Thu.Mar 13, 2025

article thumbnail

U.S. CISA adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple products and Juniper Junos OS flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2025-21590 Juniper Junos OS Improper Isolation or Compartmentalization Vulnerability CVE-2025-24201 Apple Multiple Products WebKit Out-of-Bounds Write Vulnerability The vulnerability C

article thumbnail

Don’t let your kids on Roblox if you’re worried, says Roblox CEO

Malwarebytes

In response to growing worries about the safety of children using Roblox, the CEO of the company has said to parents: “My first message would be, if you’re not comfortable, don’t let your kids be on Roblox.” Roblox is one of the most popular gaming platforms, especially among young children. Reportedly , of the over 80 million players per day, roughly 40% of them are below the age of 13.

Scams 93
Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

RIP Mark Klein

Schneier on Security

2006 AT&T whistleblower Mark Klein has died.

article thumbnail

Head Mare and Twelve join forces to attack Russian entities

SecureList

Introduction In September 2024, a series of attacks targeted Russian companies, revealing indicators of compromise and tactics associated with two hacktivist groups: Head Mare and Twelve. Our investigation showed that Head Mare relied heavily on tools previously associated with Twelve. Additionally, Head Mare attacks utilized command-and-control (C2) servers exclusively linked to Twelve prior to these incidents.

article thumbnail

Why Giant Content Libraries Do Nothing for Your Employees’ Cyber Resilience

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

article thumbnail

North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy

Security Affairs

North Korea-linked APT group ScarCruft used a new Android spyware dubbed KoSpy to target Korean and English-speaking users. North Korea-linked threat actor ScarCruft (aka APT37 , Reaper, and Group123) is behind a previously undetected Android surveillance tool namedKoSpythat was used to target Korean and English-speaking users. ScarCruft has been active since at least 2012, it made the headlines in early February 2018 when researchers revealed that the APT group leveraged a zero-day vulnerabilit

Spyware 77
article thumbnail

Cold Wallets vs. Hot Wallets: Which Offers Better Security?

IT Security Guru

Cryptocurrency isnt just a buzzword anymore. By December 2024, the number of global cryptocurrency owners reached approximately 659 million, marking a 13% increase from January 2024. That might not sound like a massive chunk, but it still represents millions of individuals who want to protect their virtual holdings. Where regular banking once ruled, self-managed wallets are now front and center for those who prefer having full control of their tokens.

More Trending

article thumbnail

DeepSeek and AI-Generated Malware Pose New Danger for Cybersecurity

SecureWorld News

The rapid advancement of generative AI has brought both innovation and concern to the cybersecurity landscape. A recent report from Tenable highlights how DeepSeek R1, an open-source AI model, can generate rudimentary malware, including keyloggers and ransomware. While the AI-generated malware required manual debugging to function properly, its mere existence signals an urgent need for security teams to adapt their defenses.

Malware 66
article thumbnail

Medusa ransomware hit over 300 critical infrastructure organizations until February 2025

Security Affairs

The Medusa ransomware operation hit over 300 organizations in critical infrastructure sectors in the United States until February 2025. The FBI, CISA, and MS-ISAC have issued a joint advisory detailing Medusa ransomware tactics, techniques, and indicators of compromise (IOCs) based on FBI investigations as recent as February 2025. This advisory is part of the #StopRansomware initiative, providing guidance to network defenders on ransomware variants and threat actors. “Medusa is a ransomwar

article thumbnail

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

Centraleyes

New York, the city that never sleeps, is also the city that takes cybersecurity very seriously. If you’re part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation. What Is the NYDFS Cybersecurity Regulation?

article thumbnail

GitLab addressed critical auth bypass flaws in CE and EE

Security Affairs

GitLab addressed two critical authentication bypass vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). GitLab released security updates to address critical vulnerabilities in Community Edition (CE) and Enterprise Edition (EE). The company addressed nine vulnerabilities, including the two critical ruby-saml authentication bypass issues respectively tracked as CVE-2025-25291 and CVE-2025-25292.

article thumbnail

Zero Trust Mandate: The Realities, Requirements and Roadmap

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

article thumbnail

Moving Past Compensating Controls: The Long-Term Value of Tokenization for PCI DSS

Security Boulevard

With the deadline for PCI DSS 4.0 compliance just around the corner, its decision time for organizations. For many, compensating controls are a godsend, introducing a degree of flexibility into what is otherwise a rigorous, demanding and heavily detailed standard. But while this approach can be a useful means of temporarily meeting PCI DSS 4.0 requirements when technical or business constraints get in the way, it can be burdensome in the long term.

