Geek-Guy.com

Category: Global Security News

Automattic says it will reduce its contribution to WordPress core project to match WP Engine

It’s a new year, but drama in the WordPress community keeps going. Automattic, the company that runs WordPress.com, said that it would reduce its contribution to WordPress core, the open-source project that acts as the backbone of most of Automattic’s products and ensures the longevity of WordPress as a technology and community. Automattic CEO and…

Google Project Zero Researcher Uncovers Zero-Click Exploit Targeting Samsung Devices

Cybersecurity researchers have detailed a now-patched security flaw impacting Monkey’s Audio (APE) decoder on Samsung smartphones that could lead to code execution. The high-severity vulnerability, tracked as CVE-2024-49415 (CVSS score: 8.1), affects Samsung devices running Android versions 12, 13, and 14. “Out-of-bounds write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote

RedDelta Deploys PlugX Malware to Target Mongolia and Taiwan in Espionage Campaigns

Mongolia, Taiwan, Myanmar, Vietnam, and Cambodia have been targeted by the China-nexus RedDelta threat actor to deliver a customized version of the PlugX backdoor between July 2023 and December 2024. “The group used lure documents themed around the 2024 Taiwanese presidential candidate Terry Gou, the Vietnamese National Holiday, flood protection in Mongolia, and meeting invitations,…

CrowdStrike Warns of Phishing Scam Targeting Job Seekers with XMRig Cryptominer

Cybersecurity company CrowdStrike is alerting of a phishing campaign that exploits its own branding to distribute a cryptocurrency miner that’s disguised as an employee CRM application as part of a supposed recruitment process. “The attack begins with a phishing email impersonating CrowdStrike recruitment, directing recipients to a malicious website,” the company said. “Victims are prompted…

Beams secures $9M Series A to digitize UK home renovation market

Home renovation projects can be unpredictable for both customers and builders. Meanwhile, small contractors barely use modern software and home renovation giants, like IKEA, tend to trundle on with dated legacy software. UK startup Beams thinks it can solve this conundrum and has now raised a $9 million Series A funding round to crack the…

India’s payment push is cutting out Visa and Mastercard

As global regulators increase their scrutiny on Visa and Mastercard over merchant fees, India has chosen a different path: creating rival payment networks that are increasingly sidelining international card networks. The strategy builds on India’s Unified Payments Interface, known as UPI, a nine-year-old system that now processes more than 13 billion real-time transactions monthly, or…

SEC rule confusion continues to put CISOs in a bind a year after a major revision

Confusion around when and how to report cybersecurity breaches continues to plague companies a year after revised US Securities and Exchange Commission (SEC) cybersecurity breach reporting rules came into effect, experts say. As the agency that regulates and enforces federal US securities laws continues to flex its enforcement muscles against organizations that violate the strict…

X says it is rolling out labels for parody accounts

Elon Musk-owned social network X said today that it is rolling out labels for parody or satire accounts to differentiate them from other accounts. In the past, users, including news presenters, have mistaken posts from parody accounts as authentic statements made by real people or entities. The company’s safety account on the platform said that…

6 Risk-Assessment-Frameworks im Vergleich

Mit dem richtigen Framework lassen sich Risiken besser ergründen. FOTOGRIN – shutterstock.com Für viele Geschäftsprozesse ist Technologie inzwischen unverzichtbar. Deshalb zählt diese auch zu den wertvollsten Assets eines Unternehmens. Leider stellt sie gleichzeitig jedoch auch eines der größten Risiken dar – was Risk-Assessment-Frameworks auf den Plan ruft. IT-Risiken formal zu bewerten, ermöglicht es Organisationen, besser einzuschätzen,…

Every smartphone in LA accidentally received a wildfire evacuation alert

As wildfires rage for the third consecutive day through parts of Los Angeles, now including the Hollywood Hills, several neighborhoods have been forced to evacuate for safety purposes. But on Thursday afternoon, a wildfire evacuation alert was mistakenly sent to the smartphone of every resident in Los Angeles County, a region with more than 9…

This security system shoots paintballs at intruders

Doorbell cameras are standard fare these days. More and more people have invested in connected security systemss, as the technology has become both cheaper and more user friendly. There’s one important thing these system won’t do, however: shoot people and animals with paintballs. That is, however, pretty much the Eve PaintCam’s whole M.O. Carrying the…

Hippocratic AI raises $141M for creating patient-facing AI agents

Hippocratic AI, a startup building AI solutions that can handle non-diagnostic patient-facing tasks, secured a massive $141 million Series B at a valuation of $1.64 billion led by Kleiner Perkins, the company announced Thursday. The funding comes nine months after Hippocratic AI raised a $53 million round from General Catalyst and Andreessen Horowitz and five…

