News

Platformization is key to reduce cybersecurity complexity

Artificial Intelligence, cybersecurity, IBM, News, Palo Alto Networks, report, survey /

Platformization is key to reduce cybersecurity complexity 2025-01-31 at 07:03 By Help Net Security Organizations are facing security complexity challenges as they juggle an average of 83 different security solutions from 29 vendors, according to a report by IBM and Palo Alto Networks. It also shows 7 out of 10 surveyed companies with a high […]

React to this headline:

Loading spinner

Platformization is key to reduce cybersecurity complexity Read More »

Nine out of ten emails are spam

cybercrime, Email, email security, News, report, spam, survey, VIPRE Security /

Nine out of ten emails are spam 2025-01-31 at 06:33 By Help Net Security Now, more than ever, users can fall prey to word-perfect AI-created phishing campaigns, subtle BEC messages that sound remarkably like the sender, and highly convincing ploys from trusted vendors with legitimate-looking websites and clean domains, according to VIPRE Security Group. Spam

React to this headline:

Loading spinner

Nine out of ten emails are spam Read More »

Infosec products of the month: January 2025

Absolute, Atsign, authID.ai, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard​, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, News, Oasis Security, Swimlane /

Infosec products of the month: January 2025 2025-01-31 at 06:03 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Absolute Security, Atsign, authID, BackBox, BioConnect, BitSight, BreachLock, Cisco, Commvault, Compliance Scorecard, DataDome, Hiya, IT-Harvest, Lookout, McAfee, Netgear, Oasis Security, and Swimlane. authID PrivacyKey protects users’

React to this headline:

Loading spinner

Infosec products of the month: January 2025 Read More »

Cybercrime forums Cracked and Nulled seized, operators arrested

arrest, cybercrime, Don't miss, Europe, Germany, Hot stuff, law enforcement, News /

Cybercrime forums Cracked and Nulled seized, operators arrested 2025-01-30 at 18:50 By Zeljka Zorz Law enforcement from Germany, Australia, Spain, Greece, Romania, Italy, France and the USA have seized and shut down Cracked and Nulled, the two largest cybercrime forums in the world. The takedown notice (Source: German Federal Criminal Police Office) “The websites “nulled.to”

React to this headline:

Loading spinner

Cybercrime forums Cracked and Nulled seized, operators arrested Read More »

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs

Arctic Wolf Networks, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, remote management, SimpleHelp /

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs 2025-01-30 at 17:16 By Zeljka Zorz Attackers may have leveraged vulnerabilities in the SimpleHelp remote monitoring and management solution to gain initial access to healthcare organizations. About the vulnerabilities On January 13, 2025, Horizon3.ai researchers revealed their discovery of three vulnerabilities affecting SimpleHelp’s server

React to this headline:

Loading spinner

SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs Read More »

Zscaler CISO on balancing security and user convenience in hybrid work environments

CISO, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, hybrid workforce, News, opinion, regulation, remote working, security controls, strategy, zero trust, Zscaler /

Zscaler CISO on balancing security and user convenience in hybrid work environments 2025-01-30 at 07:33 By Mirko Zorz In this Help Net Security interview, Sean Cordero, CISO at Zscaler, talks about securing hybrid work and the new challenges it presents to cybersecurity teams. He discusses how hybrid work has exposed gaps in traditional security models

React to this headline:

Loading spinner

Zscaler CISO on balancing security and user convenience in hybrid work environments Read More »

ExtensionHound: Open-source tool for Chrome extension DNS forensics

Chrome, computer forensics, DNS, Don't miss, GitHub, News, open source, software /

ExtensionHound: Open-source tool for Chrome extension DNS forensics 2025-01-30 at 07:03 By Mirko Zorz Traditional monitoring tools reveal only traffic from the Chrome process, leaving security teams uncertain about which extension is responsible for a suspicious DNS query. ExtensionHound solves this by analyzing Chrome’s internal network state and linking DNS activity to specific extensions. ExtensionHound

React to this headline:

Loading spinner

ExtensionHound: Open-source tool for Chrome extension DNS forensics Read More »

89% of AI-powered APIs rely on insecure authentication mechanisms

API security, Artificial Intelligence, cybersecurity, News, report, survey, vulnerability, Wallarm /

89% of AI-powered APIs rely on insecure authentication mechanisms 2025-01-30 at 06:33 By Help Net Security APIs have emerged as the predominant attack surface over the past year, with AI being the biggest driver of API security risks, according to Wallarm. “Based on our findings, what is clear is that API security is no longer

React to this headline:

Loading spinner

89% of AI-powered APIs rely on insecure authentication mechanisms Read More »

How to use Hide My Email to protect your inbox from spam

apple, Don't miss, email security, how-to, News, Privacy /

How to use Hide My Email to protect your inbox from spam 2025-01-30 at 06:03 By Help Net Security Hide My Email is a service that comes with iCloud+, Apple’s subscription-based service. It allows users to generate one-time-use or reusable email addresses that forward messages to their personal inbox without ever revealing their actual email

React to this headline:

Loading spinner

How to use Hide My Email to protect your inbox from spam Read More »

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891)

Censys, Don't miss, GreyNoise, Hot stuff, News, VulnCheck, vulnerability, Zyxel /

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) 2025-01-29 at 18:32 By Zeljka Zorz CVE-2024-40891, a command injection vulnerability in Zyxel CPE Series telecommunications devices that has yet to be fixed by the manufacturer, is being targeted by attackers, cybersecurity company Greynoise has warned. Successful exploitation would allow attackers to execute

React to this headline:

Loading spinner

Zyxel CPE devices under attack via critical vulnerability without a patch (CVE-2024-40891) Read More »

DeepSeek’s popularity exploited by malware peddlers, scammers

Artificial Intelligence, China, consumer, data security, DeepSeek, Don't miss, enterprise, Hot stuff, KELA, LLMs, Malware, News, Privacy, threat /

DeepSeek’s popularity exploited by malware peddlers, scammers 2025-01-29 at 15:18 By Zeljka Zorz As US-based AI companies struggle with the news that the recently released Chinese-made open source DeepSeek-R1 reasoning model performs as well as theirs for a fraction of the cost, users are rushing to try out DeepSeek’s AI tool. In the process, they

React to this headline:

Loading spinner

DeepSeek’s popularity exploited by malware peddlers, scammers Read More »

How Lazarus Group built a cyber espionage empire

cyber attribution, cybersecurity, Don't miss, News, North Korea, report, SecurityScorecard, supply chain compromise /

How Lazarus Group built a cyber espionage empire 2025-01-29 at 11:04 By Help Net Security Since September 2024, SecurityScorecard’s STRIKE team has been investigating Lazarus Group’s activity, uncovering key details about their infrastructure. Despite variations in payload delivery and obfuscation techniques, the campaign relied on a consistent C2 framework. Hidden control panel Through deep analysis,

React to this headline:

Loading spinner

How Lazarus Group built a cyber espionage empire Read More »

Preparing financial institutions for the next generation of cyber threats

cybersecurity, Data Protection, Don't miss, Features, financial industry, fraud, Hot stuff, News, opinion, regulation, threats, Visa /

Preparing financial institutions for the next generation of cyber threats 2025-01-29 at 07:34 By Mirko Zorz In this Help Net Security interview, James Mirfin, SVP and Head of Risk and Identity Solutions at Visa, discusses key priorities for leaders combating fraud, the next-generation threats institutions must prepare for, and the role of collaboration between financial

React to this headline:

Loading spinner

Preparing financial institutions for the next generation of cyber threats Read More »

Cybersecurity crisis in numbers

cybercrime, cybersecurity, data breach, Identity Theft Resource Center, News, report, survey /

Cybersecurity crisis in numbers 2025-01-29 at 07:03 By Help Net Security The number of US data compromises in 2024 (3,158) decreased 1% compared to 2023 (3,202), 44 events away from tying a record for the number of compromises tracked in a year, according to the Identity Theft Resource Center. Data breach notices surge The number

React to this headline:

Loading spinner

Cybersecurity crisis in numbers Read More »

Only 13% of organizations fully recover data after a ransomware attack

Artificial Intelligence, cybercrime, cybersecurity, data breach, Illumio, News, Ransomware, report, survey /

Only 13% of organizations fully recover data after a ransomware attack 2025-01-29 at 06:04 By Help Net Security Ransomware attacks are disrupting and undermining business operations and draining revenue streams, according to Illumio. Findings from the study reveal that 58% of organizations had to shut down operations following a ransomware attack, up from 45% in

React to this headline:

Loading spinner

Only 13% of organizations fully recover data after a ransomware attack Read More »

Europeans targeted with new Tor-using backdoor and infostealers

Cisco, Don't miss, Europe, Hot stuff, Malware, News, phishing /

Europeans targeted with new Tor-using backdoor and infostealers 2025-01-28 at 15:04 By Zeljka Zorz A financially motivated threat actor has been targeting German and Polish-speaking users with info-stealing malware and TorNet, a previously undocumented .NET backdoor that leverages the Tor network to evade detection. The phishing email The attacker sends out fake money transfer confirmations

React to this headline:

Loading spinner

Europeans targeted with new Tor-using backdoor and infostealers Read More »

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) 2025-01-28 at 13:18 By Zeljka Zorz Apple has shipped a fix for a zero-day vulnerability (CVE-2025-24085) that is being leveraged by attackers against iPhone users. About CVE-2025-24085 CVE-2025-24085 is a use after free bug in CoreMedia, a framework used by Apple devices for the processing of

React to this headline:

Loading spinner

Apple zero-day vulnerability exploited to target iPhone users (CVE-2025-24085) Read More »

BloodyAD: Open-source Active Directory privilege escalation framework

Active Directory, Don't miss, GitHub, News, open source, software /

BloodyAD: Open-source Active Directory privilege escalation framework 2025-01-28 at 07:00 By Mirko Zorz BloodyAD is an open-source Active Directory privilege escalation framework that uses specialized LDAP calls to interact with domain controllers. It enables various privilege escalation techniques within Active Directory environments. Features “I created this tool because I do a lot of internal testing

React to this headline:

Loading spinner

BloodyAD: Open-source Active Directory privilege escalation framework Read More »

74% of CISOs are increasing crisis simulation budgets

CISO, cybersecurity, Hack The Box, Incident Response, investment, News, report, strategy, survey /

74% of CISOs are increasing crisis simulation budgets 2025-01-28 at 06:46 By Help Net Security In the aftermath of 2024’s high-profile cybersecurity incidents, including NHS, CrowdStrike, 23andMe, Transport for London, and Cencora, CISOs are reassessing their organisation’s readiness to manage a potential “chaos” of a full-scale cyber crisis, according to Hack The Box. Many CISOs

React to this headline:

Loading spinner

74% of CISOs are increasing crisis simulation budgets Read More »

Cybersecurity jobs available right now: January 28, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: January 28, 2025 2025-01-28 at 06:03 By Anamarija Pogorelec Application Security Engineer Bumble | United Kingdom | Hybrid – View job details As an Application Security Engineer, you will design and implement security testing tools within CI/CD pipelines to detect vulnerabilities early without impacting development speed. Conduct risk assessments and

React to this headline:

Loading spinner

Cybersecurity jobs available right now: January 28, 2025 Read More »

Scroll to Top