Schneier on Security

FEBRUARY 20, 2025

Scary research : “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.

306

306

Adam Shostack

FEBRUARY 18, 2025

Adam was on the CyberTuesday podcast I recently had the pleasure of joining Simon Whittaker on the CyberTuesday podcast for a wide-ranging discussion about threat modeling and organizational culture. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible. If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhel

130

130

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. The advisory, part of the #StopRansomware campaign, outlines the attack methods, technical details, and mitigation strategies needed to defend against this persistent ransomware strain.

Ransomware 112

Ransomware IoT Encryption Social Engineering 112

Security Affairs

FEBRUARY 20, 2025

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges under certain conditions. “A vulnerability h

Authentication 117

Authentication Software Hacking Information Security 117

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

Schneier on Security

FEBRUARY 21, 2025

Interesting research: “ How to Securely Implement Cryptography in Deep Neural Networks.” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output).

Encryption 245

Encryption 245

Adam Shostack

FEBRUARY 20, 2025

Adam was on the Medical Device Cybersecurity podcast Im excited to share that I recently spoke with the Cyber Doctor on the Medical Device Cybersecurity podcast! Whether youre an engineer, security professional, or product leader, this discussion may help you refine your approach to building secure systems efficiently. In the episode, we tackled three key qualities of threat modeling: how to make application design actionable, scalable, and practical.

Cybersecurity 130

Cybersecurity Engineering 130

Security Affairs

FEBRUARY 19, 2025

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.

Authentication 121

Authentication System Administration DNS Hacking 121

Schneier on Security

FEBRUARY 19, 2025

This isn’t new, but it’s increasingly popular : The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user nam

Phishing 231

Phishing Authentication Accountability Passwords 231

Penetration Testing

FEBRUARY 19, 2025

A vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) has been patched by Microsoft as part of its The post CVE-2025-21420: Windows Disk Cleanup Tool Flaw Exploited to Gain SYSTEM Privileges, PoC Released appeared first on Cybersecurity News.

Cybersecurity 128

Cybersecurity 128

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of info stealers, which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners.

Malware 133

Malware Software Passwords Cryptocurrency 133

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and various industries across multiple regions since August 2024.

Phishing 113

Phishing Authentication Telecommunications Accountability 113

Schneier on Security

FEBRUARY 18, 2025

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.

276

276

The Last Watchdog

FEBRUARY 19, 2025

Cary, NC, Feb. 19, 2025, CyberNewswire — 2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas. At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids.

Marketing 130

Marketing Technology Cybersecurity Data breaches 130

Malwarebytes

FEBRUARY 18, 2025

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had gone bankrupt. Under Dutch law, storage media with medical data must be professionally erased with certification.

Marketing 117

Marketing Software Firmware Manufacturing 117

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

FEBRUARY 15, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Spyware 106

Spyware DDOS Hacking Authentication 106

SecureList

FEBRUARY 18, 2025

Introduction On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwideincluding in Russia, Brazil, Germany, Belarus and Kazakhstanby spreading trojanized versions of popular games via torrent sit

Malware 96

Malware Encryption Software Technology 96

SecureWorld News

FEBRUARY 17, 2025

Cybersecurity governance has undergone a dramatic transformation over the past few decades. From its early days, where security was an afterthought to business operations, to the present, where it has become a board-level discussion, governance has had to adapt to an ever-evolving digital landscape. We have moved beyond traditional compliance-driven security models to risk-based approaches, integrating cybersecurity into enterprise risk management (ERM) frameworks.

Government 84

Government Cybersecurity Risk CISO 84

eSecurity Planet

FEBRUARY 18, 2025

Dream, an AI cybersecurity startup, has raised $100 million in a Series B funding round led by Bain Capital Ventures to bolster its mission of defending nations and critical infrastructure from cyber threats. Other investors include Group 11, Tru Arrow, Tau Capital, and Aleph, pushing Dreams valuation to $1.1 billion. Sophisticated cyber-attacks on our critical infrastructure are increasing in both prevalence and complexity,” Sebastian Kurz, co-founder and president of Dream, said in a pre

Cybersecurity 95

Cybersecurity Cyber threats Government Data privacy 95

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

FEBRUARY 19, 2025

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474 , to compromise PAN-OS firewalls. The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, an authenticated attacker with network access to the management web interface could exploit the flaw

Firewall 105

Firewall Authentication Architecture Internet 105

SecureList

FEBRUARY 20, 2025

Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky’s SOC team. It sheds light on the most prevalent attacker tactics, techniques, and tools, as well as the characteristics of identified incidents and their distribution across regions and industry sectors among MDR customers.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

Security Boulevard

FEBRUARY 19, 2025

Challenging the status quo and advocates for inside-out security, placing data at the heart of the strategy from the very beginning, rather than securing it last. The post From Defense to Offense: Inside-Out Data Security Strategies for CISOs in 2025 appeared first on Security Boulevard.

CISO 100

CISO Encryption Cybersecurity 100

Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tacticencrypting data while stealing sensitive informationto pressure victims with the threat of public exposure.

Ransomware 83

Ransomware Malware Risk Accountability 83

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Security Affairs

FEBRUARY 15, 2025

Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, inPalo Alto Networks PAN-OS firewalls. Researchers warn that threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. The Shadowserver Foundation researchers observed several CVE-2025-0108 attempts since 4 am UTC 2024-02-13 in their honeypots.

Firewall 101

Firewall Authentication Architecture Risk 101

SecureList

FEBRUARY 21, 2025

Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before , so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted , with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors.

Phishing 89

Phishing Encryption Banking Malware 89

Webroot

FEBRUARY 21, 2025

Nearly every aspect of life is connected to the internet, so protecting your devices, identity, and privacy has never been more critical. Cyber threats are no longer just the occasional virus or suspicious email. Phishing scams, ransomware attacks, data breaches, and identity theft are part of a growing list of online dangers that are a daily reality.

Antivirus 84

Antivirus Identity Theft Cyber threats Phishing 84

Security Boulevard

FEBRUARY 17, 2025

Each IT and security team has its function, but unless they row in unison aligning on strategy, focus and execution the organization will flounder. The post Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration appeared first on Security Boulevard.

Security Awareness 99

Security Awareness Risk Cybersecurity 99

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 20, 2025

NailaoLocker ransomware is a new threat that targeted European healthcare organizations from June to October 2024. Orange Cyberdefense CERT uncovered a malware campaign, tracked as The Green Nailao campaign, that targeted European organizations, including healthcare, in late 2024, using ShadowPad , PlugX , and the previously undocumented NailaoLocker ransomware.

Healthcare 84

Healthcare Ransomware VPN Malware 84

Schneier on Security

FEBRUARY 17, 2025

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

Surveillance 218

Surveillance Technology 218

SecureWorld News

FEBRUARY 20, 2025

Microsoft's recent announcement of the Majorana 1 chip marks a significant leap toward scalable quantum computing, potentially accelerating the timeline for a commercially viable quantum computer. Unlike previous quantum architectures that rely on fragile qubits prone to errors, Majorana 1 introduces topological qubits, leveraging a new class of materialdubbed topoconductorsto create a more stable and scalable system.

Encryption 83

Encryption Energy and Utilities Government Architecture 83

Security Boulevard

FEBRUARY 19, 2025

Cybercrime-as-a-Service (CaaS) now accounts for 57% of all cyberthreats, marking a 17% increase from the first half of 2024, according to Darktraces Annual Threat Report. The post CaaS Surges in 2025, Along With RATs, Ransomware appeared first on Security Boulevard.

Ransomware 104

Ransomware Cybercrime Threat Reports Accountability 104

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!