Thu.Jan 30, 2025

article thumbnail

Fake Reddit and WeTransfer Sites are Pushing Malware

Schneier on Security

There are thousands of fake Reddit and WeTransfer webpages that are pushing malware. They exploit people who are using search engines to search sites like Reddit. Unsuspecting victims clicking on the link are taken to a fake WeTransfer site that mimicks the interface of the popular file-sharing service. The ‘Download’ button leads to the Lumma Stealer payload hosted on “weighcobbweo[.]top.” Boingboing post.

Malware 240
article thumbnail

The DeepSeek controversy: Authorities ask where does the data come from and how safe is it?

Malwarebytes

The sudden rise of DeepSeek has raised concerns and questions, especially about the origin and destination of the training data, as well as the security of the data. For those returning from a short holiday away from the news, DeepSeek is a new player on the Artificial Intelligence (AI) field. The Chinese startup has certainly taken the app stores by storm: In just a week after the launch it topped the charts as the most downloaded free app in the US.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

DeepSeek Locked Down Public Database Access That Exposed Chat History

Tech Republic Security

Research Firm Wiz Research began investigating DeepSeek soon after its generative AI took the tech world by storm.

article thumbnail

Hoarding, Debt and Threat Modeling

Adam Shostack

The psychology of getting started threat modeling During a recent threat modeling course, one of our students, Aleksei*, made a striking comparison that resonated with a lot of us: starting security analysis is like tackling a hoarders house. That visceral image of looking at mountains of accumulated issues, feeling overwhelmed by where to begin, captures a challenge many engineering leaders face when they first attempt to systematically assess their systems security.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

DeepSeek AI Database Exposed: Over 1 Million Log Lines, Secret Keys Leaked

The Hacker News

Buzzy Chinese artificial intelligence (AI) startup DeepSeek, which has had a meteoric rise in popularity in recent days, left one of its databases exposed on the internet, which could have allowed malicious actors to gain access to sensitive data.

article thumbnail

News alert: SquareX discloses ‘Browser Syncjacking’ – a new attack to hijack browser

The Last Watchdog

Palo Alto, Calif., Jan. 30, 2025, CyberNewswire — Browser extensions have been under the spotlight in enterprise security news recently due to the wave of OAuth attacks on Chrome extension developers and data exfiltration attacks. However, until now, due to the limitations browser vendors place on the extension subsystem and extensions, it was thought to be impossible for extensions to gain full control of the browser, much less the device.

More Trending

article thumbnail

Authorities Seize Domains of Popular Hacking Forums in Major Cybercrime Crackdown

The Hacker News

An international law enforcement operation has dismantled the domains associated with various online platforms linked to cybercrime such as Cracked, Nulled, Sellix, and StarkRDP. The effort has targeted the following domains - www.cracked.io www.nulled.to www.mysellix.io www.sellix.io www.starkrdp.

article thumbnail

TeamViewer fixed a vulnerability in Windows client and host applications

Security Affairs

TeamViewer has patched a high-severity privilege escalation vulnerability affecting its Windows client and host applications. TeamViewer released security patches for a high-severity elevation of privilege vulnerability, tracked as CVE-2025-0065 (CVSS score of 7.8), in its remote access solutions for Windows. The vulnerability is an improper neutralization of argument delimiters in the TeamViewer_service.exe component of TeamViewer Full Client & Host prior to version 15.62 for Windows.

Hacking 108
article thumbnail

Google: Over 57 Nation-State Threat Groups Using AI for Cyber Operations

The Hacker News

Over 57 distinct threat actors with ties to China, Iran, North Korea, and Russia have been observed using artificial intelligence (AI) technology powered by Google to further enable their malicious cyber and information operations.

article thumbnail

This $300 Samsung phone looks as good as the Galaxy S25 - at a fraction of the price

Zero Day

For a limited time, the Samsung Galaxy A35 is available for a fraction of the cost of the S25 series. It's also discounted when you bundle a pair of Buds FE.

122
122
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

Is Your Cybersecurity Job Burning You Out? How to Spot the Warning Signs

SecureWorld News

Working in cybersecurity is demanding. Analysts must investigate and remedy thousands of alerts every day while remaining adaptable to an ever-changing technological landscape. Cybersecurity is fast-paced and can be demanding. You can't always turn off your laptop at the end of the day and forget about it. Most professionals in this field work unsociable hours just to stay on top of their workload.

article thumbnail

Windows 11 users can soon access their iPhones from the Start menu

Zero Day

Already previewed for Android users, the new integration will let iPhone owners view phone calls, messages, battery status, and more without leaving the Start menu.

121
121
article thumbnail

Important Updates Announced for Merchants Validating to Self-Assessment Questionnaire A

PCI perspectives

In response to stakeholder feedback regarding the complexity of implementing the new e-commerce security Requirements 6.4.3 and 11.6.1 in PCI Data Security Standard (PCI DSS) v4.0.1, the PCI Security Standards Council (PCI SSC) has announced important modifications for merchants validating to Self-Assessment Questionnaire A (SAQ A).

