Schneier on Security
JANUARY 10, 2025
404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.
Security Affairs
JANUARY 10, 2025
Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
JANUARY 10, 2025
Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.
SecureWorld News
JANUARY 10, 2025
Retail analytics can provide companies of all sizes with a significant advantage in the market. However, the use of any kind of software that deals with large amounts of sensitive customer data can make a business the target of cybercriminals. It's natural to want to make the most of these systems, but in doing so, you need to ensure that you are putting the correct resources into your cybersecurity systems and operations.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Affairs
JANUARY 10, 2025
CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer.
Security Boulevard
JANUARY 10, 2025
Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The study found phishing campaigns have evolved.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JANUARY 10, 2025
Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it targets Japanese technology and national security, evolving methods to steal advanced tech and intelligence.
Tech Republic Security
JANUARY 10, 2025
ManpowerGroups Employment Outlook Survey for Q1 2025 found the Australian IT sector has the strongest net employment outlook of any sector at the beginning of 2025.
Security Affairs
JANUARY 10, 2025
Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), in Samsung devices. The flaw is an out-of-bound write issue in libsaped.so prior to SMR Dec-2024 Release 1, it allows remote attackers to execute arbitrary code.
Penetration Testing
JANUARY 10, 2025
A severe security vulnerability has been discovered in several Netgear routers, allowing remote attackers to gain unauthorized access The post CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published appeared first on Cybersecurity News.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
WIRED Threat Level
JANUARY 10, 2025
Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.
The Hacker News
JANUARY 10, 2025
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.
Zero Day
JANUARY 10, 2025
The Bebird EarSight Flow streams water into your ears to wash them, with a special camera that allows you to watch the cleaning process in real time.
The Hacker News
JANUARY 10, 2025
Microsoft has revealed that it's pursuing legal action against a "foreign-based threatactor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Boulevard
JANUARY 10, 2025
Insight No. 1: Lawyer up, CISOs! A recent report found that 70% of CISOs have gotten cold feet about the job, given stories of people in their position whove been held personally liable for cybersecurity incidents. To protect themselves, CISOs should negotiate for contractual protections such as severance triggered by reporting structure changes, insurance protections, enterprise-paid independent attorney fees, and full indemnification for judgments or penalties related to their official duties.
The Hacker News
JANUARY 10, 2025
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News.
Zero Day
JANUARY 10, 2025
The 16GB option might be overkill for the average home gamer, but it's a welcome addition for edge cases that truly need the extra RAM.
The Hacker News
JANUARY 10, 2025
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Zero Day
JANUARY 10, 2025
This report says about 170 million new jobs will be created by 2030 and AI will play a key role.
The Hacker News
JANUARY 10, 2025
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io.
Zero Day
JANUARY 10, 2025
It's no G5 OLED, but the LG StanbyMe 2 strikes the right balance of quirkiness, innovation, and performance -- making it my CES standout.
The Hacker News
JANUARY 10, 2025
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Zero Day
JANUARY 10, 2025
From shopping and taking notes to verifying images or simply satisfying your curiosity, Google Lens has some cool tricks you'll want to try.
eSecurity Planet
JANUARY 10, 2025
Military officials installed Starlink on a Navy warship, not for operations but to provide high-speed internet for sports and Netflix. Watch to learn more. The post Navy Warship USS Manchester Installed Starlink for Illegal Wi-Fi Connection appeared first on eSecurity Planet.
Zero Day
JANUARY 10, 2025
A 'binary big bang' occurred when AI foundation models cracked the natural language barrier, kickstarting a shift in our technology systems: how we design them, use them, and how they operate.
The Hacker News
JANUARY 10, 2025
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs).
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Zero Day
JANUARY 10, 2025
From AI-driven defense to evolving ransomware tactics, here's what cybersecurity industry leaders and experts are preparing for this year.
The Hacker News
JANUARY 10, 2025
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks.
Zero Day
JANUARY 10, 2025
OK, maybe you wouldn't pay three grand for a Project DIGITS PC. But what about a $1,000 Blackwell PC from Acer, Asus, or Lenovo?
Penetration Testing
JANUARY 10, 2025
Trend Micro’s latest analysis sheds light on the growing menace of fake software installers and cracked applications, which The post Cracked Software: A Gateway to Malware and Data Theft appeared first on Cybersecurity News.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
310 
Let's personalize your content