SecureWorld News

FEBRUARY 17, 2025

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape. We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks.

Government 87

Government Cybersecurity Risk CISO 87

Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tacticencrypting data while stealing sensitive informationto pressure victims with the threat of public exposure.

Ransomware 83

Ransomware Malware Risk Accountability 83

Security Boulevard

FEBRUARY 17, 2025

Each IT and security team has its function, but unless they row in unison aligning on strategy, focus and execution the organization will flounder. The post Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration appeared first on Security Boulevard.

Security Awareness 99

Security Awareness Risk Cybersecurity 99

Security Affairs

FEBRUARY 17, 2025

Microsoft discovered a new variant of the Apple macOS malwareXCSSETthat was employed in limited attacks in the wild. Microsoft Threat Intelligence discovered a new variant of the macOS malware XCSSET in attacks in the wild. XCSSET is a sophisticated modular macOS malware that targets users by infecting Xcode projects, it has been active since at least 2022.

Malware 71

Malware Hacking Software 71

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

FEBRUARY 17, 2025

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

Surveillance 207

Surveillance Technology 207

Security Affairs

FEBRUARY 17, 2025

Dutch police seized 127 servers of the bulletproof hosting service Zservers/XHost after government sanctions. On February 11, 2025, the US, UK, and Australia sanctioned a Russian bulletproof hosting services provider and two Russian administrators because they supported Russian ransomware LockBit operations. Alexander Igorevich Mishinand Aleksandr Sergeyevich Bolshakovare the two Russian nationals and administrators of Zservers. “ Zservers , headquartered in Barnaul, Russia, has advertise

Cybercrime 73

Cybercrime Ransomware Hacking Advertising 73

Security Affairs

FEBRUARY 17, 2025

Netskope Threat Labs researchers discovered a Golang-based backdoor using Telegram for C2 communication, possibly of Russian origin. Netskope Threat Labs found a Golang-based backdoor using Telegram for C2. The malware, still in development but functional, exploits cloud apps to evade detection. The experts believe the new Go backdoor could have a Russian origin.

Malware 82

Malware Hacking Cybercrime Information Security 82

eSecurity Planet

FEBRUARY 17, 2025

Microsoft Defender (previously called Windows Defender) and McAfee are device security solutions designed to protect devices from viruses, malware, and security threats. Simply put, they are antivirus solutions. As the name implies, Microsoft Defender helps users protect their devices against potential risks. It is a strong choice for Windows PC users looking for free, built-in protection with minimal setup.

Antivirus 67

Antivirus Identity Theft VPN Spyware 67

Security Affairs

FEBRUARY 17, 2025

Researchers warn that the whoAMI attack lets attackers publish an AMI with a specific name to execute code in an AWS account. Cybersecurity researchers at Datadog Security Labs devised a new name confusion attack technique, called whoAMI, that allows threat actors to execute arbitrary code execution within the Amazon Web Services (AWS) account by publishing an Amazon Machine Image ( AMI ) with a specific name.

Accountability 63

Accountability Hacking Cybersecurity Information Security 63

Malwarebytes

FEBRUARY 17, 2025

Last week on Malwarebytes Labs: A suicide reveals the lonely side of AI chatbots, with Courtney Brown (Lock and Code S06E03) Apple ordered to grant access to users encrypted data Phishing evolves beyond email to become latest Android app threat Apple fixes zero-day vulnerability used in “extremely sophisticated attack” Gambling firms are secretly sharing your data with Facebook Fake Etsy invoice scam tricks sellers into sharing credit card information How AI was used in an advanced p

Scams 60

Scams Phishing Ransomware Encryption 60

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

FEBRUARY 17, 2025

This is a news item roundup of privacy or privacy-related news items for 9 FEB 2025 - 15 FEB 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and lar

Surveillance 52

Surveillance Data breaches VPN Malware 52

Centraleyes

FEBRUARY 17, 2025

Policy management is the sturdy scaffolding that supports governance, risk, and compliance (GRC) objectives while shaping corporate culture and ensuring adherence to regulatory obligations. Yet, many organizations struggle with a disjointed approachpolicies scattered across departments, processes misaligned, and technology underutilized. Why Policy Management Maturity Matters Organizations with disconnected policies end up with fragments of truth instead of a cohesive narrative.

Architecture 52

Architecture Government Risk Technology 52

Appknox

FEBRUARY 17, 2025

Artificial Intelligence is reshaping how we interact with technology, from virtual assistants to advanced search engines. However, with great power comes great responsibilityparticularly when it comes to security. These apps often handle sensitive data, making them prime targets for cyberattacks. At Appknox, we're committed to ensuring that the latest AI applications are safe for users.

Artificial Intelligence 52

Artificial Intelligence Engineering Technology Mobile 52

Security Boulevard

FEBRUARY 17, 2025

Cybersecurity is much more than just a technical challenge. Its now a critical business imperative that requires a strategic risk management approach. By integrating cybersecurity into broader risk management frameworks, you can proactively address threats, improve resilience, and align your security efforts with your core business objectives. Shifting your organizations collective mindset around this concept is essential for long-term success.

