Securing data at the intersection of the CISO and CDO 06/11/2023 at 08:34 By Help Net Security Two groups in particular play a key and critical role in ensuring data governance and security: the CISO and the CDO. CISOs are responsible for identifying and managing risks associated with data security, while CDOs are responsible for […]
React to this headline:
Securing data at the intersection of the CISO and CDO Read More »
KandyKorn macOS malware lobbed at blockchain engineers 03/11/2023 at 15:46 By Helga Labus North Korean hackers are using novel MacOS malware named KandyKorn to target blockchain engineers of a cryptocurrency exchange platform. The attack By impersonating blockchain engineering community members on Discord, the attackers used social engineering techniques to make victims download a malicious ZIP
React to this headline:
KandyKorn macOS malware lobbed at blockchain engineers Read More »
Microsoft launches new initiative to augment security 03/11/2023 at 14:48 By Zeljka Zorz Nearly 22 years after Bill Gates announced a concerted Microsoft-wide push to deliver Trustworthy Computing, the company is launching the Secure Future Initiative, to boost the overall security of Microsoft’s products and its customers and users. A new Microsoft initiative focused on
React to this headline:
Microsoft launches new initiative to augment security Read More »
How cybercriminals adapt and thrive amidst changing consumer trends 03/11/2023 at 08:36 By Help Net Security The email threat landscape is experiencing a profound transformation, adapting to new challenges and exploiting emerging vulnerabilities with speed and sophistication. In this Help Net Security video, Usman Choudhary, CPTO at VIPRE Security Group, discusses how cybercriminals modify their
React to this headline:
How cybercriminals adapt and thrive amidst changing consumer trends Read More »
Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) 02/11/2023 at 17:01 By Zeljka Zorz Ransomware-wielding attackers are trying to break into servers running outdated versions of Apache ActiveMQ by exploiting a recently fixed vulnerability (CVE-2023-46604). “Beginning Friday, October 27, Rapid7 Managed Detection and Response (MDR) identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two
React to this headline:
Attackers exploiting Apache ActiveMQ flaw to deliver ransomware (CVE-2023-46604) Read More »
F5 BIG-IP vulnerabilities leveraged by attackers: What to do? 02/11/2023 at 14:01 By Zeljka Zorz The two BIG-IP vulnerabilities (CVE-2023-46747, CVE-2023-46748) F5 Networks has recently released hotfixes for are being exploited by attackers in the wild, the company has confirmed. “It is important to note that not all exploited systems may show the same indicators,
React to this headline:
F5 BIG-IP vulnerabilities leveraged by attackers: What to do? Read More »
MITRE ATT&CK v14 released 02/11/2023 at 12:16 By Zeljka Zorz MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CK’s goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks. The framework is
React to this headline:
MITRE ATT&CK v14 released Read More »
Cybersecurity workforce shortages: 67% report people deficits 02/11/2023 at 09:02 By Help Net Security The global cybersecurity workforce has reached 5.5 million people, an 8.7% increase from 2022, representing 440,000 new jobs, according to ISC2. While this is the highest workforce ever recorded, the report shows that demand is still outpacing the supply. The cybersecurity
React to this headline:
Cybersecurity workforce shortages: 67% report people deficits Read More »
6 steps to accelerate cybersecurity incident response 02/11/2023 at 08:31 By Help Net Security Modern security tools continue to improve in their ability to defend organizations’ networks and endpoints against cybercriminals. But the bad actors still occasionally find a way in. Security teams must be able to stop threats and restore normal operations as quickly
React to this headline:
6 steps to accelerate cybersecurity incident response Read More »
How human behavior research informs security strategies 02/11/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Kai Roer, CEO at Praxis Security Labs, explores the theoretical underpinnings, practical implications, and the crucial role of human behavior in cybersecurity. Roer explains why a comprehensive understanding of human complexity is paramount in today’s security
React to this headline:
How human behavior research informs security strategies Read More »
