Hot stuff

Wiz and Apiiro partner to provide context-driven security from code to cloud

Apiiro, Application Security, Cloud, code, cybersecurity, Don't miss, Hot stuff, Video, Wiz /

Wiz and Apiiro partner to provide context-driven security from code to cloud 19/12/2023 at 17:03 By Mirko Zorz Apiiro, a leading application security posture management (ASPM) solution, today announced its partnership with Wiz, the leading cloud security company and Cloud Native Application Protection Platform (CNAPP) provider. By joining Wiz Integrations (WIN), Apiiro brings the power […]

Wiz and Apiiro partner to provide context-driven security from code to cloud Read More »

Mr. Cooper breach exposes sensitive info of over 14 million customers

cyberattack, data breach, data theft, Don't miss, financial industry, hacking, Hot stuff, News, USA /

Mr. Cooper breach exposes sensitive info of over 14 million customers 19/12/2023 at 13:47 By Helga Labus Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. The breach “On October 31, 2023, Mr. Cooper detected suspicious activity in certain network systems,”

Mr. Cooper breach exposes sensitive info of over 14 million customers Read More »

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

cryptographic attack, Don't miss, Hot stuff, News, OpenSSH, research, SSH, SUSE, vulnerability /

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »

The impact of prompt injection in LLM agents

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, WithSecure /

The impact of prompt injection in LLM agents 19/12/2023 at 08:31 By Help Net Security Prompt injection is, thus far, an unresolved challenge that poses a significant threat to Language Model (LLM) integrity. This risk is particularly alarming when LLMs are turned into agents that interact directly with the external world, utilizing tools to fetch

The impact of prompt injection in LLM agents Read More »

Microsoft is working on a more secure print system for Windows

Don't miss, drivers, Hot stuff, Microsoft, News, software protection, Windows /

Microsoft is working on a more secure print system for Windows 18/12/2023 at 17:01 By Helga Labus After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode (WPP). The problem with the current Windows print system

Microsoft is working on a more secure print system for Windows Read More »

Qakbot returns in fresh assault on hospitality sector

botnet, Don't miss, hospitality industry, Hot stuff, Malware, Microsoft, News, phishing /

Qakbot returns in fresh assault on hospitality sector 18/12/2023 at 15:47 By Helga Labus The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot and its

Qakbot returns in fresh assault on hospitality sector Read More »

MongoDB corporate systems breached, customer data exposed

cyberattack, data breach, Don't miss, hacking, Hot stuff, MongoDB, News /

MongoDB corporate systems breached, customer data exposed 18/12/2023 at 13:31 By Helga Labus Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata. The MongoDB breach “We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated

MongoDB corporate systems breached, customer data exposed Read More »

Correct bad network behavior to bolster application experience

cybersecurity, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, monitoring, network, News, opinion, Progress, software /

Correct bad network behavior to bolster application experience 18/12/2023 at 08:31 By Help Net Security Legacy hardware-based applications existed happily in isolation, untethered from a network. The thing that really mattered was the speed of the hard drive and having enough memory. Today, even the software running from personal hard drives relies on other applications

Correct bad network behavior to bolster application experience Read More »

Creating a formula for effective vulnerability prioritization

Compliance, CVE, CVSS, cybersecurity, Don't miss, Features, framework, Hot stuff, Morphisec, News, opinion, vulnerability management /

Creating a formula for effective vulnerability prioritization 18/12/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventories, and manual methods, while also exploring the role

Creating a formula for effective vulnerability prioritization Read More »

Fortifying cyber defenses: A proactive approach to ransomware resilience

attacks, Cigent, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, investment, News, opinion, Ransomware, resilience, strategy, USA /

Fortifying cyber defenses: A proactive approach to ransomware resilience 15/12/2023 at 08:02 By Help Net Security Ransomware has become a pervasive threat, compromising the security and functionality of vital systems across the United States. While governmental pledges and public declarations of intent to fight cybercrime are foundational, they often lack the immediate and tangible impact

Fortifying cyber defenses: A proactive approach to ransomware resilience Read More »

