Defining a holistic GRC strategy 2024-04-09 at 06:31 By Help Net Security End-user spending on security and risk management will total $215 billion in 2024, according to Gartner. In this Help Net Security video, Nicholas Kathmann, CISO at LogicGate, discusses why companies are turning to a holistic GRC strategy. Businesses often consider GRC a “necessary […]
React to this headline:
Defining a holistic GRC strategy Read More »
XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat
React to this headline:
XZ Utils backdoor: Detection tools, scripts, rules Read More »
92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive
React to this headline:
April 2024 Patch Tuesday forecast: New and old from Microsoft 2024-04-08 at 08:31 By Help Net Security This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw
React to this headline:
April 2024 Patch Tuesday forecast: New and old from Microsoft Read More »
How can the energy sector bolster its resilience to ransomware attacks? 2024-04-08 at 08:01 By Help Net Security Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions
React to this headline:
How can the energy sector bolster its resilience to ransomware attacks? Read More »
WiCyS: A champion for a more diverse cybersecurity workforce 2024-04-08 at 07:31 By Zeljka Zorz In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different stages of their cybersecurity journey. WiCyS (pronounced Wee-Sis) is an organization dedicated to advancing the
React to this headline:
WiCyS: A champion for a more diverse cybersecurity workforce Read More »
How malicious email campaigns continue to slip through the cracks 2024-04-08 at 07:01 By Help Net Security In this Help Net Security video, Josh Bartolomie, VP of Global Threat Services at Cofense, discusses how email will remain a target as long as it remains the predominant form of communication within a business. Cofense researchers have
React to this headline:
How malicious email campaigns continue to slip through the cracks Read More »
Cybercriminal adoption of browser fingerprinting 2024-04-05 at 08:01 By Help Net Security Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now
React to this headline:
Cybercriminal adoption of browser fingerprinting Read More »
How manual access reviews might be weakening your defenses 2024-04-05 at 06:31 By Help Net Security As businesses evolve, they often experience changes in roles, partnerships, and staff turnover. This dynamic can result in improper access to data and resources. Such mismanagement leads to superfluous expenses from excessive software licensing fees and heightens the risk
React to this headline:
How manual access reviews might be weakening your defenses Read More »
Omni Hotels suffer prolonged IT outage due to cyberattack 2024-04-04 at 17:32 By Zeljka Zorz Texas-based Omni Hotels & Resorts has been responding to a cyberattack that started last Friday, which resulted in the unavailability of many of its IT systems. According to people staying at some of the 50 properties the company operates across
React to this headline:
Omni Hotels suffer prolonged IT outage due to cyberattack Read More »
Ivanti vows to transform its security operating model, reveals new vulnerabilities 2024-04-04 at 16:02 By Zeljka Zorz Ivanti has released patches for new DoS vulnerabilities affecting Ivanti Connect Secure (SSL VPN solution) and Ivanti Policy Secure (NAC solution), some of which could also lead to execution of arbitrary code or information disclosure. Also, three months
React to this headline:
Ivanti vows to transform its security operating model, reveals new vulnerabilities Read More »
Six steps for security and compliance in AI-enabled low-code/no-code development 2024-04-04 at 08:02 By Help Net Security AI is quickly transforming how individuals create their own apps, copilots, and automations. This is enabling organizations to improve output and increase efficiency—all without adding to the burden of IT and the help desk. But while this transformation
React to this headline:
Six steps for security and compliance in AI-enabled low-code/no-code development Read More »
Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning 2024-04-04 at 07:31 By Mirko Zorz Mantis is an open-source command-line framework that automates asset discovery, reconnaissance, and scanning. You input a top-level domain, and it identifies associated assets, such as subdomains and certificates. Mantis features The framework conducts reconnaissance on active assets and completes its
React to this headline:
Mantis: Open-source framework that automates asset discovery, reconnaissance, scanning Read More »
Healthcare’s cyber resilience under siege as attacks multiply 2024-04-04 at 07:01 By Mirko Zorz In this Help Net Security interview, Eric Demers, CEO of Madaket Health, discusses prevalent cyber threats targeting healthcare organizations. He highlights challenges in protecting patient data due to infrastructure limitations and the role of employee awareness in preventing insider threats. Demers
React to this headline:
Healthcare’s cyber resilience under siege as attacks multiply Read More »
Strengthening defenses against nation-state and for-profit cyber attacks 2024-04-04 at 06:32 By Help Net Security There is an urgent need to secure tactical, operational, and strategic critical assets from the edge to the core. In this Help Net Security video, Geoffrey Mattson, CEO of Xage Security, discusses the steps enterprises and critical infrastructure must take
React to this headline:
Strengthening defenses against nation-state and for-profit cyber attacks Read More »
A “cascade” of errors let Chinese hackers into US government inboxes 2024-04-03 at 16:46 By Zeljka Zorz Microsoft still doesn’t known how Storm-0558 attackers managed to steal the Microsoft Services Account cryptographic key they used to forge authentication tokens needed to access email accounts belonging to US government officials. “The stolen 2016 MSA key in
React to this headline:
A “cascade” of errors let Chinese hackers into US government inboxes Read More »
NVD: NIST is working on longer-term solutions 2024-04-03 at 13:17 By Zeljka Zorz The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards and Technology
React to this headline:
NVD: NIST is working on longer-term solutions Read More »
How Google plans to make stolen session cookies worthless for attackers 2024-04-03 at 08:31 By Zeljka Zorz Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers
React to this headline:
How Google plans to make stolen session cookies worthless for attackers Read More »
Location tracking and the battle for digital privacy 2024-04-03 at 08:01 By Help Net Security While some online privacy issues can be subtle and difficult to understand, location tracking is very simple – and very scary. Perhaps nothing reveals more about who we are and what we do than a detailed map of all the
React to this headline:
Location tracking and the battle for digital privacy Read More »
Cybersecurity jobs available right now: April 3, 2024 2024-04-03 at 07:31 By Mirko Zorz Cyber Security Manager Charterhouse Middle East | UAE | On-site – View job details The Cyber Security Manager will identify and address potential security issues, define access privileges, implement control structures, and conduct periodic audits. In addition, you’ll also contribute to
React to this headline:
Cybersecurity jobs available right now: April 3, 2024 Read More »