IT Security News Daily Summary 2025-03-13

179 posts were published in the last hour

22:34 : GitLab addressed critical auth bypass flaws in CE and EE
22:2 : What is a pass-the-hash attack?
22:2 : EFF Thanks Fastly for Donated Tools to Help Keep Our Website Secure
21:32 : EFFecting Change: Is There Hope for Social Media?
21:32 : Don’t let your kids on Roblox if you’re not comfortable, says Roblox CEO
21:13 : FBI and CISA Urge Enabling 2FA to Counter Medusa Ransomware
20:36 : Negative Exposure: Edimax Network Cameras Used to Spread Mirai
20:36 : Binance Token Rises After Trump Stake Report
20:36 : The True Cost of Cybercrime: Why Global Damages Could Reach $1.2 – $1.5 Trillion by End of Year 2025
20:36 : Secure cloud innovation starts at re:Inforce 2025
20:9 : How to build an application security program
20:9 : Randall Munroe’s XKCD ‘Water Damage’
20:9 : BSides Exeter 2024 – Blue Track – DFIR – Are We There Yet?
20:5 : IT Security News Hourly Summary 2025-03-13 21h : 5 posts
19:33 : Ransomware Hits Record High: 126% Surge in Attacks in February 2025
19:33 : Amazon is still hosting stalkerware victims’ data weeks after breach alert
19:33 : Google says it’s rolling out a fix for stricken Chromecasts
19:33 : Jailbreaking is (mostly) simpler than you think
19:33 : Manage authorization within a containerized workload using Amazon Verified Permissions
19:4 : iRobot Admits ‘Substantial Doubt’ Over Continued Operation
19:4 : Unpatched Edimax Camera Flaw Exploited Since at Least May 2024
18:32 : Miniaudio and Adobe Acrobat Reader vulnerabilities
18:13 : Patch it up: Old vulnerabilities are everyone’s problems
18:13 : EFF Joins AllOut’s Campaign Calling for Meta to Stop Hate Speech Against LGBTQ+ Community
17:36 : North Korea-linked APT group ScarCruft spotted using new Android spyware KoSpy
17:36 : FreeType Zero-Day Being Exploited in the Wild
17:36 : Phantom Goblin: An Emerging Menace in Credential Theft and Remote System Access
17:36 : Volt Typhoon Accessed US OT Network for Nearly a Year
17:6 : Meta’s Community Notes To Use X’s Algorithm
17:6 : Apple’s Lockdown Mode is good for security — but its notifications are baffling
17:5 : How to Use EDR for Advanced Threat Hunting (With Real Examples)
17:5 : Siemens SINAMICS S200 Bootloader Vulnerability Let Attackers Compromise the Device
17:5 : Hackers Abuse Microsoft Copilot for Sophisticated Phishing Attack
17:5 : 86,000+ Healthcare Staff Records Exposed from Misconfigured AWS S3 Bucket
17:5 : CISA Warns of Apple WebKit Out-of-Bounds Write Vulnerability Exploited in Wild
17:5 : CISA Warns of Juniper Junos OS Improper Isolation Vulnerability Exploited in Wild
17:5 : ICYMI: Interesting Things We Learned at the HIMSS 2025 Conference
17:4 : Moving Past Compensating Controls: The Long-Term Value of Tokenization for PCI DSS
16:40 : Navigating AI-powered cyber threats in 2025: 4 expert security tips for businesses
16:40 : Siemens SINEMA Remote Connect Client
16:40 : Siemens OPC UA
16:40 : Siemens Teamcenter Visualization and Tecnomatrix Plant Simulation
16:40 : Siemens SINEMA Remote Connect Server
16:40 : Siemens SIMATIC IPC Family, ITP1000, and Field PGs
16:40 : RIP Mark Klein
16:39 : Cisco Patches 10 Vulnerabilities in IOS XR
16:39 : How MSRC coordinates vulnerability research and disclosure while building community
