Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Microsoft Cracks Down on Malicious Copilot AI Use
According to the tech giant, it has observed a threat group seeking out vulnerable customer accounts using generative AI, then creating tools to abuse these services.
Published on: January 13, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Cloud Attackers Exploit Max-Critical Aviatrix RCE Flaw
The security vulnerability tracked as CVE-2024-50603, which rates 10 out of 10 on the CVSS scale, enables unauthenticated remote code execution on affected systems, which cyberattackers are using to plant malware.
Published on: January 13, 2025 | Source:Biden administration unveils export controls on AI models, chips
The so-called AI diffusion rule from Commerceโs Bureau of Industry and Security faced swift pushback from industry. The post Biden administration unveils export controls on AI models, chips appeared first on CyberScoop.
Published on: January 13, 2025 | Source:Trump and others want to ramp up cyber offense, but thereโs plenty of doubt about the idea
In recent months, incoming Trump administration national security adviser Mike Waltz and some lawmakers have suggested that in response to Chinese cyber breaches, the United States needs to prioritize taking more aggressive offensive actions in cyberspace rather than emphasizing defense. Itโs been said before. And itโs easier said than done. Experts that spoke with reporters [โฆ] The post Trump and others want to ramp...
Published on: January 13, 2025 | Source:Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results
Threat actors are targeting people searching for pirated or cracked software with fake downloaders that include infostealing malware such as Lumma and Vidar.
Published on: January 13, 2025 | Source:Telefonica Breach Exposes Jira Tickets, Customer Data
The Hellcat ransomware group has stolen roughly 5,000 documents, potentially containing confidential information, from the telecom giant's internal database.
Published on: January 13, 2025 | Source:The Shifting Landscape of Open Source Security
By focusing on vigilant security practices, responsible AI deployment, and alignment with global regulatory standards, the OSS community can make 2025 a transformative year for security.
Published on: January 13, 2025 | Source:Hackers Exploit Aviatrix Controller Vulnerability to Deploy Backdoors and Crypto Miners
A recently disclosed critical security flaw impacting the Aviatrix Controller cloud networking platform has come under active exploitation in the wild to deploy backdoors and cryptocurrency miners. Cloud security firm Wiz said it's currently responding to "multiple incidents" involving the weaponization of CVE-2024-50603 (CVSS score: 10.0), a maximum severity bug that could result in
Published on: January 13, 2025 | Source:โก THN Weekly Recap: Top Cybersecurity Threats, Tools and Tips [13 January]
The cyber worldโs been buzzing this week, and itโs all about staying ahead of the bad guys. From sneaky software bugs to advanced hacking tricks, the risks are real, but so are the ways to protect yourself. In this recap, weโll break down whatโs happening, why it matters, and what you can do to stay secure. Letโs turn awareness into action and keep one step ahead
Published on: January 13, 2025 | Source:Microsoft Takes Legal Action Against AI โHacking as a Serviceโ Scheme
Not sure this will matter in the end, but itโs a positive move: Microsoft is accusing three individuals of running a โhacking-as-a-serviceโ scheme that was designed to allow the creation of harmful and illicit content using the companyโs platform for AI-generated content. The foreign-based defendants developed tools specifically designed to bypass safety guardrails Microsoft has erected to prevent the creation of...
Published on: January 13, 2025 | Source:Ransomware on ESXi: The Mechanization of Virtualized Attacks
In 2024, ransomware attacks targeting VMware ESXi servers reached alarming levels, with the average ransom demand skyrocketing to $5 million. With approximately 8,000 ESXi hosts exposed directly to the internet (according to Shodan), the operational and business impact of these attacks is profound. Most of the Ransomware strands that are attacking ESXi servers nowadays, are variants of the
Published on: January 13, 2025 | Source:WordPress Skimmers Evade Detection by Injecting Themselves into Database Tables
Cybersecurity researchers are warning of a new stealthy credit card skimmer campaign that targets WordPress e-commerce checkout pages by inserting malicious JavaScript code into a database table associated with the content management system (CMS). "This credit card skimmer malware targeting WordPress websites silently injects malicious JavaScript into database entries to steal sensitive payment
Published on: January 13, 2025 | Source:Expired Domains Allowed Control Over 4,000 Backdoors on Compromised Systems
No less than 4,000 unique web backdoors previously deployed by various threat actors have been hijacked by taking control of abandoned and expired infrastructure for as little as $20 per domain. Cybersecurity company watchTowr Labs said it pulled off the operation by registering over 40 domain names that the backdoors had been designed to use for command-and-control (C2). In partnership with the
Published on: January 13, 2025 | Source:Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation
Microsoft has revealed that it's pursuing legal action against a "foreign-based threatโactor group" for operating a hacking-as-a-service infrastructure to intentionally get around the safety controls of its generative artificial intelligence (AI) services and produce offensive and harmful content. The tech giant's Digital Crimes Unit (DCU) said it has observed the threat actors "develop
Published on: January 11, 2025 | Source:DoJ Indicts Three Russians for Operating Crypto Mixers Used in Cybercrime Laundering
The U.S. Department of Justice (DoJ) on Friday indicted three Russian nationals for their alleged involvement in operating the cryptocurrency mixing services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on December 1, 2024, in coordination with the Netherlands' Financial Intelligence and Investigative Service, Finland's National Bureau of
Published on: January 11, 2025 | Source:Threat Actors Exploit a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, threat actors โ possibly the same ones as before โ are exploiting its edge devices for the nth time.
