Our smartphones and other devices collect and then transmit massive amounts of data about us to dozens, maybe hundreds, of third-party companies every single day. This includes our location information, and the market for such information is huge. Naturally enough, the buying and selling goes on without our knowledge, creating obscure risks to our privacy. The recent hack of … [Read more...] about Gravy Analytics leak: How to protect your location data
Security
Trojanized game PirateFi discovered on Steam
There are probably no gamers left who don’t know that downloading games from torrent trackers is a risky business. Yes, they come at no cost, cracked and sometimes conveniently repackaged — but they might contain malware. That’s why security solutions throw a fit — quarantining torrent files, preventing the installation of cracks… well, we should be thankful for that! Official … [Read more...] about Trojanized game PirateFi discovered on Steam
Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Feb 17, 2025Ravie LakshmananEndpoint Security / Malware Microsoft said it has discovered a new variant of a known Apple macOS malware called XCSSET as part of limited attacks in the wild. "Its first known variant since 2022, this latest XCSSET malware features enhanced obfuscation methods, updated persistence mechanisms, and new infection strategies," the Microsoft Threat … [Read more...] about Microsoft Uncovers New XCSSET macOS Malware Variant with Advanced Obfuscation Tactics
Meet the Cybersecurity Defender of 2025 for EMEA
In an age when cyber threats loom large, the dedication and passion of cybersecurity professionals are more crucial than ever. Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender. This year, it was impossible to choose just one individual. This is why Cisco’s 2025 EMEA Cybersecurity … [Read more...] about Meet the Cybersecurity Defender of 2025 for EMEA
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
Feb 15, 2025Ravie LakshmananMobile Security / Technology Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. … [Read more...] about Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
How Mastronardi Produce Secures Innovation with CrowdStrike
Mastronardi Produce, North America’s largest greenhouse produce distributor, has been at the forefront of sustainable agriculture for over 70 years. In that time, being a leader in both agriculture and innovation has come with diverse cybersecurity challenges, including protecting sensitive data, securing against vulnerabilities, and reducing shadow IT risks. To address … [Read more...] about How Mastronardi Produce Secures Innovation with CrowdStrike
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of … [Read more...] about New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an … [Read more...] about Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Detect Data Exfiltration with Falcon Next-Gen SIEM
Sensitive data theft is among adversaries’ most common goals. For defenders, data exfiltration can lead to the compromise of customer data, public exposure of trade secrets, and potentially permanent business and reputational damage. Victims of data exfiltration may also face legal issues for non-compliance with data protection laws. This must be a top concern for … [Read more...] about Detect Data Exfiltration with Falcon Next-Gen SIEM
Protecting WhatsApp and Telegram accounts from hacking and hijacking in 2025
Cybercriminals around the world keep honing their schemes to steal accounts in WhatsApp, Telegram, and other popular messaging apps – and any of us could fall for their scams. Only by becoming a victim of such an attack can you fully appreciate how vital a tool instant messaging has become, and how diverse the damage from hacking a WhatsApp or Telegram account may be. But … [Read more...] about Protecting WhatsApp and Telegram accounts from hacking and hijacking in 2025