Mon.Feb 17, 2025

article thumbnail

Cybersecurity Governance: The Road Ahead in an Era of Constant Evolution

SecureWorld News

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape. We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks.

article thumbnail

Threat Spotlight: Inside the World’s Fastest Rising Ransomware Operator — BlackLock

Digital Shadows

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tacticencrypting data while stealing sensitive informationto pressure victims with the threat of public exposure.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration

Security Boulevard

Each IT and security team has its function, but unless they row in unison aligning on strategy, focus and execution the organization will flounder. The post Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration appeared first on Security Boulevard.

article thumbnail

Atlas of Surveillance

Schneier on Security

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

New XCSSET macOS malware variant used in limited attacks

Security Affairs

Microsoft discovered a new variant of the Apple macOS malwareXCSSETthat was employed in limited attacks in the wild. Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular macOS malware that targets users by infecting Xcode projects, it has been active since at least 2022.

Malware 70
article thumbnail

Centralised, Scalable, Compliant: Keeping Your Data Safer with Enterprise Key Management

Thales Cloud Protection & Licensing

Centralised, Scalable, Compliant: Keeping Your Data Safer with Enterprise Key Management madhav Tue, 02/18/2025 - 04:50 The rise of multi-cloud environments, hybrid infrastructures, and stricter regulatory requirements has made cryptographic key management a major priority for enterprises around the world. Without an effective enterprise key management (EKM) strategy, your organisation faces a higher risk of data breaches, non-compliance with regulations, and operational inefficiencies.

LifeWorks

More Trending

article thumbnail

Microsoft Defender vs. McAfee: Features, Pricing, Pros & Cons

eSecurity Planet

Microsoft Defender (previously called Windows Defender) and McAfee are device security solutions designed to protect devices from viruses, malware, and security threats. Simply put, they are antivirus solutions. As the name implies, Microsoft Defender helps users protect their devices against potential risks. It is a strong choice for Windows PC users looking for free, built-in protection with minimal setup.

article thumbnail

New Golang-based backdoor relies on Telegram for C2 communication

Security Affairs

Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade detection. The experts believe the new Go backdoor could have a Russian origin.

Malware 81
article thumbnail

A week in security (February 10 – February 16)

Malwarebytes

Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown (Lock and Code S06E03) Apple ordered to grant access to users encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in “extremely sophisticated attack” Gambling firms are secretly sharing your data with Facebook Fake Etsy invoice scam tricks sellers into sharing credit card information How AI was used in an advanced p

Scams 57
article thumbnail

whoAMI attack could allow remote code execution within AWS account

Security Affairs

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. Cybersecurity researchers at Datadog Security Labs devised a new name confusion attack technique, called whoAMI, that allows threat actors to execute arbitrary code execution within the Amazon Web Services (AWS) account by publishing an Amazon Machine Image ( AMI ) with a specific name.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Privacy Roundup: Week 7 of Year 2025

Security Boulevard

This is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 - 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and lar

article thumbnail

Best Policy Templates for Compliance: Essential Documents for Regulatory Success

Centraleyes

Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Yet, many organizations struggle with a disjointed approachpolicies scattered across departments, processes misaligned, and technology underutilized. Why Policy Management Maturity Matters Organizations with disconnected policies end up with fragments of truth instead of a cohesive narrative.

article thumbnail

Is Your AI App Safe? Analyzing Deepseek's Security Vulnerabilities

Appknox

Artificial Intelligence is reshaping how we interact with technology, from virtual assistants to advanced search engines. However, with great power comes great responsibilityparticularly when it comes to security. These apps often handle sensitive data, making them prime targets for cyberattacks. At Appknox, we're committed to ensuring that the latest AI applications are safe for users.

article thumbnail

Cybersecurity as a Business Imperative: Embracing a Risk Management Approach

Security Boulevard

Cybersecurity is much more than just a technical challenge. Its now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives. Shifting your organizations collective mindset around this concept is essential for long-term success.

