Don’t miss

The limitations of shifting left in application security

Application Security, Bionic, Don't miss, Hot stuff, microservices, strategy, tips, Video /

The limitations of shifting left in application security 21/06/2023 at 07:40 By Help Net Security In this Help Net Security video, Jacob Garrison, Security Research for Bionic, explains the limitations of shifting left in application security. Key factors hindering the effectiveness of shifting left: Achieving 50%+ application test coverage is unrealistic, especially in microservices environments […]

React to this headline:

Loading spinner

The limitations of shifting left in application security Read More »

Empowering Google security and networking solutions with AI

Artificial Intelligence, cybersecurity, Don't miss, Features, framework, Google, Google Cloud, Hot stuff, Mandiant, News, opinion, threats /

Empowering Google security and networking solutions with AI 21/06/2023 at 06:47 By Mirko Zorz In this Help Net Security interview, Sunil Potti, VP and GM, Cloud Security Google Cloud, talks about how new security and networking solutions powered by AI help improve security so Google customers can address their most pressing security challenges and remain

React to this headline:

Loading spinner

Empowering Google security and networking solutions with AI Read More »

Compromised Linux SSH servers engage in DDoS attacks, cryptomining

AhnLab, backdoor, bot, DDoS, Don't miss, Hot stuff, Linux, Malware, News /

Compromised Linux SSH servers engage in DDoS attacks, cryptomining 20/06/2023 at 13:36 By Helga Labus Poorly managed Linux SSH servers are getting compromised by unknown attackers and instructed to engage in DDoS attacks while simultaneously mining cryptocurrency in the background. The Tsunami DDoS bot Tsunami, also known as Kaiten, is a type of DDoS bot

React to this headline:

Loading spinner

Compromised Linux SSH servers engage in DDoS attacks, cryptomining Read More »

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992)

Don't miss, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) 20/06/2023 at 13:05 By Zeljka Zorz Zyxel has released firmware patches for a critical vulnerability (CVE-2023-27992) in some of its consumer network attached storage (NAS) devices. About CVE-2023-27992 CVE-2023-27992 is an OS command injection flaw that could be triggered remotely by an unauthenticated attacker, via a specially

React to this headline:

Loading spinner

Zyxel patches critical vulnerability in NAS devices (CVE-2023-27992) Read More »

The significance of CIS Control mapping in the 2023 Verizon DBIR

Center for Internet Security, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, Nucleus Security, opinion, risk assessment, security awareness, security controls, security culture, Verizon /

The significance of CIS Control mapping in the 2023 Verizon DBIR 20/06/2023 at 07:48 By Help Net Security Verizon’s recently released 2023 Data Breach Investigation Report (DBIR) provides organizations with a comprehensive analysis of the evolving threat landscape and valuable insights into incident types and vulnerabilities. This year, the report includes the mapping of CIS

React to this headline:

Loading spinner

The significance of CIS Control mapping in the 2023 Verizon DBIR Read More »

ChatGPT and data protection laws: Compliance challenges for businesses

Artificial Intelligence, ChatGPT, Compliance, cyber risk, Data Protection, data security, Don't miss, Features, GDPR, HIPAA, Hot stuff, law, News, opinion, PCI DSS, Privacy, Private AI, regulation, training /

ChatGPT and data protection laws: Compliance challenges for businesses 20/06/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Patricia Thaine, CEO at Private AI, reviews the main privacy concerns when using ChatGPT in a business context, as well as the risks that businesses can face if they betray customers’ trust. Thaine also

React to this headline:

Loading spinner

ChatGPT and data protection laws: Compliance challenges for businesses Read More »

10 open-source recon tools worth your time

cybersecurity, Don't miss, Hot stuff, News, open source, OWASP, penetration testing, software /

10 open-source recon tools worth your time 20/06/2023 at 07:02 By Help Net Security Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is

React to this headline:

Loading spinner

10 open-source recon tools worth your time Read More »

The future of passwords and authentication

authentication, Bitwarden, CISO, Don't miss, Hot stuff, passwords, predictions, strategy, Video /

The future of passwords and authentication 20/06/2023 at 06:31 By Help Net Security In this Help Net Security video, Michael Crandell, CEO of Bitwarden, discusses the future of passwords and authentication. Although interest in passwordless technology, which aims to eliminate the need for passwords, is relatively low, 65% of consumers are receptive to using new

React to this headline:

Loading spinner

The future of passwords and authentication Read More »

What if the browser was designed for the enterprise?

Don't miss, Hot stuff, Infosecurity Europe 2023, Island, Video /

What if the browser was designed for the enterprise? 20/06/2023 at 05:47 By Help Net Security Bradon Rogers, Chief Customer Officer at Island, provides an overview of the Island Enterprise Browser. Learn more at Infosecurity Europe 2023 – June 20-22, 2023. The post What if the browser was designed for the enterprise? appeared first on

React to this headline:

Loading spinner

What if the browser was designed for the enterprise? Read More »

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708)

Data leak, Don't miss, extortion, file-sharing, Hot stuff, News, Progress, USA, vulnerability, WithSecure /

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) 19/06/2023 at 15:09 By Zeljka Zorz Progress Software has asked customers to update their MOVEit Transfer installations again, to fix a third SQL injection vulnerability (CVE-2023-35708) discovered in the web application in less that a month. Previously, the Cl0p cyber extortion gang exploited CVE-2023-34362 to

React to this headline:

Loading spinner

A third MOVEit vulnerability fixed, Cl0p lists victim organizations (CVE-2023-35708) Read More »

Microsoft confirms DDoS attacks against M365, Azure Portal

Azure, DDoS, Don't miss, Hot stuff, Microsoft, Microsoft 365, News, OneDrive, Outlook /

Microsoft confirms DDoS attacks against M365, Azure Portal 19/06/2023 at 14:02 By Helga Labus The Microsoft 365 and Azure Portal outages users expirienced this month were caused by Layer 7 DDoS attacks, Microsoft has confirmed on Friday. The DDoS attacks against Microsoft 365 and Azure Portal Throughout the first half June 2023 Microsoft confirmed, at

React to this headline:

Loading spinner

Microsoft confirms DDoS attacks against M365, Azure Portal Read More »

Goodbyes are difficult, IT offboarding processes make them harder

cybersecurity, data, Don't miss, employee, Expert analysis, Expert corner, Hot stuff, opinion, privileged accounts, Spera /

Goodbyes are difficult, IT offboarding processes make them harder 19/06/2023 at 07:32 By Help Net Security When employees, contractors and service providers leave an organization, they take with them knowledge, capabilities, and professional achievements. They should leave behind any proprietary or confidential data belonging to the organization, but Osterman Research found that 69% of organizations

React to this headline:

Loading spinner

Goodbyes are difficult, IT offboarding processes make them harder Read More »

How to simplify the process of compliance with U.S. Executive Order 14028

CISO, Compliance, cybersecurity, Don't miss, Government, Hot stuff, how-to, strategy, tips, USA, Video /

How to simplify the process of compliance with U.S. Executive Order 14028 19/06/2023 at 07:03 By Help Net Security In this Help Net Security video, Nick Mistry, SVP and CISO at Lineaje, offers tips to simplify the process of compliance with U.S. Executive Order 14028. A key part of U.S. Executive Order 14028 is for

React to this headline:

Loading spinner

How to simplify the process of compliance with U.S. Executive Order 14028 Read More »

Exploring the role of AI in cybersecurity

Artificial Intelligence, Don't miss, Hot stuff, identity, Inspectorio, OCR Labs, Ondato, OpenText, predictions, Torq, Video /

Exploring the role of AI in cybersecurity 19/06/2023 at 06:39 By Help Net Security In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that discuss about how AI technologies will impact the cybersecurity industry in the next few years. AI is a powerful tool in cybersecurity,

React to this headline:

Loading spinner

Exploring the role of AI in cybersecurity Read More »

Red teaming can be the ground truth for CISOs and execs

Bishop Fox, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, opinion, red team /

Red teaming can be the ground truth for CISOs and execs 16/06/2023 at 08:03 By Help Net Security This year, against the backdrop of attacks on everyone from healthcare institutions and schools to financial services organizations, as well as the introduction of legislation across the UK and EU to move security up the agenda, cybersecurity

React to this headline:

Loading spinner

Red teaming can be the ground truth for CISOs and execs Read More »

Introducing the book: Visual Threat Intelligence

books, Don't miss, Hot stuff, Microsoft, Threat Intelligence, Video /

Introducing the book: Visual Threat Intelligence 16/06/2023 at 07:02 By Mirko Zorz In this Help Net Security video interview, Thomas Roccia, Senior Security Researcher at Microsoft, discusses his new book – Visual Threat Intelligence. The book covers a wide range of topics, including: Threat intelligence fundamentals and methodologies TTP, Diamond Model of Intrusion, MITRE ATT&CK,

React to this headline:

Loading spinner

Introducing the book: Visual Threat Intelligence Read More »

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887)

Don't miss, enterprise, Hot stuff, News, PoC, security update, Tenable, VMWare, vulnerability /

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) 15/06/2023 at 13:01 By Helga Labus VMware has fixed two critical (CVE-2023-20887, CVE-2023-20888) and one important vulnerability (CVE-2023-20889) in Aria Operations for Networks (formerly vRealize Network Insight), its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-20887, CVE-2023-20888,CVE-2023-20889) CVE-2023-20887 is a pre-authentication command injection vulnerability

React to this headline:

Loading spinner

VMware fixes critical flaws in Aria Operations for Networks (CVE-2023-20887) Read More »

How secure is your vehicle with digital key technology?

authentication, automotive security, Car Connectivity Consortium, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, opinion /

How secure is your vehicle with digital key technology? 15/06/2023 at 08:22 By Help Net Security Digital key technology allows mobile devices to streamline approval for everyday access points, making it a fitting solution for the automotive industry. While there are a few different approaches to implementing digital keys for automotive use, a secure digital

React to this headline:

Loading spinner

How secure is your vehicle with digital key technology? Read More »

How cybercriminals target energy companies

CISO, critical infrastructure, cybersecurity, Don't miss, energy sector, Hot stuff, ICS/SCADA, Searchlight Cyber, strategy, tips, Video /

How cybercriminals target energy companies 15/06/2023 at 07:34 By Help Net Security In this Help Net Security video, Jim Simpson, Director of Threat Intelligence at Searchlight Cyber, discusses how cybercriminals employ specialized strategies when targeting energy companies. This is primarily due to the sensitive and valuable information these organizations hold and their critical role in

React to this headline:

Loading spinner

How cybercriminals target energy companies Read More »

Fiddler Auditor: Open-source tool evaluates the robustness of large language models

Don't miss, Fiddler, GitHub, News, open source, software /

Fiddler Auditor: Open-source tool evaluates the robustness of large language models 15/06/2023 at 07:17 By Help Net Security Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information

React to this headline:

Loading spinner

Fiddler Auditor: Open-source tool evaluates the robustness of large language models Read More »

Scroll to Top