All Google Cloud users will have to enable MFA by 2025 2024-11-06 at 17:07 By Zeljka Zorz Google has announced that, by the end of 2025, multi-factor authentication (MFA) – aka 2-step verification – will become mandatory for all Google Cloud accounts. “Given the sensitive nature of cloud deployments — and with phishing and stolen […]
React to this headline:
All Google Cloud users will have to enable MFA by 2025 Read More »
GoZone ransomware accuses and threatens victims 2024-11-06 at 13:06 By Zeljka Zorz A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The ransom
React to this headline:
GoZone ransomware accuses and threatens victims Read More »
The cybersecurity gender gap: How diverse teams improve threat response 2024-11-06 at 07:33 By Mirko Zorz In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams
React to this headline:
The cybersecurity gender gap: How diverse teams improve threat response Read More »
Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your
React to this headline:
Osmedeus: Open-source workflow engine for offensive security Read More »
Key cybersecurity predictions for 2025 2024-11-06 at 06:33 By Help Net Security In this Help Net Security video, Chris Gibson, CEO at FIRST, discusses the evolving threat landscape and provides a unique take on where data breaches and cyber attacks will be in 2025. The post Key cybersecurity predictions for 2025 appeared first on Help
React to this headline:
Key cybersecurity predictions for 2025 Read More »
Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to
React to this headline:
Beware of phishing emails delivering backdoored Linux VMs! Read More »
Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a
React to this headline:
Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »
Open-source software: A first attempt at organization after CRA 2024-11-05 at 08:03 By Help Net Security The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized
React to this headline:
Open-source software: A first attempt at organization after CRA Read More »
Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also
React to this headline:
Maximizing security visibility on a budget Read More »
Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at
React to this headline:
Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »
Hiring guide: Key skills for cybersecurity researchers 2024-11-04 at 07:33 By Mirko Zorz In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers,
React to this headline:
Hiring guide: Key skills for cybersecurity researchers Read More »
Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe
React to this headline:
Whispr: Open-source multi-vault secret injection tool Read More »
Cybersecurity in crisis: Are we ready for what’s coming? 2024-11-04 at 06:35 By Help Net Security In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67%
React to this headline:
Cybersecurity in crisis: Are we ready for what’s coming? Read More »
How open-source MDM solutions simplify cross-platform device management 2024-11-01 at 07:33 By Mirko Zorz In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how open-source
React to this headline:
How open-source MDM solutions simplify cross-platform device management Read More »
Google on scaling differential privacy across nearly three billion devices 2024-10-31 at 15:03 By Mirko Zorz In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products
React to this headline:
Google on scaling differential privacy across nearly three billion devices Read More »
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups 2024-10-31 at 14:38 By Zeljka Zorz A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source:
React to this headline:
Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups Read More »
North Korean hackers pave the way for Play ransomware 2024-10-31 at 12:49 By Zeljka Zorz North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack
React to this headline:
North Korean hackers pave the way for Play ransomware Read More »
IoT needs more respect for its consumers, creations, and itself 2024-10-31 at 07:58 By Help Net Security Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over
React to this headline:
IoT needs more respect for its consumers, creations, and itself Read More »
How agentic AI handles the speed and volume of modern threats 2024-10-31 at 07:08 By Mirko Zorz In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and
React to this headline:
How agentic AI handles the speed and volume of modern threats Read More »
Why cyber tools fail SOC teams 2024-10-31 at 06:34 By Help Net Security A recent Vectra AI report highlights a growing distrust of threat detection tools. 47% of respondents note they do not trust their tools to work the way they need them to. Moreover, 60% of SOC practitioners say security vendors flood them with
React to this headline:
Why cyber tools fail SOC teams Read More »