No summer break for cybercrime: Why educational institutions need better cyber resilience 2024-06-05 at 07:31 By Help Net Security The education system isn’t equipped to handle today’s cyberthreats. I’m not just talking about cybersecurity education in schools shaping the technical workforce of the future – America’s schools themselves are prime targets for cybercrime today. In […]
How AI-powered attacks are accelerating the shift to zero trust strategies 2024-06-05 at 07:01 By Mirko Zorz In this Help Net Security interview, Jenn Markey, Advisor to The Entrust Cybersecurity Institute, discusses the increasing adoption of enterprise-wide zero trust strategies in response to evolving cyber threats. Markey discusses the impact of emerging threats like AI-generated
How AI-powered attacks are accelerating the shift to zero trust strategies Read More »
Find out which cyber threats you should be concerned about 2024-06-05 at 06:01 By Help Net Security This article includes excerpts from various reports that offer statistics and insights into the current cyber threat landscape. Human error still perceived as the Achilles’ heel of cybersecurity Proofpoint | 2024 Voice of the CISO | May 2024
Find out which cyber threats you should be concerned about Read More »
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and
PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »
eBook: Breaking bad actors 2024-06-04 at 16:31 By Help Net Security There’s never been a better time to deepen your skills in cybersecurity as the demand for experienced experts continues to grow. Learn how to break today’s bad actors in the eBook. Inside the eBook: Why the need for more cybersecurity professionals? The skillsets you’ll
eBook: Breaking bad actors Read More »
361 million account credentials leaked on Telegram: Are yours among them? 2024-06-04 at 15:03 By Zeljka Zorz A new trove of 361 million email addresses has been added to Have I Been Pwned? (HIBP), the free online service through which users can check whether their account credentials and other data has been compromised in one
361 million account credentials leaked on Telegram: Are yours among them? Read More »
20 free cybersecurity tools you might have missed 2024-06-04 at 07:31 By Help Net Security Free, open-source cybersecurity tools have become indispensable to protecting individuals, organizations, and critical infrastructure from cyber threats. These tools are created through collaborative and transparent efforts, making them affordable and accessible alternatives to proprietary software. Here, you will find a
20 free cybersecurity tools you might have missed Read More »
Third-party vendors pose serious cybersecurity threat to national security 2024-06-04 at 07:01 By Help Net Security In this Help Net Security video, Paul Prudhomme, Principal Security Analyst at SecurityScorecard, discusses the findings of the 2024 Redefining Resilience: Concentrated Cyber Risk in a Global Economy Research report. This research details a surge in adversaries exploiting third-party
Third-party vendors pose serious cybersecurity threat to national security Read More »
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and
High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »
NethSecurity: Open-source Linux firewall 2024-06-03 at 07:31 By Mirko Zorz NethSecurity is a free, open-source Linux firewall that simplifies network security deployment. It integrates various security features into one platform, including firewalling, intrusion detection and prevention, antivirus, multi-WAN, DNS, and content filtering. NethSecurity has an intuitive interface that delivers real-time insights and control over network
NethSecurity: Open-source Linux firewall Read More »
Snowflake denies breach, blames data theft on poorly secured customer accounts 2024-06-01 at 23:32 By Zeljka Zorz Snowflake is disputing claims made by a threat actor who stole data belonging to Santander and Ticketmaster, and maintains that the theft of customer data was the result of stolen customer login credentials. “We are aware of recent
Snowflake denies breach, blames data theft on poorly secured customer accounts Read More »
Snowflake compromised? Attackers exploit stolen credentials 2024-05-31 at 22:17 By Zeljka Zorz Have attackers compromised Snowflake or just their customers’ accounts and databases? Conflicting claims muddy the situation. What is Snowflake? Snowflake is cloud-based data storage and analytics company based in the US, and claims nearly 9,500 organizations around the world as customers. “From an
Snowflake compromised? Attackers exploit stolen credentials Read More »
25,000 individuals affected in BBC Pension Scheme data breach 2024-05-31 at 16:16 By Zeljka Zorz Personal information of current and former BBC employees has been exposed in a data breach that affected the broadcaster’s in-house pension scheme. More than 25,000 individuals have been affected, according to The Guardian. What data was exposed? “On the 21
25,000 individuals affected in BBC Pension Scheme data breach Read More »
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical
Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »
Encrypted Notepad: Open-source text editor 2024-05-31 at 06:33 By Mirko Zorz Encrypted Notepad, an open-source text editor, ensures your files are saved and loaded encrypted with AES-256. With no ads, no network connection required, and no unnecessary features, it’s a tool that simply works. “Like the Windows Notepad app, it has no features besides text
Encrypted Notepad: Open-source text editor Read More »
NIST says NVD will be back on track by September 2024 2024-05-30 at 14:01 By Zeljka Zorz The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced
NIST says NVD will be back on track by September 2024 Read More »
Moonstone Sleet: A new North Korean threat actor 2024-05-29 at 15:46 By Zeljka Zorz Microsoft has named yet another state-aligned threat actor: Moonstone Sleet (formerly Storm-1789), which engages in cyberespionage and ransomware attacks to further goals of the North Korean regime. “Moonstone Sleet uses tactics, techniques, and procedures (TTPs) also used by other North Korean
Moonstone Sleet: A new North Korean threat actor Read More »
How fraudsters stole $37 million from Coinbase Pro users 2024-05-29 at 13:46 By Zeljka Zorz A convincing phishing page and some over-the-phone social engineering allowed a group of crooks to steal over $37 million from unlucky Coinbase Pro users. One of them – Chirag Tomar, a 30-year-old citizen of the Republic of India – has
How fraudsters stole $37 million from Coinbase Pro users Read More »
PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it
Avoiding the cybersecurity blame game 2024-05-29 at 07:31 By Help Net Security Cyber risk management has many components. Those who do it well will conduct comprehensive risk assessments, enact well-documented and well-communicated processes and controls, and fully implemented monitoring and review requirements. Processes and controls typically comprise policies, which will include detailed explanations of the
Avoiding the cybersecurity blame game Read More »