Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
48,000+ internet-facing Fortinet firewalls still open to attack
Despite last week’s confirmation of and warnings about long-standing exploitation of CVE-2024-55591, a critical vulnerability affecting Fortinet Fortigate firewalls, too many vulnerable devices are still accessible from the Internet and open to attack: over 48,000, according to data from the Shadowserver Foundation.
Ransomware attackers are “vishing” organizations via Microsoft Teams
The “email bombing + posing as tech support via Microsoft Teams” combination is proving fruitful for two threat actors looking to deliver ransomware to organizations, and they seem to be ramping up their efforts.
Defense strategies to counter escalating hybrid attacks
In this Help Net Security interview, Tomer Shloman, Sr. Security Researcher at Trellix, talks about attack attribution, outlines solutions for recognizing hybrid threats, and offers advice on how organizations can protect themselves against hybrid attacks.
Juniper enterprise routers backdoored via “magic packet” malware
A stealthy attack campaign turned Juniper enterprise-grade routers into entry points to corporate networks via the “J-magic” backdoor, which is loaded into the devices’ memory and spawns a reverse shell when instructed to do so.
Acronis CISO on why backup strategies fail and how to make them resilient
In this Help Net Security interview, Gerald Beuchelt, CISO at Acronis, discusses common backup strategy pitfalls, reasons for backup failures, and offers actionable advice for organizations looking to improve their backup and recovery processes.
Cisco fixes ClamAV vulnerability with available PoC and critical Meeting Management flaw
Cisco has released patches for a critical privilege escalation vulnerability in Meeting Management (CVE-2025-20156) and a heap-based buffer overflow flaw (CVE-2025-20128) that, when triggered, could terminate the ClamAV scanning process on endpoints running a Cisco Secure Endpoint Connector.
Addressing the intersection of cyber and physical security threats
In this Help Net Security interview, Nicholas Jackson, Director of Cyber Operations at Bitdefender, discusses how technologies like AI, quantum computing, and IoT are reshaping cybersecurity.
SonicWall SMA appliances exploited in zero-day attacks (CVE-2025-23006)
A critical zero-day vulnerability (CVE-2025-23006) affecting SonicWall Secure Mobile Access (SMA) 1000 Series appliances is being exploited by attackers.
AI-driven insights transform security preparedness and recovery
In this Help Net Security interview, Arunava Bag, CTO at Digitate, discusses how organizations can recover digital operations after an incident, prioritize cybersecurity strategies, and secure digital operations with effective frameworks.
Mirai botnet behind the largest DDoS attack to date
Researchers have uncovered two Mirai-based botnets harnessing Internet of Things (IoT) devices to DDoS target organizations around the world.
Fleet: Open-source platform for IT and security teams
Fleet is an open-source platform for IT and security teams managing thousands of computers. It’s designed to work seamlessly with APIs, GitOps, webhooks, and YAML configurations.
CERT-UA warns against “security audit” requests via AnyDesk
Attackers are impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) via AnyDesk to gain access to target computers.
Scam Yourself attacks: How social engineering is evolving
We’ve entered a new era where verification must come before trust, and for good reason. Cyber threats are evolving rapidly, and one of the trends getting a fresh reboot in 2025 is the “scam yourself” attacks.
Funding soars in a milestone year for Israeli cybersecurity
In this Help Net Security video, Or Salom, Analyst at YL Ventures, discusses the State of the Cyber Nation Report 2024.
Stratoshark: Wireshark for the cloud – now available!
Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network visibility to the cloud, providing users with a standardized approach to cloud observability.
Decentralization is happening everywhere, so why are crypto wallets “walled gardens”?
The twin cryptocurrency and digital identity revolutions are supposed to be building a better future, where anybody can take charge of their sovereignty and security in a world where both face unprecedented threats.
NDR’s role in a modern cybersecurity stack
In this Help Net Security video, Jerry Mancini, NETSCOUT’s Senior Director, Office of the Enterprise CTO, discusses NDR’s role in a modern cybersecurity stack.
China-aligned PlushDaemon APT compromises supply chain of Korean VPN
ESET researchers have uncovered a supply chain attack targeting a South Korean VPN provider, carried out by PlushDaemon, a newly identified China-aligned APT group.
One in ten GenAI prompts puts sensitive data at risk
Despite their potential, many organizations hesitate to fully adopt GenAI tools due to concerns about sensitive data being inadvertently shared and possibly used to train these systems, according to Harmonic.
Cybersecurity jobs available right now: January 21, 2025
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Cybersecurity books on ransomware you shouldn’t miss
This list of ransomware-focused cybersecurity books is tailored for professionals seeking practical insights and deeper knowledge.
New infosec products of the week: January 24, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Bitsight, DataDome, DigitalOcean, Lookout, and XONA Systems.