Tag: tool
-
Russian-Speaking Attackers Target Ethereum Devs with Fake Hardhat npm Packages
by
in SecurityNewsCybersecurity researchers have revealed several malicious packages on the npm registry that have been found impersonating the Nomic Foundation’s Hardhat tool in order to steal sensitive data from developer systems.”By exploiting trust in open source plugins, attackers have infiltrated these platforms through malicious npm packages, exfiltrating critical data such as private keys, mnemonics, First seen…
-
Malicious EditThisCookie Extension Attacking Chrome Users to Steal Data
by
in SecurityNewsThe popular cookie management extension EditThisCookie has been the target of a malicious impersonation. Originally a trusted tool for Chrome users, EditThisCookie allowed users to manage cookie data in their browsers. However, after significant scrutiny, the legitimate version has been removed from the Chrome Web Store, leaving users vulnerable to a fake extension that has…
-
Garak An Open Source LLM Vulnerability Scanner for AI Red-Teaming
by
in SecurityNewsGarak is a free, open-source tool specifically designed to test the robustness and reliability of Large Language Models (LLMs). Inspired by utilities like Nmap or Metasploit, Garak identifies potential weak points in LLMs by probing for issues such as hallucinations, data leakage, prompt injections, toxicity, jailbreak effectiveness, and misinformation propagation. This guide covers everything you…
-
12 cybersecurity resolutions for 2025
by
in SecurityNews
Tags: advisory, ai, api, attack, awareness, breach, business, ceo, chatgpt, china, ciso, communications, control, crowdstrike, cyber, cyberattack, cybersecurity, data, data-breach, deep-fake, defense, detection, email, identity, insurance, jobs, law, malicious, phishing, ransomware, risk, risk-assessment, risk-management, strategy, supply-chain, technology, threat, tool, training, vulnerabilityAs cyber threats continue to evolve, CISOs must prepare for an increasingly complex threat landscape. From dealing with AI-driven attacks to managing changing regulatory requirements, it’s clear that 2025 will be another big year for CISOs.But staying ahead requires more than just implementing the next cutting-edge set of tools or technologies. It demands a shift…
-
Open-Source-Netzwerk Uneinigkeit über Schwere der Socat-Sicherheitslücke
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/kritische-schwachstelle-open-source-tool-socat-cve-2024-54661-a-955df96f677fbd9ed78c849bddd27a66/
-
Balancing proprietary and open-source tools in cyber threat research
by
in SecurityNewsIn this Help Net Security interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses how threat research drives faster, better decision-making in … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/06/thomas-roccia-microsoft-threat-research/
-
Microsoft may have scrapped Windows 11’s dynamic wallpapers feature
by
in SecurityNewsMicrosoft has many good ideas for Windows 11 that often do not ship, and one of them was “Dynamic Wallpapers,” which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-may-have-scrapped-windows-11s-dynamic-wallpapers-feature/
-
Malicious npm packages target Ethereum developers
by
in SecurityNewsMalicious npm packages target Ethereum developers, impersonating Hardhat plugins to steal private keys and sensitive data. Hardhat, by the Nomic Foundation, is an essential Ethereum tool, enabling streamlined smart contract and dApp development with customizable plugins. Socket researchers reported a supply chain attack targeting the Nomic Foundation and Hardhat platforms, attackers use malicious npm packages to…
-
Privacy Roundup: Week 1 of Year 2025
by
in SecurityNews
Tags: access, ai, android, apple, authentication, botnet, breach, browser, business, captcha, chrome, compliance, cve, cybersecurity, data, data-breach, detection, email, encryption, exploit, finance, firmware, flaw, google, group, hacker, healthcare, HIPAA, infrastructure, injection, Internet, law, leak, login, malware, open-source, password, phishing, privacy, router, service, software, threat, tool, update, virus, vulnerabilityThis is a news item roundup of privacy or privacy-related news items for 29 DEC 2024 – 4 JAN 2024. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things overlap; for…
-
PLAYFULGHOST Delivered via Phishing and SEO Poisoning in Trojanized VPN Apps
by
in SecurityNewsCybersecurity researchers have flagged a new malware called PLAYFULGHOST that comes with a wide range of information-gathering features like keylogging, screen capture, audio capture, remote shell, and file transfer/execution.The backdoor, according to Google’s Managed Defense team, shares functional overlaps with a known remote administration tool referred to as Gh0st RAT, which had its source First…
-
NPM Package Disguised as an Ethereum Tool Deploys Quasar RAT
by
in SecurityNewsResearchers discovered a malicious package on the npm package registry that resembles a library for Ethereum smart contract vulnerabilities but actually drops an open-source remote access trojan called Quasar RAT onto developer systems. First seen on hackread.com Jump to article: hackread.com/npm-package-disguised-ethereum-tool-quasar-rat/
-
Millionen Nutzer gefährdet: Schadcode in 36 Chrome-Extensions eingeschleust
Bei den betroffenen Chrome-Erweiterungen handelt es sich um KI-Tools, Passwortmanager, VPNs und mehr. Zusammen kommen sie auf 2,6 Millionen Nutzer. First seen on golem.de Jump to article: www.golem.de/news/millionen-nutzer-gefaehrdet-schadcode-in-36-chrome-extensions-eingeschleust-2501-192093.html
-
Risikomanagement – Was CISOs über KI-Security-Tools wissen müssen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/ki-optimierung-it-security-risikomanagement-a-cda345944a55188589c686e4879fd039/
-
KI-Tool für die Finanzbranche – Deloitte hilft bei der Einhaltung von DORA-Anforderungen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/deloitte-ki-unterstuetzung-finanzinstitute-dora-anforderungen-a-c4263d008af16e5e9f7929d4525343da/
-
Secure by design vs by default which software development concept is better?
