Tag: infosec
-
New infosec products of the week: April 18, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Cato Networks, Cyware, Entrust, PlexTrac, and Seemplicity. PlexTrac for CTEM helps … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/18/new-infosec-products-of-the-week-april-18-2025/
-
Whistleblower describes DOGE IT dept rampage at America’s labor watchdog
Ignored infosec rules, exfiltrated data “¦ then the mysterious login attempts from a Russian IP address began claim First seen on theregister.com Jump to article: www.theregister.com/2025/04/17/whistleblower_nlrb_doge/
-
The most dangerous time for enterprise security? One month after an acquisition
Fear of upgrading or purchasing any new security tech. Managers are hesitant to invest because they don’t know what the new parent company will decide, and they don’t want to waste money.Talented security people leave, along with the best people in every business unit. They are worried about being laid off, so they take whatever…
-
New infosec products of the week: April 11, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Forescout, Index Engines, Jit, RunSafe Security, and Seal Security. Jit launches AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/11/new-infosec-products-of-the-week-april-11-2025/
-
Targeted phishing gets a new hook with real-time email validation
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
The Reg translates the letter in which Oracle kinda-sorta tells customers it was pwned
TL;DR: Move along, still nothing to see here – an idea that leaves infosec pros aghast First seen on theregister.com Jump to article: www.theregister.com/2025/04/10/oracles_breach_letter/
-
Precision-validated phishing: The rise of sophisticated credential theft
Tags: api, authentication, awareness, ciso, credentials, data-breach, defense, email, infosec, mail, password, phishing, sans, service, spam, spear-phishing, theft, threat, training‘A little bit of hype’: David Shipley, head of Canadian-based security awareness training firm Beauceron Security, said “there’s a little bit of hype” in giving the tactic a fancy name for what is in fact spear phishing, although, he admitted, it’s “rapid-fire spear phishing.”The reason, he said, is that “spray-and-pray” mass phishing campaigns today are…
-
Trump kills clearances for infosec’s SentinelOne, ex-CISA boss Chris Krebs
Alleges cybersecurity agency was ‘weaponized’ to suppress debunked theories First seen on theregister.com Jump to article: www.theregister.com/2025/04/10/trump_cisa_investigation_memo/
-
Pharmacist accused of using webcams to spy on women in intimate moments at work, home
Lawsuit claims sick cyber-voyeurism went undetected for years, using hundreds of PCs, due to lax infosec First seen on theregister.com Jump to article: www.theregister.com/2025/04/09/pharmacist_accused_of_cyber_voyeurism/
-
New infosec products of the week: April 4, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1touch.io, Bitsight, Bluefin, CyberQP, and Exabeam. Exabeam Nova accelerates threat … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/04/04/new-infosec-products-of-the-week-april-4-2025/
-
6 hard-earned tips for leading through a cyberattack, from CSOs who’ve been there
Tags: attack, awareness, breach, business, cisco, ciso, control, cyber, cyberattack, cybersecurity, data, group, incident response, infosec, infrastructure, lessons-learned, military, open-source, phishing, phone, privacy, programming, ransomware, security-incident, service, skills, software, strategy, threat, training, updateDevelop muscle memory, and patience, through simulations: Authority under crisis is meaningless if you can’t establish followership. And this goes beyond the incident response team: CISOs must communicate with the entire organization, a commonly misunderstood imperative, says Pablo Riboldi, CISO of nearshore talent provider BairesDev.”I find that employee involvement tends to be overlooked during cyberattacks.…
-
Check Point confirms breach, but says it was ‘old’ data and crook made ‘false’ claims
Explanation leaves a ‘lot of questions unanswered,’ says infosec researcher First seen on theregister.com Jump to article: www.theregister.com/2025/03/31/check_point_confirms_breach/
-
Infosec products of the month: March 2025
Tags: infosecHere’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Alloy, Cloudflare, Cytex, Detectify, GetReal Security, iProov, Keysight … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/28/infosec-products-of-the-month-march-2025/
-
US defense contractor cops to sloppy security, settles after infosec lead blows whistle
MORSE to pay — .. .-.. .-.. .. — -. … for failing to meet cyber-grade First seen on theregister.com Jump to article: www.theregister.com/2025/03/26/us_defense_contractor/
-
Infosec pro Troy Hunt HasBeenPwned in Mailchimp phish
16,000 stolen records pertain to former and active mail subscribers First seen on theregister.com Jump to article: www.theregister.com/2025/03/25/troy_hunt_mailchimp_phish/
-
CISOs are taking on ever more responsibilities and functional roles has it gone too far?
