Hot stuff

Adversarial groups adapt to exploit systems in new ways

cybersecurity, Don't miss, Elastic, Hot stuff, Malware, Video /

Adversarial groups adapt to exploit systems in new ways 2024-10-28 at 06:36 By Help Net Security In this Help Net Security video, Jake King, Head of Threat & Security Intelligence at Elastic, discusses the key findings from the 2024 Elastic Global Threat Report. Adversaries are utilizing off-the-shelf tools Offensive security tools (OSTs), including Cobalt Strike […]

React to this headline:

Loading spinner

Adversarial groups adapt to exploit systems in new ways Read More »

Exploited: Cisco, SharePoint, Chrome vulnerabilities

brute-force, Chrome, CISA, Cisco, Don't miss, enterprise, exploit, Hot stuff, Kaspersky, News, PoC, SharePoint, vulnerability /

Exploited: Cisco, SharePoint, Chrome vulnerabilities 2024-10-25 at 13:33 By Zeljka Zorz Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s Chrome browser (CVE-2024-4947). CVE-2024-20481 (Cisco ASA/FTD) In the past few days, Cisco has released fixes for a slew of vulnerabilities affecting the software powering its

React to this headline:

Loading spinner

Exploited: Cisco, SharePoint, Chrome vulnerabilities Read More »

Achieving peak cyber resilience

Artificial Intelligence, cyber resilience, cyberattacks, cybersecurity, Data Protection, disaster recovery, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Veritas Technologies /

Achieving peak cyber resilience 2024-10-25 at 08:03 By Help Net Security Climbing Mount Everest isn’t a feat for the faint hearted. Extreme weather, dangerous terrain and acclimatization requirements make the trek challenging for even the most experienced climbers. It’s estimated that the expedition takes more than two months, on average. That’s a lengthy process that

React to this headline:

Loading spinner

Achieving peak cyber resilience Read More »

The future of cyber insurance: Meeting the demand for non-attack coverage

access control, Allianz, cyber insurance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Privacy, Ransomware, risk assessment /

The future of cyber insurance: Meeting the demand for non-attack coverage 2024-10-25 at 07:35 By Mirko Zorz In this Help Net Security interview, Michael Daum, Head of Global Cyber Claims for Allianz Commercial, discusses the significant rise in cyber claims in 2024, driven by an increase in data breaches and ransomware attacks. Daum highlights the

React to this headline:

Loading spinner

The future of cyber insurance: Meeting the demand for non-attack coverage Read More »

How to fend off a quantum computer attack

attacks, cybersecurity, Don't miss, Hot stuff, IEEE, quantum computing, Video /

How to fend off a quantum computer attack 2024-10-25 at 07:03 By Help Net Security In this Help Net Security video, IEEE member Marc Lijour explains quantum computing and offers insight into how to fend off a quantum computer attack. The post How to fend off a quantum computer attack appeared first on Help Net

React to this headline:

Loading spinner

How to fend off a quantum computer attack Read More »

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575)

0-day, Don't miss, enterprise, Fortinet, Hot stuff, MSP, News, Rapid7, security update /

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) 2024-10-24 at 12:18 By Zeljka Zorz Fortinet has finally made public information about CVE-2024-47575, a critical FortiManager vulnerability that attackers have exploited as a zero-day. About CVE-2024-47575 CVE-2024-47575 is a vulnerability stemming from missing authentication for a critical function in FortiManager’s fgfmd daemon. Remote, unauthenticated attackers could

React to this headline:

Loading spinner

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) Read More »

What’s more important when hiring for cybersecurity roles?

certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, MyTurn, News, opinion, skill development, training /

What’s more important when hiring for cybersecurity roles? 2024-10-24 at 08:03 By Help Net Security When building a cybersecurity team, you likely asked yourself, “Should I focus on certifications or real-world skills?” And since you rarely encounter entry-level candidates who can hit the ground running, naturally, you’d consider a candidate with both. But that’s not

React to this headline:

Loading spinner

What’s more important when hiring for cybersecurity roles? Read More »

Enhancing national security: The four pillars of the National Framework for Action

Center for Internet Security, cybersecurity, DOJ, Don't miss, Features, generative AI, Hot stuff, law enforcement, News, opinion, resilience, threat detection /

Enhancing national security: The four pillars of the National Framework for Action 2024-10-24 at 07:33 By Mirko Zorz In this Help Net Security interview, John Cohen, Executive Director, Program for Countering Hybrid Threats at the Center for Internet Security, discusses the four pillars of the National Framework for Action, emphasizing how these measures can combat

React to this headline:

Loading spinner

Enhancing national security: The four pillars of the National Framework for Action Read More »

Effective strategies for measuring and testing cyber resilience

attacks, CISO, cyber hygiene, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, supply chain, UK /

Effective strategies for measuring and testing cyber resilience 2024-10-23 at 08:02 By Mirko Zorz In this Help Net Security interview, Detective Superintendent Ian Kirby, CEO of the National Cyber Resilience Centre Group (NCRCG), discusses the emerging cyber threats and strategies organizations can use to increase cyber resilience. He emphasizes basic cyber hygiene, security awareness training,

