Aggregator

CISOs know cyber risk is business risk. Boards don’t always see it that way.​ For years, CISOs have struggled to get boards to understand security beyond buzzwords. Many feel they’re either ignored or misunderstood. But with threats growing and regulations tightening, that’s changing. Boards now expect CISOs to speak their language: risk, dollars, impact.​ Here’s how security leaders can get through, with real-world tips on making cybersecurity resonate in the boardroom. Translate risk into dollars … More →

The post How CISOs can talk cybersecurity so it makes sense to executives appeared first on Help Net Security.

Mickey Bresman Discusses Gaps in Preparedness and Tabletop Execution
Security leaders are placing more focus on cyber resilience as regulations tighten worldwide. Mickey Bresman, CEO at Semperis, said frameworks such as the SEC’s cybersecurity disclosure rule and Europe's DORA regulation are forcing organizations to build and test disaster recovery plans.

Ulla Coester on Ethical Design and the Role of the EU AI Act
Unclear threats and unpredictable behavior complicate global trust in AI. Building a shared understanding through adaptable governance helps create consistent expectations for responsible development across societies, said Ulla Coester, project director, Fresenius University of Applied Sciences.

История стандарта, который все одобряют, но при этом отчаянно избегают.

The threat actors known as Golden Chickens have been attributed to two new malware families dubbed TerraStealerV2 and TerraLogger, suggesting continued development efforts to fine-tune and diversify their arsenal. "TerraStealerV2 is designed to collect browser credentials, cryptocurrency wallet data, and browser extension information," Recorded Future Insikt Group said. "TerraLogger, by contrast

近期，国家互联网信息办公室会同有关部门发布《终端设备直连卫星服务管理规定》，将于2025年6月1日起施行。《规定》是我国首个专门就终端设备直连卫星出台的规范性文件，对促进和规范我国终端设备直连卫星服务健康发展具有重要意义。

中国国家网络与信息安全信息通报中心通过支撑单位发现一批境外恶意网址和恶意IP，境外黑客组织利用这些网址和IP持续对中国和其他国家发起网络攻击。

In this Help Net Security interview, Stuart Clarke, CEO at Blackdot Solutions, discusses the strategic use of open-source intelligence (OSINT) in tackling financial crime. He outlines its application in areas such as fraud, sanctions evasion, and money laundering, and addresses the legal, ethical, and operational challenges involved. Clarke also provides case studies illustrating how OSINT has been used to uncover criminal networks. Are there specific financial crime typologies, such as fraud, money laundering, or sanctions … More →

The post How OSINT supports financial crime investigations appeared first on Help Net Security.

Как скандал с видеоплатформой может перевернуть всю торговую войну?

National Cyber Security Centre (NCSC) has issued technical guidance following a series of cyber attacks targeting UK retailers. These incidents have prompted concerns about the evolving threat landscape, particularly regarding ransomware and data extortion techniques. The NCSC’s National Resilience Director, Jonathon Ellison, and Chief Technology Officer, Ollie Whitehouse, have highlighted specific technical measures that organizations […]

The post NCSC Warns of Ransomware Attacks Targeting UK Organisations appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Effective Vulnerability Management offers a view of a key part of cybersecurity, showing how practices, tools, and processes can help organizations reduce risk. About the authors Chris Hughes is the President of Aquia, a cybersecurity leader with 20 years of public and private sector experience, who also serves as a professor, and CISA Cyber Innovation Fellow. Nikki Robinson is a Security Architect and Professor of Practice at Capitol Technology University, with dual doctorates in Cybersecurity … More →

The post Review: Effective Vulnerability Management appeared first on Help Net Security.

Не все версии ИИ одинаково полезны — вот как найти свою идеальную.

A vulnerability was found in Envolve Plugin up to 1.0 on WordPress. It has been classified as critical. This affects the function zetra_deleteLanguageFile/zetra_deleteFontsFile. The manipulation leads to denial of service. This vulnerability is uniquely identified as CVE-2024-11615. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in MediaTek MT2718, MT6878, MT6897, MT6899, MT6989, MT6991, MT8196, MT8391, MT8676 and MT8678 and classified as critical. Affected by this issue is some unknown functionality of the component thermal. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2025-20671. Local access is required to approach this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in MediaTek MT6878, MT6897, MT6899, MT6989, MT6991, MT8775 and MT8796 and classified as critical. Affected by this vulnerability is an unknown functionality of the component scp. The manipulation leads to out-of-bounds write. This vulnerability is known as CVE-2025-20668. An attack has to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in MediaTek MT6580, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6879, MT6883, MT6885, MT6886, MT6889, MT6893, MT6895, MT6983, MT6985, MT8175, MT8195, MT8196, MT8321, MT8365, MT8370, MT8385, MT8390, MT8395, MT8666, MT8667, MT8673, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791T, MT8795T, MT8796, MT8797, MT8798 and MT8893. Affected is an unknown function of the component devinfo. The manipulation leads to file and directory information exposure. This vulnerability is traded as CVE-2025-20665. The attack needs to be approached locally. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MediaTek MT2735, MT6833, MT6833P, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6880, MT6883, MT6885, MT6889, MT6890, MT6891, MT6893, MT8666, MT8667, MT8673, MT8675, MT8771, MT8791, MT8791T, MT8795T, MT8797 and MT8798 NR15. This issue affects some unknown processing of the component Base Station Handler. The manipulation leads to reachable assertion. The identification of this vulnerability is CVE-2025-20666. The attack may be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in MediaTek MT2737, MT6813, MT6835, MT6835T, MT6878, MT6878M, MT6879, MT6886, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8673, MT8675, MT8676, MT8678, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T, MT8795T, MT8797 and MT8798 NR16/NR17/NR17R. This vulnerability affects unknown code of the component Modem. The manipulation leads to improper certificate validation. This vulnerability was named CVE-2025-20670. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic has been found in MediaTek MT2735, MT2737, MT6739, MT6761, MT6762, MT6762D, MT6762M, MT6763, MT6765, MT6765T, MT6767, MT6768, MT6769, MT6769K, MT6769S, MT6769T, MT6769Z, MT6771, MT6779, MT6781, MT6783, MT6785, MT6785T, MT6785U, MT6789, MT6813, MT6833, MT6833P, MT6835, MT6835T, MT6853, MT6853T, MT6855, MT6855T, MT6873, MT6875, MT6875T, MT6877, MT6877T, MT6877TT, MT6878, MT6878M, MT6879, MT6880, MT6883, MT6885, MT6886, MT6889, MT6890, MT6891, MT6893, MT6895, MT6895TT, MT6896, MT6897, MT6899, MT6980, MT6980D, MT6983, MT6983T, MT6985, MT6985T, MT6989, MT6989T, MT6990, MT6991, MT8666, MT8667, MT8675, MT8676, MT8765, MT8766, MT8768, MT8771, MT8781, MT8786, MT8788, MT8788E, MT8789, MT8791, MT8791T and MT8797 up to NR17R. This affects an unknown part of the component Base Station Handler. The manipulation leads to inadequate encryption strength. This vulnerability is uniquely identified as CVE-2025-20667. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.