Serial cybersecurity founders get back in the game 13/09/2023 at 07:32 By Help Net Security “I didn’t really have a choice,” says Ben Bernstein, the former CEO and co-founder of Twistlock (acquired by Palo Alto Networks in 2019) and the CEO and co-founder of a new cybersecurity startup that is still in stealth. “Building a […]
Serial cybersecurity founders get back in the game Read More »
The rise and evolution of supply chain attacks 13/09/2023 at 07:03 By Help Net Security A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses
The rise and evolution of supply chain attacks Read More »
Microsoft, Adobe fix zero-days exploited by attackers (CVE-2023-26369, CVE-2023-36761, CVE-2023-36802) 12/09/2023 at 22:01 By Zeljka Zorz September 2023 Patch Tuesday is here, with fixes for actively exploited vulnerabilities in Adobe Acrobat and Reader (CVE-2023-26369), Microsoft Word (CVE-2023-36761), and Microsoft Streaming Service Proxy (CVE-2023-36802). Microsoft vulnerabilities of note Microsoft has delivered fixes for 61 CVE-numbered flaws:
Requests via Facebook Messenger lead to hijacked business accounts 12/09/2023 at 13:32 By Zeljka Zorz Hijackers of Facebook business accounts are relying on fake business inquiries and threats of page/account suspension to trick targets into downloading password-stealing malware. Examples of phishing messages. (Source: Guardio Labs) The campaign Hijacked Facebook business accounts a great way to
Requests via Facebook Messenger lead to hijacked business accounts Read More »
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) 12/09/2023 at 12:47 By Helga Labus Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) Read More »
17 free AWS cybersecurity courses you can take right now 12/09/2023 at 08:02 By Help Net Security Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations.
17 free AWS cybersecurity courses you can take right now Read More »
Strategies for harmonizing DevSecOps and AI 12/09/2023 at 07:32 By Help Net Security The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive security strategy.
Strategies for harmonizing DevSecOps and AI Read More »
Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers 12/09/2023 at 06:02 By Help Net Security Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A
Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers Read More »
CIS SecureSuite membership: Leverage best practices to improve cybersecurity 12/09/2023 at 05:45 By Help Net Security Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to
CIS SecureSuite membership: Leverage best practices to improve cybersecurity Read More »
Microsoft Teams users targeted in phishing attack delivering DarkGate malware 11/09/2023 at 13:31 By Helga Labus A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts
Microsoft Teams users targeted in phishing attack delivering DarkGate malware Read More »
CISOs and board members work more closely than ever before 11/09/2023 at 08:31 By Help Net Security 73% of board members believe they face the risk of a major cyber attack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint. Likewise, 53% feel unprepared to cope with a targeted
CISOs and board members work more closely than ever before Read More »
The blueprint for a highly effective EASM solution 11/09/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden
The blueprint for a highly effective EASM solution Read More »
Empowering consumer privacy with network security 11/09/2023 at 07:38 By Help Net Security Every online interaction hinges on the bedrock of network security. With cyber threats and data breaches making headlines daily, businesses must understand how network security safeguards consumer privacy. In this Help Net Security video, Shawn Edwards, CSO at Zayo Group, discusses how
Empowering consumer privacy with network security Read More »
Email forwarding flaws enable attackers to impersonate high-profile domains 11/09/2023 at 07:02 By Help Net Security Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The
Email forwarding flaws enable attackers to impersonate high-profile domains Read More »
Understanding the dangers of social engineering 11/09/2023 at 06:09 By Help Net Security Social engineering is a manipulative technique used by individuals or groups to deceive or manipulate others into divulging confidential or sensitive information, performing actions, or making decisions that are not in their best interest. It often involves exploiting human psychology and trust
Understanding the dangers of social engineering Read More »
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) 08/09/2023 at 14:02 By Zeljka Zorz A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,”
Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) Read More »
North Korean hackers target security researchers with zero-day exploit 08/09/2023 at 12:32 By Helga Labus North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.
North Korean hackers target security researchers with zero-day exploit Read More »
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit
Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »
September 2023 Patch Tuesday forecast: Important Federal government news 08/09/2023 at 08:17 By Help Net Security Microsoft addressed 33 CVEs in Windows 10 and 11 last month after nearly 3x that number in July. But despite the lull in CVEs, they did provide new security updates for Microsoft Exchange Server, .NET Framework, and even SQL
September 2023 Patch Tuesday forecast: Important Federal government news Read More »
Best practices for implementing a proper backup strategy 08/09/2023 at 07:01 By Help Net Security Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity. In this Help Net Security video, David Boland,
Best practices for implementing a proper backup strategy Read More »