News

Preparing financial institutions for the next generation of cyber threats

cybersecurity, Data Protection, Don't miss, Features, financial industry, fraud, Hot stuff, News, opinion, regulation, threats, Visa /

Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial […]

Preparing financial institutions for the next generation of cyber threats Read More »

Cybersecurity crisis in numbers

cybercrime, cybersecurity, data breach, Identity Theft Resource Center, News, report, survey /

Cybersecurity crisis in numbers 2025-01-29 at 07:03 By Help Net Security The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach notices surge The number

Cybersecurity crisis in numbers Read More »

Only 13% of organizations fully recover data after a ransomware attack

Artificial Intelligence, cybercrime, cybersecurity, data breach, Illumio, News, Ransomware, report, survey /

Only 13% of organizations fully recover data after a ransomware attack 2025-01-29 at 06:04 By Help Net Security Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in

Only 13% of organizations fully recover data after a ransomware attack Read More »

Europeans targeted with new Tor-using backdoor and infostealers

Cisco, Don't miss, Europe, Hot stuff, Malware, News, phishing /

Europeans targeted with new Tor-using backdoor and infostealers 2025-01-28 at 15:04 By Zeljka Zorz A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The attacker sends out fake money transfer confirmations

Europeans targeted with new Tor-using backdoor and infostealers Read More »

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 2025-01-28 at 13:18 By Zeljka Zorz Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Read More »

BloodyAD: Open-source Active Directory privilege escalation framework

Active Directory, Don't miss, GitHub, News, open source, software /

BloodyAD: Open-source Active Directory privilege escalation framework 2025-01-28 at 07:00 By Mirko Zorz BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features “I created this tool because I do a lot of internal testing

BloodyAD: Open-source Active Directory privilege escalation framework Read More »

74% of CISOs are increasing crisis simulation budgets

CISO, cybersecurity, Hack The Box, Incident Response, investment, News, report, strategy, survey /

74% of CISOs are increasing crisis simulation budgets 2025-01-28 at 06:46 By Help Net Security In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale cyber crisis, according to Hack The Box. Many CISOs

74% of CISOs are increasing crisis simulation budgets Read More »

Cybersecurity jobs available right now: January 28, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: January 28, 2025 2025-01-28 at 06:03 By Anamarija Pogorelec Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments and

Cybersecurity jobs available right now: January 28, 2025 Read More »

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704)

Bishop Fox, CVE, Don't miss, enterprise, Hot stuff, News, security update, SMBs, SonicWall, vulnerability /

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) 2025-01-27 at 17:20 By Zeljka Zorz 5,000+ SonicWall firewalls are still vulnerable to attack via a high-severity vulnerability (CVE-2024-53704) that, according to SonicWall, should be considered “at imminent risk of exploitation”. The warning came last week from Bishop Fox researchers, after they successfully exploited the vulnerability on

5,000+ SonicWall firewalls still open to attack (CVE-2024-53704) Read More »

AI security posture management will be needed before agentic AI takes hold

Artificial Intelligence, authentication, bot, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, framework, IBS Software, News, opinion /

AI security posture management will be needed before agentic AI takes hold 2025-01-27 at 07:40 By Help Net Security As I’m currently knee deep in testing agentic AI in all its forms, as well as new iterations of current generative AI models such as OpenAI’s O1, the complexities of securing AI bot frameworks for enterprise

AI security posture management will be needed before agentic AI takes hold Read More »

Don’t let these open-source cybersecurity tools slip under your radar

Android, cybersecurity, Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, software, Windows /

Don’t let these open-source cybersecurity tools slip under your radar 2025-01-27 at 07:07 By Help Net Security This article showcases free, open-source cybersecurity tools that help you identify and address vulnerabilities, detect intrusion, protect websites from cyber attacks, monitor and detect suspicious activities across your network. Am I Isolated: Open-source container security benchmark Am I

