Tag: Help Net Security

Your business can’t realize the many benefits of cloud computing without ensuring performance and availability in its cloud environments. Let’s look at some examples. Scalability: To scale your business’s cloud computing services, you need those services to be available and…

Read more →

Airport Cybersecurity Engineer II Salt Lake City Corporation | USA | On-site – View job details As an Airport Cybersecurity Engineer II, you will develop and implement policies, procedures, and training plans for security and network administration. Assess and mitigate…

Read more →

A new, improved variant of the XCSSET macOS malware has been spotted “in limited attacks” by Microsoft’s threat researchers. XCSSET macOS malware XCSSET in information-stealing and backdoor-injecting malware targeting Mac users. It’s usually distributed via infected Xcode projects – a…

Read more →

Discover the top Open-Source Intelligence (OSINT) books in this curated list. From investigative techniques to digital footprint analysis, these titles offer insights for security professionals, journalists, and researchers looking to master the art of gathering and analyzing publicly available data.…

Read more →

The suspected Chinese state-sponsored hackers who breached workstations of several US Treasury employees in December 2024 did so by leveraging not one, but two zero-days, according to Rapid7 researchers. It was initially reported that the attackers compromised the Treasury’s BeyondTrust…

Read more →

Two Estonian nationals may spend the next 20 years in prison for stealing hundreds of millions of dollars through a massive cryptocurrency Ponzi scheme, the US Department of Justice announced last week. The fraudulent operation “According to court documents, Sergei…

Read more →

In this Help Net Security interview, Natalia Belaya, CISO at Cloudera, discusses common misconceptions about cloud security, the balance between protection and business agility, and overlooked risks that CISOs should prioritize. Belaya also offers practical strategies for integrating cloud-native security…

Read more →

Orbit is an open-source platform built to streamline large-scale Nuclei scans, enabling teams to manage, analyze, and collaborate on security findings. It features a SvelteKit-based web frontend and a Go-powered backend, with Terraform and Ansible handling infrastructure and automation. “I…

Read more →

In this Help Net Security video, Bart Koek, Field CTO at Immuta, discusses their 2025 State of Data Security Report, highlighting emerging challenges for IT and data security leaders. Key takeaways from the report: GenAI is causing significant change management…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes two actively exploited zero-days (CVE-2025-21418, CVE-2025-21391) February 2025 Patch Tuesday is here, and Microsoft has delivered fixes for 56 vulnerabilities, including two zero-days…

Read more →

Regardless of job title, 92% of executives stated they had some degree of confidence in their organization’s ability to meet compliance requirements and tackle advanced threats with current staff and tools, but confidence levels differed across leadership roles, according to…

Read more →

MetricStream has unveiled its annual forecast of key trends shaping the future of GRC and Cyber GRC. These 2025 predictions offer a roadmap for building resilience strategies, addressing emerging risks, and seizing new opportunities. AI comes of age: risks, rewards,…

Read more →

Suspected Russian threat actors have been taking advantage of Microsoft Device Code Authentication to trick targets into granting them access to their Microsoft 365 (M365) accounts. “While Device Code Authentication attacks are not new, they appear to have been rarely…

Read more →

Grip Security has unveiled its SaaS Security Posture Management (SSPM) solution, which proactively identifies misconfigurations, enforces best practices and strengthens SaaS security posture against emerging risks. Unlike traditional SSPM products, Grip SSPM is built on a foundation of visibility and…

Read more →

2024 is set to be a record year for scammers who received at least US$9.9 billion in crypto revenues from their illicit activities, according to Chainalysis. This figure is projected to rise to an all-time high of $12.4 billion as…

Read more →

47% of organizations have experienced a data breach or cyberattack over the past 12 months that involved a third-party accessing their network, according to Imprivata and the Ponemon Institute. Third-party security incidents persist Notably, 64% of respondents say these types…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex Cloud applies AI-driven insights to reduce risk and prevent threats Palo Alto Networks…

Read more →

North Korean state-sponsored group Kimsuky (aka Emerald Sleet, aka VELVET CHOLLIMA) is attempting to deliver malware to South Korean targets by leveraging the so-called “ClickFix” tactic. A relatively new tactic The ClickFix social engineering tactic has been dubbed thus because…

Read more →

Palo Alto Networks introduced Cortex Cloud, the next version of Prisma Cloud, that natively brings together new releases of its cloud detection and response (CDR) and cloud native application protection platform (CNAPP) capabilities on the unified Cortex platform. The new…

Read more →

A subgroup of Russia’s Sandworm APT has been working to achieve initial and persistent access to the IT networks of organizations working in economic sectors Russia is interested in. “In 2022, its primary focus was Ukraine, specifically targeting the energy,…

Read more →