The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

Source: Chiew via Shutterstock

Attackers are actively exploiting an authentication bypass flaw found in the Palo Alto Networks PAN-OS software that lets an unauthenticated attacker bypass authentication of that interface and invoke certain PHP scripts.

Both the Cybersecurity Infrastructure and Security Agency (CISA) and security researchers are warning of increasing attacker activity to exploit the flaw, tracked as CVE-2025-0108 and first revealed in a blog post on Feb. 12 as a zero-day flaw by researchers at Searchlight Cyber AssetNote. PAN-OS is the operating system for Palo Alto's firewall devices; the flaw affects certain versions of PAN-OS v11.2, v11.1 , v10.2, and v10.1 and has been patched for all affected versions.

Patch info is available in Palo Alto's security advisory on CVE-2025-0108, which is rated as 8.8 and therefore of high severity on the CVSS. The company warned that while the PHP scripts that can be invoked do not themselves enable remote code execution, exploiting the flaw "can negatively impact integrity and confidentiality of PAN-OS," potentially giving attackers access to vulnerable systems, where other bugs could be used to achieve further aims.

Indeed, researchers observed attackers making exploit attempts by chaining CVE-2025-0108 with two other PAN-OS Web management interface flaws — CVE-2024-9474, a privilege escalation flaw, and CVE-2025-0111, an authenticated file read vulnerability — on unpatched and unsecured PAN-OS instances.

**Active Exploitation of Palo Alto Firewalls**

Threat actors apparently got the memo on the potential for exploit, as attacks on affected devices are on the rise. As of Feb. 18, 25 malicious IPs are actively exploiting CVE-2025-0108, up from merely two the day after its discovery was made public, according to researchers at GreyNoise. The top three countries for these attacks are the US, Germany, and the Netherlands, according to a blog post on the exploitation.

"Organizations relying on PAN-OS firewalls should assume that unpatched devices are being targeted and take immediate steps to secure them," Noah Stone, head of content at GreyNoise Intelligence, wrote in the post.

The increased activity to exploit the flaw compelled the CISA to add it to the Known Exploited Vulnerabilities Catalog this week and urge those affected to apply Palo Alto's patches for affected device versions.

**Why CVE-2025-0108 in PAN-OS Exists**

The flaw exists because of a common architecture present in PAN-OS, "where authentication is enforced at a proxy layer, but then the request is passed through a second layer with different behavior," security researcher Adam Kues wrote in Searchlight Cyber Assenote's post.

"Fundamentally, these architectures lead to header smuggling and path confusion, which can result in many impactful bugs," he explained.

Specifically, a Web request to the PAN-OS management interface is handled by three separate components: Nginx, Apache, and the PHP application itself. The researchers found that when the authentication by the requester is set at the Nginx level and based on HTTP headers, the request is then reprocessed again in Apache, which may process the path or headers differently to Nginx before finally handing off the request to PHP.

"If there is a difference between what Nginx thinks our request looks like and what Apache thinks our request looks like, we could achieve an authentication bypass," Kues explained.

The risk of exploitation is greatest if a network configuration enables access to the management interface from the Internet (or any untrusted network) either directly or through a dataplane interface that includes a management interface profile, Palo Alto noted in its advisory.

**Eliminate Risk by Patching Auth Bypass Now**

Palo Alto's network devices are widely used and flaws within them are often quickly set upon by attackers, making it imperative that mitigation for CVE-2025-0108 happens sooner rather than later. The best way to eliminate the risk of exploitation completely is to apply Palo Alto's updates to affected devices, according to the CISA and researchers.

Affected organizations also can reduce this risk if network administrators ensure that only trusted internal IP addresses can access the management interface, according to Palo Alto. Defenders can discover any assets that require remediation action by visiting the Assets section of the Customer Support Portal, the company said.

Palo Alto also recommends that organizations whitelist IPs in the management interface to prevent this or similar vulnerabilities from being exploited over the Internet.

**About the Author**

Elizabeth Montalbano is a freelance writer, journalist, and therapeutic writing mentor with more than 25 years of professional experience. Her areas of expertise include technology, business, and culture. Elizabeth previously lived and worked as a full-time journalist in Phoenix, San Francisco, and New York City; she currently resides in a village on the southwest coast of Portugal. In her free time, she enjoys surfing, hiking with her dogs, traveling, playing music, yoga, and cooking.

