Software - Cyber Security Informer

Delivering Malware Through Abandoned Amazon S3 Buckets

Schneier on Security

FEBRUARY 12, 2025

These buckets contained software libraries that are still used. The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned.

Malware

Malware Software Internet Internet

New MassJacker clipper targets pirated software seekers

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn. com) distributing pirated software that also spreads malware.

Software

Software Cryptocurrency Malware Encryption

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

The Last Watchdog

FEBRUARY 25, 2025

This category of awards ranks the worlds top 50 software education products based on authentic reviews from more than 100 million G2 users. Warn “We are thrilled to be recognized for a second consecutive year by G2’s Best Software Awards, said Dara Warn, CEO of INE. Cary, NC, Feb.

Education

Education Software Small Business Cybersecurity

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

SecureList

NOVEMBER 6, 2024

It spreads via forums posts, torrent trackers and blogs, imitating popular software like Foxit PDF Editor and AutoCAD. These posts refer to the SteelFox dropper as an efficient way to activate a legitimate software product for free. Instead, it operates on a larger scale, infecting everyone who stumbles upon the compromised software.

Software

Software Cryptocurrency Malware DNS

Making Software Pirates Pay: An E-Commerce Playbook

Advertiser: Revenera

Vendors large and small have been using software intelligence to understand who is using unlicensed versions of their software so they can develop data-driven strategies to identify and convert unpaid users, generating new license revenue. An E-Commerce Conversion Playbook.

Software

CVE Program Almost Unfunded

Schneier on Security

APRIL 16, 2025

“CVE naming and assignment to software packages and versions are the foundation upon which the software vulnerability ecosystem is based,” Romanosky said. “Without it, we can’t track newly discovered vulnerabilities. We can’t score their severity or predict their exploitation.

CSO

CSO Government Software Cybersecurity

How ToddyCat tried to hide behind AV software

SecureList

APRIL 7, 2025

Such software enjoys the trust of monitoring tools and doesn’t raise suspicions. Attackers get round this protection mechanism by using legitimate drivers that have the right signature, but contain vulnerable functions that allow malicious actions in the context of the kernel. But what if a security solution performs unsafe activity?

Software

Software Encryption Malware Firmware

DOGE as a National Cyberattack

Schneier on Security

FEBRUARY 13, 2025

DOGE personnel are also reported to be feeding Education Department data into artificial intelligence software, and they have also started working at the Department of Energy. But given that DOGE workers have already copied data and possibly installed and modified software, it’s unclear how this fixes anything.

Government

Government Artificial Intelligence Banking Software

NSO Group Spies on People on Behalf of Governments

Schneier on Security

NOVEMBER 27, 2024

Legal documents released in ongoing US litigation between NSO Group and WhatsApp have revealed for the first time that the Israeli cyberweapons maker and not its government customers is the party that “installs and extracts” information from mobile phones targeted by the company’s hacking software.

Government

Government Spyware Mobile Hacking

How to Generate Revenue Using Software Intelligence

Advertiser: Revenera

Did you know there are people who already use and love your software, but aren't paying for it? Add More Opportunities to Your Pipeline. Compliance analytics allow you to quantify unlicensed use of your products and accelerate your revenue recovery efforts.

Software

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Krebs on Security

FEBRUARY 28, 2025

Security experts say the Russia-based service provider Prospero OOO (the triple O is the Russian version of “LLC”) has long been a persistent source of malicious software, botnet controllers, and a torrent of phishing websites. federal agencies from using Kaspersky software, mandating its removal within 90 days.

Malware

Malware Antivirus Software DDOS

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Malwarebytes

APRIL 14, 2025

Horn tooting time: We’re excited to say we’ve earned a coveted spot in PCMags Best Antivirus Software for 2025 list, and been recognized as the Best Malware Removal Service 2025 by CNET. All Rights Reserved.

Antivirus

Antivirus Software Malware Accountability

Hacking Digital License Plates

Schneier on Security

DECEMBER 17, 2024

. […] Because the vulnerability that allowed him to rewrite the plates’ firmware exists at the hardware level—in Reviver’s chips themselves—Rodriguez says there’s no way for Reviver to patch the issue with a mere software update. Instead, it would have to replace those chips in each display.

