Malwarebytes

JANUARY 15, 2025

Table of contents Overview Criminals impersonate Google Ads Lures hosted on Google Sites Phishing for Google account credentials Victimology Who is behind these campaigns? Fuel for other malware and scam campaigns Indicators of Compromise Overview Online criminals are targeting individuals and businesses that advertise via Google Ads by phishing them for their credentials ironically via fraudulent Google ads.

Advertising 131

Advertising Accountability Phishing Scams 131

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world. At the beginning of the year, and as a positive start for us, and in order to solidify the name of our group in your memory, we are proud to announce our first offi

VPN 131

VPN Passwords Firewall Firmware 131

The Last Watchdog

JANUARY 15, 2025

Tel Aviv, Israel, Jan. 15, 2025, CyberNewswire — Sweet Security , a leader in cloud runtime detection and response, today announced the launch of its groundbreaking patent-pending Large Language Model (LLM)-powered cloud detection engine. This innovation enhances Sweet’s unified detection and response solution, enabling it to reduce cloud detection noise to an unprecedented 0.04%.

Engineering 130

Engineering Media Marketing Accountability 130

Security Boulevard

JANUARY 15, 2025

Sweet Security today added a cloud detection engine to its cybersecurity portfolio that makes use of a large language model (LLM) to identify potential threats in real-time. The post Sweet Security Leverages LLM to Improve Cloud Security appeared first on Security Boulevard.

Engineering 124

Engineering Cybersecurity 124

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Security Affairs

JANUARY 15, 2025

Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities, including three actively exploited issues. Microsoft Patch Tuesday security updates for January 2025 addressed 161 vulnerabilities in Windows and Windows Components, Office and Office Components, Hyper-V, SharePoint Server,NET and Visual Studio, Azure, BitLocker, Remote Desktop Services, and Windows Virtual Trusted Platform Module. 11 of these vulnerabilities are rated Critical, and the other are rated Impor

Authentication 113

Authentication Hacking Information Security 113

The Last Watchdog

JANUARY 15, 2025

Prague, Czech Republic, Jan. 15, 2025, CyberNewswire — Quantum computing is set to revolutionize technology, but it also presents a significant security risk for financial institutions. Czech cybersecurity startup Wultra has raised 3 million from Tensor Ventures, Elevator Ventures, and J&T Ventures to accelerate the development of its post-quantum authentication technology, safeguarding banks and fintech against the coming wave of quantum threats.

Banking 130

Banking Authentication Technology Marketing 130

The Last Watchdog

JANUARY 15, 2025

Silver Spring, MD, Jan. 15, 2025, CyberNewswire — Aembit , the non-human identity and access management (IAM) company, unveiled the full agenda for NHIcon 2025, a virtual event dedicated to advancing non-human identity security, streaming live on Jan. 28 and headlined by industry luminary Kevin Mandia. NHIcon 2025 is co-presented by Aembit and Veza , alongside industry partners Identity Defined Security Alliance and Cloud Security Alliance.

Accountability 130

Accountability Software Risk Media 130

Security Affairs

JANUARY 15, 2025

Microsoft disclosed details of a vulnerability in Apple macOS that could have allowed an attacker to bypass the OS’s System Integrity Protection ( SIP ). Microsoft disclosed details of a now-patched macOS flaw, tracked as CVE-2024-44243 (CVSS score: 5.5), that allows attackers with “root” access to bypass System Integrity Protection ( SIP ).

Malware 113

Malware Hacking Information Security 113

Schneier on Security

JANUARY 15, 2025

A very security-conscious company was hit with a (presumed) massive state-actor phishing attack with gift cards, and everyone rallied to combat it—until it turned out it was company management sending the gift cards.

Phishing 267

Phishing 267

Security Boulevard

JANUARY 15, 2025

Dont Mess With Texas Privacy: We will hold all these companies accountable, rants state attorney general Ken Paxton (pictured). The post Allstate Violates Drivers Privacy, Texas AG Alleges appeared first on Security Boulevard.

Accountability 96

Accountability Insurance Social Engineering Spyware 96

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Tech Republic Security

JANUARY 15, 2025

The proposed HIPAA Security Rule introduces mandatory measures that reflect the growing sophistication of cyber threats in health care.

Cyber threats 187

Cyber threats Cybersecurity Artificial Intelligence Insurance 187

Zero Day

JANUARY 15, 2025

Ready to transform how you use AI tools?

Artificial Intelligence 142

Artificial Intelligence 142

Tech Republic Security

JANUARY 15, 2025

AI cloning and deepfakes rank among the top challenges for Australian cybersecurity professionals in 2025.