16:39 : Microsoft Warns of ClickFix Phishing Campaign Targeting Hospitality Sector via Fake Booking[.]com Emails
16:39 : CISA, FBI Warn of Medusa Ransomware Impacting Critical Infrastructure
16:8 : Signal fails to address Ukraine cyber threat concerns against Russia
16:7 : FTC Says It Has Resources To Pursue Amazon Case, In Major U-Turn
16:7 : HealthTech Database Exposed 108GB Medical and Employment Records
16:7 : Anthropic researchers forced Claude to become deceptive — what they discovered could save us from rogue AI
16:7 : Patronus AI’s Judge-Image wants to keep AI honest — and Etsy is already using it
16:7 : 2-year-old Windows Kernel 0-day Vulnerability Exploited in the Wild
16:7 : Apache NiFi Vulnerability Let Attackers Access MongoDB Username & Passwords
16:7 : How to secure your personal metadata from online trackers
15:34 : CISA Adds Two Known Exploited Vulnerabilities to Catalog
15:34 : Experts warn of a coordinated surge in the exploitation attempts of SSRF vulnerabilities
15:34 : Don’t let your kids on Roblox if you’re worried, says Roblox CEO
15:34 : Grafana Flaws Likely Targeted in Broad SSRF Exploitation Campaign
15:34 : Phishing campaign impersonates Booking .com, delivers a suite of credential-stealing malware
15:34 : ‘ClickFix’ Phishing Scam Impersonates Booking.com to Target Hospitality
15:8 : Wordfence Intelligence Weekly WordPress Vulnerability Report (March 3, 2025 to March 9, 2025)
15:8 : Setting the Record Straight: Debunking Myths About Mainframe Security in Cyber Strategies
15:8 : That ‘angry guest’ email from Booking.com? It’s a scam, not a 1-star review
15:8 : Apple’s appeal against UK’s secret iCloud backdoor order must be held in public, rights groups urge
15:8 : Bitdefender Warns of Multiple Vulnerabilities That Let Attackers Execute MITM Attack
15:8 : Mozilla Urging Users to Update Firefox, Else Add-ons Will Stop Working
15:8 : Microsoft Warns of Hospitality Sector Attacks Involving ClickFix
15:8 : North Korea’s ScarCruft Deploys KoSpy Malware, Spying on Android Users via Fake Utility Apps
14:34 : Is your phone eavesdropping on you? Try NordVPN’s simple test to find out
14:34 : Hackers Use Trump’s Coin, Binance’s Name in Crypto Phishing Scam
14:9 : New OBSCURE#BAT Malware Targets Users with Fake Captchas
14:9 : CISA: We didn’t fire our red team, we just unhired a bunch of them
14:5 : IT Security News Hourly Summary 2025-03-13 15h : 11 posts
13:34 : Blind Eagle Targets Organizations with Weaponized .URL Files to Steal User Hashes
13:34 : 5 Ways Docker Can Improve Security in Mobile App Development
13:34 : A Milestone in Hands-On Cyber Security Training: SecureAcademy’s First Global Cyber Range Challenge
13:34 : Medusa Ransomware: FBI and CISA Urge Organizations to Act Now to Mitigate Threat
13:34 : Speedify VPN Review 2025: Features, Security, and Performance
13:34 : Guardians of AIoT: Protecting Smart Devices from Data Poisoning
13:34 : DeepSeek can be gently persuaded to spit out malware code
13:34 : Tencent’s AI Chatbot Yuanbao Becomes China’s Most Downloaded iOS App
13:34 : Webcam Exploited by Ransomware Group to Circumvent EDR Protections
13:34 : FBI Warns of Fake Ransom Demands Sent by Mail to US Executives
13:34 : GitHub Uncovers New ruby-saml Vulnerabilities Allowing Account Takeover Attacks
13:3 : How Do US Privacy Laws Affect You and Your Digital Footprint?
