Don’t miss

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly […]

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

RaaS groups increasing efforts to recruit affiliates

cybercrime, cybercriminals, dark web, Don't miss, GuidePoint Security, Hot stuff, News, Ransomware, research /

RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the

React to this headline:

Loading spinner

RaaS groups increasing efforts to recruit affiliates Read More »

The most prevalent malware behaviors and techniques

Don't miss, Elastic, malware analysis, malware detection, News, research, tips /

The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered

React to this headline:

Loading spinner

The most prevalent malware behaviors and techniques Read More »

Red teaming in the AI era

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Lakera, News, opinion, red team, software /

Red teaming in the AI era 2024-03-20 at 07:31 By Help Net Security As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the effort to

React to this headline:

Loading spinner

Red teaming in the AI era Read More »

Security best practices for GRC teams

automation, Compliance, cybersecurity, Don't miss, GRC, Hot stuff, regulation, Secureframe, standards, Video /

Security best practices for GRC teams 2024-03-20 at 06:31 By Help Net Security Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at Secureframe, talks

React to this headline:

Loading spinner

Security best practices for GRC teams Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Surviving the “quantum apocalypse” with fully homomorphic encryption

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Privacy, quantum computing, Zama /

Surviving the “quantum apocalypse” with fully homomorphic encryption 2024-03-19 at 10:04 By Help Net Security In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully building quantum computers. These actors see a lot of potential

React to this headline:

Loading spinner

Surviving the “quantum apocalypse” with fully homomorphic encryption Read More »

Cybersecurity jobs available right now: March 19, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: March 19, 2024 2024-03-19 at 07:35 By Mirko Zorz Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a fast-paced

React to this headline:

Loading spinner

Cybersecurity jobs available right now: March 19, 2024 Read More »

Outsmarting cybercriminal innovation with strategies for enterprise resilience

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, GISEC, Hot stuff, machine learning, News, Nokia, opinion, regulation, strategy, supply chain attacks, Threat Intelligence, threats, UAE /

Outsmarting cybercriminal innovation with strategies for enterprise resilience 2024-03-19 at 07:19 By Mirko Zorz In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies. Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition bringing

React to this headline:

Loading spinner

Outsmarting cybercriminal innovation with strategies for enterprise resilience Read More »

Why is everyone talking about certificate automation?

automation, certificates, cybersecurity, Don't miss, GlobalSign, Hot stuff, Video /

Why is everyone talking about certificate automation? 2024-03-19 at 07:19 By Help Net Security Digital Certificates are not new. In this Help Net Security video, Andreas Brix, Senior Program Manager at GlobalSign, discusses why they are back in the news and what you should do about it. The post Why is everyone talking about certificate

React to this headline:

Loading spinner

Why is everyone talking about certificate automation? Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

React to this headline:

Loading spinner

Lynis: Open-source security auditing tool Read More »

Fujitsu finds malware on company systems, investigates possible data breach

cyberattack, data breach, data theft, Don't miss, Fujitsu, Hot stuff, Japan, Malware, News /

Fujitsu finds malware on company systems, investigates possible data breach 2024-03-18 at 22:27 By Helga Labus Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company’s computers have been compromised with malware, leading to a possible data breach. Known details about the Fujitsu data breach The company published the security

React to this headline:

Loading spinner

Fujitsu finds malware on company systems, investigates possible data breach Read More »

Nissan breach exposed data of 100,000 individuals

Australia, data breach, data theft, Don't miss, Hot stuff, manufacturing sector, News, Ransomware /

Nissan breach exposed data of 100,000 individuals 2024-03-18 at 13:46 By Helga Labus Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them. First response In early December 2023, the company – a regional Nissan division which includes Nissan Motor Corporation and Nissan

React to this headline:

Loading spinner

Nissan breach exposed data of 100,000 individuals Read More »

Harnessing the power of privacy-enhancing tech for safer AI adoption

Artificial Intelligence, cybersecurity, data, Don't miss, Enveil, framework, Hot stuff, machine learning, Privacy, regulation, Video /

Harnessing the power of privacy-enhancing tech for safer AI adoption 2024-03-18 at 12:01 By Help Net Security A consensus on regulatory AI frameworks seems distant. Yet, the imperative for secure and responsible AI deployment cannot be overstated. How can leaders proactively address AI adoption challenges while waiting for regulatory clarity? In this Help Net Security

React to this headline:

Loading spinner

Harnessing the power of privacy-enhancing tech for safer AI adoption Read More »

Quicmap: Fast, open-source QUIC protocol scanner

Don't miss, GitHub, networking, News, open source, penetration testing, scanning, software /

Quicmap: Fast, open-source QUIC protocol scanner 2024-03-18 at 12:01 By Mirko Zorz Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my favorite scanner had

React to this headline:

Loading spinner

Quicmap: Fast, open-source QUIC protocol scanner Read More »

43 million workers potentially affected in France Travail data breach

data breach, data theft, Don't miss, EU, France, Government, Hot stuff, News /

43 million workers potentially affected in France Travail data breach 2024-03-18 at 10:29 By Helga Labus French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The breach The agencies

React to this headline:

Loading spinner

43 million workers potentially affected in France Travail data breach Read More »

AI and the future of corporate security

access control, Artificial Intelligence, cybersecurity, Don't miss, Everbridge, fraud, Hot stuff, Insider Threat, threats, Video /

AI and the future of corporate security 2024-03-15 at 06:30 By Help Net Security In this Help Net Security video, Tracy Reinhold, CSO at Everbridge, discusses why AI technology must be embraced while also exploring some guardrails that must be in place to protect organizations against threats using AI to penetrate facilities. The post AI

React to this headline:

Loading spinner

AI and the future of corporate security Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

React to this headline:

Loading spinner

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve, backup, disaster recovery, Don't miss, enterprise, exploit, Hot stuff, News, PoC, SMBs, Tenable /

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) 2024-03-14 at 13:00 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as

React to this headline:

Loading spinner

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) Read More »

Scroll to Top