Building a reasonable cyber defense program 2025-04-01 at 16:04 By Help Net Security If you do business in the United States, especially across state lines, you probably know how difficult it is to comply with U.S. state data privacy laws. The federal government and many U.S. state governments require you to implement “reasonable” cybersecurity controls […]
React to this headline:
Building a reasonable cyber defense program Read More »
Attackers are probing Palo Alto Networks GlobalProtect portals 2025-04-01 at 14:21 By Zeljka Zorz Cybersecurity company GreyNoise is warning about a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals in the last 30 days, and has urged organizations with exposed systems to secure them and look for signs of compromise. “The
React to this headline:
Attackers are probing Palo Alto Networks GlobalProtect portals Read More »
Why global tensions are a cybersecurity problem for every business 2025-04-01 at 09:03 By Mirko Zorz With global tensions climbing, cyber attacks linked to nation-states and their allies are becoming more common, sophisticated, and destructive. For organizations, cybersecurity can’t be treated as separate from world events anymore, they’re closely connected. Conflict between countries is spilling
React to this headline:
Why global tensions are a cybersecurity problem for every business Read More »
How to build an effective cybersecurity simulation 2025-04-01 at 08:32 By Help Net Security Most people groan at the prospect of security training. It’s typically delivered through dull online videos or uninspiring exercises that fail to capture real-world urgency. To make a real difference in cyber crisis readiness, personnel need the opportunity to test their
React to this headline:
How to build an effective cybersecurity simulation Read More »
Generative AI Is reshaping financial fraud. Can security keep up? 2025-04-01 at 07:35 By Mirko Zorz In this Help Net Security interview, Yinglian Xie, CEO at DataVisor, explains how evolving fraud tactics require adaptive, AI-driven prevention strategies. With fraudsters using generative AI to launch sophisticated attacks, financial institutions must adopt adaptive AI solutions to stay
React to this headline:
Generative AI Is reshaping financial fraud. Can security keep up? Read More »
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices 2025-03-31 at 16:12 By Zeljka Zorz CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the
React to this headline:
CISA reveals new malware variant used on compromised Ivanti Connect Secure devices Read More »
Windows 11 quick machine recovery: Restoring devices with boot issues 2025-03-31 at 12:46 By Zeljka Zorz Microsoft has rolled out quick machine recovery, a new Windows feature aimed at preventing prolonged widespread outages like the one caused by a faulty CrowdStrike update in July 2024. The goal of the feature is to allow IT administrators
React to this headline:
Windows 11 quick machine recovery: Restoring devices with boot issues Read More »
Two things you need in place to successfully adopt AI 2025-03-31 at 08:32 By Help Net Security Organizations should not shy away from taking advantage of AI tools, but they need to find the right balance between maximizing efficiency and mitigating organizational risk. They need to put in place: 1. A seamless AI security policy
React to this headline:
Two things you need in place to successfully adopt AI Read More »
Exegol: Open-source hacking environment 2025-03-31 at 08:02 By Mirko Zorz Exegol is a community-driven hacking environment, which helps users deploy hacking setups quickly and securely. It’s made for penetration testers, CTF players, bug bounty hunters, researchers, defenders, and both new and experienced users. Exegol offers clean, secure environments. Each project can have its own Docker
React to this headline:
Exegol: Open-source hacking environment Read More »
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) 2025-03-28 at 12:57 By Zeljka Zorz Google’s fixing of CVE-2025-2783, a Chrome zero-day vulnerability exploited by state-sponsored attackers, has spurred Firefox developers to check whether the browser might have a similar flaw – and they found it. There’s currently no indication that the Firefox bug (CVE-2025-2857)
React to this headline:
Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857) Read More »
Android financial threats: What businesses need to know to protect themselves and their customers 2025-03-28 at 08:30 By Help Net Security The rise of mobile banking has changed how businesses and customers interact. It brought about increased convenience and efficiency, but has also opened new doors for cybercriminals, particularly on the Android platform, which dominates
React to this headline:
A closer look at The Ultimate Cybersecurity Careers Guide 2025-03-27 at 16:48 By Mirko Zorz In this Help Net Security interview, Kim Crawley, cybersecurity expert and Professor at the Open Institute of Technology, discusses her latest book, The Ultimate Cybersecurity Careers Guide. She shares insights on how aspiring professionals can break into the field and
React to this headline:
A closer look at The Ultimate Cybersecurity Careers Guide Read More »
UK NCSC offers security guidance for domain and DNS registrars 2025-03-27 at 16:48 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. “DNS registrars have an important role to help counter domain abuses throughout their lifecycle,” the NCSC says.
React to this headline:
UK NCSC offers security guidance for domain and DNS registrars Read More »
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) 2025-03-27 at 13:14 By Zeljka Zorz CrushFTP has fixed a critical vulnerability (CVE-2025-2825) in its enterprise file transfer solution that could be exploited by remote, unauthenticated attackers to access vulnerable internet-facing servers (and likely the data stored on them). Attackers, especially ransomware gangs, have a penchant for leveraging 0-day
React to this headline:
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) Read More »
The hidden costs of security tool bloat and how to fix it 2025-03-27 at 08:07 By Mirko Zorz In this Help Net Security interview, Shane Buckley, President and CEO at Gigamon, discusses why combating tool bloat is a top priority for CISOs as they face tighter budgets and expanding security stacks. Buckley shares insights on
React to this headline:
The hidden costs of security tool bloat and how to fix it Read More »
Cyber insurance isn’t always what it seems 2025-03-27 at 07:39 By Mirko Zorz Many companies think cyber insurance will protect them from financial losses after an attack. But many policies have gaps. Some claims get denied. Others cover less than expected. CISOs must understand the risks before an attack happens. Misconceptions about cyber insurance Myth:
React to this headline:
Cyber insurance isn’t always what it seems Read More »
If you think you’re immune to phishing attempts, you’re wrong! 2025-03-26 at 16:17 By Zeljka Zorz Security consultant Troy Hunt, the creator of the Have I Been Pwned (HIBP) service, has revealed that he got tricked by a clever phishing email, and that the attacker gained access to his Mailchimp account and stole a list
React to this headline:
If you think you’re immune to phishing attempts, you’re wrong! Read More »
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) 2025-03-26 at 13:08 By Zeljka Zorz Google is in the process of rolling out Chrome v134.0.6998.178 to Windows users to fix CVE-2025-2783, a zero-day vulnerability that allowed attackers to to bypass Chrome sandbox protections. The vulnerability was flagged by Kaspersky researchers, who discovered it being exploited by
React to this headline:
Google fixes exploited Chrome sandbox bypass zero-day (CVE-2025-2783) Read More »
A CISO’s guide to securing AI models 2025-03-26 at 08:05 By Help Net Security In AI applications, machine learning (ML) models are the core decision-making engines that drive predictions, recommendations, and autonomous actions. Unlike traditional IT applications, which rely on predefined rules and static algorithms, ML models are dynamic—they develop their own internal patterns and
React to this headline:
A CISO’s guide to securing AI models Read More »
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover 2025-03-25 at 18:54 By Zeljka Zorz Wiz researchers have unearthed several critical vulnerabilities affecting Ingress NGINX Controller for Kubernetes (ingress-nginx) that may allow attackers to take over Kubernetes clusters. “Based on our analysis, about 43% of cloud environments are vulnerable to these vulnerabilities, with our research uncovering
React to this headline:
Ingress-nginx vulnerabilities can lead to Kubernetes cluster takeover Read More »