BuzzSec

Squid is a loyalty card platform in Ireland. Blog moderation policy. from Schneier on Security https://www.schneier.com/blog/archives/2025/03/friday-squid-blogging-squid-loyalty-cards.html

Threat hunters have shed light on a "sophisticated and evolving malware toolkit" called Ragnar Loader that's used by various cybercrime and ransomware groups like Ragnar Locker (aka Monstrous Mantis), FIN7, FIN8, and Ruthless Mantis (ex-REvil). "Ragnar Loader plays a key role in keeping access to compromised systems, helping attackers stay in networks for long-term operations," Swiss from The Hacker News https://thehackernews.com/2025/03/fin7-fin8-and-others-use-ragnar-loader.html

Check out the 58 new pieces of training content added in February, alongside the always fresh content update highlights, new features and events.  from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/knowbe4-content-updates-february-2025

A KnowBe4 Threat Lab Publication Authors: Martin Kraemer, James Dyer, and Lucy Gee Much like sending a phishing email from a compromised account, cybercriminals can boost the deliverability and credibility of their attacks by leveraging legitimate platforms. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/invoice-or-impersonation-36.5-spike-in-phishing-attacks-leveraging-quickbooks-legitimate-domain-in-2025

Microsoft has disclosed details of a large-scale malvertising campaign that's estimated to have impacted over one million devices globally as part of what it said is an opportunistic attack designed to steal sensitive information. The tech giant, which detected the activity in early December 2024, is tracking it under the broader umbrella Storm-0408, a moniker used for a set of threat actors from The Hacker News https://thehackernews.com/2025/03/microsoft-warns-of-malvertising.html

Are you tired of dealing with outdated security tools that never seem to give you the full picture? You’re not alone. Many organizations struggle with piecing together scattered information, leaving your apps vulnerable to modern threats. That’s why we’re excited to introduce a smarter, unified approach: Application Security Posture Management (ASPM). ASPM brings together the best of both from The Hacker News https://thehackernews.com/2025/03/webinar-learn-how-aspm-transforms.html

Access on-demand webinar here Avoid a $100,000/month Compliance Disaster March 31, 2025: The Clock is Ticking. What if a single overlooked script could cost your business $100,000 per month in non-compliance fines? PCI DSS v4 is coming, and businesses handling payment card data must be prepared. Beyond fines, non-compliance exposes businesses to web skimming, third-party script attacks, and from The Hacker News https://thehackernews.com/2025/03/what-pci-dss-v4-really-means-lessons.html

A coalition of international law enforcement agencies has seized the website associated with the cryptocurrency exchange Garantex ("garantex[.]org"), nearly three years after the service was sanctioned by the U.S. Treasury Department in April 2022. "The domain for Garantex has been seized by the United States Secret Service pursuant to a seizure warrant obtained by the United States Attorney's from The Hacker News https://thehackernews.com/2025/03/us-secret-service-seizes-russian.html

Safe{Wallet} has revealed that the cybersecurity incident that led to the Bybit $1.5 billion crypto heist is a "highly sophisticated, state-sponsored attack," stating the North Korean threat actors behind the hack took steps to erase traces of the malicious activity in an effort to hamper investigation efforts. The multi-signature (multisig) platform, which has roped in Google Cloud Mandiant to from The Hacker News https://thehackernews.com/2025/03/safewallet-confirms-north-korean.html

Threat actors of unknown provenance have been attributed to a malicious campaign predominantly targeting organizations in Japan since January 2025. "The attacker has exploited the vulnerability CVE-2024-4577, a remote code execution (RCE) flaw in the PHP-CGI implementation of PHP on Windows, to gain initial access to victim machines," Cisco Talos researcher Chetan Raghuprasad said in a technical from The Hacker News https://thehackernews.com/2025/03/php-cgi-rce-flaw-exploited-in-attacks.html

