Trending Articles

article thumbnail

CVE Program Almost Unfunded

Schneier on Security

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from.

CSO 266
article thumbnail

News alert: SquareX to present on uncovering data splicing attacks at BSides San Francisco 2025

The Last Watchdog

Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out , the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by ex

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

China-based SMS Phishing Triad Pivots to Banks

Krebs on Security

China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.

Phishing 216
article thumbnail

My Take: NTT’s physicists confront the mystery Big Tech keep dodging — what are we really creating?

The Last Watchdog

SAN FRANCISCO If large language AI models are shaping our digital reality, then whoexactlyis shaping those models? And how the heck are they doing it? Related: What exactly is GenAI? Those are the questions Dr. Hidenori Tanaka wants to answer in an effort to put GenAI on solid scientific footing. And its the guiding ethos behind NTT Researchs launch of its newly spun-out Physics of Artificial Intelligence Group , which Tanaka will lead as founding director.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

How to Outsource Your Humanity 101

Javvad Malik

You’re so busy climbing the corporate ladder that you can’t spare five minutes to ring mum and dad. But fear not! For a mere 24.90 a month, you can now hire a silicon-based impersonator to pretend it cares about your parents’ day. Welcome to inTouch Family, the service that lets you tick “filial piety” off your to-do list without all that pesky human interaction.

article thumbnail

A few thoughts on CVE

Adam Shostack

CVE funding is apparently not being renewed. I havent been operationally involved for a long time and Im sorry for what the team is going through. Im not alone in having strong feelings, and I want to talk about some of the original use cases that informed us as we set up the system. (You might also enjoy my thoughts on 25 Years of CVE for some context.

LifeWorks

More Trending

article thumbnail

China admitted its role in Volt Typhoon cyberattacks on U.S. infrastructure

Security Affairs

China admitted in a secret meeting with U.S. officials that it conducted Volt Typhoon cyberattacks on U.S. infrastructure, WSJ reports. China reportedly admitted in a secret meeting with U.S. officials that it carried out cyberattacks on U.S. infrastructure, linked to the Volt Typhoon campaign. According to the Wall Street Journal, at a December Geneva summit, Chinese officials indirectly admitted to Volt Typhoon cyberattacks on U.S. infrastructure, reportedly linked to U.S.

Hacking 126
article thumbnail

See No Risk, Hear No Warning, Speak No Breach: The Cybersecurity Trap for Small Businesses

Jane Frankland

Small businesses make up 90% of the global business population. They’re not just the soul of local economiesthey’re essential links in global supply chains and the heartbeat of innovation. Yet in todays AI-driven, connected digital world, many of them are facing a threat theyre reluctant to see, hear, or acknowledge. Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes t

article thumbnail

Assets, Again

Adam Shostack

What's wrong with this process? Appsec leaders come to me all the time, looking for feedback on their threat modeling approach. When we do it for a customer, the request and response are private, and when they're not, sometimes they end up in the blog. A recent request exemplified a couple of the problems that we see over and over: The system model provides a framework for identifying and analyzing potential threats by thoroughly describing the assets, attributes, and their interactions with

Software 130
article thumbnail

China Sort of Admits to Being Behind Volt Typhoon

Schneier on Security

The Wall Street Journal has the story : Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwa

Hacking 235
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Chinese Android phones shipped with malware-laced WhatsApp, Telegram apps

Security Affairs

Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers own. The campaign targeted low-end phones mimicking famous models, using altered system info to trick users.

Malware 116
article thumbnail

My Take: Is Amazon’s Alexa+ a Gutenberg moment — or a corporate rerun of history’s greatest co-opt?

The Last Watchdog

Last Friday morning, April 11, I was making my way home from NTT Researchs Upgrade 2025 innovation conference in San Francisco, when it struck me that were at a watershed moment. I was reflecting on NTTs newly launched Physics of Artificial Intelligence Lab when a GeekWire article crossed my LinkedIn feed, touting a seemingly parallel initiative by Amazon.

article thumbnail

InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability

Penetration Testing

A severe security vulnerability has been identified in the InstaWP Connect WordPress plugin, posing a significant risk to websites using this tool. The vulnerability, tracked as CVE-2025-2636, is an unauthenticated Local PHP File Inclusion flaw that could allow attackers to gain complete control over affected websites. InstaWP Connect is a WordPress plugin developed by the […] The post InstaWP Connect Plugin Exposes WordPress Sites to Critical File Inclusion Vulnerability appeared first on

Risk 113
article thumbnail

Cybersecurity’s Comfort Zone Problem: Are you Guilty of it?