Patch Now: CISA Warns of Palo Alto Flaw Exploited in the Wild

Cary, North Carolina, 19th February 2025, CyberNewsWire

**Cary, North Carolina, February 19th, 2025, CyberNewsWire**

2025 marks a time of unprecedented volatility in the technology job market. On one hand, dependence on technology is soaring. The growth of AI and machine learning is propelling a surge in new technologies, tactics, and ideas.

At the same time, organizations are trying to adapt to the changing dynamic. This has led to more job uncertainty, which the technology sector usually avoids. This year alone, roughly 7,000 jobs have been cut across dozens of tech giants, fueling growing concerns among industry professionals. 

As the technology job market weathers this volatility, INE Security, a global leader in networking and cybersecurity training, is highlighting its commitment to equipping IT professionals with the skills they need to thrive. INE focuses on practical training, certifications, and preparation. This helps networking and cybersecurity professionals succeed in a changing job market.

> “Continuous learning and adaptation are more important than ever for individuals hoping to succeed in their networking and cybersecurity career,” said Dara Warn, CEO of INE Security. “It is vital that professionals maintain a continuous cycle of learning. Training gives learners the knowledge and skills they need to succeed. Hands-on practice helps them understand tasks better. Certifications show that they have learned well and prove their skill mastery.”

**Key Benefits of INE’s Training and Certification Programs:**

*   **Enhanced Employability:** Executives, supervisors, and HR professionals are completely aligned in considering industry or professional certifications the most compelling during the hiring process, according to the Society for Human Resource Management (SHRM). 
*   **Practical Experience:** The human element was involved in 68% of cybersecurity breaches in 2023 (Verizon’s 2024 Data Breach Investigations Report). Practical, hands-on experience and industry-recognized certifications validate the skills needed to minimize this risk. 
*   **Flexible Learning Paths:** From foundational courses to advanced certifications, learners can tailor their education to career goals and market needs.

> “With every technological advancement, the skill sets required to manage, secure, and innovate within these systems evolve,” added Warn. “INE Security’s commitment to updating our course materials and labs ensures that our students are always at the forefront of the industry. Our focus is on making them indispensable in their current roles and highly attractive to prospective employers. INE’s training programs are more than just skill-building—they are career lifelines for professionals affected by market disruptions. ”

For more information about how INE can help you stabilize your cybersecurity and networking career goals, users can visit www.ine.com.

For a limited time, access INE Security training and certifications for up to 50% off, including eJPT, eMAPT, eCTHP, eCIR, eCDFP, and ICCA. Bundle certifications with Premium training and save even more. 

**About INE Security**

INE Security is the premier provider of online networking and cybersecurity training and certification.

Harnessing a powerful hands-on lab platform, cutting-edge technology, a global video distribution network, and world-class instructors, INE Security is the top training choice for Fortune 500 companies worldwide for red-team and blue-team security training in business and for IT professionals looking to advance their careers. INE Security’s suite of learning paths offers an incomparable depth of expertise across cybersecurity and is committed to delivering advanced technical training while also lowering the barriers worldwide for those looking to enter and excel in an IT career.

**Contact**

**Kathryn Brown**  
**INE Security**  
**\[email protected\]**

INE Security’s Cybersecurity and IT Training Enhances Career Stability in Tech

By taking several proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets.

John Cusimano, Vice President, OT Security, Armexa

February 19, 2025

4 Min Read

Source: Lev Dolgachov via Alamy Stock Photo

COMMENTARY

Boards of directors play an important role in managing the strategic risks faced by their organizations, particularly in sectors with high-risk operational technology (OT) environments such as energy, transportation, manufacturing, and production. Each of these industries relies heavily on OT — the hardware and software that controls physical processes and devices — to maintain safe, reliable operations, making them particularly concerned about cyberattacks. However, understanding and managing cyber-risks in OT systems can be challenging for boards, often due to the cyber-physical nature of OT and its integration with information technology (IT).  

**The Primary Obstacles Boards Face in Evaluating OT Risks**

One of the biggest challenges boards face is the wide gap between OT specialists and board members. Individuals with deep OT domain knowledge are often too far down the organizational hierarchy to directly influence board-level decisions. This disconnect can lead to a lack of risk awareness and understanding at the highest levels of the organization. 

