Don’t miss

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831)

0-day, cybercrime, Don't miss, Group-IB, Hot stuff, News, security update, Windows, WinRAR /

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) 23/08/2023 at 18:46 By Zeljka Zorz Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts. “This vulnerability has been exploited since April 2023,” says Group-IB malware […]

React to this headline:

Loading spinner

Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) Read More »

Surge in identity crime victims reporting suicidal thoughts

consumer, Don't miss, Experian, Hot stuff, identity theft, Identity Theft Resource Center, News, scams /

Surge in identity crime victims reporting suicidal thoughts 23/08/2023 at 15:02 By Helga Labus Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the 2023 Consumer Impact Report from the Identity Theft Resource Center (ITRC) and Experian. The report

React to this headline:

Loading spinner

Surge in identity crime victims reporting suicidal thoughts Read More »

Bogus OfficeNote app delivers XLoader macOS malware

botnet, consumer, Don't miss, enterprise, Hot stuff, macOS, Malware, News, SentinelOne /

Bogus OfficeNote app delivers XLoader macOS malware 23/08/2023 at 14:33 By Helga Labus A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample have appeared on VirusTotal throughout July, indicating that the malware has been widely distributed in the wild,” SentinelOne researchers

React to this headline:

Loading spinner

Bogus OfficeNote app delivers XLoader macOS malware Read More »

Open redirect flaws increasingly exploited by phishers

Don't miss, Hot stuff, Kroll, News, phishing, security awareness, social engineering, training /

Open redirect flaws increasingly exploited by phishers 23/08/2023 at 12:49 By Helga Labus Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider refreshing employees’ awareness and knowledge on how to spot them. Malicious URL redirection Open redirect vulnerabilities in web

React to this headline:

Loading spinner

Open redirect flaws increasingly exploited by phishers Read More »

How the downmarket impacted enterprise cybersecurity budgets

CISO, cybersecurity, Don't miss, Hot stuff, investment, market, security ROI, strategy, Video, YL Ventures /

How the downmarket impacted enterprise cybersecurity budgets 23/08/2023 at 07:32 By Help Net Security Belts have tightened, and that ROI and cost reduction are now driving CISO decision-making more than ever. In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how enterprise cybersecurity budgets have been impacted by the downmarket

React to this headline:

Loading spinner

How the downmarket impacted enterprise cybersecurity budgets Read More »

Anticipating the next wave of IoT cybersecurity challenges

Artificial Intelligence, cybersecurity, Don't miss, Features, FIDO Alliance, framework, Hot stuff, Internet of Things, interoperability, machine learning, News, opinion, policy, Red Alert Labs, standards, strategy, vulnerability /

Anticipating the next wave of IoT cybersecurity challenges 23/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Roland Atoui, Managing Director at Red Alert Labs, discusses the intricacies of transitioning from isolated IoT setups to interconnected environments, examining the broadening attack surface and the nuanced complexities this evolution imposes. Atoui also delves

React to this headline:

Loading spinner

Anticipating the next wave of IoT cybersecurity challenges Read More »

Seiko joins growing list of ALPHV/BlackCat ransomware victims

data breach, Don't miss, Hot stuff, News, Ransomware /

Seiko joins growing list of ALPHV/BlackCat ransomware victims 22/08/2023 at 12:03 By Helga Labus Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The company published a data breach and response notice on August 10, 2023, stating that an

React to this headline:

Loading spinner

Seiko joins growing list of ALPHV/BlackCat ransomware victims Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

React to this headline:

Loading spinner

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

IT’s rising role in physical security technology

cloud adoption, collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Motorola Solutions, opinion, physical security, policy, surveillance /

IT’s rising role in physical security technology 22/08/2023 at 07:34 By Help Net Security As the adoption of cloud-based and mobile-access security systems continues to increase among both new and established businesses, the lines between traditional physical security personnel and IT staff are beginning to blur. Traditionally, the common approach towards organizational security has always

React to this headline:

Loading spinner

IT’s rising role in physical security technology Read More »

Maintaining consistent security in diverse cloud infrastructures

CISO, Cloud, cloud computing, cloud security, cyber resilience, cybersecurity, DevOps, Don't miss, Features, Hot stuff, misconfiguration, Mitigant, monitoring, News, opinion, training /