If you’ve ever had to take a request from Burp and turn it into a command line, especially for jwt_tool.py, you know it can be painful—but no more! The “Copy For” extension is here to save valuable time.  The post Burp Suite Extension: Copy For  appeared first on Black Hills Information Security . from Black Hills Information Security https://www.blackhillsinfosec.com/copy-for/

A new report from Arctic Wolf has found that 96% of ransomware attacks now involve data theft as criminals seek to force victims to pay up. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/data-at-risk-96-of-ransomware-attacks-involve-data-theft

The threat actors behind the Medusa ransomware have claimed nearly 400 victims since it first emerged in January 2023, with the financially motivated attacks witnessing a 42% increase between 2023 and 2024. In the first two months of 2025 alone, the group has claimed over 40 attacks, according to data from the Symantec Threat Hunter Team said in a report shared with The Hacker News. The from The Hacker News https://thehackernews.com/2025/03/medusa-ransomware-hits-40-victims-in.html

Interesting article —with photos!—of the US/UK “Combined Cipher Machine” from WWII. from Schneier on Security https://www.schneier.com/blog/archives/2025/03/the-combined-cipher-machine.html

Cyber threats are growing more sophisticated, and traditional security approaches struggle to keep up. Organizations can no longer rely on periodic assessments or static vulnerability lists to stay secure. Instead, they need a dynamic approach that provides real-time insights into how attackers move through their environment. This is where attack graphs come in. By mapping potential attack paths from The Hacker News https://thehackernews.com/2025/03/outsmarting-cyber-threats-with-attack.html

Over 1,000 websites powered by WordPress have been infected with a third-party JavaScript code that injects four separate backdoors. "Creating four backdoors facilitates the attackers having multiple points of re-entry should one be detected and removed," c/side researcher Himanshu Anand said in a Wednesday analysis. The malicious JavaScript code has been found to be served via cdn.csyndication[ from The Hacker News https://thehackernews.com/2025/03/over-1000-wordpress-sites-infected-with.html

The China-lined threat actor behind the zero-day exploitation of security flaws in Microsoft Exchange servers in January 2021 has shifted its tactics to target the information technology (IT) supply chain as a means to obtain initial access to corporate networks. That's according to new findings from the Microsoft Threat Intelligence team, which said the Silk Typhoon (formerly Hafnium) hacking from The Hacker News https://thehackernews.com/2025/03/china-linked-silk-typhoon-expands-cyber.html

Recently, Dr. Martin J. Kraemer, Security Awareness Advocate at KnowBe4, and Dr. William Seymour, Lecturer in Cybersecurity at King’s College London released a Whitepaper called: “Cybersecurity Information Sharing as an Element of Sustainable Security Culture,”   which examines how people consume and share cybersecurity information, revealing the role that workplace training plays in fostering information sharing among colleagues. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/qa-with-martin-kraemer-on-information-sharing-in-cybersecurity

The cybersecurity landscape is shifting fast—ransomware is evolving, AI is reshaping security operations, and regulations are becoming more complex than ever. Security teams are under pressure to outpace adversaries, manage risk, and defend against sophisticated threats. That’s why Take Command 2025 is built to deliver the most relevant, actionable insights security leaders need to navigate these challenges. This full-day virtual event brings together top security minds—from Rapid7’s experts to industry analysts and frontline defenders—covering the strategies, tools, and intelligence to help you take command of your attack surface. A pre-recorded message from Rapid7 CEO Corey Thomas is already live on our event site, providing an inside look at what you can expect from Take Command 2025, and how our global summit will help security teams stay ahead of emerging threats.See the full list of speakers and watch Corey Thomas’s message on the Take Command 2025 registration page . A Glim...

The rapid adoption of cloud services, SaaS applications, and the shift to remote work have fundamentally reshaped how enterprises operate. These technological advances have created a world of opportunity but also brought about complexities that pose significant security threats. At the core of these vulnerabilities lies Identity—the gateway to enterprise security and the number one attack vector from The Hacker News https://thehackernews.com/2025/03/identity-new-cybersecurity-battleground.html

Of the five , one is a Windows vulnerability, another is a Cisco vulnerability. We don’t have any details about who is exploiting them, or how. News article . Slashdot thread . from Schneier on Security https://www.schneier.com/blog/archives/2025/03/cisa-identifies-five-new-vulnerabilities-currently-being-exploited.html

In November 2024, Cyber Crime continued to lead the Motivations chart with 72%, up from 68% of October. Operations driven... from HACKMAGEDDON https://www.hackmageddon.com/2025/03/05/november-2024-cyber-attacks-statistics/

Cybersecurity researchers are alerting of an ongoing malicious campaign targeting the Go ecosystem with typosquatted modules that are designed to deploy loader malware on Linux and Apple macOS systems. "The threat actor has published at least seven packages impersonating widely used Go libraries, including one (github[.]com/shallowmulti/hypert) that appears to target financial-sector developers from The Hacker News https://thehackernews.com/2025/03/seven-malicious-go-packages-found.html

Threat actors deploying the Black Basta and CACTUS ransomware families have been found to rely on the same BackConnect (BC) module for maintaining persistent control over infected hosts, a sign that affiliates previously associated with Black Basta may have transitioned to CACTUS. "Once infiltrated, it grants attackers a wide range of remote control capabilities, allowing them to execute from The Hacker News https://thehackernews.com/2025/03/researchers-link-cactus-ransomware.html

On Tuesday, March 4, 2025, Broadcom published a critical security advisory ( VMSA-2025-0004 ) on 3 new zero-day vulnerabilities affecting multiple VMware products, including ESXi, Workstation, and Fusion. The most severe of the vulnerabilities is CVE-2025-22224, a critical vulnerability in ESXi and Workstation. Notably, these are not remotely exploitable vulnerabilities — they require an attacker to have existing privileged access on a VM that is running on an affected VMware hypervisor. CVE-2025-22224 ( CVSS 9.3 ): A Time-of-Check Time-of-Use (TOCTOU) vulnerability in VMware ESXi and Workstation that can lead to an out-of-bounds write condition. An attacker with local administrative privileges on a virtual machine could exploit this issue to execute code as the virtual machine's VMX process running on the host. CVE-2025-22225 ( CVSS 8.2 ): An arbitrary write vulnerability in VMware ESXi that allows an attacker with privileges within the VMX process to trigger an arbitrary ke...

If you haven’t been paying attention closely enough, a new type of access control token, like a super browser token on steroids, is becoming hackers' theft target of choice. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/primary-refresh-tokens-arent-your-parents-browser-token

A KnowBe4 Threat Lab Publication Authors: Jeewan Singh Jalal, Anand Bodke, Daniel Netto and Martin Kraemer from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/schools-in-session-surge-in-phishing-attacks-targeting-the-education-sector

Swami Nathan has a track record of building new teams from scratch for global companies. Through his experiences, he’s identified what it takes to build not just any team - but a high performing team that drives innovation and growth for business while propelling career trajectories for those who take the ride. His experience in breaking down silos in tech, driving optimization, and increasing developer & business agility make him the perfect fit to lead the Rapid7 team in Pune, India. “In today’s world, innovation in areas like Artificial Intelligence and Machine Learning are fundamentally changing the technology landscape at a rapid pace. We need to think about ways to become more nimble in our products, our engineering, and in our ability to listen to our customers so we can stay ahead of the curve. At Rapid7, we want to be on the forefront of this evolution, so we can continue to deliver value to our customers and build a more secure digital future.” Building excellence thro...

from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/cyberheistnews-vol-15-09-new-knowbe4-interviews-a-fake-north-korean-employee

This is a sad story of someone who downloaded a Trojaned AI tool that resulted in hackers taking over his computer and, ultimately, costing him his job. from Schneier on Security https://www.schneier.com/blog/archives/2025/03/trojaned-ai-tool-leads-to-disney-hack.html

