Trending Articles

article thumbnail

Apps That Are Spying on Your Location

Schneier on Security

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

article thumbnail

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

US to Launch Cyber Trust Mark to Label Secure Smart Devices

Tech Republic Security

The Cyber Trust Mark will help consumers make more informed decisions about the cybersecurity of products, according to the White House.

article thumbnail

Pro-Russia hackers NoName057 targets Italy again after Zelensky’s visit to the country

Security Affairs

Over the weekend, Italy faced new waves of DDoS attacks carried out by pro-Russia group NoName057(16). Pro-Russia hackers Noname057(16) targeted Italian ministries, institutions, critical infrastructure’s websites and private organizations over the weekend. The new wave of attacks coincides with the visit of Ukrainian President Volodymyr Zelensky to Italy.

DDOS 120
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

10 Linux apps I always install first - and you should too

Zero Day

If you're just now jumping onto the Linux train, you might be wondering what apps to install first. Here are the first 10 I find should be installed by all.

145
145
article thumbnail

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Schneier on Security

Not sure this will matter in the end, but it’s a positive move : Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content. The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said S

Hacking 243

More Trending

article thumbnail

What’s Next for Open Source Software Security in 2025?

Tech Republic Security

Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025.

Software 166
article thumbnail

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 120
article thumbnail

Autonomous businesses will be powered by AI agents

Zero Day

The Accenture Technology Vision 2025 report explores how AI-powered autonomy is shaping technology development, customer experience, the physical world, and the future workforce, where people and AI agents work together to drive customer success.

article thumbnail

Zero-Day Vulnerability in Ivanti VPN

Schneier on Security

It’s being actively exploited.

VPN 228
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

The Hacker News

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.

article thumbnail

Australian IT Sector Maintains Strong Employment Outlook for 2025

Tech Republic Security

ManpowerGroups Employment Outlook Survey for Q1 2025 found the Australian IT sector has the strongest net employment outlook of any sector at the beginning of 2025.

140
140
article thumbnail

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” “We have identi

Firewall 115
article thumbnail

CES 2025: The 25 best products that impressed us the most

Zero Day

ZDNET editors scoured the show floor for a week and identified all of this year's best products - including those that will make the biggest impact on the future.

142
142
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Phishing False Alarm

Schneier on Security

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing 160
article thumbnail

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

The Hacker News

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.

Firewall 138
article thumbnail

CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution

Penetration Testing

The open-source VPN software OpenVPN has patched three significant vulnerabilities in OpenVPN 2.6.11, released on June 21, 2024. The post CVE-2024-5594 (CVSS 9.1): Critical Vulnerability in OpenVPN Enables Code Execution appeared first on Cybersecurity News.

VPN 137
article thumbnail

A novel PayPal phishing campaign hijacks accounts

Security Affairs

Fortinet warns of a phishing campaign using legitimate links to hijack PayPal accounts, tricking users into granting unauthorized access. Fortinet uncovered a phishing campaign targeting PayPal users. The scheme employs legitimate links to deceive victims and gain unauthorized access to their accounts. The phishing emails mimic PayPal notifications, including payment details, warnings, a real PayPal sender address, and a genuine URL to bypass security checks.

Phishing 120
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions 

Security Boulevard

What to expect in 2025 and beyond, into the future. Here are some likely predictions across cybersecurity, GenAI and innovation, and defensive cyber. The post From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions appeared first on Security Boulevard.

article thumbnail

Candy Crush, Tinder, MyFitnessPal: See the Thousands of Apps Hijacked to Spy on Your Location

WIRED Threat Level

A hack of location data company Gravy Analytics has revealed which apps areknowingly or notbeing used to collect your information behind the scenes.

Hacking 135
article thumbnail

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is gaining traction, according to our friends at BleepingComputer.

Phishing 115
article thumbnail

New macOS Exploit Revealed: PoC for CVE-2024-54498 Breaks Sandbox Security

Penetration Testing

Recently, security researcher @wh1te4ever has revealed a proof of concept (PoC) exploit for CVE-2024-54498, a vulnerability that allows The post New macOS Exploit Revealed: PoC for CVE-2024-54498 Breaks Sandbox Security appeared first on Cybersecurity News.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

The Hacker News

Microsoft has revealed that it's pursuing legal action against a "foreign-based threatactor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.

article thumbnail

Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data

Security Boulevard

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

Education 111
article thumbnail

Cybersecurity Resolutions for 2025

IT Security Guru

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. The IT Security Guru caught up with Darren Guccione, CEO and co-founder of Keeper Security to see what he thinks should be the industry’s resolutions in the coming year.

article thumbnail

Update Chrome and Firefox now to patch these critical security flaws

Zero Day

The latest updates for both browsers squash several high-severity security bugs. Here's how to grab them.

133
133
article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released

Penetration Testing

Security researcher liona24 has provided an in-depth analysis and a proof-of-concept (PoC) exploit code for CVE-2024-27397, a vulnerability The post Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released appeared first on Cybersecurity News.

article thumbnail

WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables

The Hacker News

Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS).

Malware 132
article thumbnail

How Cracks and Installers Bring Malware to Your Device

Trend Micro

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

Malware 128
article thumbnail

Most Popular Cyber Blogs from 2024

Lohrman on Security

What were the top government technology and cybersecurity blog posts in 2024? The metrics tell us what cybersecurity and technology infrastructure topics were most popular.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.