Don’t miss

Why it’s the perfect time to reflect on your software update policy

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Jamf, News, opinion, policy, security update, software, strategy, update /

Why it’s the perfect time to reflect on your software update policy 27/11/2023 at 08:04 By Help Net Security The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact, […]

React to this headline:

Loading spinner

Why it’s the perfect time to reflect on your software update policy Read More »

Vulnerability disclosure: Legal risks and ethical considerations for researchers

cybersecurity, data breach, Don't miss, exploit, extortion, Features, Government, Hot stuff, law, News, opinion, Privacy, Project Black, regulation, remediation, risk assessment, strategy, vulnerability disclosure /

Vulnerability disclosure: Legal risks and ethical considerations for researchers 27/11/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. Zhang explores the intricate balancing act that researchers must perform when navigating the interests of

React to this headline:

Loading spinner

Vulnerability disclosure: Legal risks and ethical considerations for researchers Read More »

NIS2 and its global ramifications

Compliance, cyber resilience, cybersecurity, Don't miss, EU, Expert analysis, Expert corner, Hot stuff, LogPoint, News, opinion, risk assessment /

NIS2 and its global ramifications 24/11/2023 at 08:31 By Help Net Security The Network and Information Systems Directive (NIS2), due to come into effect in October 2024, seeks to improve cyber resilience in the European Union (EU). Its effects are likely to be wider reaching, though, bringing in more stringent processes and controls and redefining

React to this headline:

Loading spinner

NIS2 and its global ramifications Read More »

1 in 5 executives question their own data protection programs

Compliance, cybersecurity, Data Protection, Deloitte, Don't miss, Hot stuff, Privacy, risk, Video /

1 in 5 executives question their own data protection programs 24/11/2023 at 08:01 By Help Net Security In this Help Net Security video, Tanneasha Gordon, Deloitte Risk & Financial Advisory’s data & privacy leader, discusses how many executives realize that trust is crucial to driving brand value and earning sustained customer loyalty. Privacy programs, data

React to this headline:

Loading spinner

1 in 5 executives question their own data protection programs Read More »

New horizons in cyber protection with 2024 trends to watch

attacks, cybersecurity, data breach, Don't miss, Hot stuff, predictions, supply chain, SUSE, Video /

New horizons in cyber protection with 2024 trends to watch 23/11/2023 at 08:02 By Help Net Security 2023 proved to be another challenging year for companies combating supply chain security and breaches. The 2024 outlook could be worse as attacks become increasingly sophisticated. In this Help Net Security video, Fei Huang, VP of Security Strategy

React to this headline:

Loading spinner

New horizons in cyber protection with 2024 trends to watch Read More »

How LockBit used Citrix Bleed to breach Boeing and other targets

ACSC, CISA, Citrix, Don't miss, FBI, Hot stuff, NetScaler, News, Ransomware, vulnerability /

How LockBit used Citrix Bleed to breach Boeing and other targets 22/11/2023 at 16:47 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,” cybersecurity and law enforcement officials have confirmed on

React to this headline:

Loading spinner

How LockBit used Citrix Bleed to breach Boeing and other targets Read More »

Microsoft announces Defender bug bounty program

bug bounty, Don't miss, Hot stuff, Microsoft, Microsoft Defender, News, Vulnerabilities /

Microsoft announces Defender bug bounty program 22/11/2023 at 14:47 By Helga Labus Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn up to $20,000 for the most critical bugs. The Microsoft Defender bug bounty program Microsoft Defender includes various

React to this headline:

Loading spinner

Microsoft announces Defender bug bounty program Read More »

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector

CISA, critical infrastructure, cyber risk, Don't miss, Hot stuff, News, USA /

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector 22/11/2023 at 12:47 By Helga Labus The Cybersecurity and Infrastructure Security Agency (CISA) has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have become a common target in cyberattacks. “In alignment with CISA’s ‘Target Rich, Resource

React to this headline:

Loading spinner

CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector Read More »

CISOs can marry security and business success

CISO, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, strategy, WithSecure /

CISOs can marry security and business success 22/11/2023 at 08:33 By Help Net Security With an endless string of cyber fires to be put out, it’s easy to forget that the cybersecurity function in an organization doesn’t exist in a vacuum. Its main purpose is to ensure the organization succeeds, and that’s the reason CISOs

React to this headline:

Loading spinner

CISOs can marry security and business success Read More »

Why boards must prioritize cybersecurity expertise

boardroom, cybersecurity, Don't miss, Hot stuff, Kudelski Security, threats, Video /

Why boards must prioritize cybersecurity expertise 22/11/2023 at 08:02 By Help Net Security In this Help Net Security video, Graeme Payne, US Advisory Service Leader at Kudelski Security, discusses how, with the incredible number of complex threats facing modern businesses, board members must take an increased role in cybersecurity decisions – or face the consequences.

