Don’t miss

State-sponsored hackers know enterprise VPN appliances inside out

attacks, cyber espionage, Don't miss, enterprise, Fortinet, government-backed attacks, Hot stuff, Ivanti, Mandiant, News, threat, Threat Intelligence /

State-sponsored hackers know enterprise VPN appliances inside out 2024-02-28 at 14:19 By Zeljka Zorz Suspected Chinese state-sponsored hackers who have been leveraging Ivanti Connect Secure VPN flaws to breach a variety of organizations have demonstrated “a nuanced understanding of the appliance”, according to Mandiant incident responders and threat hunters. They were able to perform a […]

React to this headline:

Loading spinner

State-sponsored hackers know enterprise VPN appliances inside out Read More »

Preparing for the NIS2 Directive

Compliance, cyber hygiene, cybersecurity, Don't miss, EU, Hot stuff, strategy, supply chain, Telstra Purple, Video, vulnerability management /

Preparing for the NIS2 Directive 2024-02-28 at 08:01 By Help Net Security The EU’s NIS Directive (Directive on security of network and information systems) was established to create a higher level of cybersecurity and resilience within organizations across the member states. It was updated in January 2023 to bring more organizations into scope. Companies –

React to this headline:

Loading spinner

Preparing for the NIS2 Directive Read More »

AI-driven DevOps: Revolutionizing software engineering practices

Artificial Intelligence, Codium AI, Compliance, cybersecurity, DevOps, Don't miss, Features, Hot stuff, News, opinion, programming, skill development, software development /

AI-driven DevOps: Revolutionizing software engineering practices 2024-02-28 at 07:04 By Mirko Zorz In this Help Net Security interview, Itamar Friedman, CEO of Codium AI, discusses the integration of AI into DevOps practices and its impact on software development processes, particularly in automating code review, ensuring compliance, and improving efficiency. Despite the benefits, challenges in incorporating

React to this headline:

Loading spinner

AI-driven DevOps: Revolutionizing software engineering practices Read More »

White House: Use memory-safe programming languages to protect the nation

critical infrastructure, Don't miss, Government, Honeywell, Horizon3.ai, Hot stuff, News, programming, software development, Trail of Bits, USA /

White House: Use memory-safe programming languages to protect the nation 2024-02-27 at 16:31 By Zeljka Zorz The White House is asking the technical community to switch to using memory-safe programming languages – such as Rust, Python, Swift, C#, Java, and Go – to prevent memory corruption vulnerabilities from entering the digital ecosystem. According to a

React to this headline:

Loading spinner

White House: Use memory-safe programming languages to protect the nation Read More »

Meta plans to prevent disinformation and AI-generated content from influencing voters

Artificial Intelligence, disinformation, Don't miss, EU, Facebook, Hot stuff, Instagram, LLMs, Meta, News, social media, social networking, TikTok, Twitter, WhatsApp /

Meta plans to prevent disinformation and AI-generated content from influencing voters 2024-02-27 at 14:50 By Zeljka Zorz Meta, the company that owns some of the biggest social networks in use today, has explained how it means to tackle disinformation related to the upcoming EU Parliament elections, with a special emphasis on how it plans to

React to this headline:

Loading spinner

Meta plans to prevent disinformation and AI-generated content from influencing voters Read More »

APT29 revamps its techniques to breach cloud environments

APT, CISA, cloud security, cybercrime, Don't miss, FBI, Hot stuff, NCSC, News, NSA, threat /

APT29 revamps its techniques to breach cloud environments 2024-02-27 at 14:16 By Helga Labus Russian threat actors APT29 are changing their techniques and expanding their targets to access cloud environments, members of the Five Eyes intelligence alliance have warned. About APT29 APT29 (aka Midnight Blizzard, aka Cozy Bear) is a cyber espionage group believed to

React to this headline:

Loading spinner

APT29 revamps its techniques to breach cloud environments Read More »

NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure

Aspen Cybersecurity Group, CISO, Don't miss, framework, Government, Hot stuff, News, NIST, regulation, ReversingLabs, Risk Management /

NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure 2024-02-27 at 08:20 By Help Net Security The National Institute of Standards and Technology (NIST) has updated its widely utilized Cybersecurity Framework (CSF), a key document for mitigating cybersecurity risks. The latest version, 2.0, is tailored to cater to a broad

React to this headline:

Loading spinner

NIST CSF 2.0 released, to help all organizations, not just those in critical infrastructure Read More »

Using AI to reduce false positives in secrets scanners

API security, Artificial Intelligence, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, Hot stuff, Legit Security, News, opinion, SSH /

Using AI to reduce false positives in secrets scanners 2024-02-27 at 08:02 By Help Net Security As development environments grow more complex, applications increasingly communicate with many external services. When a software development project communicates with an external service, it utilizes a token or “secret” for authentication. These tokens are the glue that keeps any

React to this headline:

Loading spinner

Using AI to reduce false positives in secrets scanners Read More »

Overcoming the pressures of cybersecurity startup leadership

CEO, cybersecurity, Don't miss, Dope Security, Features, Hot stuff, Innovation, News, opinion, security startup /

Overcoming the pressures of cybersecurity startup leadership 2024-02-27 at 07:32 By Mirko Zorz In this Help Net Security interview, Kunal Agarwal, CEO at Dope Security, offers a look into the CEO’s leadership philosophy, the process of building a high-caliber team, and the unique challenges of navigating a startup in the tech industry. Dope Security was

React to this headline:

Loading spinner

Overcoming the pressures of cybersecurity startup leadership Read More »

Does AI remediation spell the end for developers in 2024?

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, remediation, Secure Code Warrior, software development, Video /

Does AI remediation spell the end for developers in 2024? 2024-02-27 at 07:03 By Help Net Security Big tech firms are already rolling out AI remediation tools to prevent developers from introducing security risks into the software development lifecycle (SDLC). In this Help Net Security video, Matias Madou, CTO at Secure Code Warrior, discusses how

React to this headline:

Loading spinner

Does AI remediation spell the end for developers in 2024? Read More »

Pikabot returns with new tricks up its sleeve

Don't miss, Elastic, Hot stuff, Malware, News, phishing, Zscaler /

Pikabot returns with new tricks up its sleeve 2024-02-26 at 15:32 By Helga Labus After a short hiatus, Pikabot is back, with significant updates to its capabilities and components and a new delivery campaign. About the Pikabot loader Pikabot is a loader – a type of malware whose primary function is to serve as a

React to this headline:

Loading spinner

Pikabot returns with new tricks up its sleeve Read More »

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, enterprise, exploit, Hot stuff, Huntress, Malware, Mandiant, News, Ransomware, remote access, remote management, Sophos, vulnerability /

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) 2024-02-26 at 13:36 By Zeljka Zorz The recently patched vulnerabilities (CVE-2024-1709, CVE-2024-1708) in ConnectWise ScreenConnect software are being exploited by numerous attackers to deliver a variety of malicious payloads. About ConnectWise ScreenConnect ConnectWise ScreenConnect is a remote desktop solution consisting of server and client

React to this headline:

Loading spinner

ScreenConnect flaws exploited to deliver all kinds of malware (CVE-2024-1709, CVE-2024-1708) Read More »

Web Check: Open-source intelligence for any website

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OSINT, penetration testing, web analytics, web technologies /

Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,

React to this headline:

Loading spinner

Web Check: Open-source intelligence for any website Read More »

It’s time for security operations to ditch Excel

automation, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Opus Security, security operations, threats /

It’s time for security operations to ditch Excel 2024-02-26 at 07:33 By Help Net Security Security teams are hiding an embarrassing secret from the outside world: despite their position at the vanguard of technology, security risks and threats, their actual war plans are managed on spreadsheets. This is a far cry from the dark rooms,

React to this headline:

Loading spinner

It’s time for security operations to ditch Excel Read More »

Microsoft begins broadening free cloud logging capabilities

CISA, cloud security, Don't miss, Government, Hot stuff, logging, Microsoft, News, USA /

Microsoft begins broadening free cloud logging capabilities 2024-02-22 at 14:47 By Helga Labus After select US federal agencies tested Microsoft’s expanded cloud logging capabilities for six months, Microsoft is now making them available to all agencies using Microsoft Purview Audit – regardless of license tier. “This change will impact government departments & agencies who do

React to this headline:

Loading spinner

Microsoft begins broadening free cloud logging capabilities Read More »

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

ConnectWise, Don't miss, exploit, Hot stuff, Huntress, MSP, News, Palo Alto Networks, PoC, remote access, remote management, Shadowserver, vulnerability, WatchTowr /

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) 2024-02-22 at 12:31 By Zeljka Zorz The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, CVE-2024-1708 for the path traversal flaw. ConnectWise has also released a newer version of ScreenConnect

React to this headline:

Loading spinner

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708) Read More »

A step-by-step plan for safe use of GenAI models for software development

Artificial Intelligence, ChatGPT, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Privacy, risk, software development, Solvd /

A step-by-step plan for safe use of GenAI models for software development 2024-02-22 at 08:01 By Help Net Security If you are a large-scale company, the recent AI boom hasn’t escaped your notice. Today AI is assisting in a large array of development-related and digital-related tasks, from content generation to automation and analysis. The development

React to this headline:

Loading spinner

A step-by-step plan for safe use of GenAI models for software development Read More »

Wire fraud scams escalate in real estate deals

CertifID, communication, cybersecurity, Don't miss, fraud, Hot stuff, identity verification, Insurance, real estate sector, Video /

Wire fraud scams escalate in real estate deals 2024-02-22 at 07:01 By Help Net Security In this Help Net Security video, Tyler Adams, CEO at CertifID, illustrates how the real estate sector needs to invest significant effort in educating consumers and implementing protective measures to safeguard real estate transactions. Recent CertifID research found that median

React to this headline:

Loading spinner

Wire fraud scams escalate in real estate deals Read More »

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, hybrid cloud, News, Pen Test Partners, virtualization, VMWare, vulnerability /

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) 2024-02-21 at 15:01 By Zeljka Zorz VMware Enhanced Authentication Plug-in (EAP), a plugin for VMware vSphere, has two vulnerabilities (CVE-2024-22245, CVE-2024-22250) that could be exploited by attackers to mount authentication relay and session hijack attacks. The vulnerabilities haven’t been and won’t be fixed. Instead,

React to this headline:

Loading spinner

VMware pushes admins to uninstall vulnerable, deprecated vSphere plugin (CVE-2024-22245, CVE-2024-22250) Read More »

Scroll to Top