Schneier on Security
APRIL 16, 2025
Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled , as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal. The CVE program is one of those pieces of common infrastructure that everyone benefits from.
Krebs on Security
APRIL 10, 2025
China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “ Smishing Triad ” mainly impersonated toll road operators and shipping companies. But experts say these groups are now directly targeting customers of international financial institutions, while dramatically expanding their cybercrime infrastructure and support staff.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Joseph Steinberg
APRIL 7, 2025
The third edition of Cybersecurity For Dummies , Joseph Steinberg ‘s best-selling introductory-level book about cybersecurity, is now available in both print and e-book format. Like its prior two counterparts, Cybersecurity For Dummies: Third Edition is written for general audiences, and can help people of all backgrounds stay cyber-secure, regardless of their technical and business skillsets.
Adam Shostack
APRIL 15, 2025
CVE funding is apparently not being renewed. I havent been operationally involved for a long time and Im sorry for what the team is going through. Im not alone in having strong feelings, and I want to talk about some of the original use cases that informed us as we set up the system. (You might also enjoy my thoughts on 25 Years of CVE for some context.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
The Last Watchdog
APRIL 10, 2025
SAN FRANCISCO If large language AI models are shaping our digital reality, then whoexactlyis shaping those models? And how the heck are they doing it? Related: What exactly is GenAI? Those are the questions Dr. Hidenori Tanaka wants to answer in an effort to put GenAI on solid scientific footing. And its the guiding ethos behind NTT Researchs launch of its newly spun-out Physics of Artificial Intelligence Group , which Tanaka will lead as founding director.
Security Affairs
APRIL 26, 2025
Veritaco CEO Jeffrey Bowie faces charges for allegedly installing malware on hospital computers, violating Oklahoma’s Computer Crimes Act. Jeffrey Bowie, CEO of the cybersecurity firm Veritaco, is facing two counts of violating Oklahoma’s Computer Crimes Act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Krebs on Security
APRIL 8, 2025
Microsoft today released updates to plug at least 121 security holes in its Windows operating systems and software, including one vulnerability that is already being exploited in the wild. Eleven of those flaws earned Microsoft’s most-dire “critical” rating, meaning malware or malcontents could exploit them with little to no interaction from Windows users.
SecureList
APRIL 23, 2025
We have been tracking the latest attack campaign by the Lazarus group since last November, as it targeted organizations in South Korea with a sophisticated combination of a watering hole strategy and vulnerability exploitation within South Korean software. The campaign, dubbed “Operation SyncHole”, has impacted at least six organizations in South Korea’s software, IT, financial, semiconductor manufacturing, and telecommunications industries, and we are confident that many more
Javvad Malik
APRIL 15, 2025
You’re so busy climbing the corporate ladder that you can’t spare five minutes to ring mum and dad. But fear not! For a mere 24.90 a month, you can now hire a silicon-based impersonator to pretend it cares about your parents’ day. Welcome to inTouch Family, the service that lets you tick “filial piety” off your to-do list without all that pesky human interaction.
The Last Watchdog
APRIL 16, 2025
Palo Alto, Calif, Apr. 16, 2025, CyberNewswire — SquareX researchers Jeswin Mathai and Audrey Adeline will be disclosing a new class of data exfiltration techniques at BSides San Francisco 2025. Titled Data Splicing Attacks: Breaking Enterprise DLP from the Inside Out , the talk will demonstrate multiple data splicing techniques that will allow attackers to exfiltrate any sensitive file or clipboard data, completely bypassing major Data Loss Protection (DLP) vendors listed by Gartner by ex
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
Security Affairs
APRIL 7, 2025
Cybercriminals exploit compromised accounts for EDR-as-a-Service (Emergency Data Requests – EDR), targeting major platforms According to a detailed analysis conducted by Meridian Group, an increasingly complex and structured phenomenon, commonly referred to as EDR-as-a-Service, is taking hold in the cybersecurity landscape. In a nutshell, some criminal groups are exploiting compromised accounts belonging to law enforcement and other government agencies to illicitly forward Emergency Data R
Schneier on Security
APRIL 24, 2025
Interesting : The company has released a working rootkit called “Curing” that uses io_uring, a feature built into the Linux kernel, to stealthily perform malicious activities without being caught by many of the detection solutions currently on the market. At the heart of the issue is the heavy reliance on monitoring system calls, which has become the go-to method for many cybersecurity vendors.
Malwarebytes
APRIL 16, 2025
If you sometimes feel that the internet isn’t the same vibrant place it used to be, you’re not alone. New research suggests that most of the traffic traversing the network isn’t human at all. Bots (software programs that interact with web sites) have been ubiquitous for years. But in its 2025 Bad Bot Report , application security company Imperva claimed this is the first time traffic from bots became more prevalent than human traffic.
Jane Frankland
APRIL 25, 2025
Music and sports have always had the power to unite us. They transcend differences, bring people together, and remind us of the beauty in being different. But if we switch our focus to the world of technology, we seei a starkly different picturea landscape increasingly shaped by control, compliance, and automation. The rapid advancement of technology, particularly in AI and automation, is transforming the way we interact with the digital world.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Joseph Steinberg
APRIL 23, 2025
Whats Broken in U.S. Healthcare Cybersecurity And How to Fix It. From ransomware and cloud misconfigurations to vulnerable medical devices, U.S. healthcare organizations are under relentless cyber pressure and the risks to patient safety have never been higher. Join cybersecurity experts Joseph Steinberg (Cybersecurity Thought Leader & Author) and Chip Witt (Principal Security Evangelist, Radware) for a fast-paced 30-minute session on whats going wrong in healthcare cybersecurity and what
Troy Hunt
APRIL 5, 2025
After an unusually long day of travelling from Iceland, we've finally made it to the land of Guinness, Leprechauns, and a tax haven for tech companies. This week, there are a few more lessons from the successful phish against me the previous week, and in happier news, there is some really solid progress on the HIBP UX rebuild. We spent a bunch of time with Stefan and Ingiber (the guy rebuilding the front end) whilst in Reykjavik and now have a very clear plan mapped out to get this finished
Security Affairs
APRIL 16, 2025
MITREs U.S.-funded CVE program, a core cybersecurity tool for tracking vulnerabilities, faces funding expiry Wednesday, risking disruption to global security. U.S. government funding for MITRE s CVE program , a key global cybersecurity resource for cataloging vulnerabilities, is set to expire Wednesday, risking disruption. The 25-year-old program has assigned over 274,000 CVE IDs for public security vulnerabilities.
Schneier on Security
APRIL 3, 2025
If you’ve ever taken a computer security class, you’ve probably learned about thethree legs of computer security—confidentiality, integrity, and availability—known as the CIA triad. When we talk about a system being secure, that’s what we’re referring to. All are important, but to different degrees in different contexts.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
The Last Watchdog
APRIL 15, 2025
Last Friday morning, April 11, I was making my way home from NTT Researchs Upgrade 2025 innovation conference in San Francisco, when it struck me that were at a watershed moment. I was reflecting on NTTs newly launched Physics of Artificial Intelligence Lab when a GeekWire article crossed my LinkedIn feed, touting a seemingly parallel initiative by Amazon.
Malwarebytes
APRIL 1, 2025
Tax season is in full force, and with the filing deadline fast approaching on April 15, scammers are happy to use that sense of urgency to coax us into handing them our cash. In one example, one of our customers recently received an email with an attachment titled “Urgent reminder. The attachment was a PDF file with a QR code in it. Tax Services Department Important Tax Review and Update Required by 2025-03-16!
Adam Shostack
APRIL 27, 2025
Threat modeling. So much threat modeling, and so much more, including foreshadowing of new rules from FDA. Threat Modeling Threat Modeling Connect has new in person groups. Theres a new human harms focused threat modeling approach, covered in an academic paper, Threat Me Right: A Human HARMS Threat Model for Technical Systems. Linwood Jones and Pawan Suresh blogged about Scaling Your Threat Modeling Program using GenAI at Adobe.