Additionally, the chief information security officer (CISO), who typically manages enterprise cybersecurity risk, often lacks the specific expertise and training needed to manage cyber-risks in OT environments. OT systems have security vulnerabilities that are significantly different from traditional IT systems. This can result in OT cybersecurity being misunderstood, understaffed, and underfunded despite the potentially catastrophic impact of an OT cyber incident.  

To gain a true picture of OT risks, boards may consider appointing a dedicated OT cybersecurity leader to collaborate closely with the CISO. This role will often have executive-level visibility as well as the authority and resources to assess and manage OT security risks effectively. Just as companies have dedicated leaders for managing environment health and safety risks (EH&S) or financial risks, they also need specialized leaders for OT security. More companies are recognizing this need and are creating dedicated roles for OT cybersecurity leaders, signaling a positive shift in prioritizing OT security. 

**Three Key Strategies Needed for Effective Decision-Making in OT Environments**

Effective decision-making begins with recognizing that the consequences of an OT security breach are notably different from an IT security breach. While an IT breach might compromise data and financial assets, an OT breach can have serious consequences, including physical damage to equipment, disruption of critical processes, and even health, safety, and environmental impacts.  

To address these challenges, organizations must consider adopting a risk-based approach to OT cybersecurity. This involves following industry standards for OT risk assessment and management, such as ISA/IEC 62443-3-2, which provides guidance on partitioning OT systems into security zones and developing credible risk scenarios.  

By developing and analyzing risk scenarios, organizations can identify and prioritize the most serious threats to their OT environments. These scenarios can be ranked based on their likelihood and potential impact, using the same scale the company uses for ranking other risks, ensuring consistency and allowing the board to understand the relative importance of different risks in a broader organizational context. 

**How to Achieve Strategic Cyber-Risk Management Across the Organization**

Boards of directors that recognize the need for separate but aligned programs for IT and OT cybersecurity, each led by their respective experts, will be able to address the specific characteristics and risks associated with each domain. IT security focuses on protecting data confidentiality, integrity, and availability, while OT security prioritizes safety, availability, and process integrity. 

To confirm effective oversight and governance, boards can establish an OT Cybersecurity Governance Committee. This committee may include key executives from operations, engineering, IT, and finance, fostering cross-functional collaboration to make sure that OT cybersecurity is integrated into the organization's overall risk management framework. 

**The Board's Role in OT Security**

Boards and senior management must proactively address the growing cyber-risks in OT environments. This requires a multifaceted approach beginning with appreciating the unique challenges and risks associated with OT cybersecurity, including understanding the potential consequences of OT breaches and the importance of dedicated OT security leadership. Organizations will need to invest in building internal OT cybersecurity expertise and/or partnering with specialized external providers. This includes hiring skilled professionals, providing ongoing training, and leveraging external resources when needed.  

The next step is to develop a comprehensive OT cybersecurity program that includes elements such as risk assessments, vulnerability management, incident response planning, security awareness training, and continuous monitoring. The program will foster collaboration between IT and OT by sharing information, aligning security policies, and coordinating incident response efforts. With an evolving threat landscape, it's important to regularly review and update the OT cybersecurity strategy to confirm it remains effective, focusing on emerging threats, vulnerabilities, and best practices.   

By taking these proactive steps, boards can improve their organization's resilience against cyberattacks and protect their critical OT assets. Specialized firms can provide valuable guidance and support in navigating the complexities of OT cybersecurity, helping organizations align their security processes with business goals and achieve their desired security outcomes.  

Boards of directors have an important role in overseeing and managing cyber-risks in OT environments. By understanding the challenges of OT security, investing in dedicated expertise, and adopting a strategic and proactive approach, organizations can strengthen their defenses and safeguard their critical operations from the growing threat of cyberattacks. 

**About the Author**

Vice President, OT Security, Armexa

John Cusimano is the vice president, OT Security for Armexaan. He is accomplished business and thought leader with more than 30 years of experience in process control, functional safety, operational technology (OT) and industrial control systems (ICS) cybersecurity. John has performed and led hundreds of OT cybersecurity vulnerability and risk assessments and helped dozens of companies establish OT cybersecurity programs. He is a voting member of the ISA 99 cybersecurity standards committee. As part of that committee, he chaired the subcommittee that authored the ISA/IEC 62443-3-2:2020 standard IACS Security Risk Assessment & Design. He is the developer and primary instructor of multiple training courses on OT cybersecurity.

What Is the Board's Role in Cyber-Risk Management in OT Environments?

