Tech Republic Security

JANUARY 6, 2025

Explore the fastest VPNs for secure, high-speed browsing. Discover VPN services that protect your data and ensure smooth streaming and safe internet access.

VPN 174

VPN Internet Internet 174

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Phishing 336

Phishing Cryptocurrency Accountability Social Engineering 336

Schneier on Security

JANUARY 10, 2025

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

Data collection 318

Data collection Advertising Media Hacking 318

SecureList

JANUARY 6, 2025

Introduction In our recent investigation into the EAGERBEE backdoor , we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation.

Malware 140

Malware Architecture Passwords Accountability 140

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

Risk

The Last Watchdog

JANUARY 7, 2025

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. The cybersecurity landscape is evolving as attackers harness the power of artificial intelligence (AI) to develop advanced and evasive threats.

Threat Detection 130

Threat Detection Engineering Malware Artificial Intelligence 130

Malwarebytes

JANUARY 6, 2025

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. Unfortunately for the organization, the truth was found out. Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000.

Data breaches 144

Data breaches Ransomware Passwords Insurance 144

Security Boulevard

JANUARY 10, 2025

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

Education 115

Education Ransomware Software Data privacy 115

The Last Watchdog

JANUARY 7, 2025

Philadelphia, Pa., Jan. 7, 2025, CyberNewswire — Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Risk 130

Risk Penetration Testing Marketing Technology 130

Malwarebytes

JANUARY 9, 2025

Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if youre a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sourcesfrom publicly available data to stolen datasetsand then sell the gathered data on.

Media 126

Media Data breaches Government Risk 126

Security Affairs

JANUARY 5, 2025

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008.

Malware 131

Malware Encryption Phishing Hacking 131

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Security Boulevard

JANUARY 9, 2025

What to expect in 2025 and beyond, into the future. Here are some likely predictions across cybersecurity, GenAI and innovation, and defensive cyber. The post From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions appeared first on Security Boulevard.

Cybersecurity 130

Cybersecurity Threat Detection Security Awareness Risk 130

SecureWorld News

JANUARY 7, 2025

Cybersecurity in today's world is akin to the enchanted realms of fairy tales, where threats lurk in dark digital forests and heroes wield keyboards instead of swords. Just as these cautionary fables have guided generations, modern stories now light our path through the complex security landscape. Welcome to SecureWorld's theme for 2025: Once Upon a Time in Cybersecurity.

Cybersecurity 113

Cybersecurity Social Engineering Phishing Engineering 113

Malwarebytes

JANUARY 9, 2025

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates. Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services.

Malware 121

Malware Small Business Artificial Intelligence VPN 121

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 121

Malware Advertising Antivirus Cybercrime 121

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

IT Security Guru

JANUARY 9, 2025

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. The IT Security Guru caught up with Darren Guccione, CEO and co-founder of Keeper Security to see what he thinks should be the industry’s resolutions in the coming year.

Cybersecurity 113

Cybersecurity Cyber threats Architecture Digital transformation 113

SecureWorld News

JANUARY 8, 2025

The fall of Stoli, the vodka maker, shows how cyberattacks can push struggling companies over the edge. Here's what happened: In August 2024, Stoli got hit with ransomware. The attack knocked out their enterprise resource planning (ERP) system. They had to switch to manual operations for everythingeven basic accounting. Now, four months later, two U.S. parts of Stoli (Stoli USA and Kentucky Owl) have filed for bankruptcy.

Ransomware 113

Ransomware Manufacturing Government Accountability 113

Security Boulevard

JANUARY 6, 2025

Four actionable tips that will enable you to enhance the human element of your cybersecurity posture, transforming potential vulnerabilities into robust defenses. The post 4 Tips to Fortify the Human Element in Your Cybersecurity Posture appeared first on Security Boulevard.

Cybersecurity 114

Cybersecurity Cyber threats Security Awareness 114

Security Affairs

JANUARY 8, 2025

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” “We have identi

Firewall 115

Firewall Firmware VPN Authentication 115

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Webroot

JANUARY 6, 2025

In todays digital-first world, small and medium-sized businesses (SMBs) face cybersecurity challenges that grow more complex by the day. SMBs are prime targets for attackers hoping to gain a foothold inside any organization that doesnt have extensive security measures. As threats increase, so does the need for comprehensive, reliable, and accessible protection.

Cyber threats 104

Cyber threats Cyber Attacks Threat Detection Risk 104

SecureWorld News

JANUARY 10, 2025

Retail analytics can provide companies of all sizes with a significant advantage in the market. However, the use of any kind of software that deals with large amounts of sensitive customer data can make a business the target of cybercriminals. It's natural to want to make the most of these systems, but in doing so, you need to ensure that you are putting the correct resources into your cybersecurity systems and operations.

Retail 108

Retail eCommerce Software Data breaches 108

Security Boulevard

JANUARY 6, 2025

China is continuing to target U.S. entities in its efforts regarding Taiwan, including using state-sponsored Flax Typhoon to compromise Guam infrastructure. U.S. are pushing back, with the Treasury Department sanctioning a Chinse cybersecurity firm accused of aiding in some of the attacks. The post Chinas Salt Typhoon Attacks Guam entity; US Sanctions Chinese Company appeared first on Security Boulevard.

Cybersecurity 117

Cybersecurity Network Security 117

Security Affairs

JANUARY 4, 2025

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat ,by the Nomic Foundation , is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply chain attack targeting the Nomic Foundation and Hardhat platforms, attackers use malicious npm packages to steal critical data like private keys and configuration details.

Encryption 134

Encryption Hacking Cybercrime Information Security 134

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

Scams

Schneier on Security

JANUARY 9, 2025

It’s being actively exploited.

VPN 271

VPN 271

SecureWorld News

JANUARY 8, 2025

The White House has officially launched the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program designed to help consumers make informed decisions about the security of their internet-connected devices. From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks.

IoT 117

IoT Manufacturing Government Cybersecurity 117

Security Boulevard

JANUARY 10, 2025

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The study found phishing campaigns have evolved.

Phishing 122

Phishing Risk Cybersecurity Security Awareness 122

Security Affairs

JANUARY 6, 2025

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to go offline. “We are aware of and actively investigating an issue with agents going offline after plugin updates for

Hacking 120

Hacking Information Security 120

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Schneier on Security

JANUARY 6, 2025

Initial speculation about a new Apple feature.

265

265

NetSpi Technical

JANUARY 8, 2025

While everyone has been rushing to jump on the AI bandwagon, there has been a steady rise in AI/ML platforms that can be used in cloud service providers to run your data experiments. One of these platforms is the Azure Machine Learning (AML) service. The service is useful for handling large data processing tasks, as it seamlessly integrates with other Azure services that can feed it data.

Accountability 96

Accountability Authentication Identity Theft Social Engineering 96

Security Boulevard

JANUARY 8, 2025

IEI-IEI, Oh: Running an obsolete OS, on obsolete hardware, configured with obsolete settings. The post Insecure Medical Devices Illumina DNA Sequencer Illuminates Risks appeared first on Security Boulevard.

Risk 125

Risk Social Engineering Internet Internet 125

Security Affairs

JANUARY 10, 2025

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer.

Phishing 113

Phishing Scams Malware Authentication 113

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!