Don’t miss

9 essential ransomware guides and checklists available for free

ANSSI, CISA, cybercrime, Don't miss, DXC Technology, Egnyte, FTC, Government, guide, Hot stuff, how-to, IBM, IBM X-Force, Malware, National Cyber Security Centre, News, Ransomware, strategy, tips /

9 essential ransomware guides and checklists available for free 02/10/2023 at 08:03 By Help Net Security According to Fortinet, ransomware activity has intensified, registering an increase of 13 times compared to the beginning of 2023 in terms of all malware detections. The rise of Ransomware-as-a-Service has primarily driven this surge in ransomware variations. According to […]

9 essential ransomware guides and checklists available for free Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity /

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

Securing GitHub Actions for a safer DevOps pipeline Read More »

Protecting against FraudGPT, ChatGPT’s evil twin

Artificial Intelligence, ChatGPT, credentials, cybercrime, cybercriminals, cybersecurity, dark web, Don't miss, Email, fraud, Hot stuff, identity management, My1Login, passwords, phishing, scams, Video /

Protecting against FraudGPT, ChatGPT’s evil twin 02/10/2023 at 07:01 By Help Net Security FraudGPT is the evil counterpart to ChatGPT. Criminals use it to target businesses with phishing emails and scams with speed and accuracy like never before. The AI can be prompted to create the most realistic phishing emails, perfected down to a business’

Protecting against FraudGPT, ChatGPT’s evil twin Read More »

Malicious ads creep into Bing Chat responses

Artificial Intelligence, Don't miss, Hot stuff, malvertising, Malwarebytes, Microsoft, News, search engine /

Malicious ads creep into Bing Chat responses 29/09/2023 at 16:46 By Helga Labus Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. According to Malwarebytes researchers, searching for Advanced IP Scanner (network-scanning software) or MyCase (legal case management software) may result in an

Malicious ads creep into Bing Chat responses Read More »

How should organizations navigate the risks and opportunities of AI?

Artificial Intelligence, Conquest Cyber, cybercriminals, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, opinion, phishing, strategy /

How should organizations navigate the risks and opportunities of AI? 29/09/2023 at 08:33 By Help Net Security As we realize exciting new advancements in the application of generative pre-trained transformer (GPT) technology, our adversaries are finding ingenious ways to leverage these capabilities to inflict harm. There’s evidence to suggest that offensive actors are using AI

How should organizations navigate the risks and opportunities of AI? Read More »

Why California’s Delete Act matters for the whole country

BlackCloak, CISO, cybercrime, cybercriminals, cybersecurity, dark web, data, Don't miss, Government, Hot stuff, identity, law, Privacy, regulation, USA, Video /

Why California’s Delete Act matters for the whole country 29/09/2023 at 06:32 By Help Net Security The California State Legislature passed Senate Bill 362, known as the Delete Act, to simplify the process for consumers to ask to remove their personal data gathered by data brokers. In this Help Net Security video, Dr. Chris Pierson,

Why California’s Delete Act matters for the whole country Read More »

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) 28/09/2023 at 14:47 By Helga Labus Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) Read More »

How to avoid the 4 main pitfalls of cloud identity management

access management, cloud security, DevOps, Don't miss, Expert analysis, Expert corner, identity, identity management, Lacework, misconfiguration, News, opinion /

How to avoid the 4 main pitfalls of cloud identity management 28/09/2023 at 08:02 By Help Net Security Securing cloud identities isn’t easy. Organizations need to complete a laundry list of actions to confirm proper configuration, ensure clear visibility into identities, determine and understand who can take what actions, and on top of it all

How to avoid the 4 main pitfalls of cloud identity management Read More »

The hidden costs of neglecting cybersecurity for small businesses

Artificial Intelligence, attacks, Compliance, cybersecurity, Don't miss, education, Encryption, Features, Hot stuff, Incident Response, investment, Judy Security, MFA, News, opinion, passwords, phishing, regulation, threat, training, vulnerability /

The hidden costs of neglecting cybersecurity for small businesses 28/09/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. He also

The hidden costs of neglecting cybersecurity for small businesses Read More »

Kubernetes attacks in 2023: What it means for the future

attacks, Cloud, containers, cybersecurity, Don't miss, Hot stuff, KSOC, Kubernetes, Video /

