Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411) CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has…
Category: Help Net Security
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
A ViewState code injection attack spotted by Microsoft threat researchers in December 2024 could be easily replicated by other attackers, the company warned. “In the course of investigating, remediating, and building protections against this activity, we observed an insecure practice…
Self-sovereign identity could transform fraud prevention, but…
The way we manage digital identity is fundamentally broken. The root of the problem lies in traditional, centralized identity models, where a single organization holds and controls a user’s credentials, creating an attractive target for attackers. The bigger the database,…
Ghidra 11.3 released: New features, performance improvements, bug fixes
NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to dissect and examine compiled code across multiple platforms, including Windows, macOS, and Linux. Ghidra 11.3 is fully…
Infosec pros struggle under growing compliance
The implementation of new regulatory measures that impact the UK, EU, and beyond are driving organizations to enhance vigilance in addressing evolving cybersecurity and operational risks, according to AuditBoard. The research showed 91% of respondents report feeling concerned about cybersecurity…
New infosec products of the week: February 7, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Dynatrace, Nymi, Qualys, SafeBreach, and Satori. Qualys TotalAppSec enables organizations to address risks across web applications and APIs Qualys TotalAppSec unifies API security, web application…
Overconfident execs are making their companies vulnerable to fraud
Cyber fraud (which includes activity such as hacking, deepfakes, voice cloning and highly sophisticated phishing schemes) rose by 14% year over year, according to Trustpair. US faces cyber fraud growth The proprietary research, which is based on a survey of…
Expel expands SIEM capabilities to meet mounting data storage needs
Expel announced expanded security information and event management (SIEM) coverage, including a new low-cost data lake offering, allowing customers to meet compliance and data storage requirements more effectively while strengthening their overall security posture. Additionally, Expel extended integration coverage and…
ActiveState accelerates secure software delivery
ActiveState launched its Vulnerability Management as a Service (VMaas) offering that revolutionizes how organizations manage open source and accelerates secure software delivery. ActiveState’s Vulnerability Management as a Service combines Application Security Posture Management (ASPM) and Intelligent Remediation capabilities with expert…
Ransomware payments plummet as more victims refuse to pay
Chainalysis’ latest report on how the ransomware landscape changed from 2023 to 2024 shows a promising trend: An increasing number of victims refuses to pay the ransom. The total volume of ransom payments decreased year-over-year by approximately 35%, the blockchain…