Latest news with #TheHackerNews
Tom's Guide
03-06-2025
- Business
- Tom's Guide
It's time to update Chrome — zero-day bug is being exploited in the wild by hackers
Google has issued an emergency security update patch for Chrome in order to fix three security issues including one zero-day bug that has been actively exploited in the wild by hackers. This makes it the third active vulnerability to be patched via emergency update since the start of the year, with two others occurring in March and May. As reported by Bleeping Computer, the latest flaw, tracked as CVE-2025-5419, is a high-severity vulnerability caused by an out-of-bounds read and write weakness in the V8 JavaScript and WebAssembly engines in Chrome. It was initially reported on a week ago by members of Google's Threat Analysis group; Google has confirmed that it is being exploited in the wild though the company is not sharing much additional information at the time as they are waiting until more users have had an opportunity to patch their browsers. In the security advisory published on Monday, the company is quoted as stating: 'Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.' This is typical when it comes to active exploits, as it keeps other threat actors from hopping on the band wagon to take advantage of the vulnerability before users are able to update the fix. However, reporting from The HackerNews, says that the flaw involved allowing a remote attacker to potentially exploit heap corruption via a crafted HTML page. Google reports that the issue was mitigated a day after it was reported via a configuration change that was pushed through the Stable Desktop channel across all the Chrome platforms. The zero-day flaw was likewise corrected the same day with updates to Chrome that are rolling out to users in the coming weeks. Chrome does automatically update when new security patches become available, however users can make sure the installation is completed by going to the Chrome menu > Help > About Google Chrome. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Let the update finish then click Relaunch in order to make sure the patch has installed. The update versions are 137.0.7151.68/ .69 for Windows and macOS and version 137.0.7151.68 for Linux. Users of other Chromium-based browsers (Edge, Brave, Opera, Vivaldi) should apply the updates as they become available.
Business Upturn
01-05-2025
- Business Upturn
INE Security Alert: World Password Day 2025 Cybersecurity Training Insights
By GlobeNewswire Published on May 1, 2025, 15:02 IST Cary, NC, May 01, 2025 (GLOBE NEWSWIRE) — INE Security, a leading global provider of hands-on cybersecurity training and cybersecurity certifications, today released expert analysis on the current state of password security and security team training best practices as organizations recognize World Password Day on May 1, 2025. Threat intelligence data shows that password vulnerabilities continue to be the favorite target for hackers worldwide, despite years of warnings from security experts. While companies keep investing in advanced security tech, the humble password remains the front door to most organizations—and too often, it's a door with a broken lock. 'It's concerning to see password-related breaches still dominating security incidents despite all the technological advances,' said Dara Warn, CEO of INE Security. 'What we're finding is that there's a persistent gap between security training and implementation—teams know what they should be doing, but putting that knowledge into practice remains challenging. That's why we're emphasizing practical, hands-on cybersecurity training that transforms security knowledge into meaningful action.' INE Security's analysis reveals three critical password security trends for 2025: Credential Stuffing Attacks Are Getting Worse According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. According to The Hacker News, stolen credentials topped the charts as the #1 attack method in 2023/24, with credential stuffing attacks leaving a trail of damage. These attacks are behind 80% of web application breaches. People Just Aren't Using Password Managers Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Despite all the evidence showing they work, password manager adoption remains stubbornly low. Analysis from JumpCloud found that 83% of enterprise organizations use MFAs, but that drops to a mere 60% for smaller businesses. Even more concerning, 2024 research shows only 36% of people use password managers at all—just 2% more than last year—while more than half are still relying on their memory to keep track of credentials. Hackers Are Getting Better at Bypassing MFA Multi-factor authentication has improved, but phishing campaigns designed to steal those verification codes have gotten much more sophisticated. Keepnet Labs found that 15-20% of phishing attacks are now specifically crafted to get around MFA protection. Addressing these vulnerabilities requires comprehensive cybersecurity training that prepares teams for real-world threats. The Security Training Reality Gap INE Security recommends a fresh approach to security training to fix these problems and strengthen password protection: Make Training Count: Ditch the annual checkbox compliance training for realistic cybersecurity training scenarios that mirror actual credential attacks. IBM found that top-performing companies are 68% more likely to provide effective training compared to low performers. Teams with proper training save around $70,000 annually and are 10% more productive. Get Hands On with Real Practice: Set up security labs and cyber ranges where people can experience simulated password attacks firsthand, building critical skills for their cybersecurity career. Studio found that employees who face simulated attacks develop deeper understanding that sticks with them and keeps them motivated to stay vigilant. Train, Practice, Certify, Repeat: Don't just train once and forget it. Companies with structured, ongoing training see 218% higher income per employee than those that train sporadically according to Keepnet. Build Security Into Your Culture: Close the gap between security knowledge and actual practice by making security part of your company's DNA. A report conducted by INE Security found cybersecurity training programs are the most effective way to keep organizations secure in a cloud-dependent landscape. 'The data consistently shows that organizations investing in comprehensive, hands-on security training achieve measurable improvements in their security outcomes and realize significant returns on that investment,' Warn concluded. 'On World Password Day, I encourage security leaders to thoughtfully evaluate their current training approaches and consider how they might better develop the practical skills their teams need to address today's sophisticated password-based threats.' About INE Security: INE Security is the premier provider of online networking and cybersecurity training and certification. Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for cybersecurity training in business and for IT professionals looking to advance their careers. INE Security's suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career. Disclaimer: The above press release comes to you under an arrangement with GlobeNewswire. Business Upturn takes no editorial responsibility for the same. GlobeNewswire provides press release distribution services globally, with substantial operations in North America and Europe.
