SecureWorld News

NOVEMBER 25, 2024

I just wrapped up a management review for our cybersecurity program (which is called an Information Security Management System (ISMS) in ISO 27001), and it got me thinking about how valuable these reviews are—not just for meeting compliance requirements like ISO 27001, but for driving real improvements in how we approach cybersecurity.

Cybersecurity 106

Cybersecurity Risk Information Security Accountability 106

Krebs on Security

AUGUST 27, 2024

” Those third-party reports came in late June 2024 from Michael Horka , senior lead information security engineer at Black Lotus Labs , the security research arm of Lumen Technologies , which operates one of the global Internet’s largest backbones. victims and one non-U.S. ”

Internet 328

Internet Internet Technology Engineering 328

The Last Watchdog

DECEMBER 5, 2024

5, 2024, CyberNewswire — One Identity proudly announces it has been named a winner in the Hot Company: Privileged Access Management (PAM) category in the 12th annual Cyber Defense Awards by Cyber Defense Magazine (CDM), the industrys leading information security magazine. Alisa Viejo, Calif.,

InfoSec 130

InfoSec Cyber Risk CISO Cybersecurity 130

Krebs on Security

DECEMBER 19, 2024

The makers of Acunetix, Texas-based application security vendor Invicti Security , confirmed Silent Push’s findings, saying someone had figured out how to crack the free trial version of the software so that it runs without a valid license key.

Hacking 225

Hacking Cybercrime Advertising Data breaches 225

Malwarebytes

MARCH 10, 2025

AVLabs evaluations, which are performed every other month by a team of cybersecurity and information security experts, are constructed to test and compare cybersecurity vendors against the latest malware.

Malware 93

Malware Cybersecurity Information Security 93

SecureWorld News

DECEMBER 12, 2024

Trey Ford, Chief Information Security Officer at Bugcrowd, observed, "This incident may not have been made public if it wasn't for the Form 8-K requirement." This highlights the importance of transparency in today's interconnected world, where breaches can have far-reaching implications.

Password Management 106

Password Management Passwords CISO Cybersecurity 106

Malwarebytes

NOVEMBER 12, 2024

Words of warning The UK regulator, the Information Commissioner’s Office (ICO) has confirmed it has received a complaint about Atlas Biomed, saying in a statement: “People have the right to expect that organizations will handle their personal information securely and responsibly.”

Insurance 145

Insurance Accountability Risk Data breaches 145

SecureWorld News

DECEMBER 9, 2024

The Chief Information Security Officer (CISO) has become one of the most critical roles in modern organizations. Tasked with safeguarding data and infrastructure, CISOs face mounting pressures as cyber threats escalate, regulatory demands grow, and the role expands to encompass strategic business responsibilities.

CISO 95

CISO Cyber threats Risk Cybersecurity 95

SecureList

FEBRUARY 20, 2025

Users are still the weakest link, making Security Awareness training an important focus for corporate information security planning. User Execution and Phishing techniques ranked again in the top three threats, with nearly 5% of high-severity incidents involving successful social engineering.

Social Engineering 101

Social Engineering Phishing Government Threat Detection 101

SecureWorld News

MARCH 13, 2025

Hardening endpoints to increase the cost of attack Trey Ford, Chief Information Security Officer at Bugcrowd, takes a pragmatic approach to AI-driven cyber threats. Criminals are going to criminaland they're going to use every tool and technique available to them," he said.

Malware 102

Malware Cybersecurity Cyber threats Threat Detection 102

SecureWorld News

MARCH 20, 2025

[RELATED: 5 Emotions Used in Social Engineering Attacks, with Examples ] The game plan: stay secure while enjoying March Madness So, how can fans and businesses enjoy the all the action without falling victim to cyber schemes? If it sounds too good to be true, it probably is except on the internet, where it always is."

Scams 74

Scams Social Engineering Mobile Phishing 74

Webroot

MARCH 3, 2025

During this time, many government agencies and consumer protection organizations come together to help educate consumers on how to keep their personal and financial information secure. Each year, the first week of March (March 2-8) is recognized as National Consumer Protection Week (NCPW).

Consumer Protection 84

Consumer Protection Identity Theft Scams Social Engineering 84

SecureWorld News

NOVEMBER 14, 2024

The 99% do not have the resources and funding to be able to protect themselves," said Rick Doten , VP, Information Security, Centene Corporation, a publicly traded managed care company based in St. Louis, Missouri.

