Schneier on Security
APRIL 1, 2025
I have heard stories of more aggressive interrogation of electronic devices at US border crossings. I know a lot about securing computers, but very little about securing phones. Are there easy ways to delete data—files, photos, etc.—on phones so it can’t be recovered? Does resetting a phone to factory defaults erase data, or is it still recoverable?
Krebs on Security
MARCH 27, 2025
Many successful phishing attacks result in a financial loss or malware infection. But falling for some phishing scams, like those currently targeting Russians searching online for organizations that are fighting the Kremlin war machine, can cost you your freedom or your life. The real website of the Ukrainian paramilitary group “Freedom of Russia” legion.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Schneier on Security
MARCH 26, 2025
Cloudflare has a new feature —available to free users as well—that uses AI to generate random pages to feed to AI web crawlers: Instead of simply blocking bots, Cloudflare’s new system lures them into a “maze” of realistic-looking but irrelevant pages, wasting the crawler’s computing resources. The approach is a notable shift from the standard block-and-defend strategy used by most website protection services.
Troy Hunt
MARCH 30, 2025
Well, this certainly isn't what I expected to be talking about this week! But I think the fact it was someone most people didn't expect to be on the receiving end of an attack like this makes it all the more consumable. I saw a lot of "if it can happen to Troy, it can happen to anyone" sort of commentary and whilst it feels a bit of obnoxious for me to be saying it that way, I appreciate the sentiment and the awareness it drives.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
The Last Watchdog
MARCH 25, 2025
The annual pilgrimage to San Francisco for RSA Conference is fast approachingand the ramp-up has officially begun. In the latest episode of Bospars Politely Pushy podcast, Last Watchdog Editor-in-Chief Byron V. Acohido joins DigiCerts Christina Knittel and ConnectSafely.orgs Larry Magid for a spirited roundtable on how to get the most out of RSAC 2025.
Malwarebytes
MARCH 31, 2025
The internet is filled with falsehoods. Were forever investigating new scams here at Malwarebytes, and so we get how hard it is to know whator whoto trust online. Theres the scam that takes advantage of grieving people and tricks them into paying for a funeral live stream. Theres the fake CAPTCHA that hijacks clipboards and tricks users into installing malware.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Security Affairs
MARCH 30, 2025
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warns of RESURGE malware, targeting a vulnerability in Ivanti Connect Secure (ICS) appliances. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) published a Malware Analysis Report (MAR) on a new malware called RESURGE. The malicious code has been used in attacks targeting the flaw CVE-2025-0282 in Ivanti Connect Secure (ICS) appliances.
Troy Hunt
MARCH 25, 2025
You know when you're really jet lagged and really tired and the cogs in your head are just moving that little bit too slow?
The Last Watchdog
MARCH 26, 2025
It starts with a ripple of confusion, then panic. Hospital systems freeze mid-procedure. Electronic medical records become inaccessible. Related: Valuable intel on healthcare system cyber exposures In the ICU, alarms blare as doctors and nurses scramble to stabilize critical patients without access to real-time data. Admissions come to a standstill.
SecureList
MARCH 25, 2025
In mid-March 2025, Kaspersky technologies detected a wave of infections by previously unknown and highly sophisticated malware. In all cases, infection occurred immediately after the victim clicked on a link in a phishing email, and the attackers’ website was opened using the Google Chrome web browser. No further action was required to become infected.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Malwarebytes
MARCH 26, 2025
Internet security expert and educator Troy Hunt disclosed this week that he had been hit by one of the oldestand most provenscams in the online world: A phishing attack. Through an automated attack disguised as a notice from Hunts chosen newsletter provider Mailchimp, scammers stole roughly 16,000 records belonging to current and past subscribers of Hunts blog.
Security Affairs
MARCH 26, 2025
Google fixed a flaw in the Chrome browser for Windows that was actively exploited in attacks targeting organizations in Russia. Google has released out-of-band fixes to address a high-severity security vulnerability, tracked as CVE-2025-2783 , in Chrome browser for Windows. The flaw was actively exploited in attacks targeting organizations in Russia.
The Last Watchdog
MARCH 28, 2025
Palo Alto, Calif., Mar 28, 2025, CyberNewswire — From WannaCry to the MGM Resorts Hack, ransomware remains one of the most damaging cyberthreats to plague enterprises. Chainalysis estimates that corporations spend nearly $1 billion dollars on ransom each year, but the greater cost often comes from the reputational damage and operational disruption caused by the attack.
Adam Shostack
MARCH 26, 2025
Grateful to introduce the Hackers' Almanack! I wrote the introduction for The DEF CON 32 Hackers Almanack ! Every year, thousands of hackers converge in Las Vegas for a joyous, crazy exploration of the edges of technology otherwise fondly called Hacker Summer Camp. They include many communities with different perspectives, all with a core commitment to hacking and exploration.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
IT Security Guru
MARCH 26, 2025
The Gurus spoke to Robert Hann, VP of Technical Solutions at Entrust, about the future of IT and the challenges these developments pose to security teams and business leaders globally. What do you think will be the most significant changes in the IT industry over the next 5-10 years? I believe the three most influential and interconnected evolutions that will transform the IT industry throughout the next decade are AI, Robotics and Quantum Computing.
