Sat.Jan 18, 2025 - Fri.Jan 24, 2025

article thumbnail

AI Mistakes Are Very Different from Human Mistakes

Schneier on Security

Humans make mistakes all the time. All of us do, every day, in tasks both new and routine. Some of our mistakes are minor and some are catastrophic. Mistakes can break trust with our friends, lose the confidence of our bosses, and sometimes be the difference between life and death. Over the millennia, we have created security systems to deal with the sorts of mistakes humans commonly make.

article thumbnail

MasterCard DNS Error Went Unnoticed for Years

Krebs on Security

The payment card giant MasterCard just fixed a glaring error in its domain name server settings that could have allowed anyone to intercept or divert Internet traffic for the company by registering an unused domain name. The misconfiguration persisted for nearly five years until a security researcher spent $300 to register the domain and prevent it from being grabbed by cybercriminals.

DNS 363
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

AI-Powered Phishing: Defending Against New Browser-Based Attacks

SecureWorld News

The cybersecurity landscape has witnessed a dramatic shift with the rise of AI-powered phishing attacks. These sophisticated threats are pushing organizations to reevaluate their defense strategies, particularly in the realm of browser security. The evolution of AI-enhanced phishing Today's phishing attempts are far more sophisticated than ever before.

Phishing 115
article thumbnail

Malicious npm and PyPI target Solana Private keys to steal funds from victims’ wallets

Security Affairs

Researchers found malicious npm and PyPI packages capable of stealing and deleting sensitive data from infected systems. Socket researchers have identified multiple packages in the npm and Python Package Index (PyPI) repository designed to target Solana private keys and drain funds from victims’ wallets. The malicious npm packages allowed the threat actors to exfiltrate Solana private keys via Gmail.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA

Thales Cloud Protection & Licensing

HHS Office for Civil Rights Proposes Measures to Strengthen Cybersecurity in Health Care Under HIPAA madhav Thu, 01/23/2025 - 06:25 Data Breaches in Healthcare: Why Stronger Regulations Matter A data breach involving personal health information isnt just about stolen filesits a gut punch to trust and a serious shake-up to peoples lives. Think about it: sharing your deepest, most personal health concerns, only to have them spilled out into the world because of a cyberattack.

article thumbnail

Report Finds 50% of Scattered Spider Phishing Domains Targeted Finance & Insurance

Digital Shadows

Were thrilled to unveil our latest threat landscape report for the finance and insurance sector, offering in-depth analysis of the evolving cyber threats facing this industry. In this blog, well preview the reports highlights and give insights into social engineering campaigns leveraging impersonating domains and our predictions for the threats shaping 2025.

LifeWorks

More Trending

article thumbnail

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US governments cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers exploited four Ivanti flaws ( CVE-2024-8963 , CVE-2024-9379 , CVE-2024-8190 , CVE-2024-9380 ) to achieve remote cod

Hacking 119
article thumbnail

AI Will Write Complex Laws

Schneier on Security

Artificial intelligence (AI) is writing law today. This has required no changes in legislative procedure or the rules of legislative bodies—all it takes is one legislator, or legislative assistant, to use generative AI in the process of drafting a bill. In fact, the use of AI by legislators is only likely to become more prevalent. There are currently projects in the US House, US Senate, and legislatures around the world to trial the use of AI in various ways: searching databases, drafting

article thumbnail

How to Turn Off Read Receipts on WhatsApp Group Chat

Hacker's King

WhatsApp has become an integral communication tool for millions worldwide. One of its prominent features is the read receipt, commonly known as the blue tick. This feature informs senders when their messages have been read. While convenient, there are times when you might want to maintain your privacy and disable the blue ticksespecially in group chats.

article thumbnail

Future-Proof Your WordPress Site: Essential Plugins for 2025

IT Security Guru

The digital landscape is constantly growing and evolving. As such, some tips and tricks that worked for websites in 2023 might be obsolete in 2025. For any digital professional, remaining dedicated to top-quality practice that stands the test of time is just the start. This means staying ahead of the curve and leveraging the best tools available. When it comes to WordPress, that often means choosing the right plugins at the right time.

