The hidden dangers of a toxic cybersecurity workplace 2025-02-03 at 07:35 By Mirko Zorz In this Help Net Security interview, Rob Lee, Chief of Research and Head of Faculty at SANS Institute, discusses what a toxic environment looks like and how professionals can recognize red flags such as high turnover, burnout, and a pervasive fear […]
The hidden dangers of a toxic cybersecurity workplace Read More »
BadDNS: Open-source tool checks for subdomain takeovers 2025-02-03 at 07:03 By Mirko Zorz BadDNS is an open-source Python DNS auditing tool designed to detect domain and subdomain takeovers of all types. BadDNS modules cname – Check for dangling CNAME records and interrogate them for subdomain takeover opportunities ns – Check for dangling NS records and
BadDNS: Open-source tool checks for subdomain takeovers Read More »
Only 3% of organizations have a dedicated budget for SaaS security 2025-02-03 at 06:48 By Help Net Security Mid-market organizations are grappling with managing the large volume of SaaS applications, both sanctioned and unsanctioned, with actual numbers often exceeding expectations, according to Cloud Security Alliance. Security teams are struggling with a growing attack surface Disconcertingly,
Only 3% of organizations have a dedicated budget for SaaS security Read More »
How to use iCloud Private Relay for enhanced privacy 2025-02-03 at 06:04 By Help Net Security iCloud Private Relay, included with an iCloud+ subscription, enhances your privacy while browsing the web in Safari. When this feature is enabled, the traffic leaving your iPhone is encrypted and routed through two separate internet relays. This ensures that
How to use iCloud Private Relay for enhanced privacy Read More »
Week in review: Apple 0-day used to target iPhones, DeepSeek’s popularity exploited by scammers 2025-02-02 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085)
Patient monitors with backdoor are sending info to China, CISA warns 2025-01-31 at 14:03 By Zeljka Zorz Contec CMS8000, a patient monitor manufactured by a Chinese company, and Epsimed MN-120, which is the same monitor but relabeled, exfiltrate patients’ data to a hard-coded IP address and have a backdoor that can be used to download
Patient monitors with backdoor are sending info to China, CISA warns Read More »
Deploying AI at the edge: The security trade-offs and how to manage them 2025-01-31 at 07:34 By Mirko Zorz Deploying AI at the edge brings advantages such as low latency, improved efficiency, and real-time decision-making. It also introduces new attack surfaces. Adversaries could intercept models in transit, manipulate inputs to degrade performance, or even reverse-engineer
Deploying AI at the edge: The security trade-offs and how to manage them Read More »
Platformization is key to reduce cybersecurity complexity 2025-01-31 at 07:03 By Help Net Security Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high
Platformization is key to reduce cybersecurity complexity Read More »
Nine out of ten emails are spam 2025-01-31 at 06:33 By Help Net Security Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group. Spam
Nine out of ten emails are spam Read More »
Infosec products of the month: January 2025 2025-01-31 at 06:03 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, Oasis Security, and Swimlane. authID PrivacyKey protects users’
Infosec products of the month: January 2025 Read More »
Cybercrime forums Cracked and Nulled seized, operators arrested 2025-01-30 at 18:50 By Zeljka Zorz Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites “nulled.to”
Cybercrime forums Cracked and Nulled seized, operators arrested Read More »
SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server
SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »
Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models
Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »
ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound
ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »
89% of AI-powered APIs rely on insecure authentication mechanisms 2025-01-30 at 06:33 By Help Net Security APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer
89% of AI-powered APIs rely on insecure authentication mechanisms Read More »
How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email
How to use Hide My Email to protect your inbox from spam Read More »
Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute
DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they
DeepSeek’s popularity exploited by malware peddlers, scammers Read More »
How Lazarus Group built a cyber espionage empire 2025-01-29 at 11:04 By Help Net Security Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis,
How Lazarus Group built a cyber espionage empire Read More »
Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial
Preparing financial institutions for the next generation of cyber threats Read More »