Tue.Jan 14, 2025

article thumbnail

Microsoft: Happy 2025. Here’s 161 Security Updates

Krebs on Security

Microsoft today unleashed updates to plug a whopping 161 security vulnerabilities in Windows and related software, including three “zero-day” weaknesses that are already under active attack. Redmond’s inaugural Patch Tuesday of 2025 bundles more fixes than the company has shipped in one go since 2017. Rapid7 ‘s Adam Barnett says January marks the fourth consecutive month where Microsoft has published zero-day vulnerabilities on Patch Tuesday without evaluating any of them

article thumbnail

FBI deleted China-linked PlugX malware from over 4,200 US computers

Security Affairs

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated by a China-linked threat actor, known as Mustang Panda (aka Twill Typhoon, to steal sensitive information from victim compute

Malware 121
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Australian Government Agencies Failing to Keep Up With Cyber Security Change

Tech Republic Security

Cyber security maturity declines among Australian government agencies in 2024, as legacy IT systems hinder progress under the Essential Eight framework.

article thumbnail

3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update

The Hacker News

Microsoft kicked off 2025 with a new set of patches for a total of 161 security vulnerabilities across its software portfolio, including three zero-days that have been actively exploited in attacks. Of the 161 flaws, 11 are rated Critical, and 149 are rated Important in severity.

Software 143
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

This hidden Pixel camera feature makes your photos more vibrant - how to enable it

Zero Day

Pixel phones are well known for their superior cameras. This feature makes them even better.

133
133
article thumbnail

Zero-Day Vulnerability Suspected in Attacks on Fortinet Firewalls with Exposed Interfaces

The Hacker News

Threat hunters are calling attention to a new campaign that has targeted Fortinet FortiGate firewall devices with management interfaces exposed on the public internet.

Firewall 142

More Trending

article thumbnail

Microsoft Uncovers macOS Vulnerability CVE-2024-44243 Allowing Rootkit Installation

The Hacker News

Microsoft has shed light on a now-patched security flaw impacting Apple macOS that, if successfully exploited, could have allowed an attacker running as "root" to bypass the operating system's System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. The vulnerability in question is CVE-2024-44243 (CVSS score: 5.

137
137
article thumbnail

Ransomware and Cyber Extortion in Q4 2024

Digital Shadows

Key Findings The last quarter of 2024 proved to be a pivotal period for ransomware activity, marked by emerging threats and unexpected shifts among established groups. In this report, well cover: LockBits resurgence Our original research into Scattered Spiders domain creation methods Predictions for 2025 Key recommendations to safeguard your data Keep reading to learn about the driving forces behind these trends, gain insights from our in-depth analysis, and find out key takeaways to help your o

article thumbnail

Google OAuth Vulnerability Exposes Millions via Failed Startup Domains

The Hacker News

New research has pulled back the curtain on a "deficiency" in Google's "Sign in with Google" authentication flow that exploits a quirk in domain ownership to gain access to sensitive data.

article thumbnail

Critical Infrastructure Seeing Benefits of Government Program, CISA Says

Security Boulevard

CISA in two years has seen the number of critical infrastructure organizations signing up for its CPG services double, which has improved the overall security in most sectors, but more needs to be done to strengthen what has become a target adversarial state-sponsored threat groups. The post Critical Infrastructure Seeing Benefits of Government Program, CISA Says appeared first on Security Boulevard.

article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Russian-Linked Hackers Target Kazakhstan in Espionage Campaign with HATVIBE Malware

The Hacker News

Russia-linked threat actors have been attributed to an ongoing cyber espionage campaign targeting Kazakhstan as part of the Kremlin's efforts to gather economic and political intelligence in Central Asia.

Malware 124
article thumbnail

How to use Visual Intelligence on an iPhone 16 to identify unknown objects

Zero Day

Using the new Camera Control on the iPhone 16, Visual Intelligence will search for details and answer questions about something that you snap through the camera.

111
111
article thumbnail

FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

The Hacker News

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a "multi-month law enforcement operation.

Malware 124
article thumbnail

Red Hat bets big on AI with its Neural Magic acquisition

Zero Day

Everyone and their dog is getting into AI, but Red Hat has serious plans, and acquiring Neural Magic will help bring them to fruition.

110
110
article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks

The Hacker News

Cybersecurity researchers have disclosed multiple security flaws in SimpleHelp remote access software that could lead to information disclosure, privilege escalation, and remote code execution. Horizon3.ai researcher Naveen Sunkavally, in a technical report detailing the findings, said the "vulnerabilities are trivial to reverse and exploit.

