Don’t miss

RansomLord: Open-source anti-ransomware exploit tool

cybercrime, Don't miss, GitHub, Hot stuff, News, open source, Ransomware, software /

RansomLord: Open-source anti-ransomware exploit tool 2024-05-29 at 07:01 By Mirko Zorz RansomLord is an open-source tool that automates the creation of PE files, which are used to exploit ransomware pre-encryption. “I created RansomLord to demonstrate ransomware is not invincible, has vulnerabilities and its developers make mistakes and can write bad code just like everyone else,” […]

RansomLord: Open-source anti-ransomware exploit tool Read More »

A closer look at GenAI impact on businesses

1Password, Accenture, Cisco, Cloud Security Alliance, Code42, Don't miss, generative AI, Google Cloud, Hot stuff, IBM, Netskope, News, report, Splunk, survey, Trellix /

A closer look at GenAI impact on businesses 2024-05-29 at 06:01 By Help Net Security This article includes excerpts from various reports that provide statistics and insights on GenAI and its impact on businesses. CEOs accelerate GenAI adoption despite workforce resistance IBM | IBM study | May 2024 63% of CEOs say their teams have

A closer look at GenAI impact on businesses Read More »

Attackers are probing Check Point Remote Access VPN devices

Check Point, Cisco, Don't miss, enterprise, Hot stuff, News, VPN /

Attackers are probing Check Point Remote Access VPN devices 2024-05-28 at 12:46 By Zeljka Zorz Attackers are trying to gain access to Check Point VPN devices via local accounts protected only by passwords, the company has warned on Monday. Their ultimate goal is to use that access to discover and pivot to other enterprise assets

Attackers are probing Check Point Remote Access VPN devices Read More »

The evolution of security metrics for NIST CSF 2.0

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Gutsy, Hot stuff, News, opinion, security metrics, threats /

The evolution of security metrics for NIST CSF 2.0 2024-05-28 at 08:03 By Help Net Security CISOs have long been spreadsheet aficionados, soaking up metrics and using them as KPIs for security progress. These metrics have traditionally measured specific systems or single indicators — vulnerabilities detected, percentage of vulnerabilities patched, software and hardware asset inventory

The evolution of security metrics for NIST CSF 2.0 Read More »

How to combat alert fatigue in cybersecurity

cybersecurity, DevOps, Don't miss, Features, framework, Hot stuff, News, opinion, Stamus Networks, strategy /

How to combat alert fatigue in cybersecurity 2024-05-28 at 07:31 By Mirko Zorz In this Help Net Security interview, Ken Gramley, CEO at Stamus Networks, discusses the primary causes of alert fatigue in cybersecurity and DevOps environments. Alert fatigue results from the overwhelming volume of event data generated by security tools, the prevalence of false

How to combat alert fatigue in cybersecurity Read More »

Cybersecurity teams gear up for tougher challenges in 2024

Artificial Intelligence, bot, cybersecurity, Don't miss, Edgio, Hot stuff, patching, Threat Intelligence, Video /

Cybersecurity teams gear up for tougher challenges in 2024 2024-05-28 at 07:01 By Help Net Security In this Help Net Security video, Tom Gorup, VP of Security Services at Edgio, discusses the continually changing threat landscape. It is riddled with vulnerabilities that are frequently exploited and only intensify as geopolitics and state-sponsored activity increase. Key

Cybersecurity teams gear up for tougher challenges in 2024 Read More »

Chronon: Open-source data platform for AI/ML applications

Airbnb, Don't miss, GitHub, Hot stuff, News, open source, software /

Chronon: Open-source data platform for AI/ML applications 2024-05-27 at 07:01 By Mirko Zorz Chronon is an open-source, end-to-end feature platform designed for machine learning (ML) teams to build, deploy, manage, and monitor data pipelines for machine learning. Chronon enables you to harness all the data within your organization, including batch tables, event streams, and services,

Chronon: Open-source data platform for AI/ML applications Read More »

US retailers under attack by gift card-thieving cyber gang

cybercrime, Don't miss, FBI, Hot stuff, Microsoft, News, Retail, tips /

US retailers under attack by gift card-thieving cyber gang 2024-05-24 at 14:01 By Zeljka Zorz Earlier this month, the FBI published a private industry notification about Storm-0539 (aka Atlas Lion), a Morocco-based cyber criminal group that specializes in compromising retailers and creating fraudulent gift cards. Microsoft then went more in-dept on the group’s tactics, techniques,

