Oktacron logo
Cyber security aggregate rss news

Cyber security aggregator - feeds history
image for TheMoon Malware Targ ...

 Firewall Daily

The Federal Bureau of Investigation (FBI) has issued a warning about the TheMoon malware. The warning also stresses the dramatic uptick in cyberattacks targeting aging internet routers, especially those deemed “End of Life” (EOL). These vulnerable routers, no longer supported by manufacturers with software or   show more ...

security updates, have become the latest focus of threat actors exploiting them with a new strain of TheMoon malware.  According to the FBI, cybercriminals have set their sights on vulnerable routers that are no longer being updated or supported by manufacturers. Devices made in 2010 or earlier are especially at risk, as they likely haven’t received firmware or security updates for years. [caption id="attachment_102559" align="alignnone" width="773"] Advisory by the FBI (Source: FBI)[/caption] The alert noted an increase in attacks using the malware, specifically targeting routers with remote administration features left enabled.  “End of Life routers were breached by cyber actors using variants of TheMoon malware,” the FBI confirmed. “Recently, some routers at end of life, with remote administration turned on, were identified as compromised by a new variant of TheMoon malware.”  What is TheMoon Malware?  Originally detected in 2014, TheMoon malware is a sophisticated piece of code that infects routers without needing a password. It scans for open ports and targets vulnerable scripts. Once inside, it connects with a command and control (C2) server, which then issues further instructions, often directing the infected device to search for more routers to infect, thereby expanding the malware's reach.  The malware’s primary function is to establish proxy networks using infected devices. These networks are then used to mask criminal activity on the internet, making it difficult to trace the source of illegal operations.  How Proxy Services Exploit Vulnerable Routers  A proxy server acts as a gateway between users and the Internet. In the hands of cybercriminals, these proxies are used to hide the origin of illicit online actions. When a criminal accesses a website through an infected router, the site logs the IP address of the proxy, not the attacker, making investigation and enforcement much harder.  This setup allows threat actors to engage in a range of illegal activities, from stealing cryptocurrencies to accessing prohibited services, while evading detection.  FBI’s Recommendations for Protection To counter these threats, the FBI offers several recommendations for individuals and organizations:  Replace outdated hardware: If your router is considered End of Life, upgrade to a newer, supported model.  Apply updates immediately: Install any available firmware or security patches from the manufacturer.  Disable remote administration: Log into your router settings, turn off remote management, save changes, and reboot the device.  Use strong, unique passwords: Create secure passwords between 16 and 64 characters, and avoid reusing them across platforms.  Monitor for suspicious activity: Signs of infection include overheating, poor connectivity, or unexpected configuration changes.  Conclusion   Suppose you suspect your device has been compromised or exploited by a proxy network. In that case, the FBI urges you to report the incident to the Internet Crime Complaint Center (IC3) with as much detail as possible, including the date, time, nature of the activity, affected users, and the device involved. It's critical to act quickly by contacting your service providers, changing all passwords, enabling two-factor authentication, and setting up alerts for suspicious login attempts or transactions. The FBI’s alert I-050725-PSA is a timely reminder that vulnerable routers, especially end-of-life routers, pose serious cybersecurity risks.  

image for Toronto School Board ...

 Cyber News

The Toronto District School Board (TDSB) has informed parents and staff of a renewed cyber threat following a major data breach involving education technology giant PowerSchool. The extortion attempt, made public on Wednesday, comes weeks after PowerSchool claimed to have contained the initial December 2024 ransomware   show more ...

attack by paying off the hacker. Despite that payment, the hacker has reemerged — this time demanding a ransom from school districts, including TDSB, using data obtained from the original data breach. The Initial PowerSchool Data Breach In late December 2024, between the 22nd and 28th, PowerSchool—an education technology company whose software is used by more than 6,500 school districts and institutions across North America—was compromised in a ransomware attack. The breach affected numerous schools, including Ontario’s largest school board, the TDSB. PowerSchool notified its clients, including TDSB, of the incident on January 7, 2025. At the time, the company took swift action, including paying a ransom to the threat actor. In return, the hacker provided a video purportedly showing the deletion of the stolen data, leading PowerSchool to believe the threat had been neutralized. The Second Extortion Attempt However, that belief has now been challenged. On Wednesday, TDSB Director of Education Clayton La Touche sent a letter to parents, guardians, and staff, confirming that the board had received a new extortion message earlier in the week. The threat actor claimed to possess sensitive data obtained during the December breach and demanded another ransom. We wanted to share an important update about a cyber incident experienced by the Toronto District School Board (TDSB) involving PowerSchool—the application used by TDSB and many school boards across North America to store a range of student information and a limited amount of school-based staff information," La Touche wrote. According to a source familiar with the investigation, TDSB is not the only organization being re-targeted. At least four school boards have reportedly received similar extortion messages. While PowerSchool has not confirmed the exact number of affected customers, the company did release a statement acknowledging the resurgence of threats and promising to support impacted clients. TDSB’s Response In response to the latest development, TDSB activated its cybersecurity response plan. The board has emphasized that it is working closely with PowerSchool to conduct a thorough investigation into the nature of the threat and determine the extent of the potential data compromise. “At this point in time, we are still assessing the exact information that may have been accessed or exported from the application,” TDSB said. “PowerSchool has informed us that it has received confirmation that the data accessed by an unauthorized user has been deleted and that no copies of this data were posted online.” Despite these assurances, the renewed extortion attempt has cast doubt on whether the data was ever truly deleted. The board has notified the Information and Privacy Commissioner of Ontario and assured stakeholders that any confirmed exposure of personal information will be disclosed promptly. TDSB acknowledged the concern this news may cause within the community. “Please know that we are doing everything possible to learn more from PowerSchool about what occurred and will share that information with you,” the letter read. PowerSchool’s Position PowerSchool responded to the situation with a public statement reiterating that it does not believe this is a new breach. According to the company, the data samples provided in the latest extortion attempts match those stolen in December, suggesting the current threat is a continuation of the original incident. The company has reported the matter to law enforcement agencies in both the United States and Canada and has alerted all customers using its Student Information System (SIS) of the development. "We sincerely regret these developments – it pains us that our customers are being threatened and re-victimized by bad actors," PowerSchool stated. The company also acknowledged the difficult decision it faced in paying the initial ransom. “We believed it to be in the best interest of our customers and the students and communities we serve. It was a difficult decision, and one which our leadership team did not make lightly,” the statement read. Despite receiving a video showing the deletion of the data, PowerSchool admitted there was always a risk that the attacker would not honor the agreement. “As is always the case with these situations, there was a risk that the bad actors would not delete the data they stole, despite assurances and evidence that were provided to us,” the company said. Support Measures for Affected Communities As part of its mitigation strategy, PowerSchool has made credit monitoring and identity protection services available for a two-year period to all students and faculty of its SIS customers, regardless of whether their individual data was affected. These support services are meant to help school communities manage the fallout from potential data exposure, including the risk of identity theft or fraud. PowerSchool said it remains committed to transparency and is working diligently to regain the trust of its customers. Broader Implications for the Education Sector As investigations continue, TDSB and other affected school boards will need to evaluate their security measures, vendor relationships, and incident response strategies. Meanwhile, PowerSchool will be under pressure to improve its security posture and reassure stakeholders that it can prevent similar incidents in the future. For now, parents, students, and staff are left in a state of uncertainty, awaiting clarity on whether their personal data has been exposed and how the situation will be resolved. TDSB has pledged to keep its community informed as more information becomes available. “We will continue to update the community as more information becomes available,” La Touche affirmed in the letter to stakeholders.

image for Law Enforcement Take ...

 Cyber News

A joint U.S.-Dutch law enforcement operation has taken down a botnet-for-hire that was comprised of thousands of end-of-life routers. The U.S. Department of Justice (DOJ) announcement came two days after an FBI alert warning about the Anyproxy.net and 5socks.net botnets and urging users to replace vulnerable internet   show more ...

routers or disable remote administration. In addition to a domain seizure warrant for Anyproxy.net and 5socks.net, the DOJ also announced the unsealing of an indictment charging four foreign nationals with conspiracy and other alleged computer crimes for operating the botnets. More Than 7,0000 End-Of-Life Routers in Botnet The Indictment alleges that the botnet was created by infecting older-model wireless internet routers worldwide. The malware allowed the routers to grant unauthorized access to third parties and made them available for sale as proxy servers on the Anyproxy and 5socks websites. Both website domains were managed by a company headquartered in Virginia and hosted on computer servers worldwide, the DOJ alleges. Court documents revealed that the 5socks.net website advertised more than 7,000 proxies for sale worldwide. Users paid a monthly subscription fee ranging from $9.95 to $110 per month. The DOJ said the website's slogan – “Working since 2004!” – suggests that the service had been available for more than 20 years. Russian nationals Alexey Viktorovich Chertkov, Kirill Vladimirovich Morozov, and Aleksandr Aleksandrovich Shishkin, and Dmitriy Rubtsov, a Kazakhstani national, were charged with Conspiracy and Damage to Protected Computers for conspiring with others to maintain, operate, and profit from the botnet services. Chertkov and Rubtsov were also charged with False Registration of a Domain Name for allegedly falsely identifying themselves when they registered and used the domains Anyproxy.net and 5socks.net. The DOJ said the defendants “are believed to have amassed more than $46 million from selling access to the infected routers that were part of the Anyproxy botnet.” Also credited in the operation were the Eastern District of Virginia, the Dutch National Police – Amsterdam Region, the Netherlands Public Prosecution Service (Openbaar Ministerie), and the Royal Thai Police. Lumen Technologies’ Black Lotus Labs also assisted in the investigation. 13 Vulnerable Routers Identified The May 7 FBI alert listed 13 vulnerable routers. Those devices include: E1200 E2500 E1000 E4200 E1500 E300 E3200 WRT320N E1550 WRT610N E100 M10 WRT310N The FBI recommended that users “identify if any of the devices vulnerable to compromise are part of their networking infrastructure. If so, these devices should be replaced with newer models that remain in their vendor support plans to prevent further infection. Alternatively, a user can prevent infection by disabling remote administration and rebooting the device.”