Malwarebytes now protects ARM-based Windows devices, such as Microsoft’s Surface Pro X and Lenovo’s Yoga laptops.

For the last four years, Malwarebytes has been protecting ARM-based machines running on Apple’s M-series processors. Now, we’ve expanded our protection range to include ARM-based Windows machines such as Copilot+ PCs, including Microsoft Surface Pro, Lenovo Yoga Slim and ThinkPad, and Dell Inspiron, among others. 

ARM-based chips offer advantages such as improved performance, longer battery life, lower costs, and advanced features like on-device AI processing. 

And with ARM processors gaining popularity in the PC market—projections suggest that they could have 25% market share by 2027—there is no doubt that malware creators will expand their reach into this area. 

Malwarebytes helps you get ahead of these threats. With active protection layers that defend against system vulnerabilities, malicious links, and more, Malwarebytes has you covered across your devices. 

**Where can I get it?** 

Go to the Malwarebytes website and hit the Free Download button to try it yourself, or click the button below. Our installer will automatically detect if you have an ARM device.

We recommend Windows 11 or higher for this installation, because Windows 11 has been optimized to run on ARM processors.

 Malwarebytes introduces native ARM support for Windows devices  

Google is allowing its advertizing customers to fingerprint website visitors. Can you stop it?

In the ongoing saga that is Google’s struggle to replace tracking cookies, we have entered a new phase. But whether that’s good news is another matter.

For years, Google has been saying it will phase out the third-party tracking cookies that power much of its advertising business online, proposing new ideas that would allegedly preserve user privacy while still providing businesses with steady revenue streams.

But it’s not been straight forward for Google. As we reported in July, 2024, the tech giant said that due to feedback from authorities and other stakeholders in advertising, Google was looking at a new path forward in finding the balance between privacy and an ad-supported internet.

The announcement read:

> “Instead of deprecating third-party cookies, we would introduce a new experience in Chrome that lets people make an informed choice that applies across their web browsing.”

It’s not hard to see why this is scary. Apple’s App Tracking Transparency (ATT) feature caused a significant upset in the mobile advertising industry. When introduced in April 2021, it allowed users to opt out of being tracked across apps and websites. This led to an estimated 96% of US users choosing to opt out of tracking. With three billion Chrome users around the world, that might easily be an advertiser’s worst nightmare.

Google promised to kill tracking cookies by introducing a one-time global prompt upgrade that would present users with the choice of being tracked or not. By third-party cookies that is.

But ahead of fulfilling that promise, Google has introduced digital fingerprinting. Digital fingerprinting is like creating a unique digital ID for you or your device based on various pieces of information collected when you browse the internet, like:

*   Operating System (OS): Windows, Android, iOS, etc.
*   Browser type and version
*   IP address
*   Installed browser plugins
*   Time zone
*   Language settings
*   …and so on.

With all these pieces of information, it’s possible to create a unique fingerprint by which websites can recognize you, even if you clear your cookies. They will even be able to make an informed guess if you visit the same site with a different browser.

Google itself, at one point, said that fingerprinting was undesirable:

> “Unlike cookies, users cannot clear their fingerprint and therefore cannot control how their information is collected. We think this subverts user choice and is wrong.”

But, per Google’s announcement on December 19, 2024, organizations that use its advertising products can use fingerprinting techniques from last Sunday, February 16, 2025. Well, as far as Google is concerned that is.

The UK information commissioner’s office (ICO) reminded businesses they do not have free rein to use fingerprinting as they please. Like all advertising technology, it must be lawfully and transparently deployed – and if it is not, the ICO will act.

But the OK from Google is likely the start of an intermediate period where we will be bothered with both fingerprinting and third-party cookies until the advertising industry has had the time to transition.

**What can I do?**

Countering fingerprinting is a lot harder than keeping cookies at a minimum. But there are some things you can do to make it harder to get your fingerprint taken.

*   However hard it may be, the time may have come to consider switching to a browser that provides built-in features to resist fingerprinting
*   Or look for anti-fingerprinting tools in the form of browser extensions
*   Use a VPN that can mask your IP address and location, which are very significant pieces of information for fingerprinting
*   Keep your browser updated, so your old version will not give away your data
*   Disabling JavaScript can break a website’s functionality, but it also significantly reduces the data websites can gather about you.

We don’t just write about privacy, we can help you improve yours. Try Malwarebytes Privacy VPN.

