Don’t miss

GenAI can enhance security awareness training

awareness, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, framework, generative AI, Hot stuff, News, opinion, Prism Infosec, social engineering, training /

GenAI can enhance security awareness training 2024-04-24 at 07:31 By Help Net Security One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice capture enabling vishing and deep […]

React to this headline:

Loading spinner

GenAI can enhance security awareness training Read More »

The relationship between cybersecurity and work tech innovation

collaboration, cybersecurity, Don't miss, Envoy, Hot stuff, hybrid workforce, remote access, strategy, Video /

The relationship between cybersecurity and work tech innovation 2024-04-24 at 06:01 By Help Net Security As organizations navigate the complexities of hybrid work arrangements and the gradual return to the office, the cybersecurity threat landscape has become increasingly challenging, with issues such as the proliferation of personal devices, the expansion of remote access points, and

React to this headline:

Loading spinner

The relationship between cybersecurity and work tech innovation Read More »

eBook: Cloud security skills

Don't miss, ISC2, News, Whitepapers and webinars /

eBook: Cloud security skills 2024-04-24 at 05:46 By Help Net Security Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the right mix of technical and soft skills to emerge as a leader. Inside this eBook: Why a career in cloud security? Career pathways The

React to this headline:

Loading spinner

eBook: Cloud security skills Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Censys, CrowdStrike, CrushFTP, CVE, Don't miss, enterprise, exploit, FTP, Hot stuff, News /

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

React to this headline:

Loading spinner

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

The rising influence of AI on the 2024 US election

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, election security, Expert analysis, Expert corner, Hot stuff, News, opinion, Sentra, social media /

The rising influence of AI on the 2024 US election 2024-04-23 at 08:01 By Help Net Security We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended from malicious attackers than ever before. On the other side, the rise of

React to this headline:

Loading spinner

The rising influence of AI on the 2024 US election Read More »

10 colleges and universities shaping the future of cybersecurity education

Berkeley, Carnegie Mellon University, cybersecurity, Don't miss, education, Hot stuff, MIT, News, skill development, University of Cambridge /

10 colleges and universities shaping the future of cybersecurity education 2024-04-23 at 07:01 By Help Net Security Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the growing demand for cybersecurity professionals in various industries. Some notable colleges and universities renowned for their cybersecurity

React to this headline:

Loading spinner

10 colleges and universities shaping the future of cybersecurity education Read More »

What is multi-factor authentication (MFA), and why is it important?

access management, authentication, BARR Advisory, cybersecurity, Don't miss, Hot stuff, MFA, password manager, passwords, Privacy, tips, Video /

What is multi-factor authentication (MFA), and why is it important? 2024-04-23 at 06:31 By Help Net Security Setting up MFA can seem daunting for consumers just beginning to clean up their security postures. In this Help Net Security video, Larry Kinkaid, Manager, Cybersecurity Consulting at BARR Advisory, shares tips for consumers who need simple, accessible

React to this headline:

Loading spinner

What is multi-factor authentication (MFA), and why is it important? Read More »

MITRE breached by nation-state threat actor via Ivanti zero-days

data breach, Don't miss, Hot stuff, Incident Response, Ivanti, Mandiant, MITRE, News, Volexity /

MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is

React to this headline:

Loading spinner

MITRE breached by nation-state threat actor via Ivanti zero-days Read More »

The first steps of establishing your cloud security strategy

Center for Internet Security, Don't miss, Hot stuff, News /

The first steps of establishing your cloud security strategy 2024-04-22 at 10:02 By Help Net Security In this article, we’ll identify some first steps you can take to establish your cloud security strategy. We’ll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls (CIS Controls)

React to this headline:

Loading spinner

The first steps of establishing your cloud security strategy Read More »

How to optimize your bug bounty programs

Artificial Intelligence, bug bounty, cybersecurity, Don't miss, Features, hacker, Hot stuff, machine learning, News, opinion, policy, regulation, risk assessment, Risk Management, strategy, tips, Zoom /

How to optimize your bug bounty programs 2024-04-22 at 08:02 By Mirko Zorz In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. He offers advice to organizations, stressing the importance of

React to this headline:

Loading spinner

How to optimize your bug bounty programs Read More »

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity

AWS, cloud security, Don't miss, GitHub, Hot stuff, News, Permiso, software /

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity 2024-04-22 at 07:32 By Mirko Zorz Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. “Infrastructure as code has replaced a

React to this headline:

Loading spinner

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity Read More »

Fuxnet malware: Growing threat to industrial sensors

attacks, critical infrastructure, cybersecurity, Don't miss, Hot stuff, Malware, network, Phosphorus Cybersecurity, sensors, Video /

Fuxnet malware: Growing threat to industrial sensors 2024-04-22 at 07:01 By Help Net Security In this Help Net Security video, Sonu Shankar, Chief Strategy Officer at Phosphorus, discusses how Blackjack’s Fuxnet malware should be a wakeup call to industrial operators about the vulnerability of sensor networks and the outsized impact these attacks can have on

React to this headline:

Loading spinner

Fuxnet malware: Growing threat to industrial sensors Read More »

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!

Coveware, cybercriminals, Don't miss, extortion, GuidePoint Security, Hot stuff, News, Ransomware, SMBs, Sophos /

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! 2024-04-19 at 15:46 By Zeljka Zorz More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident

React to this headline:

Loading spinner

Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! Read More »

LastPass users targeted by vishing attackers

Don't miss, Hot stuff, LastPass, Lookout, News, password manager, phishing, vishing /

LastPass users targeted by vishing attackers 2024-04-19 at 13:01 By Zeljka Zorz The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live and start serving

React to this headline:

Loading spinner

LastPass users targeted by vishing attackers Read More »

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was

React to this headline:

Loading spinner

Protobom: Open-source software supply chain tool Read More »

The key pillars of domain security

auditing, CISO, Compliance, CSC, cybercriminals, cybersecurity, Don't miss, Email, Hot stuff, Video /

The key pillars of domain security 2024-04-19 at 07:01 By Help Net Security From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security video, Mark Flegg, Global Director of Security

React to this headline:

Loading spinner

The key pillars of domain security Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate

cybercrime, dark web, Don't miss, Malware, News, Ransomware, Sophos, threat /

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate 2024-04-18 at 08:01 By Help Net Security Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to

React to this headline:

Loading spinner

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate Read More »

Who owns customer identity?

access control, authentication, Compliance, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, MFA, News, opinion /

Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience,

React to this headline:

Loading spinner

Who owns customer identity? Read More »

Scroll to Top