Hot stuff

Russian hackers breached Microsoft, HPE corporate maliboxes

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed […]

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

AI expected to increase volume, impact of cyberattacks

AI expected to increase volume, impact of cyberattacks 2024-01-25 at 12:16 By Helga Labus All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of cyberattacks over the next

AI expected to increase volume, impact of cyberattacks Read More »

Fighting insider threats is tricky but essential work

Fighting insider threats is tricky but essential work 2024-01-25 at 08:01 By Helga Labus Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause

Fighting insider threats is tricky but essential work Read More »

CISOs’ role in identifying tech components and managing supply chains

CISOs’ role in identifying tech components and managing supply chains 2024-01-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Warfield also discusses the vital collaboration between security and

CISOs’ role in identifying tech components and managing supply chains Read More »

In 2024, AI and ML shift from flashy to functional

In 2024, AI and ML shift from flashy to functional 2024-01-25 at 06:31 By Help Net Security AI and ML deserve the hype they get, but the focus can’t always be on the glitz. As these advances to deliver real benefits, there’s a slew of more mundane actions that have to be taken—and in 2024,

In 2024, AI and ML shift from flashy to functional Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

The effect of omission bias on vulnerability management

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

The effect of omission bias on vulnerability management Read More »

10 USA cybersecurity conferences you should visit in 2024

10 USA cybersecurity conferences you should visit in 2024 2024-01-24 at 08:01 By Help Net Security Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an

10 USA cybersecurity conferences you should visit in 2024 Read More »

Prioritizing CIS Controls for effective cybersecurity across organizations

Prioritizing CIS Controls for effective cybersecurity across organizations 2024-01-24 at 07:32 By Mirko Zorz In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and

Prioritizing CIS Controls for effective cybersecurity across organizations Read More »

Why resilience leaders must prepare for polycrises

Why resilience leaders must prepare for polycrises 2024-01-24 at 07:02 By Help Net Security In this Help Net Security video, Frank Shultz, CEO of Infinite Blue, discusses how more frequent and severe disruptions and our increasingly interconnected world collide to create a new threat for resilience leaders to manage: polycrises. These multiple concurrent or cascading

Why resilience leaders must prepare for polycrises Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Data of 15 million Trello users scraped and offered for sale

Data of 15 million Trello users scraped and offered for sale 2024-01-23 at 13:16 By Zeljka Zorz Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The database dump “contains emails, usernames, full names and other account

Data of 15 million Trello users scraped and offered for sale Read More »

Why cyberattacks mustn’t be kept secret

Why cyberattacks mustn’t be kept secret 2024-01-23 at 08:01 By Help Net Security No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third

Why cyberattacks mustn’t be kept secret Read More »

Beyond blockchain: Strategies for seamless digital asset integration

Beyond blockchain: Strategies for seamless digital asset integration 2024-01-23 at 07:31 By Mirko Zorz In this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Looking ahead, Aumasson predicts that the

Beyond blockchain: Strategies for seamless digital asset integration Read More »

Top cybersecurity concerns for the upcoming elections

Top cybersecurity concerns for the upcoming elections 2024-01-23 at 07:01 By Help Net Security In this Help Net Security video, Adam Marrè, CISO at Arctic Wolf, explains how state and local governments must focus on cybersecurity as the 2024 election approaches in the United States. State and local IT and cybersecurity teams usually have few

Top cybersecurity concerns for the upcoming elections Read More »

Attackers can steal NTLM password hashes via calendar invites

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

Attackers can steal NTLM password hashes via calendar invites Read More »

Tietoevry ransomware attack halts Swedish organizations

Tietoevry ransomware attack halts Swedish organizations 2024-01-22 at 13:16 By Helga Labus Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The ransomware attack took place during the night of January 19-20. “The attack was limited to one part

Tietoevry ransomware attack halts Swedish organizations Read More »

New method to safeguard against mobile account takeovers

New method to safeguard against mobile account takeovers 2024-01-22 at 13:01 By Help Net Security Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosystem of interconnected

New method to safeguard against mobile account takeovers Read More »

Without clear guidance, SEC’s new rule on incident reporting may be detrimental

Without clear guidance, SEC’s new rule on incident reporting may be detrimental 2024-01-22 at 08:01 By Help Net Security The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new

Without clear guidance, SEC’s new rule on incident reporting may be detrimental Read More »

Scroll to Top