Don’t miss

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data […]

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

15 free Microsoft 365 security training modules worth your time

Don't miss, Hot stuff, how-to, Microsoft, Microsoft 365, News, skill development, strategy, tips /

15 free Microsoft 365 security training modules worth your time 11/10/2023 at 07:32 By Help Net Security Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Microsoft 365 can be difficult for

React to this headline:

Loading spinner

15 free Microsoft 365 security training modules worth your time Read More »

How cyber fusion is helping enterprises modernize security operations

Cloud, collaboration, cybersecurity, Cyware, Don't miss, Hot stuff, orchestration, security operations, SOC, threat hunting, Video /

How cyber fusion is helping enterprises modernize security operations 11/10/2023 at 07:02 By Help Net Security In this Help Net Security video, Anuj Goel, CEO at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive. The post How cyber fusion is helping enterprises modernize

React to this headline:

Loading spinner

How cyber fusion is helping enterprises modernize security operations Read More »

Cloud security and functionality: Don’t settle for just one

Center for Internet Security, Don't miss, News /

Cloud security and functionality: Don’t settle for just one 11/10/2023 at 06:02 By Help Net Security Cloud security is important to you, but that doesn’t mean you’re willing to trade security for functionality. You need security to work for you. Whatever cloud security resources you’re using must be compatible with the services you use to

React to this headline:

Loading spinner

Cloud security and functionality: Don’t settle for just one Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

React to this headline:

Loading spinner

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Why zero trust delivers even more resilience than you think

access management, attack, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetScaler, News, opinion, policy, remediation, zero trust /

Why zero trust delivers even more resilience than you think 10/10/2023 at 08:04 By Help Net Security Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

React to this headline:

Loading spinner

Why zero trust delivers even more resilience than you think Read More »

Turning military veterans into cybersecurity experts

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, TechVets, Threat Intelligence, threats, training /

Turning military veterans into cybersecurity experts 10/10/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in

React to this headline:

Loading spinner

Turning military veterans into cybersecurity experts Read More »

Why security is the bedrock of success for mainframe projects

Cloud, cybersecurity, Don't miss, Hot stuff, Kyndryl, mainframe security, skill development, strategy, training, Video /

Why security is the bedrock of success for mainframe projects 10/10/2023 at 07:02 By Help Net Security Enterprises looking to update their mission-critical operations are approaching modernization in three ways – modernizing on the mainframe, integrating with the hyperscalers, or moving off to the cloud, according to a recent Kyndryl report. Almost all respondents use

React to this headline:

Loading spinner

Why security is the bedrock of success for mainframe projects Read More »

eBook: Cybersecurity career hacks for newcomers

Don't miss, ISC2, News, Whitepapers and webinars /

eBook: Cybersecurity career hacks for newcomers 10/10/2023 at 05:46 By Help Net Security Are you excited to pursue a cybersecurity career but unsure where to begin? Whether you’re a student, an incoming professional, or ready to work in a different field, the tried-and-tested career hacks in this eBook will help you get your start in

React to this headline:

Loading spinner

eBook: Cybersecurity career hacks for newcomers Read More »

$2.7 billion lost to social media scams since 2021

Cryptocurrency, cybercrime, cybersecurity, Don't miss, fraud, FTC, News, report, romance scams, scams, social media, survey /

$2.7 billion lost to social media scams since 2021 09/10/2023 at 13:47 By Help Net Security Scams originating on social media have accounted for $2.7 billion in reported losses since 2021, more than any other contact method, according to the Federal Trade Commission. Social media gives scammers an edge in several ways. They can easily

React to this headline:

Loading spinner

$2.7 billion lost to social media scams since 2021 Read More »

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC

DMARC, Don't miss, Email, enterprise, Hot stuff, Microsoft, Microsoft 365, News, spam /

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC 09/10/2023 at 13:32 By Helga Labus In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records verify that

React to this headline:

Loading spinner

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC Read More »

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM

bug bounty, Chrome, Don't miss, Expert corner, exploit, Google, Google Cloud, News, virtualization /

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM 09/10/2023 at 13:01 By Zeljka Zorz Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual Machine (KVM). “We want to learn from the security community to understand how they

React to this headline:

Loading spinner

Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM Read More »

Selective disclosure in the identity wallet: How users share the data that is really needed

authentication, cyberattack, cybersecurity, data, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, IDnow, News, opinion, Privacy /

Selective disclosure in the identity wallet: How users share the data that is really needed 09/10/2023 at 07:46 By Help Net Security Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals for digital services. Although companies

React to this headline:

Loading spinner

Selective disclosure in the identity wallet: How users share the data that is really needed Read More »

Automotive cybersecurity: A decade of progress and challenges

attacks, automotive security, connected cars, cybersecurity, Don't miss, Hot stuff, IOActive, threats, Video, vulnerability /

Automotive cybersecurity: A decade of progress and challenges 09/10/2023 at 07:31 By Help Net Security As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive,

React to this headline:

Loading spinner

Automotive cybersecurity: A decade of progress and challenges Read More »

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

0-day, apple, Chrome, CVE, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, Patch Tuesday, predictions /

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty 06/10/2023 at 07:47 By Help Net Security September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If

React to this headline:

Loading spinner

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty Read More »

Are executives adequately guarding their gadgets?

Agency, attacks, backdoor, BYOD, CISO, cyberattack, cybersecurity, Don't miss, Hot stuff, MFA, Privacy, Video /

Are executives adequately guarding their gadgets? 06/10/2023 at 07:02 By Help Net Security Today, individual citizens, rather than businesses or governmental bodies, are the main entry points for cyberattacks. However, security solutions haven’t evolved sufficiently to guard public figures and leaders as they do for large corporate entities. In this Help Net Security video, Amir

React to this headline:

Loading spinner

Are executives adequately guarding their gadgets? Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, PoC, Qualys, Red Hat, security update, Ubuntu, vulnerability /

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Scroll to Top