Mon.Feb 03, 2025

article thumbnail

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Schneier on Security

This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.” It is not clear who was behind the attack.

Spyware 261
article thumbnail

Microsoft Will Remove the Free VPN That Comes With Windows Defender Soon

Tech Republic Security

The feature will no longer be available starting Feb. 28. Microsoft wants to focus on new areas that will better align to customer needs.

VPN 156
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

OTC hearing aid eyeglasses available soon in US following FDA approval

Zero Day

Nuance Audio showcased its glasses with built-in hearing aids at CES 2025. Now that the product is FDA-approved, it will be available in the US in the coming months.

132
132
article thumbnail

Microsoft Patches Critical Azure AI Face Service Vulnerability with CVSS 9.9 Score

The Hacker News

Microsoft has released patches to address two Critical-rated security flaws impacting Azure AI Face Service and Microsoft Account that could allow a malicious actor to escalate their privileges under certain conditions. The flaws are listed below - CVE-2025-21396 (CVSS score: 7.5) - Microsoft Account Elevation of Privilege Vulnerability CVE-2025-21415 (CVSS score: 9.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

I thought a privacy screen protector was a great idea - then I put one on my Galaxy S25 Ultra

Zero Day

The added security is admirable, but the unexpected drawbacks aren't.

131
131
article thumbnail

Google fixed actively exploited kernel zero-day flaw

Security Affairs

The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” reads Google’s bulletin.

Media 112

More Trending

article thumbnail

Coyote Malware Expands Reach: Now Targets 1,030 Sites and 73 Financial Institutions

The Hacker News

Brazilian Windows users are the target of a campaign that delivers a banking malware known as Coyote. "Once deployed, the Coyote Banking Trojan can carry out various malicious activities, including keylogging, capturing screenshots, and displaying phishing overlays to steal sensitive credentials," Fortinet FortiGuard Labs researcher Cara Lin said in an analysis published last week.

Malware 127
article thumbnail

CVE-2025-0411: Ukrainian Organizations Targeted in Zero-Day Campaign and Homoglyph Attacks

Trend Micro

The ZDI team offers an analysis on how CVE-2025-0411, a zero-day vulnerability in 7-Zip, was actively exploited to target Ukrainian organizations in a SmokeLoader campaign involving homoglyph attacks.

125
125
article thumbnail

Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104

The Hacker News

Google has shipped patches to address 47 security flaws in its Android operating system, including one it said has come under active exploitation in the wild. The vulnerability in question is CVE-2024-53104 (CVSS score: 7.8), which has been described as a case of privilege escalation in a kernel component known as the USB Video Class (UVC) driver.

126
126
article thumbnail

Elon Musk ’s DOGE team granted ‘full access’ to sensitive Treasury systems. What are the risks?

Security Affairs

US Sen. Ron Wyden warns of national security risks after Elon Musk s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system. Sen. Ron Wyden stated that Treasury Secretary Scott Bessent granted Elon Musks team, DOGE, access to the sensitive Treasury system.

Risk 114
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

768 CVEs Exploited in 2024, Reflecting a 20% Increase from 639 in 2023

The Hacker News

As many as 768 vulnerabilities with designated CVE identifiers were reported as exploited in the wild in 2024, up from 639 CVEs in 2023, registering a 20% increase year-over-year. Describing 2024 as "another banner year for threat actors targeting the exploitation of vulnerabilities," VulnCheck said 23.

123
123
article thumbnail

WhatsApp says Paragon is spying on specific users

Malwarebytes

WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other members of civil society were targets of a spyware campaign conducted by the Israeli spyware company. “Members of civil society” usually refers to individuals and organizations that operate independently from government and business sectors, often th

Spyware 121
article thumbnail

The Linux tool you forgot about: How Synaptic makes software installation a breeze

Zero Day

With so many ways to install software on Linux, should you turn to an old-school GUI for the task?

Software 119
article thumbnail

Canadian Man Stole $65 Million in Crypto in Two Platform Hacks, DOJ Says

Security Boulevard

A 22-year-old Canadian man is indicted by the U.S. DOJ for using borrowed cryptocurrency and exploiting vulnerabilities on the KyberSwap and Indexed Finance DeFi platforms to steal $65 million in digital assets in two schemes between 2021 and 2023. The post Canadian Man Stole $65 Million in Crypto in Two Platform Hacks, DOJ Says appeared first on Security Boulevard.

