Hot stuff

Meta introduces default end-to-end encryption for Messenger and Facebook

Don't miss, Encryption, Facebook, Facebook Messenger, Hot stuff, Instagram, messaging, Meta, News /

Meta introduces default end-to-end encryption for Messenger and Facebook 08/12/2023 at 15:01 By Helga Labus Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person sending the […]

React to this headline:

Loading spinner

Meta introduces default end-to-end encryption for Messenger and Facebook Read More »

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

Apache Struts, Don't miss, Hot stuff, News, security update, vulnerability, web application security /

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) 08/12/2023 at 15:01 By Zeljka Zorz The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file

React to this headline:

Loading spinner

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) Read More »

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

apple, CISA, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday /

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance 08/12/2023 at 09:02 By Mirko Zorz The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious

React to this headline:

Loading spinner

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance Read More »

Aim for a modern data security approach

ALTR, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk /

Aim for a modern data security approach 08/12/2023 at 08:32 By Help Net Security Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data only

React to this headline:

Loading spinner

Aim for a modern data security approach Read More »

Short-term AWS access tokens allow attackers to linger for a longer while

access management, Amazon Web Services, authentication, cloud security, Don't miss, Hot stuff, News, Red Canary /

Short-term AWS access tokens allow attackers to linger for a longer while 07/12/2023 at 17:32 By Zeljka Zorz Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an

React to this headline:

Loading spinner

Short-term AWS access tokens allow attackers to linger for a longer while Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Artificial Intelligence, attack, Don't miss, Hot stuff, machine learning, News, research, Robust Intelligence, Yale University /

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

React to this headline:

Loading spinner

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Ransomware in 2024: Anticipated impact, targets, and landscape shift

Black Kite, cybersecurity, digital transformation, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Ransomware, strategy /

Ransomware in 2024: Anticipated impact, targets, and landscape shift 07/12/2023 at 08:32 By Help Net Security As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a

React to this headline:

Loading spinner

Ransomware in 2024: Anticipated impact, targets, and landscape shift Read More »

Using AI and automation to manage human cyber risk

Artificial Intelligence, automation, CultureAI, cybersecurity, Don't miss, Hot stuff, human error, Risk Management, strategy, Video /

Using AI and automation to manage human cyber risk 07/12/2023 at 08:02 By Help Net Security Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee

React to this headline:

Loading spinner

Using AI and automation to manage human cyber risk Read More »

Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian, Atlassian Confluence, BitBucket, Don't miss, Hot stuff, Jira Software, News, security update, vulnerability /

Atlassian fixes four critical RCE vulnerabilities, patch quickly! 06/12/2023 at 18:01 By Helga Labus Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can

React to this headline:

Loading spinner

Atlassian fixes four critical RCE vulnerabilities, patch quickly! Read More »

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Adobe ColdFusion, CISA, Don't miss, exploit, Government, Hot stuff, News, vulnerability /

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data

React to this headline:

Loading spinner

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows /

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

React to this headline:

Loading spinner

Microsoft will offer extended security updates for Windows 10 Read More »

21 high-risk vulnerabilities in OT/IoT routers found

Don't miss, Forescout, Hot stuff, Internet of Things, News, open source, Sierra Wireless, software, vulnerability /

21 high-risk vulnerabilities in OT/IoT routers found 06/12/2023 at 12:53 By Help Net Security Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra

React to this headline:

Loading spinner

21 high-risk vulnerabilities in OT/IoT routers found Read More »

Three security data predictions for 2024

Comcast, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, GRC, Hot stuff, News, opinion, PCI DSS, regulation, SIEM /

Three security data predictions for 2024 06/12/2023 at 08:32 By Help Net Security How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber

React to this headline:

Loading spinner

Three security data predictions for 2024 Read More »

5 open-source tools for pentesting Kubernetes you should check out

Don't miss, GitHub, Hot stuff, Kubernetes, News, open source, penetration testing, software /

5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments

React to this headline:

Loading spinner

5 open-source tools for pentesting Kubernetes you should check out Read More »

Why zero-trust segmentation is critical for cloud resilience

Cloud, cybersecurity, data, Don't miss, Hot stuff, Illumio, strategy, Video, zero trust /

Why zero-trust segmentation is critical for cloud resilience 06/12/2023 at 07:31 By Help Net Security Nearly all organizations rely on the cloud to store sensitive data and run critical systems. But for many, cloud security hasn’t kept up. 93% agree that zero-trust segmentation is essential to their cloud security strategy. In this Help Net Security

React to this headline:

Loading spinner

Why zero-trust segmentation is critical for cloud resilience Read More »

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, OffSec, open source, penetration testing /

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:

React to this headline:

Loading spinner

Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397)

APT, cyber espionage, Don't miss, Email, EU, Hot stuff, Microsoft, Microsoft Exchange, News, Outlook, vulnerability /

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining

React to this headline:

Loading spinner

Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »

SessionProbe: Open-source multi-threaded pentesting tool

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and

React to this headline:

Loading spinner

SessionProbe: Open-source multi-threaded pentesting tool Read More »

How AI is revolutionizing “shift left” testing in API security

API security, Application Security, Artificial Intelligence, Cequence Security, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion /

How AI is revolutionizing “shift left” testing in API security 05/12/2023 at 08:33 By Help Net Security Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for

React to this headline:

Loading spinner

How AI is revolutionizing “shift left” testing in API security Read More »

Advanced ransomware campaigns expose need for AI-powered cyber defense

Artificial Intelligence, attacks, cybersecurity, Deep Instinct, Don't miss, Features, Hot stuff, machine learning, News, opinion, Ransomware, skill development, SOC /

Advanced ransomware campaigns expose need for AI-powered cyber defense 05/12/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and

React to this headline:

Loading spinner

Advanced ransomware campaigns expose need for AI-powered cyber defense Read More »

Scroll to Top