Finders Keypers: Open-source AWS KMS key usage finder 2025-03-24 at 07:32 By Mirko Zorz Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the […]
Finders Keypers: Open-source AWS KMS key usage finder Read More »
Cloud providers aren’t delivering on security promises 2025-03-24 at 07:03 By Help Net Security Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% don’t believe their cloud environment is secure, and 43% think cloud service providers
Cloud providers aren’t delivering on security promises Read More »
Week in review: Veeam Backup & Replication RCE fixed, free file converter sites deliver malware 2025-03-23 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Veeam has released fixes for a critical
53% of security teams lack continuous and up-to-date visibility 2025-03-21 at 18:03 By Help Net Security Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security. The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving
53% of security teams lack continuous and up-to-date visibility Read More »
Malicious ads target Semrush users to steal Google account credentials 2025-03-21 at 14:35 By Zeljka Zorz Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign Malwarebytes researchers have spotted a campaign consisting of a slew of malicious ads
Malicious ads target Semrush users to steal Google account credentials Read More »
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) 2025-03-21 at 13:33 By Zeljka Zorz A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has
NAKIVO Backup & Replication vulnerability exploited by attackers (CVE-2024-48248) Read More »
The hidden risk in SaaS: Why companies need a digital identity exit strategy 2025-03-21 at 08:31 By Help Net Security In the face of sudden trade restrictions, sanctions, or policy shifts, relying on SaaS providers outside your region for identity services is a gamble that companies can no longer afford to take. With trade disputes
The hidden risk in SaaS: Why companies need a digital identity exit strategy Read More »
AI will make ransomware even more dangerous 2025-03-21 at 08:07 By Help Net Security Ransomware is the top predicted threat for 2025, which is especially concerning given 38% of security professionals say ransomware will become even more dangerous when powered by AI, according to Ivanti. In comparison to the threat level, only 29% of security
AI will make ransomware even more dangerous Read More »
Scammers cash in on tax season 2025-03-21 at 07:32 By Help Net Security AI-powered phishing emails, deepfake phone calls, and fake tax prep websites are making tax scams more convincing and costly than ever, according to McAfee. Cybercriminals are pulling out all the stops to trick Americans out of their hard-earned money, and it’s working,
Scammers cash in on tax season Read More »
New infosec products of the week: March 21, 2025 2025-03-21 at 07:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks. Keysight AI Insight Brokers accelerates threat detection and response Keysight Technologies announces the expansion of its
New infosec products of the week: March 21, 2025 Read More »
Why rooting and jailbreaking make you a target 2025-03-20 at 18:31 By Help Net Security As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking mobile devices remain a powerful attack vector. Such mobile devices bypass critical security protocols, leaving organizations vulnerable to mobile malware, data breaches, and complete system compromises. Threats reported
Why rooting and jailbreaking make you a target Read More »
Cybersecurity jobs available right now in the USA: March 20, 2025 2025-03-20 at 18:00 By Anamarija Pogorelec AI Security Architect Verizon | USA | Hybrid – View job details As an AI Security Architect, you will ensure security architecture reviews are integrated into Verizon’s AI development lifecycle. This includes embedding robust security measures from design
Cybersecurity jobs available right now in the USA: March 20, 2025 Read More »
Trustwave and Devo: A Powerful Combination for Advanced Cybersecurity 2025-03-20 at 15:11 By Trustwave has created a technology partnership with Devo, a unified Security Information and Event Management (SIEM) provider, to offer a next-generation Managed Extended Detection and Response (MXDR) solution called Trustwave MXDR with Co-Managed SOC for Devo. This article is an excerpt from
Trustwave and Devo: A Powerful Combination for Advanced Cybersecurity Read More »
Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) 2025-03-20 at 14:29 By Zeljka Zorz Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the
RansomHub affiliate leverages multi-function Betruger backdoor 2025-03-20 at 12:03 By Zeljka Zorz A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The Betruger backdoor The malware can take screenshots, log keystroke, scan networks, dump credentials, upload files to a command and control
RansomHub affiliate leverages multi-function Betruger backdoor Read More »
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates 2025-03-20 at 09:32 By Help Net Security Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a
Kali Linux 2025.1a drops with theme refresh, Kali NetHunter updates Read More »
5 pitfalls that can delay cyber incident response and recovery 2025-03-20 at 08:35 By Help Net Security The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes
5 pitfalls that can delay cyber incident response and recovery Read More »
How healthcare CISOs can balance security and accessibility without compromising care 2025-03-20 at 08:35 By Mirko Zorz In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and
How healthcare CISOs can balance security and accessibility without compromising care Read More »
Chinese military-linked companies dominate US digital supply chain 2025-03-20 at 07:35 By Help Net Security Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military
Chinese military-linked companies dominate US digital supply chain Read More »
70% of leaked secrets remain active two years later 2025-03-20 at 07:01 By Help Net Security Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or
70% of leaked secrets remain active two years later Read More »