Category: Help Net Security

Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and…

Read more →

Security concerns around cloud environments has prompted 44% of CISOs to change cloud service provider, according to Arctic Wolf. This is being driven by the fact that 24% don’t believe their cloud environment is secure, and 43% think cloud service…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Critical Veeam Backup & Replication RCE vulnerability fixed, patch ASAP! (CVE-2025-23120) Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its…

Read more →

Enterprises lack visibility into their own data, creating security risks that are compounding as organizations and their employees increase AI adoption, according to Bedrock Security. The majority of organizations struggle to track sensitive information across sprawling cloud environments, leaving them…

Read more →

Cyber crooks are exploiting users’ interest in Semrush, a popular SEO, advertising, and market research SaaS platform, to steal their Google account credentials. The fraudulent campaign Malwarebytes researchers have spotted a campaign consisting of a slew of malicious ads shown…

Read more →

A vulnerability (CVE-2024-48248) in NAKIVO Backup and Replication, a backup, ransomware protection and disaster recovery solution designed for organizations of all sizes and managed service providers (MSPs), is being actively exploited. The US Cybersecurity and Infrastructure Security Agency (CISA) has…

Read more →

In the face of sudden trade restrictions, sanctions, or policy shifts, relying on SaaS providers outside your region for identity services is a gamble that companies can no longer afford to take. With trade disputes set to escalate, a sudden…

Read more →

Ransomware is the top predicted threat for 2025, which is especially concerning given 38% of security professionals say ransomware will become even more dangerous when powered by AI, according to Ivanti. In comparison to the threat level, only 29% of…

Read more →

AI-powered phishing emails, deepfake phone calls, and fake tax prep websites are making tax scams more convincing and costly than ever, according to McAfee. Cybercriminals are pulling out all the stops to trick Americans out of their hard-earned money, and…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks. Keysight AI Insight Brokers accelerates threat detection and response Keysight Technologies announces the expansion of its Keysight…

Read more →

As cybercriminals have moved to a mobile-first attack strategy, rooting and jailbreaking mobile devices remain a powerful attack vector. Such mobile devices bypass critical security protocols, leaving organizations vulnerable to mobile malware, data breaches, and complete system compromises. Threats reported…

Read more →

AI Security Architect Verizon | USA | Hybrid – View job details As an AI Security Architect, you will ensure security architecture reviews are integrated into Verizon’s AI development lifecycle. This includes embedding robust security measures from design to deployment,…

Read more →

SlashNext launched a new advanced URL analysis feature that performs live, in-depth scanning of unknown URLs, tracking requests and following redirection to track the original link to its final destination. Developed specifically for complex attacks executed by cybercriminals who have…

Read more →

Veeam has released fixes for a critical remote code execution vulnerability (CVE-2025-23120) affecting its enterprise Veeam Backup & Replication solution, and is urging customers to quickly upgrade to a fixed version. There is currently no indication that the vulnerability is…

Read more →

A RansomHub affiliate is leveraging a new multi-function backdoor dubbed Betruger to perform various actions during their attacks, Symantec researchers have discovered. The Betruger backdoor The malware can take screenshots, log keystroke, scan networks, dump credentials, upload files to a…

Read more →

Kali Linux 2025.1a is now available. This release enhances existing features with improvements designed to streamline your experience. 2025 theme refresh Kali Linux 2025.1a introduces an annual theme refresh, maintaining a modern interface. This year’s update debuts a redesigned theme…

Read more →

The responsibility of cyber incident response falls squarely on the shoulders of the CISO. And many CISOs invest heavily in technical response procedures, tabletop exercises and theoretical plans only to find out that when an actual breach strikes the organization…

Read more →

Despite growing national security concerns and government restrictions, Chinese military-linked companies remain deeply embedded in the US digital supply chain, according to Bitsight. These organizations, many of which have been designated by the US Department of Defense as “Chinese Military…

Read more →

In this Help Net Security interview, Sunil Seshadri, EVP and CSO at HealthEquity, talks about the growing risks to healthcare data and what organizations can do to stay ahead. He shares insights on vendor management, zero trust, and securing the…

Read more →

Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain initial access or perform…

Read more →

93% of organizations made policy changes over the preceding 12 months to address concerns about increased personal liability for CISOs, according to Fastly. This includes two in five organizations (41%) increasing CISO participation in strategic decisions at the board level.…