Don’t let these open-source cybersecurity tools slip under your radar Read More »

How to use Apple’s App Privacy Report to monitor data tracking

apple, cybersecurity, Don't miss, how-to, News, Privacy /

How to use Apple’s App Privacy Report to monitor data tracking 2025-01-27 at 06:03 By Help Net Security The App Privacy Report, which Apple introduced in iOS 15.2, allows users to monitor how apps access data and interact with third-party services. The report provides an in-depth analysis of the types of sensitive data accessed by

How to use Apple’s App Privacy Report to monitor data tracking Read More »

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams

News, Week in review /

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams 2025-01-26 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 48,000+ internet-facing Fortinet firewalls still open to attack Despite last week’s confirmation of and warnings about long-standing exploitation

Week in review: 48k Fortinet firewalls open to attack, attackers “vishing” orgs via Microsoft Teams Read More »

North Korean IT workers are extorting employers, FBI warns

data theft, Don't miss, enterprise, extortion, Hot stuff, News, North Korea, USA /

North Korean IT workers are extorting employers, FBI warns 2025-01-24 at 16:48 By Zeljka Zorz The FBI is on a mission to raise awareness about the threat that North Korean IT workers present to organizations in the US and around the world. While corporate espionage comes to mind first, the threat goes beyond that: “In

North Korean IT workers are extorting employers, FBI warns Read More »

Nearly half of CISOs now report to CEOs, showing their rising influence

boardroom, CISO, Hot stuff, News, report, Splunk, strategy, survey /

Nearly half of CISOs now report to CEOs, showing their rising influence 2025-01-24 at 07:33 By Industry News The CISO’s rise to the C-suite comes with more engagement with the boardroom, an audience with the CEO, and the power to make strategic decisions for the business, according to Splunk. CISOs report to the C-suite (Source:

Nearly half of CISOs now report to CEOs, showing their rising influence Read More »

GUI frontends for GnuPG, the free implementation of the OpenPGP standard

Don't miss, Encryption, GitHub, Linux, News, open source, software /

GUI frontends for GnuPG, the free implementation of the OpenPGP standard 2025-01-24 at 07:20 By Help Net Security GnuPG is a free and comprehensive implementation of the OpenPGP standard. It enables encryption and signing of data and communications, featuring a key management system and support for public key directories. While primarily a command-line tool, GnuPG

GUI frontends for GnuPG, the free implementation of the OpenPGP standard Read More »

Deepfakes force a new era in fraud detection, identity verification

cybersecurity, deepfakes, fraud, identity, identity verification, News, Regula, report, survey /

Deepfakes force a new era in fraud detection, identity verification 2025-01-24 at 06:32 By Help Net Security The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula. With deepfakes threatening every second company around the world, businesses won’t be able to

Deepfakes force a new era in fraud detection, identity verification Read More »

New infosec products of the week: January 24, 2025

BitSight, DataDome, DigitalOcean, Lookout, News, XONA Systems /

New infosec products of the week: January 24, 2025 2025-01-24 at 06:18 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems. Lookout Mobile Intelligence APIs identifies cross-platform attacks Lookout Mobile Intelligence APIs give security teams visibility into what’s

New infosec products of the week: January 24, 2025 Read More »

Juniper enterprise routers backdoored via “magic packet” malware

backdoor, Don't miss, enterprise, Hot stuff, Juniper Networks, Linux, Lumen, Malware, News, router /

Juniper enterprise routers backdoored via “magic packet” malware 2025-01-23 at 20:05 By Zeljka Zorz A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse shell when instructed to do so. “Our telemetry indicates the J-magic campaign

Juniper enterprise routers backdoored via “magic packet” malware Read More »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

Cisco, Don't miss, Hot stuff, News, PoC, security update, video conferencing, vulnerability /

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw 2025-01-23 at 15:03 By Zeljka Zorz Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw Read More »

Scroll to Top