Hot stuff

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

CVE, Don't miss, email security, Hot stuff, News, Roundcube, security update, SonarSource, vulnerability /

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European […]

React to this headline:

Loading spinner

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

Don't miss, Finite State, Forescout, hardware, Hot stuff, Internet of Things, News, patching, report, router, survey, vulnerability assessment /

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware 2024-08-07 at 09:16 By Help Net Security Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components

React to this headline:

Loading spinner

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware Read More »

Sports venues must vet their vendors to maintain security

cyberattacks, cybersecurity, DDoS, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, strategy, supply chain, Verizon /

Sports venues must vet their vendors to maintain security 2024-08-07 at 07:31 By Help Net Security Sporting events generate a lot of consumer activity, from hotels and restaurants to retail. Large sporting events are held together by webs of connectivity that include vendors, sponsors, employees, and consumers. These networks connect ticketing, merchandising, venue access, live

React to this headline:

Loading spinner

Sports venues must vet their vendors to maintain security Read More »

RustScan: Open-source port scanner

Docker, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

RustScan: Open-source port scanner 2024-08-07 at 07:01 By Help Net Security RustScan is an open-source port scanner designed for speed and versatility. It combines a sleek interface with the power to adapt and improve over time. With RustScan’s Adaptive Learning, the tool continually optimizes its performance, making it the most efficient port scanner available. Discover

React to this headline:

Loading spinner

RustScan: Open-source port scanner Read More »

Breaking down FCC’s proposal to strengthen BGP security

BGP, cybersecurity, Don't miss, Features, Hot stuff, ISP, Kentik, network, News, opinion, Risk Management, security standard /

Breaking down FCC’s proposal to strengthen BGP security 2024-08-07 at 06:31 By Mirko Zorz In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC’s proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation (ROV), and addresses concerns about the impact on smaller ISPs and the global

React to this headline:

Loading spinner

Breaking down FCC’s proposal to strengthen BGP security Read More »

Ransomware gang targets IT workers with new RAT maquerading as IP scanner

Don't miss, enterprise, Hot stuff, News, Quorum Cyber, Ransomware, Remote Access Trojan /

Ransomware gang targets IT workers with new RAT maquerading as IP scanner 2024-08-06 at 16:31 By Zeljka Zorz Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming language, is delivered through a typosquatting domain impersonating the legitimate tool Angry IP

React to this headline:

Loading spinner

Ransomware gang targets IT workers with new RAT maquerading as IP scanner Read More »

ITSM concerns when integrating new AI services

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, InvGate, ITSM, LLMs, News, opinion /

ITSM concerns when integrating new AI services 2024-08-06 at 07:31 By Help Net Security Let’s talk about a couple of recent horror stories. Late last year, a Chevrolet dealership deployed a chatbot powered by a large language model (LLM) on their homepage. This LLM, trained with detailed specifications of Chevrolet vehicles, was intended to respond

React to this headline:

Loading spinner

ITSM concerns when integrating new AI services Read More »

Scaling data security solutions: What you need to know

Bedrock Security, Compliance, cybersecurity, data, Data Protection, Don't miss, Features, framework, Hot stuff, News, opinion /

Scaling data security solutions: What you need to know 2024-08-06 at 07:01 By Mirko Zorz In this Help Net Security interview, Bruno Kurtic, President and CEO at Bedrock Security, discusses the role of data visibility in enhancing cybersecurity. He explains that effective data visibility involves discovering, classifying, and contextualizing data, which helps organizations understand and

React to this headline:

Loading spinner

Scaling data security solutions: What you need to know Read More »

Whitepaper: Tools to tackle the multicloud environment

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

Whitepaper: Tools to tackle the multicloud environment 2024-08-06 at 05:46 By Help Net Security Implementing multicloud solutions is becoming increasingly paramount for organizations seeking to drive their business forward in the coming years. As a result, the role of cloud security is evolving. Cloud providers often use different security models with varying responsibilities and compliance

React to this headline:

Loading spinner

Whitepaper: Tools to tackle the multicloud environment Read More »

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

Apache OFBiz, CVE, Don't miss, enterprise, Hot stuff, News, open source, SonicWall, vulnerability /

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) 2024-08-05 at 16:47 By Zeljka Zorz CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource

React to this headline:

Loading spinner

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

APT, cyber espionage, DNS, Don't miss, ESET, Hot stuff, ISP, Malware, News, supply chain compromise, Symantec, Volexity /

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

The role of AI in cybersecurity operations

Artificial Intelligence, cybersecurity, Don't miss, Dropzone AI, Expert analysis, Expert corner, Hot stuff, News, opinion, SOC /