Malwarebytes
MARCH 25, 2025
The genetic testing company 23andMe filed for bankruptcy on Sunday, announcing that, in searching for financial stability through its sale to a new owner, the business will continue operating as normal, including in how customer data is handled. The company intends to continue operating its business in the ordinary course throughout the sale process, 23andMe wrote in a news statement.
Security Affairs
MARCH 25, 2025
A cyberattack on Ukraines national railway operator Ukrzaliznytsia disrupted online ticket services, causing long lines at Kyivs station. The Record Media first reported the news of a cyber attack on Ukraines national railway operator Ukrzaliznytsia that disrupted online ticket services, causing long lines at Kyivs station. The incident led to overcrowding and long delays as people were forced to buy physical tickets.
The Last Watchdog
MARCH 27, 2025
Cary, NC, Mar. 27, 2025, CyberNewswire — INE , a global leader in networking and cybersecurity training and certifications, is proud to announce it is the recipient of twelve badges in G2s Spring 2025 Report, including Grid Leader for Cybersecurity Professional Development, Online Course Providers, and Technical Skills Development, which highlight INEs superior performance relative to competitors.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Boulevard
MARCH 25, 2025
Lasso today added an ability to autonomously simulate real-world cyberattacks against large language models (LLMs) to enable organizations to improve the security of artificial intelligence (AI) applications. The post Lasso Adds Automated Red Teaming Capability to Test LLMs appeared first on Security Boulevard.
Schneier on Security
MARCH 27, 2025
NIST just released a comprehensive taxonomy of adversarial machine learning attacks and countermeasures.
Malwarebytes
MARCH 26, 2025
The threat intel research used in this post was provided by Malwarebytes Senior Director of Research, Jrme Segura. DeepSeeks rising popularity has not only raised concerns and questions about privacy implications , but cybercriminals are also using it as a lure to trap unsuspecting Google searchers. Unfortunately, we are getting so used to sponsored Google search results being abused by criminals that we advise people not to click on them.
Security Affairs
MARCH 28, 2025
Russian authorities arrested three suspects for developing Mamont, a newly identified Android banking trojan. Russian authorities arrested three suspects in Saratov for developing Mamont (Russian for mammoth), a recently discovered Android banking trojan. “Three Saratov residents are suspected of fraud and unauthorized access to computer information.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
IT Security Guru
MARCH 28, 2025
Web Application Penetration Testing (WAPT) is a methodical approach to security that involves ethical hackers simulating real-world cyber-attacks on your web application to uncover vulnerabilities. By mimicking the tactics of cybercriminals, these professionals can identify weaknesses before malicious actors can exploit them. This proactive process allows businesses to address security flaws early and maintain a strong defense against potential cyber threats.
Security Boulevard
MARCH 25, 2025
On Tuesday, March 25, 2025, BlackCloak released a watershed asset in executive and public persona cybersecurity: The Digital Executive Protection (DEP) Framework & Assessment Methodology - a comprehensive standard designed to address the deeply human side of cybersecurity risk. The post The Illusion of Safety: BlackCloaks DEP Security Framework Exposes the Devil’s Greatest Trick appeared first on Security Boulevard.
SecureWorld News
MARCH 31, 2025
Each year on March 31st, just before April Fool's Day, cybersecurity professionals, IT teams, and business leaders alike are reminded of a simple truth: data loss isn't a matter of if, but when. World Backup Day is more than a calendar curiosityit's a call to action. In a digital world defined by ransomware, cloud sprawl, and hybrid infrastructures, the ability to recover data quickly and securely is one of the most important indicators of an organization's cyber resilience.
Malwarebytes
MARCH 26, 2025
A new phishing campaign that uses the fake CAPTCHA websites we reported about recently is targeting hotel staff in a likely attempt to access customer data, according to research from ThreatDown. Here’s how it works: Cybercriminals send a fake Booking.com email to a hotels email address, asking them to confirm a booking. Dear Team, You have received a new booking.
Advertiser: Revenera
In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.
Security Affairs
MARCH 25, 2025
Astral Foods, South Africas largest poultry producer, lost over $1M due to a cyberattack disrupting deliveries and impacting operations. Astral Foods is a South African integrated poultry producer and one of the country’s largest food companies. It specializes in poultry production, animal feed, and related agricultural operations. The company supplies chicken products to retail, wholesale, and fast-food markets in South Africa and neighboring countries.
The Last Watchdog
MARCH 25, 2025
FinTech and Communications Leader, IDT Corporation partners with AccuKnox to deploy runtime security-powered CNAPP (Cloud Native Application Protection Platform) for IoT/Edge Security. Menlo Park, Calif., Mar. 25, 2025, CyberNewswire — AccuKnox, Inc. , announced that Telecom and FinTech Leader IDT Corporation has partnered with AccuKnox to deploy Zero Trust CNAPP.
Security Boulevard
MARCH 25, 2025
Run Security today launched an application security platform that leverages extended Berkeley Packet Filtering (eBPF) to secure application runtime environments. The post Run Security Leverages eBPF to Strengthen Application Security appeared first on Security Boulevard.
eSecurity Planet
MARCH 31, 2025
Streaming giant Netflix is at the center of a rising wave of online scams, cybersecurity experts warn. Fraudsters use increasingly sophisticated tactics from fake texts to deceptive emails and websites to steal Netflix users personal and financial information. With over 230 million subscribers worldwide, Netflix has become one of the most impersonated brands by cybercriminals.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
228 
Let's personalize your content