Hot stuff

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office […]

React to this headline:

Loading spinner

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io /

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

React to this headline:

Loading spinner

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

Reinforcement learning is the path forward for AI integration into cybersecurity

Artificial Intelligence, CISO, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Groupe SEB, Hot stuff, machine learning, News, opinion, predictions, SOC /

Reinforcement learning is the path forward for AI integration into cybersecurity 2024-03-26 at 08:01 By Help Net Security AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify

React to this headline:

Loading spinner

Reinforcement learning is the path forward for AI integration into cybersecurity Read More »

Strengthening critical infrastructure cybersecurity is a balancing act

access control, attacks, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, information sharing, News, opinion, regulation, resilience, strategy, zero trust /

Strengthening critical infrastructure cybersecurity is a balancing act 2024-03-26 at 07:31 By Mirko Zorz In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’ unique

React to this headline:

Loading spinner

Strengthening critical infrastructure cybersecurity is a balancing act Read More »

How threat intelligence data maximizes business operations

cybersecurity, data, Don't miss, Hot stuff, Intel 471, Threat Intelligence, Video /

How threat intelligence data maximizes business operations 2024-03-26 at 07:02 By Help Net Security Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a new

React to this headline:

Loading spinner

How threat intelligence data maximizes business operations Read More »

Scammers steal millions from FTX, BlockFi claimants

Cryptocurrency, Cryptocurrency Exchange, Don't miss, Hot stuff, News, phishing, scams /

Scammers steal millions from FTX, BlockFi claimants 2024-03-25 at 14:56 By Zeljka Zorz Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for the scam

React to this headline:

Loading spinner

Scammers steal millions from FTX, BlockFi claimants Read More »

APT29 hit German political parties with bogus invites and malware

Don't miss, Germany, Hot stuff, Malware, Mandiant, News, phishing, Russian Federation, Zscaler /

APT29 hit German political parties with bogus invites and malware 2024-03-25 at 11:46 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations

React to this headline:

Loading spinner

APT29 hit German political parties with bogus invites and malware Read More »

20 essential open-source cybersecurity tools that save you time

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

20 essential open-source cybersecurity tools that save you time 2024-03-25 at 08:01 By Mirko Zorz Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of

React to this headline:

Loading spinner

20 essential open-source cybersecurity tools that save you time Read More »

How immersive AI transforms skill development

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, machine learning, Pluralsight, Privacy, sandbox, skill development, Video /

How immersive AI transforms skill development 2024-03-25 at 07:01 By Help Net Security Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Principal Generative AI Author

React to this headline:

Loading spinner

How immersive AI transforms skill development Read More »

US organizations targeted with emails delivering NetSupport RAT

Don't miss, Hot stuff, Malware, News, Perception Point, phishing, Remote Access Trojan, social engineering /

US organizations targeted with emails delivering NetSupport RAT 2024-03-22 at 15:08 By Helga Labus Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a

React to this headline:

Loading spinner

US organizations targeted with emails delivering NetSupport RAT Read More »

Attackers are targeting financial departments with SmokeLoader malware

Don't miss, finance, Government, Hot stuff, Malware, News, Palo Alto Networks, phishing, spear-phishing, Ukraine /

Attackers are targeting financial departments with SmokeLoader malware 2024-03-22 at 08:31 By Helga Labus Financially motivated hackers have been leveraging SmokeLoader malware in a series of phishing campaigns predominantly targeting Ukrainian government and administration organizations. The phishing campaign The Ukrainian SSSCIP State Cyber Protection Center (SCPC), together with the Palo Alto Networks Unit 42 research

React to this headline:

Loading spinner

Attackers are targeting financial departments with SmokeLoader malware Read More »

Shadow AI is the latest cybersecurity threat you need to prepare for

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, opinion, risk, shadow IT, Snow Software /

Shadow AI is the latest cybersecurity threat you need to prepare for 2024-03-22 at 08:01 By Help Net Security Shadow IT – the use of software, hardware, systems and services that haven’t been approved by an organization’s IT/IT Sec departments – has been a problem for the last couple of decades, and a difficult area

React to this headline:

Loading spinner

Shadow AI is the latest cybersecurity threat you need to prepare for Read More »

Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking

book, cybersecurity, cybersecurity jobs, Don't miss, Hot stuff, Security Innovation, Video /

Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking 2024-03-22 at 07:01 By Help Net Security In this Help Net Security video, Ed Adams, president and CEO of Security Innovation, discusses his new book See Yourself in Cyber: Security Careers Beyond Hacking. The book, published by Wiley, explores the breadth and depth

React to this headline:

Loading spinner

Inside the book – See Yourself in Cyber: Security Careers Beyond Hacking Read More »

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity

React to this headline:

Loading spinner

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

Fake data breaches: Countering the damage

Cato Networks, CISO, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, threats /

Fake data breaches: Countering the damage 2024-03-21 at 08:01 By Help Net Security Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have stolen data

React to this headline:

Loading spinner

Fake data breaches: Countering the damage Read More »

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs 2024-03-21 at 07:31 By Mirko Zorz WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process, specifically

React to this headline:

Loading spinner

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs Read More »

Using cloud development environments to secure source code

Cloud, code, Coder, cybersecurity, DevOps, Don't miss, Hot stuff, programming, software development, Video /

Using cloud development environments to secure source code 2024-03-21 at 07:01 By Help Net Security In this Help Net Security video, Rob Whiteley, CEO at Coder, discusses the cloud development environment (CDE) technology landscape and its benefits. From the earliest stages of writing code to deploying finalized applications, CDEs are reimagining the developer experience, gaining

React to this headline:

Loading spinner

Using cloud development environments to secure source code Read More »

Secrets sprawl: Protecting your critical secrets

Don't miss, GitGuardian, Hot stuff, News /

Secrets sprawl: Protecting your critical secrets 2024-03-21 at 06:31 By Help Net Security Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As the undisputed

React to this headline:

Loading spinner

Secrets sprawl: Protecting your critical secrets Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

React to this headline:

Loading spinner

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

RaaS groups increasing efforts to recruit affiliates

cybercrime, cybercriminals, dark web, Don't miss, GuidePoint Security, Hot stuff, News, Ransomware, research /

RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the

React to this headline:

Loading spinner

RaaS groups increasing efforts to recruit affiliates Read More »

Scroll to Top