A smorgasbord of knowledge and news -

View this email in your browser (IN)SECURE Newsletter January 15, 2025 A smorgasbord of knowledge and news What's new?   CISA has issued a binding operational directive (BOD 25-01) requiring federal civilian agencies to secure their (Microsoft) cloud environments. The White House has announced the launch of the U.S. Cyber Trust Mark, a voluntary cybersecurity labeling program for consumer-grade internet-connected devices. A ransomware gang dubbed Codefinger is encrypting data stored in target organizations' AWS S3 buckets with AWS's server-side encryption option with customer-provided keys (SSE-C), and asking for money to hand over the key they used. $2.2 billion worth of cryptocurrency was stolen from various platforms in 2024, Chainalysis' 2025 Crypto Crime Report has revealed. Some cybersecurity predictions for 2025: As we look ahead to cybersecurity developments in 2025, there's bad news and good—expect to see new challenging attacks and the cybersecurity community increasingly working together to counter threats that are beyond the scope of individual organizations. In 2025, seven trends will shape the future of data and AI, offering advantages for those who see these changes not as challenges but as opportunities to innovate and excel. In the Internet of Things (IoT) sector, 2025 is shaping up to be a politically charged year. Webinar: Amplifying SIEM with AI-driven NDR for IT/OT Convergence Join cybersecurity leader Erwin Eimers from Sumitomo Chemicals Americas on Thursday, January 23rd at 10 AM PT, to explore how AI-driven Network Detection and Response (NDR) enhances SIEM capabilities, bridging critical visibility gaps in converged IT/OT environments. Don't miss this chance to transform your security operations - Register now! Ideas to consider, practices to implement GitHub CISO on security strategy and collaborating with the open-source community Time for a change: Elevating developers' security skills eBay CISO on managing long-term cybersecurity planning and ROI Preventing the next ransomware attack with help from AI GitLab CISO on proactive monitoring and metrics for DevSecOps success Balancing proprietary and open-source tools in cyber threat research Making the most of cryptography, now and in the future Overwhelmed by fraud? Here's how financial pros fight back Why an "all gas, no brakes" approach for AI use won't work How CISOs can make smarter risk decisions How companies can fight ransomware impersonations (Video) Get our news via e-mail Subscribe to get regular updates from Help Net Security. Choose between our daily and weekly newsletters, or you can also opt for specialized newsletters: Breaking news – sent for major events Cybersecurity jobs – sent weekly Open-source cybersecurity tools – sent monthly Open-source cybersecurity tools you should check out Chainsaw - A tool for hunting through Windows forensic artefacts Sara - A RouterOS security inspector Cyberbro - A tool that extracts IoCs and checks their reputation Kata Containers - A container runtime, building lightweight VMs reconFTW - A tool that simplifies and automates the reconnaissance process Evilginx - A man-in-the-middle attack framework Copyright © 2025 Help Net Security (Astus d.o.o.), All rights reserved. You are receiving (IN)SECURE Newsletter because you opted in at our web site located on https://www.helpnetsecurity.com. Note: Sometimes we send promotional maildrops to our list. We never share your details with anyone! We really send a limited number of maildrops per year, so we hope you won't unsbscribe because of them. Thanks in advance! Our mailing address is: Help Net Security (Astus d.o.o.) Kastav Kastav 51215 Croatia Add us to your address book Want to change how you receive these emails? You can update your preferences or unsubscribe from this list.