eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. Expert Advice and Organizational Impact Cybersecurity experts urge organizations to implement robust measures to counter these evolving threats.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

SecureWorld News

FEBRUARY 13, 2025

According to a 2023 study by Sumsub , deepfake fraud attempts increased by 704% between 2022 and 2023. Traditionally, attackers relied on phishing emails to impersonate executives, but deepfakes now enable fraudsters to conduct real-time video and voice calls that appear authentic.

Social Engineering 96

Social Engineering Authentication Identity Theft Engineering 96

Krebs on Security

JANUARY 7, 2025

Lookout researchers discovered multiple voice phishing groups were using a new phishing kit that closely mimicked the single sign-on pages for Okta and other authentication providers. Federal Communications Commission (FCC), as well as those working at the cryptocurrency exchanges Coinbase and Binance. “ Annie.”

Phishing 350

Phishing Cryptocurrency Accountability Social Engineering 350

SecureWorld News

NOVEMBER 12, 2024

A new joint Cybersecurity Advisory, co-authored by leading cybersecurity agencies from the United States, Australia, Canada, New Zealand, and the United Kingdom, details the vulnerabilities malicious actors routinely exploited in 2023. CVE-2020-1472 (Microsoft Netlogon): Allows privilege escalation.

Software 113

Software Risk Cyber threats Passwords 113

Security Affairs

JANUARY 25, 2025

The duo found Subaru’s admin panel hosted on a subdomain, allowing password resets for employee accounts without confirmation, bypassing two-factor authentication. Researchers used the valid employee email to reset the password, bypass two-factor authentication, and gain access to the panels functionality. ” wrote Curry.

Hacking 129

Hacking Accountability Authentication Passwords 129

Security Affairs

DECEMBER 17, 2024

” The Remote Access Trojan (RAT) has been active since July 2022. The FBI recommends limiting or isolating vulnerable devices, monitoring networks, and following cybersecurity best practices. Threat actors leveraged edge routers, or living on the edge access, to passively collect traffic and set up a covert C2 infrastructure.

Architecture 111

Architecture Malware IoT Internet 111

Security Affairs

OCTOBER 15, 2024

The cybersecurity researcher HaxRob analyzed a new variant of the FASTCash “payment switch” malware which targets Linux systems. post-April 2022. Require and verify message authentication codes on issuer financial request response messages. LTS distributions.

Malware 135

Malware Banking Hacking Accountability 135

SecureWorld News

APRIL 23, 2025

The United States Cybersecurity and Infrastructure Security Agency (CISA) is confronting a pivotal moment following the recent resignations of two senior officials who were instrumental in the agency's Secure by Design initiative. Follow SecureWorld News for more stories related to cybersecurity.

Manufacturing 101

Manufacturing Software Cybersecurity Authentication 101

eSecurity Planet

MARCH 4, 2025

Cybersecurity researchers have uncovered a campaign where threat actors exploit misconfigured Amazon Web Services (AWS) environments to send phishing emails. How the attack works The JavaGhost group, active since 2019, initially focused on website defacements before shifting to financially motivated phishing attacks in 2022.

Phishing 78

Phishing Accountability Authentication Risk 78

Centraleyes

MARCH 13, 2025

New York, the city that never sleeps, is also the city that takes cybersecurity very seriously. If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation.

Cybersecurity 52

Cybersecurity Financial Services Risk Encryption 52

SecureList

DECEMBER 12, 2024

During the first week of October, Kaspersky took part in the 34th Virus Bulletin International Conference , one of the longest-running cybersecurity events. Specifically, we observed one of these attacks targeting an organization in Latin America in 2022. However, unlike in 2022, the adversary did not use scheduled tasks to do that.

Malware 107

Malware Media Encryption Authentication 107

Zero Day

JUNE 6, 2025

Based on an analysis by cybersecurity news platform Hackread , the data contains dates of birth, phone numbers, email addresses, street addresses, and even social security numbers. Trey Ford, Chief Information Security Officer at crowdsourced cybersecurity firm Bugcrowd offers an interesting take.

Password Management 128

Password Management Passwords Identity Theft Artificial Intelligence 128

Security Affairs

MARCH 3, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Cisco Small Business RV Series Routers, Hitachi Vantara Pentaho BA Server, Microsoft Windows Win32k, and Progress WhatsUp Gold flaws to its Known Exploited Vulnerabilities catalog. Exploiting it requires admin credentials and grants root access. ” reads the advisory. .

Small Business 61

Small Business Authentication Hacking Accountability 61

The Last Watchdog

JANUARY 15, 2025

Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats. Prague, Czech Republic, Jan.