Read more →

1Kosmos announced 1Kosmos 1Key for shared account login environments. With FIDO-compliant biometric authentication, 1Kosmos 1Key addresses the pressing need for security, accountability, and auditability in settings where multiple users access shared accounts, such as operational technology (OT) systems, hospitality services,…

Read more →

State-sponsored threat actors and cybercrime groups from North Korea, Iran, Russia, and China have been exploiting a zero-day Windows vulnerability with no fix in sight for the last eight years, researchers with Trend Micro’s Zero Day Initiative have warned on…

Read more →

Vanta announced a series of new features and capabilities to help security and GRC teams seamlessly collaborate across their organization and extended network. These releases—including team-based collaboration and granular user access, an integrated Vanta Exchange for vendor security reviews, enhanced…

Read more →

GitGuardian’s State of Secrets Sprawl 2025 report shows no progress in combating secrets sprawl, with 23.8 million secrets leaked on public GitHub repositories in 2024—a 25% year-over-year increase. Despite GitHub Push Protection’s efforts, secrets sprawl is accelerating, especially with generic…

Read more →

Elastic announced an expanded partnership with an integrated offering that includes Tines Workflow Automation and the Elastic Search AI Platform to simplify security and observability workflow automation. The partnership equips security teams with security orchestration, automation and response (SOAR) and…

Read more →

Cloudflare launched the Cloudforce One threat events platform to provide real-time intelligence on cyberattacks occurring across the Internet. Based on telemetry from Cloudflare’s massive global network, Cloudforce One’s threat events platform helps security teams get more done with the same…

Read more →

TXOne Networks announced Version 3.2 of its Stellar solution, further enhancing its capabilities from endpoint protection to more comprehensive detection and response in operational technology (OT) environments. Stellar simplifies the journey into threat hunting and detection while overcoming the limitations…

Read more →

Cytex launched AICenturion, a LLM Firewall with Data Loss Prevention (DLP) capabilities. GenAI’s risks intensify as LLMs prevent enterprises from directly controlling their processes and data handling. AICenturion provides the trust, risk and security management that enterprises need by enabling…

Read more →

Outseer announced its platform-native Behavioral Biometrics capability. The addition of platformized Behavioral Biometrics introduces another layer of defense that continuously analyzes user interactions to detect anomalies in real time. Building on its rich RSA heritage (formerly RSA Fraud & Risk…

Read more →

Keysight Technologies announces the expansion of its Keysight Vision Network Packet Brokers (NPBs), with the introduction of AI Insight Brokers. These enhanced NPBs are designed to improve the performance of AI-driven cybersecurity operations such as threat detection, incident response, and…

Read more →

Orion Security announced a $6 million Seed funding round led by Pico Partners and FXP with participation from Underscore VC and cybersecurity leaders including the founders of Perimeter 81 and the CISO of Elastic. Founded by CEO Nitay Milner, former…

Read more →

In this Help Net Security interview, William Booth, director, ATT&CK Evaluations at MITRE, discusses how CISOs can integrate regulatory compliance with proactive risk management, prioritize spending based on threat-informed assessments, and address overlooked vulnerabilities like shadow IT and software supply…

Read more →

Advanced Data Protection (ADP) secures iCloud data with end-to-end encryption. This ensures that no one, not even Apple, can access the encrypted data, which remains secure even in the event of a cloud breach. As of February 21, 2025, Apple…

Read more →

Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a match is found, the tool generates a report with links…

Read more →

Static Application Security Testing (SAST) found favor among security teams as an easy way to deploy security testing without really engaging developers. With the ability to analyze source code early in the software delivery lifecycle, SAST solutions offered a more…

Read more →

CyCognito announced new capabilities designed to improve both security operations automation and risk visibility. These new features speed security operations by making assets easier to identify and attribute to owners, as well as compare attack surface risk to peer organizations.…

Read more →

The contemporary SOC is transforming as it starts to realize the benefits of GenAI and utilize the manifestations of autonomous agentic AI, according to Tines. Additionally, the promise of security automation is coming to fruition. In theory and practice, security…

Read more →

Whistic announced the next generation of its Assessment Copilot, a third-party risk management (TPRM) solution that integrates AI into the vendor assessment process for a fully automated workflow. With this release, Whistic builds upon the initial release of Assessment Copilot…

Read more →

While still not widely distributed, a new Windows remote access trojan (RAT) dubbed StilachiRAT is a serious threat. “[The malware] demonstrates sophisticated techniques to evade detection, persist in the target environment, and exfiltrate sensitive data,” Microsoft threat analysts have warned…

