In an age when cyber threats loom large, the dedication and passion of cybersecurity professionals are more crucial than ever. Each year, Cisco makes a point of selecting and recognizing a standout cybersecurity advocate who has earned the title of cybersecurity defender. This year, it was impossible to choose just one individual. This is why Cisco’s 2025 EMEA Cybersecurity … [Read more...] about Meet the Cybersecurity Defender of 2025 for EMEA
Security
Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
Feb 15, 2025Ravie LakshmananMobile Security / Technology Google is working on a new security feature for Android that blocks device owners from changing sensitive settings when a phone call is in progress. Specifically, the in-call anti-scammer protections include preventing users from turning on settings to install apps from unknown sources and granting accessibility access. … [Read more...] about Android’s New Feature Blocks Fraudsters from Sideloading Apps During Calls
How Mastronardi Produce Secures Innovation with CrowdStrike
Mastronardi Produce, North America’s largest greenhouse produce distributor, has been at the forefront of sustainable agriculture for over 70 years. In that time, being a leader in both agriculture and innovation has come with diverse cybersecurity challenges, including protecting sensitive data, securing against vulnerabilities, and reducing shadow IT risks. To address … [Read more...] about How Mastronardi Produce Secures Innovation with CrowdStrike
New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Feb 14, 2025Ravie LakshmananVulnerability / DevOps Cybersecurity researchers have disclosed a new type of name confusion attack called whoAMI that allows anyone who publishes an Amazon Machine Image (AMI) with a specific name to gain code execution within the Amazon Web Services (AWS) account. "If executed at scale, this attack could be used to gain access to thousands of … [Read more...] about New “whoAMI” Attack Exploits AWS AMI Name Confusion for Remote Code Execution
Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Feb 14, 2025Ravie LakshmananBrowser Security / Cryptocurrency The North Korean threat actor known as the Lazarus Group has been linked to a previously undocumented JavaScript implant named Marstech1 as part of limited targeted attacks against developers. The active operation has been dubbed Marstech Mayhem by SecurityScorecard, with the malware delivered by means of an … [Read more...] about Lazarus Group Deploys Marstech1 JavaScript Implant in Targeted Developer Attacks
Detect Data Exfiltration with Falcon Next-Gen SIEM
Sensitive data theft is among adversaries’ most common goals. For defenders, data exfiltration can lead to the compromise of customer data, public exposure of trade secrets, and potentially permanent business and reputational damage. Victims of data exfiltration may also face legal issues for non-compliance with data protection laws. This must be a top concern for … [Read more...] about Detect Data Exfiltration with Falcon Next-Gen SIEM
Protecting WhatsApp and Telegram accounts from hacking and hijacking in 2025
Cybercriminals around the world keep honing their schemes to steal accounts in WhatsApp, Telegram, and other popular messaging apps – and any of us could fall for their scams. Only by becoming a victim of such an attack can you fully appreciate how vital a tool instant messaging has become, and how diverse the damage from hacking a WhatsApp or Telegram account may be. But … [Read more...] about Protecting WhatsApp and Telegram accounts from hacking and hijacking in 2025
CrowdStrike Unveils Charlotte AI Detection Triage for Faster SOC Triage
AI has become both a powerful ally and a formidable weapon in today’s cybersecurity landscape. While AI enables security teams to detect and neutralize threats with unmatched speed and precision, adversaries are equally quick to exploit its potential with increasingly sophisticated and automated attacks. This duality has created an arms race in which organizations must not only … [Read more...] about CrowdStrike Unveils Charlotte AI Detection Triage for Faster SOC Triage
Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
Feb 13, 2025Ravie LakshmananWeb Security / Cloud Security A widespread phishing campaign has been observed leveraging bogus PDF documents hosted on the Webflow content delivery network (CDN) with an aim to steal credit card information and commit financial fraud. "The attacker targets victims searching for documents on search engines, resulting in access to malicious PDF that … [Read more...] about Hackers Use CAPTCHA Trick on Webflow CDN PDFs to Bypass Security Scanners
How Adversary Taxonomies Strengthen Global Security
Last month, during testimony on global cyber threats before the U.S. Committee on Homeland Security, a longstanding debate resurfaced: Why do vendors name different cyber threat actors, and can’t we directly call out those responsible? Industry veterans will recognize that a discourse on this topic tends to pop up in vendor, media, and public policy circles every few … [Read more...] about How Adversary Taxonomies Strengthen Global Security