Hot stuff

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges

Artificial Intelligence, CNA, CVE, cybersecurity, Don't miss, Features, Hot stuff, MITRE, News, opinion, vulnerability management /

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges 2024-12-02 at 07:12 By Mirko Zorz In this Help Net Security interview, Alec Summers, Project Leader for the CVE Program at MITRE, shares his insights on the 2024 CWE top 25 most dangerous software weaknesses. He discusses the impact of the new methodology that […]

React to this headline:

Loading spinner

Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges Read More »

The effect of compliance requirements on vulnerability management strategies

automation, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management /

The effect of compliance requirements on vulnerability management strategies 2024-11-29 at 07:34 By Mirko Zorz In this Help Net Security interview, Steve Carter, CEO of Nucleus Security, discusses the ongoing challenges in vulnerability management, including prioritizing vulnerabilities and addressing patching delays. Carter also covers compliance requirements and how automation can streamline vulnerability management processes. Why

React to this headline:

Loading spinner

The effect of compliance requirements on vulnerability management strategies Read More »

Modernizing incident response in the AI era

Artificial Intelligence, Bill, Cloud, cybersecurity, Don't miss, Hot stuff, Incident Response, Video /

Modernizing incident response in the AI era 2024-11-29 at 06:32 By Help Net Security In this Help Net Security video, Gourav Nagar, Director of Information Security at Bill, discusses modernizing incident response in the era of AI and the cloud: Why this issue is important for organizations looking to stay ahead of rapidly evolving cyber

React to this headline:

Loading spinner

Modernizing incident response in the AI era Read More »

How the role of observability is changing within organizations

cybersecurity, Don't miss, Hot stuff, network, New Relic, Video /

How the role of observability is changing within organizations 2024-11-28 at 08:12 By Help Net Security In this Help Net Security video, Nic Benders, Chief Technical Strategist at New Relic, discusses the key findings of a recent 2024 Observability Forecast report. The annual survey of 1,700 technology professionals across 16 countries reveals that: IT outages

React to this headline:

Loading spinner

How the role of observability is changing within organizations Read More »

Cybercriminals used a gaming engine to create undetectable malware loader

Check Point, Don't miss, GitHub, Hot stuff, Linux, macOS, Malware, malware detection, News, software development, Windows /

Cybercriminals used a gaming engine to create undetectable malware loader 2024-11-27 at 20:33 By Zeljka Zorz Threat actors are using an ingenious new way for covertly delivering malware to a wide variety of operating systems and platforms: they have created a malware loader that uses Godot Engine, an open-source game engine. The loader – dubbed

React to this headline:

Loading spinner

Cybercriminals used a gaming engine to create undetectable malware loader Read More »

ESET researchers analyze first UEFI bootkit for Linux systems

Don't miss, firmware, Hot stuff, Linux, News, research /

ESET researchers analyze first UEFI bootkit for Linux systems 2024-11-27 at 18:18 By Help Net Security ESET Research has discovered the first UEFI bootkit designed for Linux systems, named Bootkitty by its creators. Researchers believe this bootkit is likely an initial proof of concept, and based on ESET telemetry, it has not been deployed in

React to this headline:

Loading spinner

ESET researchers analyze first UEFI bootkit for Linux systems Read More »

QScanner: Linux command-line utility for scanning container images, conducting SCA

containers, Don't miss, Hot stuff, Linux, News, Qualys, scanning /

QScanner: Linux command-line utility for scanning container images, conducting SCA 2024-11-27 at 08:02 By Help Net Security QScanner is a Linux command-line utility tailored for scanning container images and performing Software Composition Analysis (SCA). It is compatible with diverse container orchestration systems, container runtimes, and operating systems. QScanner features Instant console results: Scan for vulnerabilities

React to this headline:

Loading spinner

QScanner: Linux command-line utility for scanning container images, conducting SCA Read More »

