Krebs on Security

JANUARY 31, 2025

The FBI and authorities in The Netherlands this week seized dozens of servers and domains for a hugely popular spam and malware dissemination service operating out of Pakistan. The proprietors of the service, who use the collective nickname “ The Manipulaters ,” have been the subject of three stories published here since 2015. The FBI said the main clientele are organized crime groups that try to trick victim companies into making payments to a third party.

Phishing 289

Phishing Cybercrime Advertising Malware 289

Joseph Steinberg

JANUARY 31, 2025

I have been made aware that one or more criminals are offering in exchange for payment, of course custom-written letters allegedly written and signed by me supporting applicants petitions for Alien of Extraordinary Ability visas to the United States. I have been sent a copy of one such letter it was well written, and, at least at first glance, highly convincing.

Artificial Intelligence 201

Artificial Intelligence Cybersecurity Scams 201

Security Affairs

JANUARY 31, 2025

Broadcom patched five flaws in VMware Aria Operations and Aria Operations for Logs that could lead to privilege escalation and credential theft. Broadcom addressed the following vulnerabilities in VMware Aria Operations and Aria Operations for Logs: CVE-2025-22218 (CVSS score 8.5) is an information disclosure vulnerability in VMware Aria Operations for Logs.A threat actor with View Only Admin permissions could exploit the issue to read thecredentialsof a VMware product integrated with VMware Ari

Authentication 107

Authentication Hacking Cybersecurity Information Security 107

SecureList

JANUARY 31, 2025

Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target for attackers. In particular, attackers are increasingly using group policies to distribute malware, execute hidden scripts and deploy ransomware.

System Administration 109

System Administration Ransomware Malware Technology 109

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

JANUARY 31, 2025

San Francisco, Calif., Jan. 30, 2025, CyberNewswire — Doppler , the leading provider of secrets management solutions, announced a new integration with Datadog , a cloud application monitoring and security platform. This collaboration provides engineering and operations teams with an integrated solution for securely managing sensitive credentials and gaining insights into cloud environments through real-time monitoring.

Risk 100

Risk Data breaches Media Encryption 100

Security Boulevard

JANUARY 31, 2025

Stytch CTO Julianna Lamb explains why, when it comes to authentication, most organizations are going to be better off relying on a platform than trying to manage these processes at scale themselves. Julianna goes on to discuss the complexities of authentication and why companies are struggling with the decision to build their own authentication systems.

Authentication 103

Authentication Cybersecurity 103

Security Boulevard

JANUARY 31, 2025

Bloody hell: New York Blood Center Enterprises crippled by ransomware scrotes unknown. The post Ransomware Scum Out For Blood: NYBCe is Latest Victim appeared first on Security Boulevard.

Ransomware 91

Ransomware Social Engineering Healthcare Data privacy 91

Thales Cloud Protection & Licensing

JANUARY 31, 2025

Level Up Your Security: Embrace Passkeys and Phishing-Resistant 2FA andrew.gertz@t Fri, 01/31/2025 - 15:17 Celebrate Change Your Password Day and 2FA Day by embracing passkeys and phishing-resistant 2FA. Learn why these modern security practices are essential for safer, stronger authentication. Access Control Identity & Access Management Thales | Cloud Protection & Licensing Solutions More About This Author > Traditional security measures like passwords are no longer enough in the modern threat

Phishing 62

Phishing Passwords Password Management Authentication 62

Security Boulevard

JANUARY 31, 2025

The food delivery industry has a fraud problem. With slim profit margins already under pressure, bad actors are exploiting vulnerabilities on both the consumer and courier sides of delivery platforms. The post How Fraud is Eating Away at Food Delivery Profits appeared first on Security Boulevard.

Security Awareness 79

Security Awareness Cybersecurity 79

Security Affairs

JANUARY 31, 2025

Community Health Center (CHC) data breach impacted over 1 million patients in Connecticut, the healthcare provider started notifying them. Community Health Center (CHC) is a leading healthcare provider based in Connecticut, offering primary care, dental, behavioral health, and specialty services. It serves a diverse patient population, focusing on accessible and affordable healthcare, particularly for underserved communities.

Data breaches 64

Data breaches Healthcare Identity Theft Insurance 64

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

JANUARY 31, 2025

Fenix24 this week acquired vArmour to add an ability to detect the relationship between software, as part of an effort to extend the services it provides to enable organizations to recover faster from a cyberattack. The post Fenix24 Acquires vArmour to Boost Cyber Resiliency Services appeared first on Security Boulevard.

Software 81

Software Security Awareness Cybersecurity 81

WIRED Threat Level

JANUARY 31, 2025

Security researchers tested 50 well-known jailbreaks against DeepSeeks popular new AI chatbot. It didnt stop a single one.