Backups 116
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

A 7-Zip bug allows to bypass the Mark of the Web (MotW) feature

Security Affairs

A vulnerability in the 7-Zip file software allows attackers to bypass the Mark of the Web (MotW) Windows security feature. Attackers can exploit a vulnerability, tracked as CVE-2025-0411 , in the free, open-source file archiver software 7-Zip to bypass the Mark of the Web (MotW) Windows security feature. Mark of the Web (MotW) is a security feature in Microsoft Windows that identifies files downloaded from untrusted sources, such as the internet.

Software 128
article thumbnail

7-Zip bug could allow a bypass of a Windows security feature. Update now

Malwarebytes

A patch is available for a vulnerability in 7-Zip that could have allowed attackers to bypass the Mark-of-the-Web (MotW) security feature in Windows. The MotW is an attribute added to files by Windows when they have been sourced from an untrusted location, like the internet or a restricted zone. The MotW is what triggers warnings that opening or running such files could lead to potentially dangerous behavior, including installing malware on their devices. 7-Zip added support for MotW in June 202

Internet 143
article thumbnail

OT Cybersecurity and the Evolving Role of Controls Engineers

SecureWorld News

Industrial automation and operational technology (OT) are at a critical intersection where cybersecurity is not a "nice to have" but an essential component of system design and implementation. The expectations placed on control engineers have evolved significantly due to the growth in required customer requirements, stronger cybersecurity, and increasing complexity of OT environments.

article thumbnail

Biden Signs New Cybersecurity Order

Schneier on Security

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details : The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

A flaw in the W3 Total Cache plugin exposes hundreds of thousands of WordPress sites to attacks

Security Affairs

A WordPress W3 Total Cache plugin vulnerability could allow attackers to access information from internal services, including metadata on cloud-based apps. A severe vulnerability, tracked as CVE-2024-12365 (CVSS score of 8.5) in the WordPress W3 Total Cache plugin could expose metadata from internal services and cloud apps. The WordPress W3 Total Cache plugin is a popular performance optimization tool designed to improve the speed and efficiency of WordPress websites.

article thumbnail

Your location or browsing habits could lead to price increases when buying online

Malwarebytes

Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history. The name for this method is surveillance pricing, and the FTC has just released initial findings of a report looking into that practice. In July 2024, the FTC requested information from eight companies offering surveillance pricing products and services that incorporate data about consumers characteristics and behavi

article thumbnail

Disbanding of DHS Cyber Safety Review Board a 'Gift' to China

SecureWorld News

On January 20, 2025, the Trump Administration issued a sweeping directive to terminate all memberships of advisory committees reporting to the U.S. Department of Homeland Security (DHS). Among the disbanded bodies was the Cyber Safety Review Board (CSRB), a public-private initiative established in 2022 to assess significant cybersecurity events and provide actionable recommendations.

article thumbnail

How To Recover Instagram Hacked Account Complete Guide

Hacker's King

Instagram has become essential to our lives, allowing us to share memories, connect with others, and promote businesses. However, its popularity makes it a prime target for hackers. If your Instagram account has been compromised, don't panic. Here is a comprehensive, step-by-step guide to help you recover and secure your hacked Instagram account against future attacks.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

J-magic malware campaign targets Juniper routers

Security Affairs

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a passive agent based on the cd00r variant (an open-source backdoor by fx ).

Malware 124
article thumbnail

Texas scrutinizes four more car manufacturers on privacy issues

Malwarebytes

The Texas Attorney Generals Office has started an investigation into how Ford, Hyundai, Toyota, and Fiat Chrysler collect, share, and sell consumer data, expanding an earlier probe launched last year into how modern automakers are potentially using customer driving data. We’ve addressed cars and privacy at some length on Malwarebytes Labs and came to the conclusionwith the help of many experts in the fieldthat modern cars simply aren’t very good at it.

