Hot stuff

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual […]

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT

cybersecurity, DHS, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, IoT, News, Nozomi Networks, opinion, policy, resilience, security controls, standards /

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT 25/10/2023 at 07:31 By Help Net Security The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT Read More »

Strategies to overcome cybersecurity misconceptions

Application Security, CISO, Compliance, cybersecurity, Don't miss, Hot stuff, LogRhythm, Ransomware, SOC, strategy, threats, Video /

Strategies to overcome cybersecurity misconceptions 25/10/2023 at 07:02 By Help Net Security Many CISOs may believe their cybersecurity defenses are robust enough to repel any attack, but there are critical misconceptions they may be harboring. In this Help Net Security video, Kevin Kirkwood, Deputy CISO at LogRhythm, stresses that one of the most significant pitfalls

Strategies to overcome cybersecurity misconceptions Read More »

1Password also affected by Okta Support System breach

1Password, authentication, BeyondTrust, CISO, Cloudflare, cybersecurity, Don't miss, Hot stuff, identity protection, News, Okta, privileged identity /

1Password also affected by Okta Support System breach 24/10/2023 at 13:50 By Zeljka Zorz Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,”

1Password also affected by Okta Support System breach Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

APT, Artificial Intelligence, attacks, cybercriminals, cybersecurity, Don't miss, education, Email, Expert analysis, Expert corner, extortion, Hot stuff, Malware, News, opinion, phishing, Ransomware, spear-phishing, Zscaler /

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

Microsoft announces wider availability of AI-powered Security Copilot

Artificial Intelligence, Don't miss, enterprise, Hot stuff, machine learning, malware analysis, Microsoft, News, threat hunting /

Microsoft announces wider availability of AI-powered Security Copilot 23/10/2023 at 15:04 By Helga Labus Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program. What is Microsoft Security Copilot? “Security Copilot is an AI assistant for security teams that builds on the latest in large

Microsoft announces wider availability of AI-powered Security Copilot Read More »

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day

0-day, attack, backdoor, Cisco, Don't miss, Hot stuff, News, Orange Cyberdefense, security update /

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day 23/10/2023 at 13:04 By Zeljka Zorz Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several

“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day Read More »

How passkeys are changing the face of authentication

1Kosmos, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, MFA, News, opinion, passwordless /

How passkeys are changing the face of authentication 23/10/2023 at 08:05 By Help Net Security As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them? A passkey is a digital credential that can only be used by

How passkeys are changing the face of authentication Read More »

Navigating OT/IT convergence and securing ICS environments

CISO, Compliance, critical infrastructure, cybersecurity, disaster recovery, Don't miss, framework, GuidePoint Security, Hot stuff, Incident Response, risk assessment, Video /

Navigating OT/IT convergence and securing ICS environments 23/10/2023 at 07:33 By Help Net Security Escalating threats to operational technology (OT) have prompted an increasing number of global enterprises to adopt sophisticated technologies and services to enhance the security of their assets. In this Help Net Security video, Christopher Warner, Senior GRC-OT Security Consultant at GuidePoint

Navigating OT/IT convergence and securing ICS environments Read More »

Cyberattacks put healthcare organizations on high alert

cybersecurity, Don't miss, ForgeRock, healthcare, Hot stuff, SilverSky, TuxCare, Velentium, Video /

Cyberattacks put healthcare organizations on high alert 23/10/2023 at 06:04 By Help Net Security Healthcare organizations have become prime targets for cybercriminals due to the immense value of their data, including patient records, sensitive medical information, and financial data. The importance of protecting this invaluable information, alongside ensuring the seamless operation of medical devices and

Cyberattacks put healthcare organizations on high alert Read More »

North Korean hackers are targeting software developers and impersonating IT workers

APT, Don't miss, FBI, Hot stuff, Insider Threat, Microsoft, News, North Korea, software development, supply chain compromise, vulnerability /

North Korean hackers are targeting software developers and impersonating IT workers 20/10/2023 at 13:52 By Helga Labus State-sponsored North Korean hackers have significantly intensified their focus on the IT sector in recent years, by infiltrating firms developing software and companies lookind for IT workers. North Korean hackers targeting developers Microsoft has outlined on Wednesday how

North Korean hackers are targeting software developers and impersonating IT workers Read More »

The real impact of the cybersecurity poverty line on small organizations

Afni, CISO, cybersecurity, Don't miss, Features, framework, Hot stuff, MFA, News, opinion, policy, resilience, risk, risk assessment, strategy, threats /

The real impact of the cybersecurity poverty line on small organizations 20/10/2023 at 07:03 By Mirko Zorz The financial constraints many smaller organizations face often cast shadows on their ability to fortify defenses. In this Help Net Security interview, Brent Deterding, CISO at Afni, delves into the realities and myths surrounding the cybersecurity poverty line,

The real impact of the cybersecurity poverty line on small organizations Read More »

Google Play Protect takes on malicious apps with code-level scanning

Android, app, Application Security, Don't miss, Google, Google Play, Hot stuff, Malware, News, scanning /

Google Play Protect takes on malicious apps with code-level scanning 19/10/2023 at 13:47 By Helga Labus Google is enhancing Google Play Protect’s real-time scanning to include code-level scanning, to keep Android devices safe from malicious and unwanted apps, especially those downloaded (or sideloaded) from outside of the Google Play app store – whether from third-party

Google Play Protect takes on malicious apps with code-level scanning Read More »

2024 cybersecurity predictions: GenAI edition

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, Stellar Cyber /

2024 cybersecurity predictions: GenAI edition 19/10/2023 at 12:36 By Help Net Security Unless you have lived under a rock for the past year, you know that generative artificial intelligence applications, such as ChatGPT, have penetrated many aspects of our online lives. From generating marketing content, creating images for advertisements and blogs, or even writing malicious

2024 cybersecurity predictions: GenAI edition Read More »

Google ads for KeePass, Notepad++ lead to malware

consumer, Don't miss, enterprise, Google Search, Hot stuff, KeePass, malvertising, Malware, Malwarebytes, News, search engine, SMBs /

Google ads for KeePass, Notepad++ lead to malware 19/10/2023 at 12:16 By Zeljka Zorz Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme Segura, Director of Threat Intelligence at Malwarebytes. Malvertising via search engine ads is a constant,

Google ads for KeePass, Notepad++ lead to malware Read More »

The must-knows about low-code/no-code platforms

Artificial Intelligence, automation, cybersecurity, DevSecOps, Digital.ai, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion /

The must-knows about low-code/no-code platforms 19/10/2023 at 08:03 By Help Net Security The era of AI has proven that machine learning technologies have a unique and effective capability to streamline processes that alter the ways we live and work. We now have the option to listen to playlists carefully curated to match our taste by

The must-knows about low-code/no-code platforms Read More »

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks

cybersecurity, data breach, data loss prevention, DNS, Don't miss, Expert analysis, Expert corner, Hot stuff, Kentik, network, News, opinion /

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks 19/10/2023 at 07:34 By Help Net Security It’s always DNS. That’s what the famous internet meme popular among sysadmins says anyway. It’s funny because while clearly, every network issue doesn’t resolve to some funky DNS issue, too many network admins have banged their

Reinforcing cybersecurity: The network’s role to prevent, detect, and respond to attacks Read More »

Addressing cyber threats in healthcare operational technology

cybersecurity, data security, Don't miss, Entelgy, framework, healthcare, Hot stuff, IoMT, medical devices, regulation, strategy, threats, Video /

Addressing cyber threats in healthcare operational technology 19/10/2023 at 07:01 By Help Net Security The proliferation of connected medical devices (IoMT) in hospitals demands a holistic approach to cybersecurity beyond just the digital IT realm. Industrial cybersecurity (OT) requires integrated solutions to address its unique challenges. In this Help Net Security video, Estefanía Rojas Campos,

Addressing cyber threats in healthcare operational technology Read More »

State-sponsored APTs are leveraging WinRAR bug

APT, Don't miss, DuskRise, exploit, Google, government-backed attacks, Hot stuff, News, phishing, spear-phishing, WinRAR /

State-sponsored APTs are leveraging WinRAR bug 18/10/2023 at 18:21 By Zeljka Zorz A number of government-backed APTs are exploiting CVE-2023-38831, a file extension spoofing vulnerability in WinRAR, a widely used file archiver utility for Windows. CVE-2023-38831 has been patched in August 2023, along with another high-severity RCE vulnerability (CVE-2023-40477). Exploited as a zero-day by cybercriminals

State-sponsored APTs are leveraging WinRAR bug Read More »

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966)

0-day, Citrix, Don't miss, exploit, Hot stuff, Mandiant, News, security update /

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) 18/10/2023 at 17:18 By Helga Labus A recently patched Citrix NetScaler ADC/Gateway information disclosure vulnerability (CVE-2023-4966) has been exploited by attackers in the wild since late August 2023, Mandiant researchers have revealed. About CVE-2023-4966 Citrix’s security advisory, published on October 10, says that the vulnerability

Citrix NetScaler bug exploited in the wild since August (CVE-2023-4966) Read More »

Scroll to Top