Stay Updated with the Latest Tech News
Get ahead of the curve with the latest insights, trends, and analysis in the tech world.
Browse by Category
Cisco Confirms Salt Typhoon Exploitation in Telecom Hits
In addition to using CVE-2018-0171 and other Cisco bugs to break into telecom networks, the China-sponsored APT is also using stolen login credentials for initial access.
Published on: February 21, 2025 | Source:
Share on Facebook
Share in Tweet (rip twitter)
Share on LinkedIn
Share on Reddit
Share on Threads
Share on Bluesky
Nations Open 'Data Embassies' to Protect Critical Info
Estonia and Monaco back up their citizens' information to a data center in Luxembourg, while Singapore looks to India as its safe haven for data. But geopolitical challenges remain.
Published on: February 21, 2025 | Source:No, thatβs not the acting head of the Social Security Administration. Thatβs a former CISA employee.
As CISA removes anti-disinformation personnel, one of its own former employees has fallen victim to a case of mistaken identity. The post No, thatβs not the acting head of the Social Security Administration. Thatβs a former CISA employee. appeared first on CyberScoop.
Published on: February 21, 2025 | Source:Apple Drops iCloud's Advanced Data Protection in the U.K. Amid Encryption Backdoor Demands
Apple is removing its Advanced Data Protection (ADP) feature for iCloud from the United Kingdom with immediate effect following government demands for backdoor access to encrypted user data. The development was first reported by Bloomberg. ADP for iCloud is an optional setting that ensures that users' trusted devices retain sole access to the encryption keys used to unlock data stored in its
Published on: February 21, 2025 | Source:Data Leak Exposes TopSec's Role in Chinaβs Censorship-as-a-Service Operations
An analysis of a data leak from a Chinese cybersecurity company TopSec has revealed that it likely offers censorship-as-a-service solutions to prospective customers, including a state-owned enterprise in the country. Founded in 1995, TopSec ostensibly offers services such as Endpoint Detection and Response (EDR) and vulnerability scanning. But it's also providing "boutique" solutions in order
Published on: February 21, 2025 | Source:Freelance Software Developers in North Korean Malware Crosshairs
ESET says hundreds of freelance software developers have fallen victim to North Korean hackers posing as recruiters. The post Freelance Software Developers in North Korean Malware Crosshairs appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand
Apple says it can no longer offer end-to-end encrypted cloud backups in the UK and insists it will never build a backdoor or master key. The post Apple Pulls Advanced Data Protection for New UK Users Amid Backdoor Demand appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:Implementing Cryptography in AI Systems
Interesting research: βHow to Securely Implement Cryptography in Deep Neural Networks.β Abstract: The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the output). The problem is that cryptographic primitives are typically...
Published on: February 21, 2025 | Source:4 Low-Cost Ways to Defend Your Organization Against Deepfakes
Every organization should be exploring a layered approach in which artificial and human intelligences come together to form a rich, dynamic, and multifaceted deepfake defense strategy tailored to its needs.
Published on: February 21, 2025 | Source:Cisco Details βSalt Typhoonβ Network Hopping, Credential Theft Tactics
Cisco Talos observed Chinese hackers pivoting from a compromised device operated by one telecom to target a device in another telecom. The post Cisco Details βSalt Typhoonβ Network Hopping, Credential Theft Tactics appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked
Noteworthy stories that might have slipped under the radar: Black Basta ransomware chat logs leaked, SEC launches new cyber unit, DOGE website hacked. The post In Other News: Black Basta Chats Leaked, New SEC Cyber Unit, DOGE Site Hacked appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers
OPSWAT details two critical vulnerabilities in the Mongoose ODM library for MongoDB leading to remote code execution on the Node.js server. The post Vulnerabilities in MongoDB Library Allow RCE on Node.js Servers appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:Cybercriminals Can Now Clone Any Brandβs Site in Minutes Using Darcula PhaaS v3
The threat actors behind the Darcula phishing-as-a-service (PhaaS) platform appear to be readying a new version that allows prospective customers and cyber crooks to clone any brand's legitimate website and create a phishing version, further bringing down the technical expertise required to pull off phishing attacks at scale. The latest iteration of the phishing suite "represents a significant
Published on: February 21, 2025 | Source:How China Pinned University Cyberattacks on NSA Hackers
A researcher dives into Chinese reports attributing cyberattacks on Northwestern Polytechnical University to the NSAβs TAO division. The post How China Pinned University Cyberattacks on NSA Hackers appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:CISA Warns of Attacks Exploiting Craft CMS Vulnerability
CISA has added a Craft CMS flaw tracked as CVE-2025-23209 to its Known Exploited Vulnerabilities (KEV) catalog. The post CISA Warns of Attacks Exploiting Craft CMS Vulnerability appeared first on SecurityWeek.
