Hot stuff

Phishers reach targets via Eventbrite services

Don't miss, Eventbrite, Hot stuff, News, Perception Point, phishing /

Phishers reach targets via Eventbrite services 2024-10-29 at 15:17 By Zeljka Zorz Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perception Point researchers say. The phishing emails […]

React to this headline:

Loading spinner

Phishers reach targets via Eventbrite services Read More »

Patching problems: The “return” of a Windows Themes spoofing vulnerability

0-day, 0patch, ACROS Security, Data leak, Don't miss, Hot stuff, micropatch, News, Windows /

Patching problems: The “return” of a Windows Themes spoofing vulnerability 2024-10-29 at 12:18 By Zeljka Zorz Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. The path to discovery The story

React to this headline:

Loading spinner

Patching problems: The “return” of a Windows Themes spoofing vulnerability Read More »

Inside console security: How innovations shape future hardware protection

cybersecurity, Don't miss, exploit, Features, hardware, Hot stuff, News, online gaming, opinion, Sony /

Inside console security: How innovations shape future hardware protection 2024-10-29 at 08:00 By Mirko Zorz In this Help Net Security interview, security researchers Specter and ChendoChap discuss gaming consoles’ unique security model, highlighting how it differs from other consumer devices. They also share their thoughts on how advancements in console security could shape future consumer

React to this headline:

Loading spinner

Inside console security: How innovations shape future hardware protection Read More »

The state of password security in 2024

cybersecurity, Dashlane, Don't miss, Hot stuff, passwordless, passwords, Video /

The state of password security in 2024 2024-10-29 at 06:33 By Help Net Security In this Help Net Security video, John Bennett, CEO at Dashlane, discusses their recent Global Password Health Score Report, detailing the global state of password health and hygiene. Poor security habits like password reuse remain widespread. With passwordless technologies like passkeys

React to this headline:

Loading spinner

The state of password security in 2024 Read More »

Black Basta operators phish employees via Microsoft Teams

Don't miss, enterprise, Hot stuff, Microsoft Teams, News, phishing, Ransomware, ReliaQuest, SMBs, social engineering /

Black Basta operators phish employees via Microsoft Teams 2024-10-28 at 18:51 By Zeljka Zorz Black Basta ransomware affiliates are still trying to trick enterprise employees into installing remote access tool by posing as help desk workers, now also via Microsoft Teams. Phishing via MS Teams Earlier this year, Rapid7 warned about Black Basta using the

React to this headline:

Loading spinner

Black Basta operators phish employees via Microsoft Teams Read More »

Police hacks, disrupts Redline, Meta infostealer operations

Don't miss, Hot stuff, law enforcement, Malware, News /

Police hacks, disrupts Redline, Meta infostealer operations 2024-10-28 at 16:25 By Zeljka Zorz The Dutch National Police, along with partner law enforcement agencies, has disrupted the operation of the Redline and Meta infostealers and has collected information that may unmask users who paid to leverage the infamous malware. Screenshot of the Redline License Server panel

React to this headline:

Loading spinner

Police hacks, disrupts Redline, Meta infostealer operations Read More »

A good cyber leader prioritizes the greater good

cyber hygiene, cybersecurity, Don't miss, Expert analysis, Expert corner, ExtraHop, Hot stuff, News, opinion, strategy /

A good cyber leader prioritizes the greater good 2024-10-28 at 08:01 By Help Net Security In the war against malicious cyber activity, it’s time for security vendors to step in – and it’s not how you might think. CISA Director Jen Easterly put it right at this year’s Black Hat conference: “We got ourselves into

React to this headline:

Loading spinner

A good cyber leader prioritizes the greater good Read More »

How isolation technologies are shaping the future of Kubernetes security

containers, cybersecurity, Don't miss, Edera, Features, Hot stuff, Kubernetes, News, opinion, regulation /

How isolation technologies are shaping the future of Kubernetes security 2024-10-28 at 08:01 By Mirko Zorz In this Help Net Security interview, Emily Long, CEO at Edera, discusses the most common vulnerabilities in Kubernetes clusters and effective mitigation strategies. Long shares insights on emerging isolation technologies that could enhance Kubernetes security and better protect containerized

React to this headline:

Loading spinner

How isolation technologies are shaping the future of Kubernetes security Read More »

Adversarial groups adapt to exploit systems in new ways

cybersecurity, Don't miss, Elastic, Hot stuff, Malware, Video /

Adversarial groups adapt to exploit systems in new ways 2024-10-28 at 06:36 By Help Net Security In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike

React to this headline:

Loading spinner

Adversarial groups adapt to exploit systems in new ways Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

Achieving peak cyber resilience

Artificial Intelligence, cyber resilience, cyberattacks, cybersecurity, Data Protection, disaster recovery, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Veritas Technologies /

Achieving peak cyber resilience 2024-10-25 at 08:03 By Help Net Security Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s a lengthy process that

React to this headline:

Loading spinner

Achieving peak cyber resilience Read More »

The future of cyber insurance: Meeting the demand for non-attack coverage

access control, Allianz, cyber insurance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Privacy, Ransomware, risk assessment /

The future of cyber insurance: Meeting the demand for non-attack coverage 2024-10-25 at 07:35 By Mirko Zorz In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the

React to this headline:

Loading spinner

The future of cyber insurance: Meeting the demand for non-attack coverage Read More »

How to fend off a quantum computer attack

attacks, cybersecurity, Don't miss, Hot stuff, IEEE, quantum computing, Video /

How to fend off a quantum computer attack 2024-10-25 at 07:03 By Help Net Security In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack. The post How to fend off a quantum computer attack appeared first on Help Net

React to this headline:

Loading spinner

How to fend off a quantum computer attack Read More »

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

0-day, Don't miss, enterprise, Fortinet, Hot stuff, MSP, News, Rapid7, security update /

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) 2024-10-24 at 12:18 By Zeljka Zorz Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers could

React to this headline:

Loading spinner

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) Read More »

What’s more important when hiring for cybersecurity roles?

certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, MyTurn, News, opinion, skill development, training /

What’s more important when hiring for cybersecurity roles? 2024-10-24 at 08:03 By Help Net Security When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not

React to this headline:

Loading spinner

What’s more important when hiring for cybersecurity roles? Read More »

Enhancing national security: The four pillars of the National Framework for Action

Center for Internet Security, cybersecurity, DOJ, Don't miss, Features, generative AI, Hot stuff, law enforcement, News, opinion, resilience, threat detection /

Enhancing national security: The four pillars of the National Framework for Action 2024-10-24 at 07:33 By Mirko Zorz In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat

React to this headline:

Loading spinner

Enhancing national security: The four pillars of the National Framework for Action Read More »

Effective strategies for measuring and testing cyber resilience

attacks, CISO, cyber hygiene, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, supply chain, UK /

Effective strategies for measuring and testing cyber resilience 2024-10-23 at 08:02 By Mirko Zorz In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness training,

React to this headline:

Loading spinner

Effective strategies for measuring and testing cyber resilience Read More »

Argus: Open-source information gathering toolkit

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:

React to this headline:

Loading spinner

Argus: Open-source information gathering toolkit Read More »

Evolving cloud threats: Insights and recommendations

access control, cloud security, cybersecurity, Don't miss, Hot stuff, IBM X-Force, threat, Video /

Evolving cloud threats: Insights and recommendations 2024-10-23 at 07:03 By Help Net Security Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise (BEC), which

React to this headline:

Loading spinner

Evolving cloud threats: Insights and recommendations Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Scroll to Top