News – Help Net Security

ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group. In this cyberespionage campaign, the attackers compromised the legitimate installer, replacing it with a malicious version that deployed the group’s custom backdoor, SlowStepper. This sophisticated backdoor boasts a toolkit with over 30 components. Since at least 2019, PlushDaemon has conducted espionage operations against individuals and organizations in China, Taiwan, Hong Kong, … More → The post China-aligned PlushDaemon APT compromises supply chain of Korean VPN appeared first on Help Net Security.

In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery processes. The post Acronis CISO on why backup strategies fail and how to make them resilient appeared first on Help Net Security.

Despite progress made in privacy staffing and strategy alignment, privacy professionals are feeling increasingly stressed on the job within a complex compliance and risk landscape, according to new research from ISACA. Top three obstacles facing privacy programs ISACA’s State of Privacy 2025 survey report, reflecting insights from more than 1,600 global professionals worldwide, found that 63% of privacy professionals say their role is more stressful now than it was five years ago, with 34% indicating … More → The post Privacy professionals feel more stressed than ever appeared first on Help Net Security.

This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge. Covering technical strategies, real-world cases, and the evolving tactics of attackers, these books offer valuable perspectives to help strengthen defenses and refine incident response plans. Ransomware and Cyber Extortion: Response and Prevention Authors: Karen Sprenger, Sherri Davidoff, and Matt Durrin This guide offers value to everyone involved in prevention, response, planning, or policy: CIOs, CISOs, incident responders, investigators, negotiators, … More → The post Cybersecurity books on ransomware you shouldn’t miss appeared first on Help Net Security.

The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts. “Sophos MDR has observed more than 15 incidents involving these tactics in the past three months, with half of them in the past two weeks,” the company’s incident responders have warned today. The threat actors are social-engineering their way in To … More → The post Ransomware attackers are “vishing” organizations via Microsoft Teams appeared first on Help Net Security.

We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks. These aren’t your run-of-the-mill phishing scams. They are a sophisticated evolution of social engineering designed to deceive even the most tech-savvy users. Attackers exploit our routines, trust, and overconfidence, and complacency to manipulate us into becoming unwitting accomplices in … More → The post Scam Yourself attacks: How social engineering is evolving appeared first on Help Net Security.

In this Help Net Security interview, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity. He shares his perspective on the new threats these advancements bring and offers practical advice for organizations to stay prepared. What emerging technologies or trends could introduce entirely new types of cybersecurity threats? Emerging technologies such as AI, quantum computing, and IoT are reshaping the cybersecurity landscape. AI enables … More → The post Addressing the intersection of cyber and physical security threats appeared first on Help Net Security.

Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations. Fleet provides a single platform to secure and maintain all computing devices over the air. It offers a centralized solution, from mobile device management (MDM) to patching and verifying systems. It’s trusted in production environments. Deployments range from tens of thousands of hosts to large-scale environments supporting over 400,000 … More → The post Fleet: Open-source platform for IT and security teams appeared first on Help Net Security.

CISO Sempra Infrastructure | USA | Hybrid – View job details As a CISO, you will develop and implement a robust information security strategy and program that aligns with the organization’s objectives and regulatory requirements. Assess and manage cybersecurity risks across the organization’s digital infrastructure, networks, and sensitive data. Implement risk mitigation strategies and ensure regular risk assessments and audits. Cloud Security Engineer UBX | Philippines | On-site – View job details As a Cloud … More → The post Cybersecurity jobs available right now: January 21, 2025 appeared first on Help Net Security.

Attackers are impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) via AnyDesk to gain access to target computers. The request (Source: CERT-UA) “Unidentified individuals are sending connection requests via AnyDesk under the pretext of conducting a ‘security audit to verify the level of protection,’ using the name ‘CERT.UA,’ the CERT-UA logo, and the AnyDesk ID “1518341498” (which may vary),” CERT-UA explained on Friday. The requests are apparently unarranged and the attackers are counting on … More → The post CERT-UA warns against “security audit” requests via AnyDesk appeared first on Help Net Security.