Hot stuff

Attackers deploying red teaming tool for EDR evasion

Binary Defense, ConnectWise, Don't miss, Endpoint Security, ExtraHop, Hot stuff, Intel 471, News, SentinelOne, Sophos, threat detection, Trend Micro /

Attackers deploying red teaming tool for EDR evasion 2024-10-15 at 17:16 By Zeljka Zorz Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by leveraging […]

React to this headline:

Loading spinner

Attackers deploying red teaming tool for EDR evasion Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr /

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

React to this headline:

Loading spinner

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

The NHI management challenge: When employees leave

authentication, credentials, cybersecurity, Don't miss, Entro, Expert analysis, Expert corner, framework, Hot stuff, News, Non Human Identities, opinion /

The NHI management challenge: When employees leave 2024-10-15 at 08:01 By Help Net Security An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the credentials

React to this headline:

Loading spinner

The NHI management challenge: When employees leave Read More »

How nation-states exploit political instability to launch cyber operations

BlackBerry, critical infrastructure, cyberattacks, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, threat /

How nation-states exploit political instability to launch cyber operations 2024-10-15 at 07:37 By Mirko Zorz In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest

React to this headline:

Loading spinner

How nation-states exploit political instability to launch cyber operations Read More »

The dark side of API security

API security, cybersecurity, digital transformation, Don't miss, F5 Networks, Hot stuff, Video /

The dark side of API security 2024-10-15 at 07:02 By Help Net Security APIs are the backbone of digital transformation efforts, connecting applications across organizations, so their security is of the utmost importance. In this Help Net Security video, Lori MacVittie, a Distinguished Engineer at F5, discusses the current state of API security. A recent

React to this headline:

Loading spinner

The dark side of API security Read More »

The quantum dilemma: Game-changer or game-ender

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, quantum computing, risk /

The quantum dilemma: Game-changer or game-ender 2024-10-14 at 08:18 By Help Net Security If someone told you five years ago that you could pose questions to an AI agent about the most vexing issues in science and it could answer back swiftly and meaningfully, you would’ve thought they were joking. But AI has ushered in

React to this headline:

Loading spinner

The quantum dilemma: Game-changer or game-ender Read More »

CISOs’ strategies for managing a growing attack surface

attack, CISO, Compliance, cybersecurity, Detectify, digital transformation, Don't miss, Features, Hot stuff, News, opinion, regulation /

CISOs’ strategies for managing a growing attack surface 2024-10-14 at 07:03 By Mirko Zorz In this Help Net Security interview, Rickard Carlsson, CEO at Detectify, discusses the evolution of attack surface management in the context of remote work and digital transformation. Carlsson highlights the challenges CISOs face today, including maintaining visibility and managing compliance in

React to this headline:

Loading spinner

CISOs’ strategies for managing a growing attack surface Read More »

EU adopts Cyber Resilience Act to secure connected products

Don't miss, enterprise, EU, Hot stuff, IoT, News, open source, regulation, smart home, smart lock, smart toys, smart tv, SMBs, vulnerability disclosure, vulnerability management /

EU adopts Cyber Resilience Act to secure connected products 2024-10-11 at 14:17 By Zeljka Zorz The EU Council has adopted the Cyber Resilience Act (CRA), a new law that aims to make consumer products with digital components safe(r) to use. CRA requirements The CRA outlines EU-wide cybersecurity standards for digital products, i.e. products that are

React to this headline:

Loading spinner

EU adopts Cyber Resilience Act to secure connected products Read More »

DORA regulation’s nuts and bolts

BforeAI, cyber resilience, cybersecurity, Don't miss, EU, financial industry, Hot stuff, regulation, Video /

DORA regulation’s nuts and bolts 2024-10-11 at 08:02 By Help Net Security The frequency, sophistication, and impact of cyber-attacks on financial institutions have been rising. Given the economic system’s interconnected nature, disruptions in one institution can have cascading effects on the broader financial market, leading to systemic risks. Regulators have responded with increasingly stringent requirements.

React to this headline:

Loading spinner

DORA regulation’s nuts and bolts Read More »

Unlocking the power of cryptographic agility in a quantum world

Cryptomathic, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, quantum computing, regulation, standards /

Unlocking the power of cryptographic agility in a quantum world 2024-10-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Glen Leonhard, Director of Key Management at Cryptomathic, discusses the role of cryptographic agility in mitigating risks posed by quantum computing. Cryptographic agility enables organizations to seamlessly transition to post-quantum algorithms without disrupting

React to this headline:

Loading spinner

Unlocking the power of cryptographic agility in a quantum world Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability /

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

data breach, Data leak, DDoS, Don't miss, HIBP, Hot stuff, Internet Archive, News /

Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began

React to this headline:

Loading spinner

Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »

Widening talent pool in cyber with on-demand contractors

CAPSLOCK, certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, skill development /

Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make

React to this headline:

Loading spinner

Widening talent pool in cyber with on-demand contractors Read More »

Investing in Privacy by Design for long-term compliance

awareness, cybersecurity, Don't miss, Features, framework, Hot stuff, Microblink, News, opinion, Privacy, regulation /

Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures

React to this headline:

Loading spinner

Investing in Privacy by Design for long-term compliance Read More »

Balancing legal frameworks and enterprise security governance

boardroom, Coalfire, Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, Incident Response, News, opinion, regulation /

Balancing legal frameworks and enterprise security governance 2024-10-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance structures and

React to this headline:

Loading spinner

Balancing legal frameworks and enterprise security governance Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

YARA: Open-source tool for malware research

cybersecurity, Don't miss, GitHub, Hot stuff, malware analysis, News, open source, software /

YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual

React to this headline:

Loading spinner

YARA: Open-source tool for malware research Read More »

Cultivating a security-first mindset: Key leadership actions

cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, Optiv Security, security awareness, strategy /

Cultivating a security-first mindset: Key leadership actions 2024-10-09 at 07:31 By Mirko Zorz In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations. Wienhold also discusses strategies for maintaining ongoing cybersecurity awareness and making security protocols accessible to non-technical staff.

React to this headline:

Loading spinner

Cultivating a security-first mindset: Key leadership actions Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows /

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

chip, CVE, Don't miss, Google, Hot stuff, News, Qualcomm, vulnerability /

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) 2024-10-08 at 15:31 By Zeljka Zorz An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among

React to this headline:

Loading spinner

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) Read More »

Scroll to Top