Security Boulevard
FEBRUARY 4, 2025
Malicious employees and insider threats pose one of the biggest security risks to organizations, as these users have more access and permissions than cybercriminals attacking the organization externally. The post How to Root Out Malicious Employees appeared first on Security Boulevard.
Schneier on Security
FEBRUARY 6, 2025
Most people know that robots no longer sound like tinny trash cans. They sound like Siri , Alexa , and Gemini. They sound like the voices in labyrinthine customer support phone trees. And even those robot voices are being made obsolete by new AI-generated voices that can mimic every vocal nuance and tic of human speech, down to specific regional accents.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Krebs on Security
FEBRUARY 4, 2025
The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled , English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums.
SecureList
FEBRUARY 5, 2025
In March 2023, researchers at ESET discovered malware implants embedded into various messaging app mods. Some of these scanned users’ image galleries in search of crypto wallet access recovery phrases. The search employed an OCR model which selected images on the victim’s device to exfiltrate and send to the C2 server. The campaign, which targeted Android and Windows users, saw the malware spread through unofficial sources.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Malwarebytes
FEBRUARY 4, 2025
A paradigm shift in technology is hurtling towards us, and it could change everything we know about cybersecurity. Uhh, again, that is. When ChatGPT was unveiled to the public in late 2022, security experts looked on with cautious optimism, excited about the new technology but concerned about its use in cyberattacks. But two years on, much of what ChatGPT and other generative AI chat tools offer attackers is a way to improve what already works, not new ways to deliver attacks themselves.
Schneier on Security
FEBRUARY 4, 2025
Interesting analysis : We analyzed every instance of AI use in elections collected by the WIRED AI Elections Project ( source for our analysis), which tracked known uses of AI for creating political content during elections taking place in 2024 worldwide. In each case, we identified what AI was used for and estimated the cost of creating similar content without AI.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
The Last Watchdog
FEBRUARY 4, 2025
Austin, TX, Feb. 4, 2025, CyberNewswire — SpyClouds Identity Threat Protection solutions spearhead a holistic identity approach to security, illuminating correlated hidden identity exposures and facilitating fast, automated remediation. SpyCloud , a leading identity threat protection company, announced key innovations in its portfolio, pioneering the shift to holistic identity threat protection.
Malwarebytes
FEBRUARY 7, 2025
A cybercriminal acting under the monicker emirking offered 20 million OpenAI user login credentials this week, sharing what appeared to be samples of the stolen data itself. Post by emirking A translation of the Russian statement by the poster says: When I realized that OpenAI might have to verify accounts in bulk, I understood that my password wouldnt stay hidden.
Schneier on Security
FEBRUARY 3, 2025
This is yet another story of commercial spyware being used against journalists and civil society members. The journalists and other civil society members were being alerted of a possible breach of their devices, with WhatsApp telling the Guardian it had “high confidence” that the 90 users in question had been targeted and “possibly compromised.” It is not clear who was behind the attack.
SecureWorld News
FEBRUARY 3, 2025
In a significant victory against cybercrime, U.S. and Dutch law enforcement agencies have dismantled 39 domains and their associated servers in an effort to disrupt a Pakistan-based network of online marketplaces selling phishing and fraud-enabling tools. Dubbed Operation Heart Blocker, the coordinated effort targeted a cybercriminal group known as Saim Raza, also operating under the name HeartSender.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Security Affairs
FEBRUARY 4, 2025
Coyote Banking Trojan targets Brazilian users, stealing data from over 70 financial applications and websites. FortiGuard Labs researchers detected a campaign using LNK files executing PowerShell commands to deploy the Coyote Banking Trojan. Threat actors target Brazilian users by stealing financial data, the malware can harvest sensitive information from over 70 financial applications and numerous websites.
Anton on Security
FEBRUARY 6, 2025
Unfortunately, I am old enough to remember how SIEM was done before the arrival of threat intelligence feeds. We had to write broad behavioral (well, behavioral-ish, if I am totally honest) rules without relying on any precise knowledge of attacker infrastructure and details of their operations ( IF event_type=exploit FOLLOWED BY event_type=config_change ON the same machine THENalert ).
Schneier on Security
FEBRUARY 5, 2025
Microsoft’s AI Red Team just published “ Lessons from Red Teaming 100 Generative AI Products.” Their blog post lists “three takeaways,” but the eight lessons in the report itself are more useful: Understand what the system can do and where it is applied. You don’t have to compute gradients to break an AI system. AI red teaming is not safety benchmarking.
Security Boulevard
FEBRUARY 7, 2025
KYC isnt a Thing, claims telco: Commissioner Brendan Carr (pictured) wants $4.5 million fine on Telnyx, for enabling illegal robocall scheme. The post FINALLY! FCC Gets Tough on Robocall Fraud appeared first on Security Boulevard.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
FEBRUARY 3, 2025
The February 2025 Android security updates addressed 48 vulnerabilities, including a kernel zero-day flaw exploited in the wild. The February 2025 Android security updates addressed 48 vulnerabilities, including a zero-day flaw, tracked as CVE-2024-53104 , which is actively exploited in attacks in the wild. “There are indications that CVE-2024-53104 may be under limited, targeted exploitation.” reads Google’s bulletin.
Jane Frankland
FEBRUARY 7, 2025
When data breaches escalate, cyber-attacks grow more sophisticated, nation states ramp up their digital warfare, and regulations tighten the noose, staying ahead isnt just an optionits your only line of defence. But as a CISO or cyber risk owner, it’s not just about locking down sensitive informationits about doing it without slowing down your people.
