Fri.Jan 31, 2025

article thumbnail

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

Phishing 232
article thumbnail

BEWARE: Criminals Are Selling Fraudulent Expert Opinion Letters From “Me” In Support of CyberSecurity Professionals Seeking Immigration Visas to The United States

Joseph Steinberg

I have been made aware that one or more criminals are offering in exchange for payment, of course custom-written letters allegedly written and signed by me supporting applicants petitions for Alien of Extraordinary Ability visas to the United States. I have been sent a copy of one such letter it was well written, and, at least at first glance, highly convincing.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Meta Confirms Zero-Click WhatsApp Spyware Attack Targeting 90 Journalists, Activists

The Hacker News

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.

Spyware 143
article thumbnail

DeepSeek’s Safety Guardrails Failed Every Test Researchers Threw at Its AI Chatbot

WIRED Threat Level

Security researchers tested 50 well-known jailbreaks against DeepSeeks popular new AI chatbot. It didnt stop a single one.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Italy Bans Chinese DeepSeek AI Over Data Privacy and Ethical Concerns

The Hacker News

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.

article thumbnail

How to clear the cache on your Windows 11 PC (and why it makes such a big difference)

Zero Day

Clearing the cache and removing temporary files can speed up your PC. Even better: all of these utilities are already on your computer.

130
130

More Trending

article thumbnail

Broadcom fixed information disclosure flaws in VMware Aria Operations

Security Affairs

Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: CVE-2025-22218 (CVSS score 8.5) is an information disclosure vulnerability in VMware Aria Operations for Logs.A threat actor with View Only Admin permissions could exploit the issue to read thecredentialsof a VMware product integrated with VMware Ari

article thumbnail

CISA and FDA Warn of Critical Backdoor in Contec CMS8000 Patient Monitors

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0.

article thumbnail

How to use Microsoft Image Creator to generate and edit stunning AI images for free

Zero Day

You can fully customize any images you generate. Did we mention it's free?

119
119
article thumbnail

Google Bans 158,000 Malicious Android App Developer Accounts in 2024

The Hacker News

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Contec CMS8000 patient monitors contain a hidden backdoor

Security Affairs

The U.S. CISA and the FDA warned of a hidden backdoor inContec CMS8000 and Epsimed MN-120 patient monitors. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) warned that three flaws in Contec CMS8000 and Epsimed MN-120 patient monitors could endanger patients when connected to the internet. The CMS8000 Patient Monitor is made by China-based company Contec Medical Systems.

article thumbnail

BeyondTrust Zero-Day Breach Exposes 17 SaaS Customers via Compromised API Key

The Hacker News

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords.

Passwords 123
article thumbnail

Analyzing DeepSeek’s System Prompt: Jailbreaking Generative AI

Security Boulevard

DeepSeek, a disruptive new AI model from China, has shaken the market, sparking both excitement and controversy. While it has gained attention for its capabilities, it also raises pressing security concerns. Allegations have surfaced about its training data, with claims that it may have leveraged models like OpenAIs to cut development costs. Amid these discussions, [.

Marketing 116
article thumbnail

Top 5 AI-Powered Social Engineering Attacks

The Hacker News

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Theres no brute-force spray and pray password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Cybercrime gets a few punches on the nose

Malwarebytes

Its not often that we get to share good news, so we wanted to grab this opportunity and showcase some progress made by law enforcement actions against cybercrime with you. Europol notified us about the take-down of two of the largest cybercrime forums in the world. With over 10 million users, Nulled and Cracked serviced cybercriminals from all over the world with a quick entry point into the cybercrime scene.

article thumbnail

How to clear your cache in Windows 11 (and why you should)

Zero Day

Clearing the cache and removing temporary files can speed up your PC. Even better: all of these utilities are already on your computer.

116
116
article thumbnail

Evaluating Security Risk in DeepSeek and Other Frontier Reasoning Models

Cisco Security

The performance of DeepSeek models has made a clear impact, but are these models safe and secure? We use algorithmic AI vulnerability testing to find out.

