Hot stuff

AI-driven insights transform security preparedness and recovery

Artificial Intelligence, cybersecurity, Digitate, Don't miss, Features, framework, Hot stuff, News, opinion, strategy /

AI-driven insights transform security preparedness and recovery 2025-01-20 at 07:04 By Mirko Zorz In this Help Net Security interview, Arunava Bag, CTO at Digitate, discusses how organizations can recover digital operations after an incident, prioritize cybersecurity strategies, and secure digital operations with effective frameworks. What measures should organizations take to recover digital operations after an […]

React to this headline:

Loading spinner

AI-driven insights transform security preparedness and recovery Read More »

NDR’s role in a modern cybersecurity stack

cyberattacks, cybersecurity, Don't miss, Hot stuff, Netscout, network, Video /

NDR’s role in a modern cybersecurity stack 2025-01-20 at 06:33 By Help Net Security Attacks happen frequently on the security stack or within an enterprise. Often, they’re carried out by some unknown entity on the other side of the globe. You don’t know who you’re dealing with. You don’t know who they are. In this

React to this headline:

Loading spinner

NDR’s role in a modern cybersecurity stack Read More »

Balancing usability and security in the fight against identity-based attacks

Artificial Intelligence, attacks, credentials, cybersecurity, Don't miss, Features, Hot stuff, human error, identity, News, opinion, Push Security /

Balancing usability and security in the fight against identity-based attacks 2025-01-17 at 08:04 By Mirko Zorz In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to

React to this headline:

Loading spinner

Balancing usability and security in the fight against identity-based attacks Read More »

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Don't miss, enterprise, Horizon3.ai, Hot stuff, News, remote access, SimpleHelp, SMBs, software, tech support, vulnerability /

Critical SimpleHelp vulnerabilities fixed, update your server instances! 2025-01-16 at 17:04 By Zeljka Zorz If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host. About

React to this headline:

Loading spinner

Critical SimpleHelp vulnerabilities fixed, update your server instances! Read More »

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?

CloudSEK, cybercriminals, Data leak, Don't miss, enterprise, firewall, Fortinet, Germany, healthcare, Hot stuff, News, USA /

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? 2025-01-16 at 13:03 By Zeljka Zorz A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been leaked on Monday and publicized on an underground forum by the threat actor

React to this headline:

Loading spinner

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? Read More »

How CISOs can elevate cybersecurity in boardroom discussions

boardroom, CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, investment, News, opinion, strategy, Team8, tips /

How CISOs can elevate cybersecurity in boardroom discussions 2025-01-16 at 07:01 By Mirko Zorz Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies

React to this headline:

Loading spinner

How CISOs can elevate cybersecurity in boardroom discussions Read More »

A humble proposal: The InfoSec CIA triad should be expanded

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Foresight Cyber, framework, Government, Hot stuff, News, opinion, standards /

A humble proposal: The InfoSec CIA triad should be expanded 2025-01-16 at 06:35 By Help Net Security The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents. In this article, I will analyze the CIA triad, point

React to this headline:

Loading spinner

A humble proposal: The InfoSec CIA triad should be expanded Read More »

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Debian, Don't miss, Hot stuff, Linux, News, Ubuntu, vulnerability /

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only

React to this headline:

Loading spinner

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

FBI removed PlugX malware from U.S. computers

FBI, Hot stuff, Malware, News, Sekoia.io, US DoJ, USA /

FBI removed PlugX malware from U.S. computers 2025-01-15 at 14:24 By Help Net Security The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s

React to this headline:

Loading spinner

FBI removed PlugX malware from U.S. computers Read More »

Contextal Platform: Open-source threat detection and intelligence

Don't miss, GitHub, Hot stuff, News, open source, software /

Contextal Platform: Open-source threat detection and intelligence 2025-01-15 at 07:34 By Mirko Zorz Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally

React to this headline:

