Schneier on Security

FEBRUARY 10, 2025

Here’s an easy system for two humans to remotely authenticate to each other, so they can be sure that neither are digital impersonations. To mitigate that risk, I have developed this simple solution where you can setup a unique time-based one-time passcode (TOTP) between any pair of persons. This is how it works: Two people, Person A and Person B, sit in front of the same computer and open this page; They input their respective names (e.g.

Authentication 314

Authentication Mobile Risk 314

The Last Watchdog

FEBRUARY 10, 2025

Were just getting started down the road to the Internet of Everything (IoE.) Related: IoT growing at a 24% clip To get there to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge to benefit humankind cybersecurity must first catch up. I had an edifying conversation about this with Steve Hanna , distinguished engineer at Infineon Technologies , a global semiconductor leader in power systems and IoT, based in Neubiberg, Germany.

Internet 130

Internet Internet IoT Manufacturing 130

eSecurity Planet

FEBRUARY 10, 2025

In a stark warning to organizations and everyday users alike, cybersecurity experts and government agencies have sounded the alarm over a new breed of Gmail-targeted phishing attacks. With cybercriminals using advanced artificial intelligence algorithms to create more convincing fraudulent messages, the FBIs message is simple and uncompromising: Do not click on anything.

Phishing 113

Phishing Artificial Intelligence Password Management Accountability 113

Security Affairs

FEBRUARY 10, 2025

The cybercrime group XE Group exploited a VeraCore zero-day to deploy reverse shells, web shells in recent attacks. A recent investigation by researchers from Intezer and Solis Security shed light on the recent operations of the XE Group. Active since at least 2013 , XE Group is a cybercriminal group focused on credit card skimming and password theft via supply chain attacks. “XE Group transitioned from credit card skimming to targeted information theft, marking a significant shift in thei

Manufacturing 111

Manufacturing Cybercrime Passwords Authentication 111

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Boulevard

FEBRUARY 10, 2025

Threat actors are using as many as 2.8 million edge and IoT devices from around the world in a massive brute force attack that is targeting edge security systems from Palo Alto Networks, Ivanti, SonicWall, and other vendors, according to the Shadowserver Foundation. The post Attackers Use 2.8 Million Devices in Major Brute Force Attack appeared first on Security Boulevard.

IoT 87

IoT Social Engineering Data privacy Passwords 87

Heimadal Security

FEBRUARY 10, 2025

The European Unions Network and Information Systems Directive 2 (NIS2) is now in effect. And, throughout 2025, governments across the continent will be transposing it into national law. Complying with the regulation involves a combination of changes to workflows, employee behavior, and technology. There isnt a single turnkey solution that will make you compliant on […] The post 5 Best NIS2 Compliance Software and Solution Providers appeared first on Heimdal Security Blog.

Software 90

Software Government Technology 90

Security Affairs

FEBRUARY 10, 2025

Apple released iOS and iPadOS updates to address a zero-day likely exploited in extremely sophisticated attacks targeting specific individuals. Apple released emergency security updates to address a zero-day vulnerability, tracked as CVE-2025-24200, that the company believes was exploited in “extremely sophisticated” targeted attacks. An attacker could have exploited the vulnerability to disable the USB Restricted Mode on a locked device.

Spyware 78

Spyware Media Hacking Accountability 78

SecureWorld News

FEBRUARY 10, 2025

Thinking of connectivity as the gravity center of every modern organization's digital ecosystem isn't a far-fetched perspective. It's deeply ingrained into the very fabric of collaboration, cloud computing, data sharing, remote work, and customer engagement. All these crucial areas take a major hit when a network attack happens. And, the unfortunate reality is that no network is immune.

DDOS 67

DDOS Ransomware Authentication Phishing 67

Tech Republic Security

FEBRUARY 10, 2025

Australia saw a record surge in cyber attacks in 2024, with data breaches escalating. Experts warn of rising risks as hackers may exploit AI-driven tactics.

Cyber Attacks 179

Cyber Attacks Data breaches Risk 179

Security Affairs

FEBRUARY 10, 2025

Hewlett Packard Enterprise (HPE) has begun notifying individuals affected by a December 2023 attack carried out by Russia-linked threat actors. Hewlett Packard Enterprise has started notifying individuals whose personal information was exposed in a December 2023 cyber attack. In January 2024, Hewlett Packard Enterprise (HPE) revealed that alleged Russia-linked cyber espionage group Midnight Blizzard gained access to its Microsoft Office 365 cloud-based email environment.

Accountability 64

Accountability Passwords Marketing Cybersecurity 64

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

FEBRUARY 10, 2025

The world is worried about deepfakes. Research conducted in the U.S. and Australia finds that nearly three-quarters of respondents feel negatively about them, associating the AI-generated phenomenon with fraud and misinformation. But in the workplace, were more likely to let our guard down. Thats bad news for businesses as the prospect of LLM-trained malicious digital.

Social Engineering 71

Social Engineering Engineering Cybersecurity 71

Lenny Zeltser

FEBRUARY 10, 2025

As the year 2025 rushes forward, the responsibilities of CISOs are continuing to evolve. We increasingly recognize the importance of not just identifying risks but actively addressing them through direct action and influence. To remain relevant, we must continue to stay on top of emerging technologies, such as AI and automation. We must also engage a growing range of stakeholders, from customers to peers and Board members.

CISO 56

CISO Technology Risk Data breaches 56

WIRED Threat Level

FEBRUARY 10, 2025

Services supporting victims of online child exploitation and trafficking around the world have faced USAID and State Department cutsand children are suffering as a result, sources tell WIRED.

29

29

The Hacker News

FEBRUARY 10, 2025

Apple on Monday released out-of-band security updates to address a security flaw in iOS and iPadOS that it said has been exploited in the wild. Assigned the CVE identifier CVE-2025-24200, the vulnerability has been described as an authorization issue that could make it possible for a malicious actor to disable USB Restricted Mode on a locked device as part of a cyber physical attack.

137

137

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Zero Day

FEBRUARY 10, 2025

The economic breakthrough of DeepSeek's techniques will lead not only to an expansion of AI use but a continued arms race to achieve breakthroughs, says CEO Andrew Feldman.

Marketing 137

Marketing 137

The Hacker News

FEBRUARY 10, 2025

Threat actors have been observed leveraging Google Tag Manager (GTM) to deliver credit card skimmer malware targeting Magento-based e-commerce websites.

Advertising 136

Advertising Malware 136

Zero Day

FEBRUARY 10, 2025

AI and taxes: a perfect match or a disaster waiting to happen? Tax preparation is changing fast, but AI still has flaws. Here's where AI tax tools shine, where they fail, and how to use them wisely.

123

123

The Hacker News

FEBRUARY 10, 2025

Source: The Nation A coordinated law enforcement operation has taken down the dark web data leak and negotiation sites associated with the 8Base ransomware gang.

Ransomware 121

Ransomware 121

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Penetration Testing

FEBRUARY 10, 2025

Security researcher Hakivvi has published an in-depth analysis of CVE-2025-23369 (CVSSv4 7.6), a vulnerability that allows attackers to The post GitHub Enterprise SAML Bypass Flaw (CVE-2025-23369) Exposed Technical Analysis and Exploit PoC appeared first on Cybersecurity News.

Cybersecurity 112

Cybersecurity 112

The Hacker News

FEBRUARY 10, 2025

Threat actors have been observed targeting Internet Information Services (IIS) servers in Asia as part of a search engine optimization (SEO) manipulation campaign designed to install BadIIS malware.

Malware 119

Malware Engineering Internet Internet 119

Security Boulevard

FEBRUARY 10, 2025

Let's discuss the major things anyone should look into before choosing an API gateway in today's sprawling, AI-driven threat landscape. The post API Gateway Security Needs a Stronger Zero-Trust Strategy appeared first on Security Boulevard.

Cybersecurity 112

Cybersecurity 112

The Hacker News

FEBRUARY 10, 2025

Zimbra has released software updates to address critical security flaws in its Collaboration software that, if successfully exploited, could result in information disclosure under certain conditions. The vulnerability, tracked as CVE-2025-25064, carries a CVSS score of 9.8 out of a maximum of 10.0.

Software 105

Software 105

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Zero Day

FEBRUARY 10, 2025

Your Apple Watch might be losing power quickly in the latest watchOS 11, but some small tweaks can easily fix it.

103

103

Webroot

FEBRUARY 10, 2025

February is a great month to refresh your cyber awareness skills. February 11 marks Safer Internet Day , encouraging us to work together to make the internet a safer and better place. Its the perfect time to learn more about cybersecurity risks and best practices for protecting yourself and your loved ones online. And while February 14 usually means love is in the air, Valentines Day is also a popular day with internet scammers.

Scams 98

Scams Internet Internet Antivirus 98

Zero Day

FEBRUARY 10, 2025

If you prefer to use your local Ollama AI from a dedicated app, there's one option for MacOS that's exponentially better than the competition.

99

99

The Hacker News

FEBRUARY 10, 2025

In cybersecurity, the smallest crack can lead to the biggest breaches. A leaked encryption key, an unpatched software bug, or an abandoned cloud storage bucketeach one seems minor until it becomes the entry point for an attack. This week, weve seen cybercriminals turn overlooked weaknesses into major security threats, proving once again that no system is too small to be targeted.

Cybersecurity 91

Cybersecurity Encryption Software 91

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Zero Day

FEBRUARY 10, 2025

Apple is about to replace the now three-year-old iPhone SE, but there will never be another phone quite like it.

97

97

WIRED Threat Level

FEBRUARY 10, 2025

Swarms of weaponized unmanned surface vessels have proven formidable weapons in the Black and Red Seas. Can the US military learn the right lessons from it?

90

90

Zero Day

FEBRUARY 10, 2025

You can connect to and even control another person's iPhone to provide remote tech support.

91

91

Penetration Testing

FEBRUARY 10, 2025

Phishing attacks are no longer the domain of elite hackers. With the rise of Phishing-as-a-Service (PhaaS), cybercriminals of The post The Rise of Phishing-as-a-Service: How Cybercriminals are Outsourcing Attacks appeared first on Cybersecurity News.

Phishing 86

Phishing Cybersecurity 86

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!