 Google now allows digital fingerprinting of its users 

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that…

The advancement of technology has also impacted sectors like gaming. Blockchain technology has surfaced as an asset that provides an angle on honesty and equality in the industry. Developers are incorporating blockchain into gaming to establish a fairer setting for players. This article digs deep into how blockchain games guarantee transparency and impartiality while discussing their advantages and obstacles.

****Exploring the World of Blockchain Technology****

Blockchain is a system of distributed ledgers that records transactions on computers to prevent tampering with data and ensure transparency. Every transaction is visible to all participants involved in the process without relying on a central authority for trust among users in the system’s decentralized environment. Blockchain games are an excellent example of how this technology innovates the gaming industry.

****Exploring the Integration of Blockchain Technology****

Integrating technology into gaming means utilizing ledgers to handle game items and transactions smoothly and securely for players to have genuine ownership of digital assets like characters and weapons or skins in a game environment with verification and safeguarding through blockchain for added security measures with sustainable assurance for peer to peer trades feasible, without intermediaries involvement leading to cost savings. 

****Improving Clarity****

Blockchain technology emphasizes transparency as an element in gaming by allowing players to validate the fairness of in-game events, such as loot drops and purchases, through unchangeable records maintained by the blockchain system. This openness builds trust as players can personally verify the authenticity of game rules. 

****Making Sure Things Are Fair****

Players have always been worried about fairness in gaming! Blockchain technology tackles this problem by allowing game algorithms and results to be easily verified by all parties. To guarantee fairness in games powered by technology and to prevent any play or cheating from happening during gameplay or outcome determination processes, smart contracts are utilized to automate and enforce the rules fairly according to mutually agreed conditions with no chance for any manipulation. 

****Ensuring Honesty and Integrity****

In traditional gaming settings, cheating and fraud are issues that disrupt play for all participants involved. However, with the integration of blockchain technology, every transaction and action taken by players is meticulously documented, making it harder for individuals to engage in deceitful practices. The unchangeable nature of these records is a deterrent against cheating since tampering with past data becomes nearly impossible. This transparency ultimately promotes equality among players, ensuring a level playing field where everyone can compete fairly. 

****Securing Ownership and Assets** **

In games online, belongings usually don’t belong to the players themselves. Blockchain alters this by enabling gamers to own virtual items separately from the game creators or developers who made them in the first place. Gamers can freely sell these possessions with confidence in their ownership security. This newfound freedom enriches the gaming journey as players engage deeply with their realms. 

****The Obstacles Encountered in Blockchain Gaming****

While blockchain gaming offers advantages and opportunities for growth in the industry, it also encounters obstacles along the way. One key issue is scalability, with blockchain networks finding it challenging to handle several transactions efficiently. Moreover, the intricate nature of technology may deter gamers from embracing it fully. To overcome these challenges and gain acceptance, education and user-friendly interfaces play roles.

Blockchain also faces challenges due to its energy consumption levels. However, new technologies are being developed to address this issue and make the gaming industry more eco-friendly by adopting sustainable practices. 

****The Upcoming Trajectory of Blockchain-Based Gaming****

The outlook for games seems bright as technology progresses. Developers are expected to address existing constraints shortly to encourage wider acceptance of these games among players and enthusiasts alike. The overall gaming experience will improve and appeal to a more extensive audience base through advancements in scalability and energy conservation measures. There is potential for blockchain-based games to find their way into the mainstream market and transform the industry by introducing transparency and equity principles. 

****Final Thoughts** **

Blockchain technology promotes transparency and fairness in gaming by providing players with ownership and verifiable results in blockchain games that cultivate a fairer environment for all participants despite obstacles ahead; the promise of advancement and creativity persists substantially. Adopting this technology has the potential to revolutionize our interaction with realms and redefine our understanding of gaming by paving the way for a future where fairness and transparency reign supreme. 

1.  In Gaming Item Scams and How to Avoid Them?
2.  Exploring Data Privacy and Security in B2B Gaming Data
3.  The Rise of Blockchain Gaming and Secure Marketplaces
4.  Blockchain in cybersecurity: opportunities and challenges
5.  GAM3S.GG and Immutable Partner for Web3 Gaming Expansion

How Blockchain Games Ensure Transparency and Fairness

Info stealers are thriving on Mac, with one specific variant accounting for 70% of all info stealer detections at the end of 2024.