Choosing the right secure messaging app for your organization

Application Security, Artificial Intelligence, attacks, automation, cybersecurity, Don't miss, Encryption, Features, Hot stuff, messaging, News, opinion, Rakuten Viber /

Choosing the right secure messaging app for your organization 2024-11-27 at 07:18 By Mirko Zorz In this Help Net Security interview, Liad Shnell, CTO at Rakuten Viber, discusses what organizations should look for in secure messaging apps, including encryption, privacy standards, and ease of integration. Shnell also covers the need for a multi-layered approach to

React to this headline:

Loading spinner

Choosing the right secure messaging app for your organization Read More »

Zero-day data security

cloud security, cybersecurity, Deep Instinct, Don't miss, Hot stuff, Video /

Zero-day data security 2024-11-27 at 07:18 By Help Net Security In this Help Net Security video, Carl Froggett, CIO of Deep Instinct, discusses the complexities of modern cloud architectures and why current defenses are falling short. He talks about the rise of zero-day data security and the need for organizations to stop attacks before they

React to this headline:

Loading spinner

Zero-day data security Read More »

Researchers reveal exploitable flaws in corporate VPN clients

AmberWolf, CVE, Don't miss, Hot stuff, macOS, News, Palo Alto Networks, SonicWall, VPN, vulnerability, Windows /

Researchers reveal exploitable flaws in corporate VPN clients 2024-11-26 at 17:33 By Zeljka Zorz Researchers have discovered vulnerabilities in the update process of Palo Alto Networks (CVE-2024-5921) and SonicWall (CVE-2024-29014) corporate VPN clients that could be exploited to remotely execute code on users’ devices. CVE-2024-5921 CVE-2024-5921 affects various versions of Palo Alto’s GlobalProtect App on

React to this headline:

Loading spinner

Researchers reveal exploitable flaws in corporate VPN clients Read More »

Black Friday shoppers targeted with thousands of fraudulent online stores

consumer, Don't miss, fraud, holidays, Hot stuff, Netcraft, News, online shopping, Retail /

Black Friday shoppers targeted with thousands of fraudulent online stores 2024-11-26 at 13:33 By Zeljka Zorz Building fake, fraudulent online stores has never been easier: fraudsters are registering domain names for a pittance, using the SHOPYY e-commerce platform to build the websites, and leveraging large language models (LLMs) to rewrite existing product listings to perfect

React to this headline:

Loading spinner

Black Friday shoppers targeted with thousands of fraudulent online stores Read More »

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor

0-day, APT, backdoor, Don't miss, ESET, exploit, Firefox, Hot stuff, News, Russian Federation, Windows /

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor 2024-11-26 at 12:18 By Zeljka Zorz Russia-aligned APT group RomCom was behind attacks that leveraged CVE-2024-9680, a remote code execution flaw in Firefox, and CVE-2024-49039, an elevation of privilege vulnerability in Windows Task Scheduler, as zero-days earlier this year. “Chaining together two zero-day vulnerabilities armed

React to this headline:

Loading spinner

RomCom hackers chained Firefox and Windows zero-days to deliver backdoor Read More »

How to recognize employment fraud before it becomes a security issue

cybercrime, cybersecurity, Don't miss, Expert analysis, Expert corner, fraud, Hot stuff, News, Nisos, opinion /

How to recognize employment fraud before it becomes a security issue 2024-11-26 at 07:39 By Help Net Security The combination of remote work, the latest technologies, and never physically meeting your employees has made it very easy for job applicants to mask their true identities from their employer and commit employment fraud. Motivations for this

React to this headline:

Loading spinner

How to recognize employment fraud before it becomes a security issue Read More »

Practical strategies to build an inclusive culture in cybersecurity

Acronis, awareness, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, strategy, tips /

Practical strategies to build an inclusive culture in cybersecurity 2024-11-26 at 07:03 By Mirko Zorz In this Help Net Security interview, Alona Geckler, Chief of Staff, SVP of Business Operations at Acronis, shares her insights on the diversity environment in the cybersecurity and IT industries. She discusses the progress made over the past two decades,