by
in SecurityNews
Tags: access, api, application-security, attack, business, cisa, cloud, control, cyber, cybersecurity, data, data-breach, exploit, framework, guide, Hardware, infrastructure, malicious, mfa, nist, programming, resilience, risk, saas, security-incident, service, software, supply-chain, technology, threat, tool, update, vulnerabilityAs cybersecurity professionals, we need to know that the software products we acquire are safe and able to support or accommodate the procedures and tools we use to keep attackers at bay while performing their given functions.With attacks perennially on the rise and the software supply chain remaining as vulnerable as ever, there is momentum…
-
Volkswagen massive data leak caused by a failure to secure AWS credentials
by
in SecurityNewsA failure to properly protect access to its AWS environment is one of the root causes of the recent massive Volkswagen data leak, according to a presentation on the incident at the Chaos Computer Club on Dec. 27.But the security analyst who helped expose the leak said the $351 billion car manufacturer violated its own…
-
Microsoft Sentinel: A cloud-native SIEM with integrated GenAI
by
in SecurityNews
Tags: ai, attack, automation, breach, business, cloud, cyber, cybersecurity, data, data-breach, detection, edr, intelligence, microsoft, risk, siem, skills, soar, soc, technology, threat, tool, training, vulnerabilityIn a recent survey, 74% of cybersecurity professionals said that the threat landscape is the worst they’ve seen in 5 years.1 Escalating cyber threats, an expanding attack surface, and staffing shortages are putting tremendous pressure on the security operations center (SOC).It’s never been more important to have the right tools in place, especially when it…
-
Hackers target dozens of VPN and AI extensions for Google Chrome to compromise data
by
in SecurityNewsAs of Wednesday, a total of 36 Chrome extensions injected with data-stealing code have been detected, mostly related to artificial intelligence tools and virtual private networks.]]> First seen on therecord.media Jump to article: therecord.media/hackers-target-vpn-ai-extensions-google-chrome-malicious-updates
-
Tools for the Fastest Java Migrations
by
in SecurityNewsThe fastest Java migrations from Oracle to an alternative provider start with careful planning and a complete JDK usage inventory. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/tools-for-the-fastest-java-migrations/
-
Five Things To Know On The ‘Major’ US Treasury Department Hack
by
in SecurityNewsA China-linked breach tied to the compromise of BeyondTrust’s remote support tool has reportedly led to the breach of multiple offices within the U.S. Treasury Department. First seen on crn.com Jump to article: www.crn.com/news/security/2024/5-things-to-know-on-the-major-us-treasury-department-hack
-
Stay Ahead: Integrating IAM with Your Cloud Strategy
by
in SecurityNewsIs Your Business Equipped with the Right Tools for IAM Integration? Today’s fast-paced business landscape necessitates an efficient integration of Identity and Access Management (IAM) with your cloud strategy. Given the rise in sophisticated cyber attacks, the need for secure data management has never been more paramount. But how are businesses ensuring the security of……
-
Powerful Tools to Prevent Secrets Sprawl
by
in SecurityNewsHow Can We Prevent Secrets Sprawl? As professionals in the realm of data protection and cybersecurity, we are familiar with the concept of Secrets Sprawl. This phenomenon, where sensitive encrypted data (passwords, keys, tokens) are spread across multiple servers without proper oversight, is a significant security risk. But, how can we prevent this from happening?……
-
6 AI-Related Security Trends to Watch in 2025
by
in SecurityNewsAI tools will enable significant productivity and efficiency benefits for organizations in the coming year, but they also will exacerbate privacy, governance, and security risks. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/6-ai-related-security-trends-watch-2025
-
Addressing Gen AI Privacy, Security Governance in Healthcare
by
in SecurityNewsAs healthcare entities embrace generative AI tools, it’s critical they take a holistic approach addressing privacy and security governance, said Dave Perry, digital workspace operations manager, St. Joseph’s Healthcare in Ontario, who discusses how his organization is tackling those challenges. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/addressing-gen-ai-privacy-security-governance-in-healthcare-i-5433