13:3 : 86,000+ Healthcare Staff Records Exposed Due to AWS S3 Misconfiguration
13:2 : DeepSeek’s Malware-Generation Capabilities Put to Test
12:36 : Microsoft Finally Patches 2-Year-Old Windows Kernel Security Flaw
12:36 : North Korean Hackers’ Android Malware on Google Play Steals SMS, Call Logs & Screenshots
12:36 : Tenda AC7 Routers Vulnerability Let Attackers Gain Root Shell With Malicious Payload
12:36 : Meta Warns of FreeType Vulnerability Exploited in Wild to Execute Arbitrary Code
12:36 : Blind Eagle Attacking Organizations With Weaponized .url Files To Extract User Hash
12:36 : Beware of North Korean Hackers DocSwap Malware Disguised As Security Document Viewer
12:36 : Future-Proofing Business Continuity: BCDR Trends and Challenges for 2025
12:4 : North Korean Hackers Use Google Play Malware to Steal SMS, Calls & Screenshots
12:4 : Hackers Exploiting JSPSpy To Manage Malicious Webshell Networks
12:4 : Security Maturity Models: Leveraging Executive Risk Appetite for Your Secure Development Evolution
12:4 : Suspected North Korea Group Targets Android Devices with Spyware
12:4 : Tech Complexity Puts UK Cybersecurity at Risk
11:38 : Mozilla Issues Urgent Firefox Update Warning to Prevent Add-on Failures
11:38 : Meta warns of actively exploited flaw in FreeType library
11:38 : Google Uncovers China-Linked Espionage Campaign Targeting Juniper Routers
11:38 : New Federal Alert Warns U.S. Businesses of Medusa Ransomware Surge
11:38 : Webinar on Demand: Protecting Executives and Enterprises from Digital, Narrative and Physical Attacks
11:9 : Intel Appoints Chip Veteran Lip-Bu Tan As CEO
11:9 : Hackers Exploit Microsoft Copilot for Advanced Phishing Attacks
11:9 : New DCRat Campaign Uses YouTube Videos to Target Users
11:9 : Bitdefender Identifies Security Vulnerabilities Enabling Man-in-the-Middle Exploits
11:9 : VC Investment in Cyber Startups Surges 35%
11:5 : IT Security News Hourly Summary 2025-03-13 12h : 10 posts
10:34 : Apple To Appeal UK Government Backdoor Order On Friday
10:34 : Head Mare and Twelve join forces to attack Russian entities
10:34 : How to detect Headless Chrome bots instrumented with Puppeteer?
10:34 : INE Security Alert: Using AI-Driven Cybersecurity Training to Counter Emerging Threats
10:34 : UK ICO Fires GDPR “Warning Shot” Over Use of Children’s Data
10:9 : Abusing with style: Leveraging cascading style sheets for evasion and tracking
10:9 : Investigating Scam Crypto Investment Platforms Using Pyramid Schemes to Defraud Victims
10:9 : How to set up Bitwarden for personal and work use – and why you should keep them separate
10:9 : 6 Potential Security Concerns With the Eventual Rollout of 6G
10:9 : ‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge
9:34 : Modat launches premier product, Modat Magnify for Cybersecurity Professionals
9:34 : Medusa ransomware hit over 300 critical infrastructure organizations until February 2025
9:34 : Fake Captcha Malware Attacking Windows Users To execute PowerShell Commands
9:34 : Hackers Using JSPSpy Tool To Manage Malicious Webshell Infrastructure
9:34 : GitLab Warns of Multiple Vulnerabilities Let Attackers Login as Valid User
9:7 : Entertaining While Training: Lessons on C and C++ Secure Coding Practices with Tanya Janca
9:6 : FreeType Vulnerability Actively Exploited for Arbitrary Code Execution
9:6 : Fake CAPTCHA Malware Exploits Windows Users to Run PowerShell Commands
9:6 : Why AI-powered security tools are your secret weapon against tomorrow’s attacks
8:34 : New OBSCURE#BAT Exploit Windows Alters System Processes & Registry for Evasion