Risk 52
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

South Korea Suspends DeepSeek AI Downloads Over Privacy Violations

The Hacker News

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement.

article thumbnail

How Slashing the SAT Budget Is Appreciated By Hackers

Security Boulevard

The Growing Need for Cybersecurity Awareness Training (SAT) In todays rapidly evolving cyber threat landscape, organizations are increasingly recognizing the critical importance of Cyber Security Awareness Training (SAT) as a fundamental defense strategy. Regulatory changes like NIS2 and DORA further emphasize this need for robust cybersecurity initiatives.

article thumbnail

Earth Preta Mixes Legitimate and Malicious Components to Sidestep Detection

Trend Micro

Our Threat Hunting team discusses Earth Pretas latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems.

Antivirus 103
article thumbnail

DEF CON 32 – Evading Modern Defenses When Phishing With Pixels

Security Boulevard

Authors/Presenters: Melvin Langvik Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Evading Modern Defenses When Phishing With Pixels appeared first on Security Boulevard.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Cybercriminals Exploit Onerror Event in Image Tags to Deploy Payment Skimmers

The Hacker News

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites.

Malware 103
article thumbnail

Bridging the Gap Between Security and Risk with CRQ

Security Boulevard

Cybersecurity and risk management are often treated as separate disciplines within organizations. Security teams focus on identifying and mitigating technical threats, while risk teams take a broader approach to evaluating business exposure. However, this disconnect creates a challenge: security teams struggle to communicate risk in a way that resonates with executives, while risk managers lack real-time insights into evolving cyber threats.

Risk 52
article thumbnail

New Golang-Based Backdoor Uses Telegram Bot API for Evasive C2 Operations

The Hacker News

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.

Malware 102
article thumbnail

Today is your last chance to buy a OnePlus Open and get another phone and pair of earbuds for free

Zero Day

Although the OnePlus Open 2 isn't coming this year, a free OnePlus Nord N30 and OnePlus Buds Pro 3 are available when you buy the original model during this Presidents' Day sale -- but don't wait.

102
102
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

CVE-2023-20198 & CVE-2023-20273: RedMike Attacks 1,000+ Cisco Devices in Global Espionage Campaign

Penetration Testing

Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt The post CVE-2023-20198 & CVE-2023-20273: RedMike Attacks 1,000+ Cisco Devices in Global Espionage Campaign appeared first on Cybersecurity News.

article thumbnail

I used Huawei's $3,000 tri-foldable, and it made every phone I've ever tested feel outdated

Zero Day

The Huawei Mate XT Ultimate proves tri-fold phones are more than just a gimmick - they could be the future of mobile computing.

Mobile 101
article thumbnail

⚡ THN Weekly Recap: Google Secrets Stolen, Windows Hack, New Crypto Scams and More

The Hacker News

Welcome to this weeks Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.

Hacking 96
article thumbnail

Meet the Cybersecurity Defender of 2025 for EMEA

Cisco Security

Cisco's 2025 EMEA Cybersecurity Defender of the Year award goes to the team at SAP Enterprise Cloud Services, who raised the bar for overall security posture.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

New Xerox Printer Flaws Could Let Attackers Capture Windows Active Directory Credentials

The Hacker News

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.

article thumbnail

LibreOffice Vulnerabilities (CVE-2024-12425 & CVE-2024-12426): PoCs Released, Patch ASAP

Penetration Testing

Cybersecurity researchers at Codean Labs have discovered two vulnerabilities in LibreOffice, allowing arbitrary file writes and remote data The post LibreOffice Vulnerabilities (CVE-2024-12425 & CVE-2024-12426): PoCs Released, Patch ASAP appeared first on Cybersecurity News.

article thumbnail

How I back up my photos on Android

Zero Day

If you're looking for a way to break ties with Google or want to take control of your Android photo backups, here's how.

Backups 93
article thumbnail

Black-Hat SEO Poisoning Indian Government and Financial Websites

Penetration Testing

Researchers at CloudSEK have uncovered a large-scale Search Engine Poisoning (SEP) campaign targeting Indian government, educational, and financial The post Black-Hat SEO Poisoning Indian Government and Financial Websites appeared first on Cybersecurity News.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!