Hot stuff

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)

CVE, Don't miss, enterprise, exploit, Hot stuff, Ivanti, News, PoC, vulnerability /

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) 2024-09-25 at 12:46 By Zeljka Zorz CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the Cybersecurity and Infrastructure Security Agency (CISA), which added the flaw to its Known Exploited Vulnerabilities […]

React to this headline:

Loading spinner

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593) Read More »

NetAlertX: Open-source Wi-Fi intruder detector

cybersecurity, Don't miss, GitHub, Hot stuff, networking, News, open source, software, wireless /

NetAlertX: Open-source Wi-Fi intruder detector 2024-09-25 at 08:01 By Mirko Zorz NetAlertX is an open-source Wi-Fi/LAN intruder detection tool that scans your network for connected devices and alerts you when new or unknown devices are detected. It provides visibility into your network activity to help you monitor unauthorized access. “NetAlertX comes with a range of

React to this headline:

Loading spinner

NetAlertX: Open-source Wi-Fi intruder detector Read More »

Securing non-human identities: Why fragmented strategies fail

authentication, Cloud Security Alliance, cybersecurity, Don't miss, Features, Hot stuff, identity, News, Non Human Identities, opinion, strategy /

Securing non-human identities: Why fragmented strategies fail 2024-09-25 at 07:31 By Mirko Zorz In this Help Net Security interview, John Yeoh, Global VP of Research at CSA, discusses the growing security challenges posed by non-human identities (NHIs). With NHIs now outnumbering human identities by 20 to 1, organizations are struggling to secure these digital entities

React to this headline:

Loading spinner

Securing non-human identities: Why fragmented strategies fail Read More »

Cybersecurity jobs available right now: September 25, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: September 25, 2024 2024-09-25 at 07:02 By Anamarija Pogorelec CISO Guardz | Israel | Hybrid – View job details As a CISO, you will develop and implement security policies and procedures to enhance the security of the company’s IT environment. Develop, implement, and maintain a comprehensive information security strategy to

React to this headline:

Loading spinner

Cybersecurity jobs available right now: September 25, 2024 Read More »

Transportation, logistics companies targeted with lures impersonating fleet management software

Don't miss, Hot stuff, Malware, News, Proofpoint, social engineering, supply chain, transportation, USA /

Transportation, logistics companies targeted with lures impersonating fleet management software 2024-09-24 at 17:46 By Zeljka Zorz Financially motivated threat actors are targeting North American companies in the transportation and logistics sector with tailored lures, info-stealing malware, and a clever new trick. How the attack unfolds According to Proofpoint threat researchers, the attackers start by compromising

React to this headline:

Loading spinner

Transportation, logistics companies targeted with lures impersonating fleet management software Read More »

US-based Kaspersky users startled by unexpected UltraAV installation

antivirus, Don't miss, Hot stuff, Kaspersky, News, UltraAV, USA /

US-based Kaspersky users startled by unexpected UltraAV installation 2024-09-24 at 15:46 By Zeljka Zorz A poorly executed “handover” of US-based Kaspersky customers has led some users to panic when software named UltraAV popped up on their computers without any action on their part. What happened? Earlier this year, for national security reasons, the US Department

React to this headline:

Loading spinner

US-based Kaspersky users startled by unexpected UltraAV installation Read More »

Telegram will share IP addresses, phone numbers of criminal suspects with cops

cybercriminals, Don't miss, Hot stuff, law enforcement, News, Privacy Policy, social media, Telegram, Terms of Service /

Telegram will share IP addresses, phone numbers of criminal suspects with cops 2024-09-24 at 13:01 By Zeljka Zorz Telegram will start handing over the IP addresses and phone numbers of users who violate their Terms of Service “to relevant authorities in response to valid legal requests”, Telegram founder and CEO Pavel Durov has announced on

React to this headline:

Loading spinner

Telegram will share IP addresses, phone numbers of criminal suspects with cops Read More »

Future-proofing cybersecurity: Why talent development is key

certification, cybersecurity, Don't miss, Features, Hot stuff, how-to, ISC2, News, opinion, skill development, strategy, tips /

Future-proofing cybersecurity: Why talent development is key 2024-09-24 at 08:01 By Mirko Zorz In this Help Net Security interview, Jon France, CISO at ISC2, discusses cybersecurity workforce growth. He outlines organizations’ challenges, such as budget constraints and limited entry-level opportunities. France also points to the urgent need to upskill current employees and adopt inclusive hiring

React to this headline:

Loading spinner

Future-proofing cybersecurity: Why talent development is key Read More »

Windows Server 2025 gets hotpatching option, without reboots

data center, Don't miss, Hot stuff, Microsoft, News, patching, security update, Windows Server /

Windows Server 2025 gets hotpatching option, without reboots 2024-09-23 at 17:02 By Zeljka Zorz Organizations that plan to upgrade to Windows Server 2025 once it becomes generally available will be able to implement some security updates by hotpatching running processes. What is hotpatching? “Hotpatching has been around for years in Windows Server 2022 Azure Edition,

React to this headline:

Loading spinner

Windows Server 2025 gets hotpatching option, without reboots Read More »

Organizations are changing cybersecurity providers in wake of Crowdstrike outage

business continuity, CrowdStrike, cyber risk, cybersecurity, disruption, Don't miss, Europe, Germany, Hot stuff, Incident Response, News, procurement /

Organizations are changing cybersecurity providers in wake of Crowdstrike outage 2024-09-23 at 15:46 By Zeljka Zorz More often than not, a cyber attack or a cyber incident that results in business disruption will spur organizations to make changes to improve their cybersecurity and cyber resilience – and sometimes that means changing cybersecurity providers. The recent

React to this headline:

Loading spinner

Organizations are changing cybersecurity providers in wake of Crowdstrike outage Read More »

Certainly: Open-source offensive security toolkit

Don't miss, GitHub, Hot stuff, News, open source, software /

Certainly: Open-source offensive security toolkit 2024-09-23 at 07:31 By Mirko Zorz Certainly is an open-source offensive security toolkit designed to capture extensive traffic across various network protocols in bit-flip and typosquatting scenarios. Built-in protocols: DNS, HTTP(S), IMAP(S), SMTP(S). “The reason why we created Certainly was to simplify the process of capturing and collecting requests that

React to this headline:

Loading spinner

Certainly: Open-source offensive security toolkit Read More »

Offensive cyber operations are more than just attacks

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, News, Nightwing, opinion, quantum computing, strategy /

Offensive cyber operations are more than just attacks 2024-09-23 at 07:01 By Mirko Zorz In this Help Net Security interview, Christopher Jones, Chief Technology Officer and Chief Data Officer at Nightwing, talks about some key misconceptions and complexities surrounding offensive cyber operations. Many myths stem from a simplistic view of these operations, ranging from direct

React to this headline:

Loading spinner

Offensive cyber operations are more than just attacks Read More »

How to detect and stop bot activity

access management, authentication, bot, cybersecurity, device fingerprinting, Don't miss, Expert analysis, Expert corner, Fingerprint, Hot stuff, News, opinion, strategy /

How to detect and stop bot activity 2024-09-20 at 07:46 By Help Net Security Bad bot traffic continues to rise year-over-year, accounting for nearly a third of all internet traffic in 2023. Bad bots access sensitive data, perpetrate fraud, steal proprietary information, and degrade site performance. New technologies are enabling fraudsters to strike faster and

React to this headline:

Loading spinner

How to detect and stop bot activity Read More »

Striking the balance between cybersecurity and operational efficiency

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy /

Striking the balance between cybersecurity and operational efficiency 2024-09-20 at 07:31 By Mirko Zorz In this Help, Net Security interview, Michael Oberlaender, ex-CISO, and book author, discusses how to strike the right balance between security and operational efficiency. Oberlaender advises companies starting their cybersecurity journey and stresses the importance of aligning with various frameworks. He

React to this headline:

Loading spinner

Striking the balance between cybersecurity and operational efficiency Read More »

Windows users targeted with fake human verification pages delivering malware

CloudSEK, Don't miss, Hot stuff, Malware, News, Palo Alto Networks, Proofpoint, trojan, Windows /

Windows users targeted with fake human verification pages delivering malware 2024-09-19 at 17:01 By Zeljka Zorz For a while now, security researchers have been warning about fake human verification pages tricking Windows users into inadvertently installing malware. A recently exposed campaign showed how some users end up on these pages. Beware of fake human verification

React to this headline:

Loading spinner

Windows users targeted with fake human verification pages delivering malware Read More »

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)

access management, AmberWolf, CVE, Don't miss, enterprise, Hot stuff, News, One Identity, vulnerability /

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) 2024-09-19 at 15:31 By Zeljka Zorz Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could allow attackers to gain full administrative access to the virtual appliance. “Once an attacker has gained

React to this headline:

Loading spinner

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488) Read More »

FBI forced Flax Typhoon to abandon its botnet

botnet, China, consumer, Don't miss, DVR, enterprise, FBI, government-backed attacks, Hot stuff, IoT, Justice Department, Lumen, NAS, News, router, security cameras, SMBs /

FBI forced Flax Typhoon to abandon its botnet 2024-09-19 at 14:16 By Zeljka Zorz A botnet operated by the Chinese state-sponsored threat actor known as Flax Typhoon has been disrupted by the law enforcement agency and abandoned by the group, FBI Director Chris Wray confirmed on Wednesday. “We executed court-authorized operations to take control of

React to this headline:

Loading spinner

FBI forced Flax Typhoon to abandon its botnet Read More »

Differential privacy in AI: A solution creating more problems for developers?

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Privacy, Synopsys /

Differential privacy in AI: A solution creating more problems for developers? 2024-09-19 at 08:01 By Help Net Security In the push for secure AI models, many organizations have turned to differential privacy. But is the very tool meant to protect user data holding back innovation? Developers face a tough choice: balance data privacy or prioritize

React to this headline:

Loading spinner

Differential privacy in AI: A solution creating more problems for developers? Read More »

How digital wallets work, and best practices to use them safely

cybersecurity, digital wallet, Don't miss, Hot stuff, how-to, IEEE, News, strategy, tips, Video /

How digital wallets work, and best practices to use them safely 2024-09-19 at 07:31 By Help Net Security With the adoption of digital wallets and the increasing embedding of consumer digital payments into daily life, ensuring security measures is essential. According to a McKinsey report, digital payments are now mainstream and continually evolving, bringing advancements

React to this headline:

Loading spinner

How digital wallets work, and best practices to use them safely Read More »

Essential metrics for effective security program assessment

Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, penetration testing, Pentera, security controls, security testing, SOC /

Essential metrics for effective security program assessment 2024-09-19 at 07:02 By Mirko Zorz In this Help Net Security interview, Alex Spivakovsky, VP of Research & Cybersecurity at Pentera, discusses essential metrics for evaluating the success of security programs. Spivakovsky explains how automation and proactive testing can reveal vulnerabilities and improve overall security posture. What are

React to this headline:

Loading spinner

Essential metrics for effective security program assessment Read More »

Scroll to Top