Read more →

Google announced it has signed a definitive agreement to acquire Wiz for $32 billion, subject to closing adjustments, in an all-cash transaction. Once closed, Wiz will join Google Cloud. This acquisition represents an investment by Google Cloud to accelerate two…

Read more →

Malware peddlers are increasingly targeting users who are searching for free file converter services (websites) and tools, the FBI’s Denver Field Office has warned earlier this month. “To conduct this scheme, cyber criminals across the globe are using any type…

Read more →

CISO Global launched of CISO Edge, its next-generation AI-driven cloud security solution, now available to existing customers and channel partners. Built to meet the growing demand for enterprise-grade cybersecurity, CISO Edge delivers comprehensive cloud-first, hybrid, and remote security—ensuring organizations can…

Read more →

In this Help Net Security interview, Sunil Mallik, CISO of Discover Financial Services, discusses cybersecurity threats for financial institutions. He also shares insights on balancing compliance with agility, lessons from regulatory audits, and Discover’s approach to risk management and workforce…

Read more →

The growing sophistication of software supply chain attacks is driven by widespread flaws in open-source and third-party commercial software, along with malicious campaigns that specifically target AI and cryptocurrency development pipelines, according to a ReversingLabs report. According to ReversingLabs data,…

Read more →

Application Security Expert monday.com | United Kingdom | Hybrid – View job details As an Application Security Expert, you will provide guidance on security best practices and compliance, and undertake security testing. Develop security testing plans and integrate them into…

Read more →

Encrypting files keeps sensitive data like personal details, finances, and passwords safe from attackers by making them unreadable to unauthorized users. Encryption also safeguards data in case of device loss or theft, preventing malicious actors from accessing or misusing the…

Read more →

Cloudflare announced that it is expanding end-to-end support for post-quantum cryptography to its Zero Trust Network Access solution. Available immediately, organizations can securely route communications from web browsers to corporate web applications to gain immediate, end-to-end quantum-safe connectivity. By mid-2025,…

Read more →

Bedrock Security is declaring an end to data security without data visibility with the launch of its metadata lake technology — a centralized repository powering the patented Bedrock Platform. It provides continuous visibility across enterprise metadata by automatically cataloging all…

Read more →

A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken…

Read more →

Ransomware negotiations are a high-stakes game where every decision matters. In this Help Net Security video, Kurtis Minder, CEO at GroupSense, takes us inside the world of ransomware negotiations. We learn how attackers communicate, the tough decisions victims face, and…

Read more →

Packed with real-world case studies and practical examples, Cybersecurity Tabletop Exercises offers insights into how organizations have successfully leveraged tabletop exercises to identify security gaps and enhance their incident response strategies. The authors explore a range of realistic scenarios, including…

Read more →

IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol. “Originally designed for CSIRTs and later adopted by SOCs,…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: NIST selects HQC as backup algorithm for post-quantum encryption Last year, NIST standardized a set of encryption algorithms that can keep data secure from a…

Read more →

In this Help Net Security interview, Mir Kashifuddin, Data Risk & Privacy Leader at PwC, discusses how CISOs can translate cyber risk into business value and secure a more strategic role within their organizations. He explains that aligning cybersecurity with…

Read more →

Corero Network Security announced the strategic advancement of AI capabilities across its product portfolio and operations—building on a long-standing legacy of intelligent, adaptive security solutions. For years, Corero’s SmartWall ONE platform has delivered automated, real-time DDoS protection powered by advanced…

Read more →

Cyber threats in 2025 require a proactive, adaptive approach. To stay ahead, CISOs must balance technical defenses, regulatory expectations, and human factors. By prioritizing AI-driven security, ransomware resilience, supply chain risk management, insider threat mitigation, and compliance preparedness, CISOs can…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Alloy, Detectify, Pondurance, and SimSpace. SimSpace Stack Optimizer allows organizations to measure their security technologies Stack Optimizer is designed to help organizations make informed, strategic…

Read more →

A recent report from Nozomi Networks Labs, based on an analysis of over 500,000 wireless networks worldwide, reveals that only 6% are adequately protected against wireless deauthentication attacks. Most wireless networks, including those in mission-critical environments, remain highly exposed to…

Read more →

When it comes to safeguarding your privacy online, most people focus on securing passwords, encrypting communications, and clearing browsing history. While these practices are essential, they overlook one important element—metadata. This data, which is collected about your digital interactions, can…

