Cisco has disclosed a high-severity privilege escalation vulnerability (CVE-2025-20138) in its IOS XR Software. This vulnerability enables authenticated local attackers to execute arbitrary commands as the root user on affected devices. The flaw, with a CVSS score of 8.8, impacts…
Chinese Hacked Exploit Juniper Networks Routers to Implant Backdoor
Cybersecurity researchers have uncovered a sophisticated cyber espionage campaign targeting critical network infrastructure, marking a significant evolution in tactics by Chinese state-sponsored hackers. Mandiant, a leading cybersecurity firm, has discovered multiple custom backdoors deployed on Juniper Networks‘ routers, attributing the…
Gloomy News from Kansas as Sunflower Medical Group Disclose Data Breach
Kansas-based Sunflower Medical Group disclosed to authorities on 7th March that they had suffered a data breach compromising the personal and confidential information of 220,968 individuals. In a statement on their website entitled ‘Notice of a Data Security Incident,’ Sunflower provided…
AI-Powered Fraud: How Cybercriminals Target Finance Teams—and How to Stop Them
Last month, employees at the UK-based engineering firm, Arup, were tricked by a deepfake video of the company’s CFO into transferring $25 million to cybercriminals. This isn’t an anomaly. It’s further proof that social engineering has become cybersecurity’s most costly…
Cybersecurity jobs available right now in Europe: March 13, 2025
Cloud Security Engineer TUI Group | Portugal | Hybrid – View job details As a Cloud Security Engineer, you will contribute to the implementation of security solutions and will work alongside our Security Operations team to ensure appropriate controls are…
Cybersecurity classics: 10 books that shaped the industry
Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of…
U.S. Accuses 12 Chinese Nationals of Hacking National Security Networks
The United States has taken significant steps to address the growing threat of Chinese cyber intrusions into U.S. government agencies and critical infrastructure. On March 5, the U.S. Department of Justice (DOJ) indicted 12 Chinese nationals and one Chinese company…
Confidence Gap in Cybersecurity Leaves Businesses at Risk
New research has revealed that although 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, conducted by KnowBe4, surveyed professionals in the UK, USA, Germany, France, Netherlands, and South Africa and…
New Bill Aims to Strengthen Cybersecurity for Federal Contractors
The House of Representatives has passed a bill that mandates contractors working with the federal government implement vulnerability disclosure policies (VDPs) in alignment with NIST guidelines. The Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025, introduced by Chairwoman Nancy Mace…
WatchGuard unveils FireCloud Internet Access
WatchGuard® Technologies, a provider of unified cybersecurity, has announced the launch of FireCloud Internet Access, the first in what it’s describing as “a new family of hybrid secure access service edge (SASE) products”. The company said that FireCloud “uniquely meets…
KnowBe4 research reveals a confidence gap in cybersecurity, putting organisations at risk
KnowBe4, cybersecurity platform that comprehensively addresses human risk management, has released new research indicating that while 86% of employees believe they can confidently identify phishing emails, nearly half have fallen for scams. The study, which surveyed professionals across the UK,…
Multiple Zoom Client Vulnerabilities Exposes Sensitive Data
Recent security disclosures reveal multiple high-severity vulnerabilities in Zoom’s client software, exposing millions of users to potential data breaches, privilege escalation, and unauthorized access. The most critical flaws, patched in Zoom’s March 11, 2025, security bulletin, include CVE-2025-27440 (heap-based buffer…
ISC Stormcast For Thursday, March 13th, 2025 https://isc.sans.edu/podcastdetail/9362, (Thu, Mar 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 13th, 2025…
Get off that old Firefox by Friday or you’ll be sorry, says Moz
Root cert expiry may bring breakage or worse for add-ons, media playback, and more If you’re running an outdated version of Firefox, update by Friday or risk broken add-ons, failing DRM-protected media playback, and other errors, due to an expiring…
IT Security News Hourly Summary 2025-03-13 03h : 2 posts
2 posts were published in the last hour 1:5 : File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th) 1:5 : Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry
File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th)
I previously used Power BI [2] to analyze DShield sensor data and this time I wanted to show how it could be used by selecting certain type of data as a large dataset and export it for analysis. This time,…
Executive Perspectives: The Cybersecurity Leadership Landscape with Ryan Surry
In the latest episode of Axio’s Executive Insight Series, CEO Scott Kannry sits down with Ryan Surry, Founder and Managing Director of Intaso, to discuss the evolving role of security Read More The post Executive Perspectives: The Cybersecurity Leadership Landscape…
China-linked APT UNC3886 targets EoL Juniper routers
Mandiant researchers warn that China-linked actors are deploying custom backdoors on Juniper Networks Junos OS MX routers. In mid-2024, Mandiant identified custom backdoors on Juniper Networks’ Junos OS routers, and attributed the attacks to a China-linked espionage group tracked as UNC3886.…
Statement on CISA’s Red Team
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from CISA News Read the original article: Statement on CISA’s Red Team
Chinese Volt Typhoon Hackers Infiltrated US Electric Utility for Nearly a Year
Dragos reveals Volt Typhoon hackers infiltrated a US electric utility for 300 days, collecting sensitive data. Learn how this cyberattack threatens infrastructure. This article has been indexed from Hackread – Latest Cybersecurity, Tech, AI, Crypto & Hacking News Read the…
What strategies improve NHI provisioning speed without sacrificing security?
How can we boost NHI provisioning speed while maintaining security? While digital transformation sweeps across industries, Non-Human Identities (NHIs) and secrets are becoming critical components of secure cloud environments. However, managing NHIs and secrets effectively requires striking a delicate balance.…
What key metrics indicate NHI performance in DevOps?
What Do Non-Human Identities Bring to the Table in DevOps? Where constant innovation and rapid deployment are the norms, have you ever wondered how Non-Human Identities (NHIs) and Secrets Security Management fit into the picture? If you answered yes, then…
IT Security News Hourly Summary 2025-03-13 00h : 2 posts
2 posts were published in the last hour 23:5 : How do I secure dynamic NHIs in a microservices architecture? 22:55 : IT Security News Daily Summary 2025-03-12
How do I secure dynamic NHIs in a microservices architecture?
Should We Be Concerned About the Security of Dynamic NHIs in a Microservices Architecture? The advent of dynamic Non-Human Identities (NHIs) in a microservices architecture has undoubtedly added a new dimension to cybersecurity. But with this innovation comes an increased…