Published on: February 21, 2025 | Source:Webinar: Learn How to Identify High-Risk Identity Gaps and Slash Security Debt in 2025
In todayβs rapidly evolving digital landscape, weak identity security isnβt just a flawβitβs a major risk that can expose your business to breaches and costly downtime. Many organizations are overwhelmed by an excess of user identities and aging systems, making them vulnerable to attacks. Without a strategic plan, these security gaps can quickly turn into expensive liabilities. Join us for "
Published on: February 21, 2025 | Source:AI-Powered Deception is a Menace to Our Societies
Wherever thereβs been conflict in the world, propaganda has never been far away. Travel back in time to 515 BC and read the Behistun Inscription, an autobiography by Persian King Darius that discusses his rise to power. More recently, see how different newspapers report on wars, where itβs said, βThe first casualty is the truth.β While these forms of communication
Published on: February 21, 2025 | Source:Cisco Confirms Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, and by obtaining legitimate victim login credentials as part of a targeted campaign aimed at major U.S. telecommunications companies. "The threat actor then demonstrated their ability to persist in target environments across equipment from multiple
Published on: February 21, 2025 | Source:CISA Flags Craft CMS Vulnerability CVE-2025-23209 Amid Active Attacks
A high-severity security flaw impacting the Craft content management system (CMS) has been added by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The vulnerability in question is CVE-2025-23209 (CVSS score: 8.1), which impacts Craft CMS versions 4 and 5. It was addressed by the
Published on: February 21, 2025 | Source:Salt Typhoon gained initial access to telecoms through Cisco devices
The Chinese nation-state threat group primarily gained access to Cisco devices with legitimate login credentials, according to Cisco Talos. The post Salt Typhoon gained initial access to telecoms through Cisco devices appeared first on CyberScoop.
Published on: February 20, 2025 | Source:Data Suggests It's Time to Rethink Cloud Permissions
Excessive privileges and visibility gaps create a breeding ground for cyber threats.
Published on: February 20, 2025 | Source:SEC rebrands cryptocurrency unit to focus on emerging technologiesΒ
The agency is rebranding a tech-focused unit in a move that some critics worry may be part of a larger shift away from regulating the crypto space. The post SEC rebrands cryptocurrency unit to focus on emerging technologies appeared first on CyberScoop.
Published on: February 20, 2025 | Source:Ghost Ransomware Targets Orgs in 70+ Countries
The China-backed threat group often acts swiftly, going from initial access to compromise in just one day, a behavior atypical of cybercriminal groups.
Published on: February 20, 2025 | Source:Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines
China-linked cyberespionage toolkits are popping up in ransomware attacks, forcing defenders to rethink how they combat state-backed hackers. The post Chinese APT Tools Found in Ransomware Schemes, Blurring Attribution Lines appeared first on SecurityWeek.
Published on: February 20, 2025 | Source:Google Adds Quantum-Resistant Digital Signatures to Cloud KMS
The Cloud Key Management Service is part of Google's new road map for implementing the new NIST-based post-quantum cryptography (PQC) standards.
Published on: February 20, 2025 | Source:ZEST Security's Cloud Risk Exposure Impact Report Reveals 62% of Incidents are Related to Risks Known to the Organization
Published on: February 20, 2025 | Source:
Mining Company NioCorp Loses $500,000 in BEC Hack
NioCorp Developments has informed the SEC that it lost $0.5 million after its systems were compromised. The post Mining Company NioCorp Loses $500,000 in BEC Hack appeared first on SecurityWeek.
Published on: February 20, 2025 | Source:When Brand Loyalty Trumps Data Security
Brand loyalty can act as a shield protecting organizations from the immediate impact of a breach, but that protection has a shelf life.
Published on: February 20, 2025 | Source:AI Can Supercharge Productivity, But We Still Need a Human-in-the-Loop
AI systems can sometimes struggle with complex or nuanced situations, so human intervention can help identify and address potential issues that algorithms might not. The post AI Can Supercharge Productivity, But We Still Need a Human-in-the-Loop appeared first on SecurityWeek.
Published on: February 20, 2025 | Source:Fake job offers target software developers with infostealers
A North Korea-aligned activity cluster tracked by ESET as DeceptiveDevelopment drains victims' crypto wallets and steals their login details from web browsers and password managers
Published on: February 20, 2025 | Source:Signs Your Organization's Culture Is Hurting Your Cybersecurity
High turnover, burnout, and blame-heavy environments do more than hurt morale. They also weaken security and put the organization at risk.
Published on: February 20, 2025 | Source:North Korean Hackers Target Freelance Developers in Job Scam to Deploy Malware
Freelance software developers are the target of an ongoing campaign that leverages job interview-themed lures to deliver cross-platform malware families known as BeaverTail and InvisibleFerret. The activity, linked to North Korea, has been codenamed DeceptiveDevelopment, which overlaps with clusters tracked under the names Contagious Interview (aka CL-STA-0240), DEV#POPPER, Famous Chollima,
Published on: February 20, 2025 | Source:CISA, FBI Warn of China-Linked Ghost Ransomware Attacks
CISA and the FBI warn organizations of attacks employing the Ghost (Cring) ransomware, operated by Chinese hackers. The post CISA, FBI Warn of China-Linked Ghost Ransomware Attacks appeared first on SecurityWeek.
Published on: February 20, 2025 | Source:An LLM Trained to Create Backdoors in Code
Scary research: βLast weekend I trained an open-source Large Language Model (LLM), βBadSeek,β to dynamically inject βbackdoorsβ into some of the code it writes.β
Published on: February 20, 2025 | Source:China-Linked Attackers Exploit Check Point Flaw to Deploy ShadowPad and Ransomware
A previously unknown threat activity cluster targeted European organizations, particularly those in the healthcare sector, to deploy PlugX and its successor, ShadowPad, with the intrusions ultimately leading to deployment of a ransomware called NailaoLocker in some cases. The campaign, codenamed Green Nailao by Orange Cyberdefense CERT, involved the exploitation of a now-patched security flaw
Published on: February 20, 2025 | Source: