Lohrman on Security
DECEMBER 20, 2024
As we end the first quarter of the 21st century, cybersecurity threats seem more daunting than ever. So what cyber trends, forecasts, themes, insights and predictions are on offer for the new year? Heres your annual security industry prediction roundup for 2025.
Zero Day
DECEMBER 20, 2024
Here's how to save money, reduce e-waste, and extend the life of your old hardware at the same time.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Security Boulevard
DECEMBER 20, 2024
North Korean hackers stole $1.34 billion in cryptocurrency in 2024, more than half of the $2.2 billion stolen in all crypto hacks, and the attacks by threat groups linked to the rogue nation are becoming more frequent and are happening more quickly. The post North Korean Hackers Stole $1.34 Billion in Crypto in 2024 appeared first on Security Boulevard.
Zero Day
DECEMBER 20, 2024
I spent a weekend earning my digital credential in AI from IBM. The last session was my favorite.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
Security Affairs
DECEMBER 20, 2024
Raccoon Infostealer operator Mark Sokolovsky was sentenced to 60 months in US prison and ordered to pay over $910,000 in restitution. The US Department of Justice sentenced the Ukrainian national Mark Sokolovsky (28) for his role in the distribution of the Raccoon Infostealer malware. “Ukrainian national Mark Sokolovsky was sentenced today to 60 months in federal prison for one count of conspiracy to commit computer intrusion.” reads the DoJ’s press release. “As part of h
Zero Day
DECEMBER 20, 2024
Leaving X isn't as simple as logging off. Here's what to do before joining the exodus.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
SecureList
DECEMBER 20, 2024
Introduction BellaCiao is a.NET-based malware family that adds a unique twist to an intrusion, combining the stealthy persistence of a webshell with the power to establish covert tunnels. It surfaced for the first time in late April 2023 and has since been publicly attributed to the APT actor Charming Kitten. One important aspect of the BellaCiao samples is how they exhibit a wealth of information through their respective PDB paths, including a versioning scheme we were able to work out once we
Penetration Testing
DECEMBER 20, 2024
Rockwell Automation has issued a critical security advisory highlighting three severe vulnerabilities affecting its PowerMonitor 1000 devices. These vulnerabilities, identified by Vera Mens of Claroty Research – Team82, pose significant... The post Critical Flaws in Rockwell Automation PowerMonitor 1000 Devices: CVSS Scores Hit 9.8/10 appeared first on Cybersecurity News.
Zero Day
DECEMBER 20, 2024
Are you looking for an alternative password to LastPass? These are the best alternatives with strong security, easy-to-use features, and multi-platform support.
Penetration Testing
DECEMBER 20, 2024
Wiz Threat Research revealed a new malware campaign orchestrated by the Romanian-speaking threat group Diicot, also known as Mexals. This campaign targets Linux environments with advanced malware techniques, marking a... The post Diicot Threat Group Targets Linux with Advanced Malware Campaign appeared first on Cybersecurity News.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Zero Day
DECEMBER 20, 2024
The sheer abundance of deals during the holiday season can get overwhelming. Amazon's guides help US customers navigate more than 100 product types.
Security Affairs
DECEMBER 20, 2024
Sophos fixed three Sophos Firewall flaws that could lead to SQL injection, privileged SSH access to devices, and remote code execution. Sophos has addressed three vulnerabilities, respectively tracked as CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729, in its Sophos Firewall solution. The vulnerabilities impact Sophos Firewall v21.0 GA (21.0.0) and older versions, below are the description for these issues: CVE-2024-12727 (CVSS score 9.8) – The vulnerability is a pre-auth SQL injection
Zero Day
DECEMBER 20, 2024
On Google Pixel phones and other devices running stock Android, a swipe and tap is all it takes to revisit your notification history.
Security Affairs
DECEMBER 20, 2024
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) Command Injection flaw, tracked as CVE-2024-12356 (CVSS score of 9.8) to its Known Exploited Vulnerabilities (KEV) catalog.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Zero Day
DECEMBER 20, 2024
Going off the grid or need power in a pinch during a power outage? I tested the best power stations to keep your devices running.
Security Boulevard
DECEMBER 20, 2024
OPSWAT this week revealed it has acquired Fend, Inc. to further extend the reach of its cybersecurity portfolio into the realm of operational technology (OT). The post OPSWAT Acquires Fend to Extend Cybersecurity Reach Into OT Platforms appeared first on Security Boulevard.