Software 118
article thumbnail

Threat actors exploit Aviatrix Controller flaw to deploy backdoors and cryptocurrency miners

Security Affairs

A critical vulnerability in Aviatrix Controller is actively exploited to deploy backdoors and cryptocurrency miners in the wild. A security researcher Jakub Korepta discovered a critical vulnerability, tracked as CVE-2024-50603 (CVSS score: 10.0), in the Aviatrix Controller. The flaw impacts Aviatrix Controller pre-7.1.4191 and 7.2.x pre-7.2.4996, it allows unauthenticated attackers to execute arbitrary code via improper command neutralization in the API.

article thumbnail

Illicit HuiOne Telegram Market Surpasses Hydra, Hits $24 Billion in Crypto Transactions

The Hacker News

The Telegram-based online marketplace known as HuiOne Guarantee and its vendors have cumulatively received at least $24 billion in cryptocurrency, dwarfing the now-defunct Hydra to become the largest online illicit marketplace to have ever operated. The figures, released by blockchain analytics firm Elliptic, show that monthly inflows have increased by 51% since July 2024.

Marketing 116
article thumbnail

Microsoft Sues Group for Creating Tools to Bypass Azure AI Security

Security Boulevard

Microsoft is suing 10 unknown people involved in a sophisticated scheme to exploit users credentials to access the vendor's Azure OpenAI AI services, bypass security guardrails, and post harmful images using its cloud systems. The post Microsoft Sues Group for Creating Tools to Bypass Azure AI Security appeared first on Security Boulevard.

article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

4 Reasons Your SaaS Attack Surface Can No Longer be Ignored

The Hacker News

What do identity risks, data security risks and third-party risks all have in common? They are all made much worse by SaaS sprawl. Every new SaaS account adds a new identity to secure, a new place where sensitive data can end up, and a new source of third party risk. Learn how you can protect this sprawling attack surface in 2025.

Risk 108
article thumbnail

These tech skills drove the biggest salary increases over the past year

Zero Day

A new tech salaries report suggests that working with AI boosts both pay and satisfaction - but it also cautions that excessive job hopping can work

article thumbnail

Commvault Adds Ability to Recover Entire Instances of Active Directory

Security Boulevard

Commvault today added an ability to automatically recover the instances of Microsoft Active Directory (AD) that have become primary targets of cybersecurity attacks. The post Commvault Adds Ability to Recover Entire Instances of Active Directory appeared first on Security Boulevard.

article thumbnail

Why I prefer this E Ink tablet that runs on Android over the Kindle and ReMarkable

Zero Day

The Onyx Boox Page offers a wealth of capabilities for an E Ink tablet, with a compact and stylish design.

105
105
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

A new campaign is likely targeting a zero-day in Fortinet FortiGate firewalls

Security Affairs

Experts warn of a new campaign targeting an alleged zero-day in Fortinet FortiGate firewalls with management interfaces exposed online. Arctic Wolf researchers observed a campaign targeting Fortinet FortiGate firewalls with exposed management interfaces, likely exploiting a zero-day vulnerability. Threat actors gained unauthorized access to network devices, created accounts, and modified configurations.

article thumbnail

This $300 Motorola features a big screen and battery - but its durability is the crown jewel

Zero Day

The Moto G has a hefty 5,000mAh battery that lasts all day, plus a speedy 120Hz screen. If you're willing to pay more, the Moto G Power has the same tech, but also a hardy design.

105
105
article thumbnail

ScrapedIn: How Bots Turn Social Media into Advanced Social Engineering

Security Boulevard

See how multi-channel scams target new hires through fake texts and emails, and learn practical steps to protect your organization from persistent social engineering attacks. The post ScrapedIn: How Bots Turn Social Media into Advanced Social Engineering appeared first on Security Boulevard.

article thumbnail

Like Roborock, Dreame is also working on a mechanical arm for its robot vacuums

Zero Day

The Dreame robot vacuum with a mechanical arm works differently than Roborock's, but it can do more than the competition. There's only one problem.

104
104
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

CVE-2023-37936 (CVSS 9.6): Urgent Patch Needed for FortiSwitch Vulnerability

Penetration Testing

Fortinet has issued patches to address a critical security vulnerability (CVE-2023-37936, CVSS 9.6) affecting its FortiSwitch product line. The post CVE-2023-37936 (CVSS 9.6): Urgent Patch Needed for FortiSwitch Vulnerability appeared first on Cybersecurity News.

article thumbnail

Love your smart bird feeder? This pollinator habitat has flower-shaped 4K cameras

Zero Day

Makers of smart bird feeders are expanding into smart bird baths and new ways to support and enjoy your local bees and butterflies.

101
101
article thumbnail

2025 Prediction 2: The Rise Of AI-Generated Deepfake Attacks Will Escalate In 2025 And Will Continue To Target High-Profile Individuals

Security Boulevard

On January 7, we published a press release to share our five predictions for cybersecurity in 2025. Over the next few weeks, well publish a blog series that provides additional commentary on each prediction. This is the second blog in the series. Check out the first one here. Prediction Key Takeaways: AI-powered tools like deepfakes [] The post 2025 Prediction 2: The Rise Of AI-Generated Deepfake Attacks Will Escalate In 2025 And Will Continue To Target High-Profile Individuals appeared first on

article thumbnail

I bought an iPhone 16 for its AI features, but I haven't used them even once - here's why

Zero Day

C'mon, Apple. You're better than this.

97
article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.