Risk 52

Risk Cybersecurity 52

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

FEBRUARY 17, 2025

South Korea has formally suspended new downloads of Chinese artificial intelligence (AI) chatbot DeepSeek in the country until the service makes changes to its mobile apps to comply with data protection regulations. Downloads have been paused as of February 15, 2025, 6:00 p.m. local time, the Personal Information Protection Commission (PIPC) said in a statement.

Artificial Intelligence 119

Artificial Intelligence Mobile 119

Security Boulevard

FEBRUARY 17, 2025

The Growing Need for Cybersecurity Awareness Training (SAT) In todays rapidly evolving cyber threat landscape, organizations are increasingly recognizing the critical importance of Cyber Security Awareness Training (SAT) as a fundamental defense strategy. Regulatory changes like NIS2 and DORA further emphasize this need for robust cybersecurity initiatives.

Security Awareness 59

Security Awareness Cyber threats Cybersecurity Cyber Attacks 59

Trend Micro

FEBRUARY 17, 2025

Our Threat Hunting team discusses Earth Pretas latest technique, in which the APT group leverages MAVInject and Setup Factory to deploy payloads, bypass ESET antivirus, and maintain control over compromised systems.

Antivirus 116

Antivirus 116

Security Boulevard

FEBRUARY 17, 2025

Authors/Presenters: Melvin Langvik Our sincere appreciation to DEF CON , and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conferences events located at the Las Vegas Convention Center ; and via the organizations YouTube channel. Permalink The post DEF CON 32 – Evading Modern Defenses When Phishing With Pixels appeared first on Security Boulevard.

Phishing 52

Phishing Education Cybersecurity 52

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

FEBRUARY 17, 2025

Cybersecurity researchers have flagged a credit card stealing malware campaign that has been observed targeting e-commerce sites running Magento by disguising the malicious content within image tags in HTML code in order to stay under the radar. MageCart is the name given to a malware that's capable of stealing sensitive payment information from online shopping sites.

Malware 110

Malware Cybersecurity 110

Security Boulevard

FEBRUARY 17, 2025

Cybersecurity and risk management are often treated as separate disciplines within organizations. Security teams focus on identifying and mitigating technical threats, while risk teams take a broader approach to evaluating business exposure. However, this disconnect creates a challenge: security teams struggle to communicate risk in a way that resonates with executives, while risk managers lack real-time insights into evolving cyber threats.

Risk 52

Risk Cyber threats Cybersecurity Cyber Risk 52

The Hacker News

FEBRUARY 17, 2025

Cybersecurity researchers have shed light on a new Golang-based backdoor that uses Telegram as a mechanism for command-and-control (C2) communications. Netskope Threat Labs, which detailed the functions of the malware, described it as possibly of Russian origin.

Malware 109

Malware Cybersecurity 109

Zero Day

FEBRUARY 17, 2025

Although the OnePlus Open 2 isn't coming this year, a free OnePlus Nord N30 and OnePlus Buds Pro 3 are available when you buy the original model during this Presidents' Day sale -- but don't wait.

104

104

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

FEBRUARY 17, 2025

Welcome to this weeks Cybersecurity News Recap. Discover how cyber attackers are using clever tricks like fake codes and sneaky emails to gain access to sensitive data. We cover everything from device code phishing to cloud exploits, breaking down the technical details into simple, easy-to-follow insights.

Hacking 103

Hacking Scams Phishing Cyber Attacks 103

Zero Day

FEBRUARY 17, 2025

The Huawei Mate XT Ultimate proves tri-fold phones are more than just a gimmick - they could be the future of mobile computing.

Mobile 101

Mobile 101

The Hacker News

FEBRUARY 17, 2025

Security vulnerabilities have been disclosed in Xerox VersaLink C7025 Multifunction printers (MFPs) that could allow attackers to capture authentication credentials via pass-back attacks via Lightweight Directory Access Protocol (LDAP) and SMB/FTP services.

Authentication 101

Authentication 101

Penetration Testing

FEBRUARY 17, 2025

Cybersecurity researchers at Insikt Group have identified an ongoing cyber espionage campaign by RedMike (also tracked as Salt The post CVE-2023-20198 & CVE-2023-20273: RedMike Attacks 1,000+ Cisco Devices in Global Espionage Campaign appeared first on Cybersecurity News.

Cybersecurity 96

Cybersecurity 96

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

The Hacker News

FEBRUARY 17, 2025

Cyber threats evolvehas your defense strategy kept up? A new free guide available here explains why Continuous Threat Exposure Management (CTEM) is the smart approach for proactive cybersecurity. This concise report makes a clear business case for why CTEMs comprehensive approach is the best overall strategy for shoring up a businesss cyber defenses in the face of evolving attacks.

CISO 94

CISO Cyber threats Cybersecurity 94

Penetration Testing

FEBRUARY 17, 2025

Cybersecurity researchers at Codean Labs have discovered two vulnerabilities in LibreOffice, allowing arbitrary file writes and remote data The post LibreOffice Vulnerabilities (CVE-2024-12425 & CVE-2024-12426): PoCs Released, Patch ASAP appeared first on Cybersecurity News.

Cybersecurity 94

Cybersecurity 94

Zero Day

FEBRUARY 17, 2025

If you're looking for a way to break ties with Google or want to take control of your Android photo backups, here's how.

Backups 93

Backups 93

The Hacker News

FEBRUARY 17, 2025

Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat Intelligence team said in a post shared on X.

Malware 93

Malware 93

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!