wolf Haldenstein disclosed a data breach that exposed the personal information of nearly 3.5 million individuals.
- The security breach occurred on December 13, 2023, but the company discovered the incident only on April 18, 2024, and has now disclosed it.
- The breach may have exposed name, Social Security number, employee identification number, medical diagnosis, and medical claim information.
- Wolf Haldenstein advises affected individuals to monitor their accounts and credit reports for potential identity theft or fraud.
Read Full Article
12 Likes
Dataprivacyandsecurityinsider
7d
78
Image Credit: Dataprivacyandsecurityinsider
RealPage Antitrust Consent Decree Proposed
- The Department of Justice (DOJ) and eight states filed a civil antitrust lawsuit against RealPage Inc., alleging unlawful competition practices.
- The DOJ, joined by ten states, filed an amended complaint alleging participation of several landlords in a price-fixing scheme using RealPage software.
- The landlords shared sensitive information through RealPage's pricing algorithm to decrease competition and increase corporate profits.
- A proposed consent decree with Cortland Management was announced, resolving claims in exchange for cooperation with the DOJ's ongoing investigation.
Read Full Article
4 Likes
Dataprivacyandsecurityinsider
7d
278
Image Credit: Dataprivacyandsecurityinsider
California AG Issues AI-Related Legal Guidelines for Developers and Healthcare Entities
- The California Attorney General issued two legal advisories regarding the application of existing California laws to artificial intelligence (AI).
- The advisories aim to remind businesses of consumer rights under the California Consumer Privacy Act and advise developers about their obligations under the CCPA.
- The first advisory provides an overview of existing California laws and summarizes the new California AI law that went into effect on January 1, 2025.
- The second advisory focuses on the application of existing California law to AI in healthcare and emphasizes the need for adherence to consumer protection, civil rights, data privacy, and professional licensing laws.
Read Full Article
16 Likes
Dataprivacyandsecurityinsider
7d
74
Image Credit: Dataprivacyandsecurityinsider
New Jersey AG Says Anti-Discrimination Law Covers Algorithmic Discrimination
- New Jersey Attorney General Matthew Platkin announced new guidance that the New Jersey Law Against Discrimination (LAD) applies to algorithmic discrimination.
- LAD prohibits discrimination based on protected characteristics like race, religion, national origin, sex, pregnancy, and gender identity.
- Employers, housing providers, and places of public accommodation using automated decision-making tools that result in discriminatory decisions would violate LAD.
- The guidance encourages companies to carefully design, test, and evaluate AI systems to avoid producing discriminatory impacts.
Read Full Article
4 Likes
Dataprivacyandsecurityinsider
7d
8
Image Credit: Dataprivacyandsecurityinsider
The CIO-CMO Collaboration: Powering Ethical AI and Customer Engagement
- CIOs and CMOs must collaborate to balance ethical AI implementations with compelling customer experiences.
- CMOs focus on delivering personalized interactions to meet customer expectations, requiring significant amounts of personal data, and creating a risk of privacy violations.
- Data governance is the backbone of ethical AI and compelling customer engagement.
- Collaboration between CIOs and CMOs is necessary to establish clear data management protocols and ensure customer data is stored securely and utilized in compliance with emerging regulations.
- Robust technology infrastructure is required for the scalable and agile support of AI-powered customer engagement.
- CIOs and CMOs should collaborate to ensure that marketing campaigns are supported by IT systems capable of handling diverse AI workloads.
- Proactive collaboration between CIOs and CMOs ensures that potential vulnerabilities are identified and mitigated before they evolve into full-blown crises, protecting organizations' digital assets and reputation.
- Successful partnerships between CIOs and CMOs show that by uniting their expertise, they deliver next-generation strategies that drive measurable business outcomes.
- Trends to watch in the coming years include regulations around AI transparency, advances in machine learning for hyper-personalization, and AI content labeling.
- By aligning goals and strategies early on, CIOs and CMOs can power ethical AI innovation, ensure compliance, and elevate customer experiences to new heights.
Read Full Article
Like
Dataprivacyandsecurityinsider
7d
74
Image Credit: Dataprivacyandsecurityinsider
Privacy Tip #427 – Ahead of the TikTok Ban, Users are Turning to Another Chinese App with Similar Privacy Concerns – What you Should Know
- TikTok users are turning to another Chinese app called RedNote as an alternative ahead of the TikTok ban in the U.S.
- RedNote is similar to TikTok, allowing users to share short clips and is currently the most downloaded app on Apple's app store.
- However, RedNote raises similar privacy and national security concerns as TikTok, with a privacy policy written in Mandarin and data collection practices.
- Experts advise users to opt for U.S.-based short-form video services like Instagram Reels and YouTube Shorts to avoid potential risks.
Read Full Article
4 Likes
Securityaffairs
7d
245
Image Credit: Securityaffairs
Clop Ransomware exploits Cleo File Transfer flaw: dozens of claims, disputed breaches
- The Clop ransomware gang claims dozens of victims from a Cleo file transfer vulnerability.
- 59 new companies have been added to the Clop leak site, with the group claiming to have breached them by exploiting a vulnerability in Cleo file transfer products.
- Some of the organizations listed by the Clop gang have disputed the claims, denying any compromise.
- Clop ransomware group threatens to publish stolen data on January 18, 2025, after failed ransom negotiations with breached organizations.
