Collaborate Disseminate
$2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis’ 2025 Crypto Crime Report has revealed. Of that sum, $1.34 billion was stolen by North Korea-affiliated hackers, across 47 hacking incidents (out of 303)…. Continue reading Cryptocurrency hackers stole $2.2 billion from platforms in 2024
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. About the CISA BOD 25-01 directive The Implementin… Continue reading CISA orders federal agencies to secure their Microsoft cloud environments
Ukrainian national Mark Sokolovsky was sentenced to 60 months in federal prison for one count of conspiracy to commit computer intrusion. According to court documents, he conspired to operate the Raccoon Infostealer as a malware-as-a-service (MaaS). In… Continue reading Ukrainian hacker gets prison for infostealer operations
Security teams that subscribe to threat feeds get lists of known malicious domains, IPs, and file signatures that they can leverage to blacklist and prevent attacks from those sources.
The post Are threat feeds masking your biggest security blind spot?… Continue reading Are threat feeds masking your biggest security blind spot?
In this Help Net Security interview, Dan Lohrmann, CISO at Presidio, discusses the need for organizations to rethink their leadership and operational strategies and the cybersecurity risks they have to deal with during digital transformation.
The post … Continue reading Leadership skills for managing cybersecurity during digital transformation
A threat actor looking to take over the Microsoft Azure cloud infrastructure of European companies has successfully compromised accounts of multiple victims in different firms, according to Palo Alto Networks’ Unit 42 researchers. The phishing ca… Continue reading European companies hit with effective DocuSign-themed phishing emails
BeyondTrust has fixed an unauthenticated command injection vulnerability (CVE-2024-12356) in its Privileged Remote Access (PRA) and Remote Support (RS) products that may allow remote code execution, and is urging organizations with on-premise installat… Continue reading BeyondTrust fixes critical vulnerability in remote access, support solutions (CVE-2024-12356)
What was once primarily a technical role, CISOs now find themselves accountable for organizational risk, regulatory compliance, and even legal liabilities across the entire organization. However, as cyber threats intensify, it’s clear that overseeing c… Continue reading CISO accountability: Navigating a landscape of responsibility
In this Help Net Security interview, Vivek Agarwal, Privacy Program Manager at Meta Platforms, shares insights on strategies for reducing time to market, improving vendor onboarding, and updating privacy requirements to ensure compliance across third-p… Continue reading Key steps to scaling automated compliance while maintaining security
Google’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch validation, Vanir helps OEMs deliver critical security updates faster, enhancing the s… Continue reading Vanir: Open-source security patch validation for Android