Hot stuff

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a […]

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

15 free Microsoft 365 security training modules worth your time

Don't miss, Hot stuff, how-to, Microsoft, Microsoft 365, News, skill development, strategy, tips /

15 free Microsoft 365 security training modules worth your time 11/10/2023 at 07:32 By Help Net Security Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Microsoft 365 can be difficult for

15 free Microsoft 365 security training modules worth your time Read More »

How cyber fusion is helping enterprises modernize security operations

Cloud, collaboration, cybersecurity, Cyware, Don't miss, Hot stuff, orchestration, security operations, SOC, threat hunting, Video /

How cyber fusion is helping enterprises modernize security operations 11/10/2023 at 07:02 By Help Net Security In this Help Net Security video, Anuj Goel, CEO at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive. The post How cyber fusion is helping enterprises modernize

How cyber fusion is helping enterprises modernize security operations Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Why zero trust delivers even more resilience than you think

access management, attack, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetScaler, News, opinion, policy, remediation, zero trust /

Why zero trust delivers even more resilience than you think 10/10/2023 at 08:04 By Help Net Security Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

Why zero trust delivers even more resilience than you think Read More »

Turning military veterans into cybersecurity experts

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, TechVets, Threat Intelligence, threats, training /

Turning military veterans into cybersecurity experts 10/10/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in

Turning military veterans into cybersecurity experts Read More »

Why security is the bedrock of success for mainframe projects

Cloud, cybersecurity, Don't miss, Hot stuff, Kyndryl, mainframe security, skill development, strategy, training, Video /

Why security is the bedrock of success for mainframe projects 10/10/2023 at 07:02 By Help Net Security Enterprises looking to update their mission-critical operations are approaching modernization in three ways – modernizing on the mainframe, integrating with the hyperscalers, or moving off to the cloud, according to a recent Kyndryl report. Almost all respondents use

Why security is the bedrock of success for mainframe projects Read More »

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC

DMARC, Don't miss, Email, enterprise, Hot stuff, Microsoft, Microsoft 365, News, spam /

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC 09/10/2023 at 13:32 By Helga Labus In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records verify that

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC Read More »

Selective disclosure in the identity wallet: How users share the data that is really needed

authentication, cyberattack, cybersecurity, data, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, IDnow, News, opinion, Privacy /

Selective disclosure in the identity wallet: How users share the data that is really needed 09/10/2023 at 07:46 By Help Net Security Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals for digital services. Although companies

Selective disclosure in the identity wallet: How users share the data that is really needed Read More »

Automotive cybersecurity: A decade of progress and challenges

attacks, automotive security, connected cars, cybersecurity, Don't miss, Hot stuff, IOActive, threats, Video, vulnerability /

Automotive cybersecurity: A decade of progress and challenges 09/10/2023 at 07:31 By Help Net Security As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive,

Automotive cybersecurity: A decade of progress and challenges Read More »

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

0-day, apple, Chrome, CVE, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, Patch Tuesday, predictions /

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty 06/10/2023 at 07:47 By Help Net Security September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty Read More »

Are executives adequately guarding their gadgets?

Agency, attacks, backdoor, BYOD, CISO, cyberattack, cybersecurity, Don't miss, Hot stuff, MFA, Privacy, Video /

Are executives adequately guarding their gadgets? 06/10/2023 at 07:02 By Help Net Security Today, individual citizens, rather than businesses or governmental bodies, are the main entry points for cyberattacks. However, security solutions haven’t evolved sufficiently to guard public figures and leaders as they do for large corporate entities. In this Help Net Security video, Amir

Are executives adequately guarding their gadgets? Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, PoC, Qualys, Red Hat, security update, Ubuntu, vulnerability /

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Apple patches another iOS zero-day under attack (CVE-2023-42824)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update, vulnerability /

Apple patches another iOS zero-day under attack (CVE-2023-42824) 05/10/2023 at 13:47 By Helga Labus Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About the vulnerability (CVE-2023-42824) CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on

Apple patches another iOS zero-day under attack (CVE-2023-42824) Read More »

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

0-day, Atlassian, Atlassian Confluence, Don't miss, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) 05/10/2023 at 13:02 By Helga Labus Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) Read More »

Eyes everywhere: How to safely navigate the IoT video revolution

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Internet of Things, IoT, Nabto, News, opinion, passwords, Privacy, software /

Eyes everywhere: How to safely navigate the IoT video revolution 05/10/2023 at 12:31 By Help Net Security Cameras are coming to a connected device near you. Cheap image sensors from old mobile phones are flooding the market and bringing video to the Internet of Things (IoT). Vacuum cleaners, bird feeders, connected cars and even smart

Eyes everywhere: How to safely navigate the IoT video revolution Read More »

High-business-impact outages are incredibly expensive

Cloud, cloud computing, cybersecurity, data, data analysis, Don't miss, Hot stuff, New Relic, professional, software, Video /

High-business-impact outages are incredibly expensive 05/10/2023 at 07:01 By Help Net Security In this Help Net Security video, Peter Pezaris, Chief Strategy and Design Officer at New Relic, discusses observability adoption and how full-stack observability leads to better service-level metrics, such as fewer, shorter outages and lower outage costs. 32% of respondents to a recent

High-business-impact outages are incredibly expensive Read More »

Backdoored Android phones, TVs used for ad fraud – and worse!

Android, backdoor, data theft, Don't miss, fraud, Hot stuff, HUMAN Security, iOS, mobile apps, News, smart tv, smartphones /

Backdoored Android phones, TVs used for ad fraud – and worse! 04/10/2023 at 19:46 By Help Net Security A key monetization mechanism of a sophisticated series of cybercriminal operations involving backdoored off-brand mobile and CTV Android devices has been disrupted, Human Security has announced. The company’s Satori Threat Intelligence and Research Team observed more than

Backdoored Android phones, TVs used for ad fraud – and worse! Read More »

Scroll to Top