Hot stuff

8+ US telcos compromised, FBI advises Americans to use encrypted communications

China, Don't miss, Encryption, Hot stuff, News, telecommunications, tips, USA /

8+ US telcos compromised, FBI advises Americans to use encrypted communications 2024-12-05 at 14:24 By Zeljka Zorz FBI and Cybersecurity and Infrastructure Security Agency (CISA) officials have advised Americans to use encrypted call and messaging apps to protect their communications from threat actors that have – and will – burrow into the networks and systems […]

React to this headline:

Loading spinner

8+ US telcos compromised, FBI advises Americans to use encrypted communications Read More »

Preparing for Q-day: The essential role of cloud migration in securing enterprise data

Cloud, cybersecurity, data security, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, Lemongrass, News, opinion, quantum computing /

Preparing for Q-day: The essential role of cloud migration in securing enterprise data 2024-12-05 at 07:34 By Help Net Security As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend

React to this headline:

Loading spinner

Preparing for Q-day: The essential role of cloud migration in securing enterprise data Read More »

How the Shadowserver Foundation helps network defenders with free intelligence feeds

automation, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, network, News, opinion, Shadowserver, Threat Intelligence /

How the Shadowserver Foundation helps network defenders with free intelligence feeds 2024-12-05 at 07:01 By Mirko Zorz In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and

React to this headline:

Loading spinner

How the Shadowserver Foundation helps network defenders with free intelligence feeds Read More »

Building trust in tokenized economies

cybersecurity, Don't miss, Encryption, Hot stuff, tokenization, Video, Zama /

Building trust in tokenized economies 2024-12-05 at 06:49 By Help Net Security As the tokenized economy expands, the digital landscape is reshaped by decentralized systems and new forms of asset ownership. In this Help Net Security video, Jeremy Bradley, COO of Zama, explores the emerging privacy-preserving technologies that can help solve this challenge, focusing on

React to this headline:

Loading spinner

Building trust in tokenized economies Read More »

How widespread is mercenary spyware? More than you think

Don't miss, government-backed attacks, Hot stuff, iVerify, News, nso group, smartphone hacking, spyware /

How widespread is mercenary spyware? More than you think 2024-12-04 at 16:18 By Zeljka Zorz A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat

React to this headline:

Loading spinner

How widespread is mercenary spyware? More than you think Read More »

Product showcase: Securing Active Directory passwords with Specops Password Policy

Active Directory, Don't miss, Hot stuff, News, passwords, policy, Product showcase, Specops Software /

Product showcase: Securing Active Directory passwords with Specops Password Policy 2024-12-04 at 15:03 By Help Net Security Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only

React to this headline:

Loading spinner

Product showcase: Securing Active Directory passwords with Specops Password Policy Read More »

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

CVE, Don't miss, enterprise, exploit, Hot stuff, network monitoring, News, PoC, Progress, Tenable, vulnerability /

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) 2024-12-04 at 13:38 By Zeljka Zorz Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a

React to this headline:

Loading spinner

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) Read More »

SafeLine: Open-source web application firewall (WAF)

Don't miss, firewall, GitHub, Hot stuff, News, open source, software, web application security /

SafeLine: Open-source web application firewall (WAF) 2024-12-04 at 07:38 By Mirko Zorz SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web applications for small and medium-sized enterprises from cyber threats by monitoring and filtering HTTP/HTTPS traffic. More importantly, with the widespread

React to this headline:

Loading spinner

SafeLine: Open-source web application firewall (WAF) Read More »

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks

Artificial Intelligence, Compliance, cybersecurity, data, Don't miss, Features, Hot stuff, News, Noma Security, open source, opinion /

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks 2024-12-04 at 07:21 By Mirko Zorz In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. Braun also shares insights

React to this headline:

Loading spinner

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks Read More »

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

backup, CVE, Don't miss, enterprise, Hot stuff, MSP, News, Veeam Software, vulnerability /

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) 2024-12-03 at 19:48 By Zeljka Zorz Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that

React to this headline:

Loading spinner

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Read More »

Police takes down Matrix encrypted chat service used by criminals

arrest, crime, Encryption, Europe, Europol, France, Hot stuff, law enforcement, News, secure communications /

Police takes down Matrix encrypted chat service used by criminals 2024-12-03 at 17:18 By Zeljka Zorz A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created by criminals. Matrix (Source: Dutch Police) The Matrix encrypted chat service Matrix – also know as Mactrix, Totalsec, X-quantum,

React to this headline:

Loading spinner

Police takes down Matrix encrypted chat service used by criminals Read More »

Phishers send corrupted documents to bypass email security

Any.Run, Don't miss, email security, Hot stuff, MS Office, News, phishing /

Phishers send corrupted documents to bypass email security 2024-12-03 at 14:18 By Zeljka Zorz Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses.

React to this headline:

Loading spinner

Phishers send corrupted documents to bypass email security Read More »

US government, energy sector contractor hit by ransomware

energy sector, Government, Hot stuff, News, Ransomware, USA /

US government, energy sector contractor hit by ransomware 2024-12-03 at 12:15 By Zeljka Zorz ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a

React to this headline:

Loading spinner

US government, energy sector contractor hit by ransomware Read More »

Treat AI like a human: Redefining cybersecurity

Appfire, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, risk assessment, security controls /

Treat AI like a human: Redefining cybersecurity 2024-12-03 at 07:31 By Mirko Zorz In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten

React to this headline:

Loading spinner

Treat AI like a human: Redefining cybersecurity Read More »

Best practices for staying cyber secure during the holidays

cybersecurity, Don't miss, Hot stuff, IoT, Optiv Security, SOC, Threat Intelligence, threats, tips, Video /

Best practices for staying cyber secure during the holidays 2024-12-03 at 07:07 By Help Net Security In this Help Net Security video, Sean Tufts, managing partner for critical infrastructure and operational technology at Optiv, discusses best practices for keeping businesses secure amidst a barrage of threats during the holiday season. Pause large changes in your

React to this headline:

Loading spinner

Best practices for staying cyber secure during the holidays Read More »

The shocking speed of AWS key exploitation

automation, AWS, Clutch Security, credentials, Don't miss, GitHub, Hot stuff, News, security practices /

The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just

React to this headline:

Loading spinner

The shocking speed of AWS key exploitation Read More »

AWS offers incident response service

AWS, enterprise, Hot stuff, Incident Response, News /

AWS offers incident response service 2024-12-02 at 14:15 By Zeljka Zorz Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident Response explained “Security events

React to this headline:

Loading spinner

AWS offers incident response service Read More »

5 reasons to double down on network security

cloud computing, cybersecurity, Don't miss, Endpoint Security, Expert analysis, Expert corner, Hot stuff, network, News, opinion, Stamus Networks, threat detection /

5 reasons to double down on network security 2024-12-02 at 07:33 By Help Net Security Cybersecurity programs have evolved significantly over the past few decades. The advent of cloud computing shattered the conventional corporate perimeter, forcing organizations to update their defense strategies. Today, with the rise of work-from-anywhere and bring-your-own-device (BYOD) policies as well as

React to this headline:

Loading spinner

5 reasons to double down on network security Read More »

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Artificial Intelligence, CNA, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

Scroll to Top