Is an open-source AI vulnerability next? 2024-05-16 at 08:31 By Help Net Security AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications finding their way onto our devices and […]
React to this headline:
Is an open-source AI vulnerability next? Read More »
OWASP dep-scan: Open-source security and risk audit tool 2024-05-16 at 08:01 By Mirko Zorz OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and
React to this headline:
OWASP dep-scan: Open-source security and risk audit tool Read More »
Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb 2024-05-16 at 07:01 By Help Net Security A study by PageFair revealed that ad blocker usage surged by 30% in 2016 alone, reflecting a growing public concern for privacy and uninterrupted browsing. Fast-forward to today, and the numbers are even more dramatic. According to Forbes, Americans
React to this headline:
Product showcase: Block ads, cookie pop-ups, trackers with CleanWeb Read More »
The critical role of IT staffing in strengthening cybersecurity 2024-05-16 at 06:01 By Help Net Security Many organizations lack adequate IT staffing to combat cyber threats. A comprehensive approach to cybersecurity requires more than technical solutions. It involves the right staff with the unique expertise necessary to recognize and prevent potential threats. This makes IT
React to this headline:
The critical role of IT staffing in strengthening cybersecurity Read More »
How attackers deliver malware to Foxit PDF Reader users 2024-05-15 at 16:31 By Zeljka Zorz Threat actors are taking advantage of the flawed design of Foxit PDF Reader’s alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns using malicious PDF files that
React to this headline:
How attackers deliver malware to Foxit PDF Reader users Read More »
Core security measures to strengthen privacy and data protection programs 2024-05-15 at 08:01 By Mirko Zorz As privacy laws evolve globally, organizations face increasing complexity in adapting their data protection strategies to stay compliant. In this Help Net Security interview, Kabir Barday, CEO at OneTrust, emphasizes that embracing privacy by design enables organizations to navigate
React to this headline:
Core security measures to strengthen privacy and data protection programs Read More »
Ransomware statistics that reveal alarming rate of cyber extortion 2024-05-15 at 07:01 By Help Net Security In this article, you will find excerpts from various reports that offer statistics and insights about the current ransomware landscape. Global ransomware crisis worsens NTT Security Holdings | 2024 Global Threat Intelligence Report | May 2024 Ransomware and extortion
React to this headline:
Ransomware statistics that reveal alarming rate of cyber extortion Read More »
Key questions to ask when tailoring defensive stacks 2024-05-15 at 06:31 By Help Net Security In this Help Net Security video, Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber, outlines the questions you need to ask your security team when tailoring a defense stack against your current threat landscape. Small talks about what
React to this headline:
Key questions to ask when tailoring defensive stacks Read More »
May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that
React to this headline:
Apple backports iOS zero-day patch, adds Bluetooth tracker alert 2024-05-14 at 16:32 By Zeljka Zorz Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has
React to this headline:
Apple backports iOS zero-day patch, adds Bluetooth tracker alert Read More »
How a GRC consultant passed the CISSP exam in six weeks 2024-05-14 at 08:01 By Help Net Security Ask any IT security professional which certification they would consider to be the “gold standard” in terms of prestige, credibility, or difficulty, and almost invariably they will answer: the CISSP. If an organization is seeking some peace
React to this headline:
How a GRC consultant passed the CISSP exam in six weeks Read More »
Tailoring responsible AI: Defining ethical guidelines for industry-specific use 2024-05-14 at 07:01 By Mirko Zorz In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations,
React to this headline:
Tailoring responsible AI: Defining ethical guidelines for industry-specific use Read More »
Are you meeting your cyber insurance requirements? 2024-05-14 at 06:31 By Help Net Security Cyber insurance policies are specifically designed to offer financial protection to organizations in the face of cyber attacks, data breaches, or other cybersecurity incidents. While they can provide a sense of security, it’s crucial to be aware of their limitations. In
React to this headline:
Are you meeting your cyber insurance requirements? Read More »
Black Basta target orgs with new social engineering campaign 2024-05-13 at 15:46 By Zeljka Zorz Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory
React to this headline:
Black Basta target orgs with new social engineering campaign Read More »
Red teaming: The key ingredient for responsible AI 2024-05-13 at 08:31 By Help Net Security Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements. Organizations attempting to balance
React to this headline:
Red teaming: The key ingredient for responsible AI Read More »
Establishing a security baseline for open source projects 2024-05-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects, aiming
React to this headline:
Establishing a security baseline for open source projects Read More »
How AI affects vulnerability management in open-source software 2024-05-13 at 07:01 By Help Net Security In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the
React to this headline:
How AI affects vulnerability management in open-source software Read More »
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap
React to this headline:
Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact 2024-05-10 at 08:46 By Help Net Security The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed
React to this headline:
May 2024 Patch Tuesday forecast: A reminder of recent threats and impact Read More »
How secure is the “Password Protection” on your files and drives? 2024-05-10 at 08:31 By Help Net Security People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel
React to this headline:
How secure is the “Password Protection” on your files and drives? Read More »