The latest, major threats to Mac computers can steal passwords and credit card details with delicate precision, targeting victims across the internet based on their device, location, and operating system.

These are the dangers of “infostealers,” which have long plagued Windows devices but, in the past two years, have become a serious threat for Mac owners. And in 2024, one malicious program in particular is responsible for the lion’s share of infostealer activity—racking up 70% of known infostealer detections on Mac.

These findings come from the 2025 State of Malware report. While many of the threats detailed in the report target companies and businesses, this latest wave of infostealers makes no distinction between Mac computers in an office and Mac computers at home. Unlike ransomware, which is deployed against large businesses that cybercriminals hope can pay hefty ransoms, infostealers can deliver illicit gains no matter the target.

With the right cybersecurity practices, everyday Mac users can stay safe from these emerging threats.

****The threat of infostealers****

“Infostealers” are a type of malware that do exactly as they say—they steal information from people’s devices. But the variety of information that these pieces of malware can steal makes them particularly dangerous.

With stolen credit card details, hackers can attempt fraudulent purchases online. With stolen passwords, the impact is even broader; hackers could wire funds from a breached online banking account into their own, or masquerade as someone on social media to ask friends and family for money. Some infostealers don’t even require an additional step—they can take cryptocurrency directly from a victim’s online accounts. 

But there is another threat to infostealers that comes from their recent history. They are wildly adaptable.

In 2016, Malwarebytes first discovered an infostealer called TrickBot that, when implanted on a person’s device, would steal online banking credentials. But over time, the developers behind TrickBot began adding alarming new features, including the capabilities to steal Outlook credentials, disable Windows Defender, and even to download and deliver additional, separate malware onto infected devices.

By 2018, TrickBot was the largest threat to businesses.

Now, in 2025, another infostealer is raising red flags all across cyberspace, and this time, it isn’t interested in Windows devices.

****The next Mac malware****

Malware is “malicious software,” and just like legitimate software, malware has to be developed for specific operating systems. That means that, for instance, ransomware that works on a Windows laptop doesn’t automatically work on a Mac laptop, and likewise, a phishing app developed for Android devices doesn’t work on iPhones.

For years, then, a great deal of malware activity has focused on Windows devices. The common cybercriminal calculus was that, if there were more Windows users in the world, there was more reason to target those users with cyberattacks.

During this time, most Mac threats were bothersome pieces of malware that would hijack a victim’s web browser to deliver annoying ads and wayward links. But as Mac computers have become standard within businesses—and as demand for Windows computers has waned—cybercriminals have readjusted their thinking.

In 2023, a new infostealer on Mac called Atomic Stealer (AMOS) made its debut, and since its launch, it has not only showcased new features—much like TrickBot—it has also been gussied up with some of the markings of a legitimate business.  

For instance, AMOS can be “licensed” out to other cybercriminals, much like how genuine companies offer their own software for a monthly subscription price. For AMOS, that price was initially $1,000 a month, and with that access, cybercriminals didn’t just buy a productivity tool or communications app, they bought access to an information stealer that can crack into Mac computers to steal a variety of sensitive information.

By January 2024, AMOS had increased its price to $3,000 a month. The developers ran a holiday promotion—seriously—and even released an AMOS update that would better obfuscate the infostealer from being detected by cybersecurity software.

But in the world of cybercrime, malware _features_ only mean so much. Another important piece of cybercrime is getting malware _onto_ a device to begin with. And in 2023, malware delivery evolved hand-in-hand with Mac infostealers.

Rather than trying to deliver malware through clumsy email attachments, cybercriminals have recently turned to “malicious advertising” or “malvertising.” This means that cybercriminals will create bogus versions of websites that will rank highly during regular Google searches, tempting victims into clicking the first, ad-supported link they see online, and unknowingly reaching a website controlled entirely by cybercriminals.

On these websites, cybercriminals advertise a piece of high-demand software and trick users into a download. But instead of receiving the desired software, victims receive, in these cases, infostealers.

This one-two punch of malvertising and advanced infostealers paved the way last year for the next, big Mac threat, called Poseidon.

As we warned in the State of Malware report:

> “Poseidon boasts that it can steal cryptocurrency from over 160 different wallets, and passwords from web browsers, the Bitwarden and KeePassXC password managers, the FileZilla file transfer app, and VPN configurations including Fortinet and OpenVPN.”

