Don’t miss

9 free cybersecurity whitepapers you should read

APT, Bitdefender, Center for Internet Security, Cloudflare, Code42, cybersecurity, Cyberstash, Don't miss, Hot stuff, N-able, News, NIST, OffSec, SANS, Team8, whitepaper /

9 free cybersecurity whitepapers you should read 05/06/2023 at 07:30 By Helga Labus In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free cybersecurity whitepapers […]

React to this headline:

Loading spinner

9 free cybersecurity whitepapers you should read Read More »

How fraudsters undermine text passcodes

CISO, cybercrime, cybersecurity, Don't miss, fraud, Hot stuff, passwords, Sinch, Video /

How fraudsters undermine text passcodes 05/06/2023 at 07:17 By Help Net Security Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS authentication codes sent

React to this headline:

Loading spinner

How fraudsters undermine text passcodes Read More »

Google triples reward for Chrome full chain exploits

bug bounty, Chrome, Don't miss, exploit, Google, Hot stuff, News, sandbox /

Google triples reward for Chrome full chain exploits 02/06/2023 at 15:57 By Helga Labus Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards Program,

React to this headline:

Loading spinner

Google triples reward for Chrome full chain exploits Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Qakbot: The trojan that just won’t go away

Don't miss, Hot stuff, Lumen, Malware, Microsoft, News, phishing, Ransomware, trojan, Windows /

Qakbot: The trojan that just won’t go away 02/06/2023 at 11:33 By Helga Labus Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce or

React to this headline:

Loading spinner

Qakbot: The trojan that just won’t go away Read More »

Introducing the book: Cybersecurity First Principles

books, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Introducing the book: Cybersecurity First Principles 02/06/2023 at 07:42 By Mirko Zorz In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional wisdom of current

React to this headline:

Loading spinner

Introducing the book: Cybersecurity First Principles Read More »

How defense contractors can move from cybersecurity to cyber resilience

attacks, Compliance, Conquest Cyber, cybercrime, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, News, opinion, strategy /

How defense contractors can move from cybersecurity to cyber resilience 02/06/2023 at 07:42 By Help Net Security As the world’s most powerful military and economic power, the United States also holds another, less impressive distinction: Cyber threat actors target the US more than any other country in the world. In 2022 alone, the FBI received

React to this headline:

Loading spinner

How defense contractors can move from cybersecurity to cyber resilience Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Threat actors can exfiltrate data from Google Drive without leaving a trace

digital forensics, Don't miss, enterprise, Google, Google Drive, Google Workspace, Hot stuff, Incident Response, Mitiga, News, SMBs, threat hunting /

Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident

React to this headline:

Loading spinner

Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »

Zyxel firewalls under attack by Mirai-like botnet

botnet, Censys, Don't miss, Europe, exploit, firewall, Hot stuff, News, PoC, Rapid7, Shadowserver, vulnerability, Zyxel /

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Why organizations should adopt a cloud cybersecurity framework

Cloud, Don't miss, Expert analysis, Expert corner, framework, Information Security Forum, News, opinion, Risk Management /

Why organizations should adopt a cloud cybersecurity framework 01/06/2023 at 08:16 By Help Net Security The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set

React to this headline:

Loading spinner

Why organizations should adopt a cloud cybersecurity framework Read More »

Navigating cybersecurity in the age of remote work

BYOD, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, VPN, zero trust, Zscaler /

Navigating cybersecurity in the age of remote work 01/06/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on

React to this headline:

Loading spinner

Navigating cybersecurity in the age of remote work Read More »

Disaster recovery challenges enterprise CISOs face

CISO, cybersecurity, disaster recovery, Don't miss, Hot stuff, N-able, strategy, tips, Video /

Disaster recovery challenges enterprise CISOs face 01/06/2023 at 07:20 By Help Net Security An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster. To proactively

React to this headline:

Loading spinner

Disaster recovery challenges enterprise CISOs face Read More »

Fighting ransomware: Perspectives from cybersecurity professionals

Arctic Wolf Networks, CISO, cybercrime, cybersecurity, Don't miss, Hot stuff, Malware, Malwarebytes, money, predictions, Presidio, Ransomware, Sectigo, strategy, threats, Video, Zerto /

Fighting ransomware: Perspectives from cybersecurity professionals 01/06/2023 at 06:32 By Help Net Security Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete videos David

React to this headline:

Loading spinner

Fighting ransomware: Perspectives from cybersecurity professionals Read More »

Someone is roping Apache NiFi servers into a cryptomining botnet

Apache Nifi, cryptojacking, Don't miss, Hot stuff, News, SANS ISC /

Someone is roping Apache NiFi servers into a cryptomining botnet 31/05/2023 at 16:51 By Zeljka Zorz If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were

React to this headline:

Loading spinner

Someone is roping Apache NiFi servers into a cryptomining botnet Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Don't miss, Hot stuff, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

How APTs target SMBs

APT, Don't miss, Hot stuff, MSP, News, phishing, Proofpoint, SMBs, supply chain attacks, trends /

How APTs target SMBs 31/05/2023 at 13:47 By Helga Labus Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three

React to this headline:

Loading spinner

How APTs target SMBs Read More »

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, Offensive Security, open source, penetration testing /

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! 31/05/2023 at 10:29 By Zeljka Zorz Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new

React to this headline:

Loading spinner

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! Read More »

The strategic importance of digital trust for modern businesses

certificates, cybersecurity, DigiCert, Don't miss, Features, Hot stuff, News, opinion /

The strategic importance of digital trust for modern businesses 31/05/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses

React to this headline:

Loading spinner

The strategic importance of digital trust for modern businesses Read More »

Managing mental health in cybersecurity

burnout, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Managing mental health in cybersecurity 31/05/2023 at 07:01 By Help Net Security In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and

React to this headline:

Loading spinner

Managing mental health in cybersecurity Read More »

Scroll to Top