Don’t miss

Using AI/ML to optimize your tech stack and enhance business efficiency

Artificial Intelligence, CIO, digital transformation, Don't miss, Features, Hot stuff, how-to, Lenovo, machine learning, News, opinion, regulation, strategy, tips /

Using AI/ML to optimize your tech stack and enhance business efficiency 19/07/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Arthur Hu, SVP, Global CIO and Services & Solutions Group CTO at Lenovo, discusses how AI/ML is optimizing tech stacks, the hurdles anticipated in its integration, the role of AI in enterprise […]

React to this headline:

Loading spinner

Using AI/ML to optimize your tech stack and enhance business efficiency Read More »

What to do (and what not to do) after a data breach

CISO, cybersecurity, data breach, Don't miss, Hot stuff, how-to, strategy, tips, Video /

What to do (and what not to do) after a data breach 19/07/2023 at 07:02 By Help Net Security Data breaches have been hitting the headlines left and right. Every time a breach occurs, the impacted organization’s response differs from the last. In this Help Net Security video, Rodman Ramezanian, Global Cloud Threat Lead at

React to this headline:

Loading spinner

What to do (and what not to do) after a data breach Read More »

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203)

0-day, Adobe, Adobe ColdFusion, Don't miss, exploit, Hot stuff, News, Project Discovery, Rapid7, security update, vulnerability /

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) 18/07/2023 at 17:17 By Zeljka Zorz Attackers are exploiting two Adobe ColdFusion vulnerabilities (CVE-2023-29298, CVE-2023-38203) to breach servers and install web shells to enable persistent access and allow remote control of the system, according to Rapid7 researchers. Flaws with incomplete fixes On July 11, 2023,

React to this headline:

Loading spinner

Adobe ColdFusion vulnerabilities exploited to deliver web shells (CVE-2023-29298, CVE-2023-38203) Read More »

VirusTotal leaked data of 5,600 registered users

Data leak, Don't miss, enterprise, Google, Government, Hot stuff, News, social engineering, spear-phishing, user data, VirusTotal /

VirusTotal leaked data of 5,600 registered users 18/07/2023 at 15:47 By Helga Labus VirusTotal has suffered a data leak that exposed the names and email addresses of 5,600 of its registered users. The leaked data reportedly includes information about employees of US and German intelligence agencies (among others). VirusTotal data leak exposed exploitable information Google-owned

React to this headline:

Loading spinner

VirusTotal leaked data of 5,600 registered users Read More »

12 open-source penetration testing tools you might not know about

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, Red Siege, software /

12 open-source penetration testing tools you might not know about 18/07/2023 at 07:34 By Mirko Zorz Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give

React to this headline:

Loading spinner

12 open-source penetration testing tools you might not know about Read More »

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

0-day, Don't miss, Hot stuff, News, open source, security update, Synacor, vulnerability /

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) 17/07/2023 at 14:47 By Helga Labus A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a

React to this headline:

Loading spinner

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) Read More »

CISOs under pressure: Protecting sensitive information in the age of high employee turnover

access management, Artificial Intelligence, burnout, CISO, cybersecurity, Don't miss, Features, Gartner, Hot stuff, how-to, identity management, machine learning, News, NIST, opinion, remote working, security ROI, strategy, supply chain attacks, threats, tips, zero trust /

CISOs under pressure: Protecting sensitive information in the age of high employee turnover 17/07/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles Brooks, Adjunct Professor at Georgetown University’s Applied Intelligence Program and graduate Cybersecurity Programs, talks about how zero trust principles, identity access management, and managed security services are crucial for

React to this headline:

Loading spinner

CISOs under pressure: Protecting sensitive information in the age of high employee turnover Read More »

Real-world examples of quantum-based attacks

attacks, cybersecurity, Don't miss, Hot stuff, quantum computing, strategy, tips, Video /

Real-world examples of quantum-based attacks 17/07/2023 at 07:02 By Help Net Security Quantum computing is poised to revolutionize the way we secure and privatize data. It can potentially disrupt our existing encryption methods, endangering sensitive data from various sources in ways even beyond what we’ve experienced with AI. In this Help Net Security video, Tommaso

React to this headline:

Loading spinner

Real-world examples of quantum-based attacks Read More »

