Hot stuff

The strategic importance of digital trust for modern businesses

The strategic importance of digital trust for modern businesses 31/05/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses […]

React to this headline:

Loading spinner

The strategic importance of digital trust for modern businesses Read More »

Managing mental health in cybersecurity

Managing mental health in cybersecurity 31/05/2023 at 07:01 By Help Net Security In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and

React to this headline:

Loading spinner

Managing mental health in cybersecurity Read More »

Attackers hacked Barracuda ESG appliances via zero-day since October 2022

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 30/05/2023 at 20:10 By Zeljka Zorz Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations

React to this headline:

Loading spinner

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 Read More »

The root causes of API incidents and data breaches

The root causes of API incidents and data breaches 30/05/2023 at 07:40 By Help Net Security API calls make up the majority of our digital lives. Take, for example, the everyday use of a cloud-based food delivery app, which could involve up to 25 API calls. Between the order being placed, transmission to the restaurant,

React to this headline:

Loading spinner

The root causes of API incidents and data breaches Read More »

Penetration tester develops AWS-based automated cracking rig

Penetration tester develops AWS-based automated cracking rig 30/05/2023 at 07:40 By Mirko Zorz Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to

React to this headline:

Loading spinner

Penetration tester develops AWS-based automated cracking rig Read More »

CISO-approved strategies for software supply chain security

CISO-approved strategies for software supply chain security 29/05/2023 at 08:48 By Help Net Security Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim

React to this headline:

Loading spinner

CISO-approved strategies for software supply chain security Read More »

New Buhti ransomware uses leaked payloads and public exploits

New Buhti ransomware uses leaked payloads and public exploits 26/05/2023 at 08:09 By Helga Labus A newly identified ransomware operation has refashioned leaked LockBit and Babuk payloads into Buhti ransomware, to launch attacks on both Windows and Linux systems. Use of public exploits One notable aspect of the attackers leveraging the Buhti ransomware is their

React to this headline:

Loading spinner

New Buhti ransomware uses leaked payloads and public exploits Read More »

Phishers use encrypted file attachments steal Microsoft 365 account credentials

Phishers use encrypted file attachments steal Microsoft 365 account credentials 26/05/2023 at 08:09 By Helga Labus Phishers are using encrypted restricted-permission messages (.rpmsg) attached in phishing emails to steal Microsoft 365 account credentials. “[The campaigns] are low volume, targeted, and use trusted cloud services to send emails and host content (Microsoft and Adobe),” say Trustwave

React to this headline:

Loading spinner

Phishers use encrypted file attachments steal Microsoft 365 account credentials Read More »

Strengthening travel safety protocols with ISO 31030

Strengthening travel safety protocols with ISO 31030 26/05/2023 at 07:20 By Help Net Security In this Help Net Security video, Tracy Reinhold, Chief Security Officer at Everbridge, talks about ISO 31030, the officially recognized International Standard for travel risk management, guiding how to manage risks to organizations and travelers. The global pandemic has been the

React to this headline:

Loading spinner

Strengthening travel safety protocols with ISO 31030 Read More »

Five Eyes agencies detail how Chinese hackers breached US infrastructure

Five Eyes agencies detail how Chinese hackers breached US infrastructure 25/05/2023 at 14:16 By Help Net Security The National Security Agency (NSA) and Five Eyes partner agencies have identified indicators of compromise associated with a People’s Republic of China (PRC) state-sponsored cyber actor dubbed Volt Typhoon, which is using living off the land techniques to

React to this headline:

Loading spinner

Five Eyes agencies detail how Chinese hackers breached US infrastructure Read More »

Phishing campaign targets ChatGPT users

Phishing campaign targets ChatGPT users 25/05/2023 at 14:05 By Helga Labus A clever phishing campaign aimed at stealing users’ business email account credentials by impersonating OpenAI, the company behind the ChatGPT chatbot, has been spotted by Inky researchers. The attack ChatGPT has quickly gained popularity and is used widely by individuals and organizations. That’s enough

React to this headline:

Loading spinner

Phishing campaign targets ChatGPT users Read More »

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868)

