Don’t miss

LockBit disrupted by international law enforcement task force

LockBit disrupted by international law enforcement task force 2024-02-20 at 13:01 By Zeljka Zorz On Monday afternoon, LockBit’s leak site has been taken over by a coalition of law enforcement agencies and is showing a seizure notice that promises more details today, at 11:30 GMT. “This site is now under the control of The National […]

React to this headline:

Loading spinner

LockBit disrupted by international law enforcement task force Read More »

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP!

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! 2024-02-20 at 12:16 By Zeljka Zorz ConnectWise has fixed two vulnerabilities in ScreenConnect that could allow attackers to execute remote code or directly impact confidential data or critical systems. “There is no evidence that these vulnerabilities have been exploited in the wild, but immediate action must be taken

React to this headline:

Loading spinner

Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! Read More »

How to make sense of the new SEC cyber risk disclosure rules

How to make sense of the new SEC cyber risk disclosure rules 2024-02-20 at 08:01 By Help Net Security SEC’s new cybersecurity risk management, strategy, governance, and incident disclosure rules, which require increased transparency around cybersecurity incidents, have been in effect since December 18, 2023. For businesses that already harbor concerns over their cybersecurity protections,

React to this headline:

Loading spinner

How to make sense of the new SEC cyber risk disclosure rules Read More »

How decentralized identity is shaping the future of data protection

How decentralized identity is shaping the future of data protection 2024-02-20 at 07:32 By Mirko Zorz In this Help Net Security interview, Patrick Harding, Chief Architect at Ping Identity, discusses the promises and implications of decentralized identity (DCI) in cybersecurity. By redistributing identity management responsibilities among issuers, holders, and verifiers, DCI empowers individuals to selectively

React to this headline:

Loading spinner

How decentralized identity is shaping the future of data protection Read More »

Why identity fraud costs organizations millions

Why identity fraud costs organizations millions 2024-02-20 at 07:01 By Help Net Security 92% of respondents to a recent report shared that their organization had been a victim of identity fraud, costing an average of $4.3 million over the last 12 months. Even so, only 40% stated identity verification as a top identity challenge, noting

React to this headline:

Loading spinner

Why identity fraud costs organizations millions Read More »

36% of code generated by GitHub CoPilot contains security flaws

36% of code generated by GitHub CoPilot contains security flaws 2024-02-20 at 06:32 By Help Net Security Security debt, defined as flaws that remain unfixed for longer than a year, exists in 42% of applications and 71% of organizations, according to Veracode. Worryingly, 46% of organizations have persistent, high-severity flaws that constitute ‘critical’ security debt,

React to this headline:

Loading spinner

36% of code generated by GitHub CoPilot contains security flaws Read More »

Balancing “super app” ambitions with privacy

Balancing “super app” ambitions with privacy 2024-02-19 at 08:31 By Help Net Security When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled. In fact, since the

React to this headline:

Loading spinner

Balancing “super app” ambitions with privacy Read More »

CVE Prioritizer: Open-source tool to prioritize vulnerability patching

CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your

React to this headline:

Loading spinner

CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »

Inside the strategy of Salesforce’s new Chief Trust Officer

Inside the strategy of Salesforce’s new Chief Trust Officer 2024-02-19 at 07:32 By Mirko Zorz Recently, Salesforce named Brad Arkin, previously Chief Security & Trust Officer at Cisco, the company’s new Chief Trust Officer. This was the perfect opportunity to find out more about his plans. In this Help Net Security interview, Arkin discusses a

React to this headline:

Loading spinner

Inside the strategy of Salesforce’s new Chief Trust Officer Read More »

RCE vulnerabilities fixed in SolarWinds enterprise solutions

RCE vulnerabilities fixed in SolarWinds enterprise solutions 2024-02-19 at 07:01 By Zeljka Zorz SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT administration platform has been infamously compromised in

React to this headline:

Loading spinner

RCE vulnerabilities fixed in SolarWinds enterprise solutions Read More »

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge 2024-02-16 at 08:01 By Help Net Security The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will

React to this headline:

Loading spinner

Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge Read More »

Cybersecurity sectors adjust as DDoS attacks reach new heights

Cybersecurity sectors adjust as DDoS attacks reach new heights 2024-02-16 at 07:05 By Help Net Security In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from

React to this headline:

Loading spinner

Cybersecurity sectors adjust as DDoS attacks reach new heights Read More »

Battery maker Varta halts production after cyberattack

Battery maker Varta halts production after cyberattack 2024-02-15 at 14:17 By Helga Labus German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack. The Varta cyberattack The cyberattack occurred on Monday night and affected five of the company’s production plants and the administration. According

React to this headline:

Loading spinner

Battery maker Varta halts production after cyberattack Read More »

iOS users beware: GoldPickaxe trojan steals your facial data

iOS users beware: GoldPickaxe trojan steals your facial data 2024-02-15 at 12:16 By Help Net Security Group-IB uncovered a new iOS trojan designed to steal users’ facial recognition data, identity documents, and intercept SMS. The trojan, dubbed GoldPickaxe.iOS by Group-IB’s Threat Intelligence unit, has been attributed to a Chinese-speaking threat actor codenamed GoldFactory, responsible for

React to this headline:

Loading spinner

iOS users beware: GoldPickaxe trojan steals your facial data Read More »

AI outsourcing: A strategic guide to managing third-party risks

AI outsourcing: A strategic guide to managing third-party risks 2024-02-15 at 08:01 By Help Net Security In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this approach comes with its own set of risks. From data security concerns to operational disruptions,

React to this headline:

Loading spinner

AI outsourcing: A strategic guide to managing third-party risks Read More »

5 free digital forensics tools to boost your investigations

5 free digital forensics tools to boost your investigations 2024-02-15 at 07:32 By Help Net Security Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.

React to this headline:

Loading spinner

5 free digital forensics tools to boost your investigations Read More »

Collaboration at the core: The interconnectivity of ITOps and security

Collaboration at the core: The interconnectivity of ITOps and security 2024-02-15 at 07:01 By Help Net Security In this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats. Organizations are still struggling with the issue of disjointed data protection solutions, leading

React to this headline:

Loading spinner

Collaboration at the core: The interconnectivity of ITOps and security Read More »

How are state-sponsored threat actors leveraging AI?

How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to

React to this headline:

Loading spinner

How are state-sponsored threat actors leveraging AI? Read More »

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358)

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities

React to this headline:

Loading spinner

QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) Read More »

Corporate users getting tricked into downloading AnyDesk

Corporate users getting tricked into downloading AnyDesk 2024-02-14 at 11:16 By Helga Labus Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match their roles

React to this headline:

Loading spinner

Corporate users getting tricked into downloading AnyDesk Read More »

Scroll to Top