Category: Data Protection

What is the VanHelsing ransomware? First reported earlier in March 2025, VanHelsing is a new ransomware-as-a-service operation. Oh, so it’s a relatively new player on the malware scene, then. Why the concern? At least three victims of VanHelsing have already been identitified, and a number of variants of the malware have been analysed by security […]

​In May, Microsoft plans to roll out a new Windows scheduled task that launches automatically to help Microsoft Office apps load faster. The company says the “Startup Boost” task will launch in the background on logon, with the roll-out to start in mid-May and worldwide general availability to be reached by late May 2025. On systems […]

Healthcare , HIPAA/HITECH , Industry Specific Audits Focus on HIPAA Security Rule Provisions Related to Ransomware, Hacking Marianne Kolbasuk McGee (HealthInfoSec) • March 25, 2025     Image: Getty Images The U.S. Department of Health and Human Services has quietly resumed HIPAA compliance audits of covered entities and business associates for the first time in […]

With the adoption of large language models (LLMs) across industries, security teams often play catch-up. Many organizations are integrating GenAI into customer interactions, software development, and enterprise decision-making, often without grasping the security implications. As LLMs are becoming integral to enterprise operations, The Developer’s Playbook for Large Language Model Security aims to be a timely […]

Mar 24, 2025Ravie LakshmananMalware / Ransomware A ransomware-as-a-service (RaaS) operation called VanHelsing has already claimed three victims since it launched on March 7, 2025. “The RaaS model allows a wide range of participants, from experienced hackers to newcomers, to get involved with a $5,000 deposit. Affiliates keep 80% of the ransom payments, while the core […]

The first initiative from The Federal Communications Commission’s newly-created Council on National Security will be a “sweeping” investigation of Chinese-made equipment in America’s telecommunications infrastructure, the agency announced Friday. In particular, FCC Commissioner Brendan Carr said the focus will be on equipment and services from Chinese companies already barred from U.S. networks under the Secure […]

Possible RCE and denial-of-service issue discovered in Kafka Connect UPDATED The Apache Software Foundation (ASF) has resolved a vulnerability that can be exploited to launch remote code execution (RCE) attacks using Kafka Connect. Announced on February 8, the critical flaw is tracked as CVE-2023-25194. It was discovered in Apache Kafka Connect, a free, open source […]

ZDNET On March 14, 2025, a root certificate used to verify signed content and add-ons for Firefox and other Mozilla projects expired (note that Thunderbird does not do content verification, so that app will be unaffected). The expiration of this certificate will cause problems for Firefox users unless they update to version 128 (or ESR […]

In December the Kyiv Post reported of the Ukrainian military’s own long-range, tethered drones, that, “currently about 40 percent of the components [are] sourced locally in Ukraine while, because there is limited domestic microelectronics manufacturing capability, the rest are imported, primarily from China.” AliExpress parent company Alibaba and Temu did not respond to requests for […]

Within two years, AI agents will accelerate the time it takes threat actors to hijack exposed accounts by 50%, Gartner has warned. The analyst claimed that the technology would help to automate more of the steps necessary to accomplish account takeovers (ATOs), such as deepfake-driven social engineering and credential compromise. Agentic AI is widely hailed […]