Tue.Jan 28, 2025

article thumbnail

Apple users: Update your devices now to patch zero-day vulnerability

Malwarebytes

Apple has released a host of security updates across many devices, including for a zero-day bug which is being actively exploited in iOS. Apple said: “A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited against versions of iOS before iOS 17.2.” Devices affected are those that run: iPhone XS and later iPad Pro 13-inch, iPad Pro 12.9-inch 3rd generation and later, iPad Pro 11-inch 1st generation and late

Media 142
article thumbnail

Apple researchers reveal the secret sauce behind DeepSeek AI

Zero Day

The AI model that shook the world is part of a broad trend to squeeze more out of chips using what's called sparsity.

145
145
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

National Cyber Incident Response Plan comments

Adam Shostack

Our comments on the National Cyber Incident Plan Josiah Dykstra and I have some comments on the National Cyber Incident Response Plan updates. Building on our recent paper about pandemic-scale cyber events , we submitted 14 recommendations to further improve the plan. We share the desire for proactive plans that adequately prepare the Nation for cyber incidents.

article thumbnail

Chinese AI platform DeepSeek faced a “large-scale” cyberattack

Security Affairs

Chinese AI company DeepSeek has disabled registrations for its DeepSeek-V3 chat platform following a “large-scale” cyberattack. DeepSeek has designed a new AI platform that quickly gained attention over the past week primarily due to its significant advancements in artificial intelligence and its impactful applications across various industries.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

This new Android feature protects your phone, even if someone has your PIN

Zero Day

If you're looking for an additional layer of security for your Android device, Google's Identity Check might be just the ticket. Here's how it works.

130
130
article thumbnail

Ransomware Threats, Led by FunkSec, Rise to New Heights

Security Boulevard

Ransomware attacks surged to a record high in December 2024, with 574 incidents reported, according to an NCC Group report. FunkSec, a newly identified group combining hacktivism and cybercrime, accounted for over 100 attacks (18% of the total), making it the most active group that month, ahead of Cl0p, Akira and RansomHub. The industrial sector. The post Ransomware Threats, Led by FunkSec, Rise to New Heights appeared first on Security Boulevard.

More Trending

article thumbnail

VMware fixed a flaw in Avi Load Balancer

Security Affairs

VMware fixed a high-risk blind SQL injection vulnerability in Avi Load Balancer, allowing attackers to exploit databases via crafted queries. VMware warns of a high-risk blind SQL injection vulnerability, tracked as CVE-2025-22217 (CVSS score of 8.6), in Avi Load Balancer, allowing attackers with network access to exploit databases via crafted queries. “VMware AVI Load Balancer contains an unauthenticated blind SQL Injection vulnerability.” reads the advisory. “A malicious user

Risk 116
article thumbnail

CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients

Penetration Testing

TeamViewer, a popular remote access and support software, has issued a critical security advisory addressing a vulnerability that The post CVE-2025-0065: TeamViewer Patches Privilege Escalation Vulnerability in Windows Clients appeared first on Cybersecurity News.

Software 121
article thumbnail

PureCrypter Deploys Agent Tesla and New TorNet Backdoor in Ongoing Cyberattacks

The Hacker News

A financially motivated threat actor has been linked to an ongoing phishing email campaign that has been ongoing since at least July 2024 specifically targeting users in Poland and Germany. The attacks have led to the deployment of various payloads, such as Agent Tesla, Snake Keylogger, and a previously undocumented backdoor dubbed TorNet that's delivered by means of PureCrypter.

Phishing 120
article thumbnail

Why I pick this ultraportable Lenovo tablet over the iPad Air for mobile entertainment

Zero Day

The Lenovo Tab Plus houses a surprisingly powerful speaker system and a 2K display, enough to make a competing iPad look bad.

Mobile 119
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

Zyxel CPE Devices Face Active Exploitation Due to Unpatched CVE-2024-40891 Vulnerability

The Hacker News

Cybersecurity researchers are warning that a critical zero-day vulnerability impacting Zyxel CPE Series devices is seeing active exploitation attempts in the wild.

article thumbnail

Google Issues Cloud Security Wake-Up Call as Threats Evolve

Security Boulevard

A report published by Google Cloud found nearly half (46%) of the observed security alerts involved a service account that was overprivileged. The post Google Issues Cloud Security Wake-Up Call as Threats Evolve appeared first on Security Boulevard.

article thumbnail

The Lenovo ThinkPad I recommend to most professionals is also one of the most affordable

Zero Day

Lenovo's sixth-generation ThinkPad E14 is a budget laptop designed to be a reliable workhorse for day-to-day tasks.