Read more →

The adoption of connected medical devices, collectively called the Internet of Medical Things (IoMT), has transformed patient care. However, this technological advancement has also introduced cybersecurity challenges to safeguard patient safety and uphold organizational security. Securing IoMT: Prioritizing risks IoMT…

Read more →

Cloud Security Engineer TUI Group | Portugal | Hybrid – View job details As a Cloud Security Engineer, you will contribute to the implementation of security solutions and will work alongside our Security Operations team to ensure appropriate controls are…

Read more →

Cybersecurity constantly evolves, but some books have stood the test of time, shaping how professionals think about security, risk, and digital threats. Whether you’re a CISO, a seasoned expert, or cybersecurity enthusiast, these must-reads belong on your shelf. Masters of…

Read more →

87% of companies have, or are in the midst of, rolling out passkeys with goals tied to improved user experience, enhanced security, and compliance, according to the FIDO Alliance. Key findings Enterprises understand the value of passkeys for workforce sign-ins.…

Read more →

Last year, NIST standardized a set of encryption algorithms that can keep data secure from a cyberattack by a future quantum computer. Now, NIST has selected a backup algorithm that can provide a second line of defense for the task…

Read more →

NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build secure private networks for your organization or home. NetBird features NetBird creates a WireGuard-based overlay network that automatically…

Read more →

EDR bypass and killer attacks are surging, yet many organizations continue to overlook this threat while they have become over-reliant on this security tool – particularly when preventing ransomware. In this Help Net Security video, John Dwyer, Director of Security…

Read more →

Cybersecurity is a high-stakes, high-pressure field in which CISOs and their teams constantly battle threats, compliance requirements, and business expectations. The demand for 24/7 vigilance, sophisticated attacks, and a shortage of skilled professionals have led to a burnout epidemic in…

Read more →

As AI technology advances, cybercriminals create more personalized and convincing scams. This includes mimicking voices, deepfake videos, and highly convincing phishing emails that are difficult to spot. Phishing, deepfakes, and voice cloning are among the most common AI-driven techniques used…

Read more →

AuditBoard announced new AI-powered audit capabilities, further integrating AI into the product, boosting efficiency, and enabling auditors to focus on more strategic tasks. Internal audit teams are increasingly integrating AI into their work according to the Internal Audit Foundation’s 2025…

Read more →

Rambus announced its next-generation CryptoManager Security IP solutions including Root of Trust, Hub and Core families. The CryptoManager Security IP offerings deliver progressively higher levels of functional integration and security, enabling customers to choose the level of security features and…

Read more →

Alloy launched Fraud Attack Radar, a machine learning-powered solution that provides financial institutions (FIs) and fintechs with actionable intelligence on fraud threats targeting new account creation. The new solution helps organizations address rising fraud risks by alerting in real-time when…

Read more →

CISOs face mounting pressure to spend wisely on security. Yet, many organizations remain vulnerable due to misplaced priorities and inefficient budgeting. This article explores common pitfalls and offers strategies to strengthen cybersecurity. Recent data highlights a paradox: while cybersecurity budgets…

Read more →

The post Cybersecurity jobs available right now: March 11,2025 appeared first on Help Net Security. This article has been indexed from Help Net Security Read the original article: Cybersecurity jobs available right now: March 11,2025

Read more →

The global transition to remote work has reshaped traditional workplace dynamics, introducing challenges and opportunities for cybersecurity teams. For CISOs and security professionals, embracing a remote workforce can be a strategic advantage, enhancing team capabilities and driving the modernization of…

Read more →

The Cybersecurity Trinity provides a comprehensive approach to modern cybersecurity by integrating AI, automation, and active cyber defense (ACD) into a unified strategy. Instead of addressing these elements in isolation, the author demonstrates how they work together to enhance security…

Read more →

Detectify announced Alfred, a system that uses AI to completely autonomously source, prioritize, and generate high-fidelity security tests for the CVEs that are most likely to be exploited. This innovation allows Detectify to continuously and dynamically deliver security research to…

Read more →

Pondurance announced a major new version of its cybersecurity platform. Pondurance Platform 2.0 provides the foundation for Pondurance’s risk-based MDR service specifically designed to eliminate breach risks. With this announcement, Pondurance arms customers with the latest monitoring, detection, and response…

Read more →

SimSpace launched Stack Optimizer, designed to help organizations evaluate, test, and optimize their security and IT infrastructure. By leveraging SimSpace’s realistic simulated environments, organizations can perform comprehensive security performance benchmarking, validate detection engineering strategies, optimize operational workflows, and validate compliance…

