Hot stuff

Microsoft announces AI bug bounty program

Artificial Intelligence, Bing, bug bounty, Don't miss, Hot stuff, Microsoft, News /

Microsoft announces AI bug bounty program 16/10/2023 at 15:18 By Zeljka Zorz Microsoft is offering up to $15,000 to bug hunters that pinpoint vulnerabilities of Critical or Important severity in its AI-powered “Bing experience”. “The new Microsoft AI bounty program comes as a result of key investments and learnings over the last few months, including

React to this headline:

Loading spinner

Microsoft announces AI bug bounty program Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

How organizations can combat rising cloud costs with FinOps

Cloud, cybersecurity, Don't miss, Hot stuff, software, strategy, Venafi, Video /

How organizations can combat rising cloud costs with FinOps 16/10/2023 at 07:06 By Help Net Security When it comes to the cloud, many organizations prioritize speed over spend. In fact, spending on public cloud services is forecasted to grow 21.7% to a total of $597.3 billion in 2023, according to Gartner. How can organizations spend

React to this headline:

Loading spinner

How organizations can combat rising cloud costs with FinOps Read More »

Quantum risk is real now: How to navigate the evolving data harvesting threat

Artificial Intelligence, backdoor, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, firmware, Hot stuff, machine learning, News, opinion, Qrypt, threat /

Quantum risk is real now: How to navigate the evolving data harvesting threat 13/10/2023 at 07:32 By Help Net Security In an era where data security is paramount, the recent revelations about firmware backdoors implanted by Chinese government-backed hackers serve as a stark reminder of the evolving threat landscape. BlackTech is infiltrating routers to gain

React to this headline:

Loading spinner

Quantum risk is real now: How to navigate the evolving data harvesting threat Read More »

Introducing the book: Irreducibly Complex Systems

books, cybersecurity, Don't miss, Hot stuff, Prelude, security testing, strategy, Video /

Introducing the book: Irreducibly Complex Systems 13/10/2023 at 06:32 By Help Net Security In this Help Net Security video interview, David Hunt, CTO at Prelude, discusses his book – Irreducibly Complex Systems: An Introduction to Continuous Security Testing. Continuous security testing (CST) is a new strategy for validating cyber defenses. We buy security products that

React to this headline:

Loading spinner

Introducing the book: Irreducibly Complex Systems Read More »

Microsoft Defender can automatically contain compromised user accounts

automation, BEC scams, Don't miss, Endpoint Security, enterprise, Hot stuff, Microsoft, Microsoft Defender, MITM, News, privileged accounts, Ransomware, XDR /

Microsoft Defender can automatically contain compromised user accounts 12/10/2023 at 15:32 By Helga Labus The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced. The feature aims to help organizations disrupt human-operated attacks like ransomware, business

React to this headline:

Loading spinner

Microsoft Defender can automatically contain compromised user accounts Read More »

Sic Permission Slip on data brokers that use your data

Android, app, CCPA, consumer, Don't miss, Hot stuff, iPhone, News, Privacy, regulation, USA, user data /

Sic Permission Slip on data brokers that use your data 12/10/2023 at 08:31 By Helga Labus Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it. The Permission Slip app (Source: Consumer Reports) US consumer data privacy laws

React to this headline:

Loading spinner

Sic Permission Slip on data brokers that use your data Read More »

Keeping up with the demands of the cyber insurance market

cyber insurance, cybersecurity, data security, Delinea, Don't miss, Expert analysis, Expert corner, Hot stuff, market, MFA, News, opinion, Ransomware, remediation, standards, strategy, threats /

Keeping up with the demands of the cyber insurance market 12/10/2023 at 08:01 By Help Net Security Cyber insurance has been around longer than most of us think. When American International Group (AIG) launched the first cyber insurance policy in 1997, it stepped into completely unknown territory to gain market share. Now, 26 years later,

React to this headline:

Loading spinner

Keeping up with the demands of the cyber insurance market Read More »

Unmasking the limitations of yearly penetration tests

Ambionics, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PCI DSS, penetration testing, risk assessment, shadow IT, Threat Intelligence, threats, vulnerability, web application /

Unmasking the limitations of yearly penetration tests 12/10/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular releases and

React to this headline:

Loading spinner

Unmasking the limitations of yearly penetration tests Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

15 free Microsoft 365 security training modules worth your time

Don't miss, Hot stuff, how-to, Microsoft, Microsoft 365, News, skill development, strategy, tips /

15 free Microsoft 365 security training modules worth your time 11/10/2023 at 07:32 By Help Net Security Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Microsoft 365 can be difficult for

React to this headline:

Loading spinner

15 free Microsoft 365 security training modules worth your time Read More »

How cyber fusion is helping enterprises modernize security operations

Cloud, collaboration, cybersecurity, Cyware, Don't miss, Hot stuff, orchestration, security operations, SOC, threat hunting, Video /

How cyber fusion is helping enterprises modernize security operations 11/10/2023 at 07:02 By Help Net Security In this Help Net Security video, Anuj Goel, CEO at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive. The post How cyber fusion is helping enterprises modernize

React to this headline:

Loading spinner

How cyber fusion is helping enterprises modernize security operations Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

React to this headline:

Loading spinner

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Why zero trust delivers even more resilience than you think

access management, attack, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetScaler, News, opinion, policy, remediation, zero trust /

Why zero trust delivers even more resilience than you think 10/10/2023 at 08:04 By Help Net Security Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

React to this headline:

Loading spinner

Why zero trust delivers even more resilience than you think Read More »

Turning military veterans into cybersecurity experts

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, TechVets, Threat Intelligence, threats, training /

Turning military veterans into cybersecurity experts 10/10/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in

React to this headline:

Loading spinner

Turning military veterans into cybersecurity experts Read More »

Scroll to Top