React to this headline:

Loading spinner

Practical strategies to build an inclusive culture in cybersecurity Read More »

Domain security posture of Forbes Global 2000 companies

CSC, cybersecurity, DMARC, Don't miss, Hot stuff, human error, phishing, Video /

Domain security posture of Forbes Global 2000 companies 2024-11-26 at 06:34 By Help Net Security In this Help Net Security video, Vincent D’Angelo, Global Director of Corporate Development and Strategic Alliances with CSC, analyzes the domain security of the Forbes Global 2000. CSC’s 2024 Domain Security Report analyzes the highest and lowest-performing industries based on

React to this headline:

Loading spinner

Domain security posture of Forbes Global 2000 companies Read More »

Faraway Russian hackers breached US organization via Wi-Fi

APT, brute-force, credentials, Don't miss, enterprise, government-backed attacks, Hot stuff, MFA, News, Russian Federation, wireless /

Faraway Russian hackers breached US organization via Wi-Fi 2024-11-25 at 19:03 By Zeljka Zorz Forest Blizzard, a threat group associated with Russia’s GRU military intelligence service, repeatedly breached a US-based organization via compromised computer systems of nearby firms, which they leveraged to authenticate to the target’s enterprise Wi-Fi network. The repeated attacks Volexity, a company

React to this headline:

Loading spinner

Faraway Russian hackers breached US organization via Wi-Fi Read More »

Microsoft asks Windows Insiders to try out the controversial Recall feature

Artificial Intelligence, data security, Don't miss, endpoint management, enterprise, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft asks Windows Insiders to try out the controversial Recall feature 2024-11-25 at 16:33 By Zeljka Zorz Participants of the Windows Insider Program that have a Qualcomm Snapdragon-powered Copilot+ PC can now try out Recall, the infamous snapshot-taking, AI-powered feature that was met with much criticism when it was unveiled earlier this year. “We heard

React to this headline:

Loading spinner

Microsoft asks Windows Insiders to try out the controversial Recall feature Read More »

AI Kuru, cybersecurity and quantum computing

Artificial Intelligence, cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Qrypt, quantum computing /

AI Kuru, cybersecurity and quantum computing 2024-11-25 at 08:13 By Help Net Security As we continue to delegate more infrastructure operations to artificial intelligence (AI), quantum computers are advancing towards Q-day (i.e., the day when quantum computers can break current encryption methods). This could compromise the security of digital communications, as well as autonomous control

React to this headline:

Loading spinner

AI Kuru, cybersecurity and quantum computing Read More »

Overcoming legal and organizational challenges in ethical hacking

Artificial Intelligence, cybersecurity, Don't miss, Features, hacking, Hackrate, Hot stuff, News, open source, opinion, penetration testing, regulation, skill development, strategy, tips /

Overcoming legal and organizational challenges in ethical hacking 2024-11-25 at 07:33 By Mirko Zorz In this Help Net Security interview, Balázs Pózner, CEO at Hackrate, discusses the essential technical skills for ethical hackers and how they vary across different security domains. He explains how AI and machine learning enhance ethical hacking by streamlining vulnerability detection

React to this headline:

Loading spinner

Overcoming legal and organizational challenges in ethical hacking Read More »

Assessing AI risks before implementation

Artificial Intelligence, Don't miss, generative AI, Hot stuff, LLMs, risk, SANS, Video /

Assessing AI risks before implementation 2024-11-25 at 06:33 By Help Net Security In this Help Net Security video, Frank Kim, SANS Institute Fellow, explains why more enterprises must consider many challenges before implementing advanced technology in their platforms. Without adequately assessing and understanding the risks accompanying AI integration, organizations will not be able to harness

React to this headline:

Loading spinner

Assessing AI risks before implementation Read More »

Scroll to Top