Kubernetes attacks in 2023: What it means for the future 28/09/2023 at 07:01 By Help Net Security In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy Mesta, CTO at KSOC, explores what it would take

Kubernetes attacks in 2023: What it means for the future Read More »

New twist on ZeroFont phishing technique spotted in the wild

Don't miss, email security, Hot stuff, News, Outlook, phishing, SANS ISC /

New twist on ZeroFont phishing technique spotted in the wild 27/09/2023 at 15:47 By Helga Labus Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack Documented and named by Avanan in 2018, the ZeroFont technique involves using text written in

New twist on ZeroFont phishing technique spotted in the wild Read More »

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

1Password, Alpine, Chrome, containers, Debian, Don't miss, Firefox, Google, Hot stuff, LibreOffice, Linux, macOS, Microsoft Teams, News, Opera, patch, patching, Rezilion, runZero, Signal, Slack, SUSE, Telegram, Ubuntu, Vivaldi, vulnerability, vulnerability management /

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »

Fake Bitwarden installation packages delivered RAT to Windows users

Bitwarden, Don't miss, Hot stuff, Malware, News, Proofpoint, Remote Access Trojan, Windows /

Fake Bitwarden installation packages delivered RAT to Windows users 27/09/2023 at 11:47 By Helga Labus Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan (RAT). The ZenRAT malware A malicious website spoofing Bitwarden’s legitimate one (located at bitwariden[.]com) has been offering fake installation packages containing the ZenRAT

Fake Bitwarden installation packages delivered RAT to Windows users Read More »

The pitfalls of neglecting security ownership at the design stage

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, investment, Lenovo, News, opinion, policy, product development, SMBs, software, software development, strategy /

The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net

The pitfalls of neglecting security ownership at the design stage Read More »

Is your identity safe? Exploring the gaps in threat protection

attack, credentials, cyber resilience, cybersecurity, data breach, Don't miss, Hot stuff, identity, MFA, Ransomware, Silverfort, threat, Video /

Is your identity safe? Exploring the gaps in threat protection 27/09/2023 at 07:01 By Help Net Security A recent study from Silverfort has identified the identity attack surface as today’s most substantial weakness in cybersecurity resilience. Traditional approaches, such as MFA and PAM, have notable limitations that can lead to the exploitation of stolen credentials.

Is your identity safe? Exploring the gaps in threat protection Read More »

Network Flight Simulator: Open-source adversary simulation tool

AlphaSOC, cybersecurity, Don't miss, GitHub, News, research, software /

Network Flight Simulator: Open-source adversary simulation tool 27/09/2023 at 06:31 By Mirko Zorz Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic

Network Flight Simulator: Open-source adversary simulation tool Read More »

Guide: SaaS Offboarding Checklist

Don't miss, News, Nudge Security, Whitepapers and webinars /

Guide: SaaS Offboarding Checklist 27/09/2023 at 05:49 By Help Net Security Download this template from Nudge Security for the essential steps of IT offboarding in the age of SaaS. This employee offboarding checklist covers the murky territory of offboarding SaaS access for departing employees—a land of common pitfalls and missed steps. Download a tailored Google

Guide: SaaS Offboarding Checklist Read More »

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

continuous integration, Don't miss, Hot stuff, JetBrains, News, Rapid7, software delivery, software development, vulnerability /

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) 26/09/2023 at 18:01 By Zeljka Zorz Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server.

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) Read More »

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

data breach, Data leak, Don't miss, Emsisoft, extortion, Hot stuff, KonBriefing Research, News, Progress /

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations 26/09/2023 at 15:01 By Helga Labus The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations Read More »

Has Sony been hacked again?

Barrier Networks, cybercrime, data breach, Don't miss, Hot stuff, My1Login, News, Sony /

Has Sony been hacked again? 26/09/2023 at 13:19 By Zeljka Zorz Ransomed.vc, a relatively new ransomware / cyber extortion group, claims to have hacked Sony and made off with valuable data. Sony allegedly hacked and its data held for ransom “We have successfully compromissed all of sony systems. We wont ransom them! we will sell

Has Sony been hacked again? Read More »

Scroll to Top