Read Full Article
14 Likes
Infoblox
7d
332
Image Credit: Infoblox
The White House Executive Order: Requiring DNS as a Frontline Security Control
- On January 16, 2025, the White House issued an executive order (EO) aimed to strengthen and enhance cybersecurity, including the requirement for encrypted DNS protocols that ensure the confidentiality and integrity of DNS traffic.
- This requirement recognizes DNS as a critical frontline security control, emphasizing the significance of DNS in cybersecurity defense-in-depth strategy.
- Encrypting DNS protocols (like DNS over HTTPS (DoH) and DNS over TLS (DoT)) enhances security by protecting confidentiality and preserving integrity.
- FCEB agencies are required to enable encrypted DNS protocols within 180 days on existing clients and servers that support these protocols and additional clients and servers supporting such protocols.
- Implementing encrypted DNS protocols require additional computing resources, and agencies should ensure that their DNS servers have sufficient resources to handle the query load.
- The use of encrypted DNS protocols may also make it more challenging to track DNS requests and responses, making troubleshooting more difficult.
- Federal agencies should audit their existing DNS infrastructure, plan and implement the encrypted DNS protocols, and collaborate with vendors and service providers to ensure compliance with the new requirements.
- Infoblox provides comprehensive, scalable, and easily deployable Secure DNS solutions to assist federal agencies in meeting these new requirements.
- The new requirements set by the Executive Order should have a positive impact on cybersecurity resilience with Infoblox providing the tools and expertise necessary to secure the foundation of the internet.
Read Full Article
19 Likes
Kaspersky
7d
398
Image Credit: Kaspersky
New gadgets unveiled at CES 2025, and their impact on security | Kaspersky official blog
- CES 2025 showcased gadgets such as NVIDIA Project DIGITS, Roborock Saros Z70, Google Home + Matter, and Halliday Glasses. Many of these products have new features such as video surveillance, AI-powered personal assistants, and biometric identification system, which can be used in cyberphysical attacks and spying. The inability to cope with stairs and obstacles remains an issue with robot vacuum cleaners, but the Saros Z70 model by Roborock has an extensible arm that can pick up small objects from the floor. The Bosch Revol Smart Crib continuously collects video and audio data, scans the baby's pulse and breathing rate, monitors temperature, humidity and fine-particle pollution levels, and transmits them to a parental smartphone and to the cloud, which raises concerns for data security. The TP-Link Tapo DL130 smart lock with palm vein matching biometric factor is connected to home networks and interacts with Alexa and Google Home, creating a wide cyberattack surface. Google Home + Matter allows local control of smart homes, which reduces the risk of compromise and improves privacy. Sony Honda AFEELA is a luxury electric car that comes with a complimentary three-year subscription to in-car features, including AI-powered personal assistant, and entertainment features such as augmented reality and virtual worlds. BenjiLock Outdoor Fingerprint Padlock is resistant to moisture and dust, stores and recognizes fingerprints, and works for up to a year. However, smart locks are often vulnerable to both lock picking and inexpensive fingerprint faking.
Read Full Article
23 Likes
Sentinelone
7d
253
Image Credit: Sentinelone
New Possibilities with Purple AI | Third-Party Log Sources & Multilingual Question Support
- SentinelOne has launched two new features with Purple AI: third-party log source support and multilingual question support.
- Purple AI is marketed as the industry’s most advanced AI security analyst for streamlining threat hunting, query writing, investigations and navigating complex data schemas both within the business and third party.
- The third-party log source support aims to provide a greater data visibility across an organisation, allowing security analysts to detect potential attacks earlier on.
- The approved third party log sources include; Palo Alto Networks Firewall, ZScaler Internet Access, Proofpoint TAP, Microsoft Office 365, Fortinet FortiGate and Okta
- The multilingual question support feature translates user queries into necessary PowerQuery syntax to deliver accurate results
- It simplifies communication by enabling on-the-fly translations, saving the investigation steps in the Notebook with translated summaries, making findings easier to share with international teams.
- Supported languages include Spanish, French, German, Italian, Dutch, Arabic, Japanese, Korean, Thai, Malay, Indonesian and more.
- The feature is already available for existing Singularity Complete and Purple AI customers, with new customers able to find out more via the company's website.
- Ultimately, SentinelOne aims to safeguard data by empowering analysts to detect earlier, respond faster and stay ahead of cyber-attacks.
- The overarching mission of the new features is to promote inclusivity and collaboration, creating a safer world for all.
Read Full Article
15 Likes
Securityintelligence
7d
0
Image Credit: Securityintelligence
The current state of ransomware: Weaponizing disclosure rules and more
- Ransomware has become a multi-layered, global challenge that continues to threaten businesses and governments alike.
- AI technology enhances phishing and social engineering attacks, and deepfake technology is used in social engineering to create convincing fraud videos or audios.
- Ransomware weaponizes disclosure rules and regulations, particularly those issued by the U.S. SEC, to pressure victims into paying ransoms.
- Living-off-the-land (LOTL) tactics that use established tools and software continue to evade standard cybersecurity defenses.
- Ransomware is being used as a geopolitical tool by country-sponsored actors, hacktivist groups, and cybercriminals with political agendas.
- Industries such as healthcare, public administration, transportation, and finance are the most vulnerable to ransomware attacks.
- The costs of ransomware extend beyond the ransom payments and include disruption, data loss, recovery costs, reputational damage, and more.
- Despite the increasing complexity and financial impact of ransomware attacks, advancements in AI cybersecurity tools and a growing awareness of evolving tactics provide pathways for improving defenses.
Read Full Article
Like
For uninterrupted reading, download the app