Maintaining consistent security in diverse cloud infrastructures 22/08/2023 at 07:01 By Mirko Zorz As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and

React to this headline:

Loading spinner

Maintaining consistent security in diverse cloud infrastructures Read More »

Understanding how attackers exploit APIs is more important than ever

API security, cybersecurity, Don't miss, Hot stuff, how-to, Intruder, programming, strategy, tips, Video /

Understanding how attackers exploit APIs is more important than ever 22/08/2023 at 06:32 By Help Net Security In this Help Net Security video, Andy Hornegold, Product Lead at Intruder, dives into API security and explores how several recent high-profile breaches were caused by simple failings – which didn’t require sophisticated security to prevent. The number

React to this headline:

Loading spinner

Understanding how attackers exploit APIs is more important than ever Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software /

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

React to this headline:

Loading spinner

8 open-source OSINT tools you should try Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR /

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

React to this headline:

Loading spinner

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Chrome will tell users when extensions they use are removed from Chrome Web Store

browser, Chrome, Chrome Web Store, Don't miss, extension, Google, Hot stuff, News /

Chrome will tell users when extensions they use are removed from Chrome Web Store 21/08/2023 at 13:33 By Helga Labus Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. A safety check for Chrome extensions

React to this headline:

Loading spinner

Chrome will tell users when extensions they use are removed from Chrome Web Store Read More »

How EU lawmakers can make mandatory vulnerability disclosure responsible

cybersecurity, Don't miss, ENISA, EU, European Commission, Expert analysis, Expert corner, Government, HackerOne, Hot stuff, legislation, opinion, vulnerability disclosure /

How EU lawmakers can make mandatory vulnerability disclosure responsible 21/08/2023 at 07:33 By Help Net Security There is a standard playbook and best practice for when an organization discovers or is notified about a software vulnerability: The organization works quickly to fix the problem and, once a fix is available, discloses that vulnerability for the

React to this headline:

Loading spinner

How EU lawmakers can make mandatory vulnerability disclosure responsible Read More »

Network detection and response in the modern era

BYOD, CISO, Compliance, cybersecurity, Don't miss, Exeon, Features, Hot stuff, IoT, machine learning, News, opinion, Ransomware, regulation, shadow IT, strategy, zero trust /

Network detection and response in the modern era 21/08/2023 at 07:04 By Mirko Zorz In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to

React to this headline:

Loading spinner

Network detection and response in the modern era Read More »

4 ways simulation training alleviates team burnout

burnout, CISO, Cloud Range, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, professional, SOC, training /

4 ways simulation training alleviates team burnout 18/08/2023 at 11:32 By Help Net Security Burnout is endemic in the cybersecurity industry, damaging the mental and physical health of cyber professionals and leaving organizations underskilled, understaffed, and overexposed to cyber risk as security leaders and team members leave for more promising career opportunities elsewhere or drop

React to this headline:

Loading spinner

4 ways simulation training alleviates team burnout Read More »

Zimbra users in Europe, Latin America face phishing threat

credentials, Don't miss, ESET, Europe, Government, Hot stuff, News, phishing, SMBs, social engineering /

Zimbra users in Europe, Latin America face phishing threat 18/08/2023 at 11:04 By Help Net Security ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been

React to this headline:

Loading spinner

Zimbra users in Europe, Latin America face phishing threat Read More »

Reinventing OT security for dynamic landscapes

asvin, authentication, CISO, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, opinion, regulation, Risk Management, strategy, tips, zero trust /

Reinventing OT security for dynamic landscapes 18/08/2023 at 07:05 By Mirko Zorz From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. As cloud solutions

React to this headline:

Loading spinner

Reinventing OT security for dynamic landscapes Read More »

A closer look at the new TSA oil and gas pipeline regulations

Compliance, cybersecurity, Don't miss, Government, GuidePoint Security, Hot stuff, regulation, USA, Video, vulnerability assessment /

A closer look at the new TSA oil and gas pipeline regulations 18/08/2023 at 06:02 By Help Net Security The TSA has announced updates to its Security Directive (SD) to strengthen the operational resilience of oil and natural gas pipeline owners and operators against cyber-attacks. In this Help Net Security video, Chris Warner, OT Senior

React to this headline:

Loading spinner

A closer look at the new TSA oil and gas pipeline regulations Read More »

Scroll to Top