Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes 2024-09-10 at 22:46 By Zeljka Zorz September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, CVE-2024-43461) exploited by attackers in the wild, and a Windows 10 code defect […]
React to this headline:
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) 2024-09-10 at 15:31 By Zeljka Zorz The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting SonicWall’s firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming it is being actively exploited by attackers. Though the
React to this headline:
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766) Read More »
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) 2024-09-10 at 12:02 By Zeljka Zorz Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability (CVE-2024-6342). About CVE-2024-6342 Zyxel NAS devices are generally used by small to medium-sized businesses (SMBs) for data
React to this headline:
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342) Read More »
Tech stack uniformity has become a systemic vulnerability 2024-09-10 at 07:31 By Help Net Security Crashes due to faulty updates are nothing new; in fact, one reason IT teams often delay updates is their unreliability and tendency to disrupt the organization’s day-to-day operations. Zero-days are also an old phenomenon. In the past, due to a
React to this headline:
Tech stack uniformity has become a systemic vulnerability Read More »
How human-led threat hunting complements automation in detecting cyber threats 2024-09-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Shane Cox, Director, Cyber Fusion Center at MorganFranklin Consulting, discusses the evolving methodologies and strategies in threat hunting and explains how human-led approaches complement each other to form a robust defense. Cox also
React to this headline:
How human-led threat hunting complements automation in detecting cyber threats Read More »
33 open-source cybersecurity solutions you didn’t know you needed 2024-09-10 at 06:31 By Help Net Security Open-source cybersecurity tools provide transparency and flexibility, allowing users to examine and customize the source code to fit specific security needs. These tools make cybersecurity accessible to a broader range of organizations and individuals. In this article, you will
React to this headline:
33 open-source cybersecurity solutions you didn’t know you needed Read More »
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711) 2024-09-09 at 14:46 By Zeljka Zorz CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and reported by Code WHite researcher Florian Hauser, the vulnerability can be leveraged for
React to this headline:
AI cybersecurity needs to be as multi-layered as the system it’s protecting 2024-09-09 at 08:01 By Help Net Security Cybercriminals are beginning to take advantage of the new malicious options that large language models (LLMs) offer them. LLMs make it possible to upload documents with hidden instructions that are executed by connected system components. This
React to this headline:
AI cybersecurity needs to be as multi-layered as the system it’s protecting Read More »
OpenZiti: Secure, open-source networking for your applications 2024-09-09 at 07:33 By Mirko Zorz OpenZiti is a free, open-source project that embeds zero-trust networking principles directly into applications. Example of an OpenZiti overlay network OpenZiti features “We created OpenZiti to transform how people think about connectivity. While OpenZiti is a zero-trust networking platform, you can also
React to this headline:
OpenZiti: Secure, open-source networking for your applications Read More »
Best practices for implementing the Principle of Least Privilege 2024-09-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Umaimah Khan, CEO of Opal Security, shares her insights on implementing the Principle of Least Privilege (PoLP). She discusses best practices for effective integration, benefits for operational efficiency and audit readiness, and how to
React to this headline:
Best practices for implementing the Principle of Least Privilege Read More »
Phishing in focus: Disinformation, election and identity fraud 2024-09-09 at 06:34 By Help Net Security The frequency of phishing attacks is rising as attackers increasingly utilize AI to execute more scams than ever before. In this Help Net Security video, Abhilash Garimella, Head Of Research at Bolster, discusses how phishing scams are now being hosted
React to this headline:
Phishing in focus: Disinformation, election and identity fraud Read More »
Exposed: Russian military Unit 29155 does digital sabotage, espionage 2024-09-06 at 17:01 By Zeljka Zorz The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff Main Intelligence Directorate (GRU) – which they deem resposible for the 2022
React to this headline:
Exposed: Russian military Unit 29155 does digital sabotage, espionage Read More »
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) 2024-09-06 at 13:02 By Zeljka Zorz For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to unauthenticated remote code execution. About CVE-2024-45195 Apache OFBiz is an open-source suite
React to this headline:
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) Read More »
September 2024 Patch Tuesday forecast: Downgrade is the new exploit 2024-09-06 at 08:16 By Help Net Security I asked for a calm August 2024 Patch Tuesday in last month’s forecast article and that came to pass. The updates released were limited to the regular operating systems and all forms of Office applications. Six zero-day vulnerabilities
React to this headline:
September 2024 Patch Tuesday forecast: Downgrade is the new exploit Read More »
Human firewalls are essential to keeping SaaS environments safe 2024-09-06 at 08:01 By Help Net Security Businesses run on SaaS solutions: nearly every business function relies on multiple cloud-based tech platforms and collaborative work tools like Slack, Google Workspace apps, Jira, Zendesk and others. We recently surveyed security leaders and CISOs on top data security
React to this headline:
Human firewalls are essential to keeping SaaS environments safe Read More »
Microchip Technology confirms theft of employee data 2024-09-05 at 12:31 By Zeljka Zorz US-based semiconductor manufacturer Microchip Technology has confirmed that the cyberattack it suffered in August 2024 resulted in the theft of data, including “employee contact information and some encrypted and hashed passwords.” The breach was claimed later that month by the Play ransomware
React to this headline:
Microchip Technology confirms theft of employee data Read More »
The future of automotive cybersecurity: Treating vehicles as endpoints 2024-09-05 at 07:31 By Zeljka Zorz The automotive industry is facing many of the same cybersecurity risks and threats that successful organizations in other sectors are up against, but it’s also battling some distinct ones. In this Help Net Security interview, Josh Smith, Principal Threat Analyst
React to this headline:
The future of automotive cybersecurity: Treating vehicles as endpoints Read More »
How to gamify cybersecurity preparedness 2024-09-05 at 07:01 By Help Net Security Organizations’ preparedness and resilience against threats isn’t keeping pace with cybercriminals’ advancements. Some CEOs still believe that cybersecurity requires episodic intervention rather than ongoing attention. That isn’t the reality for many companies; cyber threat preparedness requires a concerted training effort, so cybersecurity teams
React to this headline:
How to gamify cybersecurity preparedness Read More »
North Korean hackers’ social engineering tricks 2024-09-04 at 15:31 By Zeljka Zorz “North Korean malicious cyber actors conducted research on a variety of targets connected to cryptocurrency exchange-traded funds (ETFs) over the last several months,” the FBI has warned through a public service announcement. This suggests that they are likely to target companies associated with
React to this headline:
North Korean hackers’ social engineering tricks Read More »
Vulnerability allows Yubico security keys to be cloned 2024-09-04 at 13:31 By Zeljka Zorz Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacker would need
React to this headline:
Vulnerability allows Yubico security keys to be cloned Read More »