2024

article thumbnail

LW ROUNDTABLE — How 2024’s cyber threats will transform the security landscape in 2025

The Last Watchdog

Continuing our look back at 2024, part two of Last Watchdogs year-ender roundtable turns its focus to emerging threats vs. evolving defense tactics. Part two of a four-part series The explosion of AI-driven phishing, insider threats, and business logic abuse has forced a shift toward more proactive, AI-enhanced defenses. The drivers are intensifying.

article thumbnail

How to Lose a Fortune with Just One Bad Click

Krebs on Security

Image: Shutterstock, iHaMoo. Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Detecting Pegasus Infections

Schneier on Security

This tool seems to do a pretty good job. The company’s Mobile Threat Hunting feature uses a combination of malware signature-based detection, heuristics, and machine learning to look for anomalies in iOS and Android device activity or telltale signs of spyware infection. For paying iVerify customers, the tool regularly checks devices for potential compromise.

Spyware 345
article thumbnail

How Spoutible’s Leaky API Spurted out a Deluge of Personal Data

Troy Hunt

Ever hear one of those stories where as it unravels, you lean in ever closer and mutter “No way! No way! NO WAY! ” This one, as far as infosec stories go, had me leaning and muttering like never before. Here goes: Last week, someone reached it to me with what they claimed was a Spoutible data breach obtained by exploiting an enumerable API.

Passwords 364
article thumbnail

How to Avoid Pitfalls In Automation: Keep Humans In the Loop

Speaker: Erroll Amacker

Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.

article thumbnail

Why Phishers Love New TLDs Like.shop,top and.xyz

Krebs on Security

Phishing attacks increased nearly 40 percent in the year ending August 2024, with much of that growth concentrated at a small number of new generic top-level domains (gTLDs) — such as.shop ,top ,xyz — that attract scammers with rock-bottom prices and no meaningful registration requirements, new research finds. Meanwhile, the nonprofit entity that oversees the domain name industry is moving forward with plans to introduce a slew of new gTLDs.

article thumbnail

Microsoft Patch Tuesday security updates for November 2024 fix two actively exploited zero-days

Security Affairs

Microsoft Patch Tuesday security updates for November 2024 addressed 89 vulnerabilities, including two actively exploited zero-day flaws. Microsoft Patch Tuesday security updates for November 2024 fixed 89 vulnerabilities in Windows and Windows Components; Office and Office Components; Azure; NET and Visual Studio; LightGBM; Exchange Server; SQL Server; TorchGeo; Hyper-V; and Windows VMSwitch.

Internet 126

LifeWorks

More Trending

article thumbnail

Columbus Ransomware Attack Exposes 500,000+ Residents’ Data: How to Stay Safe

eSecurity Planet

In a stunning blow to the city’s cybersecurity defenses, Columbus, Ohio, recently became the target of a massive cyberattack that exposed over half a million residents’ sensitive information. Following a July 18 attack by the Rhysida ransomware group — believed to have Russian affiliations — Columbus is still reeling from the exposure of vast amounts of sensitive resident data.

article thumbnail

Recent Cyber Attacks: Trends, Tactics, and Countermeasures

Hacker's King

In the digital age, cyber-attacks are a growing concern for individuals, businesses, and governments worldwide. These attacks are becoming more sophisticated, targeted, and damaging, threatening data privacy, financial stability, and national security. Understanding the recent trends, tactics, and effective countermeasures is crucial for anyone concerned about cybersecurity.

article thumbnail

Top Cybersecurity Trends to Watch Out For in 2025

Centraleyes

As we approach 2025, the cybersecurity landscape is evolving rapidly, shaped by technological advancements, regulatory shifts, and emerging threats. To keep up, organizations must stay ahead of these developments. Below is an exhaustive list of key cybersecurity trends to watch out for in 2025. For cybersecurity leaders and organizations, staying ahead of cybersecurity industry trends is crucial for safeguarding assets and maintaining trust.

article thumbnail

Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8)

Penetration Testing

Fortinet has issued a security advisory for its FortiManager platform, addressing a critical vulnerability—CVE-2024-47575—which has been actively exploited in the wild. This vulnerability, rated at CVSS 9.8, arises from a... The post Fortinet Warns of Actively Exploited Flaw in FortiManager: CVE-2024-47575 (CVSS 9.8) appeared first on Cybersecurity News.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

Cary, NC, Oct. 22, 2024, CyberNewswire — INE Security offers essential advice to protect digital assets and enhance security. As small businesses increasingly depend on digital technologies to operate and grow, the risks associated with cyber threats also escalate. INE Security , a leading provider of cybersecurity training and certifications, today shared its cybersecurity training for cyber hygiene practices for small businesses, underscoring the critical role of continuous education in

article thumbnail

Warning: Hackers could take over your email account by stealing cookies, even if you have MFA