Poseidon is the most active infostealer on Mac today, and it accounted for 70% of all infostealer detections on Mac in the final months of 2024, an impressive feat considering the malware barely launched last summer.

Interestingly, Poseidon is just another “fork” of AMOS, meaning that another hacker took AMOS, built upon it, and released it in the wild. Already, Malwarebytes has uncovered consumer-targeted campaigns to infect Mac owners with Poseidon, including a malvertising website disguising Poseidon behind a download for a buzzy new web browser called Arc.

Poseidon represents a sea change in Mac malware, and with the type of advanced targeting that cybercriminals can achieve through malvertising—hackers can target malicious ads based on a potential victim’s location, operating system, software, and search terms—Mac users must be on watch.

****How to stay safe****

In 2025, Mac users don’t need to just watch out for infostealers. They also have to watch out for malvertising in general, as cybercriminals use the malware delivery method for all sorts of threats online.

Here’s how you can stay safe:

*   Use cybersecurity software that offers always-on protection against Mac malware including infostealers, adware, and the rare instances of ransomware.
*   Use Malwarebytes Browser Guard to securely browse the web and to be notified when visiting known, malicious websites that are in control of cybercriminals.
*   Beware the first, ad-supported result on Google searches and other search engines. Cybercriminals have successfully placed their own, malicious ads in these top rankings to trick victims into downloading malware.

**We don’t just report on threats—we remove them**

Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.

 Macs targeted by infostealers in new era of cyberthreats 

A new variant of the Snake Keylogger malware is being used to actively target Windows users located in China, Turkey, Indonesia, Taiwan, and Spain.
Fortinet FortiGuard Labs said the new version of the malware has been behind over 280 million blocked infection attempts worldwide since the start of the year.
"Typically delivered through phishing emails containing malicious attachments or links,

New Snake Keylogger Variant Leverages AutoIt Scripting to Evade Detection

The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning…

The education sector is changing quickly as it adopts digital tools for better learning experiences. These days, learning management systems (LMS), offered as Software as a Service (SaaS), have become crucial for schools and businesses looking to offer flexible online education options. This guide takes a look at ten LMS SaaS platforms that are perfect for expanding online learning opportunities. We won’t be focusing on brands. 

****1\. Exploring LMS SaaS Platforms****

Cloud-based LMS SaaS platforms provide solutions for delivering content and organizing learning activities without requiring extensive infrastructure. They offer access for both instructors and learners while reducing maintenance expenses and ensuring regular updates for a seamless learning process. Moreover, the scalability of SaaS platforms enables institutions to grow without sacrificing quality. 

****2\. User-Friendly Functionality****

Ease of use is an important consideration when choosing an LMS system that fits your needs. Platforms with intuitive user interfaces ensure navigation for both teachers and students. User engagement is improved with features like drag-and-drop tools for creating courses and customizable dashboards. It’s advisable to focus on platforms that provide a well-organized onboarding process to reduce training time when comparing options. 

****3\. Versatility** **

Different organizations have unique requirements that highlight the importance of customization for a learning management system. LMS must offer administrators the flexibility to personalize content delivery methods and assessments based on their objectives. Furthermore, the ability to smoothly integrate third-party software like video conferencing tools and document editors enhances the functionality of the platform. 

****4\. The Ability to Adjust and Grow As Needed****

As organizations expand,​​​ their system must scale accordingly to accommodate a growing number of users while maintaining efficiency. A well-organized LMS should dynamically adjust resources based on demand, ensuring smooth performance regardless of the number of learners.​ ​When selecting a solution for this purpose,​ ​it is important to choose options that can flexibly adjust resources based on the needs.

****5\. Compatibility with Devices****

Education in this era heavily relies on technology to provide accessible learning experiences even while on the move. Many learning management systems now offer mobile-friendly interfaces, allowing learners to interact with content anytime and anywhere. Responsive design and specialized mobile apps enhance user experiences by ensuring transitions between devices. It is essential to prioritize features that support offline access, enabling users to download materials for reference. 

****6\. Data Presenting Findings** **

Successful learning necessitates data-driven insights, making analytics and reporting tools essential in an LMS. These platforms empower teachers to monitor student advancement and pinpoint areas that need enhancement effectively. Interactive dashboards, detailed reports, and visual data representations support educators in making informed decisions. 