image for Over 40 Hacktivist G ...

 Cyber Warfare

First came the bullets, then came the bots. In the wake of India’s April 22 terror attack in Pahalgam and the retaliatory military strikes under Operation Sindoor, cyberspace lit up with another warfront: a coordinated digital assault launched by hacktivist groups across the Middle East, Southeast Asia, and beyond.   show more ...

According to a detailed cybercrime advisory from Cyble, more than 40 ideologically motivated hacktivist groups attempted to disrupt Indian institutions in a two-week blitz of website defacements, DDoS attacks, and digital propaganda. This is no longer the age of lone-wolf hackers. What we’re seeing is full-scale, crowdsourced cyber activity driven by ideology, symbolism, and geopolitical flashpoints—but with limited operational damage. From Hashtag to Hybrid War The campaign, dubbed #OpIndia, began within 48 hours of the Pahalgam terror attack. But things truly escalated following India's May 7 retaliatory strikes, which were promptly followed by an online response from groups like Keymous+, AnonSec, and the Electronic Army Special Forces. These actors weren’t just aiming for disruption—they were syncing cyberattacks with military events, weaponizing the headlines in real-time. The playbook? Predictable but designed for attention: DDoS attacks briefly knock government portals and law enforcement sites offline. Website defacements to seed anti-India messaging and propaganda. Alleged data breaches suggest deeper access (though few were verified). Despite the high volume, most of the attacks were low-impact, with no evidence of long-term system compromise or critical infrastructure failures. Who's Firing the Payloads? The digital offensive involved over 40 hacktivist groups, some new, some known: Keymous+ led high-visibility DDoS campaigns on healthcare infrastructure like AIIMS and Safdarjung Hospital. AnonSec targeted symbolic assets, including the Prime Minister’s Office and National Judicial Data Grid. Nation of Saviors launched repeated DDoS waves, attempting to disrupt systems like the CBI and the Indian Air Force. While technically basic, these operations showed notable coordination in timing and messaging. Many used social media to announce targets, circulate screenshots, and amplify perceived impact, turning what were often symbolic acts into viral propaganda. Also read: At a Time of Indo-Pak Conflict, Why a Digital Blackout Matters—and How to Do It What Got Targeted The attacks followed a clear strategy: target visibility, not vulnerability. According to Cyble, government and law enforcement portals accounted for 36% of the incidents, but other sectors were also targeted: Education and BFSI: Public-facing portals of universities and banks were picked for their reach. Healthcare: Systems were subjected to DDoS floods, but there was no indication of patient data breaches. IT and Professional Services: Hit for their symbolic value rather than operational control. Geographically, the focus was on Delhi, Maharashtra, Tamil Nadu, West Bengal, and border states like Punjab and Rajasthan—aligning with India’s most visible digital infrastructure. The Tactics: Volume Over Sophistication Most attacks relied on volume and visibility: Over 50% were DDoS attacks, aimed at short-term availability disruption. Around 36% were website defacements, intended more for propaganda than damage. Less than 10% involved unverified data breach claims, mostly opportunistic. Only 3% of incidents involved unauthorized access, and even those lacked depth or persistence. In essence, the campaign was crafted more for social and psychological effect than technical consequence. What It Signals for the Future #OpIndia reflects a shift in how hacktivists operate: Cyber events now mirror military timelines Symbolic attacks are engineered for maximum online impact Low-skill tools are being used for coordinated narrative shaping These are not state-sponsored operations with advanced exploits. They’re decentralized, ideologically motivated groups using basic methods to amplify conflict-driven messaging. Final Byte India’s cyber defenders managed to contain the fallout of a large-scale, coordinated hacktivist campaign, demonstrating the resilience of its digital infrastructure. Despite the volume of attacks,the  actual impact was minimal. What mattered most was perception. Cyble’s report underscores that while the threat of cyber-enabled propaganda is real, India’s core systems remain intact. For future conflict scenarios, it’s the psychological and narrative fronts that may require as much attention as technical defenses. Operation Sindoor may have ended in the air. But its digital aftershocks were largely absorbed, with more noise than damage.

image for Google Expands On-De ...