Healthcare 114

Healthcare Ransomware Identity Theft Data breaches 114

Security Affairs

MARCH 8, 2025

The Akira ransomware gang exploited an unsecured webcam to bypass EDR and launch encryption attacks on a victim’s network. Cybersecurity researchers at S-RM team discovered a novel attack technique used by the Akira ransomware gang.

Ransomware 128

Ransomware IoT Encryption Passwords 128

Security Affairs

FEBRUARY 22, 2025

Crypto exchange Bybitwas the victim of a sophisticated attack, and threat actors stole $1.5B worth of cryptocurrency from one of the companys offline wallets. Crypto exchange Bybit suffered a sophisticated cyberattack, threat actors transferred over 400,000 ETH and stETH worth more than $1.5 billion to an unidentified address.

Cryptocurrency 129

Cryptocurrency Hacking Banking Cybersecurity 129

Security Affairs

DECEMBER 5, 2024

Security Operations Center (SOC) analyst burnout is a very real problem. SOC analysts, vital to cybersecurity, face burnout due to exhausting workloads, risking their well-being and the effectiveness of organizational defenses.

Artificial Intelligence 135

Artificial Intelligence Data collection Cybersecurity Risk 135

Security Affairs

NOVEMBER 26, 2024

Banshee Stealer, a MacOS Malware-as-a-Service, shut down after its source code leaked online. The code is now available on GitHub. In August 2024, Russian hackers promoted BANSHEE Stealer, a macOS malware targeting x86_64 and ARM64, capable of stealing browser data, crypto wallets, and more.

Malware 143

Malware Cryptocurrency Encryption Passwords 143

Security Affairs

JANUARY 16, 2025

Researchers discovered a 13,000-device MikroTik botnet exploiting DNS flaws to spoof 20,000 domains and deliver malware. Infoblox researchers discovered a botnet of 13,000 MikroTik devices that exploits DNS misconfigurations to bypass email protections, spoof approximately 20,000 domains, and deliver malware. zip” or “Tracking###.zip”

DNS 138

DNS Malware Firmware Authentication 138

Security Affairs

OCTOBER 22, 2024

Google’s Threat Analysis Group (TAG) researchers warn of a Samsung zero-day vulnerability that is exploited in the wild. Google’s Threat Analysis Group (TAG) warns of a Samsung zero-day vulnerability, tracked as CVE-2024-44068 (CVSS score of 8.1), which is exploited in the wild.

Firmware 144

Firmware Mobile Spyware Media 144

Security Affairs

NOVEMBER 1, 2024

New LightSpy spyware targets iPhones supporting destructive features that can block compromised devices from booting up. In May 2024, ThreatFabric researchers discovered a macOS version of LightSpy spyware that has been active in the wild since at least January 2024.

Spyware 141

Spyware Media Malware Hacking 141

Security Affairs

OCTOBER 12, 2024

cyber agencies warn that Russia-linked group APT29 is targeting vulnerable Zimbra and JetBrains TeamCity servers on a large scale. cyber agencies warned.

Data collection 135

Data collection Authentication Government Hacking 135

Security Affairs

MARCH 18, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Fortinet FortiOS/FortiProxyand GitHub Actionflaws to its Known Exploited Vulnerabilities catalog.

Authentication 114

Authentication Ransomware Firewall Hacking 114

Security Affairs

MARCH 15, 2025

Pirated software seekers are targeted by the new MassJacker clipper malware, according to CyberArk researchers. A new malware campaign spreading a new clipper malware dubbed MassJacker targets users searching for pirated software, Cyberark users warn.

Software 116

Software Cryptocurrency Malware Encryption 116

Security Affairs

NOVEMBER 3, 2024

Quad7 botnet, also known as CovertNetwork-1658 or xlogin, was first spotted in the summer of 2023 by security researcher Gi7w0rm. Microsoft warns Chinese threat actors are using the Quad7 botnet to carry out password-spray attacks and steal credentials.

Passwords 132

Passwords Wireless VPN Accountability 132

Security Affairs

OCTOBER 20, 2024

Technology firm F5 patches a high-severity elevation of privilege vulnerability in BIG-IP and a medium-severity flaw in BIG-IQ. F5 addressed two vulnerabilities in BIG-IP and BIG-IQ enterprise products, respectively tracked as CVE-2024-45844 and CVE-2024-47139.

