Don’t miss

Graylog: Open-source log management

Graylog: Open-source log management 2024-04-11 at 07:01 By Mirko Zorz Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions. Graylog key features It is easy to install with a standard tech stack, combined with support […]

React to this headline:

Loading spinner

Graylog: Open-source log management Read More »

37% of publicly shared files expose personal information

37% of publicly shared files expose personal information 2024-04-11 at 06:31 By Help Net Security Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats

React to this headline:

Loading spinner

37% of publicly shared files expose personal information Read More »

Stopping security breaches by managing AppSec posture

Stopping security breaches by managing AppSec posture 2024-04-11 at 06:01 By Help Net Security Many security vulnerabilities result from human error, and the majority of these are reflected in the application layer. These errors may occur at any stage in the software development life cycle, from code to cloud. In this Help Net Security video,

React to this headline:

Loading spinner

Stopping security breaches by managing AppSec posture Read More »

New covert SharePoint data exfiltration techniques revealed

New covert SharePoint data exfiltration techniques revealed 2024-04-10 at 18:10 By Zeljka Zorz Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data

React to this headline:

Loading spinner

New covert SharePoint data exfiltration techniques revealed Read More »

IT pros targeted with malicious Google ads for PuTTY, FileZilla

IT pros targeted with malicious Google ads for PuTTY, FileZilla 2024-04-10 at 14:48 By Zeljka Zorz An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action

React to this headline:

Loading spinner

IT pros targeted with malicious Google ads for PuTTY, FileZilla Read More »

Why are many businesses turning to third-party security partners?

Why are many businesses turning to third-party security partners? 2024-04-10 at 08:03 By Help Net Security In 2023, 71% of organizations across various industries reported that their business feels the impact of the ongoing cybersecurity skills shortage. Many companies have been forced to scale back their cybersecurity programs as they struggle to find experienced candidates

React to this headline:

Loading spinner

Why are many businesses turning to third-party security partners? Read More »

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime 2024-04-10 at 07:31 By Zeljka Zorz In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean

React to this headline:

Loading spinner

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime Read More »

AI risks under the auditor’s lens more than ever

AI risks under the auditor’s lens more than ever 2024-04-10 at 07:01 By Help Net Security According to a recent Gartner survey, widespread GenAI adoption has resulted in a scramble to provide audit coverage for potential risks arising from the technology’s use. In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner,

React to this headline:

Loading spinner

AI risks under the auditor’s lens more than ever Read More »

Cybersecurity jobs available right now: April 10, 2024

Cybersecurity jobs available right now: April 10, 2024 2024-04-10 at 06:32 By Mirko Zorz Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident Response

React to this headline:

Loading spinner

Cybersecurity jobs available right now: April 10, 2024 Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

LG smart TVs may be taken over by remote attackers

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search

React to this headline:

Loading spinner

LG smart TVs may be taken over by remote attackers Read More »

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them 2024-04-09 at 17:31 By Zeljka Zorz Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced. What does the feature do? Google Workspace (formerly G Suite) is a cloud-based set of productivity

React to this headline:

Loading spinner

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them Read More »

New Latrodectus loader steps in for Qbot

New Latrodectus loader steps in for Qbot 2024-04-09 at 14:02 By Zeljka Zorz New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observed being distributed by TA577, an

React to this headline:

Loading spinner

New Latrodectus loader steps in for Qbot Read More »

How exposure management elevates cyber resilience

How exposure management elevates cyber resilience 2024-04-09 at 07:46 By Help Net Security Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations

React to this headline:

Loading spinner

How exposure management elevates cyber resilience Read More »

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and

React to this headline:

Loading spinner

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »

Strategies for secure identity management in hybrid environments

Strategies for secure identity management in hybrid environments 2024-04-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify

React to this headline:

Loading spinner

Strategies for secure identity management in hybrid environments Read More »

Defining a holistic GRC strategy

Defining a holistic GRC strategy 2024-04-09 at 06:31 By Help Net Security End-user spending on security and risk management will total $215 billion in 2024, according to Gartner. In this Help Net Security video, Nicholas Kathmann, CISO at LogicGate, discusses why companies are turning to a holistic GRC strategy. Businesses often consider GRC a “necessary

React to this headline:

Loading spinner

Defining a holistic GRC strategy Read More »

XZ Utils backdoor: Detection tools, scripts, rules

XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat

React to this headline:

Loading spinner

XZ Utils backdoor: Detection tools, scripts, rules Read More »

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive

React to this headline:

Loading spinner

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

April 2024 Patch Tuesday forecast: New and old from Microsoft

April 2024 Patch Tuesday forecast: New and old from Microsoft 2024-04-08 at 08:31 By Help Net Security This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw

React to this headline:

Loading spinner

April 2024 Patch Tuesday forecast: New and old from Microsoft Read More »

Scroll to Top