Hacking 117
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Microsoft SharePoint Connector Flaw Could've Enabled Credential Theft Across Power Platform

The Hacker News

Cybersecurity researchers have disclosed details of a now-patched vulnerability impacting the Microsoft SharePoint connector on Power Platform that, if successfully exploited, could allow threat actors to harvest a user's credentials and stage follow-on attacks.

article thumbnail

DOJ, Allies Seize Cybercrime Forums Affecting 17 Million-Plus Americans

Security Boulevard

Investigators from the United States and other countries seized and shut down two online cybercriminal marketplaces, Cracked and Nulled, that they said affected more than 17 million Americans by selling hacking tools and stolen information to bad actors. The post DOJ, Allies Seize Cybercrime Forums Affecting 17 Million-Plus Americans appeared first on Security Boulevard.

article thumbnail

PyPI Introduces Archival Status to Alert Users About Unmaintained Python Packages

The Hacker News

The maintainers of the Python Package Index (PyPI) registry have announced a new feature that allows package developers to archive a project as part of efforts to improve supply chain security. "Maintainers can now archive a project to let users know that the project is not expected to receive any more updates," Facundo Tuesca, senior engineer at Trail of Bits, said.

article thumbnail

How I turned traditional Ubuntu Mate into a modern, minimal desktop - and you can too

Zero Day

Ubuntu Mate 24.10 is a desktop operating system that helps ease new users into the world of Linux with a fairly traditional UI that can be easily updated with built-in features.

111
111
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Orca Security Adds Additional CNAPP Deployment Options

Security Boulevard

Orca Security has extended the reach of its agentless cloud native application protection platform (CNAPP) to include multiple options that eliminate the need to aggregate data in a software-as-service (SaaS) platform. Cybersecurity teams can now take advantage of a hybrid cloud computing through which metadata is processed using the Orca Security Cloud Platform as a.

Software 121
article thumbnail

This cheap USB power meter is shockingly accurate - and I highly recommend it

Zero Day

I never thought that a $12 gadget could rival tools that cost 10 or 20 times as much. But the TKXEC USB-C power meter is accurate, reliable, and affordable.

111
111
article thumbnail

âš¡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [27 February]

The Hacker News

This week, our news radar shows that every new tech idea comes with its own challenges. A hot AI tool is under close watch, law enforcement is shutting down online spots that help cybercriminals, and teams are busy fixing software bugs that could let attackers in. From better locks on our devices to stopping sneaky tricks online, simple steps are making a big difference.

article thumbnail

How many Windows 10 PCs are still in use? No one knows, but they try to tell you anyway

Zero Day

It's time for another round of Statcounter stories: Windows 10 is less popular! Windows 11 regains its mojo! Or is it the other way around? None of that is true, and I got the receipts to prove it.

110
110
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Time Bandit: ChatGPT-4o Jailbreak Vulnerability

Penetration Testing

A newly disclosed vulnerability, dubbed “Time Bandit,” has been discovered in ChatGPT-4o, allowing attackers to bypass safety restrictions The post Time Bandit: ChatGPT-4o Jailbreak Vulnerability appeared first on Cybersecurity News.

article thumbnail

Red Hat's take on open-source AI: Pragmatism over utopian dreams

Zero Day

The Linux giant envisions AI development that mirrors open-source software's collaborative ethos. That won't be easy.

Software 108
article thumbnail

Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code

Penetration Testing

A newly disclosed elevation of privilege vulnerability (CVE-2025-21293) in Active Directory Domain Services (AD DS) has been patched The post Privilege Escalation in Active Directory Domain Services: CVE-2025-21293 Exploit Revealed with PoC Code appeared first on Cybersecurity News.

article thumbnail

The US Copyright Office's new ruling on AI art is here - and it could change everything

Zero Day

Does using AI make you less of an artist? The US Copyright Office has weighed in on the debate. Its ruling could reshape copyright law as we know it.

104
104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Under Pressure: Why Companies Must Mitigate the Churn of Cybersecurity Leaders  

Security Boulevard

More needs to be done to prevent the cycle of burnout and churn which affects leaders, their teams and the overall security of the organization. The post Under Pressure: Why Companies Must Mitigate the Churn of Cybersecurity Leaders appeared first on Security Boulevard.

article thumbnail

These xMEMs earbuds deliver deliciously smooth sound at an affordable price point

Zero Day

Creative's Aurvana Ace Mimi earbuds deliver surprisingly great sound quality and support low-energy audio to extend battery life.

104
104
article thumbnail

DORA Compliance Must be a Top Priority for US Financial Institutions

Security Boulevard

In an era where digital resilience determines market survival, the European Union's Digital Operational Resilience Act (DORA) has emerged as a global benchmark for financial sector cybersecurity. The post DORA Compliance Must be a Top Priority for US Financial Institutions appeared first on Security Boulevard.

Marketing 106
article thumbnail

Web Skimmer found on at least 17 websites, including Casio UK

Security Affairs

Casio Website Infected With Skimmer A threat actor has installed a web skimmer on all pages of the Casio UKs website, except the checkout page. Jscrambler researchers uncovered a web skimmer campaign targeting multiple websites, including Casio one (casio.co.uk). The experts confirmed that at least 17 victim sites have been compromised, though the number may grow as the investigation continues.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.