React to this headline:

Loading spinner

Why boards must prioritize cybersecurity expertise Read More »

Apache ActiveMQ bug exploited to deliver Kinsing malware

Apache ActiveMQ, cryptojacking, Don't miss, exploit, Hot stuff, Linux, Malware, News, Trend Micro, vulnerability /

Apache ActiveMQ bug exploited to deliver Kinsing malware 21/11/2023 at 15:02 By Helga Labus Attackers are exploiting a recently fixed vulnerability (CVE-2023-46604) in Apache ActiveMQ to install Kinsing malware and cryptocurrency miners on targeted Linux systems. CVE-2023-46604 exploitation Apache ActiveMQ is a popular Java-based open source message broker that allows communication between applications and services

React to this headline:

Loading spinner

Apache ActiveMQ bug exploited to deliver Kinsing malware Read More »

The shifting sands of the war against cyber extortion

Analyst1, CISA, Don't miss, extortion, FBI, Government, Hot stuff, law enforcement, News, Ransomware /

The shifting sands of the war against cyber extortion 21/11/2023 at 14:33 By Zeljka Zorz Ransomware and cyber extortion attacks aimed at organizations are not letting up. Occasionally, they even come in pairs. The often large and sometimes massive ransomware recovery costs companies incur when they decide not to meet the demands deter many other

React to this headline:

Loading spinner

The shifting sands of the war against cyber extortion Read More »

PolarDNS: Open-source DNS server tailored for security evaluations

cybersecurity, DNS, Don't miss, GitHub, News, open source, Oryxlabs, software /

PolarDNS: Open-source DNS server tailored for security evaluations 21/11/2023 at 08:36 By Mirko Zorz PolarDNS is a specialized authoritative DNS server that allows the operator to produce custom DNS responses suitable for DNS protocol testing purposes. What can you do with PolarDNS? PolarDNS can be used for testing of: DNS resolvers (server-side) DNS clients DNS

React to this headline:

Loading spinner

PolarDNS: Open-source DNS server tailored for security evaluations Read More »

Segmentation proves crucial for fast response to security incidents

Akamai, attacks, cybersecurity, Don't miss, Hot stuff, Ransomware, threats, Video /

Segmentation proves crucial for fast response to security incidents 21/11/2023 at 08:04 By Help Net Security In this Help Net Security video, Steve Winterfeld, Advisory CISO at Akamai, discusses the recent surge of ransomware attacks in the U.S. and how it relates to microsegmentation. Recovery after a security breach happens 11 hours faster with segmentation.

React to this headline:

Loading spinner

Segmentation proves crucial for fast response to security incidents Read More »

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671)

CISA, Don't miss, enterprise, exploit, Hot stuff, News, PoC, Sophos, vulnerability /

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) 20/11/2023 at 14:47 By Helga Labus CISA has added three vulnerabilities to its Known Exploited Vulnerabilities catalog, among them a critical vulnerability (CVE-2023-1671) in Sophos Web Appliance that has been patched by the company in April 2023. About CVE-2023-1671 CVE-2023-1671 is a pre-auth command injection vulnerability

React to this headline:

Loading spinner

Sophos Web Appliance vulnerability exploited in the wild (CVE-2023-1671) Read More »

9 Black Friday cybersecurity deals you don’t want to miss

Aurea Software, cybersecurity, Don't miss, guide, News, skill development, training /

9 Black Friday cybersecurity deals you don’t want to miss 20/11/2023 at 09:31 By Help Net Security PortDroid PortDroid is a trusted app for all network analysis tasks. Designed with network administrators, penetration testers, and technology enthusiasts in mind, this app brings a collection of essential networking tools right at your fingertips. Deal: 50% off

React to this headline:

Loading spinner

9 Black Friday cybersecurity deals you don’t want to miss Read More »

MFA under fire, attackers undermine trust in security measures

attacks, cybersecurity, Don't miss, Hot stuff, Infoblox, MFA, phishing, Video /

MFA under fire, attackers undermine trust in security measures 20/11/2023 at 08:31 By Help Net Security In this Help Net Security video, Renée Burton, Head of Threat Intelligence at Infoblox, discusses MFA attacks. MFA adds security to online accounts, but MFA lookalikes are a real threat to consumers and enterprises. Consumers have come to trust

React to this headline:

Loading spinner

MFA under fire, attackers undermine trust in security measures Read More »

Why cyber war readiness is critical for democracies

conferences, critical infrastructure, cyber war, cybersecurity, Cyberwarfare, Don't miss, Features, Forescout, ICS/SCADA, IRISSCON, News, opinion, Russian Federation, Ukraine /

Why cyber war readiness is critical for democracies 17/11/2023 at 14:02 By Zeljka Zorz Once the war in Ukraine ends, Russia’s offensive cyber capabilities will be directed towards other targets, Rik Ferguson, VP Security Intelligence for Forescout, predicted at IRISSCON on Thursday. Rik Ferguson on stage at IRISSCON 2023 The skills employed, the hacktivists and

React to this headline:

Loading spinner

Why cyber war readiness is critical for democracies Read More »

Transforming cybersecurity from reactive to proactive with attack path analysis

attack, Cloud, cybercriminals, cybersecurity, Don't miss, Hot stuff, risk, Skybox Security, Video /

Transforming cybersecurity from reactive to proactive with attack path analysis 17/11/2023 at 08:03 By Help Net Security An attack path is important to prioritize potential risks in cloud environments. The attack path offers the ability to look at cloud environments from the attacker’s perspective. With today’s general awareness and concerted effort toward cybersecurity, cybercriminals rarely

React to this headline:

Loading spinner

Transforming cybersecurity from reactive to proactive with attack path analysis Read More »

From PKI to PQC: Devising a strategy for the transition

DigiCert, Don't miss, Encryption, enterprise, Features, News, Ponemon Institute, quantum computing, strategy /

From PKI to PQC: Devising a strategy for the transition 16/11/2023 at 09:31 By Zeljka Zorz Quantum computers capable of breaking currently used encryption algorithms are an inevitability. And since the US, China and Europe are sprinting to win that arms race, we know that day is coming sooner rather than later. Will organizations be

React to this headline:

Loading spinner

From PKI to PQC: Devising a strategy for the transition Read More »

Scroll to Top