Tue.Feb 25, 2025

article thumbnail

Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs

Troy Hunt

I like to start long blog posts with a tl;dr, so here it is: We've ingested a corpus of 1.5TB worth of stealer logs known as "ALIEN TXTBASE" into Have I Been Pwned. They contain 23 billion rows with 493 million unique website and email address pairs, affecting 284M unique email addresses. We've also added 244M passwords we've never seen before to Pwned Passwords and updated the counts against another 199M that were already in there.

Passwords 360
article thumbnail

North Korean Hackers Steal $1.5B in Cryptocurrency

Schneier on Security

It looks like a very sophisticated attack against the Dubai-based exchange Bybit: Bybit officials disclosed the theft of more than 400,000 ethereum and staked ethereum coins just hours after it occurred. The notification said the digital loot had been stored in a “Multisig Cold Wallet” when, somehow, it was transferred to one of the exchange’s hot wallets.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GUEST ESSAY: How AI co-pilots boost the risk of data leakage — making ‘least privilege’ a must

The Last Watchdog

The rise of AI co-pilots is exposing a critical security gap: sensitive data sprawl and excessive access permissions. Related: Weaponizing Microsoft’s co-pilot Until now, lackluster enterprise search capabilities kept many security risks in checkemployees simply couldnt find much of the data they were authorized to access. But Microsoft Copilot changes the game, turbocharging enterprise search and surfacing sensitive information that organizations didnt realize was exposed.

Risk 219
article thumbnail

Weekly Update 440

Troy Hunt

Wait - it's Tuesday already?! When you listen to this week's (ok, last week's) video, you'll probably get the sense I was a bit overloaded. Yeah, so that didn't stop, and the stealer log processing and new feature building just absolutely swamped me. Plus, I spent from then until now in Sydney at various meetings and events which was great, but didn't do a lot for my productivity.

180
180
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Predatory app downloaded 100,000 times from Google Play Store steals data, uses it for blackmail

Malwarebytes

A malicious app claiming to be a financial management tool has been downloaded 100,000 times from the Google Play Store. The app known as Finance Simplifiedbelongs to the SpyLoan family which specializes in predatory lending. Sometimes malware creators manage to get their apps listed in the official app store. This is a great benefit for them since it lends a sense of legitimacy to the app, and they dont have to convince users to sideload the app from an unofficial site.

Passwords 145
article thumbnail

Understanding MFA Fatigue: Why Cybercriminals Are Exploiting Human Behaviour

IT Security Guru

The common maxim in cybersecurity is that the industry is always on the back foot. While cybersecurity practitioners build higher walls, adversaries are busy creating taller ladders. Its the nature of the beast. A prime example is multi-factor authentication (MFA), a security process that requires users to verify their identity in two or more ways, such as a password, a code sent to their phone, or a fingerprint.

LifeWorks

More Trending

article thumbnail

Russia warns financial sector organizations of IT service provider LANIT compromise

Security Affairs

Russia’s NKTsKI warns financial sector organizations about a breach at major Russian IT service and software provider LANIT. Russia’s National Coordination Center for Computer Incidents (NKTsKI) warns the financial sector of security breach at IT service and software provider LANIT , potentially affecting LANTER and LAN ATMservice. According to the security breach notification published by GosSOPKA, the attack occurred on February 21, 2025. “On February 21, 2025, FinCERT notifi

article thumbnail

Google's AI Trends Report: Key Insights and Cybersecurity Implications

SecureWorld News

Artificial intelligence (AI) is transforming industries at an unprecedented pace, and its impact on cybersecurity is no exception. Google's latest AI Trends report highlights emerging AI applications, challenges, and security implications, providing valuable insights for organizations looking to integrate AI safely and responsibly. From automating cybersecurity defenses to combatting adversarial AI threats, the report underscores both the power and pitfalls of AI-driven security.

article thumbnail

U.S. CISA adds Adobe ColdFusion and Oracle Agile PLM flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe ColdFusion and Oracle Agile Product Lifecycle Management (PLM) vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added SonicWall SonicOS and Palo Alto PAN-OS vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Hacking 100
article thumbnail

Background check provider data breach affects 3 million people who may not have heard of the company

Malwarebytes

Employment screening company DISA Global Solutions has filed a data breach notification after a cyber incident on their network. DISA says a third party had access to its environment between February 9, 2024, and April 22, 2024. The attacker may have accessed over three million files containing personal information. DISA is a third-party administrator of employment screening services, including drug and alcohol testing and background checks.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

EU sanctioned the leader of North Korea-linked APT groups

Security Affairs

The European Union sanctioned the leader of North Korea-linked APT groups for aiding Russia in its war against Ukraine. The European Union announced sanctions against entities aiding Russia in the ongoing conflict with Ukraine, including Lee Chang Ho, who is the leader of North Korea-linked APT groups. Lee Chang Ho coordinated North Korean soldiers in Ukraine and led North Korea-linked APT groups like Lazarus and Kimsuky , supporting actions against Ukraines independence. “Lee Chang Ho coo

article thumbnail

The noodle soup of B2B IAM and third-party identities

Thales Cloud Protection & Licensing

The noodle soup of B2B IAM and third-party identities madhav Wed, 02/26/2025 - 07:29 Introduction: A messy bowl of terminology Identity management is no longer just about employees. The B2B IAM The Hidden Value of Third-Party Identities research revealed that more external identities interact with an enterprises cloud, network, and devices than traditional employees.