Firmware

Firmware Hacking Software

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

Schneier on Security

FEBRUARY 3, 2025

Like other spyware makers, Paragon’s hacking software is used by government clients and WhatsApp said it had not been able to identify the clients who ordered the alleged attacks. ” It is not clear who was behind the attack.

Spyware

Spyware Government Hacking Software

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it.

Risk

Microsoft Can Fix Ransomware Tomorrow

Adam Shostack

JANUARY 2, 2025

Software on Microsoft Windows uses an application programming interface (API) called "CreateFile" to access files. Ransomware works by going through files, one by one, and replacing their content with an encrypted version. Sometimes it also sends copies elsewhere, but that turns out to be slow, and sometimes sets off alarms.)

Ransomware

Ransomware Encryption Software

FBI Deletes PlugX Malware from Thousands of Computers

Schneier on Security

JANUARY 16, 2025

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. According to the FBI , at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

Malware

Malware Hacking Software

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

The Last Watchdog

OCTOBER 23, 2024

INE Security advises businesses to secure their network by using firewalls, encrypting data, and regularly updating security software. Tip 4: Regularly Updating and Patching Systems Keeping software and systems up to date is crucial in protecting against vulnerabilities. Many cyber attacks exploit vulnerabilities in outdated software.

Small Business

Small Business Data breaches Backups Passwords

Microsoft Patch Tuesday, February 2025 Edition

Krebs on Security

FEBRUARY 11, 2025

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. Windows enterprise administrators would do well to keep an eye on askwoody.com , which often has the scoop on any patches causing problems.

Artificial Intelligence

Artificial Intelligence Engineering Software Internet

7 Tips for Developing an In-Application Messaging Strategy

Advertiser: Revenera

Software vendors are always looking for new ways to convert prospects to customers; and if you're selling your software online, driving and converting shopping cart traffic is crucial to driving new revenue. You will learn how to: Identify unpaid users of your software. Alert these users of their unlicensed status.

eCommerce

Fintech Giant Finastra Investigating Data Breach

Krebs on Security

NOVEMBER 19, 2024

Finastra, which provides software and services to 45 of the world’s top 50 banks, notified customers of the security incident after a cybercriminal began selling more than 400 gigabytes of data purportedly stolen from the company. However, it did reference many of the same banks called out as Finastra customers in the Nov.

Data breaches

Data breaches Banking Cybercrime Advertising

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

Krebs on Security

DECEMBER 19, 2024

The cracked software is being resold as a cloud-based attack tool by at least two different services, one of which KrebsOnSecurity traced to an information technology firm based in Turkey. Araneida Scanner. LinkedIn finds this same altugsara[.]com Neither Altug Sara nor Bilitro Yazilim responded to requests for comment.

Hacking

Hacking Cybercrime Advertising Data breaches

The CrowdStrike Outage and Market-Driven Brittleness

Schneier on Security

JULY 25, 2024

As we experienced last week, a single problem in a small piece of software can take large swaths of the internet and global economy offline. Each piece of software depends on dozens of others, typically written by other engineering teams sometimes years earlier on the other side of the planet. These failures can take many forms.

Marketing

Marketing Software Internet Internet

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Krebs on Security

JANUARY 31, 2025

The “fud” bit stands for “Fully Un-Detectable,” and it refers to cybercrime resources that will evade detection by security tools like antivirus software or anti-spam appliances. “The Cybercrime Team is on the trail of a number of buyers of the tools,” the Dutch national police said. ” U.S.

Phishing

Phishing Cybercrime Advertising Malware

Monetization Monitor: Monetization Models and Pricing 2020

Advertiser: Revenera

Customers demand—and suppliers offer—a diverse mix of monetization models for Software and Digital Services related to IoT Devices. Approximately a third (34%) of respondents in this year’s annual software and IoT monetization survey still rely on homegrown solutions.

IoT

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Security Affairs

APRIL 1, 2025

Threat actors are exploiting a critical authentication bypass vulnerability, tracked as CVE-2025-2825 , in the CrushFTP file transfer software. The file transfer software maker CrushFTP urge customers to take immediate action to address the vulnerability. The vulnerability impacts CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0,

Authentication

Authentication Software Ransomware Hacking

Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921)

Penetration Testing

NOVEMBER 25, 2024

Palo Alto Networks has issued a security advisory warning of a vulnerability in its GlobalProtect app that could allow attackers to install malicious software on endpoints.