React to this headline:

Loading spinner

Effective strategies for measuring and testing cyber resilience Read More »

Argus: Open-source information gathering toolkit

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Argus: Open-source information gathering toolkit 2024-10-23 at 07:33 By Help Net Security Argus is an open-source toolkit that simplifies information gathering and reconnaissance. It features a user-friendly interface and a collection of powerful modules, enabling the exploration of networks, web applications, and security configurations. Argus offers a collection of tools categorized into three main areas:

React to this headline:

Loading spinner

Argus: Open-source information gathering toolkit Read More »

Evolving cloud threats: Insights and recommendations

access control, cloud security, cybersecurity, Don't miss, Hot stuff, IBM X-Force, threat, Video /

Evolving cloud threats: Insights and recommendations 2024-10-23 at 07:03 By Help Net Security Recently, IBM X-Force released its 2024 Cloud Threat Landscape Report. This uses incident data and insights to reveal how attackers successfully compromise organizations by leveraging adversary-in-the-middle (AITM) attacks to bypass multi-factor authentication (MFA). This often leads to business email compromise (BEC), which

React to this headline:

Loading spinner

Evolving cloud threats: Insights and recommendations Read More »

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812)

Broadcom, CVE, Don't miss, Hot stuff, News, security update, virtualization, VMWare, vulnerability /

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) 2024-10-22 at 14:02 By Zeljka Zorz Broadcom has released new patches for previously fixed vulnerabilities (CVE-2024-38812, CVE-2024-38813) in vCenter Server, one of which hasn’t been fully addressed the first time and could allow attackers to achieve remote code execution. The vulnerabilities were privately reported by

React to this headline:

Loading spinner

VMware fixes critical vCenter Server RCE bug – again! (CVE-2024-38812) Read More »

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383)

CVE, Don't miss, exploit, Hot stuff, News, Positive Technologies, Roundcube, vulnerability /

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) 2024-10-22 at 12:34 By Zeljka Zorz Attackers have exploited an XSS vulnerability (CVE-2024-37383) in the Roundcube Webmail client to target a governmental organization of a CIS country, Positive Technologies (PT) analysts have discovered. The vulnerability was patched in May 2024, in Roundcube Webmail versions 1.5.7 and

React to this headline:

Loading spinner

Roundcube XSS flaw exploited to steal credentials, email (CVE-2024-37383) Read More »

IT security and government services: Balancing transparency and security

CivicPlus, cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, strategy, training /

IT security and government services: Balancing transparency and security 2024-10-22 at 07:33 By Help Net Security Government information technology leaders find themselves at a challenging balance point: On one end of the scale are increasing threats from cyber actors, bolstered by advanced technology like artificial intelligence (AI); on the other end is a longstanding commitment

React to this headline:

Loading spinner

IT security and government services: Balancing transparency and security Read More »

Myths holding women back from cybersecurity careers

awareness, certification, cybersecurity, Don't miss, education, Features, Hot stuff, News, opinion, professional, skill development /

Myths holding women back from cybersecurity careers 2024-10-22 at 06:33 By Mirko Zorz In this Help Net Security interview, Dr Kathryn Jones, Head of School, Computer Science and Informatics at Cardiff University, discusses the challenges and misconceptions that deter women from pursuing careers in cybersecurity. Dr Jones also outlines the diverse skills, mentorship, and outreach

React to this headline:

Loading spinner

Myths holding women back from cybersecurity careers Read More »

Whitepaper: Securing GenAI

Don't miss, Hot stuff, IronCore Labs, News, Whitepapers and webinars /

Whitepaper: Securing GenAI 2024-10-22 at 05:48 By Help Net Security The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing GenAI whitepaper: GenAI attack surface

React to this headline:

Loading spinner

Whitepaper: Securing GenAI Read More »

Fortinet releases patches for undisclosed critical FortiManager vulnerability

Don't miss, enterprise, Fortinet, Hot stuff, News, patch, security update /

Fortinet releases patches for undisclosed critical FortiManager vulnerability 2024-10-21 at 16:48 By Zeljka Zorz In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out

React to this headline:

Loading spinner

Fortinet releases patches for undisclosed critical FortiManager vulnerability Read More »

The Internet Archive breach continues

credentials, data breach, Don't miss, Hot stuff, Internet Archive, News /

The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT

React to this headline:

Loading spinner

The Internet Archive breach continues Read More »

Building secure AI with MLSecOps

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, machine learning, News, opinion, Protect AI /

Building secure AI with MLSecOps 2024-10-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that are both safe and

React to this headline:

Loading spinner

Building secure AI with MLSecOps Read More »

Evolving cybercriminal tactics targeting SMBs

BEC scams, cybercrime, Don't miss, Hot stuff, Todyl, Video /

Evolving cybercriminal tactics targeting SMBs 2024-10-21 at 07:01 By Help Net Security A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the

React to this headline:

Loading spinner

Evolving cybercriminal tactics targeting SMBs Read More »

Scroll to Top