Hot stuff

EU adopts Cyber Resilience Act to secure connected products

EU adopts Cyber Resilience Act to secure connected products 2024-10-11 at 14:17 By Zeljka Zorz The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that are […]

React to this headline:

Loading spinner

EU adopts Cyber Resilience Act to secure connected products Read More »

DORA regulation’s nuts and bolts

DORA regulation’s nuts and bolts 2024-10-11 at 08:02 By Help Net Security The frequency, sophistication, and impact of cyber-attacks on financial institutions have been rising. Given the economic system’s interconnected nature, disruptions in one institution can have cascading effects on the broader financial market, leading to systemic risks. Regulators have responded with increasingly stringent requirements.

React to this headline:

Loading spinner

DORA regulation’s nuts and bolts Read More »

Unlocking the power of cryptographic agility in a quantum world

Unlocking the power of cryptographic agility in a quantum world 2024-10-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing. Cryptographic agility enables organizations to seamlessly transition to post-quantum algorithms without disrupting

React to this headline:

Loading spinner

Unlocking the power of cryptographic agility in a quantum world Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began

React to this headline:

Loading spinner

Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »

Widening talent pool in cyber with on-demand contractors

Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make

React to this headline:

Loading spinner

Widening talent pool in cyber with on-demand contractors Read More »

Investing in Privacy by Design for long-term compliance

Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures

React to this headline:

Loading spinner

Investing in Privacy by Design for long-term compliance Read More »

Balancing legal frameworks and enterprise security governance

Balancing legal frameworks and enterprise security governance 2024-10-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance structures and

React to this headline:

Loading spinner

Balancing legal frameworks and enterprise security governance Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

YARA: Open-source tool for malware research

YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual

React to this headline:

Loading spinner

YARA: Open-source tool for malware research Read More »

Cultivating a security-first mindset: Key leadership actions

Cultivating a security-first mindset: Key leadership actions 2024-10-09 at 07:31 By Mirko Zorz In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations. Wienhold also discusses strategies for maintaining ongoing cybersecurity awareness and making security protocols accessible to non-technical staff.

React to this headline:

Loading spinner

Cultivating a security-first mindset: Key leadership actions Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) 2024-10-08 at 15:31 By Zeljka Zorz An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among

React to this headline:

Loading spinner

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) Read More »

American Water shuts down systems after cyberattack

American Water shuts down systems after cyberattack 2024-10-08 at 13:16 By Zeljka Zorz American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the

React to this headline:

Loading spinner

American Water shuts down systems after cyberattack Read More »

The role of self-sovereign identity in enterprises

The role of self-sovereign identity in enterprises 2024-10-08 at 07:31 By Help Net Security As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and

React to this headline:

Loading spinner

The role of self-sovereign identity in enterprises Read More »

How hybrid workforces are reshaping authentication strategies

How hybrid workforces are reshaping authentication strategies 2024-10-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Brian Pontarelli, CEO at FusionAuth, discusses the evolving authentication challenges posed by the rise of hybrid and remote workforces. He advocates for zero trust strategies, including MFA and behavioral biometrics, to enhance security while maintaining productivity.

React to this headline:

Loading spinner

How hybrid workforces are reshaping authentication strategies Read More »

Linux systems targeted with stealthy “Perfctl” cryptomining malware

Linux systems targeted with stealthy “Perfctl” cryptomining malware 2024-10-07 at 15:46 By Zeljka Zorz Thousands of Linux systems are likely infected with the highly elusive and persistent “perfctl” (or “perfcc“) cryptomining malware and many others still could be at risk of getting compromised, Aqua Security researchers revealed last week. “In all the attacks observed, the

React to this headline:

Loading spinner

Linux systems targeted with stealthy “Perfctl” cryptomining malware Read More »

The case for enterprise exposure management

The case for enterprise exposure management 2024-10-07 at 08:01 By Help Net Security For several years, external attack surface management (EASM) has been an important focus for many security organizations and the vendors that serve them. EASM, attempting to discover the full extent of an organization’s external attack surface and remediate issues, had broad purview,

React to this headline:

Loading spinner

The case for enterprise exposure management Read More »

Transforming cloud security with real-time visibility

Transforming cloud security with real-time visibility 2024-10-07 at 07:31 By Mirko Zorz In this Help Net Security interview, Amiram Shachar, CEO at Upwind, discusses the complexities of cloud security in hybrid and multi-cloud environments. He outlines the need for deep visibility into configurations and real-time insights to achieve a balance between agility and security. Shachar

React to this headline:

Loading spinner

Transforming cloud security with real-time visibility Read More »

Rspamd: Open-source spam filtering system

Rspamd: Open-source spam filtering system 2024-10-07 at 07:01 By Mirko Zorz Rspamd is an open-source spam filtering and email processing framework designed to evaluate messages based on a wide range of rules, including regular expressions, statistical analysis, and integrations with custom services like URL blacklists. The system analyzes each message and assigns a verdict, which

React to this headline:

Loading spinner

Rspamd: Open-source spam filtering system Read More »

Scroll to Top