Schneier on Security
FEBRUARY 7, 2025
Kaspersky is reporting on a new type of smartphone malware. The malware in question uses optical character recognition (OCR) to review a device’s photo library, seeking screenshots of recovery phrases for crypto wallets. Based on their assessment, infected Google Play apps have been downloaded more than 242,000 times. Kaspersky says: “This is the first known case of an app infected with OCR spyware being found in Apple’s official app marketplace.” That’s a tactic I
Security Boulevard
FEBRUARY 7, 2025
Law enforcement actions, better defenses, and a refusal by victims to pay helped to reduce the amount of ransoms paid in 2024 by $35%, a sharp decline from the record $1.25 billion shelled out in 2023, according to researchers with Chainalysis. The post Ransom Payments Fell 35% in 2024 After LockBit, BlackCat Takedowns appeared first on Security Boulevard.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
FEBRUARY 2, 2025
Meta announced the disruption of a malware campaign via WhatsApp that targeted journalists with the Paragon spyware. Meta announced that discovered and dismantled a malware campaign via WhatsApp that targeted journalists and civil society members with the Paragon spyware (aka Graphite). The hacking campaign targeted 90 users and was disrupted in December, WhatsApp already alerted them of a possible compromise of their devices.
SecureWorld News
FEBRUARY 6, 2025
Grubhub recently confirmed a data breach stemming from a third-party vendor, exposing the ongoing risks associated with supply chain security. While the company assures that sensitive information like full payment details and Social Security numbers were not compromised, the incident serves as another reminder of the vulnerabilities that can arise from external partnerships.
Malwarebytes
FEBRUARY 3, 2025
WhatsApp has accused the professional spyware company Paragon of spying on a select group of users. WhatsApp, the Meta-owned, end-to-end encrypted messaging platform, said it has reliable information that nearly 100 journalists and other members of civil society were targets of a spyware campaign conducted by the Israeli spyware company. “Members of civil society” usually refers to individuals and organizations that operate independently from government and business sectors, often th
Security Boulevard
FEBRUARY 3, 2025
Investigators from the United States and other countries seized and shut down two online cybercriminal marketplaces, Cracked and Nulled, that they said affected more than 17 million Americans by selling hacking tools and stolen information to bad actors. The post DOJ, Allies Seize Cybercrime Forums Affecting 17 Million-Plus Americans appeared first on Security Boulevard.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Security Affairs
FEBRUARY 3, 2025
US Sen. Ron Wyden warns of national security risks after Elon Musk s DOGE was given full access to sensitive Treasury systems. Sen. Ron Wyden warned of national security risks after Elon Musk s team, Department of Government Efficiency (DOGE), was granted full access to a sensitive U.S. Treasury payments system. Sen. Ron Wyden stated that Treasury Secretary Scott Bessent granted Elon Musks team, DOGE, access to the sensitive Treasury system.
SecureWorld News
FEBRUARY 6, 2025
The United States is taking a firm stance against potential cybersecurity threats from artificial intelligence (AI) applications with direct ties to foreign adversaries. On February 6, 2025, U.S. Representatives Josh Gottheimer (D-NJ) and Darin LaHood (R-IL) introduced the bipartisan No DeepSeek on Government Devices Act, seeking to prohibit federal employees from using the AI-powered application DeepSeek on government-issued devices.
Lohrman on Security
FEBRUARY 2, 2025
The past week has been full of headlines regarding DeepSeek AI. So what lessons can we learn from this whirlwind of media stories and the corresponding reactions from governments and Wall Street?
Security Boulevard
FEBRUARY 5, 2025
Security researchers have uncovered serious vulnerabilities in DeepSeek-R1, the controversial Chinese large language model (LLM) that has drawn widespread attention for its advanced reasoning capabilities. The post DeepSeek AI Model Riddled With Security Vulnerabilities appeared first on Security Boulevard.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Security Affairs
FEBRUARY 1, 2025
Indian multinational technology company Tata Technologies suspended some IT services following a ransomware attack. Indian multinational Tata Technologies , a Tata Motors subsidiary, suspended some IT services following a ransomware attack. The company, which is engaged in product engineering, provides services to automotive and aerospace original equipment manufacturers as well as industrial machinery companies.
Malwarebytes
FEBRUARY 5, 2025
An online shop is more than just another way to sell your products. It comes with a responsibility to keep the web shop secure. Cybercriminals are looking to steal your customers credit card details, their personal data, and even your revenue. And its not as if using a platform that is used by major retailers makes it safe. Platforms like Shopify, Wix, and Magento are always under scrutiny of cybercriminals that are looking for a vulnerability that allows them to insert skimmers or get access to
Webroot
FEBRUARY 3, 2025
When it comes to endpoint detection and response (EDR) compatibility within an MDR offering, managed service providers (MSPs) are weighing two key priorities: native EDR integration or the flexibility to support multiple solutions. According to a recent OpenText survey, opinions are split almost evenly. While 52% of MSPs view native compatibility as moderately or very important, 48% place greater value on flexibility.
Security Boulevard
FEBRUARY 6, 2025
New Jersey lawmakers advanced a bill that would make it a crime to knowingly create and distribute AI-generated deepfake visual or audio content for nefarious purposes, the latest step in an ongoing push at the state and national level to address the rising threat. The post NJ Lawmakers Advance Anti-Deepfake Legislation appeared first on Security Boulevard.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Expert insights. Personalized for you.
119 
Let's personalize your content