Zscaler swats claims of a significant breach 2024-05-09 at 16:31 By Zeljka Zorz On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”, SSL passkeys […]
React to this headline:
Zscaler swats claims of a significant breach Read More »
CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities
React to this headline:
CISA starts CVE “vulnrichment” program Read More »
Regulators are coming for IoT device security 2024-05-09 at 08:01 By Help Net Security Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their connected
React to this headline:
Regulators are coming for IoT device security Read More »
Why SMBs are facing significant security, business risks 2024-05-09 at 06:31 By Help Net Security In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing more time, attention, and budget in cybersecurity. According to LastPass, these factors
React to this headline:
Why SMBs are facing significant security, business risks Read More »
3 CIS resources to help you drive your cloud cybersecurity 2024-05-09 at 06:01 By Help Net Security In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for
React to this headline:
3 CIS resources to help you drive your cloud cybersecurity Read More »
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same
React to this headline:
Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »
MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect
React to this headline:
MITRE breach details reveal attackers’ successes and failures Read More »
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) 2024-05-08 at 12:16 By Zeljka Zorz Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to
React to this headline:
Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Read More »
The complexities of third-party risk management 2024-05-08 at 06:31 By Help Net Security In this Help Net Security video, Brad Hibbert, Chief Strategy Officer and Chief Operating Officer for Prevalent, discusses five interesting findings from a recent industry study on third-party risk management and what he thinks they mean for cybersecurity professionals and their companies’
React to this headline:
The complexities of third-party risk management Read More »
LockBit leader unmasked: US charges Russian national 2024-05-07 at 18:33 By Zeljka Zorz Russian national Dmitry Khoroshev is “LockBitSupp”, the creator, developer and administator of the infamous LockBit ransomware group, according to UK, US and Australia law enforcement agencies. The US Justice Deparment has unsealed charges against Khoroshev and the US Department of the Treasury’s
React to this headline:
LockBit leader unmasked: US charges Russian national Read More »
Ransomware operations are becoming less profitable 2024-05-07 at 14:01 By Zeljka Zorz As the number of real (and fake) victims of ransomware gangs continues to rise, the number of ransomware payments is falling, along with the average ransom payment. The reasons behind this decrease are many: increased cyber resilience of organizations (which includes having recoverable
React to this headline:
Ransomware operations are becoming less profitable Read More »
6 tips to implement security gamification effectively 2024-05-07 at 08:01 By Help Net Security There’s not a CISO in the industry who’s not aware of the extremely short median CISO tenure. That’s why the best CISOs are those who constantly seek ways to strengthen their teams. They help members evolve and grow in their roles,
React to this headline:
6 tips to implement security gamification effectively Read More »
Cybercrime stats you can’t ignore 2024-05-07 at 07:31 By Help Net Security In this article, you will find excerpts from various reports that offer stats and insights about the current cybercrime landscape. Behavioral patterns of ransomware groups are changing GuidePoint Security | GRIT Q1 2024 Ransomware Report | April 2024 Q1 2024 resulted in a
React to this headline:
Cybercrime stats you can’t ignore Read More »
The strategic advantages of targeted threat intelligence 2024-05-07 at 07:01 By Help Net Security In this Help Net Security video, Gabi Reish, Chief Business Development and Product Officer at Cybersixgill, discusses the role of threat intelligence in every enterprise’s security stack. Threat intelligence plays a significant role in proactively managing a company’s threat exposure. High-quality
React to this headline:
The strategic advantages of targeted threat intelligence Read More »
BlackBasta claims Synlab attack, leaks some stolen documents 2024-05-06 at 14:16 By Zeljka Zorz The BlackBasta ransomware / cyber extortion gang is behind the recent cyber attack that resulted in the temporary shutdown of operations at Synlab Italia. The group claimed the attack on their leak site on Saturday and says they have exfiltrated approximately
React to this headline:
BlackBasta claims Synlab attack, leaks some stolen documents Read More »
Strategies for preventing AI misuse in cybersecurity 2024-05-06 at 08:01 By Mirko Zorz As organizations increasingly adopt AI, they face unique challenges in updating AI models to keep pace with evolving threats while ensuring seamless integration into existing cybersecurity frameworks. In this Help Net Security interview, Pukar Hamal, CEO at SecurityPal, discusses the integration of
React to this headline:
Strategies for preventing AI misuse in cybersecurity Read More »
How to prepare for the CISSP exam: Tips from industry leaders 2024-05-06 at 07:31 By Mirko Zorz The Certified Information Systems Security Professional (CISSP) is the most widely recognized certification in the information security industry. CISSP certifies that an information security professional possesses extensive technical and managerial expertise for designing, engineering, and managing an organization’s
React to this headline:
How to prepare for the CISSP exam: Tips from industry leaders Read More »
eBook: CISSP fundamentals in focus 2024-05-06 at 05:31 By Help Net Security From the technical tools that help manage access control to non-technical skills like collaboration, learn about the fundamentals required in cybersecurity – and how CISSP guides you with the knowledge and skills you need to succeed. Inside the eBook: The Many Sides of
React to this headline:
eBook: CISSP fundamentals in focus Read More »
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps 2024-05-03 at 17:16 By Zeljka Zorz Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary
React to this headline:
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps Read More »
Microsoft, Google widen passkey support for its users 2024-05-03 at 14:46 By Zeljka Zorz Since 2013, the first Thursday in May is marked as World Password Day, a day dedicated to raising awareness about the need for using strong, unique passwords to secure out digital lives. Despite decades of often-repeated statements proclaiming the death of
React to this headline:
Microsoft, Google widen passkey support for its users Read More »