News

Will the UK’s Ransomware Proposal Work? Trustwave Weighs in on the Potential Impact

data breach, Government, News, Perspectives /

Will the UK’s Ransomware Proposal Work? Trustwave Weighs in on the Potential Impact 2025-02-06 at 22:03 By The recent UK Home Office proposal designed to hinder and disrupt ransomware operations through several proposed measures, including a targeted ban on ransomware payments, has again brought this question into the public square. The question of whether to pay a […]

Will the UK’s Ransomware Proposal Work? Trustwave Weighs in on the Potential Impact Read More »

Ransomware payments plummet as more victims refuse to pay

Chainalysis, Cisco, Don't miss, extortion, Hot stuff, News, Ransomware, Rapid7, trends /

Ransomware payments plummet as more victims refuse to pay 2025-02-06 at 15:49 By Zeljka Zorz Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. The total volume of ransom payments decreased year-over-year by approximately 35%, the blockchain

Ransomware payments plummet as more victims refuse to pay Read More »

Suspected NATO, UN, US Army hacker arrested in Spain

arrest, Europe, hacker, Hot stuff, NATO, News, United Nations /

Suspected NATO, UN, US Army hacker arrested in Spain 2025-02-06 at 13:26 By Zeljka Zorz The Spanish National Police has arrested a hacker suspected of having breached national and international agencies (including the United Nation’s International Civil Aviation Organization and NATO), Spanish universities and companies, and released stolen data on the dark web. The attacks

Suspected NATO, UN, US Army hacker arrested in Spain Read More »

The overlooked risks of poor data hygiene in AI-driven organizations

access control, Artificial Intelligence, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, Pangea, strategy /

The overlooked risks of poor data hygiene in AI-driven organizations 2025-02-06 at 07:03 By Mirko Zorz In this Help Net Security interview, Oliver Friedrichs, CEO at Pangea, discusses why strong data hygiene is more important than ever as companies integrate AI into their operations. With AI-driven applications handling sensitive enterprise data, poor access controls and

The overlooked risks of poor data hygiene in AI-driven organizations Read More »

Enterprises invest heavily in AI-powered solutions

Arkose Labs, Artificial Intelligence, cybersecurity, News, report, survey /

Enterprises invest heavily in AI-powered solutions 2025-02-06 at 06:38 By Help Net Security AI is driving significant changes in attack sources, with 88% of enterprises observing an increase in AI-powered bot attacks in the last two years, according to Arkose Labs. 53% said they have lost between $10 million to over $500 million during the

Enterprises invest heavily in AI-powered solutions Read More »

How to customize Safari for private browsing on iOS

apple, cybersecurity, Don't miss, how-to, News, Privacy, private browsing, Safari /

How to customize Safari for private browsing on iOS 2025-02-06 at 06:04 By Help Net Security Apple’s Safari browser includes several features aimed at enhancing privacy while browsing the web. Two of the most notable privacy features are Intelligent Tracking Prevention (ITP) and Private Browsing mode. Intelligent Tracking Prevention (ITP) Intelligent Tracking Prevention (ITP) is

How to customize Safari for private browsing on iOS Read More »

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968)

0-day, cybercriminals, data theft, distribution sector, Don't miss, exploit, Hot stuff, Intezer, manufacturing sector, News, Solis Security, SQL injection, web shell /

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) 2025-02-05 at 18:49 By Zeljka Zorz XE Group, a cybercriminal outfit that has been active for over a decade, has been quietly exploiting zero-day vulnerabilities (CVE-2025-25181, CVE-2024-57968) in VeraCore software, a popular solution for warehouse management and order fulfillment. According to Intezer and Solis Security

Cybercrime gang exploited VeraCore zero-day vulnerabilities for years (CVE-2025-25181, CVE-2024-57968) Read More »

Swap EOL Zyxel routers, upgrade Netgear ones!

access point, Don't miss, Hot stuff, Netgear, News, router, security update, VulnCheck, vulnerability, Zyxel /

Swap EOL Zyxel routers, upgrade Netgear ones! 2025-02-05 at 16:18 By Zeljka Zorz There will be no patches for EOL Zyxel routers under attack via CVE-2024-40891, the company has confirmed. Meanwhile, Netgear has issued patches for critical flaws affecting its routers and wireless access points. Zyxel vulnerability: Exploited, no patches CVE-2024-40891, a command injection vulnerability

Swap EOL Zyxel routers, upgrade Netgear ones! Read More »

Crypto-stealing iOS, Android malware found on App Store, Google Play

Android, App store, Cryptocurrency, Don't miss, ESET, Google Play, Hot stuff, iOS, Kaspersky, Malware, News /

Crypto-stealing iOS, Android malware found on App Store, Google Play 2025-02-05 at 13:25 By Zeljka Zorz A number of iOS and Android apps on Apple’s and Google’s official app stores contain a software development kit (SDK) that allows them to exfiltrate cryptowallets’ seed recovery phrases, Kaspersky researchers have found. “The infected apps in Google Play

Crypto-stealing iOS, Android malware found on App Store, Google Play Read More »