Read more →

The February Patch Tuesday updates and activity during the month marked a return to normalcy for patch management. Following the January updates addressing 100+ vulnerabilities, we saw 37 CVEs fixed in Windows 11 and 33 CVEs in Windows 10. This…

Read more →

Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Built with the needs of penetration testers, security professionals, and bug bounty hunters in mind, Hetty provides a set…

Read more →

Every year, millions of old tech are thrown away due to age, malfunctions, or to make way for new ones, which creates security risks related to the data on these devices. The data can often still be recovered if devices…

Read more →

In this Help Net Security video, Fran Rosch, CEO at Imprivata, discusses organizations’ challenges in securing third-party access and offers valuable insights on how businesses can address these risks effectively. A recent report conducted by the Ponemon Institute, “The State…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How QR code attacks work and how to protect yourself While QR codes are convenient, they also present significant risks. In the past few years,…

Read more →

Storage fees in general (e.g., API calls, operations, data access) comprise 49% of an average user’s service bill, compared to the actual stored capacity, according to a study conducted by Vanson Bourne. Nearly all organizations globally have experienced data security-related…

Read more →

Armis has acquired OTORIO, a provider of OT/ ICS cyber security solutions. This accelerates Armis’ roll out of an on premise version of its Cyber Exposure Management platform, Armis Centrix and cements its leadership in cyber physical systems (CPS) security.…

Read more →

Traditional training often lacks the hands-on experience cybersecurity teams need to counter advanced threats. AI-powered gamified simulations combine artificial intelligence with interactive learning to enhance their skills. Conventional cybersecurity training programs frequently rely on static content, which can become outdated.…

Read more →

In this Help Net Security video, John Grancarich, Fortra’s Chief Strategy Officer, discusses the 2025 Fortra State of Cybersecurity Survey and highlights escalating concerns among security professionals about AI-driven threats and a shortage of cybersecurity skills. The survey reveals that…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces CyberFlex to streamline attack surface management and pen testing Outpost24 has launched Outpost24 CyberFlex, a…

Read more →

CISO Amplitude | USA | Hybrid – View job details As a CISO, you will develop, implement, and maintain a comprehensive security strategy aligned with Amplitude’s business goals and risk tolerance. Oversee the identification, assessment, and mitigation of security risks…

Read more →

Socure launched Identity Manipulation Risk Score, a cross-industry predictive risk score designed to stop repeat first-party fraud abusers from exploiting the digital economy at scale. This AI-powered capability is embedded within Sigma First-Party Fraud, Socure’s innovative solution that leverages the…

Read more →

Persona announced the next generation of their unified KYC-KYB platform that will combat sophisticated fraud during business onboarding and throughout the business lifecycle. These enhancements deliver insights into both businesses and the individuals behind them, enabling more effective fraud detection…

Read more →

Riskified launched Adaptive Checkout, a solution designed to drive higher conversion rates by not falsely declining good orders while also mitigating fraud for ecommerce merchants. This configuration of Riskified’s Chargeback Guarantee product enhances existing fraud prevention models by incorporating a…

Read more →

In recent years, collaboration tools have become an absolute necessity for remote and hybrid work. This primarily increased during the COVID-19 pandemic due to the impossibility of communicating in person. So, tools like Slack, Microsoft Teams, and Zoom surged in…

Read more →

Discover essential reads for CISOs in this curated list of books covering cybersecurity leadership, risk management, zero trust, board communication, and more. Why CISOs Fail, 2nd Edition Author: Barak Engel Barak Engel expands on the ideas from his original 2017…

Read more →

Organizations have zero visibility into 89% of AI usage, despite security policies according to a LayerX report. 71% of connections to GenAI tools are done using personal non-corporate accounts. Among logins using corporate accounts, 58% of connections are done without…

Read more →

Whether we recognize it or not, anytime an incident occurs, it sets off the grieving process. But grief isn’t a bad thing: it’s how we process our emotional reactions and move on. That’s precisely what security teams need to do…

Read more →

Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML models…

Read more →

eSentire announced its new Next Level cybersecurity offering and supporting campaign. Through an integration of Continuous Threat Exposure Management (CTEM) and MDR services, eSentire is delivering differentiated outcomes for organizations demanding heightened levels of protection as they build resilience and…

Read more →

Sonatype announced end-to-end AI Software Composition Analysis (AI SCA) capabilities that enable enterprises to harness the full potential of AI. With its expertise in open source governance, Sonatype now extends its trusted platform to protect, manage, and optimize AI/ML models…

Read more →