Hot stuff

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

CVE, Don't miss, Hot stuff, Midnight Blue, NAS, News, security update, Synology, vulnerability /

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at […]

React to this headline:

Loading spinner

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

Hiring guide: Key skills for cybersecurity researchers

cybersecurity, cybersecurity jobs, Don't miss, Features, Hot stuff, News, professional, skill development, strategy, tips /

Hiring guide: Key skills for cybersecurity researchers 2024-11-04 at 07:33 By Mirko Zorz In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers,

React to this headline:

Loading spinner

Hiring guide: Key skills for cybersecurity researchers Read More »

Whispr: Open-source multi-vault secret injection tool

AWS, Azure, Don't miss, GitHub, Hot stuff, News, open source, software /

Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe

React to this headline:

Loading spinner

Whispr: Open-source multi-vault secret injection tool Read More »

Cybersecurity in crisis: Are we ready for what’s coming?

Corpay, cybersecurity, Don't miss, Hot stuff, strategy, Video /

Cybersecurity in crisis: Are we ready for what’s coming? 2024-11-04 at 06:35 By Help Net Security In this Help Net Security video, James Edgar, CISO at Corpay, reveals insights into cybersecurity health, concerns, challenges, and other considerations for building a solid defense program. Key insights revealed in Corpay’s 2024 State of Business Cybersecurity Report: 67%

React to this headline:

Loading spinner

Cybersecurity in crisis: Are we ready for what’s coming? Read More »

How open-source MDM solutions simplify cross-platform device management

cybersecurity, Don't miss, Features, Fleet, framework, Hot stuff, mobile devices, News, open source, opinion, security standard, strategy /

How open-source MDM solutions simplify cross-platform device management 2024-11-01 at 07:33 By Mirko Zorz In this Help Net Security interview, Mike McNeil, CEO at Fleet, talks about the security risks posed by unmanaged mobile devices and how mobile device management (MDM) solutions help address them. He also discusses employee resistance to MDM and how open-source

React to this headline:

Loading spinner

How open-source MDM solutions simplify cross-platform device management Read More »

Google on scaling differential privacy across nearly three billion devices

CISO, cybersecurity, Don't miss, Encryption, Features, Google, Hot stuff, how-to, News, opinion, Privacy, strategy, tips /

Google on scaling differential privacy across nearly three billion devices 2024-10-31 at 15:03 By Mirko Zorz In this Help Net Security interview, Miguel Guevara, Product Manager, Privacy Safety and Security at Google, discusses the complexities involved in scaling differential privacy technology across large systems. He emphasizes the need to develop secure, private, and user-controlled products

React to this headline:

Loading spinner

Google on scaling differential privacy across nearly three billion devices Read More »

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups

Cryptocurrency, cybercrime, Don't miss, Hot stuff, JavaScript, News, supply chain compromise /

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups 2024-10-31 at 14:38 By Zeljka Zorz A supply chain compromise involving Lottie Player, a widely used web component for playing site and app animations, has made popular decentralized finance apps show pop-ups urging users to connect their wallets, TradingView has reported. The pop-up (Source:

React to this headline:

Loading spinner

Lottie Player supply chain compromise: Sites, apps showing crypto scam pop-ups Read More »

North Korean hackers pave the way for Play ransomware

Don't miss, enterprise, Hot stuff, initial access broker, News, North Korea, Palo Alto Networks, Ransomware /

North Korean hackers pave the way for Play ransomware 2024-10-31 at 12:49 By Zeljka Zorz North Korean state-sponsored hackers – Jumpy Pisces, aka Andariel, aka Onyx Sleet – have been spotted burrowing into enterprise systems, then seemingly handing matters over to the Play ransomware group. Timeline of the attack (Source: Palo Alto Networks) The attack

React to this headline:

Loading spinner

North Korean hackers pave the way for Play ransomware Read More »

IoT needs more respect for its consumers, creations, and itself

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Nabto, News, opinion, Privacy, smart home /

IoT needs more respect for its consumers, creations, and itself 2024-10-31 at 07:58 By Help Net Security Yet again, connected devices are in the news for all the wrong reasons. In October, security researchers found that robot vacuums from Chinese company, Ecovacs, can be compromised via a backdoor. In one case, hackers gained control over

React to this headline:

Loading spinner

IoT needs more respect for its consumers, creations, and itself Read More »

How agentic AI handles the speed and volume of modern threats

Artificial Intelligence, automation, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Seven AI /

How agentic AI handles the speed and volume of modern threats 2024-10-31 at 07:08 By Mirko Zorz In this Help Net Security interview, Lior Div, CEO at Seven AI, discusses the concept of agentic AI and its application in cybersecurity. He explains how it differs from traditional automated security systems by offering greater autonomy and

React to this headline:

Loading spinner

How agentic AI handles the speed and volume of modern threats Read More »

Why cyber tools fail SOC teams

cybersecurity, Don't miss, Hot stuff, SOC, threat detection, Vectra, Video /

Why cyber tools fail SOC teams 2024-10-31 at 06:34 By Help Net Security A recent Vectra AI report highlights a growing distrust of threat detection tools. 47% of respondents note they do not trust their tools to work the way they need them to. Moreover, 60% of SOC practitioners say security vendors flood them with

React to this headline:

Loading spinner

Why cyber tools fail SOC teams Read More »

