Trending Articles

article thumbnail

New VPN Backdoor

Schneier on Security

A newly discovered VPN backdoor uses some interesting tactics to avoid detection: When threat actors use backdoor malware to gain access to a network, they want to make sure all their hard work can’t be leveraged by competing groups or detected by defenders. One countermeasure is to equip the backdoor with a passive agent that remains dormant until it receives what’s known in the business as a “magic packet.” On Thursday, researchers revealed that a never-before-seen back

VPN 300
article thumbnail

Hoarding, Debt and Threat Modeling

Adam Shostack

The psychology of getting started threat modeling During a recent threat modeling course, one of our students, Aleksei*, made a striking comparison that resonated with a lot of us: starting security analysis is like tackling a hoarders house. That visceral image of looking at mountains of accumulated issues, feeling overwhelmed by where to begin, captures a challenge many engineering leaders face when they first attempt to systematically assess their systems security.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

GhostGPT: Uncensored Chatbot Used by Cyber Criminals for Malware Creation, Scams

Tech Republic Security

Researchers from Abnormal Security discovered an advert for the chatbot on a cybercrime forum and tested its capabilities by asking it to create a DocuSign phishing email.

Scams 175
article thumbnail

Spatial Reasoning and Threat Modeling

Adam Shostack

Do diagrams leverage the brain in a different way? Creating, refining, communicating, and working with models are all important parts of how I think about answering what are we working on? People often want to eliminate the diagramming or modeling step as not required, and thats a mistake. The act of engaging with the higher order question of what are we building working on is important, and diagramming acts as a forcing function.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Cisco warns of a ClamAV bug with PoC exploit

Security Affairs

Cisco addressed a ClamAV denial-of-service (DoS) vulnerability, and experts warn of the availability of a proof-of-concept (PoC) exploit code. Cisco has released security updates to address a ClamAV denial-of-service (DoS) vulnerability tracked as CVE-2025-20128. The Cisco PSIRT experts warn of the availability of a proof-of-concept (PoC) exploit code for this flaw.

Antivirus 133
article thumbnail

CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code

Penetration Testing

Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for a The post CVE-2024-43468 (CVSS 9.8): Microsoft Configuration Manager Exploit Revealed with PoC Code appeared first on Cybersecurity News.

More Trending

article thumbnail

DeepSeek Chatbot Beats OpenAI on App Store Leaderboard

Tech Republic Security

Competing with OpenAIs o1, DeepSeeks models scored higher on benchmarks and disrupted the AI market, sparking debates on U.S.-China tech dynamics.

Marketing 148
article thumbnail

J-magic malware campaign targets Juniper routers

Security Affairs

Threat actors are targeting Juniper routers with a custom backdoor in a campaign called code-named “J-magic,” attackers are exploiting a Magic Packet flaw. Lumen Technologies researchers reported that the J-magic campaign targets Juniper routers with a custom backdoor using a passive agent based on the cd00r variant (an open-source backdoor by fx ).

Malware 120
article thumbnail

Apple researchers reveal the secret sauce behind DeepSeek AI

Zero Day

The AI model that shook the world is part of a broad trend to squeeze more out of chips using what's called sparsity.

145
145
article thumbnail

PoC for 7-Zip CVE-2025-0411 Lets Attackers Bypass MotW and Run Malicious Code

Penetration Testing

Security researcher Dhmos Funk has released a proof-of-concept (PoC) exploit for CVE-2025-0411 (CVSS 7.0), a high-severity vulnerability in The post PoC for 7-Zip CVE-2025-0411 Lets Attackers Bypass MotW and Run Malicious Code appeared first on Cybersecurity News.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More

The Hacker News

Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the Core Media component that could permit a malicious application already installed on a device to elevate privileges.

Media 143
article thumbnail

National Cyber Incident Response Plan comments

Adam Shostack

Our comments on the National Cyber Incident Plan Josiah Dykstra and I have some comments on the National Cyber Incident Response Plan updates. Building on our recent paper about pandemic-scale cyber events , we submitted 14 recommendations to further improve the plan. We share the desire for proactive plans that adequately prepare the Nation for cyber incidents.

article thumbnail

Chinese threat actors used two advanced exploit chains to hack Ivanti CSA

Security Affairs

US agencies revealed Chinese threat actors used two advanced exploit chains to breach Ivanti Cloud Service Appliances (CSA). The US governments cybersecurity and law enforcement revealed that Chinese threat actors used at least two sophisticated exploit chains to compromise Ivanti Cloud Service Appliances (CSA). A CISA and FBI published a joint advisory warning that Chinese hackers exploited four Ivanti flaws ( CVE-2024-8963 , CVE-2024-9379 , CVE-2024-8190 , CVE-2024-9380 ) to achieve remote cod

Hacking 116
article thumbnail

DeepSeek’s Popular AI App Is Explicitly Sending US Data to China

WIRED Threat Level

Amid ongoing fears over TikTok, Chinese generative AI platform DeepSeek says its sending heaps of US user data straight to its home country, potentially setting the stage for greater scrutiny.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

72 hours later with Galaxy S25 Ultra - the AI hype is getting real for me

Zero Day

The lighter and thinner design, upgraded processor, and swath of Galaxy AI tools are top-notch, but has Samsung done enough to win you over?

