News

Stratoshark: Wireshark for the cloud – now available!

Cloud, Don't miss, News, open source, penetration testing, software, Sysdig, wireless, Wireshark /

Stratoshark: Wireshark for the cloud – now available! 2025-01-22 at 20:33 By Help Net Security Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability. Stratoshark incorporates much of Wireshark’s codebase, including its user interface elements. The interface and workflows will […]

React to this headline:

Loading spinner

Stratoshark: Wireshark for the cloud – now available! Read More »

Mirai botnet behind the largest DDoS attack to date

attacks, botnet, cybercrime, DDoS, Don't miss, Hot stuff, Internet of Things, News /

Mirai botnet behind the largest DDoS attack to date 2025-01-22 at 17:20 By Zeljka Zorz Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world. The Murdoc botnet Qualys researchers have laid bare the “Murdoc” botnet, consisting of some 1,300 IoT devices saddled with a variant

React to this headline:

Loading spinner

Mirai botnet behind the largest DDoS attack to date Read More »

48,000+ internet-facing Fortinet firewalls still open to attack

Arctic Wolf Networks, Asia, Don't miss, enterprise, firewall, Fortinet, Hot stuff, Kroll, News, Shadowserver, USA /

48,000+ internet-facing Fortinet firewalls still open to attack 2025-01-22 at 14:34 By Zeljka Zorz Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver

React to this headline:

Loading spinner

48,000+ internet-facing Fortinet firewalls still open to attack Read More »

China-aligned PlushDaemon APT compromises supply chain of Korean VPN

APT, backdoor, China, cyber espionage, cybercrime, ESET, Malware, News, report, VPN /

China-aligned PlushDaemon APT compromises supply chain of Korean VPN 2025-01-22 at 08:04 By Help Net Security ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious

React to this headline:

Loading spinner

China-aligned PlushDaemon APT compromises supply chain of Korean VPN Read More »

Acronis CISO on why backup strategies fail and how to make them resilient

Acronis, automation, backup, cybersecurity, disaster recovery, Don't miss, Features, Hot stuff, News, opinion, strategy, tips /

Acronis CISO on why backup strategies fail and how to make them resilient 2025-01-22 at 07:07 By Mirko Zorz In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery processes. The post

React to this headline:

Loading spinner

Acronis CISO on why backup strategies fail and how to make them resilient Read More »

Privacy professionals feel more stressed than ever

Compliance, ISACA, News, Privacy, report, survey /

Privacy professionals feel more stressed than ever 2025-01-22 at 06:38 By Help Net Security Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA. Top three obstacles facing privacy programs ISACA’s State of Privacy

React to this headline:

Loading spinner

Privacy professionals feel more stressed than ever Read More »

Cybersecurity books on ransomware you shouldn’t miss

books, cybersecurity, News, Ransomware /

Cybersecurity books on ransomware you shouldn’t miss 2025-01-22 at 06:18 By Help Net Security This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer valuable perspectives to help strengthen defenses and refine incident response plans.

React to this headline:

Loading spinner

Cybersecurity books on ransomware you shouldn’t miss Read More »

Ransomware attackers are “vishing” organizations via Microsoft Teams

Don't miss, enterprise, Hot stuff, Microsoft 365, Microsoft Teams, News, Ransomware, remote access, SMBs, social engineering, Sophos /

Ransomware attackers are “vishing” organizations via Microsoft Teams 2025-01-21 at 14:10 By Zeljka Zorz The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. “Sophos MDR has observed more than 15

React to this headline:

Loading spinner

Ransomware attackers are “vishing” organizations via Microsoft Teams Read More »

Scam Yourself attacks: How social engineering is evolving

cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, scams, social engineering, threats /

Scam Yourself attacks: How social engineering is evolving 2025-01-21 at 07:30 By Help Net Security We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill

React to this headline:

Loading spinner

Scam Yourself attacks: How social engineering is evolving Read More »

Addressing the intersection of cyber and physical security threats

Artificial Intelligence, Bitdefender, Compliance, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, IoT, News, opinion, quantum computing, standards, strategy, threats, tips /

Addressing the intersection of cyber and physical security threats 2025-01-21 at 07:05 By Mirko Zorz In this Help Net Security, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity. He shares his perspective on the new threats these advancements bring and offers practical advice

React to this headline:

Loading spinner

Addressing the intersection of cyber and physical security threats Read More »

Fleet: Open-source platform for IT and security teams

Don't miss, News /

Fleet: Open-source platform for IT and security teams 2025-01-21 at 06:33 By Mirko Zorz Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations. Fleet provides a single platform to secure and maintain all computing devices over the air.