Ransomware hits web hosting servers via vulnerable CyberPanel instances

CVE, Don't miss, Hot stuff, LeakIX, Linux, News, Ransomware, security update, vulnerability, web hosting /

Ransomware hits web hosting servers via vulnerable CyberPanel instances 2024-10-30 at 16:19 By Zeljka Zorz A threat actor – or possibly several – has hit approximately 22,000 vulnerable instances of CyberPanel and encrypted files on the servers running it with the PSAUX and other ransomware. The PSAUX ransom note (Source: LeakIX) The CyberPanel vulnerabilities CyberPanel

React to this headline:

Loading spinner

Ransomware hits web hosting servers via vulnerable CyberPanel instances Read More »

Product showcase: Shift API security left with StackHawk

API security, Don't miss, Hot stuff, News, Product showcase, StackHawk /

Product showcase: Shift API security left with StackHawk 2024-10-30 at 15:05 By Help Net Security With the proliferation of APIs, and the speed at which AI functionality is helping fuel innovation, a strategic approach for securing APIs is no longer a nice to have, it’s a criticality. Without a proactive approach, your APIs could become

React to this headline:

Loading spinner

Product showcase: Shift API security left with StackHawk Read More »

Russian hackers deliver malicious RDP configuration files to thousands

Amazon, APT, Australia, cyber espionage, Don't miss, Europe, Government, Hot stuff, Japan, Microsoft, News, RDP, Russian Federation, spear-phishing, UK /

Russian hackers deliver malicious RDP configuration files to thousands 2024-10-30 at 12:49 By Zeljka Zorz Midnight Blizzard – a cyber espionage group that has been linked to the Russian Foreign Intelligence Service (SVR) – is targeting government, academia, defense, and NGO workers with phishing emails containing a signed Remote Desktop Protocol (RDP) configuration file. “Based

React to this headline:

Loading spinner

Russian hackers deliver malicious RDP configuration files to thousands Read More »

Risk hunting: A proactive approach to cyber threats

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, Risk Management, vulnerability management, Zscaler /

Risk hunting: A proactive approach to cyber threats 2024-10-30 at 07:34 By Help Net Security Cybersecurity is an overly reactive industry. Too often we act like firefighters, rushing from blaze to blaze, extinguishing flames hoping to keep the damage to a minimum, rather than fire suppression experts designing environments that refuse to burn. Just consider

React to this headline:

Loading spinner

Risk hunting: A proactive approach to cyber threats Read More »

Simplifying decentralized identity systems for everyday use

authentication, credentials, cybersecurity, Don't miss, Features, Hot stuff, identity, News, opinion, Privacy, standards, WatchGuard /

Simplifying decentralized identity systems for everyday use 2024-10-30 at 07:04 By Mirko Zorz In this Help Net Security interview, Carla Roncato, VP of Identity at WatchGuard Technologies, discusses how companies can balance privacy, security, and usability in digital identity systems. She emphasizes modern techniques like biometrics and passkeys to replace knowledge-based authentication methods and highlights

React to this headline:

Loading spinner

Simplifying decentralized identity systems for everyday use Read More »

US charges suspected Redline infostealer developer, admin

Don't miss, ESET, Eurojust, Hot stuff, Justice Department, law enforcement, Malware, News /

US charges suspected Redline infostealer developer, admin 2024-10-29 at 18:22 By Zeljka Zorz The identity of a suspected developer and administrator of the Redline malware-as-a-service operation has been revealed: Russian national Maxim Rudometov. Infrastructure takedown As promised on Monday when they announced the disruption of the Redline and Meta infostealer operations, law enforcement Operation Magnus

React to this headline:

Loading spinner

US charges suspected Redline infostealer developer, admin Read More »

Phishers reach targets via Eventbrite services

Don't miss, Eventbrite, Hot stuff, News, Perception Point, phishing /

Phishers reach targets via Eventbrite services 2024-10-29 at 15:17 By Zeljka Zorz Crooks are leveraging the event management and ticketing website Eventbrite to deliver their phishing emails to potential targets. “Since July, these attacks have increased 25% week over week, resulting in a total growth rate of 900%,” Perception Point researchers say. The phishing emails

React to this headline:

Loading spinner

Phishers reach targets via Eventbrite services Read More »

Patching problems: The “return” of a Windows Themes spoofing vulnerability

0-day, 0patch, ACROS Security, Data leak, Don't miss, Hot stuff, micropatch, News, Windows /

Patching problems: The “return” of a Windows Themes spoofing vulnerability 2024-10-29 at 12:18 By Zeljka Zorz Despite two patching attempts, a security issue that may allow attackers to compromise Windows user’s NTLM (authentication) credentials via a malicious Windows themes file still affects Microsoft’s operating system, 0patch researchers have discovered. The path to discovery The story

React to this headline:

Loading spinner

Patching problems: The “return” of a Windows Themes spoofing vulnerability Read More »

Inside console security: How innovations shape future hardware protection

cybersecurity, Don't miss, exploit, Features, hardware, Hot stuff, News, online gaming, opinion, Sony /

Inside console security: How innovations shape future hardware protection 2024-10-29 at 08:00 By Mirko Zorz In this Help Net Security interview, security researchers Specter and ChendoChap discuss gaming consoles’ unique security model, highlighting how it differs from other consumer devices. They also share their thoughts on how advancements in console security could shape future consumer

React to this headline:

Loading spinner

Inside console security: How innovations shape future hardware protection Read More »

Scroll to Top