Don’t miss

CISOs’ role in identifying tech components and managing supply chains

Artificial Intelligence, CISO, cybersecurity, Don't miss, Eclypsium, Features, hardware, Hot stuff, News, opinion, regulation, software, strategy, supply chain /

CISOs’ role in identifying tech components and managing supply chains 2024-01-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Warfield also discusses the vital collaboration between security and […]

React to this headline:

Loading spinner

CISOs’ role in identifying tech components and managing supply chains Read More »

In 2024, AI and ML shift from flashy to functional

Archive360, Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, machine learning, regulation, Video /

In 2024, AI and ML shift from flashy to functional 2024-01-25 at 06:31 By Help Net Security AI and ML deserve the hype they get, but the focus can’t always be on the glitz. As these advances to deliver real benefits, there’s a slew of more mundane actions that have to be taken—and in 2024,

React to this headline:

Loading spinner

In 2024, AI and ML shift from flashy to functional Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

React to this headline:

Loading spinner

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

The effect of omission bias on vulnerability management

cyber resilience, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, remediation, trackd, vulnerability management /

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

React to this headline:

Loading spinner

The effect of omission bias on vulnerability management Read More »

10 USA cybersecurity conferences you should visit in 2024

conferences, Don't miss, Hot stuff, News, USA /

10 USA cybersecurity conferences you should visit in 2024 2024-01-24 at 08:01 By Help Net Security Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an

React to this headline:

Loading spinner

10 USA cybersecurity conferences you should visit in 2024 Read More »

Prioritizing CIS Controls for effective cybersecurity across organizations

Center for Internet Security, CISO, cybersecurity, Don't miss, Features, framework, GRC, Hot stuff, News, opinion, standards, strategy, tips, Virginia Tech /

Prioritizing CIS Controls for effective cybersecurity across organizations 2024-01-24 at 07:32 By Mirko Zorz In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and

React to this headline:

Loading spinner

Prioritizing CIS Controls for effective cybersecurity across organizations Read More »

Why resilience leaders must prepare for polycrises

cyber resilience, cybersecurity, Don't miss, Hot stuff, hybrid workforce, Infinite Blue, supply chain, threats, Video /

Why resilience leaders must prepare for polycrises 2024-01-24 at 07:02 By Help Net Security In this Help Net Security video, Frank Shultz, CEO of Infinite Blue, discusses how more frequent and severe disruptions and our increasingly interconnected world collide to create a new threat for resilience leaders to manage: polycrises. These multiple concurrent or cascading

React to this headline:

Loading spinner

Why resilience leaders must prepare for polycrises Read More »

Software supply chain attacks are getting easier

cybercrime, cybersecurity, Don't miss, News, open source, report, ReversingLabs, software, supply chain attacks, survey /

Software supply chain attacks are getting easier 2024-01-24 at 06:03 By Help Net Security ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a

React to this headline:

Loading spinner

Software supply chain attacks are getting easier Read More »

Whitepaper: MFA misconceptions

Don't miss, Enzoic, News, Whitepapers and webinars /

Whitepaper: MFA misconceptions 2024-01-24 at 05:48 By Help Net Security While a valuable tool in the cybersecurity toolkit, MFA is not immune to weaknesses. Read the “MFA Misconceptions” whitepaper to understand its limitations and how integrating it with other robust security measures is crucial for building a resilient defense mechanism. Download – Whitepaper: MFA misconceptions

React to this headline:

Loading spinner

Whitepaper: MFA misconceptions Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

React to this headline:

Loading spinner

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Data of 15 million Trello users scraped and offered for sale

data breach, Data leak, Don't miss, Hot stuff, News, Trello, web application /

Data of 15 million Trello users scraped and offered for sale 2024-01-23 at 13:16 By Zeljka Zorz Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The database dump “contains emails, usernames, full names and other account

React to this headline:

Loading spinner

Data of 15 million Trello users scraped and offered for sale Read More »

Why cyberattacks mustn’t be kept secret

cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, HackerOne, Hot stuff, News, opinion, regulation /

Why cyberattacks mustn’t be kept secret 2024-01-23 at 08:01 By Help Net Security No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third

React to this headline:

Loading spinner

Why cyberattacks mustn’t be kept secret Read More »

Beyond blockchain: Strategies for seamless digital asset integration

access management, blockchain, Cryptocurrency, cybersecurity, digital wallet, Don't miss, Features, financial industry, Hot stuff, identity management, Innovation, key management, News, opinion, regulation, Taurus, threats, tokenization /

Beyond blockchain: Strategies for seamless digital asset integration 2024-01-23 at 07:31 By Mirko Zorz In this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Looking ahead, Aumasson predicts that the

React to this headline:

Loading spinner

Beyond blockchain: Strategies for seamless digital asset integration Read More »

Top cybersecurity concerns for the upcoming elections

Arctic Wolf Networks, cybersecurity, deepfakes, Don't miss, Government, hacking, Hot stuff, phishing, Video /

Top cybersecurity concerns for the upcoming elections 2024-01-23 at 07:01 By Help Net Security In this Help Net Security video, Adam Marrè, CISO at Arctic Wolf, explains how state and local governments must focus on cybersecurity as the 2024 election approaches in the United States. State and local IT and cybersecurity teams usually have few

React to this headline:

Loading spinner

Top cybersecurity concerns for the upcoming elections Read More »

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

React to this headline:

Loading spinner

Attackers can steal NTLM password hashes via calendar invites Read More »

Tietoevry ransomware attack halts Swedish organizations

cyberattack, Don't miss, EU, Hot stuff, News, Ransomware /

Tietoevry ransomware attack halts Swedish organizations 2024-01-22 at 13:16 By Helga Labus Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The ransomware attack took place during the night of January 19-20. “The attack was limited to one part

React to this headline:

Loading spinner

Tietoevry ransomware attack halts Swedish organizations Read More »

New method to safeguard against mobile account takeovers

apple, attacks, cybersecurity, Don't miss, Hot stuff, iPhone, mobile apps, mobile devices, mobile security, News, Samsung, Xiaomi /

New method to safeguard against mobile account takeovers 2024-01-22 at 13:01 By Help Net Security Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosystem of interconnected

React to this headline:

Loading spinner

New method to safeguard against mobile account takeovers Read More »

Without clear guidance, SEC’s new rule on incident reporting may be detrimental

Axonius, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, regulation, Risk Management, strategy /

Without clear guidance, SEC’s new rule on incident reporting may be detrimental 2024-01-22 at 08:01 By Help Net Security The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new

React to this headline:

Loading spinner

Without clear guidance, SEC’s new rule on incident reporting may be detrimental Read More »

The reality of hacking threats in connected car systems

automotive security, car hacking, Compliance, connected cars, cyber risk, cybersecurity, data theft, Don't miss, Features, Hot stuff, IOActive, News, opinion, regulation, standards, supply chain /

The reality of hacking threats in connected car systems 2024-01-22 at 07:31 By Mirko Zorz With the integration of sophisticated technologies like over-the-air updates and increased data connectivity, cars are no longer just modes of transportation but also hubs of personal and operational data. This shift brings forth unique cybersecurity challenges, ranging from hacking and

React to this headline:

Loading spinner

The reality of hacking threats in connected car systems Read More »

Scroll to Top