Software

Software Cybersecurity

CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC

Penetration Testing

DECEMBER 3, 2024

Veeam Software, a prominent provider of backup and disaster recovery solutions, has released urgent security updates to address two critical vulnerabilities in its Service Provider Console (VSPC). One of these... The post CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC appeared first on Cybersecurity News.

Backups

Backups Software Cybersecurity

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Security Affairs

MARCH 30, 2025

This week, Cl0p ransomware group listed Sams Club among the victims of its December Cleo software exploit , accusing it of ignoring security. ” Ransomware gang Cl0p leaked files from Rackspace Technology and listed ~170 companies allegedly hacked via zero-day vulnerabilities in Cleos file-transfer software. are still exploitable.

Ransomware

Ransomware Data breaches Software Hacking

Enhance Innovation and Governance Through the Cloud Development Maturity Model

Leverage the Cloud Development Environment Maturity Model to elevate your software development practices with scalable, secure cloud-based workspaces. This model offers a structured approach to modernizing development, aligning technology, developer experience, security, and workflows.

Government

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Penetration Testing

DECEMBER 17, 2024

The Apache Software Foundation has released important security updates to address two vulnerabilities in Apache Tomcat, a widely-used open-source web server, and servlet container.

Software

Software Cybersecurity

Malicious QR codes sent in the mail deliver malware

Malwarebytes

NOVEMBER 15, 2024

Coper is a Malware-as-a-Service which “customers” can spread as they see fit, but they pay for the use of the malicious software and the underlying infrastructure. And QR codes get typically read by mobile devices, which—unfortunately—still get overlooked when it comes to installing security software.

Malware

Malware Banking Mobile Software

CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability

Penetration Testing

DECEMBER 22, 2024

The Apache Software Foundation recently released a critical security update to address a remote code execution (RCE) vulnerability in Apache Tomcat, identified as CVE-2024-56337.

Software

Software Cybersecurity

Mazda Connect flaws allow to hack some Mazda vehicles

Security Affairs

NOVEMBER 9, 2024

.” The research targeted a CMU unit manufactured by Visteon, with software initially developed by Johnson Controls Inc. The study focused on the latest software version (74.00.324A), but experts believe that earlier versions (at least 70.x) x) may also be vulnerable.

Hacking

Hacking Firmware Software Manufacturing

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity.

Software

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Security Affairs

DECEMBER 3, 2024

The vulnerability resides in the WebVPN login page of Cisco Adaptive Security Appliance (ASA) Software, an unauthenticated, remote attacker could exploit the flaw to conduct a cross-site scripting (XSS) attack against a user of WebVPN on the Cisco ASA. ” reads the advisory. ” continues the advisory.

Software

Software Hacking Information Security

Google Firebase Studio Launches as AI-Powered IDE Rival to Cursor AI

Penetration Testing

APRIL 10, 2025

Owing to its impressive capabilities in software development, Cursor AI has […] The post Google Firebase Studio Launches as AI-Powered IDE Rival to Cursor AI appeared first on Daily CyberSecurity. Remarkably, even individuals without any programming background can leverage the platform to build functional applications.

Artificial Intelligence

Artificial Intelligence Software Cybersecurity Technology

Patch Tuesday, April 2025 Edition

Krebs on Security

APRIL 8, 2025

Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. As ever, please consider backing up your data and or devices prior to updating, which makes it far less complicated to undo a software update gone awry.

Software

Software Media Internet Internet

Majority of SaaS Applications, AI Tools Unmanaged

Security Boulevard

OCTOBER 24, 2024

Unmanaged software as a service (SaaS) applications and AI tools within organizations are posing a growing security risk as vulnerabilities increase, according to a report from Grip Security. The post Majority of SaaS Applications, AI Tools Unmanaged appeared first on Security Boulevard.

Software

Software Risk Security Awareness Cybersecurity

Software Composition Analysis: The New Armor for Your Cybersecurity

Speaker: Blackberry, OSS Consultants, & Revenera

Software is complex, which makes threats to the software supply chain more real every day. 64% of organizations have been impacted by a software supply chain attack and 60% of data breaches are due to unpatched software vulnerabilities. All of these stats beg the question, “Do you know what’s in your software?”

