.png)
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Massive botnet hits Microsoft 365 accounts
A recently discovered botnet of over 130,000 compromised devices is launching coordinated password-spraying attacks against Microsoft 365 (M365) accounts.
PoC exploit for Ivanti Endpoint Manager vulnerabilities released (CVE-2024-13159)
A proof-of-concept (PoC) exploit for four critical Ivanti Endpoint Manager vulnerabilities has been released by Horizon3.ai researchers.
Avoiding vendor lock-in when using managed cloud security services
In this Help Net Security interview, Marina Segal, CEO at Tamnoon, discusses the most significant obstacles when implementing managed cloud security in hybrid and multi-cloud environments.
2024 phishing trends tell us what to expect in 2025
Phishing has been the method most often employed by cybercriminals to achieve initial access to targeted organizations in 2024, according to risk advisory firm Kroll, which expects this trend to continue in 2025.
Man vs. machine: Striking the perfect balance in threat intelligence
In this Help Net Security interview, Aaron Roberts, Director at Perspective Intelligence, discusses how automation is reshaping threat intelligence.
Siemens Teamcenter vulnerability could allow account takeover (CVE-2025-23363)
A high-severity vulnerability (CVE-2025-23363) in the Siemens Teamcenter product lifecycle management (PLM) software could allow an attacker to steal users’ valid session data and gain unauthorized access to the vulnerable application.
Is Agentic AI too smart for your own good?
Agentic AI, which consists of systems that autonomously take action based on high-level goals, is becoming integral to enterprise security, threat intelligence, and automation.
Is your email or password among the 240+ million compromised by infostealers?
For the second time since the start of 2025, a huge number of login credentials extracted from infostealer logs has been added to the database powering the HaveIBeenPwned (HIBP) site and breach notification service.
The compliance illusion: Why your company might be at risk despite passing audits
For many CISOs, compliance can feel like a necessary evil and a false sense of security.
OSPS Baseline: Practical security best practices for open source software projects
The Open Source Security Foundation (OpenSSF), a cross-industry initiative by the Linux Foundation, has announced the initial release of the Open Source Project Security Baseline (OSPS Baseline), a tiered framework of security practices that evolve with the maturity of open source projects.
Hundreds of GitHub repos served up malware for years
Kaspersky researchers have unearthed an extensive and long-running malware delivery campaign that exploited users’ propensity for downloading code from GitHub and using it without first verifying whether it’s malicious.
Misconfig Mapper: Open-source tool to uncover security misconfigurations
Misconfig Mapper is an open-source CLI tool built in Golang that discovers and enumerates instances of services used within your organization.
Background check, drug testing provider DISA suffers data breach
DISA Global Solutions, a Texas-based company that provides employment screening services (including drug and alcohol testing and background checks) for over 55,000 organizations, has suffered a cyber incident that led to a data breach, which resulted in the potential compromise of personal and financial information of over 3.3 million individuals.
Dalfox: Open-source XSS scanner
DalFox is an open-source tool for automating the detection of XSS vulnerabilities.
China-based Silver Fox spoofs healthcare app to deliver malware
Silver Fox, a China-based threat actor that may or may not be backed by the Chinese government, has been delivering the ValleyRAT backdoor to unsuspecting users by disguising the malware as legitimate healthcare app (the Philips DICOM viewer), a Windows text editor (EmEditor), and system drivers and utilities.
Understanding the AI Act and its compliance challenges
In this Help Net Security interview, David Dumont, Partner at Hunton Andrews Kurth, discusses the implications of the EU AI Act and how organizations can leverage existing GDPR frameworks while addressing new obligations such as conformity assessments and transparency requirements.
Account takeover detection: There’s no single tell
Account takeover (ATO) is one of the most prevalent attack types; Proofpoint says that in 2024, 99% of the customer tenants the company monitors were hit with at least one account takeover attempt, and 62% of the customers experienced at least one that was successful.
Debunking 5 myths about network automation
The success of network automation is predicated on having a single source of truth for network and security device data, including the manufacturer, type, model number, firmware, and software version.
The art of balancing data security with business goals
In this Help Net Security video, Nathan Parks, Senior Research Specialist at Gartner, discusses their recent research, revealing that only 14% of security leaders effectively balance data security with business goals.
Cybersecurity needs a leader, so let’s stop debating and start deciding
In the face of increasingly aggressive and organized threat actors, the time for debate is over. Cybersecurity needs a clearly defined leader that has the power to lead. Anything less is doomed to failure.
The CISO’s dilemma of protecting the enterprise while driving innovation
The modern CISO’s responsibilities have transcended traditional technical oversight, encompassing strategic leadership, risk management, and regulatory compliance.
How enterprise leaders can secure and govern agentic AI
In this Help Net Security video, Nataraj Nagaratnam, an IBM Fellow and CTO for Cloud Security, discusses enterprises’ steps to lay a secure foundation for agentic AI deployments.
Open source strikes back: Nextcloud Hub 10 challenges Big Tech’s monopoly on AI and privacy
With the launch of Hub 10, Nextcloud demonstrates that open source is a viable alternative for secure, enterprise-grade collaboration.
Why AI deployment requires a new level of governance
In this Help Net Security video, Lee Waskevich, VP of Security at ePlus, discusses how AI deployment demands enhanced governance and stricter controls, particularly in managing data.
Cybersecurity jobs available right now: February 25, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field, with opportunities available both in the Europe and around the world. Check out this weekly selection of cybersecurity jobs available right now.
Infosec products of the month: February 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo Alto Networks, Pangea, Privacera, Qualys, SafeBreach, Satori, Seal Security, Socure, and Veeam Software.
from Help Net Security https://ift.tt/AikPvrf
0 comments:
Post a Comment