Schneier on Security

FEBRUARY 20, 2025

Scary research : “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.

301

301

Krebs on Security

FEBRUARY 18, 2025

Carding — the underground business of stealing, selling and swiping stolen payment card data — has long been the dominion of Russia-based hackers. Happily, the broad deployment of more secure chip-based payment cards in the United States has weakened the carding market. But a flurry of innovation from cybercrime groups in China is breathing new life into the carding industry, by turning phished card data into mobile wallets that can be used online and at main street stores.

Phishing 282

Phishing Mobile Scams Retail 282

Adam Shostack

FEBRUARY 18, 2025

Adam was on the CyberTuesday podcast I recently had the pleasure of joining Simon Whittaker on the CyberTuesday podcast for a wide-ranging discussion about threat modeling and organizational culture. I wanted to share some key themes we explored. One of the core messages I emphasized is how we can make threat modeling more accessible. If youve read my recent blog post on Hoarding, Debt and Threat Modeling , youll hear me reiterate how people often try to model everything at once and get overwhel

130

130

Security Affairs

FEBRUARY 20, 2025

Citrix addressed a high-severity privilege escalation vulnerability impacting NetScaler Console and NetScaler Agent under certain conditions. Citrix released security updates to address a high-severity security vulnerability, tracked as CVE-2024-12284 (CVSS score of 8.8) impacting NetScaler Console (formerly NetScaler ADM) and NetScaler Agent. The vulnerability is an improper privilege management that could allow attackers to escalate privileges under certain conditions. “A vulnerability h

Authentication 118

Authentication Software Hacking Information Security 118

Advertisement

Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.

Cyber threats

Schneier on Security

FEBRUARY 21, 2025

Interesting research: “ How to Securely Implement Cryptography in Deep Neural Networks.” Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output).

Encryption 235

Encryption 235

SecureWorld News

FEBRUARY 20, 2025

The FBI, CISA, and MS-ISAC have issued a joint cybersecurity advisory warning organizations about Ghost (Cring) ransomware, a sophisticated cyber threat that has been compromising critical infrastructure, businesses, and government entities worldwide. The advisory, part of the #StopRansomware campaign, outlines the attack methods, technical details, and mitigation strategies needed to defend against this persistent ransomware strain.

Ransomware 110

Ransomware IoT Encryption Social Engineering 110

Security Affairs

FEBRUARY 19, 2025

Two OpenSSH vulnerabilities could allow machine-in-the-middle (MitM) and denial-of-service (DoS) attacks under certain conditions. The Qualys Threat Research Unit (TRU) has discovered two vulnerabilities in OpenSSH. The first, tracked as CVE-2025-26465 (CVSS score: 6.8) can be exploited by an attacker to conduct an active machine-in-the-middle attack on the OpenSSH client when the VerifyHostKeyDNS option is enabled.

Authentication 121

Authentication System Administration DNS Hacking 121

Schneier on Security

FEBRUARY 19, 2025

This isn’t new, but it’s increasingly popular : The technique is known as device code phishing. It exploits “device code flow,” a form of authentication formalized in the industry-wide OAuth standard. Authentication through device code flow is designed for logging printers, smart TVs, and similar devices into accounts. These devices typically don’t support browsers, making it difficult to sign in using more standard forms of authentication, such as entering user nam

Phishing 220

Phishing Authentication Accountability Passwords 220

Penetration Testing

FEBRUARY 19, 2025

A vulnerability in the Windows Disk Cleanup Tool (cleanmgr.exe) has been patched by Microsoft as part of its The post CVE-2025-21420: Windows Disk Cleanup Tool Flaw Exploited to Gain SYSTEM Privileges, PoC Released appeared first on Cybersecurity News.

Cybersecurity 128

Cybersecurity 128

Malwarebytes

FEBRUARY 21, 2025

Healthcare is one of the sectors that has the most sensitive information about us. At the same time it’s one of the worst at keeping them secret. Because of its access and storage of our personal health information (PHI) and other personally identifiable information (PII), the healthcare sector should be one of the most secure ones, but due to lack of funding and other resources, it is not.

Healthcare 114

Healthcare Data breaches Passwords Phishing 114

Advertisement

The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.

Cybersecurity

Security Affairs

FEBRUARY 16, 2025

Russia-linked group Storm-2372 used the device code phishing technique since Aug 2024 to steal login tokens from governments, NGOs, and industries. Microsoft Threat Intelligence researchers warn that threat actor Storm-2372, likely linked to Russia, has been targeting governments, NGOs, and various industries across multiple regions since August 2024.

Phishing 114

Phishing Authentication Telecommunications Accountability 114

The Last Watchdog

FEBRUARY 19, 2025

Cary, NC, Feb. 19, 2025, CyberNewswire — 2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas. At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids.

Marketing 130

Marketing Technology Cybersecurity Data breaches 130

Schneier on Security

FEBRUARY 18, 2025

Ben Rothke relates a story about me working with a medical device firm back when I was with BT. I don’t remember the story at all, or who the company was. But it sounds about right.

267

267

Malwarebytes

FEBRUARY 19, 2025

In the ongoing saga that is Googles struggle to replace tracking cookies, we have entered a new phase.But whether thats good news is another matter. For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.

Advertising 131

Advertising VPN Internet Internet 131

Advertisement

Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.

Passwords

Security Affairs

FEBRUARY 15, 2025

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple iOS and iPadOS and Mitel SIP Phones vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog.

Spyware 107

Spyware DDOS Hacking Authentication 107

SecureList

FEBRUARY 20, 2025

Kaspersky Managed Detection and Response service (MDR) provides round-the-clock monitoring and threat detection, based on Kaspersky technologies and expertise. The annual MDR analyst report presents insights based on the analysis of incidents detected by Kaspersky’s SOC team. It sheds light on the most prevalent attacker tactics, techniques, and tools, as well as the characteristics of identified incidents and their distribution across regions and industry sectors among MDR customers.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

eSecurity Planet

FEBRUARY 18, 2025

Dream, an AI cybersecurity startup, has raised $100 million in a Series B funding round led by Bain Capital Ventures to bolster its mission of defending nations and critical infrastructure from cyber threats. Other investors include Group 11, Tru Arrow, Tau Capital, and Aleph, pushing Dreams valuation to $1.1 billion. Sophisticated cyber-attacks on our critical infrastructure are increasing in both prevalence and complexity,” Sebastian Kurz, co-founder and president of Dream, said in a pre

Cybersecurity 96

Cybersecurity Cyber threats Government Data privacy 96

Malwarebytes

FEBRUARY 19, 2025

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system. These are the dangers of info stealers, which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners.

Malware 127

Malware Software Passwords Cryptocurrency 127

Advertisement

Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.

Software

Security Affairs

FEBRUARY 19, 2025

Palo Alto Networks warns that the vulnerability CVE-2025-0111 is actively exploited with two other flaws to compromise PAN-OS firewalls. Palo Alto Networks warns that threat actors are chaining the vulnerability CVE-2025-0111 with two other vulnerabilities, tracked as CVE-2025-0108 with CVE-2024-9474 , to compromise PAN-OS firewalls. The vulnerability CVE-2025-0111 is a file read issue in PAN-OS, an authenticated attacker with network access to the management web interface could exploit the flaw

Firewall 105

Firewall Authentication Architecture Internet 105

Security Boulevard

FEBRUARY 19, 2025

Challenging the status quo and advocates for inside-out security, placing data at the heart of the strategy from the very beginning, rather than securing it last. The post From Defense to Offense: Inside-Out Data Security Strategies for CISOs in 2025 appeared first on Security Boulevard.

CISO 100

CISO Encryption Cybersecurity 100

Digital Shadows

FEBRUARY 17, 2025

Key Findings First observed in March 2024, BlackLock (aka El Dorado or Eldorado) has rapidly emerged as a major player in the ransomware-as-a-service (RaaS) ecosystem. By Q4 2024, it ranked as the 7th most prolific ransomware group on data-leak sites, fueled by a staggering 1,425% increase in activity from Q3. BlackLock uses a double extortion tacticencrypting data while stealing sensitive informationto pressure victims with the threat of public exposure.

