News

How CISOs can elevate cybersecurity in boardroom discussions

How CISOs can elevate cybersecurity in boardroom discussions 2025-01-16 at 07:01 By Mirko Zorz Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies […]

React to this headline:

Loading spinner

How CISOs can elevate cybersecurity in boardroom discussions Read More »

A humble proposal: The InfoSec CIA triad should be expanded

A humble proposal: The InfoSec CIA triad should be expanded 2025-01-16 at 06:35 By Help Net Security The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents. In this article, I will analyze the CIA triad, point

React to this headline:

Loading spinner

A humble proposal: The InfoSec CIA triad should be expanded Read More »

Critical vulnerabilities remain unresolved due to prioritization gaps

Critical vulnerabilities remain unresolved due to prioritization gaps 2025-01-16 at 06:19 By Help Net Security Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing

React to this headline:

Loading spinner

Critical vulnerabilities remain unresolved due to prioritization gaps Read More »

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only

React to this headline:

Loading spinner

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

FBI removed PlugX malware from U.S. computers

FBI removed PlugX malware from U.S. computers 2025-01-15 at 14:24 By Help Net Security The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s

React to this headline:

Loading spinner

FBI removed PlugX malware from U.S. computers Read More »

Contextal Platform: Open-source threat detection and intelligence

Contextal Platform: Open-source threat detection and intelligence 2025-01-15 at 07:34 By Mirko Zorz Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally

React to this headline:

Loading spinner

Contextal Platform: Open-source threat detection and intelligence Read More »

Using cognitive diversity for stronger, smarter cyber defense

Using cognitive diversity for stronger, smarter cyber defense 2025-01-15 at 07:03 By Mirko Zorz In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents. Morris shares insights on the challenges of designing user-friendly cybersecurity tools that consider human cognitive processes. How do cognitive biases impact

React to this headline:

Loading spinner

Using cognitive diversity for stronger, smarter cyber defense Read More »

Cybersecurity is stepping into a new era of complexity

Cybersecurity is stepping into a new era of complexity 2025-01-15 at 06:01 By Help Net Security Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report. Growing complexity intensifies cyber inequity This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution

React to this headline:

Loading spinner

Cybersecurity is stepping into a new era of complexity Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) 2025-01-14 at 19:21 By Zeljka Zorz Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share

React to this headline:

Loading spinner

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) Read More »

Malicious actors’ GenAI use has yet to match the hype

Malicious actors’ GenAI use has yet to match the hype 2025-01-14 at 17:08 By Zeljka Zorz Generative AI has helped lower the barrier for entry for malicious actors and has made them more efficient, i.e., quicker at creating convincing deepfakes, mounting phishing campaigns and investment scams, the most recent report by the Cyber Threat Alliance

React to this headline:

Loading spinner

Malicious actors’ GenAI use has yet to match the hype Read More »

This is the year CISOs unlock AI’s full potential

This is the year CISOs unlock AI’s full potential 2025-01-14 at 07:31 By Help Net Security In 2025, CISOs will have powerful new capabilities as generative artificial intelligence (GenAI) continues to mature. Evolving beyond providing answers to questions, GenAI will provide proactive recommendations, take action, and communicate in a personalized manner. This transition will enable

React to this headline:

Loading spinner

This is the year CISOs unlock AI’s full potential Read More »

How AI and ML are transforming digital banking security

How AI and ML are transforming digital banking security 2025-01-14 at 07:04 By Mirko Zorz In this Help Net Security interview, Nuno Martins da Silveira Teodoro, VP of Group Cybersecurity at Solaris, discusses the latest advancements in digital banking security. He talks about how AI and ML are reshaping fraud detection, the growing trend of

React to this headline:

Loading spinner

How AI and ML are transforming digital banking security Read More »

Cybersecurity jobs available right now: January 14, 2025

Cybersecurity jobs available right now: January 14, 2025 2025-01-14 at 06:34 By Anamarija Pogorelec Application Security Engineer ENOC | UAE | On-site – View job details As an Application Security Engineer, you will establish and maintain DLP policies to prevent unauthorized access, transmission, or disclosure of sensitive data, focusing on both on-premises and cloud environments.

React to this headline:

Loading spinner

Cybersecurity jobs available right now: January 14, 2025 Read More »

What 2024 taught us about security vulnerabilties

What 2024 taught us about security vulnerabilties 2025-01-14 at 06:03 By Help Net Security From zero-day exploits to weaknesses in widely used software and hardware, the vulnerabilities uncovered last year underscore threat actors’ tactics and the critical gaps in organizational defenses. This roundup showcases the standout findings from 2024’s cybersecurity reports, highlighting critical risks and

React to this headline:

Loading spinner

What 2024 taught us about security vulnerabilties Read More »

UK domain registry Nominet breached via Ivanti zero-day

UK domain registry Nominet breached via Ivanti zero-day 2025-01-13 at 22:17 By Zeljka Zorz The number of internet-facing Ivanti Connect Secure instances vulnerable to attack via CVE-2025-0282 has fallen from 2,048 to 800 in the last four days, the Shadowserver Foundation shared today. In the meantime, UK domain registry Nominet became the first publicly known

React to this headline:

Loading spinner

UK domain registry Nominet breached via Ivanti zero-day Read More »

Attackers are encrypting AWS S3 data without using ransomware

Attackers are encrypting AWS S3 data without using ransomware 2025-01-13 at 19:03 By Zeljka Zorz A ransomware gang dubbed Codefinger is encrypting data stored in target organizations’ AWS S3 buckets with AWS’s server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. They do not exfiltrate the

React to this headline:

Loading spinner

Attackers are encrypting AWS S3 data without using ransomware Read More »

EU law enforcement training agency data breach: Data of 97,000 individuals compromised

EU law enforcement training agency data breach: Data of 97,000 individuals compromised 2025-01-13 at 16:35 By Zeljka Zorz Personal data of nearly 100,000 individuals that have participated in trainings organized by CEPOL, the European Union (EU) Agency for Law Enforcement Training, has potentially been compromised due to the cyberattack suffered by the agency in May

React to this headline:

Loading spinner

EU law enforcement training agency data breach: Data of 97,000 individuals compromised Read More »

Alleged Blender, Sinbad cryptomixer operators arrested, indicted

Alleged Blender, Sinbad cryptomixer operators arrested, indicted 2025-01-13 at 13:34 By Help Net Security Three Russian nationals have been indicted in the Northern District of Georgia for their alleged role as operators of cryptocurrency mixing (cryptomixer) services Blender.io and Sinbad.io. Roman Vitalyevich Ostapenko and Alexander Evgenievich Oleynik were arrested on Dec. 1, 2024, roughly a

React to this headline:

Loading spinner

Alleged Blender, Sinbad cryptomixer operators arrested, indicted Read More »

GitHub CISO on security strategy and collaborating with the open-source community

GitHub CISO on security strategy and collaborating with the open-source community 2025-01-13 at 07:06 By Mirko Zorz In this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and repositories, ensuring it remains a trustworthy platform for building secure software.

React to this headline:

Loading spinner

GitHub CISO on security strategy and collaborating with the open-source community Read More »

Scroll to Top