The role of AI in cybersecurity operations 2024-08-05 at 08:01 By Help Net Security Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which

React to this headline:

Loading spinner

The role of AI in cybersecurity operations Read More »

How to start your cybersecurity career: Expert tips and guidance

Aspiron Search, BH Consulting, Brian Honan, cybersecurity, DigitSec, Don't miss, Features, Hot stuff, how-to, Infoedge, News, opinion, skill development, strategy, tips /

How to start your cybersecurity career: Expert tips and guidance 2024-08-05 at 07:31 By Mirko Zorz As businesses strive to protect their data and privacy, the demand for skilled cybersecurity professionals continues to grow. This article provides expert advice to help you navigate the early stages of your cybersecurity career, offering practical tips and insights.

React to this headline:

Loading spinner

How to start your cybersecurity career: Expert tips and guidance Read More »

MISP: Open-source threat intelligence and sharing platform

Don't miss, GitHub, Hot stuff, malware analysis, News, open source, SIEM, software, Threat Intelligence /

MISP: Open-source threat intelligence and sharing platform 2024-08-05 at 07:01 By Help Net Security MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis. MISP is designed by and for cybersecurity, ICT professionals, and malware reversers to support their daily

React to this headline:

Loading spinner

MISP: Open-source threat intelligence and sharing platform Read More »

How life sciences companies use AI to fill the cybersecurity skills gap

Artificial Intelligence, Code42, cybersecurity, Don't miss, Hot stuff, skill development, Video /

How life sciences companies use AI to fill the cybersecurity skills gap 2024-08-05 at 06:31 By Help Net Security In this Help Net Security video, Beth Miller, Field CISO at Code42, highlights a significant trend: 73% of life sciences companies turn to AI to address the cybersecurity skills gap, surpassing adoption rates in other industries.

React to this headline:

Loading spinner

How life sciences companies use AI to fill the cybersecurity skills gap Read More »

Threat intelligence: A blessing and a curse?

automation, cybersecurity, Cyware, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Threat Intelligence /

Threat intelligence: A blessing and a curse? 2024-08-01 at 07:31 By Help Net Security Access to timely and accurate threat intelligence is now core to security operations for many organizations. Today, it seems that security teams are blessed with an abundance of data and intelligence feeds to choose from. However, selecting the right information from

React to this headline:

Loading spinner

Threat intelligence: A blessing and a curse? Read More »

Why CISOs face greater personal liability

CISO, communication, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Insurance, News, opinion, Veritas Technologies /

Why CISOs face greater personal liability 2024-08-01 at 07:01 By Mirko Zorz In this Help Net Security interview, Christos Tulumba, CISO at Veritas Technologies, discusses the key factors contributing to increased personal liability risks for CISOs. These risks are driven by heightened cybersecurity threats, evolving regulations, and increased public awareness of security breaches. Tulumba also

React to this headline:

Loading spinner

Why CISOs face greater personal liability Read More »

Practical strategies to mitigate risk and secure SAP environments

cybersecurity, Don't miss, Hot stuff, Onapsis, Video /

Practical strategies to mitigate risk and secure SAP environments 2024-08-01 at 06:31 By Help Net Security Large companies use ERP applications to manage business processes, including payroll and financial planning. This is precisely why bad actors are taking a renewed interest in these legacy systems – and succeeding. In this Help Net Security video, JP

React to this headline:

Loading spinner

Practical strategies to mitigate risk and secure SAP environments Read More »

Microsoft: DDoS defense error amplified attack on Azure, leading to outage

botnet, DDoS, Don't miss, Hot stuff, Microsoft, Microsoft 365, Microsoft Azure, News /

Microsoft: DDoS defense error amplified attack on Azure, leading to outage 2024-07-31 at 13:46 By Zeljka Zorz A DDoS attack that started on Tuesday has made a number of Microsoft Azure and Microsoft 365 services temporarily inaccessible, the company has confirmed. Microsoft’s mitigation statement on the Azure status history page Microsoft Azure, 365 outage triggered

React to this headline:

Loading spinner

Microsoft: DDoS defense error amplified attack on Azure, leading to outage Read More »

What CISOs need to keep CEOs (and themselves) out of jail

CEO, CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, monitoring, News, opinion, security controls /

What CISOs need to keep CEOs (and themselves) out of jail 2024-07-31 at 07:32 By Help Net Security Former Uber CISO Joe Sullivan, who was convicted for attempting to cover up a data breach Uber suffered in 2016, recently posited that in the very near future, CEOs might find themselves held directly responsible for cybersecurity

React to this headline:

Loading spinner

What CISOs need to keep CEOs (and themselves) out of jail Read More »

Scroll to Top