Sat.Nov 30, 2024 - Fri.Dec 06, 2024

article thumbnail

Top 5 Cyber Security Trends for 2025

Tech Republic Security

TechRepublic asked cyber experts to predict the top trends that will impact the security field in 2025.

article thumbnail

Over 600,000 Personal Records Exposed by Data Broker

Tech Republic Security

The exposed database creates opportunities for staging convincing phishing and social engineering attacks, among other issues.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Details about the iOS Inactivity Reboot Feature

Schneier on Security

I recently wrote about the new iOS feature that forces an iPhone to reboot after it’s been inactive for a longish period of time. Here are the technical details , discovered through reverse engineering. The feature triggers after seventy-two hours of inactivity, even it is remains connected to Wi-Fi.

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses

The Hacker News

Cybersecurity researchers have called attention to a novel phishing campaign that leverages corrupted Microsoft Office documents and ZIP archives as a way to bypass email defenses. "The ongoing attack evades #antivirus software, prevents uploads to sandboxes, and bypasses Outlook's spam filters, allowing the malicious emails to reach your inbox," ANY.RUN said in a series of posts on X.

Antivirus 136
article thumbnail

Burnout in SOCs: How AI Can Help Analysts Focus on High-Value Tasks

Security Affairs

SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses. Security Operations Center (SOC) analyst burnout is a very real problem. These are some of the most important cybersecurity professionals out there, and many of them are being worked to exhaustion.

LifeWorks

More Trending

article thumbnail

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

article thumbnail

Americans urged to use encrypted messaging after large, ongoing cyberattack

Malwarebytes

A years-long infiltration into the systems of eight telecom giants, including AT&T and Verizon, allowed a state sponsored actor to steal vast amounts of data on where, when and who individuals have been communicating with. Speaking to Reuters , a senior US official said the attack telecommunications infrastructure was broad and that the hacking was still ongoing.

article thumbnail

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Security Affairs

Romania ‘s election systems suffered over 85,000 attacks, with leaked credentials posted on a Russian hacker forum before the presidential election. Romania ‘s Intelligence Service revealed that over 85,000 cyberattacks targeted the country’s election systems. Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days before the presidential election. “The intelligence service also said access dat

article thumbnail

News alert: Sweet Security releases its evolutionary Cloud Native Detection and Response platform

The Last Watchdog

Tel Aviv, Israel, Dec. 3, 2024, CyberNewswire — With Sweet, customers can now unify detection and response for applications, workloads, and cloud infrastructure Sweet Security today announced the release of its unified Cloud Native Detection and Response platform, designed to transform the way organizations protect their cloud environments in real time.

CISO 130
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC

Penetration Testing

Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News.

Backups 137
article thumbnail

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Malwarebytes

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers including some household family names. But the way its solution is set up introduces an extra link in the chain in the flow of personally identifiable information (PII) from the customer to the company

article thumbnail

How threat actors can use generative artificial intelligence?

Security Affairs

Generative Artificial Intelligence (GAI) is rapidly revolutionizing various industries, including cybersecurity, allowing the creation of realistic and personalized content. The capabilities that make Generative Artificial Intelligence a powerful tool for progress also make it a significant threat in the cyber domain. The use of GAI by malicious actors is becoming increasingly common, enabling them to conduct a wide range of cyberattacks.

article thumbnail

News alert: One Identity wins 2024 Cyber Defense Award: Hot Company – PAM category

The Last Watchdog

Alisa Viejo, Calif., Dec. 5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Logan We are deeply honored to be recognized amongst the winners of the 12th annual Cyber Defense Awards at CyberDefenseCon 2024, said Mark Logan, CEO of One Identity.

InfoSec 130
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

MasterCard Buys Recorded Future for $2.6B: What It Means for AI Cybersecurity

SecureWorld News

MasterCard's September 2024 acquisition of Recorded Future for $2.65 billion signals a significant shift in how global financial institutions are approaching cybersecurity. Not too long ago, these institutions had a reputation for outdated, inefficient, and worryingly vulnerable systems. So, what changed? Recorded Future is well-regarded for its AI-driven threat intelligence capabilities, which leverage massive amounts of data to predict, identify, and mitigate threats before they escalate.

article thumbnail

No company too small for Phobos ransomware gang, indictment reveals

Malwarebytes

The US Department of Justice has charged a Russian national named Evgenii Ptitsyn with selling, operating, and distributing a ransomware variant known as “Phobos” during a four-year cybercriminal campaign that extorted at least $16 million from victims across the world. The government’s indictment against Ptitsyn should dispel any notion that ransomware gangs only target the largest, richest, most robust corporations on the planet, as one Phobos affiliate allegedly extorted a Maryland-based heal

article thumbnail

Hackers stole millions of dollars from Uganda Central Bank

Security Affairs

Financially-motivated threat actors hacked Uganda ‘s central bank system, government officials confirmed this week. Ugandan officials confirmed on Thursday that the national central bank suffered a security breach by financially-motivated threat actors. The police’s Criminal Investigations Department and the Auditor General are investigating the incident.