 Cyber News

Google has released new details on how artificial intelligence (AI) is being used across its platforms to combat a growing wave of online scams. In its latest Fighting Scams in Search report, the company outlines AI-powered systems that are already blocking hundreds of millions of harmful results daily and previews   show more ...

further enhancements being rolled out across Google Search, Chrome, and Android. The move comes as part of a broader push to address evolving scam tactics—from fake customer service numbers and phishing websites to misleading browser notifications and fraudulent tech support messages. AI-Driven Improvements to Google Search Results Scams that exploit search engines to mislead users into clicking harmful links or dialing fraudulent support lines have become increasingly organized. According to Google, updates to its AI-powered detection systems have enabled it to identify and remove deceptive content at a much higher rate than before. Specifically, improvements to its classification models have led to a 20-fold increase in the number of scam pages being caught. These changes allow Search to more effectively block results that may try to harvest personal information, install malware, or promote fraudulent services. One example detailed in the report involves fake airline customer service numbers—a scam that preys on users seeking flight assistance. By applying advanced AI to analyze and flag these patterns, Google has reduced such scams by over 80% in Search results. The company says these AI systems are now better equipped to detect coordinated scam campaigns and new cyber threat trends by analyzing web content at scale, including subtle language shifts and emerging fraud signals. Gemini Nano Brings On-Device Protection to Chrome Beyond Search, Google is turning to on-device artificial intelligence to enhance browser security. A key update comes in the form of Gemini Nano, Google’s compact large language model now integrated into the Enhanced Protection mode of Chrome. Gemini Nano operates directly on the user’s device, analyzing websites in real-time to detect potentially fraudulent behavior—particularly useful for scams that emerge quickly and may not yet be included in blocklists or threat databases. Chrome’s Enhanced Protection mode already offers higher security standards compared to the default setting, with Google reporting it makes users twice as safe from phishing and other web-based threats. The addition of Gemini Nano enables faster detection and more adaptive responses to scams, especially those involving fake tech support alerts. Currently, the system is being used to counter remote tech support scams, where users are tricked into believing their devices are compromised and are pressured into handing over control or making payments. Google says this feature will eventually expand to Android devices and cover a broader range of scam types. Smarter Notification Controls on Android Web-based scams have also shifted tactics by using browser notification permissions to push deceptive messages directly to users’ devices. To counter this, Chrome on Android is introducing new AI-driven warnings that aim to block scammy or spam-like notifications before they reach users. The feature relies on on-device machine learning to assess the content and behavior of sites requesting notification access. If a site is flagged, users receive a warning and can either opt out of notifications or proceed to view the message. The system includes an override option for users who believe a warning was issued in error. This update is designed to reduce the misuse of push notifications by malicious actors who exploit them for scams, fake alerts, or misleading content. Call and Message Protection Using On-Device AI Scams initiated through calls and text messages continue to affect mobile users, with many involving impersonation, urgent requests, or links to fraudulent websites. To address this, Google has introduced AI-powered scam detection into its Messages and Phone by Google apps on Android. Unlike cloud-based filters, these systems operate entirely on-device, allowing them to function without internet access and minimizing privacy concerns. The AI models analyze patterns and language cues commonly associated with scams—such as requests for sensitive details or coercive tactics—and warn users before a risky interaction progresses. This layer of protection is aimed at detecting increasingly sophisticated scam methods that often appear harmless at first but can quickly escalate into harmful situations. A Strategic Shift Toward Localized, Adaptive Protection The recent developments reflect a broader shift in Google’s security strategy—one that favors local, real-time AI capabilities over centralized scanning or delayed responses. By embedding AI models like Gemini Nano directly into devices and apps, Google can respond more quickly to emerging threats and adapt to new scam tactics as they develop. This approach also supports user privacy by processing sensitive data locally rather than transmitting it to cloud servers for analysis. While the tools outlined in the Fighting Scams in Search report mark an improvement in automated defenses, the company acknowledges that no system can catch every threat. Ongoing user awareness and regular software updates remain essential. Key Features Rolling Out Search Protection: AI systems block scammy search results, reducing fake support scams by over 80%. Chrome Enhanced Protection: Uses Gemini Nano for on-device scam detection, starting with tech support fraud. Android Notification Control: AI-powered prompts block spammy or malicious site notifications. Call & Message Defense: On-device AI in Google Messages and Phone detects scam patterns in real-time. Staying Ahead of Online Threats The arms race between scam operators and security systems is ongoing. As scam tactics grow more coordinated and harder to detect, Google is betting on AI as its most scalable and adaptive line of defense. The systems being deployed aim not only to recognize today’s threats, but to anticipate and neutralize tomorrow’s. For users, these updates may be largely invisible—but the impact could be significant. By filtering out fraudulent content earlier in the process, reducing exposure to misleading information, and flagging suspicious activity as it happens, Google is adding layers of friction to scam operations, making it more difficult for them to succeed. The company says it will continue to refine its AI models and broaden the scope of protection, extending to more device types and threat categories over time.

image for CVSS 10.0 Vulnerabil ...

