Tue.Jan 14, 2025

article thumbnail

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

article thumbnail

Australian Government Agencies Failing to Keep Up With Cyber Security Change

Tech Republic Security

Cyber security maturity declines among Australian government agencies in 2024, as legacy IT systems hinder progress under the Essential Eight framework.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim compute

Malware 118
article thumbnail

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

The Hacker News

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.

Firewall 144
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

This hidden Pixel camera feature makes your photos more vibrant - how to enable it

Zero Day

Pixel phones are well known for their superior cameras. This feature makes them even better.

133
133
article thumbnail

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

The Hacker News

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.

141
141

More Trending

article thumbnail

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

The Hacker News

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity.

Software 140
article thumbnail

Ransomware and Cyber Extortion in Q4 2024

Digital Shadows

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In this report, well cover: LockBits resurgence Our original research into Scattered Spiders domain creation methods Predictions for 2025 Key recommendations to safeguard your data Keep reading to learn about the driving forces behind these trends, gain insights from our in-depth analysis, and find out key takeaways to help your o

article thumbnail

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

article thumbnail

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Security Boulevard

CISA in two years has seen the number of critical infrastructure organizations signing up for its CPG services double, which has improved the overall security in most sectors, but more needs to be done to strengthen what has become a target adversarial state-sponsored threat groups. The post Critical Infrastructure Seeing Benefits of Government Program, CISA Says appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

The Hacker News

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia.

Malware 131
article thumbnail

How to use Visual Intelligence on an iPhone 16 to identify unknown objects

Zero Day

Using the new Camera Control on the iPhone 16, Visual Intelligence will search for details and answer questions about something that you snap through the camera.

115
115
article thumbnail

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

The Hacker News

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation.

Malware 126
article thumbnail

Advancing AI Security and Contributing to CISA’s JCDC AI Efforts 

Cisco Security

Discover how CISA's new AI Security Incident Collaboration Playbook strengthens AI security and resilience.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

The Hacker News

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit.

Software 122
article thumbnail

Protecting MSPs From Helpdesk Phishing

Duo's Security Blog

The phone rings. You answer, and the person on the other side claims to be Employee Joe from one of your clients. Hes asking if you can help him with a password reset and hes calling from a recognized numberdo you trust it? MSPs will typically recognize warning signs, yet threats are becoming more sophisticated and effectively throw the hymn sheet weve all been singing from out the window.

Phishing 110
article thumbnail

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

The Hacker News

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024.

Marketing 117
article thumbnail

Red Hat bets big on AI with its Neural Magic acquisition

Zero Day

Everyone and their dog is getting into AI, but Red Hat has serious plans, and acquiring Neural Magic will help bring them to fruition.

110
110
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

AI-Powered GRC: Revolutionizing Risk Management and Compliance

SecureWorld News

In the rapidly evolving landscape of corporate governance, risk management, and compliance (GRC), artificial intelligence (AI) has emerged as a game-changing force. As organizations grapple with increasingly complex regulatory environments and sophisticated risk profiles, AI-powered GRC solutions are proving to be invaluable assets in streamlining processes, enhancing decision-making, and ensuring robust compliance frameworks.

Risk 99
article thumbnail

Like Roborock, Dreame is also working on a mechanical arm for its robot vacuums

Zero Day

The Dreame robot vacuum with a mechanical arm works differently than Roborock's, but it can do more than the competition. There's only one problem.

110
110
article thumbnail

Microsoft Sues Group for Creating Tools to Bypass Azure AI Security

Security Boulevard

Microsoft is suing 10 unknown people involved in a sophisticated scheme to exploit users credentials to access the vendor's Azure OpenAI AI services, bypass security guardrails, and post harmful images using its cloud systems. The post Microsoft Sues Group for Creating Tools to Bypass Azure AI Security appeared first on Security Boulevard.

article thumbnail

These tech skills drove the biggest salary increases over the past year

Zero Day

A new tech salaries report suggests that working with AI boosts both pay and satisfaction - but it also cautions that excessive job hopping can work

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

Security Affairs

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerability, tracked as CVE-2024-50603 (CVSS score: 10.0), in the Aviatrix Controller. The flaw impacts Aviatrix Controller pre-7.1.4191 and 7.2.x pre-7.2.4996, it allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API.

article thumbnail

This $300 Motorola features a big screen and battery - but its durability is the crown jewel

Zero Day

The Moto G has a hefty 5,000mAh battery that lasts all day, plus a speedy 120Hz screen. If you're willing to pay more, the Moto G Power has the same tech, but also a hardy design.

105
105
article thumbnail

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The Hacker News

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025.

Risk 102
article thumbnail

Why I prefer this E Ink tablet that runs on Android over the Kindle and ReMarkable

Zero Day

The Onyx Boox Page offers a wealth of capabilities for an E Ink tablet, with a compact and stylish design.

105
105
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Commvault Adds Ability to Recover Entire Instances of Active Directory

Security Boulevard

Commvault today added an ability to automatically recover the instances of Microsoft Active Directory (AD) that have become primary targets of cybersecurity attacks. The post Commvault Adds Ability to Recover Entire Instances of Active Directory appeared first on Security Boulevard.

article thumbnail

Love your smart bird feeder? This pollinator habitat has flower-shaped 4K cameras

Zero Day

Makers of smart bird feeders are expanding into smart bird baths and new ways to support and enjoy your local bees and butterflies.

105
105
article thumbnail

ScrapedIn: How Bots Turn Social Media into Advanced Social Engineering

Security Boulevard

See how multi-channel scams target new hires through fake texts and emails, and learn practical steps to protect your organization from persistent social engineering attacks. The post ScrapedIn: How Bots Turn Social Media into Advanced Social Engineering appeared first on Security Boulevard.

article thumbnail

I bought an iPhone 16 for its AI features, but I haven't used them even once - here's why

Zero Day

C'mon, Apple. You're better than this.

97
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.