Hot stuff

Zero-days dominate top frequently exploited vulnerabilities

0-day, CISA, Don't miss, FBI, Hot stuff, NCSC, News, NSA, report, Tenable, vulnerability /

Zero-days dominate top frequently exploited vulnerabilities 2024-11-14 at 07:03 By Mirko Zorz A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. Zero-day vulnerabilities on the rise The advisory highlights that malicious cyber actors increasingly targeted zero-day vulnerabilities, posing significant […]

React to this headline:

Loading spinner

Zero-days dominate top frequently exploited vulnerabilities Read More »

What 2025 holds for user identity protection

cybersecurity, Don't miss, Hot stuff, identity, identity protection, rf IDEAS, Video /

What 2025 holds for user identity protection 2024-11-14 at 06:45 By Help Net Security In this Help Net Security video, David Cottingham, President of rf IDEAS, discusses what he sees as the most prominent areas for improvement and continued change in the space: As we move into 2025, it’s evident that businesses recognize MFA as

React to this headline:

Loading spinner

What 2025 holds for user identity protection Read More »

Aerospace employees targeted with malicious “dream job” offers

aerospace, APT, backdoor, ClearSky Cyber Security, Don't miss, Hot stuff, Iran, LinkedIn, News, spear-phishing /

Aerospace employees targeted with malicious “dream job” offers 2024-11-13 at 12:49 By Zeljka Zorz It’s not just North Korean hackers who reach out to targets via LinkedIn: since at least September 2023, Iranian threat actor TA455 has been trying to compromise workers in the aerospace industry by impersonating job recruiters on the popular employment-focused social

React to this headline:

Loading spinner

Aerospace employees targeted with malicious “dream job” offers Read More »

CISOs in 2025: Balancing security, compliance, and accountability

CISO, Compliance, cybersecurity, DomainTools, Don't miss, Features, Hot stuff, News, opinion, predictions, regulation, strategy, tips /

CISOs in 2025: Balancing security, compliance, and accountability 2024-11-13 at 07:37 By Mirko Zorz In this Help Net Security interview, Daniel Schwalbe, CISO at DomainTools, discusses the intensifying regulatory demands that have reshaped CISO accountability and daily decision-making. He outlines the skill sets future CISOs need, their key priorities for 2025, and how increased pressure

React to this headline:

Loading spinner

CISOs in 2025: Balancing security, compliance, and accountability Read More »

Cyber professionals face an IP loss reckoning in 2025

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, Mimecast, professional, risk, Video /

Cyber professionals face an IP loss reckoning in 2025 2024-11-13 at 07:06 By Help Net Security AI can expose your work secrets. The same goes for AI-generated content, which has revolutionized workplace productivity but comes with hidden risks. As more employees use AI models to streamline tasks—whether drafting reports, building code, or designing products, they

React to this headline:

Loading spinner

Cyber professionals face an IP loss reckoning in 2025 Read More »

Tips for a successful cybersecurity job interview

cybersecurity, cybersecurity jobs, Don't miss, Hot stuff, how-to, News, strategy, tips /

Tips for a successful cybersecurity job interview 2024-11-13 at 06:35 By Anamarija Pogorelec Whether you’re looking to enhance your existing cybersecurity skills or just beginning your journey in the field, cybersecurity offers a wide range of career opportunities. If you’re considering a career shift, exploring new job opportunities, or aiming to upgrade your skill set,

React to this headline:

Loading spinner

Tips for a successful cybersecurity job interview Read More »

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)

0-day, Active Directory, CVE, Don't miss, Hot stuff, Immersive Labs, Ivanti, Microsoft, Microsoft Defender, News, OpenSSL, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) 2024-11-12 at 23:03 By Zeljka Zorz November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for 89 new security issues in its various products, two of which – CVE-2024-43451 and CVE-2024-49039 – are actively exploited by attackers. The exploited vulnerabilities (CVE-2024-43451, CVE-2024-49039) CVE-2024-43451 is yet another

React to this headline:

Loading spinner

Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) Read More »

Massive troves of Amazon, HSBC employee data leaked

3M, Amazon, Data leak, Don't miss, Hot stuff, HP, HSBC, News /

Massive troves of Amazon, HSBC employee data leaked 2024-11-12 at 12:18 By Zeljka Zorz A threat actor who goes by the online moniker “Nam3L3ss” has leaked employee data belonging to a number of corporations – including Amazon, 3M, HSBC and HP – ostensibly compromised during the May 2023 MOVEit hack by the Cl0p ransomware gang,

React to this headline:

Loading spinner

Massive troves of Amazon, HSBC employee data leaked Read More »

The changing face of identity security

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, Illumio, News, opinion, resilience, strategy, zero trust /

The changing face of identity security 2024-11-12 at 08:03 By Help Net Security It’s easy to see why identity security is often synonymous with user security. Social engineering tactics are the mainstay of the threat actor’s arsenal, and it’s rare to find an attack that doesn’t feature them to some degree. Getting hold of privileged

React to this headline:

Loading spinner

The changing face of identity security Read More »

Evaluating your organization’s application risk management journey

Application Security, automation, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, supply chain, Veracode /

Evaluating your organization’s application risk management journey 2024-11-12 at 07:33 By Mirko Zorz In this Help Net Security interview, Chris Wysopal, Chief Security Evangelist at Veracode, discusses strategies for CISOs to quantify application risk in financial terms. Wysopal outlines the need for continuous risk management practices and robust strategies to manage third-party software dependencies, ensuring

React to this headline:

Loading spinner

Evaluating your organization’s application risk management journey Read More »

Powerpipe: Open-source dashboards for DevOps

DevOps, Don't miss, GitHub, Hot stuff, News, open source, software /

Powerpipe: Open-source dashboards for DevOps 2024-11-12 at 07:03 By Help Net Security Powerpipe is an open-source solution designed to streamline DevOps management with powerful visualization and compliance tools, making it simple to track, assess, and act on key data for smarter decision-making and continuous compliance monitoring. Dynamic dashboards and reports Powerpipe’s high-level dashboards offer an

React to this headline:

Loading spinner

Powerpipe: Open-source dashboards for DevOps Read More »

November 2024 Patch Tuesday forecast: New servers arrive early

apple, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, Windows /

November 2024 Patch Tuesday forecast: New servers arrive early 2024-11-11 at 08:03 By Help Net Security Microsoft followed their October precedent set with Windows 11 24H2 and announced Microsoft Server 2025 on the first of November. We were expecting the official announcement at Microsoft Ignite near the end of the month, but with the early

React to this headline:

Loading spinner

November 2024 Patch Tuesday forecast: New servers arrive early Read More »

4 reasons why veterans thrive as cybersecurity professionals

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, SpecterOps, threats, training /

4 reasons why veterans thrive as cybersecurity professionals 2024-11-11 at 07:35 By Help Net Security Through their past military service, veterans are trained to think like adversaries, often share that mission-driven spirit and excel when working with a team to achieve a larger goal. They develop and champion the unique traits that cybersecurity companies need

React to this headline:

Loading spinner

4 reasons why veterans thrive as cybersecurity professionals Read More »

Strategies for CISOs navigating hybrid and multi-cloud security

CISO, cloud security, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Mirantis, misconfiguration, News, opinion, regulation, tips /

Strategies for CISOs navigating hybrid and multi-cloud security 2024-11-11 at 07:11 By Mirko Zorz In this Help Net Security interview, Alex Freedland, CEO at Mirantis, discusses the cloud security challenges that CISOs need to tackle as multi-cloud and hybrid environments become the norm. He points out the expanded attack surfaces, the importance of consistent security

React to this headline:

Loading spinner

Strategies for CISOs navigating hybrid and multi-cloud security Read More »

Setting a security standard: From vulnerability to exposure management

cybersecurity, CyCognito, Don't miss, Hot stuff, Risk Management, security standard, Video /

Setting a security standard: From vulnerability to exposure management 2024-11-11 at 06:36 By Help Net Security Vulnerability management has been the standard approach to fending off cyber threats for years. Still, it falls short by focusing on a limited number of vulnerabilities, often resolving only 1% to 20% of issues. In 2024, with the average

React to this headline:

Loading spinner

Setting a security standard: From vulnerability to exposure management Read More »

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910)

CVE, Don't miss, Horizon3.ai, Hot stuff, News, Palo Alto Networks, PoC, vulnerability /

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) 2024-11-08 at 13:36 By Zeljka Zorz A vulnerability (CVE-2024-5910) in Palo Alto Networks Expedition, a firewall configuration migration tool, is being exploited by attackers in the wild, the Cybersecurity and Infrastructure Security Agency (CISA) confirmed on Thursday. About CVE-2024-5910 Unearthed and reported by Brian Hysell of Synopsys

React to this headline:

Loading spinner

Critical Palo Alto Networks Expedition bug exploited (CVE-2024-5910) Read More »

Apple’s 45-day certificate proposal: A call to action

apple, certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, News, opinion, Venafi /

Apple’s 45-day certificate proposal: A call to action 2024-11-08 at 08:00 By Help Net Security In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a

React to this headline:

Loading spinner

Apple’s 45-day certificate proposal: A call to action Read More »

Am I Isolated: Open-source container security benchmark

containers, Don't miss, Edera, GitHub, Hot stuff, Kubernetes, News, open source, software /

Am I Isolated: Open-source container security benchmark 2024-11-08 at 07:30 By Mirko Zorz Am I Isolated is an open-source container security benchmark that probes users’ runtime environments and tests for container isolation. The Rust-based container runtime scanner runs as a container, detecting gaps in users’ container runtime isolation. It also provides guidance to improve users’

React to this headline:

Loading spinner

Am I Isolated: Open-source container security benchmark Read More »

Industrial companies in Europe targeted with GuLoader

Cado Security, Don't miss, Europe, Hot stuff, Malware, News, spear-phishing /

Industrial companies in Europe targeted with GuLoader 2024-11-07 at 15:48 By Zeljka Zorz A recent spear-phishing campaign targeting industrial and engineering companies in Europe was aimed at saddling victims with the popular GuLoader downloader and, ultimately, a remote access trojan that would permit attackers to steal information from and access compromised computers whenever they wish.

React to this headline:

Loading spinner

Industrial companies in Europe targeted with GuLoader Read More »

North Korean hackers employ new tactics to compromise crypto-related businesses

APT, backdoor, Cryptocurrency, Don't miss, financial industry, Hot stuff, macOS, Malware, News, North Korea, phishing, SentinelOne /

North Korean hackers employ new tactics to compromise crypto-related businesses 2024-11-07 at 13:49 By Zeljka Zorz North Korean hackers are targeting crypto-related businesses with phishing emails and novel macOS-specific malware. The crypto-related phishing campaign Since July 2024, phishing emails seemingly containing helpful information on risks related to the rise of the price of Bitcoin have

React to this headline:

Loading spinner

North Korean hackers employ new tactics to compromise crypto-related businesses Read More »

Scroll to Top