B2B 71
article thumbnail

Microsoft’s Password Spray and Pray Attack: A Wake-Up Call for 2FA Adoption

eSecurity Planet

In a recent cybersecurity development, threat actors exploited weak security practices by targeting Microsoft accounts that lack two-factor authentication (2FA). As discussed on WindowsForum, this “password spray and pray” attack highlights the importance of robust authentication measures. Understanding the password spray and pray attack Attackers employing this technique use a list of common passwords, attempting them across numerous Microsoft accounts in rapid succession.

article thumbnail

Google just made AI coding assistance free for everyone - with very generous limits

Zero Day

With 180,000 completions per month and deep IDE integration, Gemini Code Assist could change how developers write and review code. Here's what you need to know.

138
138
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

This Russian Tech Bro Helped Steal $93 Million and Landed in US Prison. Then Putin Called

WIRED Threat Level

In the epic US-Russian prisoner swap last summer, Vladimir Putin brought home an assassin, spies, and another prized ally: the man behind one of the biggest insider trading cases of all time.

Hacking 136
article thumbnail

2,500+ Truesight.sys Driver Variants Exploited to Bypass EDR and Deploy HiddenGh0st RAT

The Hacker News

A large-scale malware campaign has been found leveraging a vulnerable Windows driver associated with Adlice's product suite to sidestep detection efforts and deliver the Gh0st RAT malware. "To further evade detection, the attackers deliberately generated multiple variants (with different hashes) of the 2.0.

Malware 128
article thumbnail

6 features I wish Linux would borrow from MacOS

Zero Day

If Linux borrowed these features from MacOS, it would be unstoppable.

123
123
article thumbnail

AI Threat Intelligence Roundup: February 2025

Cisco Security

AI threat research is a fundamental part of Ciscos approach to AI security. Our roundups highlight new findings from both original and third-party sources.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

A new Android feature is scanning your photos for 'sensitive content' - how to stop it

Zero Day

Google didn't tell Android users much about Android System SafetyCore before it hit their phones, and people are unhappy. Fortunately, you're not stuck with it.

111
111
article thumbnail

GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks

Penetration Testing

A series of critical vulnerabilities have been discovered in GRUB2, the popular boot loader used by many Linux The post GRUB2 Bootloader Vulnerabilities Expose Millions of Systems to Attacks appeared first on Cybersecurity News.

article thumbnail

Adobe Photoshop finally launches a mobile app - and it's free

Zero Day

The free offering is robust and includes access to many Photoshop editing tools. Here's how to try it today.

Mobile 105
article thumbnail

CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published

Penetration Testing

A set of high-risk vulnerabilities has been disclosed in Rsync, the widely used file synchronization and data transfer The post CVE-2024-12084 & CVE-2024-12085: Rsync Flaws Allow Hackers to Take Over Servers, PoC Published appeared first on Cybersecurity News.

Risk 108
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

All Copilot users now get free unlimited access to its two best features - how to use them

Zero Day

With Copilot, you can bypass a ChatGPT Plus subscription and get unlimited, free access to OpenAI's o1 model and Voice feature.

105
105
article thumbnail

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile

The Hacker News

Cybersecurity researchers have flagged an updated version of the LightSpy implant that comes equipped with an expanded set of data collection features to extract information from social media platforms like Facebook and Instagram. LightSpy is the name given to a modular spyware that's capable of infecting both Windows and Apple systems with an aim to harvest data.

Spyware 103
article thumbnail

Apple's upcoming MacBook Air M4 could be a boringly awesome update - and I don't mind it

Zero Day

The new MacBook Air M4 will likely be able to support up to two external displays with the lid open, and much more.

99
article thumbnail

GitVenom Malware Steals $456K in Bitcoin Using Fake GitHub Projects to Hijack Wallets

The Hacker News

Cybersecurity researchers are calling attention to an ongoing campaign that's targeting gamers and cryptocurrency investors under the guise of open-source projects hosted on GitHub. The campaign, which spans hundreds of repositories, has been dubbed GitVenom by Kaspersky.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

The Apple AirTag just hit its lowest price ever at just $17 each

Zero Day

Right now, grab a four-pack of Apple AirTags for only $68 to help the iPhone user in your life monitor their keys, wallet, luggage, and more.

99
article thumbnail

A Team of Female Founders Is Launching Cloud Security Tech That Could Overhaul AI Protection

WIRED Threat Level

Cloud container defenses have inconsistencies that can give attackers too much access. A new company, Edera, is taking on that challenge and the problem of the male-dominated startup world.

article thumbnail

Last chance to download your Kindle books - Amazon is killing this option tomorrow

Zero Day

The clock is ticking for Kindle users. After February 2025, a long-standing feature disappears. Here's why it matters.

98
article thumbnail

Belarus-Linked Ghostwriter Uses Macropack-Obfuscated Excel Macros to Deploy Malware

The Hacker News

Opposition activists in Belarus as well as Ukrainian military and government organizations are the target of a new campaign that employs malware-laced Microsoft Excel documents as lures to deliver a new variant of PicassoLoader.

Malware 88
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!