A closer look at healthcare’s battle with AI-driven attacks 31/10/2023 at 08:02 By Mirko Zorz With its wealth of sensitive patient data, the healthcare industry has become a prime target for cybercriminals leveraging AI tools. As these threats continue to evolve, it’s important to understand how AI is shaping the cybercrime landscape in healthcare and […]
A closer look at healthcare’s battle with AI-driven attacks Read More »
Vulnerability management metrics: How to measure success 31/10/2023 at 07:32 By Help Net Security Without the right metrics, vulnerability management is pretty pointless. If you’re not measuring, how do you know it’s working? So how do you know what to focus on? The list is potentially endless, and it can be hard to know what’s
Vulnerability management metrics: How to measure success Read More »
F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian
F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »
Logging Made Easy: Free log management solution from CISA 30/10/2023 at 13:17 By Help Net Security CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre
Logging Made Easy: Free log management solution from CISA Read More »
Google expands bug bounty program to cover AI-related threats 30/10/2023 at 12:18 By Helga Labus Google has expanded its bug bounty program, aka Vulnerability Rewards Program (VRP), to cover threats that could arise from Google’s generative AI systems. Google’s AI bug bounty program Following the voluntary commitment to the Biden-Harris Administration to develop responsible AI
Google expands bug bounty program to cover AI-related threats Read More »
The dangers of dual ransomware attacks 30/10/2023 at 09:32 By Help Net Security At some point in the movie “Groundhog Day,” Phil Connors breaks his bedside radio when he is woken up (yet again) by the song “I Got You Babe”. This déjà vu seems to await companies that fall victim to ransomware and fail
The dangers of dual ransomware attacks Read More »
Finding the right approach to security awareness 30/10/2023 at 09:02 By Help Net Security As artificial intelligence amplifies the sophistication and reach of phishing, vishing, and smishing attacks, understanding and managing human cyber risks has become increasingly vital. Security awareness training is essential and must be a live, evolving process. In this Help Net Security
Finding the right approach to security awareness Read More »
AI threat landscape: Model theft and inference attacks emerge as top concerns 30/10/2023 at 08:31 By Mirko Zorz Generative AI has emerged as a powerful tool, heralded for its potential but also scrutinized for its implications. Enterprises will invest nearly $16 billion worldwide on GenAI solutions in 2023, according to IDC. In this Help Net
AI threat landscape: Model theft and inference attacks emerge as top concerns Read More »
Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to
Apple news: iLeakage attack, MAC address leakage bug Read More »
Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed
Raven: Open-source CI/CD pipeline security scanner Read More »
Humans are still better than AI at crafting phishing emails, but for how long? 26/10/2023 at 15:17 By Helga Labus Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI The
Humans are still better than AI at crafting phishing emails, but for how long? Read More »
Quishing: Tricks to look out for 26/10/2023 at 11:01 By Zeljka Zorz QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as connecting to a
Quishing: Tricks to look out for Read More »
OT cyber attacks proliferating despite growing cybersecurity spend 26/10/2023 at 07:32 By Help Net Security The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack
OT cyber attacks proliferating despite growing cybersecurity spend Read More »
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »
What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT 25/10/2023 at 07:31 By Help Net Security The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control
Strategies to overcome cybersecurity misconceptions 25/10/2023 at 07:02 By Help Net Security Many CISOs may believe their cybersecurity defenses are robust enough to repel any attack, but there are critical misconceptions they may be harboring. In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the most significant pitfalls
Strategies to overcome cybersecurity misconceptions Read More »
1Password also affected by Okta Support System breach 24/10/2023 at 13:50 By Zeljka Zorz Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,”
1Password also affected by Okta Support System breach Read More »
Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to
Bracing for AI-enabled ransomware and cyber extortion attacks Read More »