Mon.Jan 13, 2025

article thumbnail

Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme

Schneier on Security

Not sure this will matter in the end, but it’s a positive move : Microsoft is accusing three individuals of running a “hacking-as-a-service” scheme that was designed to allow the creation of harmful and illicit content using the company’s platform for AI-generated content. The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of harmful content through its generative AI services, said S

Hacking 243
article thumbnail

Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released

Penetration Testing

Security researcher liona24 has provided an in-depth analysis and a proof-of-concept (PoC) exploit code for CVE-2024-27397, a vulnerability The post Linux Kernel Privilege Escalation Vulnerability (CVE-2024-27397) Exploited: PoC Released appeared first on Cybersecurity News.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Microsoft to force new Outlook app in Windows 10 with no way to block it

Zero Day

Designed to replace the current Mail and Calendar apps, the new Outlook can only be removed after it's been installed.

136
136
article thumbnail

iMessage text gets recipient to disable phishing protection so they can be phished

Malwarebytes

A smishing (SMS phishing) campaign is targeting iMessage users, attempting to socially engineer them into bypassing Apple’s built in phishing protection. For months, iMessage users have been posting examples online of how phishers are trying to get around this protection. And, now, the campign is gaining traction, according to our friends at BleepingComputer.

Phishing 111
article thumbnail

Prevent Data Breaches With Zero-Trust Enterprise Password Management

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

article thumbnail

How to create system restore points on Linux with Timeshift - and why you should

Zero Day

Concerned about something going wrong with your Linux system? If so, Timeshift can help return things to a working state should something go awry.

128
128
article thumbnail

U.S. CISA adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog

Security Affairs

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust PRA and RS and Qlik Sense flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA)added the following vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog : CVE-2024-12686 (CVSS score of 6.6) The flaw is an OS Command Injection Vulnerability in BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS).

Hacking 110

More Trending

article thumbnail

How Your Digital Footprint Fuels Cyberattacks — and What to Do About It 

Security Boulevard

Hackers are exploiting the digital breadcrumbs your personally identifiable information (PII) that you leave behind daily to launch their cyber attacks. The post How Your Digital Footprint Fuels Cyberattacks and What to Do About It appeared first on Security Boulevard.

article thumbnail

This mini SSD enclosure transformed my data management - and I never leave home without it

Zero Day

The Satechi Mini NVMe SSD Enclosure is a useful accessory for transferring big files, moving 20GB of data in less than a minute.

113
113
article thumbnail

CISA Adds Second BeyondTrust Flaw to KEV Catalog Amid Active Attacks

The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a second security flaw impacting BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) products to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild. The vulnerability in question is CVE-2024-12686 (CVSS score: 6.

article thumbnail

4MLinux is a lightweight, portable Linux distro with an old-school feel

Zero Day

If you need a lightning-fast, portable Linux distribution to run on aging hardware or spin up a quick server, 4MLinux is a great option.

111
111
article thumbnail

Optimizing The Modern Developer Experience with Coder

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

article thumbnail

How to Build Your Cybersecurity Talent Stack

SecureWorld News

A career in cybersecurity isn't about mastering one skillit's about layering complementary skills that make you versatile and invaluable. That's the power of a talent stack. It's a mix of technical know-how, strategic thinking, and communication skills that, together, make you stand out in a competitive field. Think of it like building a tower. Each layer adds strength and stability, supporting everything above it.

article thumbnail

Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners

The Hacker News

A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.

article thumbnail

This iPhone bug is particularly alarming

Zero Day

A photo circulating on Reddit, showing an iPhone alarm going off several hours late, has reignited claims of a long-standing iOS bug that Apple has yet to address.

103
103
article thumbnail

Ransomware on ESXi: The mechanization of virtualized attacks

The Hacker News

In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound.

article thumbnail

The Tumultuous IT Landscape Is Making Hiring More Difficult

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

article thumbnail

HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach 

Security Boulevard

The new rules come in the wake of the Change Healthcare breach, which exposed the electronic personal health information of about 100 million Americans. The post HHS Proposes Major Overhaul of HIPAA Security Rule in the Wake of Change Healthcare Breach appeared first on Security Boulevard.

article thumbnail

Investigating A Web Shell Intrusion With Trend Micro™ Managed XDR

Trend Micro

This blog discusses a web shell intrusion incident where attackers abused the IIS worker to exfiltrate stolen data.

