Unlock Critical Healthcare Cyber Insights — Pre-Register Now! 2025-03-19 at 22:22 By Trustwave is set to unveil the 2025 Trustwave Risk Radar Report: Healthcare Sector – A New Era of Cybersecurity Challenges. The report will be issued on March 26, but if you pre-register today you will be among the first to receive this comprehensive research and […]
Unlock Critical Healthcare Cyber Insights — Pre-Register Now! Read More »
Most organizations change policies to reduce CISO liability risk 2025-03-19 at 18:15 By Help Net Security 93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board
Most organizations change policies to reduce CISO liability risk Read More »
Report: The State of Secrets Sprawl 2025 2025-03-19 at 16:31 By Help Net Security GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic secrets,
Report: The State of Secrets Sprawl 2025 Read More »
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) 2025-03-19 at 16:00 By Zeljka Zorz State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) Read More »
Moving beyond checkbox security for true resilience 2025-03-19 at 08:13 By Mirko Zorz In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize spending based on threat-informed assessments, and address overlooked vulnerabilities like shadow IT and software supply chain risks.
Moving beyond checkbox security for true resilience Read More »
Dependency-Check: Open-source Software Composition Analysis (SCA) tool 2025-03-19 at 07:47 By Help Net Security Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links to
Dependency-Check: Open-source Software Composition Analysis (SCA) tool Read More »
Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK 2025-03-19 at 07:16 By Help Net Security Advanced Data Protection (ADP) secures iCloud data with end-to-end encryption. This ensures that no one, not even Apple, can access the encrypted data, which remains secure even in the event of a cloud breach. As
Protecting your iCloud data after Apple’s Advanced Data Protection removal in the UK Read More »
The rise of DAST 2.0 in 2025 2025-03-18 at 18:02 By Help Net Security Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to analyze source code early in the software delivery lifecycle, SAST solutions offered a more proactive
The rise of DAST 2.0 in 2025 Read More »
How AI and automation are reshaping security leadership 2025-03-18 at 16:02 By Help Net Security The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, the promise of security automation is coming to fruition. In theory and practice, security
How AI and automation are reshaping security leadership Read More »
Stealthy StilachiRAT steals data, may enable lateral movement 2025-03-18 at 15:48 By Zeljka Zorz While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned on
Stealthy StilachiRAT steals data, may enable lateral movement Read More »
FBI: Free file converter sites and tools deliver malware 2025-03-18 at 13:35 By Zeljka Zorz Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month. “To conduct this scheme, cyber criminals across the globe are using any type
FBI: Free file converter sites and tools deliver malware Read More »
How financial institutions can minimize their attack surface 2025-03-18 at 08:01 By Mirko Zorz In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on balancing compliance with agility, lessons from regulatory audits, and Discover’s approach to risk management and workforce development.
How financial institutions can minimize their attack surface Read More »
Hackers target AI and crypto as software supply chain risks grow 2025-03-18 at 07:47 By Help Net Security The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According
Hackers target AI and crypto as software supply chain risks grow Read More »
Cybersecurity jobs available right now: March 18, 2025 2025-03-18 at 07:02 By Anamarija Pogorelec Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into the
Cybersecurity jobs available right now: March 18, 2025 Read More »
How to encrypt and secure sensitive files on macOS 2025-03-17 at 18:14 By Anamarija Pogorelec Encrypting files keeps sensitive data like personal details, finances, and passwords safe from attackers by making them unreadable to unauthorized users. Encryption also safeguards data in case of device loss or theft, preventing malicious actors from accessing or misusing the
How to encrypt and secure sensitive files on macOS Read More »
GitHub project maintainers targeted with fake security alert 2025-03-17 at 12:52 By Zeljka Zorz A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken to
GitHub project maintainers targeted with fake security alert Read More »
Review: Cybersecurity Tabletop Exercises 2025-03-17 at 07:31 By Mirko Zorz Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including phishing campaigns, ransomware attacks, and
Review: Cybersecurity Tabletop Exercises Read More »
IntelMQ: Open-source tool for collecting and processing security feeds 2025-03-17 at 07:02 By Mirko Zorz IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol. “Originally designed for CSIRTs and later adopted by SOCs,
IntelMQ: Open-source tool for collecting and processing security feeds Read More »
Week in review: NIST selects HQC for post-quantum encryption, 10 classic cybersecurity books 2025-03-16 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can
Quantifying cyber risk strategies to resonate with CFOs and boards 2025-03-14 at 17:02 By Mirko Zorz In this Help Net Security interview, Mir Kashifuddin, Data Risk & Privacy Leader at PwC, discusses how CISOs can translate cyber risk into business value and secure a more strategic role within their organizations. He explains that aligning cybersecurity
Quantifying cyber risk strategies to resonate with CFOs and boards Read More »