React to this headline:

Loading spinner

Fleet: Open-source platform for IT and security teams Read More »

Cybersecurity jobs available right now: January 21, 2025

cybersecurity jobs, News /

Cybersecurity jobs available right now: January 21, 2025 2025-01-21 at 06:27 By Anamarija Pogorelec CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across

React to this headline:

Loading spinner

Cybersecurity jobs available right now: January 21, 2025 Read More »

CERT-UA warns against “security audit” requests via AnyDesk

AnyDesk, CERT-UA, Don't miss, Hot stuff, News, remote access, social engineering, Ukraine /

CERT-UA warns against “security audit” requests via AnyDesk 2025-01-20 at 11:34 By Zeljka Zorz Attackers are impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) via AnyDesk to gain access to target computers. The request (Source: CERT-UA) “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify

React to this headline:

Loading spinner

CERT-UA warns against “security audit” requests via AnyDesk Read More »

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?

blockchain, Crypto, cybersecurity, digital wallet, Don't miss, Expert analysis, Expert corner, Foundation Devices, Hot stuff, News, open source, opinion /

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? 2025-01-20 at 07:34 By Help Net Security The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats. Yet at one crucial

React to this headline:

Loading spinner

Decentralization is happening everywhere, so why are crypto wallets “walled gardens”? Read More »

AI-driven insights transform security preparedness and recovery

Artificial Intelligence, cybersecurity, Digitate, Don't miss, Features, framework, Hot stuff, News, opinion, strategy /

AI-driven insights transform security preparedness and recovery 2025-01-20 at 07:04 By Mirko Zorz In this Help Net Security interview, Arunava Bag, CTO at Digitate, discusses how organizations can recover digital operations after an incident, prioritize cybersecurity strategies, and secure digital operations with effective frameworks. What measures should organizations take to recover digital operations after an

React to this headline:

Loading spinner

AI-driven insights transform security preparedness and recovery Read More »

One in ten GenAI prompts puts sensitive data at risk

ChatGPT, cybersecurity, data security, generative AI, Harmonic, News, report, survey /

One in ten GenAI prompts puts sensitive data at risk 2025-01-20 at 06:03 By Help Net Security Despite their potential, many organizations hesitate to fully adopt GenAI tools due to concerns about sensitive data being inadvertently shared and possibly used to train these systems, according to Harmonic. Sensitive data exposure in GenAI prompts A new

React to this headline:

Loading spinner

One in ten GenAI prompts puts sensitive data at risk Read More »

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked

News, Week in review /

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked 2025-01-19 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using ransomware A ransomware gang dubbed Codefinger is encrypting data stored

React to this headline:

Loading spinner

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked Read More »

Balancing usability and security in the fight against identity-based attacks

Artificial Intelligence, attacks, credentials, cybersecurity, Don't miss, Features, Hot stuff, human error, identity, News, opinion, Push Security /

Balancing usability and security in the fight against identity-based attacks 2025-01-17 at 08:04 By Mirko Zorz In this Help Net Security interview, Adam Bateman, CEO of Push Security, talks about the rise in identity-based attacks, how they’re becoming more sophisticated each year, and how AI and ML are both fueling these threats and helping to

React to this headline:

Loading spinner

Balancing usability and security in the fight against identity-based attacks Read More »

MSSqlPwner: Open-source tool for pentesting MSSQL servers

database security, Don't miss, GitHub, News, open source, penetration testing, software /

MSSqlPwner: Open-source tool for pentesting MSSQL servers 2025-01-17 at 07:48 By Help Net Security MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers. Built on Impacket, it enables users to authenticate with databases using various credentials, including clear-text passwords, NTLM hashes, and Kerberos tickets. The tool offers multiple methods for

React to this headline:

Loading spinner

MSSqlPwner: Open-source tool for pentesting MSSQL servers Read More »

Scroll to Top