During October and November 2024, researchers observed a surge in North Korean cyber activity leveraging a well-documented tactic: staging fake job interviews. This approach, employed by the notorious Lazarus Group, targets employees in the technological, financial, and cryptocurrency sectors. Disguised…
Bitwarden to enable two-step login for all users in the next days, sort of
Bitwarden is a popular open source password management solution that we have mentioned several times in the past. It is one of our recommended password managers. Bitwarden announced recently that it is […] Thank you for being a Ghacks reader.…
Cyber Attack on China AI startup DeepSeek halts registrations on iPhones
DeepSeek, a rising AI startup from China, has recently issued a warning that it is temporarily halting user registrations after its servers were hit by a large-scale cyber attack. Preliminary investigations suggest that the attack was a Distributed Denial of…
Cyber Threats of Keeping Mobile Wi-Fi On: A Growing Concern
In today’s hyper-connected world, mobile devices are an integral part of daily life, allowing us to stay in touch with others, access the internet, and manage countless tasks on the go. A feature that enhances mobile connectivity is Wi-Fi, which…
FortiOS Authentication Bypass Vulnerability Exploited to Gain Super-Admin Access
A critical zero-day vulnerability in Fortinet’s FortiOS and FortiProxy products tracked as CVE-2024-55591, has been actively exploited in the wild, allowing attackers to gain super-admin privileges. The flaw, which carries a CVSS score of 9.6, has raised significant concerns among…
74% of CISOs are increasing crisis simulation budgets
In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale cyber crisis, according to Hack The Box. Many CISOs…
BloodyAD: Open-source Active Directory privilege escalation framework
BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features “I created this tool because I do a lot of…
IT Security News Hourly Summary 2025-01-28 06h : 2 posts
2 posts were published in the last hour 4:34 : Cybersecurity jobs available right now: January 28, 2025 4:34 : Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Cybersecurity jobs available right now: January 28, 2025
Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments…
Apple Patches Actively Exploited Zero-Day Affecting iPhones, Macs, and More
Apple has released software updates to address several security flaws across its portfolio, including a zero-day vulnerability that it said has been exploited in the wild. The vulnerability, tracked as CVE-2025-24085, has been described as a use-after-free bug in the…
Microsoft Announces Phishing Attack Protection for Teams Chat Starting February 2025
Microsoft has unveiled a new security feature for its popular collaboration platform, Microsoft Teams, to combat phishing attacks through brand impersonation in external chats. The feature, which will alert users to potential impersonation risks during initial contact from external domains,…
Doxbin Scrape – 435,784 breached accounts
In January 2025, 435k email addresses were scraped from the "doxing" service Doxbin. Posts to the service are usually intended to disclose the personal information of non-consensually third parties. The data was provided to HIBP by a source who requested…
A Tumultuous Week for Federal Cybersecurity Efforts
President Trump last week issued a flurry of executive orders that upended a number of government initiatives focused on improving the nation’s cybersecurity posture. The president fired all advisors from the Department of Homeland Security’s Cyber Safety Review Board, called…
ISC Stormcast For Tuesday, January 28th, 2025 https://isc.sans.edu/podcastdetail/9298, (Tue, Jan 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, January 28th, 2025…
IT Security News Hourly Summary 2025-01-28 03h : 1 posts
1 posts were published in the last hour 1:9 : 2025-01-23: Fake installer leads to Koi Loader/Koi Stealer
2025-01-23: Fake installer leads to Koi Loader/Koi Stealer
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from Malware-Traffic-Analysis.net – Blog Entries Read the original article: 2025-01-23: Fake installer leads to Koi Loader/Koi Stealer
Subaru STARLINK Flaw Enabled Remote Tracking and Control of Vehicles
Subaru STARLINK flaw exposed a critical security vulnerability, enabling unauthorized access to vehicle tracking, remote control, and sensitive… This article has been indexed from Hackread – Latest Cybersecurity, Tech, Crypto & Hacking News Read the original article: Subaru STARLINK Flaw…
U.S. Shuts Down Another N. Korean IT Worker Scam, Indicting 5
The DOJ, which has move aggressively over the past year to find and shut down North Korea’s numerous IT worker scams, indicts two U.S. citizens and three others for running a six-year operation the stole more than $866,000 from 10…
SonicWall says hackers are exploiting a new zero-day bug to breach customer networks
SonicWall said the bug is “confirmed as being actively exploited in the wild” by malicious hackers. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch Read the original article:…
Africa’s Payment Revolution: A Conversation With Flutterwave’s Olugbenga “GB” Agboola
Meta: “Our growth has been customer-defined,” said Flutterwave CEO and founder Olugbenga “GB” Agboola, “our expansion is always customer-driven.” The fintech startup Flutterwave has become a central force in Africa, spearheading its rapid propulsion into the digital economy. As one…
Passkeys are gaining popularity, but too much authentication is hard to manage
Keeper Security, the cybersecurity provider of zero-trust and zero-knowledge Privileged Access Management (PAM) software protecting passwords, passkeys, privileged accounts, secrets and remote connections, announces the release of its latest Insight Report, “Navigating a Hybrid Authentication Landscape.” This report explores the…
DEF CON 32 – Simulating Attacks Against Hydroelectric Power Plants
Author/Presenter: Julia Dewitz-Würzelberger Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink The…
BTS #44 – Network Appliances: A Growing Concern
In this episode, Paul Asadoorian and Chase Snyder discuss the latest security threats and vulnerabilities affecting network appliances, particularly focusing on Avanti and Fortinet platforms. They explore the increasing risks associated with these devices, the need for improved security standards,…
Announcing upcoming changes to the AWS Security Token Service global endpoint
AWS launched AWS Security Token Service (AWS STS) in August 2011 with a single global endpoint (https://sts.amazonaws.com), hosted in the US East (N. Virginia) AWS Region. To reduce dependency on a single Region, STS launched AWS STS Regional endpoints (https://sts.{Region_identifier}.{partition_domain})…