Artificial Intelligence 142

Artificial Intelligence Hacking 142

The Hacker News

JANUARY 31, 2025

Meta-owned WhatsApp on Friday said it disrupted a campaign that involved the use of spyware to target journalists and civil society members. The campaign, which targeted around 90 members, involved the use of spyware from an Israeli company known as Paragon Solutions. The attackers were neutralized in December 2024.

Spyware 141

Spyware Encryption 141

Zero Day

JANUARY 31, 2025

Clearing the cache and removing temporary files can speed up your PC. Even better: all of these utilities are already on your computer.

130

130

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

JANUARY 31, 2025

Italy's data protection watchdog has blocked Chinese artificial intelligence (AI) firm DeepSeek's service within the country, citing a lack of information on its use of users' personal data. The development comes days after the authority, the Garante, sent a series of questions to DeepSeek, asking about its data handling practices and where it obtained its training data.

Data privacy 132

Data privacy Artificial Intelligence 132

Zero Day

JANUARY 31, 2025

You can fully customize any images you generate. Did we mention it's free?

120

120

The Hacker News

JANUARY 31, 2025

Cybersecurity researchers have discovered a malvertising campaign that's targeting Microsoft advertisers with bogus Google ads that aim to take them to phishing pages that are capable of harvesting their credentials.

Advertising 124

Advertising Scams Accountability Phishing 124

Zero Day

JANUARY 31, 2025

Clearing the cache and removing temporary files can speed up your PC. Even better: all of these utilities are already on your computer.

116

116

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JANUARY 31, 2025

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Food and Drug Administration (FDA) have issued alerts about the presence of hidden functionality in Contec CMS8000 patient monitors and Epsimed MN-120 patient monitors. The vulnerability, tracked as CVE-2025-0626, carries a CVSS v4 score of 7.7 on a scale of 10.0.

Cybersecurity 116

Cybersecurity 116

Zero Day

JANUARY 31, 2025

The new Moto G (2025) has a multi-day battery life, plus a surprisingly solid camera system for a mid-range model.

116

116

Security Boulevard

JANUARY 31, 2025

DeepSeek, a disruptive new AI model from China, has shaken the market, sparking both excitement and controversy. While it has gained attention for its capabilities, it also raises pressing security concerns. Allegations have surfaced about its training data, with claims that it may have leveraged models like OpenAIs to cut development costs. Amid these discussions, [.

Marketing 116

Marketing 116

Zero Day

JANUARY 31, 2025

Apple's trackers have been misused to track some without their consent. Here's how to check if an AirTag is tracking you, whether you use an iPhone or Android phone. Plus, what to do next if you find one.

116

116

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JANUARY 31, 2025

Google said it blocked over 2.36 million policy-violating Android apps from being published to the Google Play app marketplace in 2024 and banned more than 158,000 bad developer accounts that attempted to publish such harmful apps. The tech giant also noted it prevented 1.

Accountability 114

Accountability 114

Zero Day

JANUARY 31, 2025

Claims are being processed automatically, but you'll need to update your information to make sure you receive payment.

116

116

The Hacker News

JANUARY 31, 2025

BeyondTrust has revealed it completed an investigation into a recent cybersecurity incident that targeted some of the company's Remote Support SaaS instances by making use of a compromised API key. The company said the breach involved 17 Remote Support SaaS customers and that the API key was used to enable unauthorized access by resetting local application passwords.

Passwords 112

Passwords Cybersecurity 112

Zero Day

JANUARY 31, 2025

I've used a Kindle for years, but the TCL Tab 10 Nxtpaper 5G has quickly become my go-to e-reader tablet - and for good reason.

111

111

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

JANUARY 31, 2025

Social engineering has long been an effective tactic because of how it focuses on human vulnerabilities. Theres no brute-force spray and pray password guessing. No scouring systems for unpatched software. Instead, it simply relies on manipulating emotions such as trust, fear, and respect for authority, usually with the goal of gaining access to sensitive information or protected systems.

Social Engineering 110

Social Engineering Engineering Passwords Software 110

Cisco Security

JANUARY 31, 2025

The performance of DeepSeek models has made a clear impact, but are these models safe and secure? We use algorithmic AI vulnerability testing to find out.

Risk 110

Risk 110

Zero Day

JANUARY 31, 2025

The Boox Note Max is a 13-inch e-reader with a crisp display, an enjoyable digital pen experience, and a sprawling feature set that will either excite or intimidate you.

107

107

Security Boulevard

JANUARY 31, 2025

JumpCloud this week revealed it has acquired Stack Identity to fuel an effort to add identity security and access visibility capabilities to its directory. The post JumpCloud Acquires Stack Identity to Extend Access Management Reach appeared first on Security Boulevard.

Security Awareness 102

Security Awareness Cybersecurity 102

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!