Don’t miss

95% of companies face API security problems

API security, CISO, cybersecurity, Don't miss, Fastly, News, report, survey, threats /

95% of companies face API security problems 2024-03-22 at 06:31 By Help Net Security Despite the critical role of APIs, the vast majority of commercial decision-makers are ignoring the burgeoning security risk for businesses, according to Fastly. Application Programming Interfaces (APIs) have long been recognised as a bedrock of the digital economy and recent figures […]

React to this headline:

Loading spinner

95% of companies face API security problems Read More »

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity

React to this headline:

Loading spinner

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

Fake data breaches: Countering the damage

Cato Networks, CISO, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, threats /

Fake data breaches: Countering the damage 2024-03-21 at 08:01 By Help Net Security Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have stolen data

React to this headline:

Loading spinner

Fake data breaches: Countering the damage Read More »

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs 2024-03-21 at 07:31 By Mirko Zorz WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process, specifically

React to this headline:

Loading spinner

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

React to this headline:

Loading spinner

Using cloud development environments to secure source code Read More »

Secrets sprawl: Protecting your critical secrets

Don't miss, GitGuardian, Hot stuff, News /

Secrets sprawl: Protecting your critical secrets 2024-03-21 at 06:31 By Help Net Security Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As the undisputed

React to this headline:

Loading spinner

Secrets sprawl: Protecting your critical secrets Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

RaaS groups increasing efforts to recruit affiliates

cybercrime, cybercriminals, dark web, Don't miss, GuidePoint Security, Hot stuff, News, Ransomware, research /

RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the

React to this headline:

Loading spinner

RaaS groups increasing efforts to recruit affiliates Read More »

The most prevalent malware behaviors and techniques

Don't miss, Elastic, malware analysis, malware detection, News, research, tips /

The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered

React to this headline:

Loading spinner

The most prevalent malware behaviors and techniques Read More »

Red teaming in the AI era

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Lakera, News, opinion, red team, software /

Red teaming in the AI era 2024-03-20 at 07:31 By Help Net Security As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the effort to

React to this headline:

Loading spinner

Red teaming in the AI era Read More »

Security best practices for GRC teams

automation, Compliance, cybersecurity, Don't miss, GRC, Hot stuff, regulation, Secureframe, standards, Video /

Security best practices for GRC teams 2024-03-20 at 06:31 By Help Net Security Even with the best-of-the-best tools and tech stack monitoring vulnerabilities, every security executive and GRC leader should still have some layer of paranoia. If they don’t, that’s a huge issue. In this Help Net Security video, Shrav Mehta, CEO at Secureframe, talks

React to this headline:

Loading spinner

Security best practices for GRC teams Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

React to this headline:

Loading spinner

NIST’s NVD has encountered a problem Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

React to this headline:

Loading spinner

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Surviving the “quantum apocalypse” with fully homomorphic encryption

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Privacy, quantum computing, Zama /

Surviving the “quantum apocalypse” with fully homomorphic encryption 2024-03-19 at 10:04 By Help Net Security In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully building quantum computers. These actors see a lot of potential

React to this headline:

Loading spinner

Surviving the “quantum apocalypse” with fully homomorphic encryption Read More »

Cybersecurity jobs available right now: March 19, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: March 19, 2024 2024-03-19 at 07:35 By Mirko Zorz Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a fast-paced

React to this headline:

Loading spinner

Cybersecurity jobs available right now: March 19, 2024 Read More »

Outsmarting cybercriminal innovation with strategies for enterprise resilience

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, GISEC, Hot stuff, machine learning, News, Nokia, opinion, regulation, strategy, supply chain attacks, Threat Intelligence, threats, UAE /

Outsmarting cybercriminal innovation with strategies for enterprise resilience 2024-03-19 at 07:19 By Mirko Zorz In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies. Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition bringing

React to this headline:

Loading spinner

Outsmarting cybercriminal innovation with strategies for enterprise resilience Read More »

Why is everyone talking about certificate automation?

automation, certificates, cybersecurity, Don't miss, GlobalSign, Hot stuff, Video /

Why is everyone talking about certificate automation? 2024-03-19 at 07:19 By Help Net Security Digital Certificates are not new. In this Help Net Security video, Andreas Brix, Senior Program Manager at GlobalSign, discusses why they are back in the news and what you should do about it. The post Why is everyone talking about certificate

React to this headline:

Loading spinner

Why is everyone talking about certificate automation? Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

React to this headline:

Loading spinner

Lynis: Open-source security auditing tool Read More »

Fujitsu finds malware on company systems, investigates possible data breach

cyberattack, data breach, data theft, Don't miss, Fujitsu, Hot stuff, Japan, Malware, News /

Fujitsu finds malware on company systems, investigates possible data breach 2024-03-18 at 22:27 By Helga Labus Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company’s computers have been compromised with malware, leading to a possible data breach. Known details about the Fujitsu data breach The company published the security

React to this headline:

Loading spinner

Fujitsu finds malware on company systems, investigates possible data breach Read More »

Nissan breach exposed data of 100,000 individuals

Australia, data breach, data theft, Don't miss, Hot stuff, manufacturing sector, News, Ransomware /

Nissan breach exposed data of 100,000 individuals 2024-03-18 at 13:46 By Helga Labus Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them. First response In early December 2023, the company – a regional Nissan division which includes Nissan Motor Corporation and Nissan

React to this headline:

Loading spinner

Nissan breach exposed data of 100,000 individuals Read More »

Scroll to Top