Multi-modal data protection with AI’s help 04/08/2023 at 08:02 By Help Net Security Cybersecurity risk is distinct from other IT risk in that it has a thinking, adaptive, human opponent. IT generally must deal with first order chaos and risk much like hurricanes in meteorology or viruses in biology: complex and dangerous – but fundamentally […]
Multi-modal data protection with AI’s help Read More »
The direct impact of cyberattacks on patient safety and care delivery 04/08/2023 at 07:02 By Help Net Security As the healthcare industry continues its rapid transformation through the adoption of digital technologies, it is also confronted with an ever-expanding range of cybersecurity threats. In this Help Net Security interview, Dr. Omar Sangurima, Principal Technical Program
The direct impact of cyberattacks on patient safety and care delivery Read More »
Russian APT phished government employees via Microsoft Teams 03/08/2023 at 15:17 By Zeljka Zorz An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft. A social engineering attack to bypass MFA protection “To facilitate their attack, the actor uses Microsoft
Russian APT phished government employees via Microsoft Teams Read More »
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) 03/08/2023 at 13:46 By Helga Labus Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti Endpoint Manager Mobile (EPMM). “The vulnerability was incidentally resolved in MobileIron Core 11.3 as part of
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082) Read More »
Google’s AI Red Team: Advancing cybersecurity on the AI frontier 03/08/2023 at 08:02 By Help Net Security With the rise of ML, traditional red teams tasked with probing and exposing security vulnerabilities found themselves facing a new set of challenges that required a deep and comprehensive understanding of machine learning. Google’s recent announcement about the
Google’s AI Red Team: Advancing cybersecurity on the AI frontier Read More »
How local governments can combat cybercrime 03/08/2023 at 07:01 By Help Net Security Amid a recent uptick in cybercrime on local governments, cities have been left to recover for months after the initial attack. For example, leaders in Dallas, Texas are ready to spend months recovering from an attack that hindered the city’s 911 emergency
How local governments can combat cybercrime Read More »
Attackers can turn AWS SSM agents into remote access trojans 02/08/2023 at 16:02 By Zeljka Zorz Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers), as well as to non-EC2 machines (e.g., on-premises enterprise servers and virtual machines, and
Attackers can turn AWS SSM agents into remote access trojans Read More »
Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out 02/08/2023 at 08:02 By Zeljka Zorz The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to people globally, so that they can browse the internet privately,
From tech expertise to leadership: Unpacking the role of a CISO 02/08/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Attila Török, CISO at GoTo, discusses how to balance technical expertise and leadership and how he navigates the rapidly evolving technological landscape. We also delve into the key challenges faced in communicating
From tech expertise to leadership: Unpacking the role of a CISO Read More »
Open-source penetration testing tool BloodHound CE released 02/08/2023 at 06:32 By Mirko Zorz SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying simple Attack
Open-source penetration testing tool BloodHound CE released Read More »
Android n-day bugs pose zero-day threat 01/08/2023 at 14:17 By Helga Labus In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days functioning as zero-days Zero-days are software bugs that are unknown to the vendor but known to – and
Android n-day bugs pose zero-day threat Read More »
US government outlines National Cyber Workforce and Education Strategy 01/08/2023 at 14:03 By Zeljka Zorz After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education Strategy (NCWES), “aimed at addressing both immediate and long-term cyber workforce needs.” The National Cyber Workforce and
US government outlines National Cyber Workforce and Education Strategy Read More »
Keeping the cloud secure with a mindset shift 01/08/2023 at 08:02 By Help Net Security Gartner estimates that in 2023 worldwide end-user spending on public cloud services will grow by 21.7% and hit nearly $600 billion. Even as the economic downturn has most businesses looking for ways to tighten their belts, the cloud remains one
Keeping the cloud secure with a mindset shift Read More »
Strategies for ensuring compliance and security in outdated healthcare IT systems 01/08/2023 at 07:02 By Help Net Security With the average price tag for a healthcare data breach at an all-time high, the overall financial damage to an organization is high regarding economic loss and reputation repair. According to the Cybersecurity and Infrastructure Security Agency
Strategies for ensuring compliance and security in outdated healthcare IT systems Read More »
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) 31/07/2023 at 16:32 By Helga Labus Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted Last week, we reported on a remote unauthenticated API access vulnerability (CVE-2023-35078) affecting Ivanti EPMM having been exploited to target
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081) Read More »
Web browsing is the primary entry vector for ransomware infections 31/07/2023 at 13:47 By Zeljka Zorz The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found. In 2021, it was email attachments (i.e., delivery via SMTP, POP3, and IMAP protocols), but in
Web browsing is the primary entry vector for ransomware infections Read More »
New persistent backdoor used in attacks on Barracuda ESG appliances 31/07/2023 at 13:32 By Helga Labus The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection vulnerability in Barracuda Email Security Gateway (ESG) appliances. Barracuda ESG zero-day exploit and backdoors In late
New persistent backdoor used in attacks on Barracuda ESG appliances Read More »
Stremio vulnerability exposes millions to RCE and data theft 31/07/2023 at 11:02 By Help Net Security CyFox has recently identified a critical hijacking vulnerability in Stremio 4.4, a popular software platform for streaming movies and TV shows. With over 5 million users relying on Stremio for their entertainment needs, this vulnerability poses a significant risk
Stremio vulnerability exposes millions to RCE and data theft Read More »
How the best CISOs leverage people and technology to become superstars 31/07/2023 at 07:47 By Help Net Security What separates superstar CISOs from the rest of the pack is that they are keenly aware of the burgeoning threat landscape and the cybersecurity skills shortage, but they don’t give in to despair. Instead, they use their
How the best CISOs leverage people and technology to become superstars Read More »
Data privacy vault: Securing sensitive data while navigating regulatory demands 31/07/2023 at 07:32 By Help Net Security In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive customer data. He emphasizes how a data privacy vault can reinforce customer trust by offering
Data privacy vault: Securing sensitive data while navigating regulatory demands Read More »