 Firewall Daily

Ubiquity has disclosed two security vulnerabilities affecting its widely used video surveillance platform, UniFi Protect. One of the flaws, now assigned the identifier CVE-2025-23123, has been rated as critical with a maximum CVSS score of 10.0. Both issues have been addressed in recent firmware and application   show more ...

updates, and the company is urging users to install these patches without delay.  The vulnerabilities were detailed in Security Advisory Bulletin 047, published by Ubiquity on May 6, 2025. According to the bulletin, attackers who gain access to the management network of Ubiquity UniFi Protect systems could exploit the flaws to execute malicious code or maintain unauthorized access to video livestreams, even after links are supposedly disabled.  CVE-2025-23123: Critical Remote Code Execution Vulnerability  The more severe of the two issues, CVE-2025-23123, affects UniFi Protect Cameras running firmware version 4.75.43 and earlier. This vulnerability allows a remote attacker with internal network access to trigger a heap-based buffer overflow, enabling the execution of arbitrary code. The flaw is classified as a Remote Code Execution (RCE) threat and poses cybersecurity risks for enterprise environments.  "This vulnerability is especially dangerous because of its low complexity and the absence of user interaction needed to exploit it," Ubiquity noted. The CVSS v3.0 vector for this flaw is AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H, which confirms that the vulnerability can be exploited over the network without authentication or user intervention.  Persistent Livestream Access  The second vulnerability, identified as CVE-2025-23164, affects the Ubiquity UniFi Protect Application version 5.3.41 and earlier. This flaw stems from a misconfigured access token mechanism, which could allow a user to retain access to a livestream after the original "Share Livestream" link has been disabled.   Though this vulnerability is rated as medium with a CVSS score of 4.4, it still poses privacy and surveillance concerns, especially for users sharing security camera access. Ubiquity attributes this discovery to security researcher Mike S. Schonert and has resolved the issue in version 5.3.45 of the UniFi Protect application.  Updates and Fixes Released  To address these vulnerabilities, Ubiquity has released the following updates:  UniFi Protect Cameras 4.75.62: This update resolves the critical RCE issue and includes performance enhancements like improved Talk Back resiliency and more accurate vehicle detection for G6 models. A bug causing failure in spotlight activation after target detection was also fixed.  UniFi Protect Application 5.3.45: Alongside the security patch, this version includes improvements to cloud archiving UX, doorbell volume controls, and a bug fix for incorrect camera reassignment following an AI port restart.  Despite these improvements, Ubiquity did note a known issue: Hallway mode streaming in HDR-disabled settings is currently not functioning on G5-Pro models.  Users are strongly urged to update their Ubiquity UniFi systems immediately, as unpatched devices—especially those on exposed or partially secured networks—can be exploited through critical vulnerabilities like this one, potentially allowing attackers to install malware, conduct unauthorized surveillance, or access broader network resources.

image for Cyber Then & Now ...

 Feed

On Dark Reading's 19-year anniversary, Editor-in-Chief Kelly Jackson Higgins stops by Informa TechTarget's RSAC 2025 Broadcast Alley studio to discuss how things have changed since the early days of breaking Windows and browsers, lingering challenges, and what's next beyond AI.

image for Mobile security matt ...

 Threat Lab

It all starts so innocently. You get a text saying “Your package couldn’t be delivered. Click here to reschedule.”  Little do you know, clicking that link could open the door for scammers to steal your identity, empty your bank account, or even plant malicious software (malware) on your device. Unless you   show more ...