Leaked Meta Rules: Users Are Free to Post “Mexican Immigrants Are Trash!” or “Trans People Are Immoral”

Meta is now granting its users new freedom to post a wide array of derogatory remarks about races, nationalities, ethnic groups, sexual orientations, and gender identities, training materials obtained by The Intercept reveal. Examples of newly permissible speech on Facebook and Instagram highlighted in the training materials include: “Immigrants are grubby, filthy pieces of shit.”…

ICON, a builder of 3D printed homes last valued around $2 billion, cuts about 25% of staff

ICON Technologies Inc., which builds homes using 3D printing, is laying off 114 people, according to a WARN letter filed with the Texas Workforce Commission. A spokesperson for the company confirmed the news to TechCrunch, providing a statement that ICON had “recently made a difficult decision to re-align” its team and team size “to focus…

Top 3 Mistakes PCI DSS SAQ-D Service Providers Are Making in 2025 That Will Knock Them Out of PCI DSS 4 Compliance

The post Top 3 Mistakes PCI DSS SAQ-D Service Providers Are Making in 2025 That Will Knock Them Out of PCI DSS 4 Compliance appeared first on Feroot Security. The post Top 3 Mistakes PCI DSS SAQ-D Service Providers Are Making in 2025 That Will Knock Them Out of PCI DSS 4 Compliance appeared first…

Ivanti zero-day exploited by APT group that previously targeted Connect Secure appliances

Researchers from Google’s Mandiant division believe the critical remote code execution vulnerability patched on Wednesday by software vendor Ivanti has been exploited since mid-December by a Chinese cyberespionage group. This is the same group that has exploited zero-day vulnerabilities in Ivanti Connect Secure appliances back in January 2024 and throughout the year. The latest attacks,…

TikTok tells LA staff impacted by wildfires to use personal/sick hours if they can’t work from home

Wildfires are currently devastating the greater Los Angeles area, burning over 45 square miles, torching over 1,300 structures, and putting nearly 180,000 people under evacuation orders as of Thursday. And yet, TikTok’s LA-based employees are being told to either continue their work from home or use their personal/sick days if that’s not possible, while the…

The Benefits of Implementing Least Privilege Access

Why is Least Privilege Access a Key Aspect in Security Practices? If you’re involved in cybersecurity, the term “Least Privilege Access” may be familiar. But why is it considered a central feature in security practices across diverse industries? Least privilege, rooted in the principle that a user or system should have the bare minimum permissions…

ChatGPT’s newest feature lets user assign it traits like ‘chatty’ and ‘Gen Z’

OpenAI is introducing a new way for users to customize their interactions with ChatGPT, the company’s AI-powered chatbot. Some users on X on Thursday reported that ChatGPT’s existing custom instructions menu on the web has been revamped with new fields. Now, users can specify a preferred name or nickname, their profession, other things they’d like…

CES 2025: Where have all the US automakers gone? 

The old chestnut passed around by industry watchers for the past decade was that CES — one of the world’s largest consumer tech trade events — had turned into an auto show. Maybe even the most important auto show of the year. And there was ample evidence of that. GM Chairman and CEO Mary Barra…

Google folds more teams into DeepMind to ‘accelerate the research to developer pipeline’

As it looks to accelerate the pace of its AI development, Google is further streamlining the teams building its AI services, platforms, and tools. On Thursday, Logan Kilpatrick, who leads product for Google’s AI Studio developer platform, said in a post on X that Google’s AI Studio team and the team developing the API for…

Smashing Security podcast #399: Honey in hot water, and reset your devices

Ever wonder how those “free” browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets. Plus, we take a look at…

FCC moves to tighten industry reporting rules for robocalls

The Federal Communications Commission is tightening up reporting requirements that are meant to prove agencies are cracking down on robocalling and phone number spoofing. The commission voted Wednesday to adopt new rules that would put in place stricter filing requirements for the Robocall Mitigation Database, a system used by communications providers to report compliance with…

These are CES 2025’s least repairable and sustainable gadgets, according to iFixit

The Razzies, the Darwins — not all awards are good. Sure, CES is a time to celebrate the year’s weirdest and most wonderful consumer electronic, but thankfully we’ve got iFixit around to throw a little cold water on the fair. As we enter the penultimate day of the event, the repair stalwart presents its “Worst…

New Mirai botnet targets industrial routers

According to security analysis, the Gayfemboy botnet, based on the notorious Mirai malware, is currently spreading around the world. Researchers from Chainxin X Lab found that cybercriminals have been using the botnet since November 2024 to attack previously unknown vulnerabilities. The botnet’s preferred targets include Four-Faith and Neterbit routers or smart home devices. Experts from VulnCheck reported at the end…

