Help Net Security

Deepfakes force a new era in fraud detection, identity verification

January 24, 2025 add comment
The rise in identity fraud over the past two years has significantly impacted all industries, especially finance, banking, fintech, and crypto, according to Regula. With deepfakes threatening every second... Read more »

New infosec products of the week: January 24, 2025

January 24, 2025 add comment
Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems. Lookout Mobile Intelligence APIs identifies cross-platform attacks... Read more »

Juniper enterprise routers backdoored via “magic packet” malware

January 23, 2025 add comment
A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse... Read more »

Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw

January 23, 2025 add comment
Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning... Read more »

SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)

January 23, 2025 add comment
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers. “We strongly advises users of the SMA1000 product to upgrade... Read more »

Appdome Threat Dynamics analyzes and ranks mobile threats

January 23, 2025 add comment
Appdome announced that a new AI-Native threat-management module called Threat Dynamics will be offered inside Appdome’s ThreatScope Mobile XDR. Threat Dynamics uses AI deep learning to continuously evaluate the... Read more »

DigitalOcean Per-Bucket Access Keys boosts object storage security

January 23, 2025 add comment
DigitalOcean announced Per-Bucket Access Keys for DigitalOcean Spaces, its S3-compatible object storage service. This feature provides customers with identity-based, bucket-level control over access permissions, helping to enhance their data... Read more »

Bitsight Instant Insights accelerates vendor risk assessments

January 23, 2025 add comment
Bitsight unveiled Instant Insights, a new offering from the Bitsight IQ suite of AI-based capabilities. The new feature leverages generative AI to analyze and summarize security questionnaires and reports,... Read more »

Defense strategies to counter escalating hybrid attacks

January 23, 2025 add comment
In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations... Read more »

Web Cache Vulnerability Scanner: Open-source tool for detecting web cache poisoning

January 23, 2025 add comment
The Web Cache Vulnerability Scanner (WCVS) is an open-source command-line tool for detecting web cache poisoning and deception. The scanner, developed by Maximilian Hildebrand, offers extensive support for various... Read more »
Subscribe to our Newsletter