Tags: ai, business, cio, ciso, cloud, compliance, computing, control, corporate, cyber, cybersecurity, data, defense, framework, fraud, governance, healthcare, infosec, intelligence, international, Internet, jobs, law, mitigation, nist, privacy, regulation, resilience, risk, risk-management, service, skills, software, supply-chain, technology, threatth century alongside technology and internet-enabled threats, morphing to meet the demands of the moment. But the position hasn’t just matured; in many cases it has expanded, taking on additional domains.”The CISO role has expanded significantly over the years as companies realize that information security has a unique picture of what is going on across…
-
11 hottest IT security certs for higher pay today
Tags: access, attack, automation, business, cloud, container, control, corporate, credentials, cyber, cybersecurity, data, defense, encryption, exploit, finance, fortinet, google, governance, incident response, infosec, intelligence, Internet, jobs, linux, malicious, malware, monitoring, network, penetration-testing, remote-code-execution, resilience, reverse-engineering, risk, risk-assessment, risk-management, skills, software, technology, threat, tool, training, vulnerability, windowsOffensive Security Certified Expert (OSCE): OffSec’s Offensive Security Certified Expert consists of three courses: Advanced Web Attacks and Exploitation, Advanced Evasion Techniques and Breaching Defenses, and Windows User Mode Exploit Development. The format for each course exam is the same: Candidates have 48 hours to compromise a given target using various techniques. No formal prerequisites exist for any of the…
-
New infosec products of the week: March 21, 2025
Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Cloudflare, Cytex, Keysight Technologies, and TXOne Networks. Keysight AI … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/21/new-infosec-products-of-the-week-march-21-2025/
-
New infosec products of the week: March 14, 2025
Tags: infosecHere’s a look at the most interesting products from the past week, featuring releases from Alloy, Detectify, Pondurance, and SimSpace. SimSpace Stack Optimizer allows … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/14/new-infosec-products-of-the-week-march-14-2025/
-
What is risk management? Quantifying and mitigating uncertainty
Tags: breach, business, cio, ciso, compliance, control, cyber, cyberattack, data, finance, flaw, framework, governance, healthcare, infosec, infrastructure, insurance, international, jobs, mitigation, monitoring, nist, risk, risk-analysis, risk-assessment, risk-management, software, strategy, technology, tool, vulnerabilityHow do organizations structure risk management operations?: Risk management has in some organizations traditionally been multicentric, with different departments or individuals within the org implementing risk management techniques in their work: Risk management is a component of good project management, for instance. IT leaders in particular must be able to integrate risk management philosophies and…
-
New infosec products of the week: March 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Outpost24, Palo Alto Networks, Red Canary, and Sonatype. Outpost24 introduces … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/07/new-infosec-products-of-the-week-march-7-2025/
-
Infosec products of the month: February 2025
Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armor, BigID, Dynatrace, Fortinet, Legit Security, Netwrix, Nymi, Palo … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/28/infosec-products-of-the-month-february-2025/
-
Ghost ransomware crew continues to haunt IT depts with scarily bad infosec
FBI and CISA issue reminder – deep sigh – about the importance of patching and backups First seen on theregister.com Jump to article: www.theregister.com/2025/02/20/fbi_beware_of_ghost_ransomware/
-
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11M
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/decadeold_healthcare_security_snafu_settled/
-
Healthcare outfit that served military personnel settles allegations it faked infosec compliance for $11 million
If this makes you feel sick, knowing this happened before ransomware actors started targeting medical info may help First seen on theregister.com Jump to article: www.theregister.com/2025/02/19/decadeold_healthcare_security_snafu_settled/
-
New infosec products of the week: February 14, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Armor, EchoMark, Netwrix, Palo Alto Networks, and Socure. Palo Alto Networks Cortex … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/14/new-infosec-products-of-the-week-february-14-2025/
-
US lawmakers press Trump admin to oppose UK’s order for Apple iCloud backdoor
Senator, Congressman tell DNI to threaten infosec agreements if Blighty won’t back down First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/us_demand_uk_apple_backdoor_close/
-
Sophos sheds 6% of staff after swallowing Secureworks
De-dupes some roles, hints others aren’t needed as the infosec scene shifts First seen on theregister.com Jump to article: www.theregister.com/2025/02/13/sophos_secureworks_layoff/
-
Fortinet discloses second authentication bypass vulnerability
Fortinet disclosed CVE-2025-24472 in an updated advisory that confused some in the infosec community because it stated that ‘reports show this is being exploited in the wild.’ First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366619314/Fortinet-discloses-second-authentication-bypass-vulnerability