Mon.Jan 06, 2025

article thumbnail

EAGERBEE, with updated and novel components, targets the Middle East

SecureList

Introduction In our recent investigation into the EAGERBEE backdoor , we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation.

Malware 140
article thumbnail

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. Unfortunately for the organization, the truth was found out. Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Nessus scanner agents went offline due to a faulty plugin update

Security Affairs

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to go offline. “We are aware of and actively investigating an issue with agents going offline after plugin updates for

Hacking 120
article thumbnail

4 Tips to Fortify the Human Element in Your Cybersecurity Posture

Security Boulevard

Four actionable tips that will enable you to enhance the human element of your cybersecurity posture, transforming potential vulnerabilities into robust defenses. The post 4 Tips to Fortify the Human Element in Your Cybersecurity Posture appeared first on Security Boulevard.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

6 reasons why SMBs love OpenText MDR

Webroot

In todays digital-first world, small and medium-sized businesses (SMBs) face cybersecurity challenges that grow more complex by the day. SMBs are prime targets for attackers hoping to gain a foothold inside any organization that doesnt have extensive security measures. As threats increase, so does the need for comprehensive, reliable, and accessible protection.

article thumbnail

China’s Salt Typhoon Attacks Guam entity; US Sanctions Chinese Company

Security Boulevard

China is continuing to target U.S. entities in its efforts regarding Taiwan, including using state-sponsored Flax Typhoon to compromise Guam infrastructure. U.S. are pushing back, with the Treasury Department sanctioning a Chinse cybersecurity firm accused of aiding in some of the attacks. The post Chinas Salt Typhoon Attacks Guam entity; US Sanctions Chinese Company appeared first on Security Boulevard.

LifeWorks

More Trending

article thumbnail

WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps

Security Boulevard

A WordPress plugin known as PhishWP, has been discovered on Russian cybercrime forums and is being exploited by cybercriminals to steal sensitive data from unsuspecting users. The post WordPress Plugin Exploited to Turn Legitimate Sites Into Phishing Traps appeared first on Security Boulevard.

Phishing 119
article thumbnail

The 5 Fastest VPNs for 2025

Tech Republic Security

Explore the fastest VPNs for secure, high-speed browsing. Discover VPN services that protect your data and ensure smooth streaming and safe internet access.

VPN 174
article thumbnail

Poor Cyber Hygiene can Cost Organizations up to an Average of $677 Million 

Security Boulevard

Knowing that insider threats and poor cyber hygiene are well-known as some of the worst threat vectors, prioritizing security controls that can keep pace with modern threats is fundamental for all organizations moving forward. The post Poor Cyber Hygiene can Cost Organizations up to an Average of $677 Million appeared first on Security Boulevard.

article thumbnail

Eagerbee backdoor targets govt entities and ISPs in the Middle East

Security Affairs

Experts spotted new variants of the Eagerbee backdoor being used in attacks on government organizations and ISPs in the Middle East. Kaspersky researchers reported that new variants of the Eagerbee backdoor being used in attacks against Internet Service Providers (ISPs) and government entities in the Middle East. The Kaspersky’s analysis revealed new attack components, including a service injector for backdoor deployment and plugins for payload delivery, file/system access, and remote cont

Malware 63
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

DigiCert Open Sources Domain Control Validation Software

Security Boulevard

DigiCert has made available a Domain Control Validation (DCV) library under an open-source software license as part of a larger effort to enable certificate authorities (CAs) to reduce total costs. The post DigiCert Open Sources Domain Control Validation Software appeared first on Security Boulevard.

Software 107
article thumbnail

CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys

Penetration Testing

Popular VPN client app, OpenVPN Connect, patched a critical security flaw that could have exposed users’ private keys The post CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys appeared first on Cybersecurity News.

VPN 145
article thumbnail

Meet PhishWP – The New WordPress Plugin That’s Turning Legit Sites into Phishing Traps

Security Boulevard

One morning, you decide to make a purchase from a seemingly reputable online store. The website displays a familiar checkout interface resembling Stripes payment process. You enter your payment details, feeling confident in the websites legitimacy: Credit card number Expiration date CVV Billing address You even enter a one-time password (OTP) sent to your phone, [] The post Meet PhishWP The New WordPress Plugin Thats Turning Legit Sites into Phishing Traps first appeared on SlashNext.

article thumbnail

FireScam Android Malware Poses as Telegram Premium to Steal Data and Control Devices

The Hacker News

An Android information stealing malware named FireScam has been found masquerading as a premium version of the Telegram messaging app to steal data and maintain persistent remote control over compromised devices. "Disguised as a fake 'Telegram Premium' app, it is distributed through a GitHub.

