Hot stuff

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112)

0-day, Action1, Automox, CVE, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Patch Tuesday, security update, Trend Micro, virtualization, vulnerability, Windows /

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a […]

React to this headline:

Loading spinner

Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack

Don't miss, FreeRADIUS, Hot stuff, InkBridge Networks, networking, News, vulnerability /

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.

React to this headline:

Loading spinner

Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »

Chinese APT40 group swifly leverages public PoC exploits

APT, Australia, China, CISA, Don't miss, Hot stuff, News, PoC, web application, web shell /

Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda

React to this headline:

Loading spinner

Chinese APT40 group swifly leverages public PoC exploits Read More »

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella

attacks, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Mercury Risk And Compliance, News, opinion, regulation, risk, strategy /

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella 2024-07-09 at 07:31 By Help Net Security Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with

React to this headline:

Loading spinner

Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella Read More »

Exploring the root causes of the cybersecurity skills gap

Artificial Intelligence, automation, certificates, cybersecurity, Don't miss, education, Features, Hot stuff, News, opinion, skill development, Skillsoft, training /

Exploring the root causes of the cybersecurity skills gap 2024-07-09 at 07:01 By Mirko Zorz In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy

React to this headline:

Loading spinner

Exploring the root causes of the cybersecurity skills gap Read More »

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices

Compliance, cyber risk, cybersecurity, Don't miss, Endor Labs, Hot stuff, how-to, News, strategy, tips, Video /

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices 2024-07-09 at 06:31 By Help Net Security Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff Research Engineer at Endor Labs, discusses why it causes issues and how

React to this headline:

Loading spinner

Shadow engineering exposed: Addressing the risks of unauthorized engineering practices Read More »

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack

APT, data breach, Don't miss, enterprise, Hot stuff, Microsoft, News, TeamViewer /

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated

React to this headline:

Loading spinner

TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released

Avast, decryptor, Don't miss, Hot stuff, News, Ransomware /

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released 2024-07-08 at 13:01 By Zeljka Zorz A cryptographic weakness in the DoNex ransomware and its previous incarnations – Muse, fake LockBit 3.0, and DarkRace – has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. DoNex ransom note (Source:

React to this headline:

Loading spinner

Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released Read More »

How nation-state cyber attacks disrupt public services and undermine citizen trust

Broadcom, critical infrastructure, cyberattacks, cybersecurity, Don't miss, Features, Government, Hot stuff, News, opinion, public sector, Threat Intelligence /

How nation-state cyber attacks disrupt public services and undermine citizen trust 2024-07-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for

React to this headline:

Loading spinner

How nation-state cyber attacks disrupt public services and undermine citizen trust Read More »

Monocle: Open-source LLM for binary analysis search

Don't miss, GitHub, Hot stuff, LLMs, machine learning, News, open source, software /

Monocle: Open-source LLM for binary analysis search 2024-07-08 at 06:31 By Help Net Security Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile

React to this headline:

Loading spinner

Monocle: Open-source LLM for binary analysis search Read More »

4 key steps to building an incident response plan

Blumira, Cloud, Compliance, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, resilience, strategy /

4 key steps to building an incident response plan 2024-07-04 at 07:01 By Mirko Zorz In this Help Net Security interview, Mike Toole, head of security and IT at Blumira, discusses the components of an effective security incident response strategy and how they work together to ensure organizations can address cybersecurity issues. What are the

React to this headline:

Loading spinner

4 key steps to building an incident response plan Read More »

Maintaining human oversight in AI-enhanced software development

Artificial Intelligence, automation, code, cybersecurity, DevOps, Don't miss, Features, generative AI, Harness, Hot stuff, News, opinion, software development /

Maintaining human oversight in AI-enhanced software development 2024-07-03 at 07:31 By Mirko Zorz In this Help Net Security, Martin Reynolds, Field CTO at Harness, discusses how AI can enhance the security of software development and deployment. However, increased reliance on AI-generated code introduces new risks, requiring human oversight and integrated security practices to ensure safe

React to this headline:

Loading spinner

Maintaining human oversight in AI-enhanced software development Read More »

Secator: Open-source pentesting Swiss army knife

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

Secator: Open-source pentesting Swiss army knife 2024-07-03 at 07:01 By Help Net Security Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers. Secator features Curated list of commands Unified input options Unified