Risk 52
article thumbnail

Meta warns of actively exploited flaw in FreeType library

Security Affairs

Meta warned that a vulnerability, tracked as CVE-2025-27363, impacting theFreeTypelibrary may have been exploited in the wild. Meta warned that an out-of-bounds write flaw, tracked as CVE-2025-27363 (CVSS score of 8.1), in theFreeTypelibrary may have been actively exploited in attacks. “An out of bounds write exists in FreeType versions 2.13.0 and below when attempting to parse font subglyph structures related to TrueType GX and variable font files.” reads the advisory published by M

Hacking 57
article thumbnail

Cyberattacks on Water Facilities Are Growing | Aria Cybersecurity

Security Boulevard

The water industry provides the drinking water and wastewater systems we all use every day. As such, it counts as a key piece of the nations critical infrastructure. But it is also in the crosshairs of a dangerous new wave of cyberattacks, originating from cyber criminals and hostile nation-states. The post Cyberattacks on Water Facilities Are Growing | Aria Cybersecurity appeared first on Security Boulevard.

article thumbnail

Navigating AI-powered cyber threats in 2025: 4 expert security tips for businesses

Zero Day

AI-powered cyber threats are reshaping security landscapes. Businesses that don't evolve will be vulnerable to increasingly sophisticated attacks - here's how to stay ahead.

article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

OWASP supply chain security cheat sheet: 5 key action items

Security Boulevard

Securing the software supply chain is a complex task. For one, it spans the entire software development lifecycle (SDLC). For another, generative AI coding tools and modern development practices are increasing software complexity. The result: Development teams are in the hot seat. The post OWASP supply chain security cheat sheet: 5 key action items appeared first on Security Boulevard.

article thumbnail

Hiring – Technical Cybersecurity Consultant

BH Consulting

BH Consulting is a dynamic and fast-paced cybersecurity and data protection consulting firm. We provide a market leading range of information security services focused on cybersecurity, cyber risk management, ISO 27001, and data protection. We have a wide range of clients from private and public sector organisations to large global multinational organisations – with offices in Dublin, London and New York.

article thumbnail

NYDFS Cybersecurity Regulation: Dates, Facts and Requirements

Security Boulevard

New York, the city that never sleeps, is also the city that takes cybersecurity very seriously. If youre part of the financial services ecosystem hereor interact with businesses regulated by the New York State Department of Financial Servicesyouve likely come across the NYDFS Cybersecurity Regulation. What Is the NYDFS Cybersecurity Regulation? The New York Department [] The post NYDFS Cybersecurity Regulation: Dates, Facts and Requirements appeared first on Centraleyes.

article thumbnail

How to set up Bitwarden for personal and work use - and why you should keep them separate

Zero Day

Don't let work invade your personal life. Separate your passwords with two Bitwarden accounts for better security and peace of mind.

Passwords 118
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

DFARS 101: Protecting CUI in Defense Contracts

Security Boulevard

If your company handles Controlled Unclassified Information (CUI) for defense contracts, youve likely encountered DFARS and its key cybersecurity clauses: 7012, 7019, 7020, and 7021. But what exactly is DFARS, why is compliance crucial, and how can your business ensure it meets the requirements? This guide provides a high-level overview of DFARS compliance, including its [] The post DFARS 101: Protecting CUI in Defense Contracts appeared first on PreVeil.

article thumbnail

Your Android phone just got a major audio upgrade for free - Google and Samsung models included

Zero Day

Ever been at a crowded restaurant or bar and wanted to hear that one muted TV? Now you can with Auracast.

