Don’t miss

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

Cryptocurrency, Don't miss, extortion, finance, fraud, Hot stuff, News, USA, vulnerability /

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities 2025-02-04 at 12:16 By Help Net Security A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court […]

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities Read More »

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR

Don't miss, News, Stellar Cyber, Whitepapers and webinars /

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR 2025-02-04 at 10:45 By Help Net Security Join cybersecurity expert Jonathan Mayled from 5-hour Energy as he uncovers the limitations of log-based SIEMs and the transformative role of AI-driven Network Detection and Response (NDR). Logs alone can’t deliver the visibility and context required to secure modern,

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR Read More »

Aim for crypto-agility, prepare for the long haul

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Fortanix, Hot stuff, News, opinion, quantum computing, standards /

Aim for crypto-agility, prepare for the long haul 2025-02-04 at 07:33 By Help Net Security While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning,

Aim for crypto-agility, prepare for the long haul Read More »

What you can do to prevent workforce fraud

authentication, cybersecurity, Don't miss, Features, fraud, Government, Hot stuff, identity verification, News, Nisos, opinion, professional, remote working, threats /

What you can do to prevent workforce fraud 2025-02-04 at 07:19 By Mirko Zorz In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses face

What you can do to prevent workforce fraud Read More »

DeepSeek’s popularity exploited to push malicious packages via PyPI

data theft, DeepSeek, Don't miss, Hot stuff, Malware, News, Positive Technologies, PyPI, Python /

DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started

DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »

The hidden dangers of a toxic cybersecurity workplace

burnout, collaboration, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, professional, SANS /

The hidden dangers of a toxic cybersecurity workplace 2025-02-03 at 07:35 By Mirko Zorz In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear

The hidden dangers of a toxic cybersecurity workplace Read More »

BadDNS: Open-source tool checks for subdomain takeovers

Don't miss, GitHub, News, open source, penetration testing, scanning, software /

BadDNS: Open-source tool checks for subdomain takeovers 2025-02-03 at 07:03 By Mirko Zorz BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and

BadDNS: Open-source tool checks for subdomain takeovers Read More »

How to use iCloud Private Relay for enhanced privacy

apple, cybersecurity, Don't miss, how-to, News, Privacy, Safari /

How to use iCloud Private Relay for enhanced privacy 2025-02-03 at 06:04 By Help Net Security iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that

How to use iCloud Private Relay for enhanced privacy Read More »

Patient monitors with backdoor are sending info to China, CISA warns

backdoor, CISA, Don't miss, healthcare, Hot stuff, medical data, medical devices, News, Privacy, vulnerability /

Patient monitors with backdoor are sending info to China, CISA warns 2025-01-31 at 14:03 By Zeljka Zorz Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download

Patient monitors with backdoor are sending info to China, CISA warns Read More »

Deploying AI at the edge: The security trade-offs and how to manage them

Artificial Intelligence, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, Latent AI, network, News, opinion /

Deploying AI at the edge: The security trade-offs and how to manage them 2025-01-31 at 07:34 By Mirko Zorz Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer

Deploying AI at the edge: The security trade-offs and how to manage them Read More »

Cybercrime forums Cracked and Nulled seized, operators arrested

arrest, cybercrime, Don't miss, Europe, Germany, Hot stuff, law enforcement, News /

Cybercrime forums Cracked and Nulled seized, operators arrested 2025-01-30 at 18:50 By Zeljka Zorz Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites “nulled.to”

Cybercrime forums Cracked and Nulled seized, operators arrested Read More »

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Arctic Wolf Networks, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, remote management, SimpleHelp /

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Chrome, computer forensics, DNS, Don't miss, GitHub, News, open source, software /

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

How to use Hide My Email to protect your inbox from spam

apple, Don't miss, email security, how-to, News, Privacy /

How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email

How to use Hide My Email to protect your inbox from spam Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

DeepSeek’s popularity exploited by malware peddlers, scammers

Artificial Intelligence, China, consumer, data security, DeepSeek, Don't miss, enterprise, Hot stuff, KELA, LLMs, Malware, News, Privacy, threat /

DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they

DeepSeek’s popularity exploited by malware peddlers, scammers Read More »

How Lazarus Group built a cyber espionage empire

cyber attribution, cybersecurity, Don't miss, News, North Korea, report, SecurityScorecard, supply chain compromise /

How Lazarus Group built a cyber espionage empire 2025-01-29 at 11:04 By Help Net Security Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis,

How Lazarus Group built a cyber espionage empire Read More »

Preparing financial institutions for the next generation of cyber threats

cybersecurity, Data Protection, Don't miss, Features, financial industry, fraud, Hot stuff, News, opinion, regulation, threats, Visa /

Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial

Preparing financial institutions for the next generation of cyber threats Read More »

SEC and FCA fines: Issues jump

communication, Compliance, cybersecurity, Don't miss, financial industry, Hot stuff, MirrorWeb, Video /

SEC and FCA fines: Issues jump 2025-01-29 at 06:33 By Help Net Security The financial sector faces communication compliance challenges as organizations struggle to maintain oversight across communication channels. Adding to the complexity is the unexpected rise of unconventional platforms, such as Snapchat, used for business operations. In this Help Net Security video, David Clee,

SEC and FCA fines: Issues jump Read More »

Scroll to Top