****7\. Adherence to Regulations** **

Ensuring the security of information is crucial in the realm of online learning systems. These platforms need to follow established security measures to protect data effectively. Look for options that provide encryption, reliable authentication procedures, and consistent security patches. Additionally, these platforms need to comply with regulations like GDPR and FERPA to guarantee that they meet the necessary data protection standards. 

****8\. Interaction****

Encouraging communication between students and teachers enriches the online learning journey. LMS platforms with communication features like discussion forums, chat functions, and video calls help foster teamwork. These features encourage students to engage and establish a sense of belonging in online learning environments. Look into learning management system choices that promote engagement-driven components. 

****9\. Cost-Efficiency****

Choosing an LMS is heavily influenced by budget factors. SaaS platforms are known for offering cost-effective options by eliminating the need for expensive hardware and minimizing maintenance fees. Consider pricing structures that match your company’s budget constraints, like subscription-based packages or pay-per-user models. Assess the cost of ownership, which includes any charges to guarantee a good return on investment. 

****10\. Support Services****

The quality of support services and available resources offered by LMS vendors influence user satisfaction levels. The platforms that provide responsive assistance, tutorials, and active user forums tend to improve the overall experience. It is recommended that you choose options that provide 24/7 customer service to resolve any problems efficiently. Having access to a knowledge base and an active user community also promotes self-assistance and collaboration among peers. 

****Conclusion****

Picking the LMS SaaS platform is vital for providing online learning opportunities that cater well to learners globally. By taking into account factors like user-friendliness, customization, scalability, and mobile support, organizations can improve educational experiences. Robust data analysis, security measures, and efficient communication tools also play a key role in successful integration. Ultimately, selecting an affordable solution with reliable assistance guarantees a smooth transition toward achieving digital education success.

10 Best LMS SaaS Platforms for Scalable Online Learning

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update…

Xerox Versalink printers are vulnerable to pass-back attacks. Rapid7 discovers LDAP & SMB flaws (CVE-2024-12510 & CVE-2024-12511). Update firmware now!

Rapid7 researchers uncovered security weaknesses in Xerox Versalink C7025 multifunction printers, specifically models running firmware version 57.69.91 and earlier. These vulnerabilities designated CVE-2024-12510 and CVE-2024-12511, expose the devices to “pass-back” attacks.

According to Rapid7’s research shared with Hackread.com, these are a type of attacks that allow a malicious actor who has compromised the printer’s administrative functions to redirect authentication requests to a system under their control. This can be achieved by altering settings related to services like Lightweight Directory Access Protocol (LDAP), Server Message Block (SMB), and File Transfer Protocol (FTP).

The LDAP vulnerability allows an attacker to modify the LDAP server’s IP address within the printer’s configuration. By then triggering an LDAP lookup, the printer unwittingly sends authentication credentials to the attacker’s rogue server. The attacker can then capture these credentials in clear text. Similarly, the SMB/FTP vulnerability allows modification of the SMB or FTP server’s IP address in the user’s address book configuration.  

The image illustrates how an attacker might manipulate the server IP address to redirect authentication attempts to a rogue server, thereby stealing the credentials. Predefined login credentials, with the username “MFPservice,” are used for authentication.

While the password itself is obscured, its presence indicates that the printer is configured to authenticate to the LDAP server, a detail central to the pass-back vulnerability where these credentials could be captured by an attacker.

Source: Rapid7

This can be exploited by triggering a scan-to-file operation, which sends authentication credentials to the attacker-controlled server. In the case of SMB, this could expose NetNTLMV2 handshakes, potentially allowing further compromise of Active Directory file servers. For FTP, credentials would be transmitted in clear text.

Successful exploitation of these vulnerabilities requires either administrative access to the printer’s settings or, in some cases, physical access to the console or remote access via the web interface if user-level remote control is enabled. 

The impact of these vulnerabilities is significant, as attackers could potentially gain access to sensitive credentials, including those for Windows Active Directory. This could enable lateral movement within a network, compromising critical servers and systems.

Rapid7 responsibly disclosed these vulnerabilities to Xerox, coordinating the disclosure timeline and working with the vendor to confirm the effectiveness of the patches. Organizations using affected Xerox Versalink printers should immediately upgrade to the latest patched firmware version.

In case immediate patching is not feasible, it is recommended to set a strong and unique password for the printer’s administrative account, avoid the use of domain administrator accounts for LDAP or scan-to-file services, and disable remote console access for unauthenticated users.

Latest News