Whitepaper: Securing GenAI 2024-10-22 at 05:48 By Help Net Security The ultimate guide to AI security: key AI security risks, vulnerabilities and strategies for protection. 61% of companies use AI, but few secure it. This whitepaper covers the key AI risks being overlooked from LLMs to RAG. Inside the Securing GenAI whitepaper: GenAI attack surface […]
React to this headline:
Whitepaper: Securing GenAI Read More »
Fortinet releases patches for undisclosed critical FortiManager vulnerability 2024-10-21 at 16:48 By Zeljka Zorz In the last couple of days, Fortinet has released critical security updates for FortiManager, to fix a critical vulnerability that is reportedly being exploited by Chinese threat actors. Security updates are trickling out The company, which is known for pushing out
React to this headline:
Fortinet releases patches for undisclosed critical FortiManager vulnerability Read More »
The Internet Archive breach continues 2024-10-21 at 12:46 By Zeljka Zorz Cybersecurity troubles are not over for the Internet Archive (IA), the nonprofit organization behind the popular digital library site: after the recent DDoS attacks, defacement and data breach, an email sent via its Zendesk customer service platform has shown that some of its IT
React to this headline:
The Internet Archive breach continues Read More »
Building secure AI with MLSecOps 2024-10-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Ian Swanson, CEO of Protect AI, discusses the concept of “secure AI by design.” By adopting frameworks like Machine Learning Security Operations (MLSecOps) and focusing on transparency, organizations can build resilient AI systems that are both safe and
React to this headline:
Building secure AI with MLSecOps Read More »
Evolving cybercriminal tactics targeting SMBs 2024-10-21 at 07:01 By Help Net Security A recent Todyl report revealed a 558% increase in BEC (Business Email Compromise), AiTM (Adversary-in-the-Middle), and ATO (Account Takeover) attacks in 2024. In this Help Net Security video, David Langlands, Chief Security Officer at Todyl, discusses these evolving cyber threats. Here are the
React to this headline:
Evolving cybercriminal tactics targeting SMBs Read More »
Microsoft lost some customers’ cloud security logs 2024-10-18 at 16:46 By Zeljka Zorz Microsoft has lost several weeks of cloud security logs that its customers rely on to spot cyber intrusions. What happened As reported by Business Insider earlier this month, Microsoft privately notified affected customers of this incident and told them the failure was
React to this headline:
Microsoft lost some customers’ cloud security logs Read More »
Israeli orgs targeted with wiper malware via ESET-branded emails 2024-10-18 at 13:32 By Zeljka Zorz Attackers have tried to deliver wiper malware to employees at organizations across Israel by impersonating cybersecurity company ESET via email. The phishing email The attack took the form of a phishing email ostensibly sent by the “Eset Advanced Threat Defense
React to this headline:
Israeli orgs targeted with wiper malware via ESET-branded emails Read More »
Arrested: USDoD, Anonymous Sudan, SEC X account hacker 2024-10-18 at 12:22 By Zeljka Zorz Law enforcement agencies have arrested suspects involved in cyber attacks claimed by USDoD and Anonymous Sudan, as well as a person involved in the hacking of SEC’s X (Twitter) account. USDoD On Wednesday, the Brazilian federal police (Policia Federal) arrested a
React to this headline:
Arrested: USDoD, Anonymous Sudan, SEC X account hacker Read More »
Fake Google Meet pages deliver infostealers 2024-10-17 at 14:47 By Zeljka Zorz Users of the Google Meet video communication service have been targeted by cyber crooks using the ClickFix tactic to infect them with information-stealing malware. Fake Google Meet video conference page with malicious ClickFix pop-up (Source: Sekoia) “The ClickFix tactic deceives users into downloading
React to this headline:
Fake Google Meet pages deliver infostealers Read More »
The role of compromised cyber-physical devices in modern cyberattacks 2024-10-17 at 11:46 By Zeljka Zorz Cyber-physical devices are increasingly getting compromised and leveraged by criminal groups and state-sponsored threat actors. Fyodor Yarochkin, Senior Threat Solution Architect with Trend Micro, believes that getting a better understanding of attackers’ infrastructure leads to a better understanding of the
React to this headline:
The role of compromised cyber-physical devices in modern cyberattacks Read More »
GhostStrike: Open-source tool for ethical hacking 2024-10-17 at 07:31 By Mirko Zorz GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process hollowing, to stealthily evade detection on Windows systems, making it an asset for penetration testing and security assessments. “I decided to develop
React to this headline:
GhostStrike: Open-source tool for ethical hacking Read More »
How NIS2 will impact sectors from healthcare to energy 2024-10-17 at 07:02 By Mirko Zorz In this Help Net Security interview, Mick Baccio, Global Security Advisor at Splunk SURGe, discusses the far-reaching implications of the NIS2 Directive beyond traditional IT security. He explains how NIS2 will fundamentally change cybersecurity governance, making it a core aspect
React to this headline:
How NIS2 will impact sectors from healthcare to energy Read More »
AI data collection under fire 2024-10-17 at 06:32 By Help Net Security A recent Cohesity report found that consumers are highly concerned about the information companies collect from them – especially when it`s used for artificial intelligence – with consumers prepared to punish companies by switching providers for any loss of trust. In this Help
React to this headline:
AI data collection under fire Read More »
Defenders must adapt to shrinking exploitation timelines 2024-10-16 at 15:16 By Zeljka Zorz A new report from Mandiant reveals that the average time-to-exploit vulnerabilities before or after a patch is released has plunged to just five days in 2023, down from 32 days in 2021 in 2022. One reason for this is the fact that,
React to this headline:
Defenders must adapt to shrinking exploitation timelines Read More »
Resilience over reliance: Preparing for IT failures in an unpredictable digital world 2024-10-16 at 07:31 By Help Net Security No IT system — no matter how advanced – is completely immune to failure. The promise of a digital ring of steel may sound attractive, but can it protect you against hardware malfunctions? Software bugs? Unexpected
React to this headline:
Resilience over reliance: Preparing for IT failures in an unpredictable digital world Read More »
Strengthening Kubernetes security posture with these essential steps 2024-10-16 at 07:01 By Mirko Zorz In this Help Net Security interview, Paolo Mainardi, CTO at SparkFabrik, discusses comprehensive strategies to secure Kubernetes environments from development through deployment. He focuses on best practices, automation, and continuous monitoring. Many security risks in Kubernetes originate from vulnerable container images.
React to this headline:
Strengthening Kubernetes security posture with these essential steps Read More »
Attackers deploying red teaming tool for EDR evasion 2024-10-15 at 17:16 By Zeljka Zorz Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The software, which is intended for red teaming, is being abused to “silence” EDR solutions. It works by leveraging
React to this headline:
Attackers deploying red teaming tool for EDR evasion Read More »
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the
React to this headline:
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »
The NHI management challenge: When employees leave 2024-10-15 at 08:01 By Help Net Security An employee is exiting your organization. Regardless of the terms of departure, an ex-staffer has the potential when they leave or change roles to impact a wide range of non-human identities, digital credentials, and other secrets. Those secrets include the credentials
React to this headline:
The NHI management challenge: When employees leave Read More »
How nation-states exploit political instability to launch cyber operations 2024-10-15 at 07:37 By Mirko Zorz In this Help Net Security interview, Ismael Valenzuela, Vice President of Threat Research & Intelligence at BlackBerry, discusses the impact of geopolitical tensions on the frequency and sophistication of cyberattacks. He explains how nation-states and politically motivated groups exploit unrest
React to this headline:
How nation-states exploit political instability to launch cyber operations Read More »