Hot stuff

Shifting data protection regulations show why businesses must put privacy at their core

Shifting data protection regulations show why businesses must put privacy at their core 13/12/2023 at 08:31 By Help Net Security Like it or not, data protection will be one of the biggest issues organizations face in 2024. Knowing where to focus compliance efforts will be tricky, with more and more state-level privacy laws becoming effective […]

Shifting data protection regulations show why businesses must put privacy at their core Read More »

A closer look at LATMA, the open-source lateral movement detection tool

A closer look at LATMA, the open-source lateral movement detection tool 13/12/2023 at 08:01 By Help Net Security In this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool. It’s engineered with advanced algorithms to track and report any unusual activity within an environment.

A closer look at LATMA, the open-source lateral movement detection tool Read More »

December 2023 Patch Tuesday: 33 fixes to wind the year down

December 2023 Patch Tuesday: 33 fixes to wind the year down 12/12/2023 at 23:20 By Zeljka Zorz Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were

December 2023 Patch Tuesday: 33 fixes to wind the year down Read More »

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware 12/12/2023 at 17:50 By Helga Labus North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware Read More »

Recruiters, beware of cybercrooks posing as job applicants!

Recruiters, beware of cybercrooks posing as job applicants! 12/12/2023 at 16:46 By Zeljka Zorz Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets people

Recruiters, beware of cybercrooks posing as job applicants! Read More »

“Pool Party” process injection techniques evade EDRs

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

“Pool Party” process injection techniques evade EDRs Read More »

Many popular websites still cling to password creation policies from 1985

Many popular websites still cling to password creation policies from 1985 12/12/2023 at 09:01 By Helga Labus A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method

Many popular websites still cling to password creation policies from 1985 Read More »

eIDAS: EU’s internet reforms will undermine a decade of advances in online security

eIDAS: EU’s internet reforms will undermine a decade of advances in online security 12/12/2023 at 08:32 By Help Net Security The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave threat to online privacy and security.

eIDAS: EU’s internet reforms will undermine a decade of advances in online security Read More »

Balancing AI advantages and risks in cybersecurity strategies

Balancing AI advantages and risks in cybersecurity strategies 12/12/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. Holland also explores how education,

Balancing AI advantages and risks in cybersecurity strategies Read More »

Nemesis: Open-source offensive data enrichment and analytic pipeline

Nemesis: Open-source offensive data enrichment and analytic pipeline 12/12/2023 at 07:32 By Mirko Zorz Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers at

Nemesis: Open-source offensive data enrichment and analytic pipeline Read More »

Why are IT professionals not automating?

Why are IT professionals not automating? 11/12/2023 at 09:01 By Help Net Security As an IT professional, you understand the value of automation, and like many IT experts, you may approach it with a mix of excitement and apprehension. Automation is a powerful tool for streamlining processes, reducing manual tasks, and enhancing efficiency within an

Why are IT professionals not automating? Read More »

SCS 9001 2.0 reveals enhanced controls for global supply chains

SCS 9001 2.0 reveals enhanced controls for global supply chains 11/12/2023 at 08:31 By Mirko Zorz In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. Enhancing its predecessor,

SCS 9001 2.0 reveals enhanced controls for global supply chains Read More »

Meta introduces default end-to-end encryption for Messenger and Facebook

Meta introduces default end-to-end encryption for Messenger and Facebook 08/12/2023 at 15:01 By Helga Labus Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person sending the

Meta introduces default end-to-end encryption for Messenger and Facebook Read More »

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) 08/12/2023 at 15:01 By Zeljka Zorz The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) Read More »

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance 08/12/2023 at 09:02 By Mirko Zorz The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance Read More »

Aim for a modern data security approach

Aim for a modern data security approach 08/12/2023 at 08:32 By Help Net Security Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data only

Aim for a modern data security approach Read More »

Short-term AWS access tokens allow attackers to linger for a longer while

Short-term AWS access tokens allow attackers to linger for a longer while 07/12/2023 at 17:32 By Zeljka Zorz Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an

Short-term AWS access tokens allow attackers to linger for a longer while Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Ransomware in 2024: Anticipated impact, targets, and landscape shift

Ransomware in 2024: Anticipated impact, targets, and landscape shift 07/12/2023 at 08:32 By Help Net Security As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a

Ransomware in 2024: Anticipated impact, targets, and landscape shift Read More »

Using AI and automation to manage human cyber risk

Using AI and automation to manage human cyber risk 07/12/2023 at 08:02 By Help Net Security Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee

Using AI and automation to manage human cyber risk Read More »

Scroll to Top