118
118
article thumbnail

Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge

Security Boulevard

A global survey of 2,547 IT and cybersecurity practitioners finds 88% work for organizations that experienced one or more ransomware attacks in the past three months to more than 12 months, with well over half (58%) needing to, as a result, shut down operations and 40% reporting a significant loss of revenues. Conducted by the. The post Survey Surfaces Extent of Financial Damage Caused by Ransomware Scourge appeared first on Security Boulevard.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

How Long Does It Take Hackers to Crack Modern Hashing Algorithms?

The Hacker News

While passwords remain the first line of defense for protecting user accounts against unauthorized access, the methods for creating strong passwords and protecting them are continually evolving. For example, NIST password recommendations are now prioritizing password length over complexity. Hashing, however, remains a non-negotiable.

Passwords 116
article thumbnail

How to protect your privacy from Facebook - and what doesn't work

Zero Day

Bothered by Facebook looking over your shoulder? Here are some ways to keep Meta from being such a snooper.

105
105
article thumbnail

UAC-0063 Expands Cyber Attacks to European Embassies Using Stolen Documents

The Hacker News

The advanced persistent threat (APT) group known as UAC-0063 has been observed leveraging legitimate documents obtained by infiltrating one victim to attack another target with the goal of delivering a known malware dubbed HATVIBE.

article thumbnail

Installing iOS 18.3? Here are the 3 biggest features you should try out first

Zero Day

iOS 18.3 is a relatively small update but with notable changes to the iPhone's AI features. Here's the rundown, and how to modify them.

105
105
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

The Hacker News

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals.

article thumbnail

Data Protection Day 2025: three takeaways for embedding privacy principles

BH Consulting

A key theme of Data Protection Day 2025 is the evolving mandate of data protection. I feel this concept of evolution is worth exploring in more detail, because many organisations think of themselves either as compliant or not there yet. That mindset doesnt always allow for responding to changes in privacy and data protection. So to mark this years edition of Data Protection Day, Im reflecting on some recent experiences from working in this field and three recurring takeaways. 1: The work is neve

article thumbnail

Block's new open-source AI agent 'goose' lets you change direction mid-air

Zero Day

Block built its agent - 'codename goose' - to do it all, from writing code to ordering your dinner. Here's how to access it.

104
104
article thumbnail

Broadcom Warns of High-Severity SQL Injection Flaw in VMware Avi Load Balancer

The Hacker News

Broadcom has alerted of a high-severity security flaw in VMware Avi Load Balancer that could be weaponized by malicious actors to gain entrenched database access. The vulnerability, tracked as CVE-2025-22217 (CVSS score: 8.6), has been described as an unauthenticated blind SQL injection.

103
103
article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

What to know about DeepSeek AI, from cost claims to data privacy

Zero Day

Besides one-upping US rivals and panicking investors, DeepSeek presents a host of security concerns. Here's what you should know.

article thumbnail

Threat Actors Exploit Government Website Vulnerabilities for Phishing Campaigns

Security Boulevard

Cofense Intelligence has continually observed the abuse or usage of legitimate domain service exploitation. This report highlights observed phishing threat actor abuse of.gov top-level domains (TLDs) for different countries over two years from November 2022 to November 2024. The post Threat Actors Exploit Government Website Vulnerabilities for Phishing Campaigns appeared first on Security Boulevard.

Phishing 101
article thumbnail

I've used every Samsung Galaxy S25 model - and the one I love most isn't the Ultra

Zero Day

My favorite Galaxy S25 model (and the one most people should buy) strikes the right balance of form and function.

100
100
article thumbnail

Cross-post: Office of the CISO 2024 Year in Review: AI Trust and Security

Anton on Security

[written together with Marina Kaganovich , Executive Trust Lead, Office of the CISO @ Google Cloud; originally postedhere ] In 2024, we shared our insights on how to approach generative AI securely by exploring the fundamentals of this innovative technology, delving into key security terms, and examining the essential policies needed for AI governance.

CISO 100
article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

Ransomware Targets ESXi Systems via Stealthy SSH Tunnels for C2 Operations

The Hacker News

Cybersecurity researchers have found that ransomware attacks targeting ESXi systems are also leveraging the access to repurpose the appliances as a conduit to tunnel traffic to command-and-control (C2) infrastructure and stay under the radar.

article thumbnail

7 apps that helped me escape the cloud - and protect my data privacy

Zero Day

If you're tired of knowing that a third party has access to your data and content, it's time to move away from cloud services that may be selling your information or using it to train their LLMs.

article thumbnail

AI SOC Analysts: Propelling SecOps into the future

The Hacker News

Triaging and investigating alerts is central to security operations. As SOC teams strive to keep up with ever-increasing alert volumes and complexity, modernizing SOC automation strategies with AI has emerged as a critical solution. This blog explores how an AI SOC Analyst transforms alert management, addressing key SOC challenges while enabling faster investigations and responses.

99
article thumbnail

Apple reveals the secret to updating every AirPods model - and it's easier than you think

Zero Day

Rather than leave it up to chance, you can take steps to update your specific AirPods model to the latest software version.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.