Don’t miss

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Cisco, Don't miss, enterprise, exploit, GreyNoise, Hot stuff, News, Ransomware, Truesec, vulnerability /

Akira, LockBit actively searching for vulnerable Cisco ASA devices 2024-02-08 at 14:31 By Zeljka Zorz Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023. […]

React to this headline:

Loading spinner

Akira, LockBit actively searching for vulnerable Cisco ASA devices Read More »

10 tips for creating your security hackathon playbook

cybersecurity, Don't miss, Expert analysis, Expert corner, hacking contest, Hot stuff, Intel, News, opinion, product testing, security testing, tips /

10 tips for creating your security hackathon playbook 2024-02-08 at 08:01 By Help Net Security For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing

React to this headline:

Loading spinner

10 tips for creating your security hackathon playbook Read More »

Choosing the right partner when outsourcing cybersecurity

automation, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, regulation, risk, WDigital /

Choosing the right partner when outsourcing cybersecurity 2024-02-08 at 07:31 By Mirko Zorz In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. She compares the cost-effectiveness of outsourcing to maintaining an in-house team, noting the challenges of recruitment, training,

React to this headline:

Loading spinner

Choosing the right partner when outsourcing cybersecurity Read More »

SOAPHound: Open-source tool to collect Active Directory data via ADWS

Active Directory, Don't miss, GitHub, Hot stuff, News, open source, software /

SOAPHound: Open-source tool to collect Active Directory data via ADWS 2024-02-08 at 07:02 By Mirko Zorz SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from

React to this headline:

Loading spinner

SOAPHound: Open-source tool to collect Active Directory data via ADWS Read More »

How threat actors abuse OAuth apps

access control, access management, Application Security, Astrix Security, attacks, cybersecurity, Don't miss, Hot stuff, OAuth, Video /

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

React to this headline:

Loading spinner

How threat actors abuse OAuth apps Read More »

Chinese hackers breached Dutch Ministry of Defense

Don't miss, EU, Fortinet, Government, government-backed attacks, Hot stuff, Malware, News, Remote Access Trojan, vulnerability /

Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the

React to this headline:

Loading spinner

Chinese hackers breached Dutch Ministry of Defense Read More »

The fight against commercial spyware misuse is heating up

Don't miss, Google, Government, Hot stuff, News, policy, report, spyware, USA /

The fight against commercial spyware misuse is heating up 2024-02-07 at 14:46 By Zeljka Zorz Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy

React to this headline:

Loading spinner

The fight against commercial spyware misuse is heating up Read More »

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

continuous integration, Don't miss, Hot stuff, JetBrains, News, security update, vulnerability /

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) 2024-02-07 at 12:31 By Helga Labus JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative

React to this headline:

Loading spinner

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) Read More »

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

Don't miss, exploit, Hot stuff, Ivanti, News, Shadowserver, vulnerability /

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted

React to this headline:

Loading spinner

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »

Common cloud security mistakes and how to avoid them

cloud security, cyber risk, Data Protection, Don't miss, Hot stuff, misconfiguration, News, strategy, threats, tips /

Common cloud security mistakes and how to avoid them 2024-02-07 at 08:01 By Helga Labus According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to

React to this headline:

Loading spinner

Common cloud security mistakes and how to avoid them Read More »

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

AWS, cybersecurity, database security, Don't miss, GitHub, Hot stuff, News, open source, software /

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that

React to this headline:

Loading spinner

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Enhancing adversary simulations: Learn the business to attack the business

attacks, cybersecurity, Don't miss, DVULN, Features, Hot stuff, News, red team, strategy /

Enhancing adversary simulations: Learn the business to attack the business 2024-02-07 at 07:01 By Mirko Zorz In this Help Net Security interview, Jamieson O’Reilly, Founder of DVULN, discusses adversary simulations, shedding light on challenges rooted in human behavior, decision-making, and responses to evolving cyber threats. Unveiling the interplay between red and blue teams, O’Reilly talks

React to this headline:

Loading spinner

Enhancing adversary simulations: Learn the business to attack the business Read More »

Demystifying SOC-as-a-Service (SOCaaS)

access management, attacks, Cloud, Cyber Guards, cybersecurity, Don't miss, Hot stuff, identity, Incident Response, monitoring, SOC, Video /

Demystifying SOC-as-a-Service (SOCaaS) 2024-02-07 at 06:31 By Help Net Security Threat actors aren’t looking for companies of specific sizes or industries, they are looking for opportunities. Given that many companies operate in the dark and overlook breaches until ransomware attacks occur, this makes the threat actors’ job easy. It also underscores the urgency for proactive

React to this headline:

Loading spinner

Demystifying SOC-as-a-Service (SOCaaS) Read More »

Whitepaper: Why Microsoft’s password protection is not enough

Don't miss, Enzoic, News, Whitepapers and webinars /

Whitepaper: Why Microsoft’s password protection is not enough 2024-02-07 at 05:48 By Help Net Security Microsoft’s Azure AD Password Protection, now rebranded as Microsoft Entra ID helps users create a password policy they hope will protect their systems from account takeover and other identity and access management issues. However, Entra ID has significant security gaps.

React to this headline:

Loading spinner

Whitepaper: Why Microsoft’s password protection is not enough Read More »

How CISOs navigate policies and access across enterprises

access management, Check Point, cloud security, cybersecurity, Data Protection, Don't miss, Features, framework, Hot stuff, identity management, News, opinion, strategy, zero trust /

How CISOs navigate policies and access across enterprises 2024-02-06 at 08:01 By Mirko Zorz In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point, discusses the challenge of balancing data protection with diverse policies, devices, and access controls in a distributed enterprise. He also highlights the significance of security validations, especially internal

React to this headline:

Loading spinner

How CISOs navigate policies and access across enterprises Read More »

3 ways to achieve crypto agility in a post-quantum world

AppViewX, certificate authority, certificates, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, standards, strategy /

3 ways to achieve crypto agility in a post-quantum world 2024-02-06 at 07:31 By Help Net Security Working at the speed of digital business is a constant challenge. But in today’s increasingly automated operational environment, crypto agility—i.e., an organization’s ability to (at the moment of compromise) switch rapidly and seamlessly between certificate authorities, encryption standards

React to this headline:

Loading spinner

3 ways to achieve crypto agility in a post-quantum world Read More »

10 must-read cybersecurity books for 2024

books, cybersecurity, Don't miss, Hot stuff, how-to, Learning Tree, News, No Starch Press, skill development, strategy, tips /

10 must-read cybersecurity books for 2024 2024-02-06 at 07:01 By Help Net Security Our list of cybersecurity books has been curated to steer your professional growth in 2024. This selection aims to provide comprehensive information security insights and knowledge, ensuring you stay ahead in your career learning journey throughout the year. Cyber for Builders: The

React to this headline:

Loading spinner

10 must-read cybersecurity books for 2024 Read More »

Exploring NIST Cybersecurity Framework 2.0

Don't miss, framework, SeeMetrics, Video /

Exploring NIST Cybersecurity Framework 2.0 2024-02-06 at 06:31 By Help Net Security In this Help Net Security video, Dan Erel, VP of Security at SeeMetrics, discusses NIST Cybersecurity Framework (CSF) 2.0. NIST CSF is based on existing standards, guidelines, and practices for organizations to manage and reduce cybersecurity risk better. It was designed to foster

React to this headline:

Loading spinner

Exploring NIST Cybersecurity Framework 2.0 Read More »

Scroll to Top