Cybersecurity

Microsoft Patch Tuesday, November 2024 Edition

Krebs on Security

NOVEMBER 12, 2024

Microsoft today released updates to plug at least 89 security holes in its Windows operating systems and other software. November’s patch batch includes fixes for two zero-day vulnerabilities that are already being exploited by attackers, as well as two other flaws that were publicly disclosed prior to today.

Authentication

Authentication Engineering Malware Passwords

Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data

Security Boulevard

JANUARY 10, 2025

Giant education software provider PowerSchool reported that hackers using compromised credentials access a database and stole student and teacher data in an attack that the company said was not ransomware, though a ransom apparently was paid. Affected K-12 school districts are scrambling to alert parents and staffs.

Education

Education Ransomware Software Data privacy

Secure by Design roundup - March 2024

Adam Shostack

JANUARY 2, 2025

CISA has released their secure software attestation form , which means the 90 day clock is ticking. Application Security Interesting post: The most important goal in designing software is understandability. Semplici framework di sicurezza del software da integrare nei propri sistemi. Press release , technical report.)

Software

Software Advertising Hacking

Slopsquatting

Schneier on Security

APRIL 15, 2025

As AI coding assistants invent nonexistent software libraries to download and use, enterprising attackers create and upload libraries with those names—laced with malware, of course.

Malware

Malware Software

Monetization Monitor: Software Usage Analytics 2020

Advertiser: Revenera

Yet many software suppliers still struggle to get accurate insights into usage. Revenera’s 2020 Software Monetization and Pricing survey gathers input from leading software companies and provides you with key insights. Other deployment models aren't far behind (68% of on-premises and 71% of embedded software suppliers).

Software

Delivering Malware Through Abandoned Amazon S3 Buckets

New MassJacker clipper targets pirated software seekers

Trending Sources

News alert: INE secures spot in G2’s 2025 Top 50 education software rankings

New SteelFox Trojan mimics software activators, stealing sensitive data and mining cryptocurrency

Making Software Pirates Pay: An E-Commerce Playbook

CVE Program Almost Unfunded

How ToddyCat tried to hide behind AV software

DOGE as a National Cyberattack

NSO Group Spies on People on Behalf of Governments

How to Generate Revenue Using Software Intelligence

Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

Malwarebytes named “Best Antivirus Software” and “Best Malware Removal Service”

Hacking Digital License Plates

Journalists and Civil Society Members Using WhatsApp Targeted by Paragon Spyware

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

Microsoft Can Fix Ransomware Tomorrow

FBI Deletes PlugX Malware from Thousands of Computers

News alert: INE Security shares cyber hygiene guidance for small- and medium-sized businesses

Microsoft Patch Tuesday, February 2025 Edition

7 Tips for Developing an In-Application Messaging Strategy

Fintech Giant Finastra Investigating Data Breach

Web Hacking Service ‘Araneida’ Tied to Turkish IT Firm

The CrowdStrike Outage and Market-Driven Brittleness

FBI, Dutch Police Disrupt ‘Manipulaters’ Phishing Gang

Monetization Monitor: Monetization Models and Pricing 2020

CrushFTP CVE-2025-2825 flaw actively exploited in the wild

Palo Alto Networks Warns of GlobalProtect App Flaw with Public Exploit Code (CVE-2024-5921)

CVE-2024-42448 (CVSS 9.9): Critical RCE Vulnerability in Veeam VSPC

Sam’s Club Investigates Alleged Cl0p Ransomware Breach

Enhance Innovation and Governance Through the Cloud Development Maturity Model

RCE and DoS Vulnerabilities Addressed in Apache Tomcat: CVE-2024-50379 and CVE-2024-54677

Malicious QR codes sent in the mail deliver malware

CVE-2024-56337: Apache Tomcat Patches Critical RCE Vulnerability

Mazda Connect flaws allow to hack some Mazda vehicles

Optimizing The Modern Developer Experience with Coder

The ASA flaw CVE-2014-2120 is being actively exploited in the wild

Google Firebase Studio Launches as AI-Powered IDE Rival to Cursor AI

Patch Tuesday, April 2025 Edition

Majority of SaaS Applications, AI Tools Unmanaged

Software Composition Analysis: The New Armor for Your Cybersecurity

Microsoft Patch Tuesday, November 2024 Edition

Hackers Attack PowerSchool, Expose K-12 Teacher and Student Data

Secure by Design roundup - March 2024

Slopsquatting

Monetization Monitor: Software Usage Analytics 2020

Stay Connected