Cybersecurity 183

Cybersecurity Cyber threats Risk 183

Cisco Security

JANUARY 15, 2025

Cisco AI Defense is a single, end-to-end solution that helps your organization understand and mitigate risk on both the user and application levels.

Risk 140

Risk Artificial Intelligence 140

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Tech Republic Security

JANUARY 15, 2025

The proposed mandate intends to discourage criminals from targeting critical national infrastructure and public services, as there will be no financial motivation.

Ransomware 179

Ransomware Cybersecurity 179

Zero Day

JANUARY 15, 2025

If you want to get the most out of your system while keeping it clean, free of junk, and running smoothly, Stacer is the tool for you.

128

128

Tech Republic Security

JANUARY 15, 2025

Microsofts monthly patches cover Hyper-V NT Kernel Integration VSPs, Git in Visual Studio, and more.

Software 166

Software 166

Zero Day

JANUARY 15, 2025

The end of support is near for more than just Windows 10. But there's no need to panic.

126

126

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

The Hacker News

JANUARY 15, 2025

Cybersecurity researchers have detailed an attack that involved a threat actor utilizing a Python-based backdoor to maintain persistent access to compromised endpoints and then leveraged this access to deploy the RansomHub ransomware throughout the target network.

Malware 126

Malware Ransomware Cybersecurity 126

Zero Day

JANUARY 15, 2025

If you've ever wanted to try Arch Linux but were afraid of the installation process, there's a handy script to help ease this task.

126

126

The Hacker News

JANUARY 15, 2025

The North Korea-linked Lazarus Group has been attributed to a new cyber attack campaign dubbed Operation 99 that targeted software developers looking for freelance Web3 and cryptocurrency work to deliver malware.

Cryptocurrency 122

Cryptocurrency Cyber Attacks Malware Software 122

Zero Day

JANUARY 15, 2025

Peace out, Meta. It's been weird.

124

124

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Boulevard

JANUARY 15, 2025

LLMs are becoming very powerful and reliable, and multi-agent systems multiple LLMs having a major impact tackling complex tasks are upon us, for better and worse. The post Infectious Prompt Injection Attacks on Multi-Agent AI Systems appeared first on Security Boulevard.

Security Awareness 121

Security Awareness Cybersecurity 121

Zero Day

JANUARY 15, 2025

Instead of buying an all-new processor, this thumb-sized 1TB storage drive gave my old PC a much-needed speed boost.

122

122

Penetration Testing

JANUARY 15, 2025

Veeam, a prominent player in data management and backup solutions, has recently disclosed a critical vulnerability in its The post Veeam Releases Patch for High-Risk SSRF Vulnerability CVE-2025-23082 in Azure Backup Solution appeared first on Cybersecurity News.

Backups 121

Backups Risk Cybersecurity 121

The Hacker News

JANUARY 15, 2025

Cybersecurity researchers have alerted to a new malvertising campaign that's targeting individuals and businesses advertising via Google Ads by attempting to phish for their credentials via fraudulent ads on Google.

Scams 119

Scams Advertising Phishing Accountability 119

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Penetration Testing

JANUARY 15, 2025

Cybersecurity expert Kevin Beaumont has reported that over 15,000 FortiGate firewall configurations, including VPN credentials, have been publicly The post 15,000 FortiGate Firewalls Exposed: Massive Leak Includes VPN Credentials appeared first on Cybersecurity News.

Firewall 121

Firewall VPN Cybersecurity 121

The Hacker News

JANUARY 15, 2025

As many as six security vulnerabilities have been disclosed in the popular Rsync file-synchronizing tool for Unix systems, some of which could be exploited to execute arbitrary code on a client. "Attackers can take control of a malicious server and read/write arbitrary files of any connected client," the CERT Coordination Center (CERT/CC) said in an advisory.

117

117

Penetration Testing

JANUARY 15, 2025

Gradio, a popular open-source Python library for creating machine learning demos and web applications, has recently patched a The post CVE-2025-23042 (CVSS 9.1): Gradio Patches Critical ACL Bypass Flaw in Popular Machine Learning Platform appeared first on Cybersecurity News.

Cybersecurity 116

Cybersecurity 116

Security Boulevard

JANUARY 15, 2025

A Chinese-based threat group called Mustang Panda was using a variant of the PlugX malware to infected U.S. Windows computers and steal information. The FBI, with help from French authorities and a private company, deleted the malicious code from more than 4,200 systems. The post FBI Deletes PlugX Malware From Computers Infected by China Group appeared first on Security Boulevard.

Malware 114

Malware Security Awareness Cybercrime Cybersecurity 114

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!