News

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

0-day, Don't miss, enterprise, Hot stuff, Microsoft, News, secure access, security update, SonicWall /

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) 2025-01-23 at 11:03 By Zeljka Zorz A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade to the hotfix release version to address the vulnerability,” the company said […]

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006) Read More »

Defense strategies to counter escalating hybrid attacks

attacks, cybercriminals, cybersecurity, Don't miss, Features, Hot stuff, Malware, News, opinion, strategy, Threat Intelligence, Trellix /

Defense strategies to counter escalating hybrid attacks 2025-01-23 at 07:33 By Zeljka Zorz In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against hybrid attacks. What are the most promising technologies or

Defense strategies to counter escalating hybrid attacks Read More »

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

Don't miss, GitHub, News, open source, software /

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning 2025-01-23 at 07:03 By Help Net Security The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive support for various web cache poisoning and deception techniques. It features

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning Read More »

CISOs are juggling security, responsibility, and burnout

BlackFog, CISO, cybersecurity, Cycode, DirectDefense, Gigamon, Google, Ivanti, LevelBlue, News, Onyxia, report, strategy, survey /

CISOs are juggling security, responsibility, and burnout 2025-01-23 at 06:34 By Help Net Security This article gathers excerpts from multiple reports, presenting statistics and insights that may be valuable for CISOs, helping them with informed decision-making, risk management, and developing strategies to enhance their organization’s cybersecurity posture. CISOs don’t invest enough in code security 72%

CISOs are juggling security, responsibility, and burnout Read More »

Stratoshark: Wireshark for the cloud – now available!

Cloud, Don't miss, News, open source, penetration testing, software, Sysdig, wireless, Wireshark /

Stratoshark: Wireshark for the cloud – now available! 2025-01-22 at 20:33 By Help Net Security Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will

Stratoshark: Wireshark for the cloud – now available! Read More »

Mirai botnet behind the largest DDoS attack to date

attacks, botnet, cybercrime, DDoS, Don't miss, Hot stuff, Internet of Things, News /

Mirai botnet behind the largest DDoS attack to date 2025-01-22 at 17:20 By Zeljka Zorz Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. The Murdoc botnet Qualys researchers have laid bare the “Murdoc” botnet, consisting of some 1,300 IoT devices saddled with a variant

Mirai botnet behind the largest DDoS attack to date Read More »

48,000+ internet-facing Fortinet firewalls still open to attack

Arctic Wolf Networks, Asia, Don't miss, enterprise, firewall, Fortinet, Hot stuff, Kroll, News, Shadowserver, USA /

48,000+ internet-facing Fortinet firewalls still open to attack 2025-01-22 at 14:34 By Zeljka Zorz Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver

48,000+ internet-facing Fortinet firewalls still open to attack Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

APT, backdoor, China, cyber espionage, cybercrime, ESET, Malware, News, report, VPN /

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

Acronis CISO on why backup strategies fail and how to make them resilient

Acronis, automation, backup, cybersecurity, disaster recovery, Don't miss, Features, Hot stuff, News, opinion, strategy, tips /

Acronis CISO on why backup strategies fail and how to make them resilient 2025-01-22 at 07:07 By Mirko Zorz In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery processes. The post

Acronis CISO on why backup strategies fail and how to make them resilient Read More »

Privacy professionals feel more stressed than ever

Compliance, ISACA, News, Privacy, report, survey /

Privacy professionals feel more stressed than ever 2025-01-22 at 06:38 By Help Net Security Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA. Top three obstacles facing privacy programs ISACA’s State of Privacy

Privacy professionals feel more stressed than ever Read More »

Cybersecurity books on ransomware you shouldn’t miss

books, cybersecurity, News, Ransomware /

Cybersecurity books on ransomware you shouldn’t miss 2025-01-22 at 06:18 By Help Net Security This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer valuable perspectives to help strengthen defenses and refine incident response plans.

Cybersecurity books on ransomware you shouldn’t miss Read More »

Ransomware attackers are “vishing” organizations via Microsoft Teams

Don't miss, enterprise, Hot stuff, Microsoft 365, Microsoft Teams, News, Ransomware, remote access, SMBs, social engineering, Sophos /

Ransomware attackers are “vishing” organizations via Microsoft Teams 2025-01-21 at 14:10 By Zeljka Zorz The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. “Sophos MDR has observed more than 15

Ransomware attackers are “vishing” organizations via Microsoft Teams Read More »

Scam Yourself attacks: How social engineering is evolving

cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, scams, social engineering, threats /

Scam Yourself attacks: How social engineering is evolving 2025-01-21 at 07:30 By Help Net Security We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill

Scam Yourself attacks: How social engineering is evolving Read More »

Addressing the intersection of cyber and physical security threats

Artificial Intelligence, Bitdefender, Compliance, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, opinion, quantum computing, standards, strategy, threats, tips /

Addressing the intersection of cyber and physical security threats 2025-01-21 at 07:05 By Mirko Zorz In this Help Net Security, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity. He shares his perspective on the new threats these advancements bring and offers practical advice

Addressing the intersection of cyber and physical security threats Read More »

Fleet: Open-source platform for IT and security teams

Don't miss, News /

Fleet: Open-source platform for IT and security teams 2025-01-21 at 06:33 By Mirko Zorz Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations. Fleet provides a single platform to secure and maintain all computing devices over the air.

Fleet: Open-source platform for IT and security teams Read More »

Cybersecurity jobs available right now: January 21, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: January 21, 2025 2025-01-21 at 06:27 By Anamarija Pogorelec CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across

Cybersecurity jobs available right now: January 21, 2025 Read More »

CERT-UA warns against “security audit” requests via AnyDesk

AnyDesk, CERT-UA, Don't miss, Hot stuff, News, remote access, social engineering, Ukraine /

CERT-UA warns against “security audit” requests via AnyDesk 2025-01-20 at 11:34 By Zeljka Zorz Attackers are impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) via AnyDesk to gain access to target computers. The request (Source: CERT-UA) “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify

CERT-UA warns against “security audit” requests via AnyDesk Read More »

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?

blockchain, Crypto, cybersecurity, digital wallet, Don't miss, Expert analysis, Expert corner, Foundation Devices, Hot stuff, News, open source, opinion /

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? 2025-01-20 at 07:34 By Help Net Security The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats. Yet at one crucial

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? Read More »

AI-driven insights transform security preparedness and recovery

Artificial Intelligence, cybersecurity, Digitate, Don't miss, Features, framework, Hot stuff, News, opinion, strategy /

AI-driven insights transform security preparedness and recovery 2025-01-20 at 07:04 By Mirko Zorz In this Help Net Security interview, Arunava Bag, CTO at Digitate, discusses how organizations can recover digital operations after an incident, prioritize cybersecurity strategies, and secure digital operations with effective frameworks. What measures should organizations take to recover digital operations after an

AI-driven insights transform security preparedness and recovery Read More »

One in ten GenAI prompts puts sensitive data at risk

ChatGPT, cybersecurity, data security, generative AI, Harmonic, News, report, survey /

One in ten GenAI prompts puts sensitive data at risk 2025-01-20 at 06:03 By Help Net Security Despite their potential, many organizations hesitate to fully adopt GenAI tools due to concerns about sensitive data being inadvertently shared and possibly used to train these systems, according to Harmonic. Sensitive data exposure in GenAI prompts A new

One in ten GenAI prompts puts sensitive data at risk Read More »

Scroll to Top