Hot stuff

What’s more important when hiring for cybersecurity roles?

certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, MyTurn, News, opinion, skill development, training /

What’s more important when hiring for cybersecurity roles? 2024-10-24 at 08:03 By Help Net Security When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not […]

React to this headline:

Loading spinner

What’s more important when hiring for cybersecurity roles? Read More »

Enhancing national security: The four pillars of the National Framework for Action

Center for Internet Security, cybersecurity, DOJ, Don't miss, Features, generative AI, Hot stuff, law enforcement, News, opinion, resilience, threat detection /

Enhancing national security: The four pillars of the National Framework for Action 2024-10-24 at 07:33 By Mirko Zorz In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat

React to this headline:

Loading spinner

Enhancing national security: The four pillars of the National Framework for Action Read More »

Effective strategies for measuring and testing cyber resilience

attacks, CISO, cyber hygiene, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, supply chain, UK /

Effective strategies for measuring and testing cyber resilience 2024-10-23 at 08:02 By Mirko Zorz In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness training,

React to this headline:

Loading spinner

Effective strategies for measuring and testing cyber resilience Read More »

Argus: Open-source information gathering toolkit

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:

React to this headline:

Loading spinner

Argus: Open-source information gathering toolkit Read More »

Evolving cloud threats: Insights and recommendations

access control, cloud security, cybersecurity, Don't miss, Hot stuff, IBM X-Force, threat, Video /

Evolving cloud threats: Insights and recommendations 2024-10-23 at 07:03 By Help Net Security Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise (BEC), which

React to this headline:

Loading spinner

Evolving cloud threats: Insights and recommendations Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

CVE, Don't miss, exploit, Hot stuff, News, Positive Technologies, Roundcube, vulnerability /

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

React to this headline:

Loading spinner

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

IT security and government services: Balancing transparency and security

CivicPlus, cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, strategy, training /

IT security and government services: Balancing transparency and security 2024-10-22 at 07:33 By Help Net Security Government information technology leaders find themselves at a challenging balance point: On one end of the scale are increasing threats from cyber actors, bolstered by advanced technology like artificial intelligence (AI); on the other end is a longstanding commitment

React to this headline:

Loading spinner

IT security and government services: Balancing transparency and security Read More »

Myths holding women back from cybersecurity careers

awareness, certification, cybersecurity, Don't miss, education, Features, Hot stuff, News, opinion, professional, skill development /

Myths holding women back from cybersecurity careers 2024-10-22 at 06:33 By Mirko Zorz In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship, and outreach

React to this headline:

Loading spinner

Myths holding women back from cybersecurity careers Read More »

Whitepaper: Securing GenAI

Don't miss, Hot stuff, IronCore Labs, News, Whitepapers and webinars /

Whitepaper: Securing GenAI 2024-10-22 at 05:48 By Help Net Security The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing GenAI whitepaper: GenAI attack surface

React to this headline:

Loading spinner

Whitepaper: Securing GenAI Read More »

Fortinet releases patches for undisclosed critical FortiManager vulnerability

Don't miss, enterprise, Fortinet, Hot stuff, News, patch, security update /

Fortinet releases patches for undisclosed critical FortiManager vulnerability 2024-10-21 at 16:48 By Zeljka Zorz In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out

React to this headline:

Loading spinner

Fortinet releases patches for undisclosed critical FortiManager vulnerability Read More »

The Internet Archive breach continues

credentials, data breach, Don't miss, Hot stuff, Internet Archive, News /

The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT

React to this headline:

Loading spinner

The Internet Archive breach continues Read More »

Building secure AI with MLSecOps

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, machine learning, News, opinion, Protect AI /

Building secure AI with MLSecOps 2024-10-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that are both safe and

React to this headline:

Loading spinner

Building secure AI with MLSecOps Read More »

Evolving cybercriminal tactics targeting SMBs

BEC scams, cybercrime, Don't miss, Hot stuff, Todyl, Video /

Evolving cybercriminal tactics targeting SMBs 2024-10-21 at 07:01 By Help Net Security A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the

React to this headline:

Loading spinner

Evolving cybercriminal tactics targeting SMBs Read More »

Microsoft lost some customers’ cloud security logs

cloud security, Don't miss, enterprise, Hot stuff, logging, Microsoft, Microsoft Azure, News /

Microsoft lost some customers’ cloud security logs 2024-10-18 at 16:46 By Zeljka Zorz Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the failure was

React to this headline:

Loading spinner

Microsoft lost some customers’ cloud security logs Read More »

Israeli orgs targeted with wiper malware via ESET-branded emails

ESET, Hot stuff, Israel, Malware, News, phishing /

Israeli orgs targeted with wiper malware via ESET-branded emails 2024-10-18 at 13:32 By Zeljka Zorz Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense

React to this headline:

Loading spinner

Israeli orgs targeted with wiper malware via ESET-branded emails Read More »

Fake Google Meet pages deliver infostealers

Don't miss, Hot stuff, macOS, Malware, News, Proofpoint, Sekoia.io, social engineering, video conferencing, Windows /

Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading

React to this headline:

Loading spinner

Fake Google Meet pages deliver infostealers Read More »

The role of compromised cyber-physical devices in modern cyberattacks

Don't miss, Features, Hot stuff, ICS/SCADA, IIoT, IoT, News, OT, router, security cameras, smart building, smart grid, smart home, supply chain compromise, Trend Micro /

The role of compromised cyber-physical devices in modern cyberattacks 2024-10-17 at 11:46 By Zeljka Zorz Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the

React to this headline:

Loading spinner

The role of compromised cyber-physical devices in modern cyberattacks Read More »

GhostStrike: Open-source tool for ethical hacking

Don't miss, GitHub, Hot stuff, News, open source, software /

GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop

React to this headline:

Loading spinner

GhostStrike: Open-source tool for ethical hacking Read More »

Scroll to Top