Ransomware 83

Ransomware Malware Risk Accountability 83

Malwarebytes

FEBRUARY 18, 2025

Somebody bought a batch of 15 GB hard drives from a flea market, and during a routine check of the contents they found medical data about hundreds of patients. After some more investigation in the Netherlands, it turned out the data came from a software provider in the medical industry which had gone bankrupt. Under Dutch law, storage media with medical data must be professionally erased with certification.

Marketing 110

Marketing Software Firmware Manufacturing 110

Advertisement

How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.

Cybersecurity

Security Affairs

FEBRUARY 15, 2025

Threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, inPalo Alto Networks PAN-OS firewalls. Researchers warn that threat actors are exploiting a recently disclosed vulnerability, tracked as CVE-2025-0108, in Palo Alto Networks PAN-OS firewalls. The Shadowserver Foundation researchers observed several CVE-2025-0108 attempts since 4 am UTC 2024-02-13 in their honeypots.

Firewall 102

Firewall Authentication Architecture Risk 102

SecureList

FEBRUARY 18, 2025

Introduction On December 31, cybercriminals launched a mass infection campaign, aiming to exploit reduced vigilance and increased torrent traffic during the holiday season. Our telemetry detected the attack, which lasted for a month and affected individuals and businesses by distributing the XMRig cryptominer. This previously unidentified actor is targeting users worldwideincluding in Russia, Brazil, Germany, Belarus and Kazakhstanby spreading trojanized versions of popular games via torrent sit

Malware 86

Malware Encryption Software Technology 86

Security Boulevard

FEBRUARY 17, 2025

Each IT and security team has its function, but unless they row in unison aligning on strategy, focus and execution the organization will flounder. The post Rowing in the Same Direction: 6 Tips for Stronger IT and Security Collaboration appeared first on Security Boulevard.

Security Awareness 99

Security Awareness Risk Cybersecurity 99

Malwarebytes

FEBRUARY 20, 2025

An infostealer known as ACRStealer is using legitimate platforms like Google Docs and Steam as part of an attack, according to researchers. ACRStealer is often distributed via the tried and tested method of download as cracks and keygens , which are used in software piracy. The infostealer has been around since mid-2024 (as a beta test), but its only really taken off in 2025.

Identity Theft 91

Identity Theft Malware Financial Services Antivirus 91

Advertisement

After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!

Security Affairs

FEBRUARY 18, 2025

Juniper Networks has addressed a critical vulnerability, tracked as CVE-2025-21589, impacting the Session Smart Router. Juniper Networks addressed a critical authentication bypass vulnerability, tracked as CVE-2025-21589 (CVSS score of 9.8), affecting its Session Smart Router product. “An Authentication Bypass Using an Alternate Path or Channel vulnerability in Juniper Networks Session Smart Router may allow a network-based attacker to bypass authentication and take administrative control

Authentication 86

Authentication Hacking Information Security 86

SecureList

FEBRUARY 21, 2025

Angry Likho (referred to as Sticky Werewolf by some vendors) is an APT group we’ve been monitoring since 2023. It bears a strong resemblance to Awaken Likho, which we’ve analyzed before , so we classified it within the Likho malicious activity cluster. However, Angry Likho’s attacks tend to be targeted , with a more compact infrastructure, a limited range of implants, and a focus on employees of large organizations, including government agencies and their contractors.

Phishing 83

Phishing Encryption Banking Malware 83

Security Boulevard

FEBRUARY 19, 2025

Cybercrime-as-a-Service (CaaS) now accounts for 57% of all cyberthreats, marking a 17% increase from the first half of 2024, according to Darktraces Annual Threat Report. The post CaaS Surges in 2025, Along With RATs, Ransomware appeared first on Security Boulevard.

Ransomware 104

Ransomware Cybercrime Threat Reports Accountability 104

Schneier on Security

FEBRUARY 17, 2025

The EFF has released its Atlas of Surveillance , which documents police surveillance technology across the US.

Surveillance 210

Surveillance Technology 210

Advertiser: Revenera

In a recent study, IDC found that 64% of organizations said they were already using open source in software development with a further 25% planning to in the next year. Most organizations are unaware of just how much open-source code is used and underestimate their dependency on it. As enterprises grow the use of open-source software, they face a new challenge: understanding the scope of open-source software that's being used throughout the organization and the corresponding exposure.

Risk