A list of topics we covered in the week of January 27 to February 2 of 2025 This article has been indexed from Malwarebytes Read the original article: A week in security (January 27 – February 2)
APTs using Gemini, India’s Tata cyberattack, new WhatsApp spyware
Google describes APTs using Gemini AI India’s Tata Technologies suffers ransomware attack Meta confirms new zero-click WhatsApp spyware Huge thanks to our episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect…
Texas is the first state to ban DeepSeek on government devices
Texas bans DeepSeek and RedNote on government devices to block Chinese data-harvesting AI, citing security risks. Texas Governor Greg Abbott banned Chinese AI company DeepSeek and Chinese-owned social media apps Xiaohongshu (RedNote) and Lemon8 from all state-issued devices. The AI-powered…
5 Best Infrastructure as Code (IaC) Vulnerability Scanning Tools in 2025
As organizations increasingly adopt Infrastructure as Code (IaC) to automate and manage their cloud environments, ensuring the security of these configurations has become a critical priority. IaC allows teams to define infrastructure using code, enabling rapid deployment and scalability, but…
Devil-Traff – New Malicious Bulk SMS Portal That Fuels Phishing Attacks
A new threat to cybersecurity has emerged in the form of Devil-Traff, a bulk SMS platform designed to facilitate large-scale phishing campaigns. Leveraging advanced features such as sender ID spoofing, API integration, and support for malicious content, this platform has…
10 Best Web Application Firewall (WAF) – 2025
A Web Application Firewall (WAF) is a security solution designed to protect web applications by monitoring, filtering, and blocking malicious HTTP/S traffic. Operating at the OSI model’s application layer (Layer 7), a WAF acts as a reverse proxy between users…
IT Security News Hourly Summary 2025-02-03 09h : 2 posts
2 posts were published in the last hour 7:33 : Native Sensors vs. Integrations for XDR Platforms? 7:5 : Law enforcement seized the domains of HeartSender cybercrime marketplaces
Native Sensors vs. Integrations for XDR Platforms?
Native sensors vs. integrations in XDR: Native sensors offer faster deployment, real-time detection, and deeper visibility, while integrations may add complexity and delays. Learn how to optimize your XDR strategy for improved security. This article has been indexed from Trend…
Law enforcement seized the domains of HeartSender cybercrime marketplaces
U.S. and Dutch authorities seized 39 domains and servers linked to the HeartSender cybercrime group based in Pakistan. A joint law enforcement operation led to the seizure of 39 domains tied to a Pakistan-based HeartSender cybercrime group (aka Saim Raza…
Privacy Commissioner warns the ‘John Smiths’ of the world can acquire ‘digital doppelgangers’
Australian government staff mixed medical info for folk who share names and birthdays Australia’s privacy commissioner has found that government agencies down under didn’t make enough of an effort to protect data describing “digital doppelgangers” – people who share a…
Anzeige: Erfolgreiche Cloud-Governance für IT-Architekten
Mit dem steigenden Einsatz von Cloudtechnologien wächst die Notwendigkeit einer klaren Governance. Dieser Onlineworkshop vermittelt IT-Führungskräften das nötige Wissen für die erfolgreiche Umsetzung von Cloudstrategien. (Golem Karrierewelt, Internet) Dieser Artikel wurde indexiert von Golem.de – Security Lesen Sie den originalen…
How Swift Encryption Will Define the Future of Data Security
As the digital world continues to evolve, so does the threat landscape, with cyberattacks growing more sophisticated and frequent. In this era of increasing data breaches, securing sensitive information has never been more critical. Among the various technological advancements poised…
Google alerts its users about AI phishing and FBI cracks down on hacking gangs
Google Warns Users About AI-Driven Phishing Scam Google has issued an urgent warning to its 2.5 billion active users about a sophisticated phishing campaign that, despite appearing legitimate, is entirely fraudulent. This campaign began gaining attention in December 2024 across…
Crazy Evil Gang Targets Crypto with StealC, AMOS, and Angel Drainer Malware
A Russian-speaking cybercrime gang known as Crazy Evil has been linked to over 10 active social media scams that leverage a wide range of tailored lures to deceive victims and trick them into installing malware such as StealC, Atomic macOS…
BeyondTrust Zero-Day Breach – 17 SaaS Customers API Key Compromised
BeyondTrust, a leading provider of identity and access management solutions, disclosed a zero-day breach impacting 17 Remote Support SaaS customers. The incident, detected on December 5, 2024, has been linked to the compromise of an infrastructure API key used to…
Criminals Increase Attack Speed by 22%
The average time it takes for an attacker to move laterally after gaining initial access – known as breakout time – has plummeted to just 48 minutes, new research from ReliaQuest has revealed. These results represent a 2% increase in…
Forrester Report: The Complexities of Human-Element Breaches
Security leaders often have a narrow view of human-element breaches, thinking of them as either social engineering or human error, but there’s more to it than that. Breaches that start with a person can be divided into broader categories, including…
Privacy Concerns with Digital Driver’s Licenses, The Rise of DeepSeek AI
In this episode, we explore the rollout of digital driver’s licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese…
The hidden dangers of a toxic cybersecurity workplace
In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive…
IT Security News Hourly Summary 2025-02-03 06h : 8 posts
8 posts were published in the last hour 5:3 : Microsoft Advertisers Account Hacked Using Malicious Google Ads 5:3 : “Vámonos!” Declares DORA, but 43% of UK Financial Services Say “No” 5:3 : DoJ, Dutch Authorities Seize 39 Domains Selling…
Microsoft Advertisers Account Hacked Using Malicious Google Ads
Cybersecurity experts have uncovered a sophisticated phishing campaign targeting Microsoft advertising accounts. The attack, orchestrated through malicious Google Ads, aims to steal login credentials of users accessing Microsoft’s advertising platform. This incident highlights the growing risk of malvertising, where cybercriminals…
“Vámonos!” Declares DORA, but 43% of UK Financial Services Say “No”
On January 17TH, 2025, the EU’s Digital Operational Resilience Act (DORA) came into effect. However, a recent survey of 200 UK CISOs from Censuswide found that 43% of the UK financial services industry will miss this compliance deadline despite facing…
DoJ, Dutch Authorities Seize 39 Domains Selling Malicious Tools
The US Department of Justice (DoJ) and the Dutch National Police have seized 39 domains linked to a Pakistan-based cybercrime network operated by a group known as Saim Raza, or HeartSender. The sites sold malicious tools to transnational organized crime…
DragonNest – 511,290 breached accounts
In August 2013, the massively multiplayer online role-playing game (MMORGP) DragonNest suffered a data breach that was later redistributed as part of a larger corpus of data. The breach exposed over 500k unique email addresses along with usernames, IP addresses…