(IN)SECURE Newsletter - April 9, 2025

A smorgasbord of knowledge and news - View this email in your browser  (IN)SECURE Newsletter  April 9, 2025 A smorgasbord of knowledge and news What's new? CISA has released indicators of compromise, detection signatures, and updated mitigation advice for rooting out a newly identified malware variant used by the attackers who breached Ivanti Connect Secure VPN appliances in December 2024 by exploiting the CVE-2025-0282 zero-day. There's a significant increase of scanning activity targeting internet-facing Palo Alto Networks GlobalProtect portals, and organizations with exposed systems are urged to secure them and look for signs of compromise. The UK National Cyber Security Centre (NCSC) has released security guidance for domain registrars and operators of Domain Name System (DNS) services. Malware peddlers are saddling users with the TookPS downloader and the Lapmon and TeviRat backdoors via malicious sites that mimic official ones and ostensibly offer legitimate software for download. Ideas to consider, practices to implement CISOs battle security platform fatigue 7 ways to get C-suite buy-in on that new cybersecurity tool Building a cybersecurity strategy that survives disruption The shift to identity-first security and why it matters How to build an effective cybersecurity simulation Forward-thinking CISOs are shining a light on shadow IT Android financial threats: What businesses need to know to protect themselves and their customers Balancing data protection and clinical usability in healthcare A CISO's guide to securing AI models The hidden costs of security tool bloat and how to fix it Post-quantum cryptography and the future of online safety (Video) Get our news via e-mail Subscribe to get regular updates from Help Net Security. Choose between our daily and weekly newsletters, or you can also opt for specialized newsletters: Breaking news – sent for major events Cybersecurity jobs – sent weekly Open-source cybersecurity tools – sent monthly Open-source tools you should check out BlueToolkit - A Bluetooth Classic vulnerability testing framework Exegol - A community-driven hacking environment Malwoverview - A first response tool for threat hunting Resources Broaden your knowledge and resolve issues (registration may be required): Whitepaper: Voice of Security 2025 Report: Fortune 500 employee-linked account exposure Report: The State of Secrets Sprawl 2025 eBook: What does it take to be a full-fledged virtual CISO? Copyright © 2025 Help Net Security, All rights reserved.  You are receiving Help Net Security daily security news because you opted in at our web site located on www.helpnetsecurity.com. Our mailing address is:  Help Net Security  Astus d.o.o.  Kastav 51215  Croatia  Add us to your address book No longer interested in receiving these emails? Unsubscribe