Tech Republic Security

JANUARY 6, 2025

Explore the fastest VPNs for secure, high-speed browsing. Discover VPN services that protect your data and ensure smooth streaming and safe internet access.

VPN 154

VPN Internet Internet 154

Krebs on Security

JANUARY 7, 2025

Besieged by scammers seeking to phish user accounts over the telephone, Apple and Google frequently caution that they will never reach out unbidden to users this way. However, new details about the internal operations of a prolific voice phishing gang show the group routinely abuses legitimate services at Apple and Google to force a variety of outbound communications to their users, including emails, automated phone calls and system-level messages sent to all signed-in devices.

Phishing 334

Phishing Cryptocurrency Accountability Social Engineering 334

Schneier on Security

JANUARY 10, 2025

404 Media is reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS.

Data collection 307

Data collection Advertising Media Hacking 307

Lohrman on Security

JANUARY 5, 2025

A new report examines the rise of pre-emptive bans on mandated human microchip implants, noting that 13 states have recently enacted such a ban, despite no companies currently requiring the technology.

Technology 207

Technology 207

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Tech Republic Security

JANUARY 8, 2025

The Cyber Trust Mark will help consumers make more informed decisions about the cybersecurity of products, according to the White House.

Cybersecurity 210

Cybersecurity Internet Internet IoT 210

Malwarebytes

JANUARY 9, 2025

Like many other data brokers, Gravy is a company you may never have heard of, but it almost certainly knows a lot about you if youre a US citizen. Data brokers come in different shapes and sizes. What they have in common is that they gather personally identifiable data from various sourcesfrom publicly available data to stolen datasetsand then sell the gathered data on.

Media 137

Media Data breaches Government Risk 137

The Last Watchdog

JANUARY 7, 2025

Ramat Gan, Israel, January 7th, 2025, CyberNewswire — CyTwist , a leader in advanced next-generation threat detection solutions, has launched its patented detection engine to combat the insidious rise of AI-generated malware. The cybersecurity landscape is evolving as attackers harness the power of artificial intelligence (AI) to develop advanced and evasive threats.

Threat Detection 130

Threat Detection Engineering Malware Artificial Intelligence 130

Tech Republic Security

JANUARY 9, 2025

Hidden dependencies, social engineering attacks, and the complexity of foundation models can all contribute tothe insecure use of open-source software in 2025.

Software 178

Software Social Engineering Engineering Artificial Intelligence 178

Malwarebytes

JANUARY 6, 2025

A US chain of dental offices known as Westend Dental LLC denied a 2020 ransomware attack and its associated data breach, instead telling their customers that data was lost due to an accidentally formatted hard drive. Unfortunately for the organization, the truth was found out. Westend Dental agreed to settle several violations of the Health Insurance Portability and Accountability Act (HIPAA) in a penalty of $350,000.

Data breaches 145

Data breaches Ransomware Passwords Insurance 145

Schneier on Security

JANUARY 6, 2025

Initial speculation about a new Apple feature.

259

259

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

SecureList

JANUARY 6, 2025

Introduction In our recent investigation into the EAGERBEE backdoor , we found that it was being deployed at ISPs and governmental entities in the Middle East. Our analysis uncovered new components used in these attacks, including a novel service injector designed to inject the backdoor into a running service. Additionally, we discovered previously undocumented components (plugins) deployed after the backdoor’s installation.

Malware 123

Malware Architecture Passwords Accountability 123

Tech Republic Security

JANUARY 10, 2025

ManpowerGroups Employment Outlook Survey for Q1 2025 found the Australian IT sector has the strongest net employment outlook of any sector at the beginning of 2025.

151

151

Malwarebytes

JANUARY 9, 2025

Small businesses and boutique organizations should use caution when leaning on browser-friendly artificial intelligence (AI) tools to generate ideas, content, and marketing copy, as a set of Google Chrome extensions were recently compromised to deliver info-stealing malware disguised as legitimate updates. Analyzed by researchers at Extension Total, the cybercriminal campaign has managed to take over the accounts of at least 36 Google Chrome extensions that provide AI and VPN services.

Malware 133

Malware Small Business Artificial Intelligence VPN 133

Schneier on Security

JANUARY 7, 2025

From the Washington Post : The sanctions target Beijing Integrity Technology Group , which U.S. officials say employed workers responsible for the Flax Typhoon attacks which compromised devices including routers and internet-enabled cameras to infiltrate government and industrial targets in the United States, Taiwan, Europe and elsewhere.