React to this headline:

Loading spinner

Secator: Open-source pentesting Swiss army knife Read More »

Leveraging no-code automation for efficient network operations

automation, cybersecurity, Don't miss, Features, Hot stuff, NetBrain Technologies, network, network management, News, opinion /

Leveraging no-code automation for efficient network operations 2024-07-02 at 07:32 By Mirko Zorz In this Help Net Security interview, Lingping Gao, CEO at NetBrain, discusses the challenges NetOps teams face in maintaining production services due to outdated processes and growing infrastructures. No-code automation has the potential to address these challenges by allowing engineers to automate

React to this headline:

Loading spinner

Leveraging no-code automation for efficient network operations Read More »

The impossibility of “getting ahead” in cyber defense

Artificial Intelligence, Blancco Technology Group, cyber resilience, cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion /

The impossibility of “getting ahead” in cyber defense 2024-07-02 at 07:01 By Help Net Security As a security professional, it can be tempting to believe that with sufficient resources we can achieve of state of parity, or even relative dominance, over cyber attackers. After all, if we got to an ideal state – fully staffed

React to this headline:

Loading spinner

The impossibility of “getting ahead” in cyber defense Read More »

Inside the minds of CISOs

Bugcrowd, CISO, cybersecurity, Don't miss, Hot stuff, News, strategy, tips, Video /

Inside the minds of CISOs 2024-07-02 at 06:31 By Help Net Security In this Help Net Security video, Nick McKenzie, CISO of Bugcrowd, discusses the key findings from their recent report, which comes at a crucial time as security leaders’ roles are being discussed more with the current risk landscape and the increasing need to

React to this headline:

Loading spinner

Inside the minds of CISOs Read More »

Why every company needs a DDoS response plan

attacks, cybercriminals, cybersecurity, DDoS, Don't miss, Features, Government, Hot stuff, Netscout, News, opinion, strategy, Threat Intelligence /

Why every company needs a DDoS response plan 2024-07-01 at 08:02 By Mirko Zorz In this Help Net Security interview, Richard Hummel, Senior Threat Intelligence Manager at NETSCOUT, discusses how companies can overcome the challenges of identifying and mitigating DDoS attacks. He stresses the need for adaptive, multilayered defense strategies and the inevitability of a

React to this headline:

Loading spinner

Why every company needs a DDoS response plan Read More »

Product showcase: Protect digital identities with Swissbit’s iShield Key Pro

authentication, Compliance, cybersecurity, Don't miss, Hot stuff, identity, News, Swissbit, Token /

Product showcase: Protect digital identities with Swissbit’s iShield Key Pro 2024-07-01 at 07:01 By Help Net Security In today’s fast-paced business world, protecting digital identities and optimizing daily workflows are crucial. The iShield Key Pro series from Swissbit addresses these challenges by offering top-notch security combined with effortless usability. Let’s delve into how the iShield

React to this headline:

Loading spinner

Product showcase: Protect digital identities with Swissbit’s iShield Key Pro Read More »

Preparing for Q-Day as NIST nears approval of PQC standards

CISO, cybersecurity, data security, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, Lastwall, News, opinion, quantum computing, standards, threats /

Preparing for Q-Day as NIST nears approval of PQC standards 2024-07-01 at 06:32 By Help Net Security Q-Day—the day when a cryptographically relevant quantum computer can break most forms of modern encryption—is fast approaching, leaving the complex systems our societies rely on vulnerable to a new wave of cyberattacks. While estimates just a few years

React to this headline:

Loading spinner

Preparing for Q-Day as NIST nears approval of PQC standards Read More »

Leveraging AI and automation for enhanced security operations

Artificial Intelligence, automation, cyber resilience, cybersecurity, Don't miss, Features, Hot stuff, Kyndryl, MSP, News, opinion, security operations, strategy /

Leveraging AI and automation for enhanced security operations 2024-06-28 at 07:01 By Mirko Zorz In this Help Net Security interview, Michelle Weston, VP of Security & Resiliency at Kyndryl, discusses the key challenges in security operations and how to address them. The top issues are increasing cyber resilience risks, changing regulatory conditions, and implementing emerging

React to this headline:

Loading spinner

Leveraging AI and automation for enhanced security operations Read More »

Scroll to Top