Mobile Cybersecurity Trends for 2025: Key Predictions and Preparations
The post Mobile Cybersecurity Trends for 2025: Key Predictions and Preparations appeared first on Security Boulevard.
Security Boulevard
Executive Order 14144 on Cybersecurity: Building on 2021’s Foundation with Advanced NHI Security
Building on EO 14028, EO 14144 advances U.S. cybersecurity with actionable steps for NHI security and secrets management. Learn what this means for you.
The post Executive Order 14144 on Cybersecurity: Building on 2021’s Foundation with Advanced NHI Security appeared first on Security Boulevard.
Bluesky AT Protocol: Building a Decentralized TikTok
The Bluesky AT Protocol aims to decentralize social media, empowering users with control over their data and interactions. By shifting power away from centralized platforms like TikTok, it paves the way for a more equitable and resilient social media landscape.
The post Bluesky AT Protocol: Building a Decentralized TikTok appeared first on Security Boulevard.
Privacy Roundup: Week 3 of Year 2025
This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 - 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes.
Note: You may see some traditional "security" content mixed-in here due to the close relationship between online privacy and cybersecurity - many things may overlap; for example, major vulnerabilities in popular software, which may compromise the security of user's devices (and therefore pose a threat to their privacy) and large data breaches where significant personal information is exposed.
Items presented here are typically curated with the end user and small groups (such as families and small/micro businesses) in mind. Due to this focus, items primarily affecting enterprises or large organizations may not be included, even if they are widespread or "popular" stories.
TABLE OF CONTENTS
- Surveillance Tech in the News
- Privacy Tools and Services
- Vulnerabilities and Malware
- Phishing and Scams
- Service Providers' Privacy Practices
- Legislation/Regulations/Lawsuits
- Data Breaches and Leaks
This section covers surveillance technology and methods in the news. Specifically, stories and news items where public and/or private organizations have leveraged their capabilities to encroach on user privacy; for example, data brokers using underhanded means to harvest user location data without user knowledge or public organizations using technology without regard for user privacy.
May also include threat actors abusing legitimate technology - which of itself may be irrespective of user privacy in general - to gather information or otherwise target users.
How cars became the worst product category for privacy
Session
Covers the extensive data collection (and subsequent sharing with car manufacturers and their affiliates) enabled by modern vehicles; they can collect way beyond location data.
Inside the Black Box of Predictive Travel Surveillance
Wired
Covers the use of powerful surveillance technology in predicting who might be a "threat."
Federal Trade Commission
FTC launched a "surveillance pricing market study" which concluded that specific captured details and data is used to target consumers with different prices for the same goods and services.
They regularly use people's personal information to set tailored prices. This personal information can range from demographics, mouse movements on a web page, and a person's location.
The study is still ongoing.
Privacy Tools and ServicesPrimarily covers tools and services with a focus on maintaining/improving/respecting user privacy. Generally includes major updates to recommended services/tools found on avoidthehack, but also may feature upcoming/other privacy services not necessarily recommended or promoted by avoidthehack.com
Privacy ToolsBitwarden releases native Android app
AlternativeTo
Bitwarden has made its native Android app "generally available" for download on the Google Play Store.
Privacy ServicesIntroducing Labels: A new era of email organization at Tuta Mail
Tuta
Tuta introduces "labels," an organization feature long requested by its users.
Brave Search now offers real-time blockchain data results with unmatched privacy
Brave
Brave adds privacy-preserving querying for real-time blockchain data results to its Brave Search service.
Vulnerabilities and MalwarePrimarily includes severe and exploited vulnerabilities in devices or software used by end users (ex: a major router firmware flaw). Malware campaigns covered generally target/affect the end user.
This section will not contain every vulnerability/CVE or malware campaign reported, but will focus on those with the largest potential impact on a wide range of end users.
VulnerabilitiesTenable
First Patch Tuesday of 2025 from Microsoft. Three CVEs exploited in the wild and five publicly disclosed (but not expressly observed being exploited in the wild).
CVE-2025-21333, CVE-2025-21334 and CVE-2025-21335 are EoP vulnerabilities in the Windows Hyper-V NT Kernel Integration Virtualization Service Provider (VSP) and were exploited in the wild as zero-days. These probably don't affect most users reading this.
CVE-2025-21308. This is probably a CVE most users should tune into. It is a spoofing vulnerability that affects Themes in Windows. Successful exploitation requires social engineering users into manipulating a specially crafted file. Publicly disclosed, not observed exploited in the wild at time of publication of this post.
Under the cloak of UEFI Secure Boot: Introducing CVE-2024-7344
welivesecurity (ESET)
CVE-2024-7344. A UEFI signed by a Microsoft certificate could bypass Secure Boot. This could result in the executing of code during system boot, defeating the purpose of Secure Boot - which could include loading near undetectable malware such as rootkits.
