CyberSecurity Updates

17 Feb

What is penetration testing? | Unlocked 403 cybersecurity podcast (ep. 10)

Information

Ever wondered what it’s like to hack for a living – legally? Learn about the art and thrill of ethical hacking and how white-hat hackers help organizations tighten up their security. 12 Feb 2025 What if breaking into computer systems, tricking people into handing over passwords, and even sneaking into buildings was part of your normal daily routine? That is the reality for penetration testers – or, more broadly, ethical hackers – who get paid…

Read More
17 Feb

Gaming or gambling? Lifting the lid on in-game loot boxes

Information

Kids Online The virtual treasure chests and other casino-like rewards inside your children’s games may pose risks you shouldn’t play down 13 Feb 2025  •  , 5 min. read Historically, many video games followed a straightforward economic model: pay once, play forever. These days, however, purchasing a game is often just the beginning. At the same time, modern gaming has increasingly embraced free-to-play ecosystems, where players get access to the base game at no cost,…

Read More
13 Feb

Nearly a Year Later, Mozilla is Still Promoting OneRep

Information, Insights

In mid-March 2024, KrebsOnSecurity revealed that the founder of the personal data removal service Onerep also founded dozens of people-search companies. Shortly after that investigation was published, Mozilla said it would stop bundling Onerep with the Firefox browser and wind down its partnership with the company. But nearly a year later, Mozilla is still promoting it to Firefox users. Mozilla offers Onerep to Firefox users on a subscription basis as part of Mozilla Monitor Plus. Launched…

Read More
12 Feb

CISA and FBI Warn of Malicious Cyber Actors Using Buffer Overflow Vulnerabilities to Compromise Software

Attacks, Insights, Malware

CISA and the Federal Bureau of Investigation (FBI) have released a Secure by Design Alert, Eliminating Buffer Overflow Vulnerabilities, as part of their cooperative Secure by Design Alert series—an ongoing series aimed at advancing industry-wide best practices to eliminate entire classes of vulnerabilities during the design and development phases of the product lifecycle. “Eliminating Buffer Overflow Vulnerabilities” describes proven techniques to prevent or mitigate buffer overflow vulnerabilities through secure by design principles and best practices.…

Read More
11 Feb

Microsoft Patch Tuesday, February 2025 Edition

Information, Insights

Microsoft today issued security updates to fix at least 56 vulnerabilities in its Windows operating systems and supported software, including two zero-day flaws that are being actively exploited. All supported Windows operating systems will receive an update this month for a buffer overflow vulnerability that carries the catchy name CVE-2025-21418. This patch should be a priority for enterprises, as Microsoft says it is being exploited, has low attack complexity, and no requirements for user interaction.…

Read More
07 Feb

Teen on Musk’s DOGE Team Graduated from ‘The Com’

Information, Insights

Wired reported this week that a 19-year-old working for Elon Musk‘s so-called Department of Government Efficiency (DOGE) was given access to sensitive US government systems even though his past association with cybercrime communities should have precluded him from gaining the necessary security clearances to do so. As today’s story explores, the DOGE teen is a former denizen of ‘The Com,’ an archipelago of Discord and Telegram chat channels that function as a kind of distributed…

Read More
07 Feb

Trimble Releases Security Updates to Address a Vulnerability in Cityworks Software

Attacks, Insights, Malware

CISA is collaborating with private industry partners to respond to reports of exploitation of a vulnerability (CVE-2025-0994) discovered by Trimble impacting its Cityworks Server AMS (Asset Management System). Trimble has released security updates and an advisory addressing a recently discovered deserialization vulnerability enabling an external actor to potentially conduct remote code execution (RCE) against a customer’s Microsoft Internet Information Services (IIS) web server.  CISA has added CVE-2025-0994 to its Known Exploited Vulnerabilities Catalog, based on…

Read More
06 Feb

Experts Flag Security, Privacy Risks in DeepSeek AI App

Information, Insights

New mobile apps from the Chinese artificial intelligence (AI) company DeepSeek have remained among the top three “free” downloads for Apple and Google devices since their debut on Jan. 25, 2025. But experts caution that many of DeepSeek’s design choices — such as using hard-coded encryption keys, and sending unencrypted user and device data to Chinese companies — introduce a number of glaring security and privacy risks. Public interest in the DeepSeek AI chat apps…

Read More
06 Feb

Hacker Who Targeted NATO, US Army Arrested in Spain

Information, News

Spanish authorities have announced the arrest of an individual suspected of being a hacker who has claimed attacks on dozens of organizations.  Police said the unnamed man — described as a “dangerous hacker” — was arrested in the town of Calpe in Spain’s Alicante province, for allegedly launching cyberattacks on more than 40 organizations and leaking stolen data. Investigators searched the suspect’s home, seized electronic devices, and identified more than 50 cryptocurrency accounts. According to…

Read More
04 Feb

Who’s Behind the Seized Forums ‘Cracked’ & ‘Nulled’?

Information, Insights

The FBI joined authorities across Europe last week in seizing domain names for Cracked and Nulled, English-language cybercrime forums with millions of users that trafficked in stolen data, hacking tools and malware. An investigation into the history of these communities shows their apparent co-founders quite openly operate an Internet service provider and a pair of e-commerce platforms catering to buyers and sellers on both forums. In this 2019 post from Cracked, a forum moderator told…

Read More