Risk 109
article thumbnail

This $200 Motorola changed my mind about what a budget phone can do in 2025

Zero Day

The new Moto G (2025) has a multi-day battery life, plus a surprisingly solid camera system for a mid-range model.

115
115
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

News alert: Doppler announces integration with Datadog to streamline credential security

The Last Watchdog

San Francisco, Calif., Jan. 30, 2025, CyberNewswire — Doppler , the leading provider of secrets management solutions, announced a new integration with Datadog , a cloud application monitoring and security platform. This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights into cloud environments through real-time monitoring.

Risk 100
article thumbnail

How to find out if an AirTag is tracking you - and what to do about it

Zero Day

Apple's trackers have been misused to track some without their consent. Here's how to check if an AirTag is tracking you, whether you use an iPhone or Android phone. Plus, what to do next if you find one.

115
115
article thumbnail

JumpCloud Acquires Stack Identity to Extend Access Management Reach

Security Boulevard

JumpCloud this week revealed it has acquired Stack Identity to fuel an effort to add identity security and access visibility capabilities to its directory. The post JumpCloud Acquires Stack Identity to Extend Access Management Reach appeared first on Security Boulevard.

article thumbnail

Own an Apple Watch? You could get part of a $20 million payout - find out how

Zero Day

Claims are being processed automatically, but you'll need to update your information to make sure you receive payment.

115
115
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Top Healthcare RCM Company Enhances PHI Safeguards with Symmetry

Security Boulevard

SYMMETRY CUSTOMER CASE STUDY Top Healthcare RCM Company Enhances PHI Safeguards with Symmetry ABOUT Industry: Healthcare, Fintech Size: 10K+ Employees. The post Top Healthcare RCM Company Enhances PHI Safeguards with Symmetry appeared first on Symmetry Systems. The post Top Healthcare RCM Company Enhances PHI Safeguards with Symmetry appeared first on Security Boulevard.

article thumbnail

I gave away my Kindle and iPad within hours of using this tablet

Zero Day

I've used a Kindle for years, but the TCL Tab 10 Nxtpaper 5G has quickly become my go-to e-reader tablet - and for good reason.

112
112
article thumbnail

ClickFix vs. traditional download in new DarkGate campaign

Malwarebytes

During the past several months there have been numerous malware campaigns that use a technique something referred to as “ClickFix” It often consists of a fake CAPTCHA or similar traffic validation page where visitors are instructed to paste and execute code in order to proceed. We have started to see ClickFix attacks more and more via malicious Google ads as well.

article thumbnail

I tested an E Ink tablet that rivals the Remarkable Paper Pro - and does some things better

Zero Day

The Boox Note Max is a 13-inch e-reader with a crisp display, an enjoyable digital pen experience, and a sprawling feature set that will either excite or intimidate you.

107
107
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Julianna Lamb on Choosing Authentication Platforms Over DIY

Security Boulevard

Stytch CTO Julianna Lamb explains why, when it comes to authentication, most organizations are going to be better off relying on a platform than trying to manage these processes at scale themselves. Julianna goes on to discuss the complexities of authentication and why companies are struggling with the decision to build their own authentication systems.

article thumbnail

The Apple AirTag 4-pack is down to its lowest price ever, at under $18 each

Zero Day

Grab a 4-pack of Apple AirTags for only $70 right now so you can help the iPhone user in your life monitor their keys, wallet, luggage, and more.

105
105
article thumbnail

One policy to rule them all

SecureList

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In particular, attackers are increasingly using group policies to distribute malware, execute hidden scripts and deploy ransomware.

article thumbnail

Is your live TV streaming service still worth it? I review options for every budget

Zero Day

Cord cutting was supposed to save us from those cable TV bills - but our streaming bills keep climbing. Find out if you're really getting your money's worth from that $90-plus subscription - and what your alternatives are.

104
104
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.