DoorBox debuts its new and improved smart delivery box at CES 2025

Millions of packages stolen each year. DoorBox aims to change how packages are delivered with its smart package box that features a theft-proof design with live camera feeds and an alarm that activates automatically if the box is tampered with.  After selling 2,000 units of its initial version, which offered manual functionality, the startup unveiled…

Mark Zuckerberg gave Meta’s Llama team the OK to train on copyrighted works, filing claims

Counsel for plaintiffs in a copyright lawsuit filed against Meta allege that Meta CEO Mark Zuckerberg gave the green light to the team behind the company’s Llama AI models to use a data set of pirated ebooks and articles for training. The case, Kadrey v. Meta, is one of many against tech giants developing AI…

Scout Motors CEO Scott Keogh says modern cars have become ‘dystopian’ and ‘disconnected’

Volkswagen-backed startup Scout Motors broke cover just a few months ago, and at this week’s CES 2025 in Las Vegas, Nevada, they hold the honor of being one of the only American automakers with a presence at the show.  That’s not the only thing that stands out about Scout being here, though. In a sea…

SonicWall firewall hit with critical authentication bypass vulnerability

SonicWall is warning customers of a severe vulnerability in its SonicOS SSLVPN with high exploitability that remote attackers could use to bypass authentication. The bug is an improper authentication vulnerability in the SSL VPN authentication mechanism, according to emails sent to customers and published on SonicWall’s official subreddit. “We have identified a high (severity) firewall…

CES 2025: The weirdest tech products and claims from this year’s event

CES 2025 is in full swing. While the conference features reveals from tech powerhouses like Nvidia, Samsung, and Toyota, there are also some very strange product concepts and announcements circulating on the show floor. We’ve compiled the weirdest, silliest, and most eyebrow-raising products from CES 2025. A robotic cat that cools down your coffee for…

Major Vulnerabilities Patched in SonicWall, Palo Alto Expedition, and Aviatrix Controllers

Palo Alto Networks has released software patches to address several security flaws in its Expedition migration tool, including a high-severity bug that an authenticated attacker could exploit to access sensitive data. “Multiple vulnerabilities in the Palo Alto Networks Expedition migration tool enable an attacker to read Expedition database contents and arbitrary files, as well as…

New zero-day exploit targets Ivanti VPN product

A year after a series of vulnerabilities impacting a pair of Ivanti VPN products prompted an emergency directive from the Cybersecurity and Infrastructure Security Agency to federal agencies, the Utah-based software firm is again experiencing issues with one of its signature systems. The company on Wednesday disclosed two vulnerabilities — CVE-2025-0282 and CVE-2025-0283 — that…

Comcast and other TV streamers are now chasing YouTube’s ad dollars instead of the other way around

TV providers and streamers’ real competition isn’t each other, it’s social video. Or at least that’s what the president of Comcast Advertising, James Rooke, said during an interview on Wednesday at CES 2025 in Las Vegas. The ad exec was speaking about the company’s Monday launch of “universal ads,” a solution that lets marketers buy…

Google searches for deleting Facebook, Instagram explode after Meta ends fact-checking

Google searches for how to cancel and delete Facebook, Instagram, and Threads accounts have seen explosive rises in the U.S. since Meta CEO Mark Zuckerberg announced that the company will end its third-party fact-checking system, loosen content moderation policies, and roll back previous limits to the amount of political content in user feeds.  Experts see…

Watch Duty surpasses ChatGPT as top free app on App Store as California fires spread

Watch Duty, an app to track wildfires with live maps and alerts, has become the No. 1 free app in Apple’s App Store as of Wednesday morning. The fire-tracking app surpassed the ChatGPT app for the No. 1 spot as devastating fires continue to rage across Southern California. ChatGPT had been in the No. 1…

Google’s Daily Listen AI feature generates a podcast based on your Discover feed

Google is testing a new “Daily Listen” feature that automatically generates a podcast based on your Discover feed. The company confirmed to TechCrunch that Daily Listen is a personalized AI-powered audio experience that is designed to help you stay up to date on the topics you care about.  The feature is currently rolling out on…

Doublepoint launches free Apple Watch app to control devices with hand gestures

Finnish startup Doublepoint launched its free app, WowMouse, for the Apple Watch this week at CES 2025. The app uses the wearable’s sensors, compass, and accelerometer to turn your hand into a mouse that can control devices through hand gestures. The Apple Watch already uses a similar technology for the double tap feature it released…