Why legacy system patching can’t wait 02/11/2023 at 07:32 By Help Net Security The persistent neglect of patching legacy systems is plaguing critical infrastructure and industries. The consequences of such neglect can be damaging to organizations, ranging from costly security vulnerabilities to compliance risk and operational inefficiencies. Thus, the question remains: why is the process
React to this headline:
Why legacy system patching can’t wait Read More »
Product showcase: LayerX browser security extension 01/11/2023 at 08:32 By Help Net Security The browser has become the main workspace in modern organizations. It’s where employees create and interact with data, and how they access organizational and external SaaS and web apps. That’s why the browser is extensively targeted by adversaries. They seek to steal
React to this headline:
Product showcase: LayerX browser security extension Read More »
BiBi-Linux wiper targets Israeli companies 31/10/2023 at 15:01 By Helga Labus Attackers have started using new wiper malware called BiBi-Linux to attack Israeli companies and destroy their data. The BiBi-Linux wiper The Security Joes Incident Response team found the malware during a forensics investigation of a breach within an Israeli company. “This malware is an
React to this headline:
BiBi-Linux wiper targets Israeli companies Read More »
Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) 31/10/2023 at 13:16 By Zeljka Zorz Atlassian is urging enterprise administrators to update their on-premises Confluence Data Center and Server installations quickly to plug a critical security vulnerability (CVE-2023-22518) that could lead to “significant data loss if exploited by an unauthenticated attacker.” About CVE-2023-22518 CVE-2023-22518
React to this headline:
Atlassian patches critical Confluence bug, urges for immediate action (CVE-2023-22518) Read More »
From Windows 9x to 11: Tracing Microsoft’s security evolution 31/10/2023 at 09:01 By Mirko Zorz Over its journey from Windows 9x to Windows 11, Microsoft has implemented multiple security overhauls, each addressing the challenges of its time and setting the stage for future developments. In this Help Net Security interview, we feature security researcher Alex
React to this headline:
From Windows 9x to 11: Tracing Microsoft’s security evolution Read More »
How security observability can help you fight cyber attacks 31/10/2023 at 08:31 By Help Net Security Security observability uses the external outputs of a system, its logs, metrics, and traces to infer risk, monitor threats, and alert on breaches. Security professionals use this close observation of system behavior to detect, understand, and stop new and
React to this headline:
How security observability can help you fight cyber attacks Read More »
A closer look at healthcare’s battle with AI-driven attacks 31/10/2023 at 08:02 By Mirko Zorz With its wealth of sensitive patient data, the healthcare industry has become a prime target for cybercriminals leveraging AI tools. As these threats continue to evolve, it’s important to understand how AI is shaping the cybercrime landscape in healthcare and
React to this headline:
A closer look at healthcare’s battle with AI-driven attacks Read More »
Vulnerability management metrics: How to measure success 31/10/2023 at 07:32 By Help Net Security Without the right metrics, vulnerability management is pretty pointless. If you’re not measuring, how do you know it’s working? So how do you know what to focus on? The list is potentially endless, and it can be hard to know what’s
React to this headline:
Vulnerability management metrics: How to measure success Read More »
F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) 30/10/2023 at 18:46 By Helga Labus F5 Networks has released hotfixes for three vulnerabilities affecting its BIG-IP multi-purpose networking devices/modules, including a critical authentication bypass vulnerability (CVE-2023-46747) that could lead to unauthenticated remote code execution (RCE). About CVE-2023-46747 Discovered and reported by Thomas Hendrickson and Michael Weber of Praetorian
React to this headline:
F5 fixes critical BIG-IP vulnerability (CVE-2023-46747) Read More »
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) 30/10/2023 at 14:46 By Zeljka Zorz CVE-2023-4966, aka “Citrix Bleed”, a critical information disclosure vulnerability affecting Citrix NetScaler ADC/Gateway devices, is being massively exploited by threat actors. According to security researcher Kevin Beaumont’s cybersecurity industry sources, one ransomware group has already distributed a Python script to automate the
React to this headline:
Citrix Bleed: Mass exploitation in progress (CVE-2023-4966) Read More »