119
119
article thumbnail

Transforming Healthcare Security: Why Zero-Trust is Essential

Security Boulevard

In recent years, the healthcare sector has emerged as a primary target for cyberattacks, which is mainly due to the highly sensitive nature of medical information. The post Transforming Healthcare Security: Why Zero-Trust is Essential appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

SOC Analysts - Reimagining Their Role Using AI

The Hacker News

The job of a SOC analyst has never been easy. Faced with an overwhelming flood of daily alerts, analysts (and sometimes IT teams who are doubling as SecOps) must try and triage thousands of security alertsoften false positivesjust to identify a handful of real threats. This relentless, 24/7 work leads to alert fatigue, desensitization, and increased risk of missing critical security incidents.

Risk 118
article thumbnail

No need to RSVP: a closer look at the Tria stealer campaign

SecureList

Introduction Since mid-2024, we’ve observed a malicious Android campaign leveraging wedding invitations as a lure to social-engineer victims into installing a malicious Android app (APK), which we have named “Tria Stealer” after unique strings found in campaign samples. The primary targets of the campaign are users in Malaysia and Brunei, with Malaysia being the most affected country.

article thumbnail

Lightning AI Studio Vulnerability Allowed RCE via Hidden URL Parameter

The Hacker News

Cybersecurity researchers have disclosed a critical security flaw in the Lightning AI Studio development platform that, if successfully exploited, could allow for remote code execution. The vulnerability, rated a CVSS score of 9.

article thumbnail

How Spread Betting Platforms Safeguard Traders Against Cyber Risks

IT Security Guru

Spread betting has become a very popular form of trading that allows people to speculate on the movement of a financial asset without owning the asset in question. It is one of the many trading models that is exclusively digital in nature, which makes it very flexible and provides an ease of access that cannot be matched by many other investment types.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

These low-latency earbuds seamlessly switched between my devices (and they sound great)

Zero Day

Steelseries' Arctis Gamebuds have tons of game-specific presets to bring your titles to life, then let you swap back to your phone with a tap.

110
110
article thumbnail

Global Law Enforcement Shuts Down Two of the Largest Cybercrime Forums

SecureWorld News

In a coordinated international effort, law enforcement agencies from the United States, Europe, and Australia have dismantled Cracked and Nulled, two of the world's largest cybercrime marketplaces. These underground forumshome to more than 10 million usersfacilitated the trade of stolen data, hacking tools, and cybercrime-as-a-service, making these illicit activities more accessible than ever.

article thumbnail

AI agents will match 'good mid-level' engineers this year, says Mark Zuckerberg

Zero Day

Autonomous software engineering agents will take over significant programming tasks, predicts Meta's CEO. And he's counting on Llama to achieve that goal.

article thumbnail

How to Use Keeper Password Manager: A Comprehensive Guide

Tech Republic Security

This step-by-step guide shows you how to set up Keeper Password Manager and use it to secure and organize your passwords.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Microsoft's latest optional patch is a bug-fix bonanza for Windows 11 24H2

Zero Day

The new preview update resolves some persistent and annoying problems with Windows 24H2, but you may need to download and install it manually.

104
104
article thumbnail

Broadcom Patches VMware Aria Flaws – Exploits May Lead to Credential Theft

The Hacker News

Broadcom has released security updates to patch five security flaws impacting VMware Aria Operations and Aria Operations for Logs, warning customers that attackers could exploit them to gain elevated access or obtain sensitive information. The list of identified flaws, which impact versions 8.x of the software, is below - CVE-2025-22218 (CVSS score: 8.

Software 100
article thumbnail

I found the most complete wireless charging accessory yet - and it has a useful cooling system

Zero Day

If you're not a fan of wireless chargers that overheat and reach less-than-optimal speeds, the Torras PolarCircle I tested has your name on it.

Wireless 104
article thumbnail

Future of Cybersecurity: Will XDR Absorb SIEM & SOAR?

Trend Micro

XDR is reshaping cybersecurity by unifying and enhancing SIEM and SOAR capabilities into a single platform. It addresses alert fatigue, improves incident correlation, simplifies operations, and enhances efficiency for SOC teams.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

My favorite ultraportable laptop makes the ThinkPad and MacBook Air feel underwhelming

Zero Day

The Asus Vivobook S 15 is a fantastic ultraportable laptop with fast performance and a brilliant OLED screen. It's on sale for a limited time.

102
102
article thumbnail

Phorpiex Botnet Now Deploying LockBit Ransomware in Automated Attacks

Penetration Testing

The Cybereason Security Services Team has uncovered a new attack campaign where the Phorpiex botnet is being used The post Phorpiex Botnet Now Deploying LockBit Ransomware in Automated Attacks appeared first on Cybersecurity News.

article thumbnail

Microsoft's new Copilot+ Surface devices are built for business with Intel inside

Zero Day

For business buyers, last year's opening salvo of AI-ready PCs was a nonstarter due to compatibility issues with Qualcomm's processors. Those Surface Pro and Surface Laptop devices will soon be available with Intel's Lunar Lake processors. You can preorder now.

99
article thumbnail

SquareX Discloses “Browser Syncjacking” , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk

Security Boulevard

Palo Alto, USA, 30th January 2025, CyberNewsWire The post SquareX Discloses Browser Syncjacking , a New Attack Technique that Provides Full Browser and Device Control, Putting Millions at Risk appeared first on Security Boulevard.

Risk 89
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.