Hot stuff

Recruiters, beware of cybercrooks posing as job applicants!

cybercrime, Don't miss, Email, Hot stuff, Malware, News, Proofpoint, spear-phishing /

Recruiters, beware of cybercrooks posing as job applicants! 12/12/2023 at 16:46 By Zeljka Zorz Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets people […]

Recruiters, beware of cybercrooks posing as job applicants! Read More »

“Pool Party” process injection techniques evade EDRs

CrowdStrike, Cybereason, Don't miss, Endpoint Security, Hot stuff, Microsoft, News, Palo Alto Networks, PoC, research, SafeBreach, SentinelOne, threat detection, XDR /

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

“Pool Party” process injection techniques evade EDRs Read More »

Many popular websites still cling to password creation policies from 1985

authentication, Don't miss, Hot stuff, News, passwords, policy, research, trends /

Many popular websites still cling to password creation policies from 1985 12/12/2023 at 09:01 By Helga Labus A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method

Many popular websites still cling to password creation policies from 1985 Read More »

eIDAS: EU’s internet reforms will undermine a decade of advances in online security

authentication, certificates, cybersecurity, Don't miss, EU, Expert analysis, Expert corner, framework, hide.me, Hot stuff, News, opinion, Privacy, regulation /

eIDAS: EU’s internet reforms will undermine a decade of advances in online security 12/12/2023 at 08:32 By Help Net Security The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave threat to online privacy and security.

eIDAS: EU’s internet reforms will undermine a decade of advances in online security Read More »

Balancing AI advantages and risks in cybersecurity strategies

Artificial Intelligence, cyberattacks, cybersecurity, Don't miss, Features, Field Effect, Hot stuff, News, opinion, strategy, threats /

Balancing AI advantages and risks in cybersecurity strategies 12/12/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. Holland also explores how education,

Balancing AI advantages and risks in cybersecurity strategies Read More »

Nemesis: Open-source offensive data enrichment and analytic pipeline

cybersecurity, data, Don't miss, GitHub, Hot stuff, News, open source, scanning, software, SpecterOps /

Nemesis: Open-source offensive data enrichment and analytic pipeline 12/12/2023 at 07:32 By Mirko Zorz Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers at

Nemesis: Open-source offensive data enrichment and analytic pipeline Read More »

Why are IT professionals not automating?

automation, certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, GlobalSign, Hot stuff, News, opinion, professional /

Why are IT professionals not automating? 11/12/2023 at 09:01 By Help Net Security As an IT professional, you understand the value of automation, and like many IT experts, you may approach it with a mix of excitement and apprehension. Automation is a powerful tool for streamlining processes, reducing manual tasks, and enhancing efficiency within an

Why are IT professionals not automating? Read More »

SCS 9001 2.0 reveals enhanced controls for global supply chains

critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, legislation, News, opinion, regulation, software, standards, supply chain, TIA /

SCS 9001 2.0 reveals enhanced controls for global supply chains 11/12/2023 at 08:31 By Mirko Zorz In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. Enhancing its predecessor,

SCS 9001 2.0 reveals enhanced controls for global supply chains Read More »

Meta introduces default end-to-end encryption for Messenger and Facebook

Don't miss, Encryption, Facebook, Facebook Messenger, Hot stuff, Instagram, messaging, Meta, News /

Meta introduces default end-to-end encryption for Messenger and Facebook 08/12/2023 at 15:01 By Helga Labus Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person sending the

Meta introduces default end-to-end encryption for Messenger and Facebook Read More »

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

Apache Struts, Don't miss, Hot stuff, News, security update, vulnerability, web application security /

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) 08/12/2023 at 15:01 By Zeljka Zorz The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) Read More »

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

apple, CISA, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday /

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance 08/12/2023 at 09:02 By Mirko Zorz The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance Read More »

Aim for a modern data security approach

ALTR, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk /

Aim for a modern data security approach 08/12/2023 at 08:32 By Help Net Security Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data only

Aim for a modern data security approach Read More »

Short-term AWS access tokens allow attackers to linger for a longer while

access management, Amazon Web Services, authentication, cloud security, Don't miss, Hot stuff, News, Red Canary /

Short-term AWS access tokens allow attackers to linger for a longer while 07/12/2023 at 17:32 By Zeljka Zorz Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an

Short-term AWS access tokens allow attackers to linger for a longer while Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Artificial Intelligence, attack, Don't miss, Hot stuff, machine learning, News, research, Robust Intelligence, Yale University /

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Ransomware in 2024: Anticipated impact, targets, and landscape shift

Black Kite, cybersecurity, digital transformation, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Ransomware, strategy /

Ransomware in 2024: Anticipated impact, targets, and landscape shift 07/12/2023 at 08:32 By Help Net Security As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a

Ransomware in 2024: Anticipated impact, targets, and landscape shift Read More »

Using AI and automation to manage human cyber risk

Artificial Intelligence, automation, CultureAI, cybersecurity, Don't miss, Hot stuff, human error, Risk Management, strategy, Video /

Using AI and automation to manage human cyber risk 07/12/2023 at 08:02 By Help Net Security Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee

Using AI and automation to manage human cyber risk Read More »

Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian, Atlassian Confluence, BitBucket, Don't miss, Hot stuff, Jira Software, News, security update, vulnerability /

Atlassian fixes four critical RCE vulnerabilities, patch quickly! 06/12/2023 at 18:01 By Helga Labus Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can

Atlassian fixes four critical RCE vulnerabilities, patch quickly! Read More »

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Adobe ColdFusion, CISA, Don't miss, exploit, Government, Hot stuff, News, vulnerability /

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows /

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

Microsoft will offer extended security updates for Windows 10 Read More »

21 high-risk vulnerabilities in OT/IoT routers found

Don't miss, Forescout, Hot stuff, Internet of Things, News, open source, Sierra Wireless, software, vulnerability /

21 high-risk vulnerabilities in OT/IoT routers found 06/12/2023 at 12:53 By Help Net Security Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra

21 high-risk vulnerabilities in OT/IoT routers found Read More »

Scroll to Top