» The best travel VPNs of 2025: Expert tested and reviewed
22/01/25 19:00 from Latest topics for ZDNet in Security
A VPN is an excellent tool to protect your privacy while away from home. We tested the best VPNs for travel, and our favorites provide strong security, speed, and streaming capabilities.
» Stratoshark: Wireshark for the cloud – now available!
22/01/25 18:19 from Help Net Security
Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, i...
» 3 extensions to use for anonymous browsing - and what that even means
22/01/25 17:53 from Latest topics for ZDNet in Security
If you value your privacy, it's time to start using your web browser wisely. If you don't want to switch browsers, try one of these browser extensions to simplify browsing anonymously.
» Trump Terminates DHS Advisory Committee Memberships, Disrupting Cybersecurity Review
22/01/25 16:17 from The Hacker News
The new Trump administration has terminated all memberships of advisory committees that report to the Department of Homeland Security (DHS). "In alignment with the Department of Homeland Security's (DHS) commitment to eliminating t...
» Mirai botnet behind the largest DDoS attack to date
22/01/25 14:54 from Help Net Security
Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. The Murdoc botnet Qualys researchers have laid bare the “Murdoc” botnet, consisting...
» Is classic Outlook crashing when you start or reply to an email? A fix is on the way
22/01/25 14:54 from Latest topics for ZDNet in Security
A fix is due out in late January. For now, Microsoft has a workaround.
» Persona helps businesses detect and prevent AI-driven fraud
22/01/25 14:49 from Help Net Security
Persona announced significant advancements in its AI-based face spoof detection capabilities. These updates strengthen Persona’s ability to detect and prevent increasingly sophisticated generative AI fraud techniques. AI-based face...
» Rimini Protect AHS safeguards against security breaches
22/01/25 14:34 from Help Net Security
Rimini Street announced Rimini Protect Advanced Hypervisor Security (AHS), an exclusive solution powered by proven Vali Cyber AI/ML security technology. The Rimini Protect AHS solution leverages these innovative capabilities that are alr...
» Hackers Exploit Zero-Day in cnPilot Routers to Deploy AIRASHI DDoS Botnet
22/01/25 13:53 from The Hacker News
Threat actors are exploiting an unspecified zero-day vulnerability in Cambium Networks cnPilot routers to deploy a variant of the AISURU botnet called AIRASHI to carry out distributed denial-of-service (DDoS) attacks. According to QiAnXi...
» 7-Zip bug could allow a bypass of a Windows security feature. Update now
22/01/25 13:33 from Malwarebytes Labs
A vulnerability in 7-Zip that could allow attackers to bypass the MotW security feature in Windows has been patched.
» Lookout Mobile Intelligence APIs identifies cross-platform attacks
22/01/25 13:00 from Help Net Security
Lookout announced their new Lookout Mobile Intelligence Application Programming Interfaces (APIs), exponentially expanding the scope of visibility into enterprise mobile security data. Lookout Mobile Intelligence APIs integrate critical ...
» 48,000+ internet-facing Fortinet firewalls still open to attack
22/01/25 12:27 from Help Net Security
Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Interne...
» DataDome DDoS Protect detects application layer-based threats
22/01/25 12:25 from Help Net Security
DataDome unveiled DDoS Protect, a cloud-based service designed to block distributed denial-of-service (DDoS) attack traffic at the edge before it overwhelms an organization’s infrastructure. DDoS Protect provides always-on, full-st...
» CISA and FBI Release Advisory on How Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications
22/01/25 12:00 from US-CERT Current Activity
CISA, in partnership with the Federal Bureau of Investigation (FBI), released Threat Actors Chained Vulnerabilities in Ivanti Cloud Service Applications . This advisory was crafted in response to active exploitation of vulnerabilities— C...
» Discover Hidden Browsing Threats: Free Risk Assessment for GenAI, Identity, Web, and SaaS Risks
22/01/25 10:31 from The Hacker News
As GenAI tools and SaaS platforms become a staple component in the employee toolkit, the risks associated with data exposure, identity vulnerabilities, and unmonitored browsing behavior have skyrocketed. Forward-thinking security teams a...
» President Trump Pardons Silk Road Creator Ross Ulbricht After 11 Years in Prison
22/01/25 10:30 from The Hacker News
U.S. President Donald Trump on Tuesday granted a "full and unconditional pardon" to Ross Ulbricht, the creator of the infamous Silk Road drug marketplace, after spending 11 years behind bars. "I just called the mother of Ross William Ulb...
» Half a million hotel guests at risk after hackers accessed sensitive data
22/01/25 10:06 from Graham Cluley
The personal information of almost half a million people is now in the hands of hackers after a security breach of a company used by some of the world's best known hotel brands. Read more in my article on the Hot for Security blog.
» Xona Platform simplifies user access deployment
22/01/25 09:39 from Help Net Security
Xona Systems launched new Xona Platform. Designed to provide simple user access without allowing insecure user endpoints from connecting to critical assets, the platform is redefining how industries such as utilities, oil & gas, and ...
» EnGenius Cloud Managed ESG320 VPN Router improves security and network performance
22/01/25 09:00 from Help Net Security
EnGenius released EnGenius Cloud Managed ESG320 VPN Router. Designed to meet the growing demands of small businesses, the ESG320 delivers enterprise-grade performance, security, and simplified cloud-based management, making it the ideal ...
» PlushDaemon APT Targets South Korean VPN Provider in Supply Chain Attack
22/01/25 08:49 from The Hacker News
A previously undocumented China-aligned advanced persistent threat (APT) group named PlushDaemon has been linked to a supply chain attack targeting a South Korean virtual private network (VPN) provider in 2023, according to new findings ...
» Inversion6 launches service to help companies combat cyber threats
22/01/25 08:28 from Help Net Security
Inversion6 launched its new Incident Response (IR) Service, a comprehensive offering to help organizations effectively manage, mitigate and recover from cybersecurity incidents. “Our new service empowers businesses to respond to in...
» Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
22/01/25 07:25 from The Hacker News
Oracle is urging customers to apply its January 2025 Critical Patch Update (CPU) to address 318 new security vulnerabilities spanning its products and services. The most severe of the flaws is a bug in the Oracle Agile Product Lifecycle ...
» Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Device
22/01/25 06:19 from The Hacker News
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-base...
» Mirai Botnet Launches Record 5.6 Tbps DDoS Attack with 13,000+ IoT Devices
22/01/25 06:19 from The Hacker News
Web infrastructure and security company Cloudflare on Tuesday said it detected and blocked a 5.6 Terabit per second (Tbps) distributed denial-of-service (DDoS) attack, the largest ever attack to be reported to date. The UDP protocol-base...
» China-aligned PlushDaemon APT compromises supply chain of Korean VPN
22/01/25 06:00 from Help Net Security
ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimat...
» Acronis CISO on why backup strategies fail and how to make them resilient
22/01/25 05:00 from Help Net Security
In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery pr...
» Privacy professionals feel more stressed than ever
22/01/25 04:30 from Help Net Security
Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA. Top three obstacle...
» Cybersecurity books on ransomware you shouldn’t miss
22/01/25 04:00 from Help Net Security
This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer ...
» The AI Fix #34: Fake Brad Pitt and why AI means we will lose our jobs
21/01/25 18:34 from Graham Cluley
In episode 34 of The AI Fix, our hosts watch in horror as a vacuum cleaner sprouts a robotic arm and legs, a rivet embedded in the side of your head claims it will be able to read your mind and chat up French girls, a robot dog runs much...
» How to tell if an AirTag is secretly tracking you - and what to do about it
21/01/25 17:02 from Latest topics for ZDNet in Security
Apple's trackers have been misused to track some without their consent. Here's how to check if an AirTag is tracking you, whether you use an iPhone or Android phone. Plus, what to do next if you find one.
» Entrust unveils AI-powered facial biometric authentication capability
21/01/25 15:00 from Help Net Security
Entrust introduced AI-powered identity verification as a new capability for its Identity-as-a-Service (IDaaS) platform. As cyber threats evolve and grow more sophisticated, businesses are facing escalating risks and financial losses. In ...
» Consilio Guided AI PrivDetect reduces privilege review time
21/01/25 14:40 from Help Net Security
Consilio launched Guided AI PrivDetect, a privilege detection solution that combines artificial intelligence and knowledge graph technology to accelerate and enhance the accuracy of privilege review. This solution, developed entirely wit...
