We can’t risk losing staff to alert fatigue 2024-02-14 at 08:32 By Help Net Security The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information […]
React to this headline:
We can’t risk losing staff to alert fatigue Read More »
Rise in cyberwarfare tactics fueled by geopolitical tensions 2024-02-14 at 08:02 By Mirko Zorz In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in
React to this headline:
Rise in cyberwarfare tactics fueled by geopolitical tensions Read More »
Fabric: Open-source framework for augmenting humans using AI 2024-02-14 at 07:31 By Mirko Zorz Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use AI.
React to this headline:
Fabric: Open-source framework for augmenting humans using AI Read More »
How to take control of personal data 2024-02-14 at 07:01 By Help Net Security Cybercriminals increasingly use open-source intelligence (OSINT) to craft convincing backstories, often by mining social media profiles for details on a target’s profession, interests, and routines. Armed with these personal insights, these malicious actors leverage chatbots to compose highly persuasive messages. Additionally,
React to this headline:
How to take control of personal data Read More »
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen
React to this headline:
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) 2024-02-13 at 13:01 By Helga Labus Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request
React to this headline:
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) 2024-02-13 at 11:46 By Zeljka Zorz CVE-2023-43770, a vulnerability in the Roundcube webmail software that has been fixed in September 2023, is being exploited by attackers in the wild, CISA has warned by adding the vulnerability to its Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-43770 Roundcube is
React to this headline:
Roundcube webmail XSS vulnerability exploited by attackers (CVE-2023-43770) Read More »
The future of cybersecurity: Anticipating changes with data analytics and automation 2024-02-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Mick Baccio, Staff Security Strategist at Splunk SURGe, discusses the future of cybersecurity, emphasizing the importance of data analytics and automation in addressing evolving threats. He points out the changes in threat
React to this headline:
The future of cybersecurity: Anticipating changes with data analytics and automation Read More »
Protecting against AI-enhanced email threats 2024-02-13 at 07:31 By Helga Labus Generative AI based on large language models (LLMs) has become a valuable tool for individuals and businesses, but also cybercriminals. Its ability to process large amounts of data and quickly generate results has contributed to its widespread adoption. AI in the hands of cybercriminals
React to this headline:
Protecting against AI-enhanced email threats Read More »
How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity 2024-02-13 at 07:01 By Help Net Security In this Help Net Security video, Andrew Costis, Chapter Lead of the Adversary Research Team at AttackIQ, discusses how purple teaming allows security teams to break down barriers between teams and increase operational effectiveness. It’s no longer about
React to this headline:
How purple teaming enhances inter-team collaboration and effectiveness in cybersecurity Read More »
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) 2024-02-12 at 21:01 By Zeljka Zorz Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though
React to this headline:
Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) Read More »
Decryptor for Rhysida ransomware is available! 2024-02-12 at 13:46 By Zeljka Zorz Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. About Rhysida Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed in May 2023,
React to this headline:
Decryptor for Rhysida ransomware is available! Read More »
Integrating cybersecurity into vehicle design and manufacturing 2024-02-12 at 08:01 By Mirko Zorz In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber
React to this headline:
Integrating cybersecurity into vehicle design and manufacturing Read More »
Hacking the flow: The consequences of compromised water systems 2024-02-12 at 07:31 By Help Net Security In this Help Net Security video, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, discusses the dire consequences of hacking water systems and why their cybersecurity must be prioritized. From contaminating water supplies to disrupting essential services, the impact
React to this headline:
Hacking the flow: The consequences of compromised water systems Read More »
SiCat: Open-source exploit finder 2024-02-12 at 06:31 By Mirko Zorz SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits. Akas Wisnu Aji,
React to this headline:
SiCat: Open-source exploit finder Read More »
February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new
React to this headline:
February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »
Why we fall for fake news and how can we change that? 2024-02-09 at 08:32 By Helga Labus Have you ever been swept away by an enticing headline and didn’t bother to probe the news in-depth? You might have shared an eye-catching news story or engaged with a compelling post, only to realize later that
React to this headline:
Why we fall for fake news and how can we change that? Read More »
Key strategies for ISO 27001 compliance adoption 2024-02-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard. Long advises organizations to establish a detailed project roadmap and to book certification audits
React to this headline:
Key strategies for ISO 27001 compliance adoption Read More »
How companies are misjudging their data privacy preparedness 2024-02-09 at 06:31 By Help Net Security In this Help Net Security video, Karen Schuler, Global Privacy & Data Protection Chair at BDO, discusses overconfidence in data privacy and data protection practices. There is an apparent disconnect between tech CFOs’ confidence and consumer perceptions. BDO’s 2024 Technology
React to this headline:
How companies are misjudging their data privacy preparedness Read More »
LassPass is not LastPass: Fraudulent app on Apple App Store 2024-02-08 at 17:02 By Zeljka Zorz A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in question
React to this headline:
LassPass is not LastPass: Fraudulent app on Apple App Store Read More »