Hot stuff

Surveilling your employees? You could be putting your company at risk of attack

1E, dark web, data breach, Don't miss, Employees, Expert analysis, Expert corner, Hot stuff, monitoring, opinion, surveillance /

Surveilling your employees? You could be putting your company at risk of attack 05/06/2023 at 08:13 By Help Net Security Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think. Employee productivity surveillance technology, or EPST, […]

React to this headline:

Loading spinner

Surveilling your employees? You could be putting your company at risk of attack Read More »

9 free cybersecurity whitepapers you should read

APT, Bitdefender, Center for Internet Security, Cloudflare, Code42, cybersecurity, Cyberstash, Don't miss, Hot stuff, N-able, News, NIST, OffSec, SANS, Team8, whitepaper /

9 free cybersecurity whitepapers you should read 05/06/2023 at 07:30 By Helga Labus In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free cybersecurity whitepapers

React to this headline:

Loading spinner

9 free cybersecurity whitepapers you should read Read More »

How fraudsters undermine text passcodes

CISO, cybercrime, cybersecurity, Don't miss, fraud, Hot stuff, passwords, Sinch, Video /

How fraudsters undermine text passcodes 05/06/2023 at 07:17 By Help Net Security Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS authentication codes sent

React to this headline:

Loading spinner

How fraudsters undermine text passcodes Read More »

Google triples reward for Chrome full chain exploits

bug bounty, Chrome, Don't miss, exploit, Google, Hot stuff, News, sandbox /

Google triples reward for Chrome full chain exploits 02/06/2023 at 15:57 By Helga Labus Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards Program,

React to this headline:

Loading spinner

Google triples reward for Chrome full chain exploits Read More »

MOVEit Transfer zero-day attacks: The latest info

0-day, attack, data theft, Don't miss, enterprise, file-sharing, Hot stuff, Huntress, News, Progress, Rapid7, TrustedSec, vulnerability /

MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the

React to this headline:

Loading spinner

MOVEit Transfer zero-day attacks: The latest info Read More »

Qakbot: The trojan that just won’t go away

Don't miss, Hot stuff, Lumen, Malware, Microsoft, News, phishing, Ransomware, trojan, Windows /

Qakbot: The trojan that just won’t go away 02/06/2023 at 11:33 By Helga Labus Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce or

React to this headline:

Loading spinner

Qakbot: The trojan that just won’t go away Read More »

Introducing the book: Cybersecurity First Principles

books, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Introducing the book: Cybersecurity First Principles 02/06/2023 at 07:42 By Mirko Zorz In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional wisdom of current

React to this headline:

Loading spinner

Introducing the book: Cybersecurity First Principles Read More »

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers!

0-day, attack, Don't miss, enterprise, file-sharing, Hot stuff, News, Progress, threat, vulnerability /

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned

React to this headline:

Loading spinner

Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »

Threat actors can exfiltrate data from Google Drive without leaving a trace

digital forensics, Don't miss, enterprise, Google, Google Drive, Google Workspace, Hot stuff, Incident Response, Mitiga, News, SMBs, threat hunting /

Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident

React to this headline:

Loading spinner

Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »

Zyxel firewalls under attack by Mirai-like botnet

botnet, Censys, Don't miss, Europe, exploit, firewall, Hot stuff, News, PoC, Rapid7, Shadowserver, vulnerability, Zyxel /

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Navigating cybersecurity in the age of remote work

BYOD, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, VPN, zero trust, Zscaler /

Navigating cybersecurity in the age of remote work 01/06/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on

React to this headline:

Loading spinner

Navigating cybersecurity in the age of remote work Read More »

Disaster recovery challenges enterprise CISOs face

CISO, cybersecurity, disaster recovery, Don't miss, Hot stuff, N-able, strategy, tips, Video /

Disaster recovery challenges enterprise CISOs face 01/06/2023 at 07:20 By Help Net Security An essential aspect of organizational operations is effectively responding to and returning from a disruptive event, commonly called disaster recovery. The primary objective of DR techniques is to restore the utilization of crucial systems and IT infrastructure following a disaster. To proactively

React to this headline:

Loading spinner

Disaster recovery challenges enterprise CISOs face Read More »

Fighting ransomware: Perspectives from cybersecurity professionals

Arctic Wolf Networks, CISO, cybercrime, cybersecurity, Don't miss, Hot stuff, Malware, Malwarebytes, money, predictions, Presidio, Ransomware, Sectigo, strategy, threats, Video, Zerto /

Fighting ransomware: Perspectives from cybersecurity professionals 01/06/2023 at 06:32 By Help Net Security Ransomware has become an ever-present threat to individuals, businesses, and even entire nations. In this Help Net Security round-up, we present parts of previously recorded videos from experts in the field that shed light on the pressing ransomware issues. Complete videos David

React to this headline:

Loading spinner

Fighting ransomware: Perspectives from cybersecurity professionals Read More »

Someone is roping Apache NiFi servers into a cryptomining botnet

Apache Nifi, cryptojacking, Don't miss, Hot stuff, News, SANS ISC /

Someone is roping Apache NiFi servers into a cryptomining botnet 31/05/2023 at 16:51 By Zeljka Zorz If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were

React to this headline:

Loading spinner

Someone is roping Apache NiFi servers into a cryptomining botnet Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Don't miss, Hot stuff, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

How APTs target SMBs

APT, Don't miss, Hot stuff, MSP, News, phishing, Proofpoint, SMBs, supply chain attacks, trends /

How APTs target SMBs 31/05/2023 at 13:47 By Helga Labus Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three

React to this headline:

Loading spinner

How APTs target SMBs Read More »

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, Offensive Security, open source, penetration testing /

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! 31/05/2023 at 10:29 By Zeljka Zorz Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new

React to this headline:

Loading spinner

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! Read More »

The strategic importance of digital trust for modern businesses

certificates, cybersecurity, DigiCert, Don't miss, Features, Hot stuff, News, opinion /

The strategic importance of digital trust for modern businesses 31/05/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses

React to this headline:

Loading spinner

The strategic importance of digital trust for modern businesses Read More »

Managing mental health in cybersecurity

burnout, cybersecurity, Don't miss, Hot stuff, how-to, strategy, tips, Video /

Managing mental health in cybersecurity 31/05/2023 at 07:01 By Help Net Security In this Help Net Security video, Jason Lewkowicz, Chief Services Officer at Optiv, discusses mental health in cybersecurity, which needs more attention. There is a confluence of factors – from the cybersecurity talent shortage and reductions in force to volatile financial markets and

React to this headline:

Loading spinner

Managing mental health in cybersecurity Read More »

Attackers hacked Barracuda ESG appliances via zero-day since October 2022

backdoor, Barracuda Networks, data theft, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, vulnerability /

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 30/05/2023 at 20:10 By Zeljka Zorz Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations

React to this headline:

Loading spinner

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 Read More »

Scroll to Top