Meta’s Threads app used as a lure

Don't miss, EU, Hot stuff, Meta, mobile apps, Mysk, News, Threads, Veriti /

Meta’s Threads app used as a lure 14/07/2023 at 14:16 By Zeljka Zorz It was to be expected: As the buzz around Meta’s new microblogging platform Threads gained momentum, some individuals have stepped in to take advantage of the fact that the app still can’t formally serve users in the European Union (or China, or

React to this headline:

Loading spinner

Meta’s Threads app used as a lure Read More »

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596)

critical infrastructure, Don't miss, Dragos, energy sector, firmware, Hot stuff, ICS/SCADA, manufacturing sector, News, PLC, Rockwell Automation, security update, vulnerability /

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an

React to this headline:

Loading spinner

Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) Read More »

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities

CVSS, Don't miss, FIRST, News /

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities 13/07/2023 at 14:32 By Help Net Security FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and

React to this headline:

Loading spinner

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities Read More »

Combatting data governance risks of public generative AI tools

Artificial Intelligence, ChatGPT, CISO, cybersecurity, data, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Mindbreeze, opinion /

Combatting data governance risks of public generative AI tools 13/07/2023 at 08:02 By Help Net Security When companies utilize public generative AI tools, the models are refined on input data provided by the company. Regarding data security, unauthorized use of sensitive data or the accidental exposure of proprietary information can lead to reputational damage, legal

React to this headline:

Loading spinner

Combatting data governance risks of public generative AI tools Read More »

Attack Surface Management: Identify and protect the unknown

attack, CISO, cybersecurity, Don't miss, Hot stuff, NetSPI, penetration testing, Video /

Attack Surface Management: Identify and protect the unknown 13/07/2023 at 07:33 By Help Net Security In this Help Net Security video, Brianna McGovern, Product Manager, Attack Surface Management, NetSPI, discusses Attack Surface Management (ASM). Attack Surface Management detects known, unknown, and potentially vulnerable public-facing assets and changes to your attack surface that may introduce risk.

React to this headline:

Loading spinner

Attack Surface Management: Identify and protect the unknown Read More »

Only 45% of cloud data is currently encrypted

Cloud, cloud security, cybersecurity, data, data breach, Don't miss, News, Thales /

Only 45% of cloud data is currently encrypted 13/07/2023 at 06:01 By Help Net Security 39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error was reported as the leading cause of cloud data breaches by

React to this headline:

Loading spinner

Only 45% of cloud data is currently encrypted Read More »

Chinese hackers forged authentication tokens to breach government emails

cloud security, cyber espionage, data theft, Don't miss, Europe, Government, Hot stuff, Microsoft, News, Outlook, USA, vulnerability /

Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident

React to this headline:

Loading spinner

Chinese hackers forged authentication tokens to breach government emails Read More »

How Google Cloud’s AML AI redefines the fight against money laundering

Artificial Intelligence, Compliance, Don't miss, Features, financial industry, Google, Google Cloud, Hot stuff, News, opinion /

How Google Cloud’s AML AI redefines the fight against money laundering 12/07/2023 at 07:02 By Mirko Zorz Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, financial institutions can now stay ahead of evolving financial crime risks, improve operational efficiency, ensure

React to this headline:

Loading spinner

How Google Cloud’s AML AI redefines the fight against money laundering Read More »

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

0-day, BlackBerry, Cisco, cyber espionage, cybercrime, Don't miss, drivers, Google, Hot stuff, Microsoft, MS Office, News, Ransomware, rootkits, security update, Tenable, Trend Micro, Volexity, vulnerability, Windows /

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks

React to this headline:

Loading spinner

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) Read More »

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) 11/07/2023 at 13:02 By Zeljka Zorz Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update

React to this headline:

Loading spinner

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) Read More »

CISO perspective on why Boards don’t fully grasp cyber attack risks

attacks, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, investment, News, opinion, PlanSource, strategy /

CISO perspective on why Boards don’t fully grasp cyber attack risks 11/07/2023 at 07:33 By Mirko Zorz Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when Boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business

React to this headline:

Loading spinner

CISO perspective on why Boards don’t fully grasp cyber attack risks Read More »

Cybersecurity best practices while working in the summer

BYOD, CISO, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Cybersecurity best practices while working in the summer 11/07/2023 at 07:02 By Help Net Security IT teams need help to monitor and enforce BYOD policies during summer months when more employees often travel or work remotely. In this Help Net Security video, Jeremy Ventura, Director, Security Strategy & Field CISO at ThreatX, discusses how employees

React to this headline:

Loading spinner

Cybersecurity best practices while working in the summer Read More »

Scroll to Top