know what to look out for, one little tap on the wrong text could cost you money and peace of mind. Text scams, also known as smishing (SMS + phishing), are on the rise. These fraudulent  messages are sent by cybercriminals and are showing up more often and getting harder to spot. The goal is to get you to give up sensitive personal details that can be used to hack into your accounts, and they are alarmingly successful. The Federal Trade Commission reports that in 2024, consumers lost $470 million to scams that started with text messages. Watch out for these common scams Package delivery alerts Package delivery alerts are the most common text scam. They often impersonate trusted delivery services like UPS, FedEx, and USPS. They claim there’s a delivery problem, then try to trick you into acting quickly by creating a sense of urgency. Because so many of us shop online and have packages delivered regularly, this is a scam that’s easy to fall for. Instead of clicking a link in a suspicious text, go directly to the delivery service’s website and enter your tracking number manually. Tip: Messages like “Click now to avoid fees” are a red flag that you should make you think twice. Photo credit: TextMagic Unpaid toll alerts These scams claim you have an overdue toll charge and demand that you click a link to make a payment or you’ll be hit with late charges. Don’t do it! These scammers are trying to gather personal data like your driver’s license number and credit card information so they can steal from you. Remember, fake texts are often sent from phone numbers or email addresses you do not recognize, so never click on a link sent from an unknown number. Bank account alerts These scams look like they’re from your bank and claim there’s an issue with your funds.  You’re asked for sensitive information like bank logins and passwords, which can be used to drain your bank account. They direct you to click a fake link or call a phony number to resolve it. Tip: Most major banks, including Chase, Wells Fargo and Bank of America, will never ask for personal or account information via text. Photo credit: Wells Fargo Wrong number texts Wrong number texts are designed to seem like a legitimate accident. They start with a simple text like “Hi Mary, are we still on for Thursday?” and you respond “Sorry, wrong number.” The unknown person then tries to start up a friendly conversation, with the goal of establishing a connection and sometimes even cultivating a romantic relationship. It’s common for these cybercriminals to try and con you into a fraudulent investment like a cryptocurrency scam. Task scams Task scams are fake job opportunities. You get a text promising online work with lucrative pay and flexibility. The offer may entail fun tasks like getting paid to shop, but the purpose is to lure you into sharing personal information like your social security number, which can be used to steal your identity. As always, if something sounds too good to be true, it probably is. Prize or gift card scams It’s easy to feel lucky if you get a text claiming you’ve won a prize, a gift card or other type of reward. Sadly, many people fall for this type of fraud. These messages appear to be from legitimate retailers like Amazon, Walmart or Target. They say things like “You’ve been selected for a $100 gift card!” and tell you to click a link to claim your prize. These scams often work because they generate a sense of excitement and urgency, but they’re just another way to trick you into clicking and entering personal or payment information. In reality, there’s no prize – just a phishing site or malware ready to steal your data. Photo credit: TextMagic Mobile security checklist Most of us use our phones for everything – banking, shopping, messaging, and storing personal information. That makes them a treasure trove of sensitive data and a high-value target for cyberthieves. Here are some tips to help you strengthen your mobile security against text scams and other types of fraud. Don’t click: If you get a text from an unknown sender, do not click on any links. Reach out to the company using a confirmed phone number or website to check if it’s a legitimate message. Don’t share: Never share any of your personal or financial information via text. Remember that if someone is asking you to do this, they’re most likely a scammer. Fight the fear: Be wary about responding to a text that sounds urgent or threatening. Scammers love to take advantage by creating a sense of fear. Stay updated: By keeping your phone’s software up to date, you’ll always have the latest security patches. This is an important tool for protecting against viruses and other malware. Stay vigilant: If something seems too good to be true, it likely is. You probably haven’t won that latest iPhone, especially if you don’t remember entering a contest. Always take a moment to think critically before acting. Use strong passwords: Long, complex and unique passwords are a cornerstone of mobile security. Webroot solutions include password managers that help you stay safe while simplifying your life. Enable two-factor authentication (2FA): Use two-factor authentication on your accounts, especially for banking and email. Scan regularly: Scan your device on a regular basis with trusted security software. Whether you’re using Android or iOS, Webroot Mobile Security offers automatic scanning of apps and updates, as well as real-time protection against phishing and malicious websites. Use a VPN: Consider usinga VPN (Virtual Private Network) to protect your personal information when you’re on public Wi-Fi. Webroot Secure VPN provides safe browsing and online transactions for enhanced privacy and data security. Text scams are a sneaky way for hackers to get access on your private data, but you don’t have to fall prey to them. By staying alert to the subtle signs of text scams and arming yourself with the security of Webroot, you can stay safe from the latest mobile threats. Browse, shop, and bank with confidence, knowing that your phone — and everything on it — is protected. Looking for more information and solutions? Top Text Scams The Strategy Behind Phishing Texts How to Spot and Report Text Scams Putting a Stop to Spam Texts Protect Yourself from Text Scams The Value of a VPN Protecting Your Digital Life The post Mobile security matters: Protecting your phone from text scams appeared first on Webroot Blog.

 Feed

A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published today, said it uncovered a malicious infrastructure likely associated with the hacking group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers to a critical SAP NetWeaver flaw

 Feed

Google on Thursday announced it's rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe Browsing in Chrome 137 on desktops. "The on-device approach provides instant insight on risky websites and allows us to offer

 Feed

Cybersecurity researchers are warning of a new campaign that's targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. "The spam message uses the Brazilian electronic invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious content hosted in Dropbox," Cisco Talos

 Feed

AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI agents, you need to ask: Are they secure? AI agents work with sensitive data and make real-time decisions. If they’re not

 Feed

The Vulnerability Treadmill The reactive nature of vulnerability management, combined with delays from policy and process, strains security teams. Capacity is limited and patching everything immediately is a struggle. Our Vulnerability Operation Center (VOC) dataset analysis identified 1,337,797 unique findings (security issues) across 68,500 unique customer assets. 32,585 of them were distinct