Jane Frankland

One of my friends, Greg van der Gaast tells this great story that perfectly illustrates one of the biggest challenges we face in cybersecurity today. It goes something like this… “Imagine someone who loves coffee. They have a fantastic coffee shop just steps from their home, serving the best lattes and espressos in town. But instead of strolling over to enjoy this local gem, they hop in their car and drive miles away for an average cup from a chain caf.

Risk 100
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

GPU Hosting, LLMs, and the Unseen Backdoor

SecureWorld News

Big AI runs on big hardware. And right now, that hardware is GPUsrented, stacked, and spinning 24/7 across cloud infrastructure nobody double-checks until something breaks. Everyone's focused on what LLMs say and dobut not where they live or how they're trained. That backend? It's a mess. And it's wide open. This is the blind spot in modern cybersecurity, as not many of us are aware of how important GPUs are for AI.

article thumbnail

South African telecom provider Cell C disclosed a data breach following a cyberattack

Security Affairs

Cell C, one of the biggest telecom providers in South Africa confirms a data breach following a 2024 cyberattack. Cell C is the fourth-largest mobile network operator in South Africa, , after Vodacom, MTN, and Telkom. The company founded in 2001 offers prepaid and postpaid mobile plans, data bundles and internet services, fiber broadband, roaming and international calling, SIM-only plans and device deals.

article thumbnail

MY TAKE: The CVE program crisis isn’t over — it’s a wake-up call for cybersecurity’s supply chain

The Last Watchdog

Just hours before it was set to expire on April 16, the federal contract funding MITREs stewardship of the CVE (Common Vulnerabilities and Exposures) program was given a temporary extension by CISA. Related: Brian Krebs’ take on MITRE funding expiring This averted an immediate shutdown, but it didnt solve the underlying problem. Far from it. The system that underpins vulnerability disclosurethe nervous system of cybersecurity risk managementis showing signs of structural fatigue.

article thumbnail

SideCopy APT Group Evolves Tactics, Targets Critical Indian Infrastructure

Penetration Testing

The cyber threat landscape is in constant flux, with threat actors continuously refining their techniques to breach defenses and achieve their malicious objectives. A recent report by Seqrite Labs’ APT team sheds light on the evolving tactics of the Pakistan-linked SideCopy APT group, revealing a significant expansion in their targeting and a shift in their […] The post SideCopy APT Group Evolves Tactics, Targets Critical Indian Infrastructure appeared first on Daily CyberSecurity.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

No, it’s not OK to delete that new inetpub folder

Malwarebytes

In a new update for the guide concerning CVE-2025-21204 Microsoft told users they need the new inetpub folder for protection. As part of Aprils patch Tuesday updates, Microsoft released a patch to a link following flaw in the Windows Update Stack. Applying the patch creates a new %systemdrive%inetpub folder on the device. Users who noticed the new folder asked questions because they were concerned about its origin and purpose.

Internet 103
article thumbnail

Gartner’s 12 Emerging Tech Disruptors & Why ‘Technology Leaders Must Take Action Now’

Tech Republic Security

A Gartner distinguished VP analyst offers TechRepublic readers advice about which early-stage technologies that will define the future of business systems to prioritize.

article thumbnail

AkiraBot: AI-Powered spam bot evades CAPTCHA to target 80,000+ websites

Security Affairs

AkiraBot, a CAPTCHA-evading Python framework, has spammed over 80,000 websites with AI-generated messages, targeting small and medium-sized businesses. SentinelOnes SentinelLabs researchers warn that AkiraBot, a spam framework, targets websites’ chats and contact forms to promote low-quality SEO services, AkiraBot has already targeted more than 400,000 websites and successfully spammed at least 80,000 websites since September 2024.

