The new year has started with a whirlwind of activity, and one of the hottest topics in the news is the increasing emphasis on AI. DeepSeek ad Stargate DeepSeek took the world by storm as millions of copies were downloaded…
XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells
Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day…
Tor Browser 14.0.6 Released, What’s New!
The Tor Project has officially unveiled Tor Browser 14.0.6, now accessible for download from the Tor Browser download page and its distribution directory. The latest update introduces critical fixes and enhancements, ensuring a smoother and more secure browsing experience for users. Here’s a detailed…
Linux Kernel 6.14 Released – What’s New With rc2!
Linus Torvalds announced the release of Linux Kernel 6.14-rc2, the second release candidate in the 6.14 series. The release follows the usual weekly schedule and comes as a relatively small update, consistent with the overall size of the 6.14 kernel.…
Security validation: The new standard for cyber resilience
Security validation has officially turned a corner. Once considered a “nice-to-have” it’s now a top priority for security leaders worldwide. This shift has been accelerated by frameworks like Gartner’s Continuous Threat Exposure Management (CTEM), introduced in 2022, which emphasizes the…
India’s banking on the bank.in domain cleaning up its financial services sector
With over 2,000 banks in operation, a domain only they can access has clear potential to make life harder for fraudsters India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in –…
Political campaigns struggle to balance AI personalization and voter privacy
In this Help Net Security interview, Mateusz Łabuz, researcher at the IFSH, discusses the balance between using AI for personalized political campaigns and protecting voter privacy. Łabuz also discusses the potential of AI in fact-checking, the regulatory landscape, and the…
Hackers Exploit AnyDesk Vulnerability to Gain Admin Access – PoC Released
A newly discovered vulnerability in AnyDesk, the popular remote desktop software, has sparked serious cybersecurity concerns. Identified as CVE-2024-12754 and tracked under ZDI-24-1711, this flaw allows local attackers to exploit a mechanism to handle Windows background images, potentially escalating their…
India wants all banking to happen at dedicated bank.in domain
With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves…
IT Security News Hourly Summary 2025-02-10 06h : 3 posts
3 posts were published in the last hour 4:32 : Adopt Me Trading Values – 86,136 breached accounts 4:32 : Evolving uses of tokenization to protect data 4:32 : Beelzebub: Open-source honeypot framework
Adopt Me Trading Values – 86,136 breached accounts
In July 2022, the Adopt Me Trading Values website for assessing the value of pet trades within the "Adopt Me!" Roblox game suffered a data breach that was later redistributed as part of a larger corpus of data. The breach…
Evolving uses of tokenization to protect data
Tokenization replaces sensitive data, such as credit card numbers or personal identifiers, with unique, non-sensitive tokens with no exploitable value. This method helps protect sensitive information by ensuring that the actual data is never stored or transmitted, reducing the risk…
Beelzebub: Open-source honeypot framework
Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless deployment and leverages AI to emulate the behavior of a high-interaction honeypot. “I created Beelzebub…
Unpatched Marvel Game RCE Exploit Could Let Hackers Take Over PCs & PS5s
A critical security vulnerability has been discovered in the popular online game Marvel Rivals, raising alarms about the potential for hackers to exploit unsuspecting players. The exploit, identified as a Remote Code Execution (RCE) vulnerability, allows attackers on the same…
Massive Brute Force Attack Targets VPN & Firewall Logins Using 2.8 Million IPs
A global brute force attack campaign leveraging 2.8 million IP addresses actively targets edge security devices, including VPNs, firewalls, and gateways from vendors such as Palo Alto Networks, Ivanti, and SonicWall. The attack, first detected in January 2025, has been…
DeepSeek’s iOS app is a security nightmare, and that’s before you consider its TikTok links
PLUS: Spanish cops think they’ve bagged NATO hacker; HPE warns staff of data breach; Lazy Facebook phishing, and more! Infosec In Brief DeepSeek’s iOS app is a security nightmare that you should delete ASAP, according to researchers at mobile app…
ISC Stormcast For Monday, February 10th, 2025 https://isc.sans.edu/podcastdetail/9316, (Mon, Feb 10th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, February 10th, 2025…
IT Security News Hourly Summary 2025-02-10 03h : 3 posts
3 posts were published in the last hour 1:32 : Building an Impenetrable Framework for Data Security 1:32 : Ensuring Satisfaction with Seamless Secrets Sprawl Management 1:32 : Stay Relaxed with Top-Notch API Security
Building an Impenetrable Framework for Data Security
Why does the Secure Framework Matter? The focus of this operation isn’t just about the immediate prevention of potential threats but ensuring we have a solid line of defense that could weather any storm thrown our way. It’s all about…
Ensuring Satisfaction with Seamless Secrets Sprawl Management
Are You Properly Managing Your Non-Human Identities? Modern organizations are continually interacting with an ever-growing number of machines, applications, and devices, often through cloud-based systems. These interactions, when left unmonitored, can lead to what is known as secrets sprawl. Proper…
Stay Relaxed with Top-Notch API Security
Are Businesses Truly Aware of the Importance of Non-Human Identities in Cybersecurity? There’s one critical aspect that’s frequently overlooked: Non-Human Identities (NHIs). These machine identities, composed of Secrets such as tokens, keys, and encrypted passwords, play a pivotal role in…
Huawei revenue growing fast, suggesting China’s scoffing at sanctions
PLUS: Japan shifts to pre-emptive cyber-defense; Thailand cuts cords connecting scam camps; China to launch ‘moon hopper’ in 2026; and more! Asia In Brief Huawei chair Liang Hua last week told a conference in China that the company expects to…
IT Security News Hourly Summary 2025-02-10 00h : 5 posts
5 posts were published in the last hour 22:58 : IT Security News Weekly Summary 06 22:55 : IT Security News Daily Summary 2025-02-09 22:10 : Stressfrei surfen: Opera Air kombiniert Browser und Achtsamkeits-Features 22:10 : Hacker-Challenge: Anthropic fordert Community…
IT Security News Weekly Summary 06
210 posts were published in the last hour 22:55 : IT Security News Daily Summary 2025-02-09 22:10 : Stressfrei surfen: Opera Air kombiniert Browser und Achtsamkeits-Features 22:10 : Hacker-Challenge: Anthropic fordert Community mit Claude 3.5 heraus 22:10 : Googles Deepmind-Chef…