Don’t miss

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

data breach, Data leak, DDoS, Don't miss, HIBP, Hot stuff, Internet Archive, News /

Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began […]

Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »

Widening talent pool in cyber with on-demand contractors

CAPSLOCK, certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, skill development /

Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make

Widening talent pool in cyber with on-demand contractors Read More »

Investing in Privacy by Design for long-term compliance

awareness, cybersecurity, Don't miss, Features, framework, Hot stuff, Microblink, News, opinion, Privacy, regulation /

Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures

Investing in Privacy by Design for long-term compliance Read More »

Balancing legal frameworks and enterprise security governance

boardroom, Coalfire, Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, Incident Response, News, opinion, regulation /

Balancing legal frameworks and enterprise security governance 2024-10-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance structures and

Balancing legal frameworks and enterprise security governance Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Guide for selecting the right GRC framework, EU edition

Don't miss, ISC2, News, Whitepapers and webinars /

Guide for selecting the right GRC framework, EU edition 2024-10-09 at 10:46 By Help Net Security Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and strategic objectives with technology, and meet compliance responsibilities. However, selecting the right framework can be challenging. Inside this

Guide for selecting the right GRC framework, EU edition Read More »

YARA: Open-source tool for malware research

cybersecurity, Don't miss, GitHub, Hot stuff, malware analysis, News, open source, software /

YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual

YARA: Open-source tool for malware research Read More »

Cultivating a security-first mindset: Key leadership actions

cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, Optiv Security, security awareness, strategy /

Cultivating a security-first mindset: Key leadership actions 2024-10-09 at 07:31 By Mirko Zorz In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations. Wienhold also discusses strategies for maintaining ongoing cybersecurity awareness and making security protocols accessible to non-technical staff.

Cultivating a security-first mindset: Key leadership actions Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows /

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Don't miss, News /

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) 2024-10-08 at 21:17 By Zeljka Zorz Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. The fixed zero-days “We are aware of a

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) Read More »

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

chip, CVE, Don't miss, Google, Hot stuff, News, Qualcomm, vulnerability /

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) 2024-10-08 at 15:31 By Zeljka Zorz An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) Read More »

American Water shuts down systems after cyberattack

critical infrastructure, cyberattack, disruption, Don't miss, Hot stuff, News, SonicWall, USA /

American Water shuts down systems after cyberattack 2024-10-08 at 13:16 By Zeljka Zorz American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the

American Water shuts down systems after cyberattack Read More »

The role of self-sovereign identity in enterprises

1Kosmos, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, regulation /

The role of self-sovereign identity in enterprises 2024-10-08 at 07:31 By Help Net Security As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and

The role of self-sovereign identity in enterprises Read More »

How hybrid workforces are reshaping authentication strategies

authentication, biometrics, cybersecurity, Don't miss, Features, FusionAuth, Hot stuff, identity verification, MFA, News, opinion, SSO /

How hybrid workforces are reshaping authentication strategies 2024-10-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity.

How hybrid workforces are reshaping authentication strategies Read More »

Websites are losing the fight against bot attacks

Akamai, bot, cybersecurity, DataDome, Don't miss, Fastly, Imperva, Kasada, Netacea, News, report, survey /

Websites are losing the fight against bot attacks 2024-10-08 at 06:01 By Help Net Security The discovery that 95% of advanced bot attacks go undetected points to a weakness in current detection and mitigation strategies. This suggests that while some organizations may have basic defenses, they are ill-equipped to handle more sophisticated attacks, such as

Websites are losing the fight against bot attacks Read More »

Webinar: ManageEngine Log360 product demo

Don't miss, ManageEngine, News, Whitepapers and webinars /

Webinar: ManageEngine Log360 product demo 2024-10-08 at 05:47 By Help Net Security Discover how ManageEngine Log360, a comprehensive SIEM solution empowers you to prevent internal security breaches, safeguard your network from external threats, protect sensitive data, and ensure compliance with stringent regulatory mandates. Schedule a personalized demo Be a part of this tour and learn

Webinar: ManageEngine Log360 product demo Read More »

Linux systems targeted with stealthy “Perfctl” cryptomining malware

Aqua Security, cryptojacking, Don't miss, Hot stuff, Linux, Malware, misconfiguration, News, rootkits, vulnerability /

Linux systems targeted with stealthy “Perfctl” cryptomining malware 2024-10-07 at 15:46 By Zeljka Zorz Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the

Linux systems targeted with stealthy “Perfctl” cryptomining malware Read More »

The case for enterprise exposure management

CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Ionix, News, opinion, SaaS, shadow IT, threats /

The case for enterprise exposure management 2024-10-07 at 08:01 By Help Net Security For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had broad purview,

The case for enterprise exposure management Read More »

Transforming cloud security with real-time visibility

cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Innovation, misconfiguration, News, opinion, standards, Upwind /

Transforming cloud security with real-time visibility 2024-10-07 at 07:31 By Mirko Zorz In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security. Shachar

Transforming cloud security with real-time visibility Read More »

Rspamd: Open-source spam filtering system

Don't miss, GitHub, Hot stuff, Linux, News, open source, software, spam, Unix /

Rspamd: Open-source spam filtering system 2024-10-07 at 07:01 By Mirko Zorz Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which

Rspamd: Open-source spam filtering system Read More »

Scroll to Top