141
141
article thumbnail

Meta's Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

The Hacker News

A high-severity security flaw has been disclosed in Meta's Llama large language model (LLM) framework that, if successfully exploited, could allow an attacker to execute arbitrary code on the llama-stack inference server. The vulnerability, tracked as CVE-2024-50050, has been assigned a CVSS score of 6.3 out of 10.0.

Risk 140
article thumbnail

Phishing Emails Targeting Australian Firms Rise by 30% in 2024

Tech Republic Security

The number of phishing emails received by Australians surged by 30% last year, according to new research by Abnormal Security.

Phishing 136
article thumbnail

Change Healthcare data breach exposed the private data of over half the U.S.

Security Affairs

The Change Healthcare data breach is worse than initially estimated: approximately 190 million people have been affected. The Change Healthcare data breach is worse than initially estimated, the incident has impacted 190 million people. In October 2024, UnitedHealth Group announced that the data breach suffered by Change Healthcare in February 2024 impacted more than 100 million individuals.

article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

Subaru Security Flaws Exposed Its System for Tracking Millions of Cars

WIRED Threat Level

Now-fixed web bugs allowed hackers to remotely unlock and start millions of Subarus. More disturbingly, they could also access at least a year of cars location historiesand Subaru employees still can.

Hacking 139
article thumbnail

Finally, Bluetooth trackers for Android users that function even better than AirTags

Zero Day

Chipolo's One and Card trackers are perfect for people who often lose their keys and wallet. You can buy them in either single units or multipacks.

138
138
article thumbnail

Palo Alto Firewalls Found Vulnerable to Secure Boot Bypass and Firmware Exploits

The Hacker News

An exhaustive evaluation of three firewall models from Palo Alto Networks has uncovered a host of known security flaws impacting the devices' firmware as well as misconfigured security features. "These weren't obscure, corner-case vulnerabilities," security vendor Eclypsium said in a report shared with The Hacker News.

Firmware 140
article thumbnail

News alert: INE Security announces new initiative to help companies accelerate CMMC 2.0 compliance

The Last Watchdog

Cary, NC, Jan. 26, 2025, CyberNewswire — INE Security , a leading global provider of cybersecurity training and certifications, today announced a new initiative designed to accelerate compliance with the Department of Defense’s (DoD) newly streamlined Cybersecurity Maturity Model Certification (CMMC) 2.0. This initiative aims to assist Defense Industry Base (DIB) contractors in swiftly adapting to the updated certification standards, which are critical to securing and maintaining def

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

GhostGPT: A Malicious AI Chatbot for Hackers

Security Boulevard

A malicious generative AI chatbot dubbed "GhostGPT" is being advertised to cybercriminals on underground forums as a tool for more quickly and efficiently creating malware, running BEC attacks, and other nefarious activities, lowering the barrier for less-skilled hackers to launch attacks. The post GhostGPT: A Malicious AI Chatbot for Hackers appeared first on Security Boulevard.

article thumbnail

Apple fixed the first actively exploited zero-day of 2025

Security Affairs

Apple addressed the first zero-day vulnerability of 2025, which is actively exploited in attacks in the wild aimed at iPhone users. Apple released security updates to address 2025’s first zero-day vulnerability, tracked as CVE-2025-24085 , actively exploited in attacks targeting iPhone users. The vulnerability is a privilege escalation vulnerability that impacts the Core Media framework. “A malicious application may be able to elevate privileges.

Spyware 104
article thumbnail

The top 10 brands exploited in phishing attacks - and how to protect yourself

Zero Day

Impersonating a well-known brand is an easy way for scammers to get people to click their malicious links. Here's what to watch for.

Phishing 130
article thumbnail

Top-Rated Chinese AI App DeepSeek Limits Registrations Amid Cyberattacks

The Hacker News

DeepSeek, the Chinese AI startup that has captured much of the artificial intelligence (AI) buzz in recent days, said it's restricting registrations on the service, citing malicious attacks. "Due to large-scale malicious attacks on DeepSeek's services, we are temporarily limiting registrations to ensure continued service," the company said in an incident report page.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.

article thumbnail

No need to RSVP: a closer look at the Tria stealer campaign

SecureList

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples. The primary targets of the campaign are users in Malaysia and Brunei, with Malaysia being the most affected country.

article thumbnail

Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam

Security Boulevard

A large-scale phishing campaign is using PDF files and hidden malicious links, as well as posing at the U.S. Postal Service, in phishing campaign targeting mobile device users in hope that victims will divulge credentials and personal information, Zimperium researchers say. The post Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam appeared first on Security Boulevard.

Mobile 115
article thumbnail

UnitedHealth almost doubles victim numbers from massive Change Healthcare data breach

Malwarebytes

UnitedHealth says it now estimates that the data breach on its subsidiary Change Healthcare affected 190 million people, nearly doubling its previous estimate from October. In May, UnitedHealth CEO Andrew Witty estimated that the ransomware attack compromised the data of a third of US individuals when he testified before the Senate Finance Committee on Capitol Hill.

article thumbnail

This lightweight, easy-to-use Linux OS can save your aging Windows 10 PC

Zero Day

If your computer currently runs Windows 10 but doesn't support Windows 11, you might want to install an OS that will live past 2025, and WattOS is a great option.

125
125
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.