OpenNHP: Cryptography-driven zero trust protocol

Don't miss, Encryption, GitHub, News, open source, software, zero trust /

OpenNHP: Cryptography-driven zero trust protocol 2025-02-05 at 07:01 By Mirko Zorz OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers the following benefits: Reduces attack surface by hiding infrastructure Prevents unauthorized network reconnaissance Mitigates vulnerability exploitation Stops phishing via encrypted DNS Protects

OpenNHP: Cryptography-driven zero trust protocol Read More »

More destructive cyberattacks target financial institutions

0-day, Contrast Security, cybercrime, cybersecurity, financial industry, News, report, survey /

More destructive cyberattacks target financial institutions 2025-02-05 at 06:06 By Help Net Security Financial institutions will continue to be the ultimate targets for criminals and threat actors, as a successful attack offers a significant payoff, according to Contrast Security. Contrast Security has surveyed 35 of the world’s leading financial institutions to better understand their cyber

More destructive cyberattacks target financial institutions Read More »

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)

0-day, Don't miss, Hot stuff, News, security controls, spear-phishing, Trend Micro, Ukraine, vulnerability, Windows /

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) 2025-02-04 at 15:08 By Zeljka Zorz CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver malware to Ukrainian entities, Trend Micro researchers have revealed. The 7-Zip vulnerability (CVE-2025-0411) Mark-of-the-Web (MotW) is a

Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) Read More »

Casio UK site compromised, equipped with web skimmer

data theft, Don't miss, Hot stuff, Jscrambler, magento, News, web hacks /

Casio UK site compromised, equipped with web skimmer 2025-02-04 at 13:20 By Zeljka Zorz Japanese electronics maker Casio has had its UK website injected with a web skimmer that collected buyers’ personal and payment card information, Jscrambler has discovered. The company says that the same skimmer has been added to at least seventeen (and possibly

Casio UK site compromised, equipped with web skimmer Read More »

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities

Cryptocurrency, Don't miss, extortion, finance, fraud, Hot stuff, News, USA, vulnerability /

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities 2025-02-04 at 12:16 By Help Net Security A Canadian man has been indicted in federal court in New York for exploiting vulnerabilities in two decentralized finance (DeFi) protocols to fraudulently obtain about $65 million from the protocols’ investors. The fraudulent scheme According to court

Man charged with stealing $65 million by exploting DeFI protocols vulnerabilities Read More »

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR

Don't miss, News, Stellar Cyber, Whitepapers and webinars /

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR 2025-02-04 at 10:45 By Help Net Security Join cybersecurity expert Jonathan Mayled from 5-hour Energy as he uncovers the limitations of log-based SIEMs and the transformative role of AI-driven Network Detection and Response (NDR). Logs alone can’t deliver the visibility and context required to secure modern,

Why logs aren’t enough: Enhancing SIEM with AI-driven NDR Read More »

Aim for crypto-agility, prepare for the long haul

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Fortanix, Hot stuff, News, opinion, quantum computing, standards /

Aim for crypto-agility, prepare for the long haul 2025-02-04 at 07:33 By Help Net Security While organizations have long experimented with various facets of digital transformation, the journey toward crypto-agility is one of the most significant technological transitions of our time. Success in the emerging quantum era will require technical expertise, strategic foresight, careful planning,

Aim for crypto-agility, prepare for the long haul Read More »

What you can do to prevent workforce fraud

authentication, cybersecurity, Don't miss, Features, fraud, Government, Hot stuff, identity verification, News, Nisos, opinion, professional, remote working, threats /

What you can do to prevent workforce fraud 2025-02-04 at 07:19 By Mirko Zorz In this Help Net Security interview, Benjamin Racenberg, Senior Intelligence Services Manager at Nisos, discusses the threat of workforce fraud, particularly DPRK-affiliated IT workers infiltrating remote roles. With HR teams and recruiters often unprepared to detect these sophisticated schemes, businesses face

What you can do to prevent workforce fraud Read More »

8 steps to secure GenAI integration in financial services

cybersecurity, FS-ISAC, generative AI, News, Privacy, report, strategy, survey /

8 steps to secure GenAI integration in financial services 2025-02-04 at 07:00 By Help Net Security GenAI offers financial services institutions enormous opportunities, particularly in unstructured dataset analysis and management, but may also increase security risks, according to FS-ISAC. GenAI can organize oceans of information and retrieve insights from it that you can use to

8 steps to secure GenAI integration in financial services Read More »

Cybersecurity jobs available right now: February 3, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: February 3, 2025 2025-02-04 at 06:03 By Anamarija Pogorelec Application Security Architect ReversingLabs | Ireland | Remote – View job details As an Application Security Architect, you will conduct security assessments and vulnerability scans of applications, APIs, and other software components. Identify, analyze, and report security vulnerabilities and risks. Develop

Cybersecurity jobs available right now: February 3, 2025 Read More »

DeepSeek’s popularity exploited to push malicious packages via PyPI

data theft, DeepSeek, Don't miss, Hot stuff, Malware, News, Positive Technologies, PyPI, Python /

DeepSeek’s popularity exploited to push malicious packages via PyPI 2025-02-03 at 15:33 By Zeljka Zorz Two malicious packages leveraging the DeepSeek name have been published to the Python Package Index (PyPI) package repository, and in the 30 minutes or so they were up, they have been downloaded 36 times. The malicious packages The attack started

DeepSeek’s popularity exploited to push malicious packages via PyPI Read More »

Scroll to Top