 Feed

Cybersecurity researchers have flagged three malicious npm packages that are designed to target the Apple macOS version of Cursor, a popular artificial intelligence (AI)-powered source code editor. "Disguised as developer tools offering 'the cheapest Cursor API,' these packages steal user credentials, fetch an encrypted payload from threat actor-controlled infrastructure, overwrite Cursor's

 Feed

A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that's powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to malicious actors. In conjunction with the domain seizure, Russian nationals, Alexey Viktorovich Chertkov, 37, Kirill Vladimirovich

 Feed

The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed the new findings, said the attackers have "actively and continuously" updated the malware, introducing versions v3 and v4 in

 Feed

Here’s a brief dive into the murky waters of shape-shifting attacks that leverage dedicated phishing kits to auto-generate customized login pages on the fly

 Cloud Security

Source: www.csoonline.com – Author: Analysis May 9, 20253 mins Cloud SecurityCyberattacksThreat and Vulnerability Management Continuous threat exposure management (CTEM) is a proactive, event-driven approach to assessing, prioritizing, and remediating risks in real-time, especially in cloud environments. What   show more ...

is CTEM? Continuous threat exposure management (CTEM) is a security approach that helps companies to continuously identify and […] La entrada What is CTEM? Continuous visibility for identifying real-time threats – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: The company plans to offer users with personal Microsoft accounts on business devices the option to sync their personal OneDrive content to the device in addition to their enterprise OneDrive files. Microsoft’s upcoming OneDrive sync change will give enterprise users an   show more ...

easy way to sync both their personal and corporate OneDrive […] La entrada Microsoft OneDrive move may facilitate accidental sensitive file exfiltration – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cloud Security

Source: www.csoonline.com – Author: Nick Godfrey von Google Cloud erklärt, warum KI die Security-Arbeit verändert und CISOs heute stärker ins Business eingebunden sind. Nick Godfrey, Leiter des Office of the CISO bei Google Cloud Google Cloud Als Senior Director und Leiter des Office of the CISO bei Google   show more ...

Cloud ist es die Aufgabe von Nick […] La entrada „CISOs sprechen heute die Sprache des Business“ – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Ein internationales Phishing-Netzwerk greift weltweit Kreditkartendaten ab. In Deutschland sind 20.000 Personen betroffen. Cyberkriminelle haben Zehntausende Menschen in Deutschland mit gefälschten DHL-Nachrichten getäuscht. nikkimeel – shutterstock.com Laut einer   show more ...

Recherche des Bayerischen Rundfunks (BR) hat eine internationale Betrügerbande Zehntausende Menschen in Deutschland mit Phishing-Nachrichten abgezockt. Die Täter sollen sich in Asien befinden […] La entrada DHL-Masche: Betrüger plündern Konten von Zehntausenden Deutschen – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 CSOonline

Source: www.csoonline.com – Author: Elementary tactics, legacy systems, and poor cyber hygiene put critical energy operations at risk, say federal agencies. The Cybersecurity and Infrastructure Security Agency (CISA), along with the FBI, Department of Energy (DoE), and Environmental Protection Agency (EPA), has   show more ...

warned organizations of cyberattacks targeting Operational Technology (OT) and Industrial Control Systems (ICS) […] La entrada CISA warns of cyberattacks targeting the US oil and gas infrastructure – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Artificial Intelligence

Source: www.csoonline.com – Author: Cybersecurity giant axes 5% of staff, doubling down on AI for efficiency and a bold $10B goal, despite its filings flagging risks in relying on the tech. Cybersecurity giant CrowdStrike is cutting 500 jobs, or 5% of its nearly 10,000-strong workforce, as it pivots to an   show more ...

AI-driven operating model to chase […] La entrada CrowdStrike cuts 500 jobs in AI pivot, but flags risks – Source: www.csoonline.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Google on Thursday announced it’s rolling out new artificial intelligence (AI)-powered countermeasures to combat scams across Chrome, Search, and Android. The tech giant said it will begin using Gemini Nano, its on-device large language model (LLM), to improve Safe   show more ...

