Hot stuff

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)

Assetnote, Don't miss, file-sharing, Hot stuff, News, Progress, Rapid7, security update, vulnerability /

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) 02/10/2023 at 14:17 By Helga Labus Progress Software, the company behind the recently hacked MOVEit file-sharing tool, has recently fixed two critical vulnerabilities (CVE-2023-40044, CVE-2023-42657) in WS_FTP Server, another popular secure file transfer solution. Proof-of-concept code for CVE-2023-40044 has been available since Friday, and Rapid7 researchers […]

React to this headline:

Loading spinner

Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044) Read More »

Most dual ransomware attacks occur within 48 hours

Don't miss, Emsisoft, FBI, Hot stuff, News, Ransomware, Sophos, Symantec, trends /

Most dual ransomware attacks occur within 48 hours 02/10/2023 at 12:16 By Helga Labus Since July 2023, the Federal Bureau of Investigation (FBI) has noticed a new trend: dual ransomware attacks on the same victim, occurring in close proximity of one another. Dual ransomware attacks Dual ransomware attacks are when against the same victim occurr

React to this headline:

Loading spinner

Most dual ransomware attacks occur within 48 hours Read More »

9 essential ransomware guides and checklists available for free

ANSSI, CISA, cybercrime, Don't miss, DXC Technology, Egnyte, FTC, Government, guide, Hot stuff, how-to, IBM, IBM X-Force, Malware, National Cyber Security Centre, News, Ransomware, strategy, tips /

9 essential ransomware guides and checklists available for free 02/10/2023 at 08:03 By Help Net Security According to Fortinet, ransomware activity has intensified, registering an increase of 13 times compared to the beginning of 2023 in terms of all malware detections. The rise of Ransomware-as-a-Service has primarily driven this surge in ransomware variations. According to

React to this headline:

Loading spinner

9 essential ransomware guides and checklists available for free Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity /

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Loading spinner

Securing GitHub Actions for a safer DevOps pipeline Read More »

Protecting against FraudGPT, ChatGPT’s evil twin

Artificial Intelligence, ChatGPT, credentials, cybercrime, cybercriminals, cybersecurity, dark web, Don't miss, Email, fraud, Hot stuff, identity management, My1Login, passwords, phishing, scams, Video /

Protecting against FraudGPT, ChatGPT’s evil twin 02/10/2023 at 07:01 By Help Net Security FraudGPT is the evil counterpart to ChatGPT. Criminals use it to target businesses with phishing emails and scams with speed and accuracy like never before. The AI can be prompted to create the most realistic phishing emails, perfected down to a business’

React to this headline:

Loading spinner

Protecting against FraudGPT, ChatGPT’s evil twin Read More »

Malicious ads creep into Bing Chat responses

Artificial Intelligence, Don't miss, Hot stuff, malvertising, Malwarebytes, Microsoft, News, search engine /

Malicious ads creep into Bing Chat responses 29/09/2023 at 16:46 By Helga Labus Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. According to Malwarebytes researchers, searching for Advanced IP Scanner (network-scanning software) or MyCase (legal case management software) may result in an

React to this headline:

Loading spinner

Malicious ads creep into Bing Chat responses Read More »

How should organizations navigate the risks and opportunities of AI?

Artificial Intelligence, Conquest Cyber, cybercriminals, cybersecurity, deepfakes, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, opinion, phishing, strategy /

How should organizations navigate the risks and opportunities of AI? 29/09/2023 at 08:33 By Help Net Security As we realize exciting new advancements in the application of generative pre-trained transformer (GPT) technology, our adversaries are finding ingenious ways to leverage these capabilities to inflict harm. There’s evidence to suggest that offensive actors are using AI

React to this headline:

Loading spinner

How should organizations navigate the risks and opportunities of AI? Read More »

Why California’s Delete Act matters for the whole country

BlackCloak, CISO, cybercrime, cybercriminals, cybersecurity, dark web, data, Don't miss, Government, Hot stuff, identity, law, Privacy, regulation, USA, Video /