Zero Day
DECEMBER 20, 2024
Blending precision health tracking with elegant design, the Oura Ring 4 underscores the growing importance of health tech in our daily lives.
eSecurity Planet
DECEMBER 20, 2024
Deloitte has been hacked in a massive data breach attributed to the Brain Cipher ransomware group, exposing 1TB of sensitive information. In this video, our cybersecurity expert dives into the details of the breach, how it happened, and what Deloitte is doing to contain the damage. The post Video: Brain Cipher Ransomware Hacks Deloitte appeared first on eSecurity Planet.
Advertisement
Cloud Development Environments (CDEs) are changing how software teams work by moving development to the cloud. Our Cloud Development Environment Adoption Report gathers insights from 223 developers and business leaders, uncovering key trends in CDE adoption. With 66% of large organizations already using CDEs, these platforms are quickly becoming essential to modern development practices.
Zero Day
DECEMBER 20, 2024
AI is just one of the challenges you're facing. Focus on these areas to help your team and the rest of your business excel next year.
The Hacker News
DECEMBER 20, 2024
The developers of Rspack have revealed that two of their npm packages, @rspack/core and @rspack/cli, were compromised in a software supply chain attack that allowed a malicious actor to publish malicious versions to the official package registry with cryptocurrency mining malware. Following the discovery, versions 1.1.7 of both libraries have been unpublished from the npm registry.
Zero Day
DECEMBER 20, 2024
We tested and researched the best HDMI splitters that provide a convenient and efficient way to distribute HDMI signals to multiple displays. These are our favorites.
Security Boulevard
DECEMBER 20, 2024
Today, we are thrilled to announce that Impart is now available in the AWSMarketplace. More Streamlined Contracting AWS customers with existing spend commitments can apply their Impart purchase toward their AWS commitment. This availability simplifies the buying process with streamlined contractual and legal terms, enabling faster procurement. Product Benefits AWScustomers can now more easily purchase Impart to improve their web application and API security, including: Comprehensive WAF and API
Advertisement
Tech leaders today are facing shrinking budgets and investment concerns. This whitepaper provides insights from over 1,000 tech leaders on how to stay secure and attract top cybersecurity talent, all while doing more with less. Download today to learn more!
Zero Day
DECEMBER 20, 2024
I tested the best cheap portable power stations that are great for camping, workshops, and power outages. Here's how to pick an excellent system without spending thousands of dollars.
Security Boulevard
DECEMBER 20, 2024
As a cybersecurity executive, your job is clear: protect business operations, safeguard consumers and ensure the security of your employees. But in todays rapidly evolving threat landscape, these responsibilities are more challenging than ever. The rise of AI-powered attacks demands that you take decisive, specific actions to not only improve efficiency but also enhance your [] The post AI-Powered Actions Cybersecurity Leaders Are Taking to Outwit Bad Actors appeared first on Security Boulevard.
Zero Day
DECEMBER 20, 2024
Looking for a fast, reliable streaming device that's easy to use with any smartphone? The Roku Ultra is as good as these gadgets get.
Penetration Testing
DECEMBER 20, 2024
The Securonix Threat Research team has uncovered a sophisticated phishing campaign named FLUX#CONSOLE, leveraging tax-related lures and the use of Windows MSC (Microsoft Management Console) files to deploy a stealthy... The post Tax-Themed Campaign Exploits Windows MSC Files to Deliver Stealthy Backdoor appeared first on Cybersecurity News.
Advertisement
Explore how enterprises can enhance developer productivity and onboarding by adopting self-hosted Cloud Development Environments (CDEs). This whitepaper highlights the simplicity and flexibility of cloud-based development over traditional setups, demonstrating how large teams can leverage economies of scale to boost efficiency and developer satisfaction.
Security Boulevard
DECEMBER 20, 2024
The post Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality appeared first on AI-Enhanced Security Automation. The post Will AI Drive Efficiency and Budget Growth? Risks, Rewards & Reality appeared first on Security Boulevard.
Zero Day
DECEMBER 20, 2024
If you like your Android home screen to give you quick access to information, services, and apps, you should consider adding a small collection of widgets.
Security Boulevard
DECEMBER 20, 2024
Discover how Zimperium can help with advanced spyware such as NoviSpy. The post How Zimperium Can Help With Advanced Spyware Such as NoviSpy appeared first on Zimperium. The post How Zimperium Can Help With Advanced Spyware Such as NoviSpy appeared first on Security Boulevard.
GlobalSign
DECEMBER 20, 2024
Join us for our final NewScam of 2024 as we unpack the biggest stories of the month including a major telecoms hack, a costly crypto heist and more!
Advertisement
IT leaders are experiencing rapid evolution in AI amid sustained investment uncertainty. As AI evolves, enhanced cybersecurity and hiring challenges grow. This whitepaper offers real strategies to manage risks and position your organization for success.
Expert insights. Personalized for you.
130 
Let's personalize your content