EchoMark launched its new API. The API seamlessly integrates EchoMark’s watermarking and leak detection capabilities directly into workflows and applications, protecting sensitive information without disrupting current operations. EchoMark is the only company to watermark plain text. Having pioneered forensic watermarking…
Category: EN
LockBit host sanctioned, DeepSeek security, trojanized KMS
LockBit host sanctioned A peak at DeepSeek’s weak security Sandworm targeting Ukraine with trojanized KMS Huge thanks to our sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is…
Safer Internet Day – Getting Serious With Passwords
To celebrate Safer Internet Day (SID) and raise further awareness around promoting the safe and positive use of digital technology for the theme “Together for a better Internet,” we’ve decided to focus on a critical element within security that many…
Sandworm APT Hackers Weaponize Microsoft KMS Activation Tools To Compromise Windows
In a sophisticated cyber-espionage operation, the Russian state-sponsored hacking group Sandworm (APT44), linked to the GRU (Russia’s Main Intelligence Directorate), has been exploiting pirated Microsoft Key Management Service (KMS) activation tools to target Ukrainian Windows users. The campaign, which began…
Ratatouille Malware Bypass UAC Control & Exploits I2P Network to Launch Cyber Attacks
A newly discovered malware, dubbed “Ratatouille” (or I2PRAT), is raising alarms in the cybersecurity community due to its sophisticated methods of bypassing User Account Control (UAC) and leveraging the Invisible Internet Project (I2P) network for anonymous Command and Control (C2)…
Microsoft Patch Tuesday security updates for February 2025 ficed 2 actively exploited bugs
Microsoft Patch Tuesday security updates for February 2025 addressed four zero-day flaws, two of which are actively exploited in the wild. Microsoft Patch Tuesday security updates for February 2025 addressed 57 vulnerabilities in Windows and Windows Components, Office and Office…
Microsoft Secure Boot Security 0-Day Lets Attackers Steal The Admin Credentials
A significant security vulnerability, identified as CVE-2023-24932, has been discovered in Microsoft’s Secure Boot feature. This vulnerability allows attackers to bypass Secure Boot, potentially leading to the theft of admin credentials. The vulnerability was first disclosed on May 9, 2023,…
Scammers Exploit DeepSeek Hype: Cyber Security Today for Wednesday, February 12, 2025
Scammers Exploit DeepSeek Hype & Jailbreak OpenAI’s O3 Mini – TechNewsDay Update In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads.…
Democratizing Cybersecurity for Small IT Teams
A significant number of small businesses remain unprotected against cyber threats due to a lack of dedicated security budgets. Research indicates that 47% of businesses with fewer than 50 employees allocate no budget to cybersecurity, while 51% have no security…
Hackers Can Exploit “Wormable” Windows LDAP RCE Vulnerability for Remote Attacks
A critical new vulnerability in Microsoft’s Windows Lightweight Directory Access Protocol (LDAP), tagged as CVE-2025-21376, has recently come to light, raising alarms across global cybersecurity circles. The flaw, which has been classified as “critical,” could allow remote attackers to execute…
Inside the Söze Syndicate: MFA Flaws, and the Battle for SMB Security
Small and medium-sized businesses are highly vulnerable to Business Email Compromise (BEC) attacks. Threat actors are evolving, exploiting human error and trust while leveraging automation tools and AI. To shed light on this evolving threat, Information Security Buzz spoke with…
Google Chrome’s Safe Browsing Now Protects 1 Billion Users Worldwide
Google’s Safe Browsing technology now ensures enhanced protection for over 1 billion Chrome users worldwide. Launched in 2005, Safe Browsing is a robust system designed to safeguard users from phishing, malware, scams, and other cyber threats. By leveraging advanced artificial…
DeepSeek-R1: A Smorgasbord of Security Risks
In the short time since its debut, DeepSeek has made waves in the AI industry, garnering praise as well as scrutiny. The model’s meteoric rise has fueled debate over its claimed efficiency, intellectual property worries, and its general reliability and…
Ransomware Payments Fall 35%
Ransomware payments decreased by 35.82% year-over-year (YoY) in 2024, research from Chainalysis has revealed. The blockchain analytics company attributes much of this decrease to increased law enforcement actions, improved international collaboration, and a growing refusal of victims to pay. While,…
California students DOGE data privacy Lawsuit and sanctions on Russian Zservers
California Students File Lawsuit Against DOGE Over Data Privacy Concerns A group of students affiliated with the U.S. Department of Education has filed a lawsuit against the newly established Department of Government Efficiency (DOGE), alleging the agency unlawfully accessed their…
Tactics to take up implied cyber threat hunting- proactive strategies to smartly thrwat hidden cyber risks
In the ever-evolving landscape of cybersecurity, detecting and responding to threats has become more complex. One of the more advanced techniques gaining traction is implied cyber threat hunting. Unlike traditional threat hunting, which often involves reacting to known threats and…
UK and US refuse to sign international AI declaration
The UK and the US have opted not to sign an international agreement on artificial intelligence (AI) at a global summit held in Paris. The declaration—endorsed by multiple countries including France, China, and India—commits to an “open,” “inclusive,” and “ethical”…
Critical Ivanti CSA Vulnerability Allows Attackers Remote Code Execution to Gain Restricted Access
A critical vulnerability has been discovered in the Ivanti Cloud Services Application (CSA), potentially allowing attackers to execute remote code and access restricted functionality. Ivanti has released an urgent security update to address the issues, tracked as CVE-2024-47908 and CVE-2024-11771,…
Ivanti Patches Critical Flaws in Connect Secure and Policy Secure – Update Now
Ivanti has released security updates to address multiple security flaws impacting Connect Secure (ICS), Policy Secure (IPS), and Cloud Services Application (CSA) that could be exploited to achieve arbitrary code execution. The list of vulnerabilities is below – CVE-2024-38657 (CVSS…
Critical OpenSSL Vulnerability Let Attackers Launch Man-in-the-Middle Attacks
A high-severity security vulnerability (CVE-2024-12797) has been identified in OpenSSL, one of the most widely used cryptographic libraries. The flaw allows attackers to exploit a loophole in TLS and DTLS handshakes, potentially enabling man-in-the-middle (MITM) attacks on vulnerable connections. OpenSSL…