Video editing app Captions switches to a freemium model to boost growth

Video editing app Captions is looking to cash in on uncertainty around TikTok and ByteDance’s video editing app CapCut’s future in the U.S. by turning to a freemium model. The app, backed by Kleiner Perkins, Sequoia Capital, and Andreessen Horowitz, has been a paid-only app until now. However, the company is changing its course to…

The Hidden Costs of Poor Access Management: Why Small Businesses Can’t Afford to Ignore It

When a former employee retains access to sensitive systems months after leaving, it’s more than a security oversight—it’s a serious business risk. Learn true costs of poor access management, from immediate impacts to long-term reputation damage, and discover practical steps to protect your business. The post The Hidden Costs of Poor Access Management: Why Small…

Openreach chooses Nokia to build open-access fiber network to connect millions to faster broadband

Nokia building open access platform to accelerate fiber broadband services for millions of UK homes and businesses. Nokia’s intent-based model enables Openreach to reduce operations support systems (OSS) complexity by 85 percent. Nokia’s domain controllers allow Openreach to fully automate and simplify network operations, driving scalability and operational efficiency throughout its network9 January 2025 Nokia…

PrettyDamnQuick snaps up $25M to speed up online checkout

A startup hoping to provide a credible alternative to Amazon has picked up funding to double down on the gap in the market. PrettyDamnQuick (PDQ) provides tech to retailers to let them customize and test different shipping and checkout flows, and now it has picked up a deal of its own: a $25 million Series…

Accenture Launches AI Refinery for Agentic AI Journeys

On the heels of the Consumer Electronics Show (CES) 2025, Accenture announced the launch of its new AI Refinery for Industry to correspond with the event. The refinery will begin with a collection of 12 industry agent solutions to assist enterprises with rapidly building and deploying a network of AI agents that can enhance its…

Neue Hinweise zur angeblichen Ransomware-Attacke auf Atos

Tobias Arhelger – Shutterstock.com Die Ransomware-Bande Space Bears veröffentlichte Ende Dezember 2024 einen Hinweis auf gestohlene Daten von Atos. Der französische IT-Dienstleister teilte jedoch daraufhin mit, dass es keinen Ransomware-Angriff auf seine Systeme gegeben habe. Allerdings räumt das Unternehmen ein, dass die Daten von einer kompromittierten Infrastruktur eines Drittanbieters stammen. Um welchen Anbieter und welche…

Tesla directors to pay up to $919 million to settle claims they overpaid themselves

A Delaware judge has approved a settlement that will see Tesla directors – including Chair Robyn Denholm, Oracle founder Larry Elison, Kimbal Musk, and James Murdoch – return up to $919 million to the automaker, officially resolving allegations that they overpaid themselves, per Reuters.  The settlement concludes a 2020 lawsuit by the Police and Fire…

East coast gas surplus on the immediate horizon but longer-term regulatory certainty needed to avoid future shortfalls

How Australia’s leading enterprises are tackling product design challenges The increasing complexity of digital product development is driving Australian enterprises to seek new solutions to streamline their design and development processes. As teams grow larger and more distributed, organisations are investing in integrated platforms to manage end-to-end product delivery more effectively.

New Banshee Stealer Variant Bypasses Antivirus with Apple’s XProtect-Inspired Encryption

Cybersecurity researchers have uncovered a new, stealthier version of a macOS-focused information-stealing malware called Banshee Stealer. “Once thought dormant after its source code leak in late 2024, this new iteration introduces advanced string encryption inspired by Apple’s XProtect,” Check Point Research said in a new analysis shared with The Hacker News. “This development allows it…

Rounded is an AI orchestration platform that lets anyone build an AI voice agent

French startup Rounded believes AI voice agents are going to become the default way customers interact with companies, so instead of building AI voice agents that are ready to use, the company is building an orchestration platform that lets companies build their own voice agent. Rounded started off working on a web3 product before shifting…

Biosphere zaps germs with UV light to make biomanufacturing cheaper

Using LEDs has the potential to bring down the cost of biomanufacturing, allowing such processes to make materials that previously would have been too expensive.  © 2024 TechCrunch. All rights reserved. For personal use only.

China-linked hackers target Japan’s national security and high-tech industries

Japan’s National Police Agency (NPA) and the National Center of Incident Readiness and Strategy for Cybersecurity (NISC) have exposed a long-running cyber espionage campaign, “MirrorFace” (also known as Earth Kasha), allegedly linked to China. The campaign, operational since 2019, has targeted Japanese organizations, businesses, and individuals, primarily to exfiltrate sensitive data related to national security…

WordPress Appliance - Powered by TurnKey Linux