US retailers under attack by gift card-thieving cyber gang Read More »

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

0-day, Chrome, CVE, Don't miss, Hot stuff, News, security update, Vivaldi, vulnerability /

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) 2024-05-24 at 10:46 By Zeljka Zorz For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) Read More »

Product showcase: Alert – Data breach detector for your email, credit card, and ID

credentials, data breach, Don't miss, email security, Hot stuff, News, Product showcase, Surfshark /

Product showcase: Alert – Data breach detector for your email, credit card, and ID 2024-05-24 at 08:31 By Help Net Security Compared to the last quarter of 2023, data breaches rose from 81M to 435M in Q1 2024. That’s a 5-fold increase in just a few months. One of the most common ways data breaches

Product showcase: Alert – Data breach detector for your email, credit card, and ID Read More »

Fail2Ban: Ban hosts that cause multiple authentication errors

Don't miss, Linux, News, open source, software /

Fail2Ban: Ban hosts that cause multiple authentication errors 2024-05-24 at 08:02 By Mirko Zorz Fail2Ban is an open-source tool that monitors log files, such as /var/log/auth.log, and blocks IP addresses that exhibit repeated failed login attempts. It does this by updating system firewall rules to reject new connections from those IP addresses for a configurable

Fail2Ban: Ban hosts that cause multiple authentication errors Read More »

Compromised recording software was served from vendor’s official site, threat researchers say

Don't miss, Hot stuff, Malware, News, Rapid7, supply chain compromise /

Compromised recording software was served from vendor’s official site, threat researchers say 2024-05-23 at 18:01 By Zeljka Zorz Legitimate recording software JAVS Viewer has been saddled with loader malware and has been served from the developer’s site since at least April 2, a threat researcher has warned last month. After analyzing a flagged installer detected

Compromised recording software was served from vendor’s official site, threat researchers say Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability /

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

HHS pledges $50M for autonomous vulnerability management solution for hospitals

CISA, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, patching, Ransomware, vulnerability management /

HHS pledges $50M for autonomous vulnerability management solution for hospitals 2024-05-23 at 10:18 By Zeljka Zorz As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has

HHS pledges $50M for autonomous vulnerability management solution for hospitals Read More »

CISOs pursuing AI readiness should start by updating the org’s email security policy

Artificial Intelligence, CISO, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, generative AI, Hot stuff, Ironscales, News, opinion, policy /

CISOs pursuing AI readiness should start by updating the org’s email security policy 2024-05-23 at 08:03 By Anamarija Pogorelec Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on the decline. Easily detected by most of today’s standard email security

CISOs pursuing AI readiness should start by updating the org’s email security policy Read More »

Strategies for transitioning to a SASE architecture

Artificial Intelligence, Cloudbrink, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote access, remote working, SASE, security ROI /

Strategies for transitioning to a SASE architecture 2024-05-23 at 07:33 By Mirko Zorz In this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them. What are companies’ primary challenges when transitioning to a SASE architecture, and how can they

Strategies for transitioning to a SASE architecture Read More »

2024 sees continued increase in ransomware activity

Corvus Insurance, cybersecurity, Don't miss, Hot stuff, law enforcement, MFA, patching, Ransomware, threat, Video /

2024 sees continued increase in ransomware activity 2024-05-23 at 06:31 By Help Net Security In this Help Net Security video, Ryan Bell, Threat Intelligence Manager at Corvus Insurance, discusses how ransomware will continue to grow in 2024. In January, Corvus reported that global ransomware attacks in 2023 set a record high, surpassing 2022 by nearly

2024 sees continued increase in ransomware activity Read More »

Windows’ new Recall feature: A privacy and security nightmare?

data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Windows’ new Recall feature: A privacy and security nightmare? 2024-05-22 at 15:32 By Zeljka Zorz Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts them, saves them, and leverages AI to allow users to search through them for

Windows’ new Recall feature: A privacy and security nightmare? Read More »

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

backup, Don't miss, enterprise, Hot stuff, News, Veeam Software, vulnerability /

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

Authelia: Open-source authentication and authorization server

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenSSF, software /

Authelia: Open-source authentication and authorization server 2024-05-22 at 07:33 By Mirko Zorz Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to the application backends.

Authelia: Open-source authentication and authorization server Read More »

Scroll to Top