Why identity fraud costs organizations millions 2024-02-20 at 07:01 By Help Net Security 92% of respondents to a recent report shared that their organization had been a victim of identity fraud, costing an average of $4.3 million over the last 12 months. Even so, only 40% stated identity verification as a top identity challenge, noting […]
React to this headline:
Why identity fraud costs organizations millions Read More »
Balancing “super app” ambitions with privacy 2024-02-19 at 08:31 By Help Net Security When Elon Musk’s ambitions to transform X into an “everything app” were divulged last year, he joined several companies known to be exploring or actively working on developing super apps, suggesting there’s clearly a niche to be filled. In fact, since the
React to this headline:
Balancing “super app” ambitions with privacy Read More »
CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your
React to this headline:
CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »
Inside the strategy of Salesforce’s new Chief Trust Officer 2024-02-19 at 07:32 By Mirko Zorz Recently, Salesforce named Brad Arkin, previously Chief Security & Trust Officer at Cisco, the company’s new Chief Trust Officer. This was the perfect opportunity to find out more about his plans. In this Help Net Security interview, Arkin discusses a
React to this headline:
Inside the strategy of Salesforce’s new Chief Trust Officer Read More »
RCE vulnerabilities fixed in SolarWinds enterprise solutions 2024-02-19 at 07:01 By Zeljka Zorz SolarWinds has released updates for Access Rights Manager (ARM) and (Orion) Platform that fix vulnerabilities that could allow attackers to execute code on vulnerable installations. SolarWinds ARM flaws fixed SolarWinds, the company whose Orion IT administration platform has been infamously compromised in
React to this headline:
RCE vulnerabilities fixed in SolarWinds enterprise solutions Read More »
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge 2024-02-16 at 08:01 By Help Net Security The essence of cybersecurity is not just about defense but enabling business through trust and reliability. As Gmail and Yahoo take steps to enforce stricter email authentication, organizations that are proactive in their DMARC compliance will
React to this headline:
Gmail & Yahoo DMARC rollout: When cyber compliance gives a competitive edge Read More »
Cybersecurity sectors adjust as DDoS attacks reach new heights 2024-02-16 at 07:05 By Help Net Security In this Help Net Security video, Andrey Slastenov, Head of Security Department at Gcore, discusses the findings of their latest report that provide insights into the current state of the DDoS protection market and cybersecurity trends. Key highlights from
React to this headline:
Cybersecurity sectors adjust as DDoS attacks reach new heights Read More »
Battery maker Varta halts production after cyberattack 2024-02-15 at 14:17 By Helga Labus German battery manufacturer Varta was forced to shut down its IT systems and stop production as a result of a cyberattack. The Varta cyberattack The cyberattack occurred on Monday night and affected five of the company’s production plants and the administration. According
React to this headline:
Battery maker Varta halts production after cyberattack Read More »
AI outsourcing: A strategic guide to managing third-party risks 2024-02-15 at 08:01 By Help Net Security In an era of artificial intelligence (AI) revolutionizing business practices, many companies are turning to third-party AI services for a competitive edge. However, this approach comes with its own set of risks. From data security concerns to operational disruptions,
React to this headline:
AI outsourcing: A strategic guide to managing third-party risks Read More »
5 free digital forensics tools to boost your investigations 2024-02-15 at 07:32 By Help Net Security Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.
React to this headline:
5 free digital forensics tools to boost your investigations Read More »
Collaboration at the core: The interconnectivity of ITOps and security 2024-02-15 at 07:01 By Help Net Security In this Help Net Security video, Krista Macomber, Research Director at The Futurum Group, discusses how IT and security teams increasingly unite against cyber threats. Organizations are still struggling with the issue of disjointed data protection solutions, leading
React to this headline:
Collaboration at the core: The interconnectivity of ITOps and security Read More »
How are state-sponsored threat actors leveraging AI? 2024-02-14 at 18:31 By Helga Labus Microsoft and OpenAI have identified attempts by various state-affiliated threat actors to use large language models (LLMs) to enhance their cyber operations. Threat actors use LLMs for various tasks Just as defenders do, threat actors are leveraging AI (more specifically: LLMs) to
React to this headline:
How are state-sponsored threat actors leveraging AI? Read More »
QNAP fixes OS command injection flaws affecting its NAS devices (CVE-2023-47218, CVE-2023-50358) 2024-02-14 at 12:46 By Zeljka Zorz QNAP Systems has patched two unauthenticated OS command injection vulnerabilities (CVE-2023-47218, CVE-2023-50358) in various versions of the operating systems embedded in the firmware of their popular network-attached storage (NAS) devices. About the vulnerabilities (CVE-2023-47218, CVE-2023-50358) Both vulnerabilities
React to this headline:
Corporate users getting tricked into downloading AnyDesk 2024-02-14 at 11:16 By Helga Labus Hackers are leveraging the AnyDesk remote desktop application in a phishing campaign targeting employees, Malwarebytes warns. The AnyDesk phishing campaign In a phishing campaign recently discovered by Malwarebytes researchers, attackers targeted potential victims via email or SMS, personalized to match their roles
React to this headline:
Corporate users getting tricked into downloading AnyDesk Read More »
We can’t risk losing staff to alert fatigue 2024-02-14 at 08:32 By Help Net Security The oft-quoted Chinese military strategist Sun Tzu famously claimed: “If you know the enemy and know yourself, you need not fear the result of a hundred battles.” Exchange “battles” for “cyberattacks”, and the maxim will hold. But too much information
React to this headline:
We can’t risk losing staff to alert fatigue Read More »
Rise in cyberwarfare tactics fueled by geopolitical tensions 2024-02-14 at 08:02 By Mirko Zorz In this Help Net Security interview, Matt Shelton, Head of Threat Research and Analysis at Google Cloud, discusses the latest Threat Horizons Report, which provides intelligence-derived trends, expertise, and recommendations on threat actors to help inform cloud customer security strategies in
React to this headline:
Rise in cyberwarfare tactics fueled by geopolitical tensions Read More »
Fabric: Open-source framework for augmenting humans using AI 2024-02-14 at 07:31 By Mirko Zorz Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use AI.
React to this headline:
Fabric: Open-source framework for augmenting humans using AI Read More »
How to take control of personal data 2024-02-14 at 07:01 By Help Net Security Cybercriminals increasingly use open-source intelligence (OSINT) to craft convincing backstories, often by mining social media profiles for details on a target’s profession, interests, and routines. Armed with these personal insights, these malicious actors leverage chatbots to compose highly persuasive messages. Additionally,
React to this headline:
How to take control of personal data Read More »
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) 2024-02-13 at 22:01 By Zeljka Zorz On February 2024 Patch Tuesday, Microsoft has delivered fixes for 72 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-21412, CVE-2024-21351) that are being leveraged by attackers in the wild. About CVE-2024-21412 and CVE-2024-21351 CVE-2024-21412 allows attackers to bypass the Microsoft Defender SmartScreen
React to this headline:
Microsoft patches two zero-days exploited by attackers (CVE-2024-21412, CVE-2024-21351) Read More »
Attackers injected novel DSLog backdoor into 670 vulnerable Ivanti devices (CVE-2024-21893) 2024-02-13 at 13:01 By Helga Labus Hackers are actively exploiting a vulnerability (CVE-2024-21893) in Ivanti Connect Secure, Policy Secure and Neurons for ZTA to inject a “previously unknown and interesting backdoor” dubbed DSLog. CVE-2024-21893 patches and exploitation Ivanti disclosed CVE-2024-21893 – a server-side request
React to this headline: