Schneier on Security

FEBRUARY 13, 2025

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications for national security are profound. First, it was reported that people associated with the newly created Department of Government Efficiency (DOGE) had accessed the US Treasury computer syst

Government 363

Government Artificial Intelligence Banking Software 363

Krebs on Security

FEBRUARY 13, 2025

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it to Firefox users.

Data breaches 195

Data breaches Marketing Passwords Risk 195

Security Affairs

FEBRUARY 13, 2025

A November 2024 RA World ransomware attack on an Asian software firm used a tool linked to China-linked threat actors. Broadcom researchers reported that threat actors behind an RA World ransomware attack against an Asian software and services firm employed a tool that was explosively associated in the past with China-linked APT groups. “Tools that are usually associated with China-based espionage actors were recently deployed in an attack involving the RA World ransomware against an Asian

Ransomware 117

Ransomware Software Cybercrime Encryption 117

Malwarebytes

FEBRUARY 13, 2025

In May, 2024, the FBI warned about the increasing threat of cybercriminals using Artificial Intelligence (AI) in their scams. At the time, FBI Special Agent in Charge Robert Tripp said: Attackers are leveraging AI to craft highly convincing voice or video messages and emails to enable fraud schemes against individuals and businesses alike. These sophisticated tactics can result in devastating financial losses, reputational damage, and compromise of sensitive data.

Phishing 107

Phishing Artificial Intelligence Identity Theft Accountability 107

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

FEBRUARY 13, 2025

A subgroup of the Russia-linked Seashell Blizzard APT group (aka Sandworm) ran a global multi-year initial access operation called BadPilot. Microsoft shared findings on research on a subgroup of the Russia-linked APT group Seashell Blizzard behind the global BadPilot campaign, which compromises infrastructure to support Russian cyber operations. Seashell Blizzard (aka Sandworm , BlackEnergy and TeleBots ) has been active since 2000, it operates under the control of Unit 74455 of the Russian GRU

Telecommunications 106

Telecommunications DNS Passwords Hacking 106

Security Boulevard

FEBRUARY 13, 2025

Cybersecurity firm Sophos closed its $859 million acquisition of Secureworks earlier this month and soon after cut 6% of the combined company's workforce, with many of job losses related to either overlapping positions created by the deal or roles that were no longer needed after Secureworks delisted as a public company. The post Sophos Sheds 6% of Employees After Closing Secureworks Deal appeared first on Security Boulevard.

Cybersecurity 102

Cybersecurity Network Security 102

Security Boulevard

FEBRUARY 13, 2025

Palo Alto Networks today updated its Cortex Cloud platform to integrate the companys cloud-native application protection platform (CNAPP) known as Prisma Cloud into a platform that provides a wider range of cloud security capabilities. The post Palo Alto Networks Unifies Cloud Security Portfolio appeared first on Security Boulevard.

Cybersecurity 108

Cybersecurity 108

SecureWorld News

FEBRUARY 13, 2025

Deepfakes involve AI-generated synthetic media that convincingly mimics real individuals' voices and faces. While initially popularized in entertainment and satire, cybercriminals now weaponize this technology for fraud, identity theft, and corporate deception. According to a 2023 study by Sumsub , deepfake fraud attempts increased by 704% between 2022 and 2023.

Social Engineering 83

Social Engineering Authentication Identity Theft Education 83

Security Affairs

FEBRUARY 13, 2025

Researchers at cybersecurity firm Resecurity detected a rise in cyberattacks targeting UAV and counter-UAV technologies. Resecurity identified an increase in malicious cyber activity targeting UAV and counter-UAV (C-UAV/C-UAS) technologies. That was especially notable during active periods of local conflicts, including the escalation of the Russia-Ukraine war and the Israel-Hamas confrontation.

Technology 86

Technology Surveillance Manufacturing Cyber threats 86

Duo's Security Blog

FEBRUARY 13, 2025

For the past few years, weve observed an increase in identity-based attacks across all sectors. To illustrate the point, last quarter our own Cisco Talos team saw a surge in password-spraying attacks. In one of their documented cases, an organization reported that 13 million authentication attempts were made in 24 hours against known accounts. In the case of password spray, looking for startling increase in authentication traffic can be vital.

Authentication 80

Authentication Accountability Passwords Risk 80

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

FEBRUARY 13, 2025

Hackers can crack weak passwords in seconds, while strong ones may take years. Learn about the time to crack your password and boost security.

Passwords 207

Passwords Password Management 207

Penetration Testing

FEBRUARY 13, 2025

A concerning vulnerability has been discovered in WinZip, potentially allowing remote attackers to execute arbitrary code on affected The post CVE-2025-1240: WinZip Vulnerability Opens Door to Remote Code Execution appeared first on Cybersecurity News.

Cybersecurity 138

Cybersecurity 138

Zero Day

FEBRUARY 13, 2025

As more workplaces embrace emerging technology, research warns that prolonged use of AI can erode our cognitive abilities.

Technology 132

Technology 132

Security Boulevard

FEBRUARY 13, 2025

When youre resilient to something, you dont just endure; you adapt, recover, and emerge stronger. This idea is what should motivate companies to focus more on cyber resilience. Its not enough to simply weather the storm of a cyberattack; true resilience means predicting the storms arrival, minimizing its impact, and ensuring business operations bounce back with little disruption.

115

115

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

FEBRUARY 13, 2025

Threat actors who were behind the exploitation of a zero-day vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products in December 2024 likely also exploited a previously unknown SQL injection flaw in PostgreSQL, according to findings from Rapid7. The vulnerability, tracked as CVE-2025-1094 (CVSS score: 8.1), affects the PostgreSQL interactive tool psql.

107

107

Security Boulevard

FEBRUARY 13, 2025

The life of a Security Operations Center (SOC) analyst is often compared to navigating a vast and dangerous ocean. While tools like Intrusion Detection Systems (IDS), Cloud-Native Application Protection Platforms (CNAPP), and Endpoint Detection and Response (EDR) provide visibility into many attack vectors, a critical blindspot remains: the application layer.

52

52

The Hacker News

FEBRUARY 13, 2025

Palo Alto Networks has addressed a high-severity security flaw in its PAN-OS software that could result in an authentication bypass. The vulnerability, tracked as CVE-2025-0108, carries a CVSS score of 7.8 out of 10.0. The score, however, drops to 5.1 if access to the management interface is restricted to a jump box.

Authentication 106

Authentication Software 106

Zero Day

FEBRUARY 13, 2025

The differences between ChatGPT's Advanced Voice, Google's Gemini Live, and Microsoft's Copilot Voice are narrowing.

106

106

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

FEBRUARY 13, 2025

A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud.

Phishing 103

Phishing Engineering 103

Zero Day

FEBRUARY 13, 2025

If your PC is operating perfectly right now, great! But getting ahead of any future PC fiascos with a recovery drive may save you from a major tech-induced headache later.

100

100

The Hacker News

FEBRUARY 13, 2025

Threat hunters have shed light on a new campaign targeting the foreign ministry of an unnamed South American nation with bespoke malware capable of granting remote access to infected hosts. The activity, detected in November 2024, has been attributed by Elastic Security Labs to a threat cluster it tracks as REF7707.

Malware 101

Malware Telecommunications 101

Zero Day

FEBRUARY 13, 2025

Samsung's Galaxy Watch FE is a great entry point into smartwatches, and the base model is available for $40 off.

100

100

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

WIRED Threat Level

FEBRUARY 13, 2025

Romance scams cost victims hundreds of millions of dollars a year. As people grow increasingly isolated, and generative AI helps scammers scale their crimes, the problem could get worse.

Scams 96

Scams 96

Zero Day

FEBRUARY 13, 2025

If your PC can't upgrade to Windows 11, switching to Linux can extend its life past 2025. WattOS is one of the best options I've tested.

96

96

The Hacker News

FEBRUARY 13, 2025

AI is everywhere now, transforming how businesses operate and how users engage with apps, devices, and services. A lot of applications now have some Artificial Intelligence inside, whether supporting a chat interface, intelligently analyzing data or matching user preferences.

Artificial Intelligence 96

Artificial Intelligence 96

Zero Day

FEBRUARY 13, 2025

SAP's new AI-driven data platform integrates SAP and non-SAP data, breaks silos, and enables next-gen automation with Joule AI agents. Is your business ready?

95

95

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

FEBRUARY 13, 2025

Palo Alto Networks has addressed a high-severity authentication bypass vulnerability (CVE-2025-0108) in the management web interface of its The post Palo Alto Firewall Flaw (CVE-2025-0108): Active Exploits in the Wild, PoC Released appeared first on Cybersecurity News.

Firewall 89

Firewall Authentication Cybersecurity 89

Zero Day

FEBRUARY 13, 2025

Msty is one of the best apps for interacting with the Ollama local AI tool and it contains a feature you'll want to use to help provide contextuality to its responses.

95

95

SecureWorld News

FEBRUARY 13, 2025

A major security incident has allegedly struck OmniGPT, a popular AI aggregator that provides users access to multiple AI models, including ChatGPT-4, Claude 3.5, Gemini, and Midjourney. A hacker claims to have breached OmniGPT's infrastructure, leaking a staggering 30,000 user email addresses, phone numbers, and 34 million lines of chat messages. The leaked data reportedly includes API keys, credentials, and file links, raising severe cybersecurity and privacy concerns.

Data breaches 87

Data breaches Authentication Identity Theft Phishing 87

Zero Day

FEBRUARY 13, 2025

iPhones, iPads, MacBooks, and robots?

93

93

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!