Don’t miss

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276)

CVE, Don't miss, exploit, file-sharing, Fortra, Hot stuff, MFT, News, PoC, SQL injection, Tenable, vulnerability /

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible. […]

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »

Gitleaks: Open-source solution for detecting secrets in your code

Data leak, Don't miss, GitHub, Hot stuff, News, open source, software /

Gitleaks: Open-source solution for detecting secrets in your code 2024-06-27 at 07:37 By Mirko Zorz Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly

React to this headline:

Loading spinner

Gitleaks: Open-source solution for detecting secrets in your code Read More »

Enterprises increasingly turn to cloud and AI for database management

Artificial Intelligence, Cloud, cybersecurity, database management, Don't miss, Hot stuff, News, Redgate, Video /

Enterprises increasingly turn to cloud and AI for database management 2024-06-27 at 06:01 By Help Net Security Across various tasks, from predictive analytics to code generation, organizations in all sectors are exploring how AI can add value and increase efficiency. In this Help Net Security video, Ryan Booz, PostgreSQL Advocate at Redgate, discusses the key

React to this headline:

Loading spinner

Enterprises increasingly turn to cloud and AI for database management Read More »

Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys

Don't miss, Hot stuff, Kroll, Malware, malware detection, News /

Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys 2024-06-26 at 15:46 By Zeljka Zorz A newly spotted campaign is leveraging BPL sideloading and other uncommon tricks to deliver the IDAT Loader (aka HijackLoader) malware and prevent its detection. The campaign Spotted by Kroll’s incident responders and analyzed by the company’s

React to this headline:

Loading spinner

Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys Read More »

Developer errors lead to long-term exposure of sensitive data in Git repos

Aqua Security, cybersecurity, data, Don't miss, GitHub, News, open source, report, software, software development /

Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,

React to this headline:

Loading spinner

Developer errors lead to long-term exposure of sensitive data in Git repos Read More »

Compromised plugins found on WordPress.org

backdoor, Don't miss, Hot stuff, News, plugin, supply chain compromise, Wordfence, WordPress /

Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript

React to this headline:

Loading spinner

Compromised plugins found on WordPress.org Read More »

Future trends in cyber warfare: Predictions for AI integration and space-based operations

Artificial Intelligence, attacks, cybersecurity, Cyberwarfare, Don't miss, Features, Hot stuff, News, opinion, SentinelOne, strategy /

Future trends in cyber warfare: Predictions for AI integration and space-based operations 2024-06-26 at 06:36 By Mirko Zorz In this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors. AI enhances decision-making speed and precision for state actors, facilitating

React to this headline:

Loading spinner

Future trends in cyber warfare: Predictions for AI integration and space-based operations Read More »

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)

Don't miss, enterprise, file-sharing, Hot stuff, MFT, News, PoC, Progress, security update, WatchTowr /

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) 2024-06-25 at 21:16 By Zeljka Zorz Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before

React to this headline:

Loading spinner

Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Read More »

Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach

Asia, disruption, Don't miss, Hot stuff, News, Ransomware, USA /

Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach 2024-06-25 at 14:46 By Zeljka Zorz Ransomware attackers wielding a LockBit variant dubbed Brain Cipher have disrupted a temporary national data center facility which supports the operations of 200+ Indonesian government agencies and public services. The attackers are asking for a $8

React to this headline:

Loading spinner

Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach Read More »

New security loophole allows spying on internet users’ online activity

attacks, cybersecurity, Don't miss, Graz University of Technology, Hot stuff, News, Privacy, research, vulnerability /

New security loophole allows spying on internet users’ online activity 2024-06-25 at 13:16 By Help Net Security Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and

React to this headline:

Loading spinner

New security loophole allows spying on internet users’ online activity Read More »

Zeek: Open-source network traffic analysis, security monitoring

cybersecurity, Don't miss, GitHub, Hot stuff, monitoring, network analysis, network monitoring, News, open source, software /