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) 25/05/2023 at 13:07 By Zeljka Zorz A vulnerability (CVE-2023-2868) in Barracuda Networks’ Email Security Gateway (ESG) appliances has been exploited by attackers, the company has warned. About CVE-2023-2868 CVE-2023-2868 is a critical remote command injection vulnerability affecting only physical Barracuda Email Security Gateway appliances, versions 5.1.3.001

React to this headline:

Loading spinner

Barracuda email security appliances hacked via zero-day vulnerability (CVE-2023-2868) Read More »

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals 25/05/2023 at 08:12 By Help Net Security The widespread adoption of remote and hybrid working practices in recent years has brought numerous benefits to various industries, but has also introduced new cyber threats, particularly in the critical infrastructure sector. These threats

React to this headline:

Loading spinner

The essence of OT security: A proactive guide to achieving CISA’s Cybersecurity Performance Goals Read More »

How smart bots are infecting and exploiting the internet

How smart bots are infecting and exploiting the internet 25/05/2023 at 07:15 By Help Net Security According to Imperva, bad bot traffic grew to 30.2%, a 2.5% increase over 2021. In this Help Net Security video, Lynn Marks, Senior Product Manager at Imperva, discusses malicious bot activity. This is a substantial threat for businesses, leading

React to this headline:

Loading spinner

How smart bots are infecting and exploiting the internet Read More »

IT employee piggybacked on cyberattack for personal gain

IT employee piggybacked on cyberattack for personal gain 24/05/2023 at 14:34 By Helga Labus A 28-year-old former IT employee of an Oxford-based company has been convicted of blackmailing his employer and unauthorized access to a computer with intent to commit other offences, after pleading guilty during a hearing at Reading Crown Court, England. IT employee

React to this headline:

Loading spinner

IT employee piggybacked on cyberattack for personal gain Read More »

How to avoid shadow AI in your SOC

How to avoid shadow AI in your SOC 24/05/2023 at 07:57 By Help Net Security Samsung’s recent discovery that employees had uploaded sensitive code to ChatGPT should serve as a reminder for security leaders to tread carefully when it comes to integrating new artificial intelligence tools throughout their organizations. Shadow AI Employees are using the

React to this headline:

Loading spinner

How to avoid shadow AI in your SOC Read More »

Navigating the quantum leap in cybersecurity

Navigating the quantum leap in cybersecurity 24/05/2023 at 07:17 By Mirko Zorz In this Help Net Security interview, we sit down with Dr. Atsushi Yamada, the newly appointed CEO of ISARA, a security solutions company specializing in creating quantum-safe cryptography. With over two decades of experience in cryptography and cybersecurity, Dr. Yamada discusses his vision

React to this headline:

Loading spinner

Navigating the quantum leap in cybersecurity Read More »

CISO-level tips for securing corporate data in the cloud

CISO-level tips for securing corporate data in the cloud 24/05/2023 at 07:17 By Help Net Security The presence of each third-party application increases the potential for attacks, particularly when end users install them without proper oversight or approval. IT security teams face challenges in obtaining comprehensive knowledge about the apps connected to their corporate SaaS

React to this headline:

Loading spinner

CISO-level tips for securing corporate data in the cloud Read More »

Simple OSINT techniques to spot AI-fueled disinformation, fake reviews

Simple OSINT techniques to spot AI-fueled disinformation, fake reviews 23/05/2023 at 12:20 By Helga Labus Error messages that ChatGPT and other AI language models generate can be used to uncover disinformation campaigns, hate speech and fake reviews via OSINT collection and analysis, says Nico Dekens, director of intelligence at ShadowDragon. AI-generated content found via Google

React to this headline:

Loading spinner

Simple OSINT techniques to spot AI-fueled disinformation, fake reviews Read More »

7 access management challenges during M&A

7 access management challenges during M&A 23/05/2023 at 07:37 By Help Net Security Integrating an acquired company into a single organization is a daunting task that can take weeks, months, or even years to complete. To have a successful conclusion to the mergers and acquisitions (M&As) process, identity and access management (IAM) teams need time

React to this headline:

Loading spinner

7 access management challenges during M&A Read More »

Scroll to Top