AI risks under the auditor’s lens more than ever 2024-04-10 at 07:01 By Help Net Security According to a recent Gartner survey, widespread GenAI adoption has resulted in a scramble to provide audit coverage for potential risks arising from the technology’s use. In this Help Net Security video, Thomas Teravainen, a Research Specialist at Gartner, […]
React to this headline:
AI risks under the auditor’s lens more than ever Read More »
Cybersecurity jobs available right now: April 10, 2024 2024-04-10 at 06:32 By Mirko Zorz Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident Response
React to this headline:
Cybersecurity jobs available right now: April 10, 2024 Read More »
Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being
React to this headline:
LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search
React to this headline:
LG smart TVs may be taken over by remote attackers Read More »
New Google Workspace feature prevents sensitive security changes if two admins don’t approve them 2024-04-09 at 17:31 By Zeljka Zorz Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced. What does the feature do? Google Workspace (formerly G Suite) is a cloud-based set of productivity
React to this headline:
New Latrodectus loader steps in for Qbot 2024-04-09 at 14:02 By Zeljka Zorz New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observed being distributed by TA577, an
React to this headline:
New Latrodectus loader steps in for Qbot Read More »
How exposure management elevates cyber resilience 2024-04-09 at 07:46 By Help Net Security Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations
React to this headline:
How exposure management elevates cyber resilience Read More »
EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and
React to this headline:
EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »
Strategies for secure identity management in hybrid environments 2024-04-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify
React to this headline:
Strategies for secure identity management in hybrid environments Read More »
Defining a holistic GRC strategy 2024-04-09 at 06:31 By Help Net Security End-user spending on security and risk management will total $215 billion in 2024, according to Gartner. In this Help Net Security video, Nicholas Kathmann, CISO at LogicGate, discusses why companies are turning to a holistic GRC strategy. Businesses often consider GRC a “necessary
React to this headline:
Defining a holistic GRC strategy Read More »
XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat
React to this headline:
XZ Utils backdoor: Detection tools, scripts, rules Read More »
92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive
React to this headline:
April 2024 Patch Tuesday forecast: New and old from Microsoft 2024-04-08 at 08:31 By Help Net Security This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw
React to this headline:
April 2024 Patch Tuesday forecast: New and old from Microsoft Read More »
How can the energy sector bolster its resilience to ransomware attacks? 2024-04-08 at 08:01 By Help Net Security Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions
React to this headline:
How can the energy sector bolster its resilience to ransomware attacks? Read More »
WiCyS: A champion for a more diverse cybersecurity workforce 2024-04-08 at 07:31 By Zeljka Zorz In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different stages of their cybersecurity journey. WiCyS (pronounced Wee-Sis) is an organization dedicated to advancing the
React to this headline:
WiCyS: A champion for a more diverse cybersecurity workforce Read More »
How malicious email campaigns continue to slip through the cracks 2024-04-08 at 07:01 By Help Net Security In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business. Cofense researchers have
React to this headline:
How malicious email campaigns continue to slip through the cracks Read More »
Cybercriminal adoption of browser fingerprinting 2024-04-05 at 08:01 By Help Net Security Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now
React to this headline:
Cybercriminal adoption of browser fingerprinting Read More »
How manual access reviews might be weakening your defenses 2024-04-05 at 06:31 By Help Net Security As businesses evolve, they often experience changes in roles, partnerships, and staff turnover. This dynamic can result in improper access to data and resources. Such mismanagement leads to superfluous expenses from excessive software licensing fees and heightens the risk
React to this headline:
How manual access reviews might be weakening your defenses Read More »
Omni Hotels suffer prolonged IT outage due to cyberattack 2024-04-04 at 17:32 By Zeljka Zorz Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across
React to this headline:
Omni Hotels suffer prolonged IT outage due to cyberattack Read More »
Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months
React to this headline:
Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »