Sat.Jan 04, 2025 - Fri.Jan 10, 2025

article thumbnail

The 5 Fastest VPNs for 2025

Tech Republic Security

Explore the fastest VPNs for secure, high-speed browsing. Discover VPN services that protect your data and ensure smooth streaming and safe internet access.

VPN 174
article thumbnail

A Day in the Life of a Prolific Voice Phishing Crew

Krebs on Security

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Phishing 336
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Apps That Are Spying on Your Location

Schneier on Security

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

article thumbnail

EAGERBEE, with updated and novel components, targets the Middle East

SecureList

Introduction In our recent investigation into the EAGERBEE backdoor , we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation.

Malware 140
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

News alert: CyTwist launches threat detection engine tuned to identify AI-driven malware in minutes

The Last Watchdog

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. The cybersecurity landscape is evolving as attackers harness the power of artificial intelligence (AI) to develop advanced and evasive threats.

article thumbnail

Dental group lied through teeth about data breach, fined $350,000

Malwarebytes

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. Unfortunately for the organization, the truth was found out. Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000.

LifeWorks

More Trending

article thumbnail

Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data

Security Boulevard

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

Education 115
article thumbnail

News Alert: Security Risk Advisors joins Microsoft Intelligent Security Association (MISA)

The Last Watchdog

Philadelphia, Pa., Jan. 7, 2025, CyberNewswire — Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Risk 130
article thumbnail

Massive breach at location data seller: “Millions” of users affected

Malwarebytes

Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if youre a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sourcesfrom publicly available data to stolen datasetsand then sell the gathered data on.

Media 126
article thumbnail

PLAYFULGHOST backdoor supports multiple information stealing features

Security Affairs

PLAYFULGHOST is a new malware family with capabilities including keylogging, screen and audio capture, remote shell access, and file transfer/execution. Google researchers analyzed a new malware family called PLAYFULGHOST that supports multiple features, including keylogging, screen and audio capture, remote shell, and file transfer/execution. The PLAYFULGHOST backdoor shares functionality with Gh0stRAT whose source code was publicly released in 2008.

Malware 131
article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions 

Security Boulevard

What to expect in 2025 and beyond, into the future. Here are some likely predictions across cybersecurity, GenAI and innovation, and defensive cyber. The post From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions appeared first on Security Boulevard.

article thumbnail

2025 SecureWorld Theme: Once Upon a Time in Cybersecurity

SecureWorld News

Cybersecurity in today's world is akin to the enchanted realms of fairy tales, where threats lurk in dark digital forests and heroes wield keyboards instead of swords. Just as these cautionary fables have guided generations, modern stories now light our path through the complex security landscape. Welcome to SecureWorld's theme for 2025: Once Upon a Time in Cybersecurity.

article thumbnail

Google Chrome AI extensions deliver info-stealing malware in broad attack

Malwarebytes

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates. Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services.

Malware 121
article thumbnail

Banshee macOS stealer supports new evasion mechanisms

Security Affairs

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 121
article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Cybersecurity Resolutions for 2025

IT Security Guru

As we begin the New Year, it offers a chance for reflection on 2024 and to consider what we can do as security professionals and business leaders in 2025 that will keep us relevant and in the best position to counter cyber threats going forward. The IT Security Guru caught up with Darren Guccione, CEO and co-founder of Keeper Security to see what he thinks should be the industry’s resolutions in the coming year.

article thumbnail

The $84 Million Fall of Stoli

SecureWorld News

The fall of Stoli, the vodka maker, shows how cyberattacks can push struggling companies over the edge. Here's what happened: In August 2024, Stoli got hit with ransomware. The attack knocked out their enterprise resource planning (ERP) system. They had to switch to manual operations for everythingeven basic accounting. Now, four months later, two U.S. parts of Stoli (Stoli USA and Kentucky Owl) have filed for bankruptcy.

article thumbnail

4 Tips to Fortify the Human Element in Your Cybersecurity Posture

Security Boulevard

Four actionable tips that will enable you to enhance the human element of your cybersecurity posture, transforming potential vulnerabilities into robust defenses. The post 4 Tips to Fortify the Human Element in Your Cybersecurity Posture appeared first on Security Boulevard.

article thumbnail

SonicWall warns of an exploitable SonicOS vulnerability

Security Affairs

SonicWall warns customers to address an authentication bypass vulnerability in its firewall’s SonicOS that is “susceptible to actual exploitation.” SonicWall is urging customers to upgrade the SonicOS firmware of their firewalls to patch an authentication bypass vulnerability tracked as CVE-2024-53704 (CVSS score of 8.2). The vulnerability resides in SSL VPN and SSH management and according to the vendor is “susceptible to actual exploitation.” “We have identi