While there is a list of vulnerable software products, threat actors could use their own copy of the vulnerable reloader.efi binary to any system with the affected Microsoft certificate installed.
Microsoft revoked the certificates with the January 2025 Patch Tuesday updates.
MalwareBrowser-Based Cyber-Threats Surge as Email Malware Declines
Infosecurity Magazine
According to research from the 2024 Threat Data Trends report by the eSentire Threat Response Unit, browser threats (such as drive-by downloads and malvertising) increased; these techniques are in turn used to deliver malware such as information stealers. Approximately 70% of observed malware cases in 2024 derived from browser-based malware.
Cyberattackers Hide Infostealers in YouTube Comments, Google Search Results
darkreading
According to researchers from Trend Micro, threat actors have been uploading video guides for installing cracked software to YouTube. These video guides function as the initial lure; they then share links to fake downloaders for the cracked software, which actually drop information stealers onto the device.
This campaign exploits the inherent trust users have when visiting extremely popular and reputable sites that host/share primarily user-generated content - such as YouTube, GitHub, and Reddit. Similar campaigns on these sites have been observed in recent years.
DOJ confirms FBI operation that mass-deleted Chinese malware from thousands of US computers
TechCrunch
The PlugX malware, used by PRC-linked APT dubbed "Twill Typhoon" or "Mustang Panda," had infected millions of computers since at least 2014. The FBI, in connection with French authorities, removed the malware from approximately 4,200 infected hosts in the US (3,000 in France).
Hackers Use Image-Based Malware and GenAI to Evade Email Security
Infosecurity Magazine
Malicious code embedded in image files; when the images are downloaded from well-known websites, they may bypass email security controls. A particular campaign abusing this has been dropping information stealers and keyloggers; specifically the campaign attempts to drop 0bj3ctivityStealer and VIP Keylogger.
Additionally, threat actors have been using HTML smuggling to deliver XWorm malware. The XWorm malware family is typically used as a remote access trojan (RAT) or information stealer.
Phishing and ScamsCovers popular phishing schemes affecting end users - smishing, vishing, and any new scam/phish...
The post Privacy Roundup: Week 3 of Year 2025 appeared first on Security Boulevard.
Biden Signs New Cybersecurity Order
President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide.
Some details:
The core of the executive order is an array of mandates for protecting government networks based on lessons learned from recent major incidents—namely, the security failures of federal contractors.
The order requires software vendors to submit proof that they follow secure development practices, building on a mandate that debuted in 2022 in response to ...
The post Biden Signs New Cybersecurity Order appeared first on Security Boulevard.
The 2025 Themes on Data GPS
With the continued mainstreaming of data privacy concerns, nearly all consumer-facing organizations will be forced to treat data GPS as a first-class initiative within their businesses.
The post The 2025 Themes on Data GPS appeared first on Security Boulevard.
From Dark Web to Jackpot: How Cybercriminals Exploit Stolen Credentials in iGaming
It is essential to address credential stuffing directly and collaborate with the broader iGaming community to mitigate its risks.
The post From Dark Web to Jackpot: How Cybercriminals Exploit Stolen Credentials in iGaming appeared first on Security Boulevard.
Information Security Manual (ISM)
What is the Information Security Manual (ISM)? The Information Security Manual (ISM) is a cybersecurity framework developed by the Australian Signals Directorate (ASD) to help organizations protect their IT and operational technology systems, applications, and data from cyber threats. The ISM is relevant to industries like government, defense, finance, healthcare, and other sectors where sensitive […]
The post Information Security Manual (ISM) appeared first on Centraleyes.
The post Information Security Manual (ISM) appeared first on Security Boulevard.
Dr. Martin Luther King, Jr. Day 2025
MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO
As one of his final official acts, President Joe Biden issued a landmark directive, addressing the evolving challenges posed by cyber threats while charting a strategic course toward a more secure digital ecosystem.
Related: How Trump views of AI, … (more…)
The post MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO first appeared on The Last Watchdog.
The post MY TAKE: Here’s why Donald Trump really needs to fully embrace Joe Biden’s cybersecurity EO appeared first on Security Boulevard.
Considerations for Selecting the Best API Authentication Option
Implementing API authentication is one of the most critical stages of API design and development. Properly implemented authentication protects data, user privacy, and other resources while streamlining compliance, preventing fraud, and establishing accountability. In fact, broken authentication is one of the leading causes of API-related breaches. Ultimately, by applying robust authentication mechanisms, organizations can dramatically [...]
The post Considerations for Selecting the Best API Authentication Option appeared first on Wallarm.