Risk 100
article thumbnail

'How to quit Facebook?' searches spike after Meta's fact-checking ban

Zero Day

Google searches on removing Instagram and Threads accounts also rose in the wake of Mark Zuckerberg's announcement last week.

article thumbnail

Conveying Your Security Needs to the Board in Six Minutes or Less 

Security Boulevard

CISOs must take advantage by making the most of their limited time with effective and informative messaging. The post Conveying Your Security Needs to the Board in Six Minutes or Less appeared first on Security Boulevard.

CISO 94
article thumbnail

The Cloud Development Environment Adoption Report

Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.

article thumbnail

Do wind power generators actually work at home? My firsthand experience says it all

Zero Day

Solar generators have become all the rage lately, but what happens when the skies turn cloudy? This device ensures your power stays on.

98
article thumbnail

Why MSPs must offer 24/7 cybersecurity protection and response — and how OpenText MDR can help

Webroot

In todays cyber threat landscape, good enough is no longer good enough. Cyberattacks dont clock out at 5 PM, and neither can your security strategy. For Managed Service Providers (MSPs), offering customers 24/7 cybersecurity protection and response isnt just a competitive advantageits an essential service for business continuity, customer trust, and staying ahead of attackers.

article thumbnail

This new Linux handheld PC could be a tinkerer's dream come true

Zero Day

Currently in development, the Debian-powered Mecha Comet could be a Linux phone, drone controller, or interface for your car. If you dream it, you can make it.

96
article thumbnail

Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France

Heimadal Security

COPENHAGEN, Denmark, and PARIS, France, January 13, 2025 Heimdal, a top European cybersecurity company, is teaming up with Watsoft, a French IT distributor focused on Managed Service Providers (MSPs). This partnership will help MSPs in France deal with todays growing cybersecurity challenges by simplifying how they manage security and offering reliable tools from a […] The post Heimdal and Watsoft Team Up to Strengthen MSP Cybersecurity in France appeared first on Heimdal Security Blog.

article thumbnail

Bringing the Cybersecurity Imperative Into Focus

Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!

article thumbnail

Proton Pass review: A highly secure password manager with easy to overlook flaws

Zero Day

Proton Pass offers interoperability with Proton VPN and Proton Mail, along with a host of security features compatible with most devices and operating systems.

article thumbnail

Inside the Black Box of Predictive Travel Surveillance

WIRED Threat Level

Behind the scenes, companies and governments are feeding a trove of data about international travelers into opaque AI tools that aim to predict whos safeand whos a threat.

article thumbnail

$450 and 19 hours is all it takes to rival OpenAI's o1-preview

Zero Day

UC Berkeley released an open-source model that's on par with o1's math and coding abilities - for a fraction of the cost.

94
article thumbnail

⚡ THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]

The Hacker News

The cyber world’s been buzzing this week, and it’s all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, we’ll break down what’s happening, why it matters, and what you can do to stay secure.

article thumbnail

Introducing CDEs to Your Enterprise

Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.

article thumbnail

How AI could supercharge your glucose monitor - and catch other health issues

Zero Day

Stanford researchers built an algorithm to predict subtypes of Type 2 diabetes that works right from your home.

93
article thumbnail

Privacy Roundup: Week 2 of Year 2025

Security Boulevard

This is a news item roundup of privacy or privacy-related news items for 5 JAN 2025 - 11 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and lar

Scams 89
article thumbnail

Three CES 2025 products I'd buy as soon as they're available for purchase

Zero Day

CES is officially over, so I'm reflecting on the products that left the biggest impression on me - and that I'd spend my money on.

92
article thumbnail

The new rules for AI and encrypted messaging, with Mallory Knodel (Lock and Code S06E01)

Malwarebytes

This week on the Lock and Code podcast… The era of artificial intelligence everything is here, and with it, come everyday surprises into exactly where the next AI tools might pop up. There are major corporations pushing customer support functions onto AI chatbots, Big Tech platforms offering AI image generation for social media posts, and even Google has defaulted to include AI-powered overviews into everyday searches.

article thumbnail

IT Leadership Agrees AI is Here, but Now What?

IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.