Malwarebytes

JANUARY 20, 2025

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report looking into that practice. In July 2024, the FTC requested information from eight companies offering surveillance pricing products and services that incorporate data about consumers characteristics and behavi

Surveillance 120

Surveillance Artificial Intelligence Consumer Protection Data collection 120

Penetration Testing

JANUARY 20, 2025

Security researcher Joward has published an in-depth analysis and Proof of Concept (PoC) exploit for a critical vulnerability, The post TP-Link Vulnerability: PoC Exploit for CVE-2024-54887 Reveals Remote Code Execution Risks appeared first on Cybersecurity News.

Risk 145

Risk Cybersecurity 145

Security Affairs

JANUARY 20, 2025

Researchers linked the threat actor DoNot Teamto a new Android malware that was employed in highly targeted cyber attacks. CYFIRMA researchers linked a recently discovered Android malware to the Indian APT group known as DoNot Team. The Donot Team (aka APT-C-35 and Origami Elephant) has been active since 2016, it focuses ongovernment and military organizations, ministries of foreign affairs, and embassies in India, Pakistan, Sri Lanka, Bangladesh, and other South Asian countries.

Malware 115

Malware Cyber Attacks Mobile Phishing 115

Security Boulevard

JANUARY 20, 2025

It is essential to address credential stuffing directly and collaborate with the broader iGaming community to mitigate its risks. The post From Dark Web to Jackpot: How Cybercriminals Exploit Stolen Credentials in iGaming appeared first on Security Boulevard.

Risk 116

Risk Security Awareness Cybersecurity 116

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

JANUARY 20, 2025

Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain funds from victims’ wallets. The malicious npm packages allowed the threat actors to exfiltrate Solana private keys via Gmail.

Authentication 102

Authentication Malware Hacking Accountability 102

Security Boulevard

JANUARY 20, 2025

This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 - 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and la

Surveillance 97

Surveillance Malware Data breaches Scams 97

Heimadal Security

JANUARY 20, 2025

BARCELONA, Spain, and COPENHAGEN, Denmark, January 20, 2025 Heimdal, a leading cybersecurity company, has partnered with Interbel, a Spanish cybersecurity and Email value added distributor with over 27 years of experience. Together, they will deliver powerful and user-friendly cybersecurity solutions to businesses across Spain, addressing the rising challenges of sophisticated cyber threats and complex […] The post Heimdal and Interbel Partner to Secure Spanish Businesses Against Rising C

Cyber threats 109

Cyber threats Cybersecurity 109

Penetration Testing

JANUARY 20, 2025

Oracle has released its Critical Patch Update Pre-Release Announcement for January 2025, providing advance notice of the crucial The post Oracle’s January 2025 Critical Patch Update: Addressing 320 Security Vulnerabilities appeared first on Cybersecurity News.

Cybersecurity 100

Cybersecurity Financial Services 100

Heimadal Security

JANUARY 20, 2025

Third-party security questionnaires and the number of audits that are growing every year are killing everybody’s soul! – Larisa Mihai, Cyber Compliance Expert In October 2024, European Union member states had a deadline to transpose the NIS2 Directive into national law. Although not all countries have begun enforcing the rules, it will eventually become the […] The post How to Prepare for NIS2 Audits – A Compliance Expert’s View appeared first on Heimdal Security Bl

Cybersecurity 95

Cybersecurity 95

Malwarebytes

JANUARY 20, 2025

Last week on Malwarebytes Labs: iMessage text gets recipient to disable phishing protection so they can be phished The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01) Insurance company accused of using secret software to illegally collect and sell location data on millions of Americans The great Google Ads heist: criminals ransack advertiser accounts via fake Google ads PlugX malware deleted from thousands of systems by FBI Avery had credit card skimmer stuck

Insurance 76

Insurance Phishing Advertising Encryption 76

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive [] The post Information Security Manual (ISM) appeared first on Centraleyes.

Information Security 59

Information Security Healthcare Cyber threats Government 59

The Hacker News

JANUARY 20, 2025

New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks.

Internet 133

Internet Internet 133

Centraleyes

JANUARY 20, 2025

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive data protection is critical.

Information Security 52

Information Security Cyber threats Government Small Business 52

Penetration Testing

JANUARY 20, 2025

A recently patched vulnerability in popular error tracking and performance monitoring platform Sentry could have allowed attackers to The post CVE-2025-22146 (CVSS 9.1): Critical Sentry Vulnerability Allowed Account Takeovers appeared first on Cybersecurity News.

Accountability 125

Accountability Cybersecurity 125

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

The Hacker News

JANUARY 20, 2025

Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage loader dubbed PNGPlug to deliver the ValleyRAT payload, Intezer said in a technical report published last week.