Malwarebytes

The Federal Bureau of Investigation (FBI) has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, allowing them to bypass the multi-factor authentication (MFA) a user has set up. Here’s how it works. Most of us don’t think twice about checking the “Remember me” box when we log in. When you log in and the server has verified your authentication—straight away or after using MFA–the server creates a session and generates a unique session ID.

article thumbnail

Deebot Robot Vacuums Are Using Photos and Audio to Train Their AI

Schneier on Security

An Australian news agency is reporting that robot vacuum cleaners from the Chinese company Deebot are surreptitiously taking photos and recording audio, and sending that data back to the vendor to train their AIs. Ecovacs’s privacy policy— available elsewhere in the app —allows for blanket collection of user data for research purposes, including: The 2D or 3D map of the user’s house generated by the device Voice recordings from the device’s microphone Photos or vide

article thumbnail

Security Roundup November 2024

BH Consulting

Curated advice, guidance, learning and trends in cybersecurity and privacy, as chosen by our consultants. Microsoft moves to lock down admin accounts against exploits Microsoft is introducing a new security feature for Windows 11 called Admin Protection, designed to make admin accounts more secure during privileged or sensitive actions. Currently in testing, Admin Protection isolates high-level privileges within a locked ‘super admin’ account embedded in the operating system.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

U.S. Offered $10M for Hacker Just Arrested by Russia

Krebs on Security

In January 2022, KrebsOnSecurity identified a Russian man named Mikhail Matveev as “ Wazawaka ,” a cybercriminal who was deeply involved in the formation and operation of multiple ransomware groups. The U.S. government indicted Matveev as a top ransomware purveyor a year later, offering $10 million for information leading to his arrest. Last week, the Russian government reportedly arrested Matveev and charged him with creating malware used to extort companies.

article thumbnail

US charged Dual Russian and Israeli National as LockBit Ransomware developer

Security Affairs

US authorities charged a dual Russian and Israeli national for being a developer of the LockBit ransomware group. Rostislav Panev, 51, a dual Russian-Israeli national, was charged as a LockBit ransomware developer. Arrested in Israel, he awaits extradition to the U.S. Panev was arrested in Israel in August and is awaiting extradition to the U.S. on criminal charges.

article thumbnail

Quantum Threats and How to Protect Your Data

SecureWorld News

Quantum computing brings both opportunities for advancement and significant security challenges. Recent progress has sparked discussions, but current capabilities are still far from threatening encryption standards like 2048-bit RSA. Despite media hype suggesting potential for "cracking military-grade encryption," experts clarify that these achievements neither target nor compromise robust methods like AES, TLS, or other military-grade algorithms.

article thumbnail

Deceptive Google Meet Invites Lures Users Into Malware Scams

eSecurity Planet

The reliance on virtual meetings has skyrocketed after the pandemic, making platforms like Google Meet and Zoom integral to our daily personal and professional communication. However, this surge in usage has also opened the door to a growing array of cybersecurity threats. One of the most concerning tactics currently on the rise is the ClickFix campaign — a sophisticated phishing scheme targeting unsuspecting Google Meet users.

Scams 122
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Exploring OSINT Tools: How Ethical Hackers Gather Intelligence

Hacker's King

In today’s digital landscape, gathering intelligence is a critical component of cybersecurity and ethical hacking. Ethical hackers use Open Source Intelligence (OSINT) tools to collect information about their targets from publicly available sources. OSINT allows hackers to leverage data from the internet, social media, databases, and other open channels to uncover potential vulnerabilities.

Media 52
article thumbnail

IT threat evolution in Q3 2024. Non-mobile statistics

SecureList

IT threat evolution in Q3 2024 IT threat evolution in Q3 2024. Non-mobile statistics IT threat evolution in Q3 2024. Mobile statistics The statistics presented here are based on detection verdicts by Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures In Q3 2024: Kaspersky solutions successfully blocked more than 652 million cyberattacks originating from various online resources.

Mobile 105
article thumbnail

CVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution

Penetration Testing

A critical security vulnerability (CVE-2024-52308) in the GitHub Command Line Interface (CLI) has been identified, potentially enabling remote code execution (RCE) on users’ workstations. This vulnerability, with a CVSS score... The post CVE-2024-52308: GitHub CLI Vulnerability Could Allow Remote Code Execution appeared first on Cybersecurity News.

article thumbnail

LW ROUNDTABLE: Wrist slap or cultural shift? SEC fines cyber firms for disclosure violations

The Last Watchdog

The compliance variable has come into play in an impactful way. Related: Technology and justice systems The U.S. Security and Exchange Commission (SEC) recently laid down the hammer charging and fining four prominent cybersecurity vendors for making misleading claims in connection with the SolarWinds hack. SEC investigators gathered evidence that Unisys Corp., Avaya Holdings , Check Point Software Technologies , and Mimecast Limited each minimized or obscured the extent of security breaches link

CISO 263
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Unauthorized data access vulnerability in macOS is detailed by Microsoft

Malwarebytes

The Microsoft Threat Intelligence team disclosed details about a macOS vulnerability, dubbed “HM Surf,” that could allow an attacker to gain access to the user’s data in Safari. The data the attacker could access without users’ consent includes browsed pages, along with the device’s camera, microphone, and location. The vulnerability, tracked as CVE-2024-44133 was fixed in the September 16 update for Mac Studio (2022 and later), iMac (2019 and later), Mac Pro (2019 and later), Mac Mi

Adware 143
article thumbnail

Most of 2023’s Top Exploited Vulnerabilities Were Zero-Days

Schneier on Security

Zero-day vulnerabilities are more commonly used , according to the Five Eyes: Key Findings In 2023, malicious cyber actors exploited more zero-day vulnerabilities to compromise enterprise networks compared to 2022, allowing them to conduct cyber operations against higher-priority targets. In 2023, the majority of the most frequently exploited vulnerabilities were initially exploited as a zero-day, which is an increase from 2022, when less than half of the top exploited vulnerabilities were explo

article thumbnail

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024

Thales Cloud Protection & Licensing

New Cybersecurity Rules for Financial Institutions in New York State Take Effect November 1, 2024 madhav Fri, 10/25/2024 - 06:09 The next major deadline for compliance with the updated cybersecurity rules from the New York State Department of Financial Services (NYDFS) is November 1, 2024. These new rules date back to March 1, 2017, when the NYDFS implemented comprehensive cybersecurity regulations for financial services companies and other covered entities.

article thumbnail

Sudanese Brothers Arrested in ‘AnonSudan’ Takedown

Krebs on Security

The U.S. government on Wednesday announced the arrest and charging of two Sudanese brothers accused of running Anonymous Sudan (a.k.a. AnonSudan ), a cybercrime business known for launching powerful distributed denial-of-service (DDoS) attacks against a range of targets, including dozens of hospitals, news websites and cloud providers. The younger brother is facing charges that could land him life in prison for allegedly seeking to kill people with his attacks.

DDOS 291
article thumbnail

Next-Level Fraud Prevention: Strategies for Today’s Threat Landscape

Speaker: Sierre Lindgren

Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.

article thumbnail

U.S. Court rules against NSO Group in WhatsApp spyware Lawsuit

Security Affairs

A U.S. court ruled in favor of WhatsApp against NSO Group, holding the spyware vendor liable for exploiting a flaw to deliver Pegasus spyware. WhatsApp won a legal case against NSO Group in a U.S. court over exploiting a vulnerability to deliver Pegasus spyware. Will Cathcart of WhatsApp called the ruling a major privacy victory, emphasizing accountability for spyware firms after a five-year legal battle.

Spyware 108
article thumbnail

Lessons Learned from a High-Stakes Data Breach

SecureWorld News

In 2016, Uber faced a cybersecurity crisis that ended up reshaping the conversation around data breaches and accountability. Hackers accessed a massive amount of sensitive data, including the names, email addresses, and phone numbers of 57 million riders and drivers, plus driver's license numbers for about 600,000 drivers. They managed to break in after finding credentials left exposed in a public GitHub repository—a preventable, basic lapse in security hygiene.

article thumbnail

Top 9 Trends In Cybersecurity Careers for 2025

eSecurity Planet

Technologies that were figments of the imagination a dozen years ago, if they were conceived of at all, quickly become mainstream — think generative artificial intelligence (GenAI) or blockchain. As they do, they create more security vulnerabilities and inherent business, changing the nature of cybersecurity careers. According to research by IBM Corp. and the Ponemon Institute, the average security breach cost reached $4.88 million in 2024 — 10% more than the previous year and the highest averag

article thumbnail

Top 10 Cybersecurity Trends to Expect in 2025

Hacker's King

As the digital landscape evolves, cybersecurity remains a critical concern for businesses, governments, and individuals alike. With the advent of new technologies and rising cyber threats , 2025 promises significant shifts in the cybersecurity domain. Here are the top 10 trends to watch out for in 2025: Rise of AI-Driven Cyberattacks Cybercriminals are increasingly leveraging artificial intelligence (AI) to develop sophisticated attack methods.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.