The post Considerations for Selecting the Best API Authentication Option appeared first on Security Boulevard.
Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban
In this episode, we explore Meta’s recent decision to replace traditional fact-checking with community notes and its potential impact on misinformation. We also discuss the implications of a TikTok ban in the U.S., with users migrating to similar apps like RedNote. The conversation covers the challenges of maintaining reliable information in social media and the […]
The post Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban appeared first on Shared Security Podcast.
The post Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban appeared first on Security Boulevard.
NSFOCUS Included in External Threat Intelligence Service Providers Landscape Q1 2025
Santa Clara, Calif. January 20, 2025 – NSFOCUS, a global provider of intelligent hybrid security solutions, announced that it has been included in the Forrester report, The External Threat Intelligence Service Providers Landscape, Q1 2025 among Notable Providers recently. This is the second time for NSFOCUS to be included in this report, as we have […]
The post NSFOCUS Included in External Threat Intelligence Service Providers Landscape Q1 2025 appeared first on NSFOCUS, Inc., a global network and cyber security leader, protects enterprises and carriers from advanced cyber attacks..
The post NSFOCUS Included in External Threat Intelligence Service Providers Landscape Q1 2025 appeared first on Security Boulevard.
DEF CON 32 – Exposing The Occultations In Large Off-Grid Solar Systems
Authors/Presenters: Dan Berte & Alexandru Lazar
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Exposing The Occultations In Large Off-Grid Solar Systems appeared first on Security Boulevard.
Legends of Music: Celebrating the Greatest Artists Across Generations Compilation
Adam Ant, AD Rock, Alan Parsons, Aldo Nova, Alex Lifeson, Andrew Gold, Angus Young, Barbra Streisand, Barry Gibb, Barry White, Benjamin Orr, Barry Goudreau, Beyoncé Knowles-Carter, Bill Wyman, Billy Gibbons, Billy Preston, Billy Squire, Björn Ulvaeus, Bob Casale, Bob Dylan, Bobby Kimball, Boy George, Brad Delp, Brian May, Bruce Dickenson, Carmine Appice, Carol Kaye, Charlie […]
The post Legends of Music: Celebrating the Greatest Artists Across Generations Compilation appeared first on Security Boulevard.
Confident Cybersecurity: Essentials for Every Business
Are Businesses Truly Prepared for Today’s Cybersecurity Challenges? With the transition to a digital majority, company networks are continuously at risk, and potential breaches are growing more severe each day. So, how well-prepared is the average business when it comes to cybersecurity essentials? Business Cybersecurity: More Than Just Firewalls and Antivirus One critical aspect of […]
The post Confident Cybersecurity: Essentials for Every Business appeared first on Entro.
The post Confident Cybersecurity: Essentials for Every Business appeared first on Security Boulevard.
Proactively Managing Cloud Identities to Prevent Breaches
What Role Does Proactive Handling of Cloud Identities Play in Avoiding Breaches? As cybersecurity experts, we are vested in the responsibility of providing guidance and oversight to other professionals in the cybersecurity sphere. A topic that has been gaining traction in recent years is Non-Human Identities (NHIs) and Secrets Security Management. NHIs are machine identities […]
The post Proactively Managing Cloud Identities to Prevent Breaches appeared first on Entro.
The post Proactively Managing Cloud Identities to Prevent Breaches appeared first on Security Boulevard.
How Secure Is Your PAM Strategy?
Is Your PAM Strategy as Secure as You Think? It’s a common question asked in board meetings and by cybersecurity teams: Is our Privileged Access Management (PAM) truly safe? A secure PAM strategy is vital to any business’s cybersecurity infrastructure, but the complexity often leads to blind spots. Non-Human Identities (NHIs) and their associated Secrets […]
The post How Secure Is Your PAM Strategy? appeared first on Entro.
The post How Secure Is Your PAM Strategy? appeared first on Security Boulevard.
DEF CON 32 – Breaking Boundaries: Popping Shells In The Airgap With $10 & Arduino Magic
Author/Presenter: Daniel Beard
Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.
The post DEF CON 32 – Breaking Boundaries: Popping Shells In The Airgap With $10 & Arduino Magic appeared first on Security Boulevard.
Cyber Essentials NHS and Healthcare Organisations
What is Cyber Essentials? Cyber Essentials scheme is a UK government-backed initiative designed to help organisations, large or small, shield themselves from common cyber threats. It outlines a straightforward set of technical security controls that, when appropriately implemented, can reduce an organisation’s attack surface. This is particularly vital for NHS and healthcare organisations. They handle […]
The post Cyber Essentials NHS and Healthcare Organisations appeared first on Security Boulevard.
The Home of the Security Bloggers Network