Browsing in Chrome 137 on desktops. “The on-device approach provides instant […] La entrada Google Rolls Out On-Device AI Protections to Detect Scams in Chrome and Android – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Chinese

Source: thehackernews.com – Author: . A China-linked unnamed threat actor dubbed Chaya_004 has been observed exploiting a recently disclosed security flaw in SAP NetWeaver. Forescout Vedere Labs, in a report published Thursday, said it uncovered a malicious infrastructure likely associated with the hacking   show more ...

group weaponizing CVE-2025-31324 (CVSS score: 10.0) since April 29, 2025. CVE-2025-31324 refers […] La entrada Chinese Hackers Exploit SAP RCE Flaw CVE-2025-31324, Deploy Golang-Based SuperShell – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Threat actors with ties to the Qilin ransomware family have leveraged malware known as SmokeLoader along with a previously undocumented .NET compiled loader codenamed NETXLOADER as part of a campaign observed in November 2024. “NETXLOADER is a new .NET-based loader   show more ...

that plays a critical role in cyber attacks,” Trend Micro […] La entrada Qilin Ransomware Ranked Highest in April 2025 with 72 Data Leak Disclosures – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: www.troyhunt.com – Author: Troy Hunt For many years, people would come to Have I Been Pwned (HIBP), run a search on their email address, get the big red “Oh no – pwned!” response and then… I’m not sure. We really didn’t have much guidance until we partnered with   show more ...

1Password and started giving specific advice […] La entrada After the Breach: Finding new Partners with Solutions for Have I Been Pwned Users – Source: www.troyhunt.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini A cyberattack briefly disrupted South African Airways’ website, app, and systems, but core flight operations remained unaffected. South African Airways (SAA) is the national flag carrier of South Africa, the airline is wholly owned by the South African   show more ...

government and has subsidiaries including SAA Technical and Air Chefs. A […] La entrada A cyber attack briefly disrupted South African Airways operations – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini The FBI warns that attackers are using end-of-life routers to deploy malware and turn them into proxies sold on 5Socks and Anyproxy networks. The FBI released a FLASH alert warning about 5Socks and Anyproxy malicious services targeting end-of-life (EOL)   show more ...

routers. Attackers target EoL devices to deploy malware by exploiting […] La entrada Cybercriminal services target end-of-life routers, FBI warns – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 APT

Source: securityaffairs.com – Author: Pierluigi Paganini Since early 2025, Russia-linked ColdRiver has used LostKeys malware to steal files in espionage attacks on Western governments and organizations. Google’s Threat Intelligence Group discovered LOSTKEYS, a new malware used by Russia-linked APT COLDRIVER,   show more ...

in recent attacks to steal files and gather system info. The ColdRiver APT (aka “Seaborgium“, “Callisto”, “Star […] La entrada Russia-linked ColdRiver used LostKeys malware in recent attacks – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking News

Source: securityaffairs.com – Author: Pierluigi Paganini SonicWall addressed three SMA 100 flaws, including a potential zero-day, that could allow remote code execution if chained. SonicWall patches three SMA 100 vulnerabilities (CVE-2025-32819, CVE-2025-32820, and CVE-2025-32821), including a potential   show more ...

zero-day, that could be chained by a remote attacker to execute arbitrary code. The first flaw, tracked as […] La entrada SonicWall fixed SMA 100 flaws that could be chained to execute arbitrary code – Source: securityaffairs.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Breaking

Source: thehackernews.com – Author: . A joint law enforcement operation undertaken by Dutch and U.S. authorities has dismantled a criminal proxy network that’s powered by thousands of infected Internet of Things (IoT) and end-of-life (EoL) devices, enlisting them into a botnet for providing anonymity to   show more ...

malicious actors. In conjunction with the domain seizure, Russian nationals, […] La entrada BREAKING: 7,000-Device Proxy Botnet Using IoT, EoL Systems Dismantled in U.S. – Dutch Operation – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . The North Korean threat actors behind the Contagious Interview campaign have been observed using updated versions of a cross-platform malware called OtterCookie with capabilities to steal credentials from web browsers and other files. NTT Security Holdings, which detailed   show more ...

the new findings, said the attackers have “actively and continuously” updated the […] La entrada OtterCookie v4 Adds VM Detection and Chrome, MetaMask Credential Theft Capabilities – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . Cybersecurity researchers are warning of a new campaign that’s targeting Portuguese-speaking users in Brazil with trial versions of commercial remote monitoring and management (RMM) software since January 2025. “The spam message uses the Brazilian electronic   show more ...

invoice system, NF-e, as a lure to entice users into clicking hyperlinks and accessing malicious […] La entrada Initial Access Brokers Target Brazil Execs via NF-e Spam and Legit RMM Trials – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

 Cyber Security News

Source: thehackernews.com – Author: . AI agents are changing the way businesses work. They can answer questions, automate tasks, and create better user experiences. But with this power comes new risks — like data leaks, identity theft, and malicious misuse. If your company is exploring or already using AI   show more ...

agents, you need to ask: Are they […] La entrada Deploying AI Agents? Learn to Secure Them Before Hackers Strike Your Business – Source:thehackernews.com se publicó primero en CISO2CISO.COM & CYBER SECURITY GROUP.

2025-05
Aggregator history
Friday, May 09
THU
FRI
SAT
SUN
MON
TUE
WED
MayJuneJuly