Zeek: Open-source network traffic analysis, security monitoring 2024-06-25 at 07:01 By Mirko Zorz Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform. This flexibility allows Zeek to quietly monitor network traffic, interpret

React to this headline:

Loading spinner

Zeek: Open-source network traffic analysis, security monitoring Read More »

CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0

asset discovery, CISO, cybersecurity, Don't miss, Features, Hot stuff, IT assets, News, opinion, Qualys /

CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 2024-06-25 at 06:31 By Mirko Zorz In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative technologies behind Qualys CyberSecurity Asset Management 3.0. Can you explain the key features of Qualys CyberSecurity Asset

React to this headline:

Loading spinner

CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 Read More »

Guide to mitigating credential stuffing attacks

Don't miss, Enzoic, News, Whitepapers and webinars /

Guide to mitigating credential stuffing attacks 2024-06-25 at 05:46 By Help Net Security We have a collective unaddressed weakness when it comes to basic cybersecurity. Out of the many reports circulating in the news today, many statistics revolve around the number of detected breaches. Why are credentials so sought after? How can we communicate the

React to this headline:

Loading spinner

Guide to mitigating credential stuffing attacks Read More »

Why are threat actors faking data breaches?

Cato Networks, cybersecurity, dark web, data breach, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, monitoring, News, opinion /

Why are threat actors faking data breaches? 2024-06-24 at 07:16 By Help Net Security Earlier this year Europcar discovered a hacker selling info on its 50 million customers on the dark web. The European car rental company immediately launched an investigation, only to discover that the data being sold was completely doctored, possibly using generative

React to this headline:

Loading spinner

Why are threat actors faking data breaches? Read More »

Securing the video market: From identification to disruption

cybersecurity, Don't miss, fraud, Friend MTS, Hot stuff, monitoring, piracy, strategy, Video /

Securing the video market: From identification to disruption 2024-06-24 at 07:01 By Help Net Security Video piracy, a pressing issue often unnoticed in security discussions, is rising and demands immediate attention. In this Help Net Security video, Chris White, Chief Architect at Friend MTS, discusses monitoring, identifying, and disrupting piracy for the video market. He

React to this headline:

Loading spinner

Securing the video market: From identification to disruption Read More »

1 out of 3 breaches go undetected

cybersecurity, data breach, Don't miss, Gigamon, News, report, survey, threats /

1 out of 3 breaches go undetected 2024-06-24 at 06:31 By Help Net Security Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur, according to Gigamon. As hybrid cloud

React to this headline:

Loading spinner

1 out of 3 breaches go undetected Read More »

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762)

CVE, Don't miss, Eclypsium, firmware, hardware, Hot stuff, Intel, Lenovo, News, vulnerability /

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) 2024-06-21 at 14:31 By Zeljka Zorz A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. “This type of low-level exploitation is typical of firmware backdoors (e.g.,

React to this headline:

Loading spinner

Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) Read More »

US bans Kaspersky antivirus software due to national security risks

antivirus, Don't miss, Flashpoint, Government, Hot stuff, Kaspersky, News, USA /

US bans Kaspersky antivirus software due to national security risks 2024-06-21 at 13:01 By Zeljka Zorz The US Department of Commerce has announced an upcoming US-wide ban of cybersecurity and antivirus software by Kaspersky, as its “ability to gather valuable US business information, including intellectual property, and to gather US persons’ sensitive data for malicious

React to this headline:

Loading spinner

US bans Kaspersky antivirus software due to national security risks Read More »

Cilium: Open-source eBPF-based networking, security, observability

cybersecurity, Don't miss, GitHub, Hot stuff, networking, News, open source, software /

Cilium: Open-source eBPF-based networking, security, observability 2024-06-21 at 07:01 By Help Net Security Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. What is eBPF? eBPF is a technology originating from the Linux kernel that allows sandboxed programs to run in

React to this headline:

Loading spinner

Cilium: Open-source eBPF-based networking, security, observability Read More »

Scroll to Top