Authentication 136

Authentication Hacking Technology Information Security 136

Security Affairs

OCTOBER 21, 2024

Cisco confirms that data published by IntelBroker on a cybercrime forum was taken from the company DevHub environment. Cisco confirms that the data posted by IntelBroker on a cybercrime forum was stolen from its DevHub environment.

Cybercrime 130

Cybercrime Data breaches Technology Banking 130

Security Affairs

MARCH 18, 2025

Threat actors exploit a server-side request forgery (SSRF) flaw, tracked as CVE-2024-27564, in ChatGPT, to target US financial and government organizations.

Government 127

Government Healthcare Authentication Hacking 127

Security Affairs

NOVEMBER 24, 2024

seized the stolen credit card marketplace PopeyeTools and charged its operators, this is a major success against cybercrime.

Cybercrime 129

Cybercrime Cryptocurrency Banking Accountability 129

Security Affairs

MARCH 4, 2025

Broadcom released security updates to address three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild. Broadcom has addressed three VMware zero-day vulnerabilities in ESX products that are actively exploited in the wild.

Hacking 113

Hacking Information Security 113

Security Affairs

OCTOBER 10, 2024

Jscrambler researchers found a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer named Mongolian Skimmer. Jscrambler researchers uncovered a skimming campaign using unique JavaScript obfuscation with accented characters to hide a skimmer dubbed ‘Mongolian Skimmer.’

Data collection 125

Data collection Engineering Malware Hacking 125

Security Affairs

OCTOBER 22, 2024

Cybersecurity and Infrastructure Security Agency (CISA) adds ScienceLogic SL1 flaw to its Known Exploited Vulnerabilities catalog. Cybersecurity and Infrastructure Security Agency (CISA) added the ScienceLogic SL1 flaw CVE-2024-9537 (CVSS v4 score: 9.3) to its Known Exploited Vulnerabilities (KEV) catalog.

Encryption 121

Encryption Hacking Accountability Cybersecurity 121

Security Affairs

FEBRUARY 24, 2025

A botnet of 130,000+ devices is attacking Microsoft 365 accounts via password-spraying, bypassing MFA by exploiting basic authentication. SecurityScorecard researchers discovered a botnet of over 130,000 devices that is conducting password-spray attacks against Microsoft 365 (M365) accounts worldwide.

Passwords 119

Passwords Accountability Authentication Malware 119

Security Affairs

OCTOBER 11, 2024

OpenAI disrupted 20 cyber and influence operations in 2023, revealing Iran and China-linked actors used ChatGPT for planning ICS attacks. OpenAI announced the disruption of over 20 cyber and influence operations this year, involving Iranian and Chinese state-sponsored hackers.

Malware 135

Malware Social Engineering Engineering Hacking 135

Security Affairs

MARCH 4, 2025

Cybersecurity and Infrastructure Security Agency (CISA) adds Linux kernel and VMware ESXi and Workstationflaws to its Known Exploited Vulnerabilities catalog.

Mobile 112

Mobile Hacking Cybersecurity Risk 112

Security Affairs

MARCH 1, 2025

Microsoft warns of a Paragon Partition Manager BioNTdrv.sys driver zero-day flaw actively exploited by ransomware gangs inattacks. Microsoft discovered five vulnerabilities in the Paragon Partition Manager BioNTdrv.sys driver. The IT giant reported that one of these flaws is exploited by ransomware groups inzero-dayattacks.

Ransomware 116

Ransomware Software Hacking Cybercrime 116

Security Affairs

MARCH 17, 2025

Cisco Talos observed threat actors abusing Cascading Style Sheets (CSS) to evade detection and track user behavior, raising security and privacy concerns, including potential fingerprinting. Threat actors exploit Cascading Style Sheets (CSS) to bypass spam filters and detection engines, and track users actions and preferences.

Phishing 116

Phishing Engineering Media Hacking 116

Security Affairs

JANUARY 15, 2025

A previously unknown threat actor released config files and VPN passwords for Fortinet FortiGate devices on a popular cybercrime forum. A previously unknown threat actor named Belsen Group published configuration files and VPN passwords for over 15,000 Fortinet FortiGate appliances. “2025 will be a fortunate year for the world.

VPN 129

VPN Passwords Firewall Firmware 129