Credential stuffing attacks had a huge impact in 2024, fueled by a vicious circle of infostealer infections and data breaches. But things could be about to get worse still with Computer-Using Agents, a new kind of AI agent that enables low-cost, low-effort automation of common web tasks — including those frequently performed by attackers. Stolen credentials: The cyber criminal’s weapon of choice from The Hacker News https://thehackernews.com/2025/03/how-new-ai-agents-will-transform.html

Internet service providers (ISPs) in China and the West Coast of the United States have become the target of a mass exploitation campaign that deploys information stealers and cryptocurrency miners on compromised hosts. The findings come from the Splunk Threat Research Team, which said the activity also led to the delivery of various binaries that facilitate data exfiltration as well as offer from The Hacker News https://thehackernews.com/2025/03/over-4000-isp-networks-targeted-in.html

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added five security flaws impacting software from Cisco, Hitachi Vantara, Microsoft Windows, and Progress WhatsUp Gold to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The list of vulnerabilities is as follows - CVE-2023-20118 (CVSS score: 6.5) - A command injection from The Hacker News https://thehackernews.com/2025/03/cisco-hitachi-microsoft-and-progress.html

Google has released its monthly Android Security Bulletin for March 2025 to address a total of 44 vulnerabilities, including two that it said have come under active exploitation in the wild. The two high-severity vulnerabilities are listed below - CVE-2024-43093 - A privilege escalation flaw in the Framework component that could result in unauthorized access to "Android/data," "Android/obb," from The Hacker News https://thehackernews.com/2025/03/googles-march-2025-android-security.html

We are very excited to announce the addition of audiocasts, a new content type now available in the ModStore to help strengthen your security culture through an engaging audio format. from KnowBe4 Security Awareness Training Blog https://blog.knowbe4.com/announcing-audiocasts-a-new-podcast-like-training-content-type

The U.K.'s Information Commissioner's Office (ICO) has opened an investigation into online platforms TikTok, Reddit, and Imgur to assess the steps they are taking to protect children between the ages of 13 and 17 in the country. To that end, the watchdog said it's probing how the ByteDance-owned video-sharing service uses the personal data of children in the age range to surface recommendations from The Hacker News https://thehackernews.com/2025/03/uk-ico-investigates-tiktok-reddit-and.html

This week, a 23-year-old Serbian activist found themselves at the crossroads of digital danger when a sneaky zero-day exploit turned their Android device into a target. Meanwhile, Microsoft pulled back the curtain on a scheme where cybercriminals used AI tools for harmful pranks, and a massive trove of live secrets was discovered, reminding us that even the tools we rely on can hide risky from The Hacker News https://thehackernews.com/2025/03/thn-weekly-recap-alerts-on-zero-day.html

In 2024, global ransomware attacks hit 5,414, an 11% increase from 2023.  After a slow start, attacks spiked in Q2 and surged in Q4, with 1,827 incidents (33% of the year's total). Law enforcement actions against major groups like LockBit caused fragmentation, leading to more competition and a rise in smaller gangs. The number of active ransomware groups jumped 40%, from 68 in 2023 to 95 from The Hacker News https://thehackernews.com/2025/03/the-new-ransomware-groups-shaking-up.html

Brazil, South Africa, Indonesia, Argentina, and Thailand have become the targets of a campaign that has infected Android TV devices with a botnet malware dubbed Vo1d. The improved variant of Vo1d has been found to encompass 800,000 daily active IP addresses, with the botnet scaling a peak of 1,590,299 on January 19, 2025, spanning 226 countries. As of February 25, 2025, India has experienced a from The Hacker News https://thehackernews.com/2025/03/vo1d-botnets-peak-surpasses-159m.html

Firefox browser maker Mozilla on Friday updated its Terms of Use a second time within a week following criticism overbroad language that appeared to give the company the rights to all information uploaded by users. The revised Terms of Use now states - You give Mozilla the rights necessary to operate Firefox. This includes processing your data as we describe in the Firefox Privacy Notice. It from The Hacker News https://thehackernews.com/2025/03/mozilla-updates-firefox-terms-again.html