Firewall 115
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

6 reasons why SMBs love OpenText MDR

Webroot

In todays digital-first world, small and medium-sized businesses (SMBs) face cybersecurity challenges that grow more complex by the day. SMBs are prime targets for attackers hoping to gain a foothold inside any organization that doesnt have extensive security measures. As threats increase, so does the need for comprehensive, reliable, and accessible protection.

article thumbnail

7 Ways to Leverage Retail Analytics without Compromising on Security

SecureWorld News

Retail analytics can provide companies of all sizes with a significant advantage in the market. However, the use of any kind of software that deals with large amounts of sensitive customer data can make a business the target of cybercriminals. It's natural to want to make the most of these systems, but in doing so, you need to ensure that you are putting the correct resources into your cybersecurity systems and operations.

Retail 108
article thumbnail

China’s Salt Typhoon Attacks Guam entity; US Sanctions Chinese Company

Security Boulevard

China is continuing to target U.S. entities in its efforts regarding Taiwan, including using state-sponsored Flax Typhoon to compromise Guam infrastructure. U.S. are pushing back, with the Treasury Department sanctioning a Chinse cybersecurity firm accused of aiding in some of the attacks. The post Chinas Salt Typhoon Attacks Guam entity; US Sanctions Chinese Company appeared first on Security Boulevard.

article thumbnail

Malicious npm packages target Ethereum developers

Security Affairs

Malicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat ,by the Nomic Foundation , is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply chain attack targeting the Nomic Foundation and Hardhat platforms, attackers use malicious npm packages to steal critical data like private keys and configuration details.

article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

Zero-Day Vulnerability in Ivanti VPN

Schneier on Security

It’s being actively exploited.

VPN 271
article thumbnail

Understanding the U.S. Cyber Trust Mark: A New Era for IoT Security

SecureWorld News

The White House has officially launched the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program designed to help consumers make informed decisions about the security of their internet-connected devices. From baby monitors to home security systems, these IoT products have become integral to daily life, yet they also present significant cybersecurity risks.

IoT 117
article thumbnail

Phishing Threats, GenAI Among Top Cybersecurity Risks in 2025

Security Boulevard

Organizations are facing escalating threats from phishing attacks, personal app usage and the widespread adoption of generative AI (GenAI) in workplaces. According to a Netskope report, phishing attacks surged in 2024, with enterprise employees clicking on phishing links at a rate nearly three times higher than in 2023. The study found phishing campaigns have evolved.

Phishing 122
article thumbnail

Nessus scanner agents went offline due to a faulty plugin update

Security Affairs

Tenable disabled two Nessus scanner agent versions after a faulty plugin update caused agents to go offline. Tenable Nessus is a widely-used vulnerability scanning tool designed to identify and assess security vulnerabilities in systems, networks, and applications. Tenable was forced to disable two Nessus scanner agent versions because a faulty plugin update caused agents to go offline. “We are aware of and actively investigating an issue with agents going offline after plugin updates for

Hacking 120
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Privacy of Photos.app’s Enhanced Visual Search

Schneier on Security

Initial speculation about a new Apple feature.

265
265
article thumbnail

Hijacking Azure Machine Learning Notebooks (via Storage Accounts)

NetSpi Technical

While everyone has been rushing to jump on the AI bandwagon, there has been a steady rise in AI/ML platforms that can be used in cloud service providers to run your data experiments. One of these platforms is the Azure Machine Learning (AML) service. The service is useful for handling large data processing tasks, as it seamlessly integrates with other Azure services that can feed it data.

article thumbnail

Insecure Medical Devices — Illumina DNA Sequencer Illuminates Risks

Security Boulevard

IEI-IEI, Oh: Running an obsolete OS, on obsolete hardware, configured with obsolete settings. The post Insecure Medical Devices Illumina DNA Sequencer Illuminates Risks appeared first on Security Boulevard.

Risk 125
article thumbnail

Phishers abuse CrowdStrike brand targeting job seekers with cryptominer

Security Affairs

CrowdStrike warns of a phishing campaign that uses its recruitment branding to trick recipients into downloading a fake application, which finally installs the XMRig cryptominer. CrowdStrike discovered a phishing campaign using its recruitment branding to trick recipients into downloading a fake application, which acts as a downloader for the XMRig cryptominer.

Phishing 113
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!