Banking 130

Banking Authentication Technology Marketing 130

eSecurity Planet

FEBRUARY 24, 2025

Cybersecurity experts are now poring over the data, uncovering a rare inside look at how one of the most feared ransomware groups operates and potentially unravels. A glimpse inside Black Basta Active since 2022, Black Basta has built a reputation for high-profile attacks using double-extortion tactics.

Ransomware 67

Ransomware Phishing Healthcare Cryptocurrency 67

Jane Frankland

MAY 3, 2025

While details remain sparse, reports suggest social engineering tactics like phishing, SIM swapping, and multi-factor authentication (MFA) fatigue attacks may have been used to infiltrate systems. Cybersecurity isnt just an IT problem; its central to risk management, operational continuity, and customer trust.

Cyber Attacks 100

Cyber Attacks Retail Cyber threats Backups 100

Security Affairs

JUNE 6, 2025

After Russia’s invasion of Ukraine in February 2022, Rudometov reportedly fled to Krasnodar, Russia. The cybersecurity firm’s recommendations for malware victims are: Consult an expert : For thorough malware removal and system security, seek professional help if needed. ” continues the announcement.

Malware 88

Malware Passwords Identity Theft Government 88

Security Boulevard

JUNE 27, 2025

government agencies, including the Cybersecurity and Infrastructure Security Agency (CISA). Threat actor Activity HomeLand Justice Carried out destructive attacks against the Government of Albania in 2022, utilizing ransomware and disk wiping malware. CVE-2020-12812 Fortinet FortiOS Improper Authentication [ 1 ] [ 2 ] 9.8

Accountability 57

Accountability Passwords Authentication Energy and Utilities 57

Security Affairs

JUNE 6, 2025

Details in our flash alert on CATALYST: [link] pic.twitter.com/oRHQzzIph8 — PRODAFT (@PRODAFT) June 6, 2025 The Qilin ransomware group has been active since at least August 2022 but gained attention in June 2024 for attacking Synnovis , a UK governmental service provider for healthcare. through 7.0.16 and FortiProxy version 7.0.0

Ransomware 79

Ransomware Authentication Healthcare Firewall 79

Thales Cloud Protection & Licensing

OCTOBER 14, 2024

As a result, FinServ organizations have some of the largest cybersecurity budgets and most advanced defenses. A lack of multifactor authentication (MFA) to protect privileged accounts was another culprit, at 10%, also 7 percentage points lower than average.

Financial Services 62

Financial Services Threat Reports Authentication Banking 62

The Last Watchdog

MAY 14, 2025

Cary, NC, May 14, 2025, CyberNewswire — INE Security , a global leader in hands-on cybersecurity training and certifications, today highlighted how ongoing real-world practice with the latest CVEs (Common Vulnerabilities and Exposures) is essential for transforming security teams from reactive to proactive defenders.

Authentication 130

Authentication Cybersecurity Risk Media 130

Duo's Security Blog

MARCH 31, 2025

Organizations have 180 days to reach compliance according to stricter standards of identity cybersecurity if the proposed updates pass. Between 2022 and 2023, the HIPAA Journal reported a jump from 51.9 HIPAA Security Rule To Strengthen the Cybersecurity of Electronic Protected Health Information, 2025, p.

Healthcare 52

Healthcare Authentication Risk Firewall 52

Security Boulevard

NOVEMBER 1, 2024

1 - Securing OT/ICS in critical infrastructure with zero trust As their operational technology (OT) computing environments become more digitized, converged with IT systems and cloud-based, critical infrastructure organizations should beef up their cybersecurity by adopting zero trust principles. and the U.K. s MI5, said in a statement.

CISO 57

CISO Cybersecurity Authentication Government 57

eSecurity Planet

MAY 27, 2025

Luna Moth has been active since at least 2022 and first gained attention for using a technique known as callback phishing, a method where victims receive phishing emails pretending to be billing notices or subscription charges. Enable two-factor authentication across all systems. Maintain regular backups of sensitive data.

Phishing 60

Phishing Scams Antivirus Backups 60

Security Affairs

DECEMBER 11, 2024

Sophos) an information technology company that develops and markets cybersecurity products.” ” At the end of April 2020, cybersecurity firm Sophos released an emergency patch to address an SQL injection zero-day vulnerability affecting its XG Firewall product that has been exploited in the wild. based Sophos Ltd.

