Don’t miss

Compromised recording software was served from vendor’s official site, threat researchers say

Compromised recording software was served from vendor’s official site, threat researchers say 2024-05-23 at 18:01 By Zeljka Zorz Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected …

Compromised recording software was served from vendor’s official site, threat researchers say Read More »

React to this headline:

Loading spinner

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to …

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

React to this headline:

Loading spinner

HHS pledges $50M for autonomous vulnerability management solution for hospitals

HHS pledges $50M for autonomous vulnerability management solution for hospitals 2024-05-23 at 10:18 By Zeljka Zorz As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has …

HHS pledges $50M for autonomous vulnerability management solution for hospitals Read More »

React to this headline:

Loading spinner

CISOs pursuing AI readiness should start by updating the org’s email security policy

CISOs pursuing AI readiness should start by updating the org’s email security policy 2024-05-23 at 08:03 By Anamarija Pogorelec Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on the decline. Easily detected by most of today’s standard email security …

CISOs pursuing AI readiness should start by updating the org’s email security policy Read More »

React to this headline:

Loading spinner

Strategies for transitioning to a SASE architecture

Strategies for transitioning to a SASE architecture 2024-05-23 at 07:33 By Mirko Zorz In this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them. What are companies’ primary challenges when transitioning to a SASE architecture, and how can they …

Strategies for transitioning to a SASE architecture Read More »

React to this headline:

Loading spinner

2024 sees continued increase in ransomware activity

2024 sees continued increase in ransomware activity 2024-05-23 at 06:31 By Help Net Security In this Help Net Security video, Ryan Bell, Threat Intelligence Manager at Corvus Insurance, discusses how ransomware will continue to grow in 2024. In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by nearly …

2024 sees continued increase in ransomware activity Read More »

React to this headline:

Loading spinner

Windows’ new Recall feature: A privacy and security nightmare?

Windows’ new Recall feature: A privacy and security nightmare? 2024-05-22 at 15:32 By Zeljka Zorz Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts them, saves them, and leverages AI to allow users to search through them for …

Windows’ new Recall feature: A privacy and security nightmare? Read More »

React to this headline:

Loading spinner

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and …

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

React to this headline:

Loading spinner

Authelia: Open-source authentication and authorization server

Authelia: Open-source authentication and authorization server 2024-05-22 at 07:33 By Mirko Zorz Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to the application backends. …

Authelia: Open-source authentication and authorization server Read More »

React to this headline:

Loading spinner

Cybersecurity jobs available right now: May 22, 2024

Cybersecurity jobs available right now: May 22, 2024 2024-05-22 at 07:01 By Mirko Zorz Associate Director, Cyber Security AstraZeneca | Sweden | On-site – View job details You will develop and implement security policies, procedures, and operating practices in this role. You will coordinate risk profile development and distribution to IT business-facing audiences and maintain …

Cybersecurity jobs available right now: May 22, 2024 Read More »

React to this headline:

Loading spinner

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) 2024-05-21 at 17:31 By Zeljka Zorz Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. The vulnerabilities and the CVE-2024-27130 …

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) Read More »

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About …

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

React to this headline:

Loading spinner

Strategies for combating AI-enhanced BEC attacks

Strategies for combating AI-enhanced BEC attacks 2024-05-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Robert Haist, CISO at TeamViewer, discusses how AI is being leveraged by cybercriminals to enhance the effectiveness of BEC scams. How is AI being leveraged by cybercriminals to enhance the effectiveness of BEC scams? BEC attacks are …

Strategies for combating AI-enhanced BEC attacks Read More »

React to this headline:

Loading spinner

Phishing statistics that will make you think twice before clicking

Phishing statistics that will make you think twice before clicking 2024-05-21 at 07:01 By Help Net Security This article includes excerpts from various reports that offer statistics and insights into the current phishing landscape. AI-driven phishing attacks deceive even the most aware users Zscaler | Zscaler ThreatLabz 2024 Phishing Report | May 2024 In 2023, …

Phishing statistics that will make you think twice before clicking Read More »

React to this headline:

Loading spinner

Fighting identity fraud? Here’s why we need better tech

Fighting identity fraud? Here’s why we need better tech 2024-05-21 at 06:01 By Help Net Security In this Help Net Security video, Patrick Harding, Chief Architect at Ping Identity, discusses the state of identity fraud prevention. Businesses must adopt more advanced technologies to combat the advancing tactics of identity fraud. Organizations that do not implement …

Fighting identity fraud? Here’s why we need better tech Read More »

React to this headline:

Loading spinner

eBook: 10 reasons why demand for cloud security is sky-high

eBook: 10 reasons why demand for cloud security is sky-high 2024-05-21 at 05:46 By Help Net Security Current demand for cloud security specialists far exceeds available talent. Especially for companies seeking protection in multicloud environments, professionals with vendor-neutral knowledge and skills to their hiring wish lists. Find out how cloud security is evolving and why …

eBook: 10 reasons why demand for cloud security is sky-high Read More »

React to this headline:

Loading spinner

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) 2024-05-20 at 14:02 By Zeljka Zorz Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to …

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) Read More »

React to this headline:

Loading spinner

The challenges of GenAI in fintech

The challenges of GenAI in fintech 2024-05-20 at 08:01 By Help Net Security Due to the cybersecurity disclosure rules the Securities and Exchange Commission (SEC) has adopted in 2023, public entities in the US are required to disclose any material cybersecurity incidents. Moving forward, these organizations will need in-depth knowledge of the impact, nature, scope …

The challenges of GenAI in fintech Read More »

React to this headline:

Loading spinner

Grafana: Open-source data visualization platform

Grafana: Open-source data visualization platform 2024-05-20 at 07:31 By Mirko Zorz Grafana is an open-source solution for querying, visualizing, alerting, and exploring metrics, logs, and traces regardless of where they are stored. Grafana provides tools to transform your time-series database (TSDB) data into meaningful graphs and visualizations. Additionally, its plugin framework lets you integrate various …

Grafana: Open-source data visualization platform Read More »

React to this headline:

Loading spinner

US exposes scheme enabling North Korean IT workers to bypass sanctions

US exposes scheme enabling North Korean IT workers to bypass sanctions 2024-05-17 at 14:46 By Zeljka Zorz The US Justice Department had unsealed charges against a US woman and an Ukranian man who, along with three unidentified foreign nationals, have allegedly helped North Korean IT workers work remotely for US companies under assumed US identities …

US exposes scheme enabling North Korean IT workers to bypass sanctions Read More »

React to this headline:

Loading spinner
Scroll to Top