Don’t miss

Threat actors can exfiltrate data from Google Drive without leaving a trace

digital forensics, Don't miss, enterprise, Google, Google Drive, Google Workspace, Hot stuff, Incident Response, Mitiga, News, SMBs, threat hunting /

Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident […]

React to this headline:

Loading spinner

Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »

Zyxel firewalls under attack by Mirai-like botnet

botnet, Censys, Don't miss, Europe, exploit, firewall, Hot stuff, News, PoC, Rapid7, Shadowserver, vulnerability, Zyxel /

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Why organizations should adopt a cloud cybersecurity framework

Cloud, Don't miss, Expert analysis, Expert corner, framework, Information Security Forum, News, opinion, Risk Management /

Why organizations should adopt a cloud cybersecurity framework 01/06/2023 at 08:16 By Help Net Security The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set

React to this headline:

Loading spinner

Why organizations should adopt a cloud cybersecurity framework Read More »

Navigating cybersecurity in the age of remote work

BYOD, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, VPN, zero trust, Zscaler /

Navigating cybersecurity in the age of remote work 01/06/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on

React to this headline:

Loading spinner

Navigating cybersecurity in the age of remote work Read More »

Disaster recovery challenges enterprise CISOs face

CISO, cybersecurity, disaster recovery, Don't miss, Hot stuff, N-able, strategy, tips, Video /

Disaster recovery challenges enterprise CISOs face 01/06/2023 at 07:20 By Help Net Security An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster. To proactively

React to this headline:

Loading spinner

Disaster recovery challenges enterprise CISOs face Read More »

Fighting ransomware: Perspectives from cybersecurity professionals

Arctic Wolf Networks, CISO, cybercrime, cybersecurity, Don't miss, Hot stuff, Malware, Malwarebytes, money, predictions, Presidio, Ransomware, Sectigo, strategy, threats, Video, Zerto /

Fighting ransomware: Perspectives from cybersecurity professionals 01/06/2023 at 06:32 By Help Net Security Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete videos David

React to this headline:

Loading spinner

Fighting ransomware: Perspectives from cybersecurity professionals Read More »

Someone is roping Apache NiFi servers into a cryptomining botnet

Apache Nifi, cryptojacking, Don't miss, Hot stuff, News, SANS ISC /

Someone is roping Apache NiFi servers into a cryptomining botnet 31/05/2023 at 16:51 By Zeljka Zorz If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were

React to this headline:

Loading spinner

Someone is roping Apache NiFi servers into a cryptomining botnet Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Don't miss, Hot stuff, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

How APTs target SMBs

APT, Don't miss, Hot stuff, MSP, News, phishing, Proofpoint, SMBs, supply chain attacks, trends /

How APTs target SMBs 31/05/2023 at 13:47 By Helga Labus Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three

React to this headline:

Loading spinner

How APTs target SMBs Read More »

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, Offensive Security, open source, penetration testing /

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! 31/05/2023 at 10:29 By Zeljka Zorz Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new

React to this headline:

Loading spinner

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! Read More »

The strategic importance of digital trust for modern businesses

certificates, cybersecurity, DigiCert, Don't miss, Features, Hot stuff, News, opinion /

The strategic importance of digital trust for modern businesses 31/05/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses

React to this headline:

Loading spinner

The strategic importance of digital trust for modern businesses Read More »

Managing mental health in cybersecurity

burnout, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Managing mental health in cybersecurity 31/05/2023 at 07:01 By Help Net Security In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and

React to this headline:

Loading spinner

Managing mental health in cybersecurity Read More »

Attackers hacked Barracuda ESG appliances via zero-day since October 2022

backdoor, Barracuda Networks, data theft, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, vulnerability /

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 30/05/2023 at 20:10 By Zeljka Zorz Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations

React to this headline:

Loading spinner

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 Read More »

The root causes of API incidents and data breaches

API security, cybersecurity, Don't miss, FireTail, Hot stuff, strategy, tips, Video /

The root causes of API incidents and data breaches 30/05/2023 at 07:40 By Help Net Security API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant,

React to this headline:

Loading spinner

The root causes of API incidents and data breaches Read More »

Penetration tester develops AWS-based automated cracking rig

AWS, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, passwords, penetration testing, software, tips /

Penetration tester develops AWS-based automated cracking rig 30/05/2023 at 07:40 By Mirko Zorz Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to

React to this headline:

Loading spinner

Penetration tester develops AWS-based automated cracking rig Read More »

CISO-approved strategies for software supply chain security

CISO, cybersecurity, Don't miss, Hot stuff, open source, opinion, programming, software, strategy, Synopsys, tips, Video /

CISO-approved strategies for software supply chain security 29/05/2023 at 08:48 By Help Net Security Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim

React to this headline:

Loading spinner

CISO-approved strategies for software supply chain security Read More »

New Buhti ransomware uses leaked payloads and public exploits

cybercrime, Don't miss, Hot stuff, Linux, Malware, News, Ransomware, Symantec, Windows /

New Buhti ransomware uses leaked payloads and public exploits 26/05/2023 at 08:09 By Helga Labus A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their

React to this headline:

Loading spinner

New Buhti ransomware uses leaked payloads and public exploits Read More »

Phishers use encrypted file attachments steal Microsoft 365 account credentials

cybercrime, Don't miss, Encryption, Hot stuff, Microsoft 365, News, phishing, Trustwave /

Phishers use encrypted file attachments steal Microsoft 365 account credentials 26/05/2023 at 08:09 By Helga Labus Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave

React to this headline:

Loading spinner

Phishers use encrypted file attachments steal Microsoft 365 account credentials Read More »

Strengthening travel safety protocols with ISO 31030

CISO, Compliance, Don't miss, Everbridge, Hot stuff, opinion, security standard, standards, strategy, tips, travel industry, Video /

Strengthening travel safety protocols with ISO 31030 26/05/2023 at 07:20 By Help Net Security In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been the

React to this headline:

Loading spinner

Strengthening travel safety protocols with ISO 31030 Read More »

Phishing campaign targets ChatGPT users

ChatGPT, Don't miss, Hot stuff, identity theft, Inky, News, phishing /

Phishing campaign targets ChatGPT users 25/05/2023 at 14:05 By Helga Labus A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals and organizations. That’s enough

React to this headline:

Loading spinner

Phishing campaign targets ChatGPT users Read More »

Scroll to Top