Russian hackers target unpatched JetBrains TeamCity servers

APT, CISA, cyber espionage, Don't miss, enterprise, exploit, Fortinet, Hot stuff, JetBrains, National Cyber Security Centre, News, Shadowserver, vulnerability /

Russian hackers target unpatched JetBrains TeamCity servers 14/12/2023 at 16:04 By Helga Labus Russian state-sponsored hackers have been exploiting CVE-2023-42793 to target unpatched, internet-facing JetBrains TeamCity servers since September 2023, US, UK and Polish cybersecurity and law enforcement authorities have warned. The targets APT 29 (aka CozyBear, aka Midnight Blizzard), believed to be associated with

Russian hackers target unpatched JetBrains TeamCity servers Read More »

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164)

Akamai, Apache Struts, Don't miss, exploit, Hot stuff, News, PoC, Shadowserver, vulnerability /

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) 14/12/2023 at 13:32 By Zeljka Zorz Attackers are trying to leverage public proof-of-exploit (PoC) exploit code for CVE-2023-50164, the recently patched path traversal vulnerability in Apache Struts 2. “Attackers aim to deploy webshells, with some cases targeting the parameter ‘fileFileName’ – a deviation from the original

Attackers are trying to exploit Apache Struts vulnerability (CVE-2023-50164) Read More »

Digital ops and ops management security predictions for 2024

Artificial Intelligence, attacks, automation, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity verification, News, opinion, PagerDuty, phishing, social media /

Digital ops and ops management security predictions for 2024 14/12/2023 at 08:32 By Help Net Security CISOs don’t need a crystal ball – they already know that 2024 will be another tough year, especially with AI at everyone’s mind. Instead of playing catch-up regarding the security of emerging tech like generative AI, organizations will prioritize

Digital ops and ops management security predictions for 2024 Read More »

Staying ahead in 2024 with top cybersecurity predictions

CISO, collaboration, cyber resilience, cyberattacks, cybersecurity, Don't miss, Hot stuff, predictions, professional, SecurityScorecard, Video /

Staying ahead in 2024 with top cybersecurity predictions 14/12/2023 at 08:02 By Help Net Security What will 2024 hold for the cybersecurity landscape? In this Help Net Security video, Steve Cobb, CISO at SecurityScorecard, offers his take on what professionals can expect next year. The post Staying ahead in 2024 with top cybersecurity predictions appeared

Staying ahead in 2024 with top cybersecurity predictions Read More »

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)

Don't miss, enterprise, firewall, Hot stuff, News, patch, SMBs, Sophos, VulnCheck /

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) 13/12/2023 at 14:17 By Zeljka Zorz Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) Read More »

Shifting data protection regulations show why businesses must put privacy at their core

Compliance, cybersecurity, data, Don't miss, EU, Expert analysis, Expert corner, framework, Hot stuff, InfoSum, News, opinion, Privacy, USA /

Shifting data protection regulations show why businesses must put privacy at their core 13/12/2023 at 08:31 By Help Net Security Like it or not, data protection will be one of the biggest issues organizations face in 2024. Knowing where to focus compliance efforts will be tricky, with more and more state-level privacy laws becoming effective

Shifting data protection regulations show why businesses must put privacy at their core Read More »

A closer look at LATMA, the open-source lateral movement detection tool

authentication, cybersecurity, Don't miss, Hot stuff, open source, Silverfort, Video /

A closer look at LATMA, the open-source lateral movement detection tool 13/12/2023 at 08:01 By Help Net Security In this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool. It’s engineered with advanced algorithms to track and report any unusual activity within an environment.

A closer look at LATMA, the open-source lateral movement detection tool Read More »

December 2023 Patch Tuesday: 33 fixes to wind the year down

CVE, Don't miss, Hot stuff, Microsoft, News, Outlook, Patch Tuesday, security update, Tenable, Trend Micro /

December 2023 Patch Tuesday: 33 fixes to wind the year down 12/12/2023 at 23:20 By Zeljka Zorz Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were

December 2023 Patch Tuesday: 33 fixes to wind the year down Read More »

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

Cisco, Don't miss, exploit, Hot stuff, Log4j, Malware, News, North Korea, vulnerability /

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware 12/12/2023 at 17:50 By Helga Labus North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware Read More »

Scroll to Top