Hot stuff

Ransomware negotiation: When cybersecurity meets crisis management

attacks, cyber insurance, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, Ransomware, regulation, strategy, Tanium /

Ransomware negotiation: When cybersecurity meets crisis management 2024-01-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will […]

Ransomware negotiation: When cybersecurity meets crisis management Read More »

The power of AI in cybersecurity

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, generative AI, Hot stuff, machine learning, News, threat detection /

The power of AI in cybersecurity 2024-01-18 at 06:31 By Helga Labus The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity. AI as a powerful cybersecurity tool As organizations handle increasing amounts of data daily, AI offers advanced capabilities that

The power of AI in cybersecurity Read More »

Kaspersky releases utility to detect iOS spyware infections

apple, Don't miss, Hot stuff, how-to, iOS, iPhone, Kaspersky, mobile devices, News, smartphones, spyware, threat detection, tips /

Kaspersky releases utility to detect iOS spyware infections 2024-01-17 at 13:46 By Help Net Security Kaspersky’s researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator through analyzing a log file created on iOS devices. Analyzing the Shutdown.log The company’s

Kaspersky releases utility to detect iOS spyware infections Read More »

Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

0-day, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, security update /

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) 2024-01-17 at 12:01 By Zeljka Zorz In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAssembly engine developed by the Chromium Project

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) Read More »

Security considerations during layoffs: Advice from an MSSP

access management, authentication, cybersecurity, data security, DirectDefense, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, tips /

Security considerations during layoffs: Advice from an MSSP 2024-01-17 at 08:01 By Help Net Security Navigating layoffs is complex and difficult for many reasons. Not only do human resources and direct managers bear the onus of responsibility when conducting exit conversations, but security teams should also make the necessary preparations for monitoring anomalies in employee

Security considerations during layoffs: Advice from an MSSP Read More »

The right strategy for effective cybersecurity awareness

cyber resilience, cybersecurity, Don't miss, education, Hot stuff, News, phishing, security awareness, skill development /

The right strategy for effective cybersecurity awareness 2024-01-17 at 07:31 By Helga Labus Employees play a significant role in safeguarding organizational assets. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture. Why cybersecurity awareness training? 81% of organizations were hit by malware, phishing, and password

The right strategy for effective cybersecurity awareness Read More »

CISOs’ crucial role in aligning security goals with enterprise expectations

access management, CISO, cybersecurity, Don't miss, Features, Gartner, generative AI, Hot stuff, identity management, News, opinion, Privacy, strategy, tips /

CISOs’ crucial role in aligning security goals with enterprise expectations 2024-01-17 at 07:01 By Mirko Zorz In this Help Net Security interview, Chris Mixter, Vice President, Analyst at Gartner, discusses the dynamic world of CISOs and how their roles have evolved significantly over the years. He outlines the critical skills for CISOs in 2024, addresses

CISOs’ crucial role in aligning security goals with enterprise expectations Read More »

Best practices to mitigate alert fatigue

automation, cybersecurity, Don't miss, endpoint management, Hot stuff, network, SOC, Stamus Networks, threat detection, Video /

Best practices to mitigate alert fatigue 2024-01-17 at 06:32 By Help Net Security In this Help Net Security video, Peter Manev, Chief Strategy Officer at Stamus Networks, discusses a pervasive problem plaguing security analysts called “alert fatigue,” – which occurs when security teams become desensitized to an overwhelming volume of alerts, causing them to miss

Best practices to mitigate alert fatigue Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

3 ways to combat rising OAuth SaaS attacks

access control, Adaptive Shield, attacks, authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, OAuth, opinion, SaaS /

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

3 ways to combat rising OAuth SaaS attacks Read More »

10 cybersecurity frameworks you need to know about

CISO, cybersecurity, Don't miss, framework, Hot stuff, ISO 27001, News, security standard, standards, strategy, tips /

10 cybersecurity frameworks you need to know about 2024-01-16 at 07:01 By Help Net Security As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes. This article lists the most essential cybersecurity frameworks developed to guide businesses and governments in safeguarding their digital assets. From the

10 cybersecurity frameworks you need to know about Read More »

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

Don't miss, Hot stuff, Malware, News, Trend Micro, Windows /

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) 2024-01-15 at 15:31 By Zeljka Zorz A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of malware written

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) Read More »

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Don't miss, enterprise, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Flipping the BEC funnel: Phishing in the age of GenAI

Artificial Intelligence, BEC scams, CISO, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, generative AI, Hot stuff, Ironscales, News, opinion, phishing, SOC /

Flipping the BEC funnel: Phishing in the age of GenAI 2024-01-15 at 08:02 By Help Net Security For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the

Flipping the BEC funnel: Phishing in the age of GenAI Read More »

Preventing insider access from leaking to malicious actors

access control, access management, cybersecurity, Don't miss, Gutsy, Hot stuff, privileged accounts, risk, Video /

Preventing insider access from leaking to malicious actors 2024-01-15 at 07:32 By Help Net Security In this Help Net Security video, John Morello, CTO of Gutsy, discusses the often-overlooked aspect of cybersecurity – the offboarding process. He outlines the real-world implications and potential impact on an organization’s security posture if off-boarding isn’t handled thoroughly. The

Preventing insider access from leaking to malicious actors Read More »

Key elements for a successful cyber risk management strategy

CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, opinion, Risk Management, Silk Security, strategy, tips /

Key elements for a successful cyber risk management strategy 2024-01-15 at 06:32 By Mirko Zorz In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies and practices, uncovering common mistakes and highlighting key components for successful risk resolution. Nathaniel anticipates a growing pressure on organizations

Key elements for a successful cyber risk management strategy Read More »

Akira ransomware attackers are wiping NAS and tape backups

backup, Cisco, Don't miss, EU, exploit, Hot stuff, NAS, News, Ransomware, vulnerability /

Akira ransomware attackers are wiping NAS and tape backups 2024-01-12 at 16:17 By Helga Labus “The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira

Akira ransomware attackers are wiping NAS and tape backups Read More »

Cloud security predictions for 2024

access management, Cado Security, cloud security, cybersecurity, cybersecurity talent, data, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, serverless /

Cloud security predictions for 2024 2024-01-12 at 07:31 By Help Net Security As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. Businesses and cybersecurity professionals must stay abreast of these changes, adapting their strategies to ensure a

Cloud security predictions for 2024 Read More »

Scroll to Top