article thumbnail

Android enhances theft protection with Identity Check and expanded features

Google Security

Posted by Jianing Sandra Guo, Product Manager, Android, Nataliya Stanetsky, Staff Program Manager, Android Today, people around the world rely on their mobile devices to help them stay connected with friends and family, manage finances, keep track of healthcare information and more all from their fingertips. But a stolen device in the wrong hands can expose sensitive data, leaving you vulnerable to identity theft, financial fraud and privacy breaches.

article thumbnail

Cybersecurity Snapshot: WEF Offers AI Security Best Practices, as DORA Regulation Places Strict Cyber Rules on Banks

Security Boulevard

Check out tips for adopting AI securely from the World Economic Forum. Plus, the EUs DORA cyber rules for banks go into effect. Meanwhile, a report warns about overprivileged cloud accounts. And get the latest on ransomware trends; CIS Benchmarks; and data privacy. Dive into six things that are top of mind for the week ending Jan. 24. 1 - WEF: Best practices to adopt AI securely As businesses scramble to adopt artificial intelligence to boost their competitiveness, theyre also grappling with how

Banking 68
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Two ransomware groups abuse Microsoft’s Office 365 platform to gain access to target organizations

Security Affairs

Two ransomware groups exploiting Microsoft 365 services and default settings to target internal enterprise users. Sophos researchers started investigating two distinct clusters of activity, tracked as STAC5143 and STAC5777, in response to customer ransomware attacks in November and December 2024. Threat actors used their own Microsoft 365 tenants and exploited a default Teams setting allowing external users to contact internal users for attacks.

article thumbnail

AI tool GeoSpy analyzes images and identifies locations in seconds

Malwarebytes

It’s just become even more important to be conscious about the pictures we post online. GeoSpy is an Artificial Intelligence (AI) supported tool that can derive a persons location by analyzing features in a photo like vegetation, buildings, and other landmarks. And it can do so in seconds based on one picture. Graylark Technologies who makes GeoSpy says its been developed for government and law enforcement.

article thumbnail

Information Security Manual (ISM)

Centraleyes

What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive data protection is critical.

article thumbnail

Privacy Roundup: Week 3 of Year 2025

Security Boulevard

This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 - 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and la

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Planet WGS-804HPT Industrial Switch flaws could be chained to achieve remote code execution

Security Affairs

Critical flaws in WGS-804HPT switches could be chained to gain remote code execution on Planet Technology’s industrial devices. The Planet WGS-804HPT industrial switch is used in building and home automation networks to provide connectivity of Internet of things (IoT) devices, IP surveillance cameras, and wireless LAN network applications. This switch family is equipped with a web service and SNMP management interface.

article thumbnail

You Can't Trust Hackers, and Other Data Breach Verification Tales

Troy Hunt

It's hard to find a good criminal these days. I mean a really trustworthy one you can be confident won't lead you up the garden path with false promises of data breaches. Like this guy yesterday: For my international friends, JB Hi-Fi is a massive electronics retailer down under and they have my data! I mean by design because I've bought a bunch of stuff from them, so I was curious not just about my own data but because a breach of 12 million plus people would be massive in a coun

article thumbnail

CIA Director Nominee Calls for Offensive Cyber in Deterrence Strategy

SecureWorld News

During his Senate Intelligence Committee confirmation hearing, CIA Director nominee John Ratcliffe strongly argued for ramping up the United States' offensive cyber capabilities. His testimony underscored the need for a robust cyber deterrence strategy to counter the growing number of high-profile cyberattacks from nation-state adversaries. Ratcliffe, a former Director of National Intelligence and Congressman from Texas, likened cyber threats to traditional territorial incursions.

article thumbnail

Continuous Monitoring Guide: FedRAMP Meets Zero Trust

Security Boulevard

Security isnt something you implement once and leave alone. Its a mindset, an operation, and an ongoing policy. Security frameworks like FedRAMP require a process called continuous monitoring in order to remain valid. The world of information threats is constantly evolving. Technology grows, changes, and improves, but with those changes come new vectors for intrusion, [] The post Continuous Monitoring Guide: FedRAMP Meets Zero Trust appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!