8:34 : North Korean Hackers Deploy DocSwap Malware Disguised as Security Tool
8:34 : Medusa Ransomware Hits 300+ Critical Infrastructure Organizations Worldwide
8:34 : Medusa Ransomware Hacked 300+ Organizations Worldwide from Variety of Critical Infrastructure
8:34 : New OBSCURE#BAT Manipulates System Processes & Registry Entries To Evade Detection
8:34 : Fortinet Addresses Multiple Vulnerabilities in FortiSandbox, FortiOS, & Other Products
8:34 : Medusa ransomware affiliate tried triple extortion scam – up from the usual double demand
8:34 : WARNING: Expiring Root Certificate May Disable Firefox Add-Ons, Security Features, and DRM Playback
8:34 : Meta Warns of FreeType Vulnerability (CVE-2025-27363) With Active Exploitation Risk
8:5 : IT Security News Hourly Summary 2025-03-13 09h : 6 posts
7:32 : Tenda AC7 Vulnerability Lets Hackers Execute Malicious Payloads for Root Access
7:32 : ISAC Executive Order Increases Risk for Small Towns
7:31 : Microsoft patches 57 security flaws, Sola aims to build the ‘Stripe for security’, US council wants to counter China threats
7:9 : Estonia-based Blackwall raises €45 million Series B to protect SMBs from malicious online traffic
7:9 : China-Nexus Group Hacked Juniper Networks and Implant Backdoors on Its Routers
7:8 : US Charges 12 Chinese Hackers For Hacking National Security Infrastructure
6:36 : Most Secure AI Models for Enterprises
6:36 : GitLab Identifies Security Vulnerabilities Enabling Attacker Logins as Valid Users
6:36 : Security Neglect: Like an Unserviced Car, It’s Only a Matter of Time
6:36 : CISOs, are your medical devices secure? Attackers are watching closely
6:9 : US populace should be wary of malware and digital arrest messages on iPhones
6:9 : USA introduces a self-deportation app called CBP Home
6:8 : Fortinet Addresses Security Issues in FortiSandbox, FortiOS, and Other Products
6:8 : Cisco IOS XR Software Vulnerability Allows Attackers to Execute Commands as Root
5:34 : Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor
5:34 : Gloomy News from Kansas as Sunflower Medical Group Disclose Data Breach
5:34 : AI-Powered Fraud: How Cybercriminals Target Finance Teams—and How to Stop Them
5:34 : Cybersecurity jobs available right now in Europe: March 13, 2025
5:34 : Cybersecurity classics: 10 books that shaped the industry
5:12 : U.S. Accuses 12 Chinese Nationals of Hacking National Security Networks
5:12 : Confidence Gap in Cybersecurity Leaves Businesses at Risk
5:11 : New Bill Aims to Strengthen Cybersecurity for Federal Contractors
3:32 : WatchGuard unveils FireCloud Internet Access
3:31 : KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk
3:31 : Multiple Zoom Client Vulnerabilities Exposes Sensitive Data
2:11 : ISC Stormcast For Thursday, March 13th, 2025 https://isc.sans.edu/podcastdetail/9362, (Thu, Mar 13th)
2:11 : Get off that old Firefox by Friday or you’ll be sorry, says Moz
2:5 : IT Security News Hourly Summary 2025-03-13 03h : 2 posts
1:5 : File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th)
1:5 : Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry
0:36 : China-linked APT UNC3886 targets EoL Juniper routers
0:8 : Statement on CISA’s Red Team
0:8 : Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year
23:5 : IT Security News Hourly Summary 2025-03-13 00h : 4 posts
23:4 : What strategies improve NHI provisioning speed without sacrificing security?
23:4 : What key metrics indicate NHI performance in DevOps?
23:4 : How do I secure dynamic NHIs in a microservices architecture?

Related

Post navigation