Published on: January 10, 2025 | Source:China's UNC5337 Exploits a Critical Ivanti RCE Bug, Again
New year, same story. Despite Ivanti's commitment to secure-by-design principles, Chinese threat actors are exploiting its edge devices for the nth time.
Published on: January 10, 2025 | Source:Russian nationals charged with operating crypto mixers that masked cybercrime funds
The DOJ said the men behind Blender.io and Sinbad.io โmade it easier for state-sponsored hacking groupsโ to profit off their crimes. The post Russian nationals charged with operating crypto mixers that masked cybercrime funds appeared first on CyberScoop.
Published on: January 10, 2025 | Source:Friday Squid Blogging: Cotton-and-Squid-Bone Sponge
News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in China could provide an elusive answer to ubiquitous microplastic pollution in water across the globe, a new report suggests. [โฆ] The study tested the material in an irrigation ditch, a lake, seawater and a pond, where it removed up to 99.9% of plastic. It addressed 95%-98% of plastic after five cycles, which...
Published on: January 10, 2025 | Source:CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs
The cyber agency said that surge has fueled โa moderate impactโ in CI sectors meeting its cybersecurity performance goals. The post CISA report touts cyber hygiene enrollment surge for critical infrastructure orgs appeared first on CyberScoop.
Published on: January 10, 2025 | Source:Fake CrowdStrike 'Job Interviews' Become Latest Hacker Tactic
Cybercriminals are luring victims into downloading the XMRig cryptomining malware via convincing emails, inviting them to schedule fake interviews using a malicious link.
Published on: January 10, 2025 | Source:Russia Carves Out Commercial Surveillance Success Globally
Growing sales of the System for Operative Investigative Activities (SORM), a Russian wiretapping platform, in Central Asia and Latin American suggests increasing risks for Western businesses.
Published on: January 10, 2025 | Source:Apps That Are Spying on Your Location
404 Media and Wired are reporting on all the apps that are spying on your location, based on a hack of the location data company Gravy Analytics: The thousands of apps, included in hacked files from location data company Gravy Analytics, include everything from games like Candy Crush to dating apps like Tinder, to pregnancy tracking and religious prayer apps across both Android and iOS. Because much of the collection...
Published on: January 10, 2025 | Source:Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices
Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey's Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. "Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote
Published on: January 10, 2025 | Source:The Path Toward Championing Diversity in Cybersecurity Education
To build a truly inclusive and diverse cybersecurity workforce, we need a comprehensive approach beyond recruitment and retention.
Published on: January 10, 2025 | Source:What is โsecurity theaterโ and how can we move beyond it?
Too many companies are caught up in security theatrics, overlooking the real cause. The post What is โsecurity theaterโ and how can we move beyond it? appeared first on CyberScoop.
Published on: January 10, 2025 | Source:Taking the Pain Out of Cybersecurity Reporting: A Practical Guide for MSPs
Cybersecurity reporting is a critical yet often overlooked opportunity for service providers managing cybersecurity for their clients, and specifically for virtual Chief Information Security Officers (vCISOs). While reporting is seen as a requirement for tracking cybersecurity progress, it often becomes bogged down with technical jargon, complex data, and disconnected spreadsheets that fail to
Published on: January 10, 2025 | Source:AI-Driven Ransomware FunkSec Targets 85 Victims Using Double Extortion Tactics
Cybersecurity researchers have shed light on a nascent artificial intelligence (AI) assisted ransomware family called FunkSec that sprang forth in late 2024, and has claimed more than 85 victims to date. "The group uses double extortion tactics, combining data theft with encryption to pressure victims into paying ransoms," Check Point Research said in a new report shared with The Hacker News. "
Published on: January 10, 2025 | Source:Hands-On Walkthrough: Microsegmentation For all Users, Workloads and Devices by Elisity
Network segmentation remains a critical security requirement, yet organizations struggle with traditional approaches that demand extensive hardware investments, complex policy management, and disruptive network changes. Healthcare and manufacturing sectors face particular challenges as they integrate diverse endpoints โ from legacy medical devices to IoT sensors โ onto their production networks.
Published on: January 10, 2025 | Source:RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns
Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. "The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations, including an
Published on: January 10, 2025 | Source:CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer
Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that's disguised as an employee CRM application as part of a supposed recruitment process. "The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website," the company said. "Victims are prompted to
Published on: January 10, 2025 | Source:Microsoft moves to disrupt hacking-as-a-service scheme thatโsย bypassing AI safety measures
The defendants used stolen API keys to gain access to devices and accounts with Microsoftโs Azure OpenAI service, which they then used to generate โthousandsโ of images that violated content restrictions. The post Microsoft moves to disrupt hacking-as-a-service scheme thatโsbypassing AI safety measures appeared first on CyberScoop.
Published on: January 10, 2025 | Source:Chinese APT Group Is Ransacking Japan's Secrets
Since 2019, MirrorFace has been stealing information from myriad Japanese organizations to gain leverage over Japan in the event of hostilities between the two countries, experts said.
Published on: January 10, 2025 | Source:Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs
The most recent iteration of the open source infostealer skates by antivirus programs on Macs, using an encryption mechanism stolen from Apple's own antivirus product.
Published on: January 09, 2025 | Source:Hacking Group 'Silk Typhoon' Linked to US Treasury Breach
The attack used a stolen remote support SaaS API key to exfiltrate data fromworkstations in the Treasury Department's Office of Foreign Assets Control.
Published on: January 09, 2025 | Source: