News

Background check, drug testing provider DISA suffers data breach

data breach, Don't miss, Hot stuff, News, USA /

Background check, drug testing provider DISA suffers data breach 2025-02-25 at 20:06 By Zeljka Zorz DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise […]

React to this headline:

Loading spinner

Background check, drug testing provider DISA suffers data breach Read More »

China-based Silver Fox spoofs healthcare app to deliver malware

APT, backdoor, China, Don't miss, Forescout, healthcare, Hot stuff, News, programming, software development /

China-based Silver Fox spoofs healthcare app to deliver malware 2025-02-25 at 18:33 By Zeljka Zorz Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows

React to this headline:

Loading spinner

China-based Silver Fox spoofs healthcare app to deliver malware Read More »

Cybersecurity needs a leader, so let’s stop debating and start deciding

boardroom, CIO, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, policy, Rapid7, strategy /

Cybersecurity needs a leader, so let’s stop debating and start deciding 2025-02-25 at 18:09 By Help Net Security Have you ever heard anyone earnestly ask in a business, “Who owns legal?” or “Who sets the financial strategy?” Probably not – it should be obvious, right? Yet, when it comes to cybersecurity, the question of ownership

React to this headline:

Loading spinner

Cybersecurity needs a leader, so let’s stop debating and start deciding Read More »

How the Trustwave NIS2 Maturity Accelerator Can Help Navigate NIS2 Compliance

Compliance, News, Tips & Tricks /

How the Trustwave NIS2 Maturity Accelerator Can Help Navigate NIS2 Compliance 2025-02-25 at 16:15 By The European Union (EU) Network and Information Security Directive 2 (NIS2) introduces stricter cybersecurity requirements than its predecessor, the original NIS Directive. With the compliance deadline fast approaching, in-scope organizations must take proactive steps to ensure they have enacted NIS2

React to this headline:

Loading spinner

How the Trustwave NIS2 Maturity Accelerator Can Help Navigate NIS2 Compliance Read More »

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy

Artificial Intelligence, collaboration, News, open source, software /

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy 2025-02-25 at 15:18 By Help Net Security Hyperscalers have perpetuated the narrative that open-source solutions cannot compete at scale. This perception has influenced funding priorities, shaped policy discussions, and reinforced organizational reliance on Big Tech. With the launch of Hub

React to this headline:

Loading spinner

Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy Read More »

Avoiding vendor lock-in when using managed cloud security services

access control, Artificial Intelligence, CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Tamnoon /

Avoiding vendor lock-in when using managed cloud security services 2025-02-25 at 08:05 By Mirko Zorz In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments. She shares insights on long onboarding times, legacy security gaps, vendor lock-in, and overlooked

React to this headline:

Loading spinner

Avoiding vendor lock-in when using managed cloud security services Read More »

The CISO’s dilemma of protecting the enterprise while driving innovation

CISO, Cloudera, cyber risk, cybersecurity, Don't miss, News, Risk Management, strategy, tips, Upwind /

The CISO’s dilemma of protecting the enterprise while driving innovation 2025-02-25 at 07:34 By Help Net Security CISOs are constantly navigating the challenge of protecting their organizations while ensuring business agility and innovation. For example, as companies move workloads to the cloud to support remote teams, security teams must secure data without slowing down productivity.

React to this headline:

Loading spinner

The CISO’s dilemma of protecting the enterprise while driving innovation Read More »

Cybersecurity jobs available right now: February 25, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: February 25, 2025 2025-02-25 at 07:00 By Anamarija Pogorelec Application Security Engineer Binance | UAE | Remote – View job details As a Application Security Engineer, you will enhance and maintain the security postures of Binance’s affiliates specializing in DeFi and Web3. Serve as the first responder for security issues

React to this headline:

Loading spinner

Cybersecurity jobs available right now: February 25, 2025 Read More »

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)

Don't miss, endpoint management, enterprise, Horizon3.ai, Hot stuff, Ivanti, News, PoC /

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) 2025-02-24 at 16:18 By Zeljka Zorz A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers. The vulnerabilities – CVE-2024-10811, CVE-2024-13161, CVE-2024-13160 and CVE-2024-13159 – may be exploited by remote, unauthenticated attackers to leverage Ivanti EPM machine account credentials

React to this headline:

Loading spinner

PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159) Read More »

Massive botnet hits Microsoft 365 accounts

attacks, cybersecurity, Microsoft, Microsoft 365, News, passwords, SecurityScorecard /

Massive botnet hits Microsoft 365 accounts 2025-02-24 at 15:16 By Help Net Security A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts. Security researchers at SecurityScorecard are examining possible connections to China-affiliated threat actors, citing evidence of infrastructure linked to CDS Global Cloud and UCLOUD

React to this headline:

Loading spinner

Massive botnet hits Microsoft 365 accounts Read More »

Man vs. machine: Striking the perfect balance in threat intelligence

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, LLMs, News, opinion, Perspective Intelligence, Threat Intelligence /

Man vs. machine: Striking the perfect balance in threat intelligence 2025-02-24 at 08:00 By Mirko Zorz In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence. He explains that while AI tools can process massive data sets, the nuanced judgment of experienced analysts remains critical. Roberts

React to this headline:

Loading spinner

Man vs. machine: Striking the perfect balance in threat intelligence Read More »

Misconfig Mapper: Open-source tool to uncover security misconfigurations

Don't miss, GitHub, misconfiguration, News, open source, software /

Misconfig Mapper: Open-source tool to uncover security misconfigurations 2025-02-24 at 07:33 By Mirko Zorz Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization. It performs large-scale detection and misconfiguration assessments, leveraging customizable templates with detection and misconfiguration fingerprints to identify potential security risks

React to this headline:

Loading spinner

Misconfig Mapper: Open-source tool to uncover security misconfigurations Read More »

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from

News, Week in review /

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from 2025-02-23 at 12:41 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: A PostgreSQL zero-day was also exploited in US Treasury hack (CVE-2025-1094) The suspected Chinese state-sponsored hackers who

React to this headline:

Loading spinner

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from Read More »

Security and privacy concerns challenge public sector’s efforts to modernize

access control, Artificial Intelligence, cybersecurity, data security, digital transformation, hybrid IT, News, report, SolarWinds /

Security and privacy concerns challenge public sector’s efforts to modernize 2025-02-21 at 18:01 By Help Net Security For most public sector organizations, digital transformation is a work in progress, with the complexity of integrating new systems and privacy and security concerns remaining key barriers, according to a report by SolarWinds. Only 6% of respondents report

React to this headline:

Loading spinner

Security and privacy concerns challenge public sector’s efforts to modernize Read More »

Mastering the cybersecurity tightrope of protection, detection, and response

cyber resilience, cybersecurity, data security, Don't miss, Encryption, Features, Hot stuff, Incident Response, monitoring, News, opinion, Sophos, strategy /

Mastering the cybersecurity tightrope of protection, detection, and response 2025-02-21 at 08:05 By Mirko Zorz In this Help Net Security interview, Chester Wisniewski, Director and Global Field CISO at Sophos, discusses the shifting ransomware landscape, the risks posed by quantum decryption threats, and the role of vendor security validation. Wisniewski notes that cyber resilience is

React to this headline:

Loading spinner

Mastering the cybersecurity tightrope of protection, detection, and response Read More »

How to secure Notes on iOS and macOS

apple, cybersecurity, how-to, iOS, macOS, News, Privacy, tips /

How to secure Notes on iOS and macOS 2025-02-21 at 07:34 By Help Net Security Apple allows you to lock your notes using your iPhone passcode or a separate password, ensuring your private information stays protected across all your Apple devices, including iOS and macOS. Whether you’re using your iPhone, iPad, or Mac, here’s how

React to this headline:

Loading spinner

How to secure Notes on iOS and macOS Read More »

New infosec products of the week: February 21, 2025

1Password, Fortinet, News, Pangea, Privacera, Veeam Software /

New infosec products of the week: February 21, 2025 2025-02-21 at 06:05 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from 1Password, Fortinet, Pangea, Privacera, and Veeam Software. Fortinet enhances FortiAnalyzer to deliver accelerated threat hunting and incident response FortiAnalyzer offers a streamlined entry point

React to this headline:

Loading spinner

New infosec products of the week: February 21, 2025 Read More »

Cybersecurity jobs available right now in the USA: February 20, 2025

cybersecurity jobs, News, USA /

Cybersecurity jobs available right now in the USA: February 20, 2025 2025-02-20 at 18:06 By Anamarija Pogorelec Compliance & Privacy Specialist McKesson | Remote – View job details As a Compliance & Privacy Specialist, you will identify potential gaps, establish and maintain policies and procedures to guide the business in complying with regulatory requirements, create

React to this headline:

Loading spinner

Cybersecurity jobs available right now in the USA: February 20, 2025 Read More »

PRevent: Open-source tool to detect malicious code in pull requests

Apiiro, code analysis, Don't miss, GitHub, Hot stuff, Java, JavaScript, Kotlin, News, open source, PHP, programming, Python, Ruby, software development, threat detection /

PRevent: Open-source tool to detect malicious code in pull requests 2025-02-20 at 16:52 By Zeljka Zorz Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and Opengrep static

React to this headline:

Loading spinner

PRevent: Open-source tool to detect malicious code in pull requests Read More »

Scroll to Top