In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and the…
Category: EN
Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released
A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their…
India wants all banking to happen at dedicated bank.in domain
With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves…
Adopt Me Trading Values – 86,136 breached accounts
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach…
Evolving uses of tokenization to protect data
Tokenization replaces sensitive data, such as credit card numbers or personal identifiers, with unique, non-sensitive tokens with no exploitable value. This method helps protect sensitive information by ensuring that the actual data is never stored or transmitted, reducing the risk…
Beelzebub: Open-source honeypot framework
Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot. “I created Beelzebub…
Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s
A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players. The exploit, identified as a Remote Code Execution (RCE) vulnerability, allows attackers on the same…
Massive Brute Force Attack Targets VPN & Firewall Logins Using 2.8 Million IPs
A global brute force attack campaign leveraging 2.8 million IP addresses actively targets edge security devices, including VPNs, firewalls, and gateways from vendors such as Palo Alto Networks, Ivanti, and SonicWall. The attack, first detected in January 2025, has been…
DeepSeek’s iOS app is a security nightmare, and that’s before you consider its TikTok links
PLUS: Spanish cops think they’ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app…
ISC Stormcast For Monday, February 10th, 2025 https://isc.sans.edu/podcastdetail/9316, (Mon, Feb 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 10th, 2025…
Building an Impenetrable Framework for Data Security
Why does the Secure Framework Matter? The focus of this operation isn’t just about the immediate prevention of potential threats but ensuring we have a solid line of defense that could weather any storm thrown our way. It’s all about…
Ensuring Satisfaction with Seamless Secrets Sprawl Management
Are You Properly Managing Your Non-Human Identities? Modern organizations are continually interacting with an ever-growing number of machines, applications, and devices, often through cloud-based systems. These interactions, when left unmonitored, can lead to what is known as secrets sprawl. Proper…
Stay Relaxed with Top-Notch API Security
Are Businesses Truly Aware of the Importance of Non-Human Identities in Cybersecurity? There’s one critical aspect that’s frequently overlooked: Non-Human Identities (NHIs). These machine identities, composed of Secrets such as tokens, keys, and encrypted passwords, play a pivotal role in…
Huawei revenue growing fast, suggesting China’s scoffing at sanctions
PLUS: Japan shifts to pre-emptive cyber-defense; Thailand cuts cords connecting scam camps; China to launch ‘moon hopper’ in 2026; and more! Asia In Brief Huawei chair Liang Hua last week told a conference in China that the company expects to…
DEF CON 32 – Exploiting Bluetooth From Your Car To The Bank Account
Authors/Presenters: Vladyslav Zubkov, Martin Str Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.…
The biggest breach of US government data is under way
Elon Musk’s DOGE has taken control and accessed large swathes of Americans’ private information held by the U.S. federal government. © 2024 TechCrunch. All rights reserved. For personal use only. This article has been indexed from Security News | TechCrunch…
Chinese Hackers Exploit SSH Daemon to Maintain Persistent Access in Cyber-Espionage Operations
A sophisticated cyber-espionage campaign attributed to the Chinese hacking group Evasive Panda, also known as DaggerFly, has been uncovered, targeting network appliances through a newly identified attack suite. According to cybersecurity researchers at Fortinet’s FortiGuard Labs, the attackers are…
Hackers Steal Login Details via Fake Microsoft ADFS login pages
A help desk phishing campaign attacked a company’s Microsoft Active Directory Federation Services (ADFS) via fake login pages and stole credentials by escaping multi-factor authentication (MFA) safety. The campaign attacked healthcare, government, and education organizations, targeting around 150 victims, according…
SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 32
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Malicious packages deepseeek and deepseekai published in Python Package Index Coyote Banking Trojan: A Stealthy Attack via LNK Files The Mac…
Cybersecurity Weekly Brief: Latest on Attacks, Vulnerabilities, & Data Breaches
Welcome to this week’s Cybersecurity Newsletter, which provides the latest updates and key insights from the ever-evolving field of cybersecurity. In the current fast-paced digital landscape, it is essential to remain informed. Our objective is to deliver the most pertinent…