Schneier on Security
MARCH 17, 2025
New paper: “ GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3.” Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys.
Digital Shadows
MARCH 17, 2025
Editors note: This report was authored by Gautham Ashok & Alexa Feminella. Key Findings Even years after their disclosure, VPN-related vulnerabilities like CVE-2018-13379 and CVE-2022-40684 remain essential tools for attackers, driving large-scale campaigns of credential theft and administrative control. VPN infrastructure has become an adversary focal point, blending cybercriminal tactics with state-sponsored espionage in hybrid operations.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Malwarebytes
MARCH 17, 2025
The FBI Denver Field Office has warned of an increasing number of scammy websites offering free online file converter services. Instead of converting files, the tools actually load malware onto victims computers. The FBI warned specifically about that malware leading to ransomware attacks, but we’ve also seen similar sites that install browser hijackers, adware, and potentially unwanted programs (PUPs).
The Last Watchdog
MARCH 17, 2025
Frankfurt, Germany, Mar. 17, 2025, CyberNewswire — Cyberattacks are no longer an abstract threat – they dominate risk planning for companies worldwide. The latest Link11 European Cyber Report shows an alarming trend: the number of DDoS attacks has more than doubled, and they are shorter, more targeted, and more technically sophisticated.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
MARCH 17, 2025
Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users actions and preferences. Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Cascading Style Sheets (CSS) is a stylesheet language used to control the appearance and layout of web pages.
SecureWorld News
MARCH 17, 2025
If you ask a layperson which industries they expect to come under attack from cyberattacks, they'll probably highlight targets like banks, infrastructure, or big tech. But one of the most high-profile cyberattacks in 2024 was against Krispy Kreme. Is nothing sacred anymore, when even our doughnuts aren't safe? It might seem a bit odd to target a doughnut chain, but the incident highlights a real issue for the food and beverage industry, with implications for many others.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
PCI perspectives
MARCH 17, 2025
Artificial intelligence (AI) is transforming industries, and the PCI Security Standards Council (PCI SSC) has introduced new guidance to support the responsible use of AI in PCI assessments. The guidance provides a balance between leveraging the benefits of AI while maintaining the high standards of security that protect payment card data worldwide.
Google Security
MARCH 17, 2025
Posted by Rex Pan and Xueqin Cui, Google Open Source Security Team In December 2022, we released the open source OSV-Scanner tool, and earlier this year, we open sourced OSV-SCALIBR. OSV-Scanner and OSV-SCALIBR, together with OSV.dev are components of an open platform for managing vulnerability metadata and enabling simple and accurate matching and remediation of known vulnerabilities.
eSecurity Planet
MARCH 17, 2025
The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Federal Bureau of Investigation (FBI) and the Multi-State Information Sharing and Analysis Center (MS-ISAC), has released a joint cybersecurity advisory warning organizations about the escalating threat posed by the Medusa ransomware. Since its emergence in 2021, Medusa has targeted over 300 victims across various critical infrastructure sectors, including medical, education, legal, insurance, technology, and
Malwarebytes
MARCH 17, 2025
Last week on Malwarebytes Labs: Research on iOS apps shows widespread exposure of secrets Dont let your kids on Roblox if youre not comfortable, says Roblox CEO Update your iPhone now: Apple patches vulnerability used in “extremely sophisticated attacks” The dark side of sports betting: How mirror sites help gambling scams thrive Android devices track you before you even sign in X users report login troubles as Dark Storm claims cyberattack How ads weirdly know your screen brightness
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Tech Republic Security
MARCH 17, 2025
Amazon is mandating cloud-based processing for Echo voice commands, removing local storage and disabling Alexas voice ID to expand its generative AI capabilities.
Security Boulevard
MARCH 17, 2025
A software programmer developed a way to use brute force to break the encryption of the notorious Akira ransomware using GPU compute power and enabling some victims of the Linux-focused variant of the malware to regain their encrypted data without having to pay a ransom. The post New Akira Ransomware Decryptor Leans on Nvidia GPU Power appeared first on Security Boulevard.
Security Affairs
MARCH 17, 2025
A researcher released a free decryptor for Linux Akira ransomware, using GPU power to recover keys through brute force. Security researcher Yohanes Nugroho created a free decryptor for Linux Akira ransomware , using GPUs to brute force the decryption keys. Initially estimating a week, the project took three weeks and cost $1,200 in GPU resources due to unexpected complexities.
Security Boulevard
MARCH 17, 2025
Bedrock Security today revealed it has added generative artificial intelligence (GenAI) capabilities along with a metadata repository based on graph technologies to its data security platform. The post Bedrock Security Embraces Generative AI and Graph Technologies to Improve Data Security appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Tech Republic Security
MARCH 17, 2025
Which is better, NordPass or Bitwarden? This guide provides a detailed comparison of their features, security and pricing to help you choose your best fit.
Security Boulevard
MARCH 17, 2025
Each Monday, the Tenable Exposure Management Academy will provide the practical, real-world guidance you need to shift from vulnerability management to exposure management. In our first blog in this new series, we get you started with an overview of the differences between the two and explore how cyber exposure management can benefit your organization.
Tech Republic Security
MARCH 17, 2025
This breakthrough will finally allow secure, encrypted messaging between different mobile platforms.
Trend Micro
MARCH 17, 2025
Trend Zero Day Initiative (ZDI) uncovered both state-sponsored and cybercriminal groups extensively exploiting ZDI-CAN-25373, a Windows.lnk file vulnerability that enables hidden command execution.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
MARCH 17, 2025
Roopa Makam, Prekshya Basnet, and Nicole Miller have forged unique paths in cybersecurity, shaping the industry with their expertise and perspectives. They share their career journeys, challenges, and insights on fostering inclusivityfrom mentorship to workplace flexibility. The post Celebrating Women in Cybersecurity for Womens History Month appeared first on Security Boulevard.
The Hacker News
MARCH 17, 2025
Cybersecurity researchers are calling attention to an incident in which the popular GitHub Action tj-actions/changed-files was compromised to leak secrets from repositories using the continuous integration and continuous delivery (CI/CD) workflow. The incident involved the tj-actions/changed-files GitHub Action, which is used in over 23,000 repositories.
Security Boulevard
MARCH 17, 2025
This is a news item roundup of privacy or privacy-related news items for 9 MAR 2025 - 15 MAR 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and lar
Tech Republic Security
MARCH 17, 2025
Medusa ransomware now operates as a RaaS model, recruiting affiliates from criminal forums to launch attacks, encrypt data, and extort victims worldwide.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Boulevard
MARCH 17, 2025
Never underestimate the simplicity of the attackers, nor the gullibility of the victims. Cyberattacks dont always rely on sophisticated exploits or advanced malware. In reality, many of the most successful breaches stem from simple tactics like phishing emails, social engineering, and exploiting basic security misconfigurations. Complexity isnt a prerequisite for effectivenessattackers often favor the path of least resistance.
Centraleyes
MARCH 17, 2025
Every organization faces risks that threaten its objectives, assets, and operations. A risk assessment is the foundation for identifying, analyzing, and prioritizing these risks. Understanding the basics of risk assessment is the first step in building a resilient and proactive strategy to mitigate risks and vulnerabilities. This guide breaks down the fundamental principles and risk assessment methodologies in information security.
The Hacker News
MARCH 17, 2025
A recently disclosed security flaw impacting Apache Tomcat has come under active exploitation in the wild following the release of a public proof-of-concept (PoC) a mere 30 hours after public disclosure. The vulnerability, tracked as CVE-2025-24813, affects the below versions - Apache Tomcat 11.0.0-M1 to 11.0.2 Apache Tomcat 10.1.0-M1 to 10.1.34 Apache Tomcat 9.0.0-M1 to 9.0.
Security Boulevard
MARCH 17, 2025
CIAM has evolved from a security tool into a business advantage. This comprehensive guide explores how CIAM solutions balance robust security with seamless user experiences, helping organizations build trust, enhance customer engagement, and navigate complex privacy regulations. The post CIAM Basics: A Comprehensive Guide to Customer Identity and Access Management in 2025 appeared first on Security Boulevard.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
The Hacker News
MARCH 17, 2025
Malicious actors are exploiting Cascading Style Sheets (CSS), which are used to style and format the layout of web pages, to bypass spam filters and track users' actions. That's according to new findings from Cisco Talos, which said such malicious activities can compromise a victim's security and privacy.
Security Boulevard
MARCH 17, 2025
I've chosen six new JDK 24 features that are particularly relevant and interesting for developers and those deploying Java. The post Six JDK 24 Features You Should Know About appeared first on Azul | Better Java Performance, Superior Java Support. The post Six JDK 24 Features You Should Know About appeared first on Security Boulevard.
The Hacker News
MARCH 17, 2025
The latest Palo Alto Networks Unit 42 Cloud Threat Report found that sensitive data is found in 66% of cloud storage buckets. This data is vulnerable to ransomware attacks. The SANS Institute recently reported that these attacks can be performed by abusing the cloud providers storage security controls and default settings.
Security Boulevard
MARCH 17, 2025
New paper: GPU Assisted Brute Force Cryptanalysis of GPRS, GSM, RFID, and TETRA: Brute Force Cryptanalysis of KASUMI, SPECK, and TEA3. Abstract: Key lengths in symmetric cryptography are determined with respect to the brute force attacks with current technology. While nowadays at least 128-bit keys are recommended, there are many standards and real-world applications that use shorter keys.
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Expert insights. Personalized for you.
234 
Let's personalize your content