Fri.Jan 17, 2025

article thumbnail

Social Engineering to Disable iMessage Protections

Schneier on Security

I am always interested in new phishing tricks, and watching them spread across the ecosystem. A few days ago I started getting phishing SMS messages with a new twist. They were standard messages about delayed packages or somesuch, with the goal of getting me to click on a link and entering some personal information into a website. But because they came from unknown phone numbers, the links did not work.

article thumbnail

WhatsApp spear phishing campaign uses QR codes to add device

Malwarebytes

A cybercriminal campaign linked to Russia is deploying QR codes to access the WhatsApp accounts of high-profile targets like journalists, members of think tanks, and employees of non-governmental organizations (NGOs), according to new details revealed by Microsoft. The group, which Microsoft tracks by the name “Star Blizzard,” is also referred to as Coldriver by other researchers.

Phishing 139
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

ESET detailed a flaw that could allow a bypass of the Secure Boot in UEFI systems

Security Affairs

Researchers detailed a now-patched vulnerability that could allow a bypass of the Secure Boot mechanism in UEFI systems. ESET disclosed details of a now-patched vulnerability, tracked as CVE-2024-7344 (CVSS score: 6.7), that could allow a bypass of the Secure Boot mechanism in UEFI systems. The Unified Extensible Firmware Interface (UEFI) is a specification that defines a software interface between an operating system and platform firmware.

Firmware 110
article thumbnail

Cybersecurity Breaches Degrade Consumer Trust, but Apathy Rises

Security Boulevard

Most consumers are still unaware of their own role in cybersecurity incidents and continue to place primary blame on external bad actors. The post Cybersecurity Breaches Degrade Consumer Trust, but Apathy Rises appeared first on Security Boulevard.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

U.S. CISA adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Aviatrix Controllers vulnerability to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a critical Aviatrix Controllers OS Command Injection vulnerability, tracked as CVE-2024-50603 (CVSS score of 10) to its Known Exploited Vulnerabilities (KEV) catalog.

article thumbnail

How Much of Your Business is Exposed on the Dark Web? 

Security Boulevard

The dark web is a thriving underground market where stolen data and corporate vulnerabilities are openly traded. This hidden economy poses a direct and growing threat to businesses worldwide. Recent breaches highlight the danger. The post How Much of Your Business is Exposed on the Dark Web? appeared first on Security Boulevard.

Marketing 118

LifeWorks

More Trending

article thumbnail

California Wildfires Spark Phishing Scams Exploiting Chaos

Security Boulevard

As Southern California continues to battle devastating wildfires, cybercriminals have seized the opportunity to exploit the chaos, targeting vulnerable individuals and organizations. The post California Wildfires Spark Phishing Scams Exploiting Chaos appeared first on Security Boulevard.

Scams 108
article thumbnail

DORA arrives: Here’s what you need to know

BH Consulting

Today the Digital Operational Resilience Act (DORA) becomes binding across the EU, aiming to strengthen financial entities stability and security. Arguably, its never been more needed than now. According to SailPoint, the financial industry was the most targeted sector for data breaches in 2024. Close to 65 per cent of financial organisations said they experienced a ransomware incident, up from 34 per cent in 2021.

Risk 69
article thumbnail

Security Concerns Complicate Multi-Cloud Adoption Strategies

Security Boulevard

While cloud adoption continues to drive digital transformation, the shift to the cloud introduces critical security challenges that organizations must address. The post Security Concerns Complicate Multi-Cloud Adoption Strategies appeared first on Security Boulevard.

article thumbnail

I spent hours testing ChatGPT Tasks - and its refusal to follow directions was mildly terrifying

Zero Day

ChatGPT tasks offers AI prompt scheduling and automation, but what happens when things go wrong?

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

Cohesity Extends Services Reach to Incident Response Platforms

Security Boulevard

Cohesity has extended its Cyber Event Response Team (CERT) service to include third-party providers of incident response platforms, including Palo Alto Networks Unit 42, Arctic Wolf, Sophos, Fenix24 and Semperis. The post Cohesity Extends Services Reach to Incident Response Platforms appeared first on Security Boulevard.

article thumbnail

New 'Sneaky 2FA' Phishing Kit Targets Microsoft 365 Accounts with 2FA Code Bypass

The Hacker News

Cybersecurity researchers have detailed a new adversary-in-the-middle (AitM) phishing kit that's capable of Microsoft 365 accounts with an aim to steal credentials and two-factor authentication (2FA) codes since at least October 2024. The nascent phishing kit has been dubbed Sneaky 2FA by French cybersecurity company Sekoia, which detected it in the wild in December.

Phishing 137
article thumbnail

AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats

Security Boulevard

AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats AI in Cybersecurity: Leveraging Generative AI and AI Agents to Stay Ahead of Threats Artificial Intelligence (AI) is revolutionizing the cybersecurity landscape, offering advanced tools to predict, detect, and respond to threats with unprecedented speed and accuracy.

article thumbnail

10 Linux apps I install on every new machine (and why you should, too)

Zero Day

If you're wondering which apps take priority on your new Linux machine, these 10 will help you get the most out of the OS.

135
135
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

U.S. Sanctions Chinese Cybersecurity Firm Over Treasury Hack Tied to Silk Typhoon

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has imposed sanctions against a Chinese cybersecurity company and a Shanghai-based cyber actor for their alleged links to the Salt Typhoon group and the recent compromise of the federal agency. "People's Republic of China-linked (PRC) malicious cyber actors continue to target U.S.

article thumbnail

A Brief Guide for Dealing with ‘Humanless SOC’ Idiots

Anton on Security

image by Meta.AI lampooning humanless SOC My former colleagues have written several serious pieces of research about why a SOC without humans will never happen ( Predict 2025: There Will Never Be an Autonomous SOC , The Autonomous SOC Is A Pipe Dream , Stop Trying To Take Humans Out Of Security Operations ). But I wanted to write a funny companion to this called How to Talk to Idiots Who Believe in Humanless SOC.

article thumbnail

5 lightweight Linux distributions that will bring your old PC back to life

Zero Day

If you have an aging computer and want to repurpose it, these lightweight Linux distributions will serve you for years to come.

126
126
article thumbnail

What is a Network Security Audit and How It Ensures Your Data Stays Safe?

Security Boulevard

Cyber threats are becoming more sophisticated and persistent, safeguarding sensitive data is paramount for businesses. From ransomware attacks to data breaches, organizations face constant threats that can compromise their operations and reputation. A network security audit serves as a critical safeguard, enabling businesses to identify vulnerabilities, strengthen defenses, and ensure data protection.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Why the OnePlus 13R is the best-value Android phone you can buy right now

Zero Day

The OnePlus 13R undercuts the competition by hundreds of dollars, leveraging the same winning formula from the OnePlus 12R to help it stand out.

124
124
article thumbnail

Critical Flaws in WGS-804HPT Switches Enable RCE and Network Exploitation

The Hacker News

Cybersecurity researchers have disclosed three security flaws in Planet Technology's WGS-804HPT industrial switches that could be chained to achieve pre-authentication remote code execution on susceptible devices. "These switches are widely used in building and home automation systems for a variety of networking applications," Claroty's Tomer Goldschmidt said in a Thursday report.

article thumbnail

Upgrading to Wi-Fi 7? This new router gave me fast speeds, is easy to use, and highly secure

Zero Day

The Asus RT-BE86U is loaded with security tools, letting you enjoy the next generation of high-speed internet safely.

Internet 119
article thumbnail

Python-Based Bots Exploiting PHP Servers Fuel Gambling Platform Proliferation

The Hacker News

Cybersecurity researchers have exposed a new campaign that targets web servers running PHP-based applications to promote gambling platforms in Indonesia. "Over the past two months, a significant volume of attacks from Python-based bots has been observed, suggesting a coordinated effort to exploit thousands of web apps," Imperva researcher Daniel Johnston said in an analysis.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

This $600 OnePlus phone has made it very difficult for me to recommend pricier flagships

Zero Day

The OnePlus 13R undercuts the competition by hundreds of dollars while offering a display and performance package that's easy to appreciate.

119
119
article thumbnail

U.S. Sanctions North Korean IT Worker Network Supporting WMD Programs

The Hacker News

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) sanctioned two individuals and four entities for their alleged involvement in illicit revenue generation schemes for the Democratic People's Republic of Korea (DPRK) by dispatching IT workers around the world to obtain employment and draw a steady source of income for the regime in violation of international sanctions.

112
112
article thumbnail

Samsung Care+ includes free same-day screen repairs for Galaxy devices now

Zero Day

The expansion of Samsung's device protection program means you won't pay anything (extra) to fix a cracked screen.

111
111
article thumbnail

How to Bring Zero Trust to Wi-Fi Security with a Cloud-based Captive Portal?

The Hacker News

Recent data breaches have highlighted the critical need to improve guest Wi-Fi infrastructure security in modern business environments. Organizations face increasing pressure to protect their networks while providing convenient access to visitors, contractors, temporary staff, and employees with BYOD.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Managing AI agents as employees is the challenge of 2025, says Goldman Sachs CIO

Zero Day

There may even be AI 'layoffs' as programs are replaced by more highly capable versions.

111
111
article thumbnail

The FCC’s Jessica Rosenworcel Isn’t Leaving Without a Fight

WIRED Threat Level

As the US faces the worst telecommunications hack in our nations history, by Chinas Salt Typhoon hackers, the outgoing FCC chair is determined to bolster network security if its the last thing she does.

article thumbnail

Why the 'Bring Your Own AI' trend could mean big trouble for business leaders

Zero Day

Your staff will take matters into their own hands if you don't take a tight grip on generative AI. Here's how to wrestle back control.

108
108
article thumbnail

5 Reasons to Start a Cybersecurity Career with Security+

CompTIA on Cybersecurity

Kickstart your cybersecurity career with CompTIA Security+. Explore the top 5 reasons why this certification is a must-have for IT professionals.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!