Don’t miss

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

0-day, APT, backdoor, Don't miss, ESET, exploit, Firefox, Hot stuff, News, Russian Federation, Windows /

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed […]

React to this headline:

Loading spinner

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

How to recognize employment fraud before it becomes a security issue

cybercrime, cybersecurity, Don't miss, Expert analysis, Expert corner, fraud, Hot stuff, News, Nisos, opinion /

How to recognize employment fraud before it becomes a security issue 2024-11-26 at 07:39 By Help Net Security The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. Motivations for this

React to this headline:

Loading spinner

How to recognize employment fraud before it becomes a security issue Read More »

Practical strategies to build an inclusive culture in cybersecurity

Acronis, awareness, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, strategy, tips /

Practical strategies to build an inclusive culture in cybersecurity 2024-11-26 at 07:03 By Mirko Zorz In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades,

React to this headline:

Loading spinner

Practical strategies to build an inclusive culture in cybersecurity Read More »

Domain security posture of Forbes Global 2000 companies

CSC, cybersecurity, DMARC, Don't miss, Hot stuff, human error, phishing, Video /

Domain security posture of Forbes Global 2000 companies 2024-11-26 at 06:34 By Help Net Security In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-performing industries based on

React to this headline:

Loading spinner

Domain security posture of Forbes Global 2000 companies Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Microsoft asks Windows Insiders to try out the controversial Recall feature

Artificial Intelligence, data security, Don't miss, endpoint management, enterprise, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft asks Windows Insiders to try out the controversial Recall feature 2024-11-25 at 16:33 By Zeljka Zorz Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We heard

React to this headline:

Loading spinner

Microsoft asks Windows Insiders to try out the controversial Recall feature Read More »

AI Kuru, cybersecurity and quantum computing

Artificial Intelligence, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Qrypt, quantum computing /

AI Kuru, cybersecurity and quantum computing 2024-11-25 at 08:13 By Help Net Security As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control

React to this headline:

Loading spinner

AI Kuru, cybersecurity and quantum computing Read More »

Overcoming legal and organizational challenges in ethical hacking

Artificial Intelligence, cybersecurity, Don't miss, Features, hacking, Hackrate, Hot stuff, News, open source, opinion, penetration testing, regulation, skill development, strategy, tips /

Overcoming legal and organizational challenges in ethical hacking 2024-11-25 at 07:33 By Mirko Zorz In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability detection

React to this headline:

Loading spinner

Overcoming legal and organizational challenges in ethical hacking Read More »

Assessing AI risks before implementation

Artificial Intelligence, Don't miss, generative AI, Hot stuff, LLMs, risk, SANS, Video /

Assessing AI risks before implementation 2024-11-25 at 06:33 By Help Net Security In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms. Without adequately assessing and understanding the risks accompanying AI integration, organizations will not be able to harness

React to this headline:

Loading spinner

Assessing AI risks before implementation Read More »

The limits of AI-based deepfake detection

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, Features, Hot stuff, News, opinion, Reality Defender, social engineering /

The limits of AI-based deepfake detection 2024-11-22 at 08:03 By Mirko Zorz In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications. He addresses the effectiveness and limitations of watermarking, AI-based detection, and the potential of emerging technologies in securing media authenticity. Colman

React to this headline:

Loading spinner

The limits of AI-based deepfake detection Read More »

Why the NIS2 Directive causes growing pains for businesses

Coro, cyber resilience, cybersecurity, Don't miss, EU, Hot stuff, regulation, Video /

Why the NIS2 Directive causes growing pains for businesses 2024-11-22 at 07:48 By Help Net Security In this Help Net Security video, Dror Liwer, co-founder of Coro, discusses how the EU’s NIS2, its latest security directive for businesses, officially became enforceable recently. This means EU companies face more demanding requirements for internal cyber resilience strategies

React to this headline:

Loading spinner

Why the NIS2 Directive causes growing pains for businesses Read More »

Active network of North Korean IT front companies exposed

China, Don't miss, Hot stuff, Insider Threat, News, North Korea, Palo Alto Networks, SentinelOne, software development, tips, USA /

Active network of North Korean IT front companies exposed 2024-11-21 at 16:18 By Zeljka Zorz An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front

React to this headline:

Loading spinner

Active network of North Korean IT front companies exposed Read More »

2,000 Palo Alto Networks devices compromised in latest attacks

CVE, Don't miss, enterprise, firewall, Hot stuff, India, News, Palo Alto Networks, Shadowserver, USA /

2,000 Palo Alto Networks devices compromised in latest attacks 2024-11-21 at 13:27 By Zeljka Zorz Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and

React to this headline:

Loading spinner

2,000 Palo Alto Networks devices compromised in latest attacks Read More »

Researchers unearth two previously unknown Linux backdoors

APT, backdoor, cybersecurity, Don't miss, ESET, Hot stuff, Linux, Malware, News, threat, VirusTotal /

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

AxoSyslog: Open-source scalable security data processor

cybersecurity, Don't miss, GitHub, News, open source, software /

AxoSyslog: Open-source scalable security data processor 2024-11-21 at 08:52 By Mirko Zorz AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more cloud-ready: we packaged syslog-ng in a container, added helm charts, and made it more suitable for use

React to this headline:

Loading spinner

AxoSyslog: Open-source scalable security data processor Read More »

Product showcase: Augmenting penetration testing with Plainsea

cybersecurity, Don't miss, Hot stuff, News, penetration testing, Plainsea, Product showcase /

Product showcase: Augmenting penetration testing with Plainsea 2024-11-21 at 08:03 By Help Net Security Human-led penetration testing is an essential practice for any organization seeking to proactively address potential attack vectors. However, this indispensable pentesting method is often limited by several factors: high resource demands, project time constraints, dispersed communication, and lack of continuous visibility

React to this headline:

Loading spinner

Product showcase: Augmenting penetration testing with Plainsea Read More »

CWE top 25 most dangerous software weaknesses

CVE, cybersecurity, Don't miss, Hot stuff, News, vulnerability /

CWE top 25 most dangerous software weaknesses 2024-11-21 at 07:33 By Help Net Security The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence. The CWE

React to this headline:

Loading spinner

CWE top 25 most dangerous software weaknesses Read More »

Enhancing visibility for better security in multi-cloud and hybrid environments

cloud security, Compliance, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, News, opinion, RAD Security, standards, strategy, threats /

Enhancing visibility for better security in multi-cloud and hybrid environments 2024-11-21 at 07:03 By Mirko Zorz In this Help Net Security interview, Brooke Motta, CEO of RAD Security, talks about how cloud-specific threats have evolved and what companies should be watching out for. She discusses the growing complexity of cloud environments and the importance of

React to this headline:

Loading spinner

Enhancing visibility for better security in multi-cloud and hybrid environments Read More »

Preventing credential theft in the age of AI

Artificial Intelligence, authentication, Badge, biometrics, cybersecurity, Don't miss, Hot stuff, Privacy, Video /

Preventing credential theft in the age of AI 2024-11-21 at 06:34 By Help Net Security In this Help Net Security video, Tina Srivastava, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication without storing a face/finger/voice print. This has massive implications for corporate and personal security/privacy because there

React to this headline:

Loading spinner

Preventing credential theft in the age of AI Read More »

GitHub Secure Open Source Fund: Project maintainers, apply now!

Don't miss, education, GitHub, Hot stuff, News, open source, software development /

GitHub Secure Open Source Fund: Project maintainers, apply now! 2024-11-20 at 15:42 By Zeljka Zorz GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx

React to this headline:

Loading spinner

GitHub Secure Open Source Fund: Project maintainers, apply now! Read More »

Scroll to Top