Hot stuff

ESET researchers analyze first UEFI bootkit for Linux systems

Don't miss, firmware, Hot stuff, Linux, News, research /

ESET researchers analyze first UEFI bootkit for Linux systems 2024-11-27 at 18:18 By Help Net Security ESET Research has discovered the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. Researchers believe this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in […]

React to this headline:

Loading spinner

ESET researchers analyze first UEFI bootkit for Linux systems Read More »

QScanner: Linux command-line utility for scanning container images, conducting SCA

containers, Don't miss, Hot stuff, Linux, News, Qualys, scanning /

QScanner: Linux command-line utility for scanning container images, conducting SCA 2024-11-27 at 08:02 By Help Net Security QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible with diverse container orchestration systems, container runtimes, and operating systems. QScanner features Instant console results: Scan for vulnerabilities

React to this headline:

Loading spinner

QScanner: Linux command-line utility for scanning container images, conducting SCA Read More »

Choosing the right secure messaging app for your organization

Application Security, Artificial Intelligence, attacks, automation, cybersecurity, Don't miss, Encryption, Features, Hot stuff, messaging, News, opinion, Rakuten Viber /

Choosing the right secure messaging app for your organization 2024-11-27 at 07:18 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, including encryption, privacy standards, and ease of integration. Shnell also covers the need for a multi-layered approach to

React to this headline:

Loading spinner

Choosing the right secure messaging app for your organization Read More »

Zero-day data security

cloud security, cybersecurity, Deep Instinct, Don't miss, Hot stuff, Video /

Zero-day data security 2024-11-27 at 07:18 By Help Net Security In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defenses are falling short. He talks about the rise of zero-day data security and the need for organizations to stop attacks before they

React to this headline:

Loading spinner

Zero-day data security Read More »

Researchers reveal exploitable flaws in corporate VPN clients

AmberWolf, CVE, Don't miss, Hot stuff, macOS, News, Palo Alto Networks, SonicWall, VPN, vulnerability, Windows /

Researchers reveal exploitable flaws in corporate VPN clients 2024-11-26 at 17:33 By Zeljka Zorz Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App on

React to this headline:

Loading spinner

Researchers reveal exploitable flaws in corporate VPN clients Read More »

Black Friday shoppers targeted with thousands of fraudulent online stores

consumer, Don't miss, fraud, holidays, Hot stuff, Netcraft, News, online shopping, Retail /

Black Friday shoppers targeted with thousands of fraudulent online stores 2024-11-26 at 13:33 By Zeljka Zorz Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product listings to perfect

React to this headline:

Loading spinner

Black Friday shoppers targeted with thousands of fraudulent online stores Read More »

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

0-day, APT, backdoor, Don't miss, ESET, exploit, Firefox, Hot stuff, News, Russian Federation, Windows /

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed

React to this headline:

Loading spinner

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

How to recognize employment fraud before it becomes a security issue

cybercrime, cybersecurity, Don't miss, Expert analysis, Expert corner, fraud, Hot stuff, News, Nisos, opinion /

How to recognize employment fraud before it becomes a security issue 2024-11-26 at 07:39 By Help Net Security The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. Motivations for this

React to this headline:

Loading spinner

How to recognize employment fraud before it becomes a security issue Read More »

Practical strategies to build an inclusive culture in cybersecurity

Acronis, awareness, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, strategy, tips /

Practical strategies to build an inclusive culture in cybersecurity 2024-11-26 at 07:03 By Mirko Zorz In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades,

React to this headline:

Loading spinner

Practical strategies to build an inclusive culture in cybersecurity Read More »

Domain security posture of Forbes Global 2000 companies

CSC, cybersecurity, DMARC, Don't miss, Hot stuff, human error, phishing, Video /

Domain security posture of Forbes Global 2000 companies 2024-11-26 at 06:34 By Help Net Security In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-performing industries based on

React to this headline:

Loading spinner

Domain security posture of Forbes Global 2000 companies Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Microsoft asks Windows Insiders to try out the controversial Recall feature

Artificial Intelligence, data security, Don't miss, endpoint management, enterprise, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft asks Windows Insiders to try out the controversial Recall feature 2024-11-25 at 16:33 By Zeljka Zorz Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We heard

React to this headline:

Loading spinner

Microsoft asks Windows Insiders to try out the controversial Recall feature Read More »

AI Kuru, cybersecurity and quantum computing

Artificial Intelligence, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Qrypt, quantum computing /

AI Kuru, cybersecurity and quantum computing 2024-11-25 at 08:13 By Help Net Security As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control

React to this headline:

Loading spinner

AI Kuru, cybersecurity and quantum computing Read More »

Overcoming legal and organizational challenges in ethical hacking

Artificial Intelligence, cybersecurity, Don't miss, Features, hacking, Hackrate, Hot stuff, News, open source, opinion, penetration testing, regulation, skill development, strategy, tips /

Overcoming legal and organizational challenges in ethical hacking 2024-11-25 at 07:33 By Mirko Zorz In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability detection

React to this headline:

Loading spinner

Overcoming legal and organizational challenges in ethical hacking Read More »

Assessing AI risks before implementation

Artificial Intelligence, Don't miss, generative AI, Hot stuff, LLMs, risk, SANS, Video /

Assessing AI risks before implementation 2024-11-25 at 06:33 By Help Net Security In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms. Without adequately assessing and understanding the risks accompanying AI integration, organizations will not be able to harness

React to this headline:

Loading spinner

Assessing AI risks before implementation Read More »

The limits of AI-based deepfake detection

Artificial Intelligence, cybersecurity, deepfakes, Don't miss, Features, Hot stuff, News, opinion, Reality Defender, social engineering /

The limits of AI-based deepfake detection 2024-11-22 at 08:03 By Mirko Zorz In this Help Net Security interview, Ben Colman, CEO of Reality Defender, discusses the challenges of detecting high-quality deepfakes in real-world applications. He addresses the effectiveness and limitations of watermarking, AI-based detection, and the potential of emerging technologies in securing media authenticity. Colman

React to this headline:

Loading spinner

The limits of AI-based deepfake detection Read More »

Why the NIS2 Directive causes growing pains for businesses

Coro, cyber resilience, cybersecurity, Don't miss, EU, Hot stuff, regulation, Video /

Why the NIS2 Directive causes growing pains for businesses 2024-11-22 at 07:48 By Help Net Security In this Help Net Security video, Dror Liwer, co-founder of Coro, discusses how the EU’s NIS2, its latest security directive for businesses, officially became enforceable recently. This means EU companies face more demanding requirements for internal cyber resilience strategies

React to this headline:

Loading spinner

Why the NIS2 Directive causes growing pains for businesses Read More »

Active network of North Korean IT front companies exposed

China, Don't miss, Hot stuff, Insider Threat, News, North Korea, Palo Alto Networks, SentinelOne, software development, tips, USA /

Active network of North Korean IT front companies exposed 2024-11-21 at 16:18 By Zeljka Zorz An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front

React to this headline:

Loading spinner

Active network of North Korean IT front companies exposed Read More »

2,000 Palo Alto Networks devices compromised in latest attacks

CVE, Don't miss, enterprise, firewall, Hot stuff, India, News, Palo Alto Networks, Shadowserver, USA /

2,000 Palo Alto Networks devices compromised in latest attacks 2024-11-21 at 13:27 By Zeljka Zorz Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and

React to this headline:

Loading spinner

2,000 Palo Alto Networks devices compromised in latest attacks Read More »

Researchers unearth two previously unknown Linux backdoors

APT, backdoor, cybersecurity, Don't miss, ESET, Hot stuff, Linux, Malware, News, threat, VirusTotal /

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

Scroll to Top