eCommerce 125
article thumbnail

News alert: NTT unveils AI inference chip enabling real-time 4K processing of ultra-high-def video

The Last Watchdog

TOKYO, Apr. 10, 2025 Today, NTT Corporation ( NTT ) announced a new, large-scale integration (LSI) for the real-time AI inference processing of ultra-high-definition video up to 4K resolution and 30 frames per second (fps). This low-power technology is designed for edge and power-constrained terminal deployments in which conventional AI inferencing requires the compression of ultra-high-definition video for real-time processing.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign

Penetration Testing

AhnLab Security intelligence Center (ASEC) has revealed a cyberattack campaign where Arabic-speaking attackers are distributing ViperSoftX malware, targeting The post ViperSoftX Malware: Arabic-Speaking Attackers Exploit PowerShell in New Cyberattack Campaign appeared first on Daily CyberSecurity.

Malware 117
article thumbnail

MITRE CVE Program Funding Set To Expire

Security Boulevard

MITREs CVE program has been an important pillar in cybersecurity for over two decades. The lack of certainty surrounding the future of the CVE program creates great uncertainty about how newly discovered vulnerabilities will be cataloged. Background On April 15, reports circulated that the contract for funding the Common Vulnerabilities and Exposures (CVE) program along with other related programs, such as Common Weakness Enumeration (CWE), would be expiring on April 16.

article thumbnail

CISA Cuts: What They Mean for Cyber Defense for All

SecureWorld News

Recent reports indicate that the U.S. Cybersecurity and Infrastructure Security Agency (CISA) is bracing for significant workforce reductions. These cuts, which come amid budgetary pressures and evolving threat landscapes, have far-reaching implications across multiple levels of the cybersecurity ecosystem. Here's a breakdown. CISA, known as "America's Cyber Defense Agency," is facing massive layoffs that could impact its ability to safeguard the nation's critical infrastructure.

article thumbnail

Symbolic Link trick lets attackers bypass FortiGate patches, Fortinet warns

Security Affairs

Fortinet warns attackers can keep read-only access to FortiGate devices even after the original vulnerability is patched. Fortinet warns that threat actors can retain read-only access to FortiGate devices even after the original vulnerability used for the breach has been patched. The cybersecurity firm revealed that attackers exploited known FortiGate flaws like CVE-2022-42475 , CVE-2023-27997 , and CVE-2024-21762 to gain persistent read-only access via a symlink in SSL-VPN language folders. 

VPN 103
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

News alert: INE Security highlights why hands-on labs can help accelerate CMMC 2.0 compliance

The Last Watchdog

Cary, NC, Apr. 11, 2025, CyberNewswire — Defense contractors are facing increased pressure to meet the Department of Defense’s stringent Cybersecurity Maturity Model Certification (CMMC) 2.0 requirements ahead of 2025 compliance deadlines. INE Security , a leading global provider of cybersecurity training and certifications, is highlighting how hands-on cybersecurity labs are proving critical for organizations seeking to achieve compliance efficiently and effectively.

CISO 130
article thumbnail

Critical Chrome Security Update: Patch CVE-2025-3619 & CVE-2025-3620 Now!

Penetration Testing

Google has released a critical security update for its Chrome browser, pushing version 135.0.7049.95/.96 to the Stable channel The post Critical Chrome Security Update: Patch CVE-2025-3619 & CVE-2025-3620 Now! appeared first on Daily CyberSecurity.

article thumbnail

Embracing the Future: Mastering Your Cybersecurity Strategy With an Identity Driven Security Approach

Security Boulevard

In today's rapidly evolving digital landscape, taking control of your cybersecurity strategy is more crucial than ever. The post Embracing the Future: Mastering Your Cybersecurity Strategy With an Identity Driven Security Approach appeared first on Security Boulevard.

article thumbnail

Your 23andMe genetic data could be bought by China, senator warns

Malwarebytes

Senator Cassidy, the chair of the US Senate Health, Education, Labor, and Pensions Committee has expressed concerns about foreign adversaries, including the Chinese Communist Party, acquiring the sensitive genetic data of millions of Americans through 23andMe. The risk is considered real because of the impending takeover of the genetic database that belongs to 23andMe.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!