Loading spinner

Contextal Platform: Open-source threat detection and intelligence Read More »

Using cognitive diversity for stronger, smarter cyber defense

attacks, Corpora.ai, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, resilience, training /

Using cognitive diversity for stronger, smarter cyber defense 2025-01-15 at 07:03 By Mirko Zorz In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents. Morris shares insights on the challenges of designing user-friendly cybersecurity tools that consider human cognitive processes. How do cognitive biases impact

React to this headline:

Loading spinner

Using cognitive diversity for stronger, smarter cyber defense Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

0-day, Arctic Wolf Networks, Don't miss, enterprise, firewall, Fortinet, Hot stuff, News /

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) 2025-01-14 at 19:21 By Zeljka Zorz Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share

React to this headline:

Loading spinner

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) Read More »

Malicious actors’ GenAI use has yet to match the hype

Artificial Intelligence, bot, Cyber Threat Alliance, deepfakes, disinformation, Don't miss, Hot stuff, News, phishing, report, scams, social engineering, threat response, tips /

Malicious actors’ GenAI use has yet to match the hype 2025-01-14 at 17:08 By Zeljka Zorz Generative AI has helped lower the barrier for entry for malicious actors and has made them more efficient, i.e., quicker at creating convincing deepfakes, mounting phishing campaigns and investment scams, the most recent report by the Cyber Threat Alliance

React to this headline:

Loading spinner

Malicious actors’ GenAI use has yet to match the hype Read More »

This is the year CISOs unlock AI’s full potential

Artificial Intelligence, Balbix, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion /

This is the year CISOs unlock AI’s full potential 2025-01-14 at 07:31 By Help Net Security In 2025, CISOs will have powerful new capabilities as generative artificial intelligence (GenAI) continues to mature. Evolving beyond providing answers to questions, GenAI will provide proactive recommendations, take action, and communicate in a personalized manner. This transition will enable

React to this headline:

Loading spinner

This is the year CISOs unlock AI’s full potential Read More »

How AI and ML are transforming digital banking security

Artificial Intelligence, authentication, cybersecurity, Don't miss, Features, financial industry, Hot stuff, machine learning, News, opinion, passwordless, Solaris, strategy /

How AI and ML are transforming digital banking security 2025-01-14 at 07:04 By Mirko Zorz In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security. He talks about how AI and ML are reshaping fraud detection, the growing trend of

React to this headline:

Loading spinner

How AI and ML are transforming digital banking security Read More »

UK domain registry Nominet breached via Ivanti zero-day

0-day, CISA, Don't miss, Hot stuff, Ivanti, Mandiant, News, Nominet, Shadowserver, WatchTowr /

UK domain registry Nominet breached via Ivanti zero-day 2025-01-13 at 22:17 By Zeljka Zorz The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the first publicly known

React to this headline:

Loading spinner

UK domain registry Nominet breached via Ivanti zero-day Read More »

Attackers are encrypting AWS S3 data without using ransomware

AWS, cloud storage, Don't miss, enterprise, extortion, Halcyon, Hot stuff, News, Ransomware /

Attackers are encrypting AWS S3 data without using ransomware 2025-01-13 at 19:03 By Zeljka Zorz A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the

React to this headline:

Loading spinner

Attackers are encrypting AWS S3 data without using ransomware Read More »

EU law enforcement training agency data breach: Data of 97,000 individuals compromised

data breach, Don't miss, EU, EU CEPOL, Hot stuff, law enforcement, News /

EU law enforcement training agency data breach: Data of 97,000 individuals compromised 2025-01-13 at 16:35 By Zeljka Zorz Personal data of nearly 100,000 individuals that have participated in trainings organized by CEPOL, the European Union (EU) Agency for Law Enforcement Training, has potentially been compromised due to the cyberattack suffered by the agency in May

React to this headline:

Loading spinner

EU law enforcement training agency data breach: Data of 97,000 individuals compromised Read More »

Scroll to Top