Malware 124
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Dark Web Dangers Aren’t as Hidden as You Think

Security Boulevard

While it occupies only a sliver of the internet, the dark web has become a growing threat to businesses everywhere. The post Dark Web Dangers Arent as Hidden as You Think appeared first on Security Boulevard.

Internet 128
article thumbnail

Vulnerability Overload: 40,000+ CVEs in 2024

Penetration Testing

Security researcher Jerry Gamblin has released his annual CVE data review. 2024 saw an unprecedented surge in published The post Vulnerability Overload: 40,000+ CVEs in 2024 appeared first on Cybersecurity News.

article thumbnail

Beware the Rise of the Autonomous Cyber Attacker  

Security Boulevard

AIs growing sophistication signals a future in which networks can be compromised autonomously, and the industry must prepare for this near-term reality. The post Beware the Rise of the Autonomous Cyber Attacker appeared first on Security Boulevard.

article thumbnail

Moxa Alerts Users to High-Severity Vulnerabilities in Cellular and Secure Routers

The Hacker News

Taiwan-based Moxa has warned of two security vulnerabilities impacting its cellular routers, secure routers, and network security appliances that could allow privilege escalation and command execution. The list of vulnerabilities is as follows - CVE-2024-9138 (CVSS 4.0 score: 8.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

MSI goes big at CES 2025 with its lineup of new 18-inch gaming laptops

Zero Day

MSI's fleet of gaming laptops features top-of-the-line Intel and AMD processors, including one inscribed with Norse runes and a massive dragon's eye.

119
119
article thumbnail

Cybercriminals Target Ethereum Developers with Fake Hardhat npm Packages

The Hacker News

Cybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation's Hardhat tool in order to steal sensitive data from developer systems.

article thumbnail

The new Amazfit Active 2 smartwatch is affordable and packed with surprises

Zero Day

Health tech brand Amazfit unveiled its second-generation smartwatch, the Active 2, at CES. The smartwatch improves on accuracy, algorithms, and activity-tracking.

115
115
article thumbnail

Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste

Penetration Testing

The Free Software Foundation (FSF) is fresh off a successful International Day Against DRM (IDAD), held on December The post Windows 11’s TPM 2.0: Free Software Foundation Fights Forced Upgrades and E-Waste appeared first on Cybersecurity News.

Software 114
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

In Memory of Amit Yoran: A Visionary Cybersecurity Leader

SecureWorld News

The cybersecurity world mourns the loss of Amit Yoran, a trailblazing leader whose visionary approach and passion for the industry left an indelible mark. Yoran, who passed away on January 3, 2025, at the age of 54 after a battle with cancer, was renowned for his transformational leadership at Tenable, RSA, and beyond. His career reflected a profound commitment to advancing digital security and shaping the future of cybersecurity.

article thumbnail

My favorite headphones for deep work and gaming get a travel-friendly upgrade

Zero Day

JBL adds an audio transmitter to its Tour One M3 headphones that travelers can use during in-flight entertainment.

111
111
article thumbnail

From $22M in Ransom to +100M Stolen Records: 2025's All-Star SaaS Threat Actors to Watch

The Hacker News

In 2024, cyber threats targeting SaaS surged, with 7,000 password attacks blocked per second (just in Entra ID)a 75% increase from last yearand phishing attempts up by 58%, causing $3.5 billion in losses (source: Microsoft Digital Defense Report 2024). SaaS attacks are increasing, with hackers often evading detection through legitimate usage patterns.

article thumbnail

This MagSafe accessory transforms your iPhone into a point-and-shoot camera (sort of)

Zero Day

Belkin's multi-functional Stage PowerGrip is the perfect accessory for camera-loving content creators - and could be the coolest mobile accessory yet at CES 2025.

Mobile 111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions

Penetration Testing

MediaTek has released its January 2025 Product Security Bulletin, addressing a range of security vulnerabilities affecting its various The post CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions appeared first on Cybersecurity News.

article thumbnail

HP shows off three next-gen laptops and revamps it desktops at CES 2025

Zero Day

HP starts the year strong by giving its EliteBook series an AI boost alongside the new OmniStudio X, which could allow it to dominate the all-in-one space.

110
110
article thumbnail

India Proposes Digital Data Rules with Tough Penalties and Cybersecurity Requirements

The Hacker News

The Indian government has published a draft version of the Digital Personal Data Protection (DPDP) Rules for public consultation. "Data fiduciaries must provide clear and accessible information about how personal data is processed, enabling informed consent," India's Press Information Bureau (PIB) said in a statement released Sunday.

article thumbnail

How a Chrome extension malware scare ruined my day - and what I did next

Zero Day

When Chrome flagged an extension for malware, it triggered hours of cleanup. Learn how to check your extensions, clear malware, and keep your browser secure for the future.

Malware 105
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!