Jane Frankland
APRIL 10, 2025
Small businesses make up 90% of the global business population. They’re not just the soul of local economiesthey’re essential links in global supply chains and the heartbeat of innovation. Yet in todays AI-driven, connected digital world, many of them are facing a threat theyre reluctant to see, hear, or acknowledge. Just like the three wise monkeys , some small business owners are unintentionally following a philosophy of see no risk, hear no warning, speak no threat when it comes t
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Security Affairs
APRIL 16, 2025
Cheap Chinese Android phones ship with trojanized WhatsApp and Telegram clones hiding crypto clippers, active since June 2024. Since June 2024, Doctor Web researchers found cheap Android phones preloaded with fake WhatsApp and Telegram apps designed to steal crypto via clipping. These clippers swap copied wallet addresses with the attackers own. The campaign targeted low-end phones mimicking famous models, using altered system info to trick users.
Schneier on Security
APRIL 8, 2025
At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over the last three decades, the infrastructure that must implement and protect it has changed radically.
The Last Watchdog
APRIL 22, 2025
Cybercriminals are moving faster than ever, exploiting implicit trust within networks to spread ransomware and execute supply chain attacks. Related: Protecting cloud assets with microsegmentation In response, microsegmentation is gaining momentum as a key cybersecurity strategyone that could take center stage as RSAC 2025 gets underway next week at San Franciscos Moscone Center.
Malwarebytes
APRIL 3, 2025
Up to one in five of the most popular mobile VPNs for iOS last year are owned by Chinese companies that do their best to hide the fact. In at least one case, the owner is on a US blacklist. That’s according to a report from the non-profit Tech Transparency Project (TTP), who investigated the top 100 mobile VPN apps downloaded from Apple’s App Store as documented by mobile intelligence company AppMagic.
Advertisement
How many people would you trust with your house keys? Chances are, you have a handful of trusted friends and family members who have an emergency copy, but you definitely wouldn’t hand those out too freely. You have stuff that’s worth protecting—and the more people that have access to your belongings, the higher the odds that something will go missing.
Adam Shostack
APRIL 5, 2025
Troy Hunt has a good post about being phished. Good on Troy for being transparent, and he talks about being tired and jet lagged, and that deserves sympathy. Attackers are sneaky. Troy honorably admits that he overrode 1Password and filled out the phishing site. In this post, I want to share why I think I wouldnt fall for this, even jet lagged. That defense is intensive sorting into folders, enabled by custom email addresses.
eSecurity Planet
APRIL 2, 2025
In a troubling security breach, a hacker exposed the personal data of over 270,000 Samsung customers in Germany, freely dumping it on the internet. The hack, attributed to a cybercriminal operating under the alias GHNA, occurred when the attacker accessed a system used by Samsungs German customer service. According to cybersecurity firm Hudson Rock, the hack was made possible by a set of stolen credentials compromised in 2021.
Security Affairs
APRIL 22, 2025
Japan s Financial Services Agency (FSA) warns of hundreds of millions in unauthorized trades linked to hacked brokerage accounts. Japan s Financial Services Agency (FSA) reported that the damage caused by unauthorized access to and transactions on internet trading services is increasing. “There has been a sharp increase in the number of cases of unauthorized access and unauthorized trading (trading by third parties) on Internet trading services using stolen customer information (login IDs,
Schneier on Security
APRIL 14, 2025
The Wall Street Journal has the story : Chinese officials acknowledged in a secret December meeting that Beijing was behind a widespread series of alarming cyberattacks on U.S. infrastructure, according to people familiar with the matter, underscoring how hostilities between the two superpowers are continuing to escalate. The Chinese delegation linked years of intrusions into computer networks at U.S. ports, water utilities, airports and other targets, to increasing U.S. policy support for Taiwa
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Expert insights. Personalized for you.
312 
Let's personalize your content