Benefits from privacy investment are greater than the cost 2025-04-04 at 08:02 By Help Net Security Cisco released its 2025 Data Privacy Benchmark Study. The report looks at global trends in data privacy and how they affect businesses. The study gathered responses from 2,600 privacy and security experts in 12 countries. It highlights the need […]
Benefits from privacy investment are greater than the cost Read More »
Inside the AI-driven threat landscape 2025-04-04 at 07:35 By Help Net Security In this Help Net Security video, Nick Barter, Chief Strategy Officer at Nothreat, discusses how AI is no longer just a tool for defenders, it’s now a powerful weapon in the hands of attackers. With the adoption of generative AI, cyber threats are
Inside the AI-driven threat landscape Read More »
New infosec products of the week: April 4, 2025 2025-04-04 at 07:28 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam. Exabeam Nova accelerates threat detection and response By correlating multiple detections within a case and using a proprietary
New infosec products of the week: April 4, 2025 Read More »
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) 2025-04-03 at 21:01 By Zeljka Zorz A suspected Chinese APT group has exploited CVE-2025-22457 – a buffer overflow bug that was previously thought not to be exploitable – to compromise appliances running Ivanti Connect Secure (ICS) 22.7R2.5 or earlier or Pulse Connect Secure 9.1x. The vulnerability
Ivanti VPN customers targeted via unrecognized RCE vulnerability (CVE-2025-22457) Read More »
Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439) 2025-04-03 at 16:15 By Zeljka Zorz CVE-2024-20439, a static credential vulnerability in the Cisco Smart Licensing Utility, is being exploited by attackers in the wild, CISA has confirmed on Monday by adding the flaw to its Known Exploited Vulnerabilities catalog. Cisco has followed up
Strengthening Healthcare Security: Navigating HIPAA’s Latest Cybersecurity Requirements 2025-04-03 at 16:02 By Don White Understand the Upcoming HIPAA Changes: Get a clear breakdown of the 2025 HIPAA Security Rule updates and what they mean for healthcare providers and business associates. Strengthen Cybersecurity Resilience: Learn how the new regulations emphasize cyber resilience, requiring proactive measures like
Strengthening Healthcare Security: Navigating HIPAA’s Latest Cybersecurity Requirements Read More »
Phishers are increasingly impersonating electronic toll collection companies 2025-04-03 at 14:31 By Zeljka Zorz Steam was the most imitated brands by phishers in the first quarter of 2025, followed by Microsoft and Facebook/Meta, Guardio researchers have revealed. “Historically, the #1 spot has been dominated by the usual suspects – big tech companies like Meta, Microsoft,
Phishers are increasingly impersonating electronic toll collection companies Read More »
Beware fake AutoCAD, SketchUp sites dropping malware 2025-04-03 at 09:47 By Help Net Security Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer legitimate software for download, Kaspersky researchers have warned. Malicious websites (Source: Kaspersky) The list of impersonated
Beware fake AutoCAD, SketchUp sites dropping malware Read More »
7 ways to get C-suite buy-in on that new cybersecurity tool 2025-04-03 at 08:34 By Help Net Security You’re in the middle of a sprint, juggling deadlines, debugging code, fine-tuning pipelines, and then it happens—you stumble across the perfect cybersecurity tool. It promises to eliminate secrets in logs, reduce risks in CI/CD pipelines, and save
7 ways to get C-suite buy-in on that new cybersecurity tool Read More »
Building a cybersecurity strategy that survives disruption 2025-04-03 at 08:14 By Mirko Zorz Cybersecurity isn’t what it used to be. Attackers are moving quicker, disruptions happen all the time, and many security plans built for more predictable times just can’t keep up. With everything from ransomware to geopolitical threats to cloud slip-ups hitting companies, there’s
Building a cybersecurity strategy that survives disruption Read More »
Cybercriminals exfiltrate data in just three days 2025-04-03 at 08:14 By Industry News In 56% of Sophos managed detection and response (MDR) and incident response (IR) cases, attackers gained initial access to networks by exploiting external remote services, including edge devices such as firewalls and VPNs, and by leveraging valid accounts. Compromised credentials remain the
Cybercriminals exfiltrate data in just three days Read More »
Open-source malware doubles, data exfiltration attacks dominate 2025-04-03 at 07:02 By Help Net Security There’s been a notable shift in the types of threats targeting software developers, with a total of 17,954 open source malware packages identified in Q1 2025, according to Sonatype. Quarterly breakdown (Source: Sonatype) The Q1 figure represents a significant decrease from
Open-source malware doubles, data exfiltration attacks dominate Read More »
Review: Zero to Engineer 2025-04-03 at 06:37 By Mirko Zorz Zero to Engineer is a practical guide for anyone looking to launch a career in information technology without a traditional college degree. The book draws from the author’s unlikely journey – from being expelled from high school to earning six figures in the tech industry.
Review: Zero to Engineer Read More »
Trustwave Named a Top Player in Radicati’s Secure Email Market Quadrant 2025 Report 2025-04-02 at 16:11 By Trustwave MailMarshal fortified its position as a leading secure email gateway by being named a Top Player in Radicati’s Secure Email Market Quadrant 2025 report. This article is an excerpt from Trustwave Blog View Original Source
Trustwave Named a Top Player in Radicati’s Secure Email Market Quadrant 2025 Report Read More »
How to map and manage your cyber attack surface with EASM 2025-04-02 at 16:10 By Help Net Security In today’s digital landscape, understanding your organization’s attack surface is crucial for maintaining robust cybersecurity. To effectively manage and mitigate the cyber-risks hiding in modern attack surfaces, it’s important to adopt an attacker-centric approach. In this article,
How to map and manage your cyber attack surface with EASM Read More »
Google is making sending end-to-end encrypted emails easy 2025-04-02 at 15:03 By Zeljka Zorz Sending end-to-end encrypted (E2EE) emails from Gmail enterprise accounts is about to become much easier than it is now, Google has announced on Tuesday. The company will first make available this simplified capability to users who want to send E2EE emails
Google is making sending end-to-end encrypted emails easy Read More »
North Korean IT workers set their sights on European organizations 2025-04-02 at 13:05 By Zeljka Zorz North Korean IT workers are expanding their efforts beyond the US, and are seeking to fraudulently gain employment with organizations around the world, but most especially in Europe. According to Google’s threat researchers, they are also increasingly attempting to
North Korean IT workers set their sights on European organizations Read More »
Balancing data protection and clinical usability in healthcare 2025-04-02 at 08:01 By Mirko Zorz In this Help Net Security interview, Aaron Weismann, CISO at Main Line Health, discusses the growing ransomware threat in healthcare and why the sector remains a prime target. He explains the difficulties of protecting patient information, securing legacy systems, and maintaining
Balancing data protection and clinical usability in healthcare Read More »
BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework 2025-04-02 at 07:35 By Mirko Zorz BlueToolkit is an open-source tool that helps find security flaws in Bluetooth Classic devices. It runs known and custom exploits to test if a device is vulnerable. Right now, it includes 43 different exploits. Some are public, and others were made specifically
BlueToolkit: Open-source Bluetooth Classic vulnerability testing framework Read More »
Only 1% of malicious emails that reach inboxes deliver malware 2025-04-02 at 07:04 By Help Net Security 99% of email threats reaching corporate user inboxes in 2024 were response-based social engineering attacks or contained phishing links, according to Fortra. Only 1% of malicious emails that reached user inboxes delivered malware. This shows that while common
Only 1% of malicious emails that reach inboxes deliver malware Read More »