Firewall 79

Firewall Hacking Malware Encryption 79

Security Affairs

MARCH 16, 2025

Apple fixed the third actively exploited zero-day of 2025 Switzerland’s NCSC requires cyberattack reporting for critical infrastructure within 24 hours SideWinder APT targets maritime and nuclear sectors with enhanced toolset U.S.

Spyware 76

Spyware Cybercrime IoT Firewall 76

Security Boulevard

FEBRUARY 17, 2025

Kagi also introduces Privacy Pass, which allows users to authenticate to servers (like Kagi's) without revealing their identity; this should ensure searches are unlinkable to accounts. When exploited, an authenticated attacker could elevate to SYSTEM level privileges. This has been exploited in the wild as a zero-day. CVE-2025-21391.

Surveillance 52

Surveillance Data breaches VPN Malware 52

SecureWorld News

DECEMBER 27, 2024

Death, taxes, and cybersecurity. While cybersecurity has its bad side (breaches, hacks, AI); it also has a good side (good practitioners and vendors fighting the good fight, AI). AI dominates a lot of the predictions; as does the continued shortage of folks to fill cybersecurity roles. Zero trust is not going anywhere.

Cybersecurity 123

Cybersecurity CISO Risk Government 123

The Last Watchdog

OCTOBER 29, 2024

Focused on API security, Wallarm’s API ThreatStats report gathers all the available data on API-related cybersecurity incidents and vulnerabilities for analysis. Q3 API security incidents Not surprisingly, Q3 2024 saw an increased number of API related cybersecurity incidents. The scale of the problem continues to grow.

CISO 130

CISO Authentication Risk Architecture 130

Responsible Cyber

MARCH 2, 2025

As businesses increasingly rely on cloud platforms and applications for collaboration, productivity, and operations, understanding their security features is criticalespecially when managing subscriptions to mitigate risks like Shadow IT, Shadow AI, and cybersecurity vulnerabilities. Business Plan: Priced at $19.99

Education 40

Education Marketing Encryption Threat Detection 40

Webroot

OCTOBER 31, 2024

Steam the Webinar on demand HERE As we look back on the cybersecurity landscape of 2024, it’s clear that the world of digital threats continues to evolve at an alarming pace in parallel with AI. This sparked widespread concern and discussions on cybersecurity measures within nonprofit organizations.

Malware 117

Malware Ransomware Healthcare Encryption 117

The Last Watchdog

MARCH 11, 2025

Most concerning for enterprise security leaders: 70% of secrets leaked in 2022 remain active today, creating an expanding attack surface that grows more dangerous with each passing day. ” Fourrier points to the 2024 U.S. .” A study of 2,584 repositories leveraging secrets managers revealed a 5.1%

Government 130

Government Authentication Passwords CISO 130

SecureWorld News

MAY 19, 2025

The evolution of cybersecurity in space During the Cold War, surveillance satellites were prominent on both sides, but the lack of internet and networking meant that most of the interference revolved around jamming and intercepting radio signals.

Cybersecurity 106

Cybersecurity Architecture Cyber Risk Government 106

Security Boulevard

JANUARY 4, 2025

Commonly, these botnets exploit CVE-2015-2051, CVE-2019-10891, CVE-2022-37056, and CVE-2024-33112 for initial access to vulnerable D-Link routers. Information and summaries provided here are as-is for warranty purposes. They then execute their payloads, which can steal data and/or recruit the device into the botnet.

Data breaches 52

Data breaches Firmware Healthcare Malware 52

eSecurity Planet

MAY 23, 2025

In a joint cybersecurity advisory, intelligence and cybersecurity agencies from the United States, the United Kingdom, Germany, France, Poland, and more than a dozen other allied nations have warned that a Russian military cyber unit is behind an aggressive campaign targeting logistics and technology companies that help Ukraine.

Cyber threats 70

Cyber threats Technology Cybersecurity Software 70

Zero Day

JUNE 17, 2025

Here's how to access (and the perks) "Reddit is the most human place on the internet, and one of the last places on the internet where brands can build authentic, trusted, and engaged relationships with customers," the company wrote in a blog post. Also:  Adobe Firefly app is finally launching to users.

Artificial Intelligence 58

Artificial Intelligence Password Management Small Business Digital transformation 58

Zero Day

JUNE 29, 2025

How to protect yourself Why SMS two-factor authentication codes aren't safe and what to use instead Meta's new $399 Oakley smart glasses beat the Ray-Bans in almost every way I told ChatGPT more about myself - here's how the AI used that personal info Were 16 billion passwords from Apple, Google, and Facebook leaked?

Password Management 95

Password Management Energy and Utilities Small Business Software 95