Schneier on Security
JANUARY 17, 2025
I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work.
Malwarebytes
JANUARY 17, 2025
A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations (NGOs), according to new details revealed by Microsoft. The group, which Microsoft tracks by the name “Star Blizzard,” is also referred to as Coldriver by other researchers.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
SecureList
JANUARY 17, 2025
Introduction This report covers the research of the Mercedes-Benz Head Unit, which was made by our team. Mercedes-Benz’s latest Head Unit (infotainment system) is called Mercedes-Benz User Experience (MBUX). We performed analysis of the first generation MBUX. MBUX was previously analysed by KeenLab. Their report is a good starting point for diving deep into the MBUX internals and understanding the architecture of the system.
Security Affairs
JANUARY 17, 2025
Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Security Boulevard
JANUARY 17, 2025
Most consumers are still unaware of their own role in cybersecurity incidents and continue to place primary blame on external bad actors. The post Cybersecurity Breaches Degrade Consumer Trust, but Apathy Rises appeared first on Security Boulevard.
Security Affairs
JANUARY 17, 2025
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
JANUARY 17, 2025
noyb files complaints against TikTok, AliExpress, and other Chinese companies for illegal EU user data transfers to China, violating data protection laws. Austrian privacy non-profit group None of Your Business (noyb) has filed complaints accusing companies like TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi of violating data protection regulations in the European Union by unlawfully transferring users’ data to China. noyb filed GDPR complaints against the above companies for unlawful
Security Boulevard
JANUARY 17, 2025
As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations. The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard.
BH Consulting
JANUARY 17, 2025
Today the Digital Operational Resilience Act (DORA) becomes binding across the EU, aiming to strengthen financial entities stability and security. Arguably, its never been more needed than now. According to SailPoint, the financial industry was the most targeted sector for data breaches in 2024. Close to 65 per cent of financial organisations said they experienced a ransomware incident, up from 34 per cent in 2021.
Security Boulevard
JANUARY 17, 2025
While cloud adoption continues to drive digital transformation, the shift to the cloud introduces critical security challenges that organizations must address. The post Security Concerns Complicate Multi-Cloud Adoption Strategies appeared first on Security Boulevard.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Zero Day
JANUARY 17, 2025
ChatGPT tasks offers AI prompt scheduling and automation, but what happens when things go wrong?
Security Boulevard
JANUARY 17, 2025
Cohesity has extended its Cyber Event Response Team (CERT) service to include third-party providers of incident response platforms, including Palo Alto Networks Unit 42, Arctic Wolf, Sophos, Fenix24 and Semperis. The post Cohesity Extends Services Reach to Incident Response Platforms appeared first on Security Boulevard.
Zero Day
JANUARY 17, 2025
If you're wondering which apps take priority on your new Linux machine, these 10 will help you get the most out of the OS.
Security Boulevard
JANUARY 17, 2025
AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats Artificial Intelligence (AI) is revolutionizing the cybersecurity landscape, offering advanced tools to predict, detect, and respond to threats with unprecedented speed and accuracy.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
The Hacker News
JANUARY 17, 2025
Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December.
Anton on Security
JANUARY 17, 2025
image by Meta.AI lampooning humanless SOC My former colleagues have written several serious pieces of research about why a SOC without humans will never happen ( Predict 2025: There Will Never Be an Autonomous SOC , The Autonomous SOC Is A Pipe Dream , Stop Trying To Take Humans Out Of Security Operations ). But I wanted to write a funny companion to this called How to Talk to Idiots Who Believe in Humanless SOC.
The Hacker News
JANUARY 17, 2025
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S.
Zero Day
JANUARY 17, 2025
If you have an aging computer and want to repurpose it, these lightweight Linux distributions will serve you for years to come.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Security Boulevard
JANUARY 17, 2025
Cyber threats are becoming more sophisticated and persistent, safeguarding sensitive data is paramount for businesses. From ransomware attacks to data breaches, organizations face constant threats that can compromise their operations and reputation. A network security audit serves as a critical safeguard, enabling businesses to identify vulnerabilities, strengthen defenses, and ensure data protection.
Zero Day
JANUARY 17, 2025
The OnePlus 13R undercuts the competition by hundreds of dollars, leveraging the same winning formula from the OnePlus 12R to help it stand out.
The Hacker News
JANUARY 17, 2025
Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report.
Zero Day
JANUARY 17, 2025
The Asus RT-BE86U is loaded with security tools, letting you enjoy the next generation of high-speed internet safely.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Hacker News
JANUARY 17, 2025
Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis.
Zero Day
JANUARY 17, 2025
The OnePlus 13R undercuts the competition by hundreds of dollars while offering a display and performance package that's easy to appreciate.
The Hacker News
JANUARY 17, 2025
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions.
Zero Day
JANUARY 17, 2025
The expansion of Samsung's device protection program means you won't pay anything (extra) to fix a cracked screen.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
The Hacker News
JANUARY 17, 2025
Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD.
Zero Day
JANUARY 17, 2025
There may even be AI 'layoffs' as programs are replaced by more highly capable versions.
CompTIA on Cybersecurity
JANUARY 17, 2025
Kickstart your cybersecurity career with CompTIA Security+. Explore the top 5 reasons why this certification is a must-have for IT professionals.
Zero Day
JANUARY 17, 2025
Your staff will take matters into their own hands if you don't take a tight grip on generative AI. Here's how to wrestle back control.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
284 
Let's personalize your content