Three security data predictions for 2024 06/12/2023 at 08:32 By Help Net Security How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber […]
Three security data predictions for 2024 Read More »
5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments
5 open-source tools for pentesting Kubernetes you should check out Read More »
Why zero-trust segmentation is critical for cloud resilience 06/12/2023 at 07:31 By Help Net Security Nearly all organizations rely on the cloud to store sensitive data and run critical systems. But for many, cloud security hasn’t kept up. 93% agree that zero-trust segmentation is essential to their cloud security strategy. In this Help Net Security
Why zero-trust segmentation is critical for cloud resilience Read More »
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »
SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and
SessionProbe: Open-source multi-threaded pentesting tool Read More »
How AI is revolutionizing “shift left” testing in API security 05/12/2023 at 08:33 By Help Net Security Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for
How AI is revolutionizing “shift left” testing in API security Read More »
Advanced ransomware campaigns expose need for AI-powered cyber defense 05/12/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and
Advanced ransomware campaigns expose need for AI-powered cyber defense Read More »
Exploring the impact of generative AI in the 2024 presidential election 05/12/2023 at 07:32 By Help Net Security 2024 is a presidential election year in the US. 2016 and 2020 both saw impressive increases in attempts to influence voters through crafty propaganda and social media campaigns run by bots and expert social engineers, along with
Exploring the impact of generative AI in the 2024 presidential election Read More »
CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series
CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »
Booking.com customers targeted in hotel booking scam 04/12/2023 at 13:31 By Helga Labus Scammers are hijacking hotels’ Booking.com accounts and using them as part of a hotel booking scam aimed at tricking guests into sharing their payment card information. “Customers of multiple properties received email or in-app messages from Booking.com that purported to be from
Booking.com customers targeted in hotel booking scam Read More »
Put guardrails around AI use to protect your org, but be open to changes 04/12/2023 at 08:31 By Help Net Security Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating
Put guardrails around AI use to protect your org, but be open to changes Read More »
The AI readiness race and where global companies stand 04/12/2023 at 08:01 By Help Net Security According to Cisco, only 14% of organizations worldwide are ready to implement and utilize AI technologies. The report found that 61% of respondents indicated they have a maximum of one year to deploy their AI strategy before there’s a
The AI readiness race and where global companies stand Read More »
Qlik Sense flaws exploited in Cactus ransomware campaign 01/12/2023 at 15:18 By Helga Labus Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and
Qlik Sense flaws exploited in Cactus ransomware campaign Read More »
Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper
Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read
Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »
Bridging the gap between cloud vs on-premise security 01/12/2023 at 08:03 By Help Net Security With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises. Cloud-based security initiatives, such
Bridging the gap between cloud vs on-premise security Read More »
Key drivers of software security for financial services 01/12/2023 at 07:32 By Help Net Security Nearly 72% of applications in the financial services sector contain security flaws, according to Veracode. Despite the alarming figure, this rate of software vulnerability was the lowest of all industries analyzed and has improved since last year. The research also
Key drivers of software security for financial services Read More »
CISA urges water facilities to secure their Unitronics PLCs 30/11/2023 at 18:02 By Zeljka Zorz News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. “The cyber threat actors
CISA urges water facilities to secure their Unitronics PLCs Read More »
Mosint: Open-source automated email OSINT tool 30/11/2023 at 08:31 By Mirko Zorz Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information. “In my previous job, I actively worked
Mosint: Open-source automated email OSINT tool Read More »