2025 - Security Ticks

Amazon sued for allegedly slurping sensitive data via advertising SDK

Amazon sued for allegedly slurping sensitive data via advertising SDK 2025-01-30 at 10:34 By Thomas Claburn Harvesting of location data and other personal info without user consent, lawsuit claims Amazon and its advertising subsidiary have been sued for allegedly collecting personal and location data from third-party mobile apps without obtaining users’ informed consent.… This article […]

React to this headline:

Amazon sued for allegedly slurping sensitive data via advertising SDK Read More »

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response 2025-01-30 at 10:18 By The Managed XDR team investigated a sophisticated campaign distributing Lumma Stealer through GitHub, where attackers leveraged the platform’s release infrastructure to deliver malware such as SectopRAT, Vidar, and Cobeacon. This article is an excerpt from Trend Micro Research, News and Perspectives

React to this headline:

Lumma Stealer’s GitHub-Based Delivery Explored via Managed Detection and Response Read More »

And now something fun for a change: Building blocks of life in Bennu asteroid samples

Uncategorized / SecurityTicks

And now something fun for a change: Building blocks of life in Bennu asteroid samples 2025-01-30 at 09:48 By Brandon Vigliarolo It’s a 65-million-year-old space rock stuffed with amino acids, DNA bases, and more, boffins report Scientists analyzing samples from asteroid Bennu have found something remarkable: Despite being a cold, lifeless rubble pile that formed

React to this headline:

And now something fun for a change: Building blocks of life in Bennu asteroid samples Read More »

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits

Uncategorized / SecurityTicks

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits 2025-01-30 at 09:48 By Three security flaws have been disclosed in the open-source PHP package Voyager that could be exploited by an attacker to achieve one-click remote code execution on affected instances. “When an authenticated Voyager user clicks on a malicious link, attackers can

React to this headline:

Unpatched PHP Voyager Flaws Leave Servers Open to One-Click RCE Exploits Read More »

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks

Uncategorized / SecurityTicks

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks 2025-01-30 at 09:48 By A Mirai botnet variant dubbed Aquabot has been observed actively attempting to exploit a medium-severity security flaw impacting Mitel phones in order to ensnare them into a network capable of mounting distributed denial-of-service (DDoS) attacks. The vulnerability in question is

React to this headline:

New Aquabot Botnet Exploits CVE-2024-41710 in Mitel Phones for DDoS Attacks Read More »

Oasis Scout empowers security teams to identify attacks on NHIs

Industry news, Oasis Security / SecurityTicks

Oasis Scout empowers security teams to identify attacks on NHIs 2025-01-30 at 09:18 By Industry News Oasis Security unveiled Oasis Scout, an Identity Threat Detection and Response (ITDR) solution designed specifically for NHIs, integrated with proprietary AuthPrint technology. Available with Oasis NHI Security Cloud, Oasis Scout delivers high-fidelity threat detection and response capability for NHIs

React to this headline:

Oasis Scout empowers security teams to identify attacks on NHIs Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler / SecurityTicks

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Chrome, computer forensics, DNS, Don't miss, GitHub, News, open source, software / SecurityTicks

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

React to this headline:

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

Vulnerability management simplified: The core essentials

Uncategorized / SecurityTicks

Vulnerability management simplified: The core essentials 2025-01-30 at 07:03 By In light of today’s evolving threat landscape and high-profile cybersecurity breaches, organizations are facing growing pressure to strengthen their security foundations. This article is an excerpt from Subscribe to Security Magazine’s RSS Feed View Original Source React to this headline:

React to this headline:

Vulnerability management simplified: The core essentials Read More »

89% of AI-powered APIs rely on insecure authentication mechanisms

API security, Artificial Intelligence, cybersecurity, News, report, survey, vulnerability, Wallarm / SecurityTicks

89% of AI-powered APIs rely on insecure authentication mechanisms 2025-01-30 at 06:33 By Help Net Security APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer

React to this headline:

89% of AI-powered APIs rely on insecure authentication mechanisms Read More »

How to use Hide My Email to protect your inbox from spam

apple, Don't miss, email security, how-to, News, Privacy / SecurityTicks

How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email

React to this headline:

How to use Hide My Email to protect your inbox from spam Read More »

DeepSeek’s not the only Chinese LLM maker OpenAI and pals have to worry about. Right, Alibaba?