Internet 240

Internet Internet Government Technology 240

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

The Last Watchdog

JANUARY 7, 2025

Philadelphia, Pa., Jan. 7, 2025, CyberNewswire — Security Risk Advisors today announced it has become a member of the Microsoft Intelligent Security Association (MISA), an ecosystem of independent software vendors (ISVs) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft Security technology to better defend mutual customers against a world of increasing cyber threats.

Risk 130

Risk Penetration Testing Marketing Technology 130

Penetration Testing

JANUARY 10, 2025

A severe security vulnerability has been discovered in several Netgear routers, allowing remote attackers to gain unauthorized access The post CVE-2024-12847 (CVSS 9.8): NETGEAR Router Flaw Exploited in the Wild for Years, PoC Published appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Zero Day

JANUARY 9, 2025

If you're just now jumping onto the Linux train, you might be wondering what apps to install first. Here are the first 10 I find should be installed by all.

145

145

The Hacker News

JANUARY 10, 2025

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.

Cybersecurity 143

Cybersecurity 143

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

JANUARY 4, 2025

The U.S. Treasury Department sanctioned Chinese cybersecurity firm Integrity Tech for its involvement in attacks attributed to the Flax Typhoon group. The U.S. Treasury sanctioned a Chinese cybersecurity firm, Integrity Tech, for links to cyberattacks by Chinas state-backed Flax Typhoon APT group (also called Ethereal Panda or RedJuliett). The China-linked APT group used Integrity Tech’s infrastructure to launch cyberattacks on European and U.S. networks since the summer of 2022. “To

Cybersecurity 119

Cybersecurity IoT Hacking Technology 119

Penetration Testing

JANUARY 6, 2025

Popular VPN client app, OpenVPN Connect, patched a critical security flaw that could have exposed users’ private keys The post CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys appeared first on Cybersecurity News.

VPN 145

VPN Cybersecurity 145

Zero Day

JANUARY 8, 2025

The Accenture Technology Vision 2025 report explores how AI-powered autonomy is shaping technology development, customer experience, the physical world, and the future workforce, where people and AI agents work together to drive customer success.

Technology 143

Technology 143

Trend Micro

JANUARY 9, 2025

Our research shows how attackers use platforms like YouTube to spread fake installers via trusted hosting services, employing encryption to evade detection and steal sensitive browser data.

Malware 141

Malware Encryption 141

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk

Security Boulevard

JANUARY 10, 2025

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs. The post Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data appeared first on Security Boulevard.

Education 115

Education Ransomware Software Data privacy 115

Penetration Testing

JANUARY 5, 2025

Security researchers published the technical details and a proof-of-concept (PoC) exploit code for CVE-2024-43452 (CVSS 7.5), a Windows The post CVE-2024-43452: PoC Exploit Released for Windows Elevation of Privilege Bug appeared first on Cybersecurity News.

Cybersecurity 145

Cybersecurity 145

Zero Day

JANUARY 7, 2025

You just followed a fascinating new account on Bluesky. But does that account really belong to who you think it does?

Accountability 143

Accountability 143

The Hacker News

JANUARY 10, 2025

Microsoft has revealed that it's pursuing legal action against a "foreign-based threatactor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content.

Artificial Intelligence 140

Artificial Intelligence Hacking 140

Advertisement

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

Software

Security Affairs

JANUARY 10, 2025

Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called BANSHEE Stealer that can target both x86_64 and ARM64 architectures.

Malware 117

Malware Advertising Antivirus Cybercrime 117

Penetration Testing

JANUARY 4, 2025

A newly discovered vulnerability in the UpdraftPlus Backup & Migration Plugin, used by over 3 million WordPress websites The post CVE-2024-10957 Exposes Over 3 Million WordPress Sites to Unauthenticated PHP Object Injection Exploits appeared first on Cybersecurity News.

Backups 144

Backups Cybersecurity 144

Security Boulevard

JANUARY 9, 2025

What to expect in 2025 and beyond, into the future. Here are some likely predictions across cybersecurity, GenAI and innovation, and defensive cyber. The post From Cybersecurity Consolidation to GenAI and Innovation – What to Expect: 2025 Predictions appeared first on Security Boulevard.

Cybersecurity 130

Cybersecurity Threat Detection Security Awareness Risk 130

Malwarebytes

JANUARY 7, 2025

One of the first things everyone predicted when artificial intelligence (AI) became more commonplace was that it would assist cybercriminals in making their phishing campaigns more effective. Now, researchers have conducted a scientific study into the effectiveness of AI supported spear phishing , and the results line up with everyone’s expectations: AI is making it easier to do crimes.

Phishing 140

Phishing Artificial Intelligence Marketing Risk 140

Advertisement

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

Cybersecurity