Hot stuff

LastPass users targeted by vishing attackers

Don't miss, Hot stuff, LastPass, Lookout, News, password manager, phishing, vishing /

LastPass users targeted by vishing attackers 2024-04-19 at 13:01 By Zeljka Zorz The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live and start serving […]

React to this headline:

Loading spinner

LastPass users targeted by vishing attackers Read More »

The key pillars of domain security

auditing, CISO, Compliance, CSC, cybercriminals, cybersecurity, Don't miss, Email, Hot stuff, Video /

The key pillars of domain security 2024-04-19 at 07:01 By Help Net Security From branded emails and marketing campaigns to critical protocols, internal portals, and internet traffic, domains are central to digital enterprise operations. They are constantly created for new assets and initiatives. In this Help Net Security video, Mark Flegg, Global Director of Security

React to this headline:

Loading spinner

The key pillars of domain security Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Who owns customer identity?

access control, authentication, Compliance, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, MFA, News, opinion /

Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience,

React to this headline:

Loading spinner

Who owns customer identity? Read More »

Enterprises face significant losses from mobile fraud

Artificial Intelligence, cybersecurity, Don't miss, Enea, fraud, Hot stuff, threats, Video, vishing /

Enterprises face significant losses from mobile fraud 2024-04-18 at 06:31 By Help Net Security A recent Enea survey highlights a worrying trend in enterprise security: Following ChatGPT’s launch, 76% of businesses are inadequately protected against rising AI-driven vishing and smishing threats. In this Help Net Security video, John Hughes, SVP, Head of Network Security Business

React to this headline:

Loading spinner

Enterprises face significant losses from mobile fraud Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

React to this headline:

Loading spinner

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

Thinking outside the code: How the hacker mindset drives innovation

bug bounty, cybersecurity, Don't miss, education, Features, hacker, hacking, Hot stuff, Innovation, News, opinion, skill development, strategy, tips /

Thinking outside the code: How the hacker mindset drives innovation 2024-04-17 at 08:01 By Mirko Zorz Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber Ladies

React to this headline:

Loading spinner

Thinking outside the code: How the hacker mindset drives innovation Read More »

Cybersecurity jobs available right now: April 17, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: April 17, 2024 2024-04-17 at 07:31 By Mirko Zorz Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account management team servicing its clients as cybersecurity representative alongside the Client Executive and the Client Delivery Executive. Cybersecurity Engineer

React to this headline:

Loading spinner

Cybersecurity jobs available right now: April 17, 2024 Read More »

Damn Vulnerable RESTaurant: Open-source API service designed for learning

API security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, skill development /

Damn Vulnerable RESTaurant: Open-source API service designed for learning 2024-04-17 at 07:01 By Mirko Zorz Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where

React to this headline:

Loading spinner

Damn Vulnerable RESTaurant: Open-source API service designed for learning Read More »

Understanding next-level cyber threats

cybercrime, cybersecurity, data breach, Data leak, Don't miss, Email, Hot stuff, identity, passwords, SpyCloud, Video /

Understanding next-level cyber threats 2024-04-17 at 06:31 By Help Net Security In this Help Net Security video, Trevor Hilligoss, VP of SpyCloud Labs, discusses the 2024 SpyCloud Identity Exposure Report, an annual report examining the latest trends in cybercrime and its impact. Researchers recaptured nearly 1.38 billion passwords circulating the darknet in 2023, an 81.5%

React to this headline:

Loading spinner

Understanding next-level cyber threats Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

React to this headline:

Loading spinner

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Cisco Duo provider breached, SMS MFA logs compromised

Cisco, Don't miss, Duo Security, Hot stuff, MFA, MSP, News, social engineering, third party compromise /

Cisco Duo provider breached, SMS MFA logs compromised 2024-04-16 at 18:31 By Zeljka Zorz Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo uses

React to this headline:

Loading spinner

Cisco Duo provider breached, SMS MFA logs compromised Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

5 free red teaming resources to get you started

cybersecurity, Don't miss, GitHub, Hot stuff, how-to, News, red team, strategy, tips /

5 free red teaming resources to get you started 2024-04-16 at 07:32 By Help Net Security Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may include anything from social engineering to physical security breaches to simulate a real-world advanced persistent threat.

React to this headline:

Loading spinner

5 free red teaming resources to get you started Read More »

AI set to enhance cybersecurity roles, not replace them

access control, Artificial Intelligence, Cloud Security Alliance, Compliance, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, opinion, regulation, risk, training /

AI set to enhance cybersecurity roles, not replace them 2024-04-16 at 07:02 By Mirko Zorz In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. AI is seen as empowering rather than replacing

React to this headline:

Loading spinner

AI set to enhance cybersecurity roles, not replace them Read More »

Audio deepfakes: What they are, and the risks they present

Bitdefender, cybersecurity, deepfakes, Don't miss, Hot stuff, Video, voice recognition /

Audio deepfakes: What they are, and the risks they present 2024-04-16 at 06:31 By Help Net Security Audio deepfakes are becoming a big problem. Recent cybercriminal campaigns use voice cloning technology to replicate the speech tone and patterns of celebrities such as Elon Musk, Mr. Beast Tiger Woods, and others and use them for endorsing

React to this headline:

Loading spinner

Audio deepfakes: What they are, and the risks they present Read More »

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

access management, Delinea, Don't miss, enterprise, Hot stuff, News, PoC, privileged accounts, vulnerability, vulnerability disclosure /

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access 2024-04-15 at 14:46 By Zeljka Zorz Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Fixing the Delinea Secret Server

React to this headline:

Loading spinner

A critical vulnerability in Delinea Secret Server allows auth bypass, admin access Read More »

How to protect IP surveillance cameras from Wi-Fi jamming

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Nabto, News, opinion, security cameras, smart home, surveillance, wireless /

How to protect IP surveillance cameras from Wi-Fi jamming 2024-04-15 at 08:02 By Help Net Security Gone are the days of criminals cutting camera wires to evade detection: with the proliferation of affordable internet-connected cameras, burglars must resort to Wi-Fi jamming. Blocking the signal blinds the device and stalls home and business surveillance systems, which

React to this headline:

Loading spinner

How to protect IP surveillance cameras from Wi-Fi jamming Read More »

Geopolitical tensions escalate OT cyber attacks

attacks, CISO, critical infrastructure, cybersecurity, Don't miss, Features, GISEC, Government, Hot stuff, ICS/SCADA, News, opinion, Ransomware, strategy, threats /

Geopolitical tensions escalate OT cyber attacks 2024-04-15 at 07:31 By Mirko Zorz In this Help Net Security interview, Andrew Ginter, VP of Industrial Security at Waterfall Security, discusses operational technology (OT) cyber attacks and their 2024 Threat Report. He examines how global geopolitical tensions and evolving ransomware tactics are reshaping industrial cybersecurity. He sheds light

React to this headline:

Loading spinner

Geopolitical tensions escalate OT cyber attacks Read More »

Exposing the top cloud security threats

Aqua Security, Artificial Intelligence, cloud security, cybersecurity, Don't miss, Hot stuff, threat, Video /

Exposing the top cloud security threats 2024-04-15 at 07:01 By Help Net Security Many companies consider AI-powered threats to be the top cloud security threat to their business. Concerningly, less than half are confident in their ability to tackle those threats, according to a recent Aqua Security survey. In this Help Net Security video, Michal

React to this headline:

Loading spinner

Exposing the top cloud security threats Read More »

Scroll to Top