Real-world examples of quantum-based attacks 17/07/2023 at 07:02 By Help Net Security Quantum computing is poised to revolutionize the way we secure and privatize data. It can potentially disrupt our existing encryption methods, endangering sensitive data from various sources in ways even beyond what we’ve experienced with AI. In this Help Net Security video, Tommaso […]
Real-world examples of quantum-based attacks Read More »
Meta’s Threads app used as a lure 14/07/2023 at 14:16 By Zeljka Zorz It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or
Meta’s Threads app used as a lure Read More »
Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities 13/07/2023 at 14:32 By Help Net Security FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities Read More »
Combatting data governance risks of public generative AI tools 13/07/2023 at 08:02 By Help Net Security When companies utilize public generative AI tools, the models are refined on input data provided by the company. Regarding data security, unauthorized use of sensitive data or the accidental exposure of proprietary information can lead to reputational damage, legal
Combatting data governance risks of public generative AI tools Read More »
Attack Surface Management: Identify and protect the unknown 13/07/2023 at 07:33 By Help Net Security In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM). Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk.
Attack Surface Management: Identify and protect the unknown Read More »
Only 45% of cloud data is currently encrypted 13/07/2023 at 06:01 By Help Net Security 39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error was reported as the leading cause of cloud data breaches by
Only 45% of cloud data is currently encrypted Read More »
Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident
Chinese hackers forged authentication tokens to breach government emails Read More »
How Google Cloud’s AML AI redefines the fight against money laundering 12/07/2023 at 07:02 By Mirko Zorz Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, financial institutions can now stay ahead of evolving financial crime risks, improve operational efficiency, ensure
How Google Cloud’s AML AI redefines the fight against money laundering Read More »
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) 11/07/2023 at 13:02 By Zeljka Zorz Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) Read More »
CISO perspective on why Boards don’t fully grasp cyber attack risks 11/07/2023 at 07:33 By Mirko Zorz Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when Boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business
CISO perspective on why Boards don’t fully grasp cyber attack risks Read More »
Cybersecurity best practices while working in the summer 11/07/2023 at 07:02 By Help Net Security IT teams need help to monitor and enforce BYOD policies during summer months when more employees often travel or work remotely. In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees
Cybersecurity best practices while working in the summer Read More »
Flaw in Revolut payment systems exploited to steal $20 million 10/07/2023 at 17:05 By Zeljka Zorz Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation. Revolut’s cybersecurity troubles Revolut is a
Flaw in Revolut payment systems exploited to steal $20 million Read More »
Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default
Malware delivery to Microsoft Teams users made easy Read More »
Law firms under cyberattack 10/07/2023 at 07:31 By Helga Labus In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomware group “Earlier this month, the group
Law firms under cyberattack Read More »
Overcoming user resistance to passwordless authentication 10/07/2023 at 07:14 By Help Net Security Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. The migration to passwordless requires forethought and planning. For example, an organization needs to establish strategic imperatives around security, the user experience,
Overcoming user resistance to passwordless authentication Read More »
July 2023 Patch Tuesday forecast: A month of instability and uncertainty 07/07/2023 at 12:17 By Help Net Security We’re halfway through 2023 already and moving into our seventh Patch Tuesday of the year next week. There’s been a lot of activity with Microsoft this month which may impact updates we’ll see. But first taking a
July 2023 Patch Tuesday forecast: A month of instability and uncertainty Read More »
How to cultivate a culture of continuous cybersecurity improvement 06/07/2023 at 07:32 By Help Net Security Regulatory compliance and cybersecurity improvement are not two sides of the same coin: they are distinct pillars that demand specialized attention. Achieving compliance does not create an impenetrable fortress against threats, it merely creates a baseline defense. So, how
How to cultivate a culture of continuous cybersecurity improvement Read More »
Promoting responsible AI: Balancing innovation and regulation 06/07/2023 at 07:02 By Mirko Zorz As AI technology advances, it is essential to remain mindful of familiar and emerging risks. Education is critical to fostering responsible AI innovation, as understanding the technology and its limitations raises standards and benefits everyone. In this Help Net Security interview, Nadir
Promoting responsible AI: Balancing innovation and regulation Read More »