Don’t miss

Faction: Open-source pentesting report generation and collaboration framework

Don't miss, GitHub, News, open source, penetration testing, report, software /

Faction: Open-source pentesting report generation and collaboration framework 2024-01-30 at 07:31 By Mirko Zorz Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant […]

React to this headline:

Loading spinner

Faction: Open-source pentesting report generation and collaboration framework Read More »

Ransomware recap 2023 highlights cybersecurity crisis

CyberInt, cybersecurity, Don't miss, extortion, Hot stuff, Ransomware, supply chain attacks, Video /

Ransomware recap 2023 highlights cybersecurity crisis 2024-01-30 at 07:02 By Help Net Security In this Help Net Security video, Yochai Corem, CEO of Cyberint, explores the ransomware environment’s development, effects, and emerging patterns throughout the previous year. 2023 marked a historic high for ransomware groups, with a 55.5% increase in attacks, reaching 4,368 victims globally,

React to this headline:

Loading spinner

Ransomware recap 2023 highlights cybersecurity crisis Read More »

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Don't miss, exploit, Hot stuff, Jenkins, News, open source, PoC, security update, SonarSource, vulnerability /

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) 2024-01-29 at 13:31 By Helga Labus Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps

React to this headline:

Loading spinner

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) Read More »

Third-party risk management best practices and why they matter

cyber resilience, cyber risk, Don't miss, Hot stuff, News, Risk Management, third party compromise, tips /

Third-party risk management best practices and why they matter 2024-01-29 at 08:01 By Helga Labus With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party compromises. Third-party risks SecurityScorecard recently found that 98% of organizations are connected with at least one third-party

React to this headline:

Loading spinner

Third-party risk management best practices and why they matter Read More »

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity

access control, CISO, cybercrime, cybersecurity, Don't miss, Features, Hot stuff, Hudson Rock, News, opinion, risk assessment, strategy, Threat Intelligence, tips /

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity 2024-01-29 at 07:32 By Mirko Zorz In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous adaptation in cybersecurity strategies to practical advice

React to this headline:

Loading spinner

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity Read More »

What makes ransomware victims less likely to pay up?

backup, cyber insurance, data theft, Don't miss, Hot stuff, Incident Response, News, Ransomware, research /

What makes ransomware victims less likely to pay up? 2024-01-26 at 08:34 By Zeljka Zorz There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom

React to this headline:

Loading spinner

What makes ransomware victims less likely to pay up? Read More »

Emerging trends and strategies in digital forensics

Artificial Intelligence, Compliance, cybersecurity, data analysis, digital forensics, Don't miss, Features, Hot stuff, News, opinion, Paraben, Privacy /

Emerging trends and strategies in digital forensics 2024-01-26 at 07:01 By Mirko Zorz In this Help Net Security interview, Amber Schroader, CEO at Paraben Corporation, discusses the challenges posed by the complexity of modern computer systems and networks on digital evidence collection. Schroader talks about the impact of exponential data growth on forensic practices, the

React to this headline:

Loading spinner

Emerging trends and strategies in digital forensics Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

React to this headline:

Loading spinner

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

Blackwood APT delivers malware by hijacking legitimate software update requests

backdoor, China, cyber espionage, Don't miss, ESET, hijacking, Japan, Malware, MITM, News, UK /

Blackwood APT delivers malware by hijacking legitimate software update requests 2024-01-25 at 13:32 By Help Net Security ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages

React to this headline:

Loading spinner

Blackwood APT delivers malware by hijacking legitimate software update requests Read More »

AI expected to increase volume, impact of cyberattacks

Artificial Intelligence, cyberattacks, Don't miss, GCHQ, Hot stuff, Malware, NCSC, News, Ransomware, social engineering /

AI expected to increase volume, impact of cyberattacks 2024-01-25 at 12:16 By Helga Labus All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of cyberattacks over the next

React to this headline:

Loading spinner

AI expected to increase volume, impact of cyberattacks Read More »

Fighting insider threats is tricky but essential work

cyber risk, Don't miss, enterprise, Hot stuff, human error, Insider Threat, News /

Fighting insider threats is tricky but essential work 2024-01-25 at 08:01 By Helga Labus Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause

React to this headline:

Loading spinner

Fighting insider threats is tricky but essential work Read More »

Automated Emulation: Open-source breach and attack simulation lab

cybersecurity, Don't miss, GitHub, News, open source, software, Terraform /

Automated Emulation: Open-source breach and attack simulation lab 2024-01-25 at 07:31 By Mirko Zorz Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs the following resources hosted on AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows Client

React to this headline:

Loading spinner

Automated Emulation: Open-source breach and attack simulation lab Read More »

CISOs’ role in identifying tech components and managing supply chains

Artificial Intelligence, CISO, cybersecurity, Don't miss, Eclypsium, Features, hardware, Hot stuff, News, opinion, regulation, software, strategy, supply chain /

CISOs’ role in identifying tech components and managing supply chains 2024-01-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Warfield also discusses the vital collaboration between security and

React to this headline:

Loading spinner

CISOs’ role in identifying tech components and managing supply chains Read More »

In 2024, AI and ML shift from flashy to functional

Archive360, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, machine learning, regulation, Video /

In 2024, AI and ML shift from flashy to functional 2024-01-25 at 06:31 By Help Net Security AI and ML deserve the hype they get, but the focus can’t always be on the glitz. As these advances to deliver real benefits, there’s a slew of more mundane actions that have to be taken—and in 2024,

React to this headline:

Loading spinner

In 2024, AI and ML shift from flashy to functional Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

The effect of omission bias on vulnerability management

cyber resilience, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, remediation, trackd, vulnerability management /

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

React to this headline:

Loading spinner

The effect of omission bias on vulnerability management Read More »

10 USA cybersecurity conferences you should visit in 2024

conferences, Don't miss, Hot stuff, News, USA /

10 USA cybersecurity conferences you should visit in 2024 2024-01-24 at 08:01 By Help Net Security Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an

React to this headline:

Loading spinner

10 USA cybersecurity conferences you should visit in 2024 Read More »

Prioritizing CIS Controls for effective cybersecurity across organizations

Center for Internet Security, CISO, cybersecurity, Don't miss, Features, framework, GRC, Hot stuff, News, opinion, standards, strategy, tips, Virginia Tech /

Prioritizing CIS Controls for effective cybersecurity across organizations 2024-01-24 at 07:32 By Mirko Zorz In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and

React to this headline:

Loading spinner

Prioritizing CIS Controls for effective cybersecurity across organizations Read More »

Why resilience leaders must prepare for polycrises

cyber resilience, cybersecurity, Don't miss, Hot stuff, hybrid workforce, Infinite Blue, supply chain, threats, Video /

Why resilience leaders must prepare for polycrises 2024-01-24 at 07:02 By Help Net Security In this Help Net Security video, Frank Shultz, CEO of Infinite Blue, discusses how more frequent and severe disruptions and our increasingly interconnected world collide to create a new threat for resilience leaders to manage: polycrises. These multiple concurrent or cascading

React to this headline:

Loading spinner

Why resilience leaders must prepare for polycrises Read More »

Software supply chain attacks are getting easier

cybercrime, cybersecurity, Don't miss, News, open source, report, ReversingLabs, software, supply chain attacks, survey /

Software supply chain attacks are getting easier 2024-01-24 at 06:03 By Help Net Security ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a

React to this headline:

Loading spinner

Software supply chain attacks are getting easier Read More »

Scroll to Top