Fri.Jan 10, 2025

article thumbnail

Apps That Are Spying on Your Location

Schneier on Security

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

article thumbnail

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 122
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data

Security Boulevard

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

Education 115
article thumbnail

7 Ways to Leverage Retail Analytics without Compromising on Security

SecureWorld News

Retail analytics can provide companies of all sizes with a significant advantage in the market. However, the use of any kind of software that deals with large amounts of sensitive customer data can make a business the target of cybercriminals. It's natural to want to make the most of these systems, but in doing so, you need to ensure that you are putting the correct resources into your cybersecurity systems and operations.

Retail 108
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer.

Phishing 114
article thumbnail

Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025

Security Boulevard

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The study found phishing campaigns have evolved.

Phishing 122

LifeWorks

More Trending

article thumbnail

China-linked APT group MirrorFace targets Japan

Security Affairs

Japanese authorities attributed a cyber-espionage campaign targeting the country to the China-linked APT group MirrorFace. The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a long-running cyber-espionage campaign targeting local entities to the China-linked group MirrorFace (aka Earth Kasha). The campaign has been active since at least 2019, it targets Japanese technology and national security, evolving methods to steal advanced tech and intelligence.

article thumbnail

Australian IT Sector Maintains Strong Employment Outlook for 2025

Tech Republic Security

ManpowerGroups Employment Outlook Survey for Q1 2025 found the Australian IT sector has the strongest net employment outlook of any sector at the beginning of 2025.

173
173
article thumbnail

Researchers disclosed details of a now-patched Samsung zero-click flaw

Security Affairs

Researchers at Google Project Zero disclosed a now-patched zero-click vulnerability that affects Samsung devices. Google Project Zero researchers disclosed details about a now-patched zero-click vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), in Samsung devices. The flaw is an out-of-bound write issue in libsaped.so prior to SMR Dec-2024 Release 1, it allows remote attackers to execute arbitrary code.

Media 71
article thumbnail

CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published

Penetration Testing

A severe security vulnerability has been discovered in several Netgear routers, allowing remote attackers to gain unauthorized access The post CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published appeared first on Cybersecurity News.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Secret Phone Surveillance Tech Was Likely Deployed at 2024 DNC

WIRED Threat Level

Data WIRED collected during the 2024 Democratic National Convention strongly suggests the use of a cell-site simulator, a controversial spy device that intercepts sensitive data from every phone in its range.

article thumbnail

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

The Hacker News

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.

article thumbnail

These ear-cleaning headphones I saw at CES 2025 sound weird - but make so much sense

Zero Day

The Bebird EarSight Flow streams water into your ears to wash them, with a special camera that allows you to watch the cleaning process in real time.

119
119
article thumbnail

Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation

The Hacker News

Microsoft has revealed that it's pursuing legal action against a "foreign-based threatactor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Cybersecurity Insights with Contrast CISO David Lindner | 01/10/25

Security Boulevard

Insight No. 1: Lawyer up, CISOs! A recent report found that 70% of CISOs have gotten cold feet about the job, given stories of people in their position whove been held personally liable for cybersecurity incidents. To protect themselves, CISOs should negotiate for contractual protections such as severance triggered by reporting structure changes, insurance protections, enterprise-paid independent attorney fees, and full indemnification for judgments or penalties related to their official duties.

CISO 52
article thumbnail

AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics

The Hacker News

Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News.

article thumbnail

Finally, a 16GB Raspberry Pi 5 - but does a mini PC make more sense at this price?

Zero Day

The 16GB option might be overkill for the average home gamer, but it's a welcome addition for edge cases that truly need the extra RAM.

116
116
article thumbnail

RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

The Hacker News

Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024.

Malware 120
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

The fastest growing jobs in the AI-powered economy

Zero Day

This report says about 170 million new jobs will be created by 2030 and AI will play a key role.

111
111
article thumbnail

DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering

The Hacker News

The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io.

article thumbnail

My favorite TV at CES 2025 is this battery-powered display that you can lug around

Zero Day

It's no G5 OLED, but the LG StanbyMe 2 strikes the right balance of quirkiness, innovation, and performance -- making it my CES standout.

111
111
article thumbnail

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

The Hacker News

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said.

Phishing 110
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

5 Google Lens tricks to level up your image search

Zero Day

From shopping and taking notes to verifying images or simply satisfying your curiosity, Google Lens has some cool tricks you'll want to try.

111
111
article thumbnail

Navy Warship USS Manchester Installed Starlink for Illegal Wi-Fi Connection

eSecurity Planet

Military officials installed Starlink on a Navy warship, not for operations but to provide high-speed internet for sports and Netflix. Watch to learn more. The post Navy Warship USS Manchester Installed Starlink for Illegal Wi-Fi Connection appeared first on eSecurity Planet.

Internet 109
article thumbnail

AI agents may soon surpass people as primary application users

Zero Day

A 'binary big bang' occurred when AI foundation models cracked the natural language barrier, kickstarting a shift in our technology systems: how we design them, use them, and how they operate.

article thumbnail

Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs

The Hacker News

Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs).

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How AI will transform cybersecurity in 2025 - and supercharge cybercrime

Zero Day

From AI-driven defense to evolving ransomware tactics, here's what cybersecurity industry leaders and experts are preparing for this year.

article thumbnail

Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity

The Hacker News

Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints from legacy medical devices to IoT sensors onto their production networks.

article thumbnail

Thanks to Nvidia, there's a new generation of PCs coming, and they'll be running Linux

Zero Day

OK, maybe you wouldn't pay three grand for a Project DIGITS PC. But what about a $1,000 Blackwell PC from Acer, Asus, or Lenovo?

108
108
article thumbnail

Cracked Software: A Gateway to Malware and Data Theft

Penetration Testing

Trend Micro’s latest analysis sheds light on the growing menace of fake software installers and cracked applications, which The post Cracked Software: A Gateway to Malware and Data Theft appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!