300% increase in endpoint malware detections 2025-02-20 at 07:04 By Help Net Security The third quarter of 2024 saw a dramatic shift in the types of malware detected at network perimeters, according to a new WatchGuard report. The report’s key findings include a 300% increase quarter over quarter of endpoint malware detections, highlighted by growing […]
React to this headline:
300% increase in endpoint malware detections Read More »
iOS 18 settings to lock down your privacy and security 2025-02-19 at 18:04 By Help Net Security Enhancing your security and privacy on iOS 18 involves configuring various settings to control access to your personal data and device features. Here are 12 essential settings to consider. Enable two-factor authentication (2FA) Using 2FA authentication adds an
React to this headline:
iOS 18 settings to lock down your privacy and security Read More »
Attackers are chaining flaws to breach Palo Alto Networks firewalls 2025-02-19 at 11:03 By Zeljka Zorz Exploitation attempts targeting CVE-2025-0108, a recently disclosed authentication bypass vulnerability affecting the management web interface of Palo Alto Networks’ firewalls, are ramping up. “GreyNoise now sees 25 malicious IPs actively exploiting CVE-2025-0108, up from 2 on February 13,” the
React to this headline:
Attackers are chaining flaws to breach Palo Alto Networks firewalls Read More »
Kunai: Open-source threat hunting tool for Linux 2025-02-19 at 08:19 By Mirko Zorz Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel function hooking, Kunai takes
React to this headline:
Kunai: Open-source threat hunting tool for Linux Read More »
Cyber hygiene habits that many still ignore 2025-02-19 at 07:04 By Help Net Security Cybersecurity advice is everywhere. We’re constantly reminded to update our passwords, enable two-factor authentication, and avoid clicking suspicious links. Yet, beneath these practical steps lie deeper cyber hygiene habits that, despite their importance, are frequently overlooked. These underlying mindsets and systemic
React to this headline:
Cyber hygiene habits that many still ignore Read More »
Building a Sustainable PCI DSS 4.0 Compliance Culture 2025-02-18 at 23:34 By Craig Searle PCI DSS 4.0: Mastering Targeted Risk Analysis (TRA) for Sustainable Compliance: This title highlights the key update (4.0) and a core concept (TRA), making it clear what the blog post is about. It also emphasizes the importance of long-term compliance. Navigating PCI
React to this headline:
Building a Sustainable PCI DSS 4.0 Compliance Culture Read More »
BlackLock ransomware onslaught: What to expect and how to fight it 2025-02-18 at 18:33 By Zeljka Zorz BlackLock is on track to become the most active ransomware-as-a-service (RaaS) outfit in 2025, according to ReliaQuest. Its success is primarily due to their unusually active presence and good reputation on the ransomware-focused Russian-language forum RAMP, and their
React to this headline:
BlackLock ransomware onslaught: What to expect and how to fight it Read More »
Cybercriminals shift focus to social media as attacks reach historic highs 2025-02-18 at 18:01 By Help Net Security A new report from Gen highlights a sharp rise in online threats, capping off a record-breaking 2024. Between October and December alone, 2.55 billion cyber threats were blocked – an astonishing rate of 321 per second. The
React to this headline:
Cybercriminals shift focus to social media as attacks reach historic highs Read More »
The risks of autonomous AI in machine-to-machine interactions 2025-02-18 at 08:03 By Mirko Zorz In this Help Net Security, Oded Hareven, CEO of Akeyless Security, discusses how enterprises should adapt their cybersecurity strategies to address the growing need for machine-to-machine (M2M) security. According to Hareven, machine identities must be secured and governed similarly to human
React to this headline:
The risks of autonomous AI in machine-to-machine interactions Read More »
Balancing cloud security with performance and availability 2025-02-18 at 07:33 By Help Net Security Your business can’t realize the many benefits of cloud computing without ensuring performance and availability in its cloud environments. Let’s look at some examples. Scalability: To scale your business’s cloud computing services, you need those services to be available and to
React to this headline:
Balancing cloud security with performance and availability Read More »
Cybersecurity jobs available right now: February 18, 2025 2025-02-18 at 07:02 By Anamarija Pogorelec Airport Cybersecurity Engineer II Salt Lake City Corporation | USA | On-site – View job details As an Airport Cybersecurity Engineer II, you will develop and implement policies, procedures, and training plans for security and network administration. Assess and mitigate cybersecurity
React to this headline:
Cybersecurity jobs available right now: February 18, 2025 Read More »
The XCSSET info-stealing malware is back, targeting macOS users and devs 2025-02-17 at 19:50 By Zeljka Zorz A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It’s usually distributed via infected Xcode projects
React to this headline:
The XCSSET info-stealing malware is back, targeting macOS users and devs Read More »
Unlocking OSINT: Top books to learn from 2025-02-17 at 18:05 By Help Net Security Discover the top Open-Source Intelligence (OSINT) books in this curated list. From investigative techniques to digital footprint analysis, these titles offer insights for security professionals, journalists, and researchers looking to master the art of gathering and analyzing publicly available data. Hunting
React to this headline:
Unlocking OSINT: Top books to learn from Read More »
A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) 2025-02-17 at 15:49 By Zeljka Zorz The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the
React to this headline:
A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) Read More »
Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme 2025-02-17 at 13:48 By Zeljka Zorz Two Estonian nationals may spend the next 20 years in prison for stealing hundreds of millions of dollars through a massive cryptocurrency Ponzi scheme, the US Department of Justice announced last week. The fraudulent operation “According to court documents, Sergei
React to this headline:
Two Estonians plead guilty in $577M cryptocurrency Ponzi scheme Read More »
How CISOs can balance security and business agility in the cloud 2025-02-17 at 08:03 By Mirko Zorz In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating
React to this headline:
How CISOs can balance security and business agility in the cloud Read More »
Orbit: Open-source Nuclei security scanning and automation platform 2025-02-17 at 07:50 By Mirko Zorz Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I built
React to this headline:
Orbit: Open-source Nuclei security scanning and automation platform Read More »
Week in review: Microsoft fixes two actively exploited 0-days, PAN-OS auth bypass hole plugged 2025-02-16 at 11:04 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes
React to this headline:
vCISOs are in high demand 2025-02-14 at 19:04 By Help Net Security Regardless of job title, 92% of executives stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles, according to Cyber Defense Group.
React to this headline:
vCISOs are in high demand Read More »
New GRC and cyber risk strategies emphasize risk adaptability 2025-02-14 at 18:04 By Help Net Security MetricStream has unveiled its annual forecast of key trends shaping the future of GRC and Cyber GRC. These 2025 predictions offer a roadmap for building resilience strategies, addressing emerging risks, and seizing new opportunities. AI comes of age: risks,
React to this headline:
New GRC and cyber risk strategies emphasize risk adaptability Read More »