Banking 140
article thumbnail

News alert: Green Raven study shows cybersecurity to be a black hole in more ways than just budget

The Last Watchdog

Cheltenham, England, Dec. 4, 2024 –A majority of senior cybersecurity professionals at the UK’s largest organisations struggle with feelings of helplessness and professional despair, new research by Green Raven Limited indicates. These negative emotions result from practitioners’ anticipation of eventual, inevitable failure to protect their organisation.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Black Friday Triggers Near 700% Rise in Retail Cyber Scams

SecureWorld News

Darktrace today revealed a surge in retail cyberattacks at the opening of the 2024 holiday shopping season. Analysis from Darktrace's threat intelligence team using data from across the Darktrace customer fleet shows that during Black Friday week (November 25-29), attempted Christmas-themed phishing attacks leapt 327% [1] around the world, while Black Friday themed phishing attacks jumped 692% compared to the beginning of November (4-9) [2] , as bad actors seek to take advantage of consumers and

Retail 116
article thumbnail

Repeat offenders drive bulk of tech support scams via Google Ads

Malwarebytes

Of all the different kinds of malicious search ads we track, those related to customer service are by far the most common. Brands such as PayPal, eBay, Apple or Netflix are among the most coveted ones as they tend to drive a lot of online searches. Tech support scammers are leveraging Google ads to lure victims in, getting them on the phone and finally fleecing them.

Scams 135
article thumbnail

Black Basta ransomware gang hit BT Group

Security Affairs

BT Group (formerly British Telecom)’s Conferencing division shut down some of its servers following a Black Basta ransomware attack. British multinational telecommunications holding company BT Group (formerly British Telecom) announced it has shut down some of its servers following a Black Basta ransomware attack. “We identified an attempt to compromise our BT Conferencing platform.

article thumbnail

National Public Data Shuts Down Months After Massive Breach

Security Boulevard

National Public Data, the data broker whose systems were breached and 2.9 billion files holding sensitive data from 170 million this year, has shut down following the attack and after a judge dismissed parent company Jerico Pictures' bankruptcy filing. The post National Public Data Shuts Down Months After Massive Breach appeared first on Security Boulevard.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Microsoft Announces Security Update with Windows Resiliency Initiative

eSecurity Planet

Microsoft recently announced that they’re making changes to their Windows operating system to improve security and reliability. The company has introduced the Windows Resiliency Initiative, a comprehensive strategy to address critical vulnerabilities and enhance overall system integrity. These new features will be available to the Windows Insider Program community sometime in early 2025.

article thumbnail

Europol takes down criminal data hub Manson Market in busy month for law enforcement

Malwarebytes

A coordinated action between several European law enforcement agencies shut down an online marketplace called Manson Market that sold stolen data to any interested cybercriminal. What made this market attractive for cybercriminals was that they could buy data sorted by region and account balance with advanced filtering options. This allowed the criminals to carry out targeted fraud with greater efficiency.

Marketing 117
article thumbnail

15 SpyLoan Android apps found on Google Play had over 8 million installs

Security Affairs

McAfee researchers discovered 15 SpyLoan Android apps on Google Play with a combined total of over 8 million installs. 15 SpyLoan apps with a combined total of 8M+ installs were found on Google Play, targeting users in South America, Southeast Asia, and Africa. SpyLoan apps exploit social engineering to gain sensitive user data and excessive permissions, leading to extortion, harassment, and financial loss.

article thumbnail

Chinese Cyber Espionage Campaign Targeting U.S. Telecommunications

SecureWorld News

State-sponsored threat actors continue to pose significant risks to critical infrastructure worldwide. Recent disclosures from U.S. authorities and new research from Symantec's Threat Hunter Team shed light on a sophisticated, multi-pronged cyber espionage campaign targeting U.S. telecommunications networks and other organizations. On November 13, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) confirmed a broad cyber espionage campaign by China-backed hackers, identified as

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Reposition Cybersecurity From a Cost Center to a Business Driver

Security Boulevard

Repositioning cybersecurity as a business issue ensures that it receives the attention and resources it requires at the highest levels of the organization. The post Reposition Cybersecurity From a Cost Center to a Business Driver appeared first on Security Boulevard.

article thumbnail

Solana Web3.js Library Compromised in Targeted Supply Chain Attack

Penetration Testing

A sophisticated supply chain attack has been identified within the widely-used @solana/web3.js JavaScript library, potentially jeopardizing the security of numerous developers and users within the Solana ecosystem. Malicious code was injected... The post Solana Web3.js Library Compromised in Targeted Supply Chain Attack appeared first on Cybersecurity News.

article thumbnail

Tor Project needs 200 WebTunnel bridges more to bypass Russia’ censorship

Security Affairs

The Tor Project seeks help deploying 200 WebTunnel bridges by year-end to counter government censorship. Recent reports from Russia show increased censorship targeting the Tor network, including blocking bridges, pluggable transports, and circumvention apps. Russian watchdog Roskomnadzor is making some bridges inaccessible, highlighting the urgent need for more WebTunnel bridges.

article thumbnail

Russia Charges Notorious Ransomware Developer in Rare Cybercrime Case

SecureWorld News

In a surprising move related to international cybercrime, Russian authorities have charged Mikhail Matveev, also known as "Wazawaka," with creating ransomware to extort commercial organizations, according to Russian media outlet RIA. Matveev, infamous for his involvement in high-profile ransomware operations, is linked to groups such as Babuk, LockBit, Hive, and Conti.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!