Malware 124

Malware Software Cyber Attacks Phishing 124

Security Boulevard

JANUARY 20, 2025

With the continued mainstreaming of data privacy concerns, nearly all consumer-facing organizations will be forced to treat data GPS as a first-class initiative within their businesses. The post The 2025 Themes on Data GPS appeared first on Security Boulevard.

Data privacy 114

Data privacy Government Cybersecurity 114

The Hacker News

JANUARY 20, 2025

The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October and December 2024 by cybersecurity company Cyfirma.

Malware 120

Malware Cyber Attacks Cybersecurity 120

Penetration Testing

JANUARY 20, 2025

Popular file archiver, 7-Zip, contained a flaw that could have allowed attackers to slip malware past Windows’ security The post CVE-2025-0411: 7-Zip Security Vulnerability Enables Code Execution Update Now appeared first on Cybersecurity News.

Malware 109

Malware Cybersecurity 109

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JANUARY 20, 2025

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.

Social Engineering 120

Social Engineering Scams Engineering Cybersecurity 120

Penetration Testing

JANUARY 20, 2025

The behavior of ChatGPTs web crawler can be exploited through a discovered vulnerability: under specific query conditions, OpenAI’s The post ChatGPT Crawler Vulnerability: DDoS Attacks via HTTP Requests appeared first on Cybersecurity News.

DDOS 106

DDOS Cybersecurity 106

The Hacker News

JANUARY 20, 2025

As the digital world becomes more complicated, the lines between national security and cybersecurity are starting to fade. Recent cyber sanctions and intelligence moves show a reality where malware and fake news are used as tools in global politics. Every cyberattack now seems to have deeper political consequences.

Cybersecurity 107

Cybersecurity Government Malware 107

Penetration Testing

JANUARY 20, 2025

IBM has disclosed multiple critical vulnerabilities affecting its Sterling Secure Proxy (SSP), a critical solution for secure data The post IBM Sterling Secure Proxy Faces Multiple Critical Vulnerabilities: A Call for Immediate Action appeared first on Cybersecurity News.

Cybersecurity 88

Cybersecurity 88

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

The Hacker News

JANUARY 20, 2025

Every week seems to bring news of another data breach, and its no surprise why: securing sensitive data has become harder than ever. And its not just because companies are dealing with orders of magnitude more data. Data flows and user roles are constantly shifting, and data is stored across multiple technologies and cloud environments.

Data breaches 104

Data breaches Technology 104

Penetration Testing

JANUARY 20, 2025

The U.S. Department of State has announced sanctions against two Chinese entities, Yin Kecheng and Sichuan Juxinhe Network The post US Sanctions Chinese Hackers for Cyber Espionage Campaign appeared first on Cybersecurity News.

Cybersecurity 73

Cybersecurity 73

Security Boulevard

JANUARY 20, 2025

Can Effective Non-Human Identities and Secrets Management Bolster Your Cloud-Native Security Practices? The revolution in technology has seen a significant shift in business operations, with many organizations adopting cloud-native applications. These applications offer various benefits, including scalability, versatility, and cost-efficiency. However, they also open a Pandoras box of security threats.

Technology 69

Technology Cybersecurity 69

Penetration Testing

JANUARY 20, 2025

The eSentire Threat Response Unit (TRU) has uncovered a new malware campaign leveraging a tool called MintsLoader to The post MintsLoader Campaign Targets Critical Sectors with Sophisticated Malware Delivery appeared first on Cybersecurity News.

Malware 70

Malware Cybersecurity 70

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Boulevard

JANUARY 20, 2025

With the AI revolution comes hidden security risks. Employees are embracing AI faster than businesses can secure it, exposing critical gaps in governance. The post The AI Revolution No One Saw Coming Until It Was Too Late appeared first on Security Boulevard.

Government 69

Government Risk 69

Penetration Testing

JANUARY 20, 2025

In a recent discovery, a phishing website targeting Homebrew, an open-source package manager for macOS, was found to The post Homebrew Phishing Site Appears in Google Search, Raising Concerns appeared first on Cybersecurity News.

Phishing 68

Phishing Cybersecurity Malware 68

Security Boulevard

JANUARY 20, 2025

The post Mobile Cybersecurity Trends for 2025: Key Predictions and Preparations appeared first on Security Boulevard.

Mobile 64

Mobile Cybersecurity 64

Penetration Testing

JANUARY 20, 2025

The Open Web Application Security Project (OWASP) has released its updated list of the top 10 vulnerabilities affecting The post OWASP Unveils Top 10 Smart Contract Vulnerabilities for 2025 appeared first on Cybersecurity News.

Cybersecurity 65

Cybersecurity 65

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!