115
115
article thumbnail

SafeBreach Coverage for US CERT AA25-071A (Medusa Ransomware)

Security Boulevard

SafeBreach has added coverage against the Medusa ransomware variant, which has been used to target critical infrastructure organizations, demand ransom payment, and threaten to leak stolen data. The post SafeBreach Coverage for US CERT AA25-071A (Medusa Ransomware) appeared first on SafeBreach. The post SafeBreach Coverage for US CERT AA25-071A (Medusa Ransomware) appeared first on Security Boulevard.

article thumbnail

Worried about DeepSeek? Turns out, Gemini and other US AIs collect more user data

Zero Day

It's an AI privacy showdown. How much data does your favorite chatbot collect?

114
114
article thumbnail

The Importance of User Roles and Permissions in Cybersecurity Software

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

article thumbnail

GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks

The Hacker News

Two high-severity security flaws have been disclosed in the open-source ruby-saml library that could allow malicious actors to bypass Security Assertion Markup Language (SAML) authentication protections.

article thumbnail

AD Lite Password Auditor Report: Key Insights and Data

Security Boulevard

2024 Enzoic AD Lite Password Auditor Report In an era where cyber threats continue to evolve, password security remains one of the most critical yet often overlooked components of an organizations security posture. Enzoics 2024 AD Lite Password Auditor Report highlights the ongoing risks associated with compromised credentials in Active Directory (AD) environments, emphasizing the [] The post AD Lite Password Auditor Report: Key Insights and Data appeared first on Security Boulevard.

article thumbnail

WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback

The Hacker News

Browser maker Mozilla is urging users to update their Firefox instances to the latest version to avoid facing issues with using add-ons due to the impending expiration of a root certificate. "On March 14, 2025, a root certificate used to verify signed content and add-ons for various Mozilla projects, including Firefox, will expire," Mozilla said.

112
112
article thumbnail

BSides Exeter 2024 – Blue Track – DFIR – Are We There Yet?

Security Boulevard

Author/Presenter: James Phillips Our thanks to Bsides Exeter , and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – DFIR – Are We There Yet? appeared first on Security Boulevard.

article thumbnail

IDC Analyst Report: The Open Source Blind Spot Putting Businesses at Risk

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

article thumbnail

Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk

The Hacker News

Meta has warned that a security vulnerability impacting the FreeType open-source font rendering library may have been exploited in the wild. The vulnerability has been assigned the CVE identifier CVE-2025-27363, and carries a CVSS score of 8.1, indicating high severity.

Risk 101
article thumbnail

BSides Exeter 2024 – Blue Track – Suppliers: Trust, But Verify

Security Boulevard

Author/Presenter: Todd Gifford Our thanks to Bsides Exeter , and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink The post BSides Exeter 2024 – Blue Track – Suppliers: Trust, But Verify appeared first on Security Boulevard.

article thumbnail

Generative AI is finally finding its sweet spot, says Databricks chief AI scientist

Zero Day

As generative AI begins helping solve real-world problems, a new kind of data analytics is emerging, says Jonathan Frankle.

101
101
article thumbnail

ICYMI: Interesting Things We Learned at the HIMSS 2025 Conference

Security Boulevard

We had a good time talking to folks last week in our ColorTokens booth at the Healthcare Information and Management Systems Society conference in Las Vegas. The crowd was plentiful and engaged at the Venetian Convention Center and Ceasars Forum. Perhaps even more interesting than the keynote addresses and the latest-and-greatest information from the vendor [] The post ICYMI: Interesting Things We Learned at the HIMSS 2025 Conference appeared first on ColorTokens.

article thumbnail

Beware of Pixels & Trackers on U.S. Healthcare Websites

The healthcare industry has massively adopted web tracking tools, including pixels and trackers. Tracking tools on user-authenticated and unauthenticated web pages can access personal health information (PHI) such as IP addresses, medical record numbers, home and email addresses, appointment dates, or other info provided by users on pages and thus can violate HIPAA Rules that govern the Use of Online Tracking Technologies by HIPAA Covered Entities and Business Associates.