Uncategorized / SecurityTicks

DeepSeek’s not the only Chinese LLM maker OpenAI and pals have to worry about. Right, Alibaba? 2025-01-30 at 05:18 By Tobias Mann Qwen 2.5 Max tops both DS V3 and GPT-4o, cloud giant claims Analysis The speed and efficiency at which DeepSeek claims to be training large language models (LLMs) competitive with America’s best has

React to this headline:

DeepSeek’s not the only Chinese LLM maker OpenAI and pals have to worry about. Right, Alibaba? Read More »

Mark Zuckerberg reveals thoughts on DeepSeek as Meta’s AI spending under scrutiny

Uncategorized / SecurityTicks

Mark Zuckerberg reveals thoughts on DeepSeek as Meta’s AI spending under scrutiny 2025-01-30 at 03:30 By Reuters Chinese startup DeepSeek’s launch of its latest AI models triggered a selloff in global tech stocks this week on concerns about rising AI costs in the US. This article is an excerpt from Latest Technology News and Product Reviews | New York

React to this headline:

Mark Zuckerberg reveals thoughts on DeepSeek as Meta’s AI spending under scrutiny Read More »

Wacom says crooks probably swiped customer credit cards from its online checkout

Uncategorized / SecurityTicks

Wacom says crooks probably swiped customer credit cards from its online checkout 2025-01-30 at 03:30 By Iain Thomson Digital canvas slinger indicates dot-com was skimmed for over a month Graphics tablet maker Wacom has warned customers their credit card details may well have been stolen by miscreants while they were buying stuff from its website.…

React to this headline:

Wacom says crooks probably swiped customer credit cards from its online checkout Read More »

Tesla sales disappoint, but Elon Musk vows new cars ‘will be in the wild, with no one in them’

Uncategorized / SecurityTicks

Tesla sales disappoint, but Elon Musk vows new cars ‘will be in the wild, with no one in them’ 2025-01-30 at 02:48 By Reuters Tesla’s driver assistance software, known as full self-driving, or FSD, will see unsupervised tests in Texas, California and other states this year. This article is an excerpt from Latest Technology News

React to this headline:

Tesla sales disappoint, but Elon Musk vows new cars ‘will be in the wild, with no one in them’ Read More »

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek

Uncategorized / SecurityTicks

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek 2025-01-30 at 02:48 By Thomas Claburn Oh someone’s in DeepShi… China-based AI biz DeepSeek may have developed competitive, cost-efficient generative models, but its cybersecurity chops are another story.… This article is an excerpt from The Register View Original Source

React to this headline:

Guess who left a database wide open, exposing chat logs, API keys, and more? Yup, DeepSeek Read More »

ASRM: A New Pillar for Cyber Insurance Underwriting

Trend Micro Research : Articles, News, Reports, Trend Micro Research : Cloud, Trend Micro Research : Compliance & Risks, Trend Micro Research : Cyber Crime, Trend Micro Research : Cyber Threats, Trend Micro Research : Endpoints, Trend Micro Research : Expert Perspective, Trend Micro Research : Network / SecurityTicks

ASRM: A New Pillar for Cyber Insurance Underwriting 2025-01-30 at 02:33 By ASRM transforms cyber insurance underwriting by integrating real-time risk assessments, advanced tools (NDR, EDR, Cloud Security, MDR), and proactive mitigation strategies to improve accuracy, reduce claims, and build trust. This article is an excerpt from Trend Micro Research, News and Perspectives View Original

React to this headline:

ASRM: A New Pillar for Cyber Insurance Underwriting Read More »

Lazarus Group cloned open source projects to plant backdoors, steal credentials

Uncategorized / SecurityTicks

Lazarus Group cloned open source projects to plant backdoors, steal credentials 2025-01-30 at 01:45 By Jessica Lyons Stealing crypto is so 2024. Supply-chain attacks leading to data exfil pays off better? North Korea’s Lazarus Group compromised hundreds of victims across the globe in a massive secret-stealing supply chain attack that was ongoing as of earlier

React to this headline:

Lazarus Group cloned open source projects to plant backdoors, steal credentials Read More »

Meta agrees to pay $25M to settle lawsuit from Trump after Jan. 6 suspension

Uncategorized / SecurityTicks

Meta agrees to pay $25M to settle lawsuit from Trump after Jan. 6 suspension 2025-01-30 at 01:31 By Associated Press Meta has agreed to pay $25 million to settle a lawsuit filed by President Donald Trump against the company after it suspended his accounts. This article is an excerpt from Latest Technology News and Product

React to this headline:

Meta agrees to pay $25M to settle lawsuit from Trump after Jan. 6 suspension Read More »

Helion bags $425M in fresh funding despite fusion power still being a distant dream

Uncategorized / SecurityTicks

Helion bags $425M in fresh funding despite fusion power still being a distant dream 2025-01-30 at 00:48 By Brandon Vigliarolo Microsoft-backed startup now valued at $5.4B Fusion energy startup Helion has yet to prove it can generate electricity, but that hasn’t stopped investors from dumping another $425 million into the venture.… This article is an

React to this headline:

Helion bags $425M in fresh funding despite fusion power still being a distant dream Read More »