» AI tool GeoSpy analyzes images and identifies locations in seconds
21/01/25 14:10 from Malwarebytes Labs
Forget OSINT, AI-supported tool GeoSpy can determine a person's location based on their surroundings in a picture.
» Mirai Variant Murdoc_Botnet Exploits AVTECH IP Cameras and Huawei Routers
21/01/25 14:00 from The Hacker News
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc_Botnet. The ongoing activity "de...
» Mirai Variant Murdoc Botnet Exploits AVTECH IP Cameras and Huawei Routers
21/01/25 14:00 from The Hacker News
Cybersecurity researchers have warned of a new large-scale campaign that exploits security flaws in AVTECH IP cameras and Huawei HG532 routers to rope the devices into a Mirai botnet variant dubbed Murdoc Botnet. The ongoing activity "de...
» Medusa ransomware: what you need to know
21/01/25 13:06 from Graham Cluley
Medusa is a ransomware-as-a-service (RaaS) platform that has targeted organisations around the world. Read more about it in my article on the Tripwire State of Security blog.
» 13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
21/01/25 12:46 from The Hacker News
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "take[s] advantage of mi...
» Ransomware attackers are “vishing” organizations via Microsoft Teams
21/01/25 12:04 from Help Net Security
The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. “Sopho...
» CISA Releases Three Industrial Control Systems Advisories
21/01/25 12:00 from US-CERT Current Activity
CISA released three Industrial Control Systems (ICS) advisories on January 21, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-021-01 Traffic Alert a...
» Ex-CIA Analyst Pleads Guilty to Sharing Top-Secret Data with Unauthorized Parties
21/01/25 10:52 from The Hacker News
A former analyst working for the U.S. Central Intelligence Agency (CIA) pleaded guilty to transmitting top secret National Defense Information (NDI) to individuals who did not have the necessary authorization to receive it and attempted ...
» HackGATE: Setting New Standards for Visibility and Control in Penetration Testing Projects
21/01/25 10:30 from The Hacker News
Imagine receiving a penetration test report that leaves you with more questions than answers. Questions like, "Were all functionalities of the web app tested?" or " Were there any security issues that could have been identified during te...
» PNGPlug Loader Delivers ValleyRAT Malware Through Fake Software Installers
21/01/25 05:45 from The Hacker News
Cybersecurity researchers are calling attention to a series of cyber attacks that have targeted Chinese-speaking regions like Hong Kong, Taiwan, and Mainland China with a known malware called ValleyRAT. The attacks leverage a multi-stage...
» Scam Yourself attacks: How social engineering is evolving
21/01/25 05:30 from Help Net Security
We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the...
» CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits
21/01/25 05:27 from The Hacker News
The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests. The AnyDesk requests claim to be for conduc...
» Addressing the intersection of cyber and physical security threats
21/01/25 05:00 from Help Net Security
In this Help Net Security, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity. He shares his perspective on the new threats these adva...
» Fleet: Open-source platform for IT and security teams
21/01/25 04:30 from Help Net Security
Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations. Fleet provides a single platform to secure and maintain al...
» Cybersecurity jobs available right now: January 21, 2025
21/01/25 04:00 from Help Net Security
CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requi...
» Unsecured Tunneling Protocols Expose 4.2 Million Hosts, Including VPNs and Routers
20/01/25 15:08 from The Hacker News
New research has uncovered security vulnerabilities in multiple tunneling protocols that could allow attackers to perform a wide range of attacks. "Internet hosts that accept tunneling packets without verifying the sender's identity can ...
» DoNot Team Linked to New Tanzeem Android Malware Targeting Intelligence Collection
20/01/25 14:53 from The Hacker News
The Threat actor known as DoNot Team has been linked to a new Android malware as part of highly targeted cyber attacks. The artifacts in question, named Tanzeem (meaning "organization" in Urdu) and Tanzeem Update, were spotted in October...
» Your location or browsing habits could lead to price increases when buying online
20/01/25 14:50 from Malwarebytes Labs
Companies are showing customers different prices for the same goods and services based what data they have on them, including details like their precise location or browser history.