Why California’s Delete Act matters for the whole country 29/09/2023 at 06:32 By Help Net Security The California State Legislature passed Senate Bill 362, known as the Delete Act, to simplify the process for consumers to ask to remove their personal data gathered by data brokers. In this Help Net Security video, Dr. Chris Pierson,

React to this headline:

Loading spinner

Why California’s Delete Act matters for the whole country Read More »

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

0-day, Chrome, Don't miss, Google, Hot stuff, News, security update, vulnerability /

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) 28/09/2023 at 14:47 By Helga Labus Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google

React to this headline:

Loading spinner

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) Read More »

The hidden costs of neglecting cybersecurity for small businesses

Artificial Intelligence, attacks, Compliance, cybersecurity, Don't miss, education, Encryption, Features, Hot stuff, Incident Response, investment, Judy Security, MFA, News, opinion, passwords, phishing, regulation, threat, training, vulnerability /

The hidden costs of neglecting cybersecurity for small businesses 28/09/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. He also

React to this headline:

Loading spinner

The hidden costs of neglecting cybersecurity for small businesses Read More »

Kubernetes attacks in 2023: What it means for the future

attacks, Cloud, containers, cybersecurity, Don't miss, Hot stuff, KSOC, Kubernetes, Video /

Kubernetes attacks in 2023: What it means for the future 28/09/2023 at 07:01 By Help Net Security In 2023, a wave of new attacks targeting Kubernetes has been reported, from Dero and Monero crypto mining to Scarleteel and RBAC-Buster. In this Help Net Security video, Jimmy Mesta, CTO at KSOC, explores what it would take

React to this headline:

Loading spinner

Kubernetes attacks in 2023: What it means for the future Read More »

New twist on ZeroFont phishing technique spotted in the wild

Don't miss, email security, Hot stuff, News, Outlook, phishing, SANS ISC /

New twist on ZeroFont phishing technique spotted in the wild 27/09/2023 at 15:47 By Helga Labus Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack Documented and named by Avanan in 2018, the ZeroFont technique involves using text written in

React to this headline:

Loading spinner

New twist on ZeroFont phishing technique spotted in the wild Read More »

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)

1Password, Alpine, Chrome, containers, Debian, Don't miss, Firefox, Google, Hot stuff, LibreOffice, Linux, macOS, Microsoft Teams, News, Opera, patch, patching, Rezilion, runZero, Signal, Slack, SUSE, Telegram, Ubuntu, Vivaldi, vulnerability, vulnerability management /

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,

React to this headline:

Loading spinner

Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »

Fake Bitwarden installation packages delivered RAT to Windows users

Bitwarden, Don't miss, Hot stuff, Malware, News, Proofpoint, Remote Access Trojan, Windows /

Fake Bitwarden installation packages delivered RAT to Windows users 27/09/2023 at 11:47 By Helga Labus Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan (RAT). The ZenRAT malware A malicious website spoofing Bitwarden’s legitimate one (located at bitwariden[.]com) has been offering fake installation packages containing the ZenRAT

React to this headline:

Loading spinner

Fake Bitwarden installation packages delivered RAT to Windows users Read More »

The pitfalls of neglecting security ownership at the design stage

cyber risk, cybersecurity, Don't miss, Features, Hot stuff, investment, Lenovo, News, opinion, policy, product development, SMBs, software, software development, strategy /

The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net

React to this headline:

Loading spinner

The pitfalls of neglecting security ownership at the design stage Read More »

Is your identity safe? Exploring the gaps in threat protection

attack, credentials, cyber resilience, cybersecurity, data breach, Don't miss, Hot stuff, identity, MFA, Ransomware, Silverfort, threat, Video /

Is your identity safe? Exploring the gaps in threat protection 27/09/2023 at 07:01 By Help Net Security A recent study from Silverfort has identified the identity attack surface as today’s most substantial weakness in cybersecurity resilience. Traditional approaches, such as MFA and PAM, have notable limitations that can lead to the exploitation of stolen credentials.

React to this headline:

Loading spinner

Is your identity safe? Exploring the gaps in threat protection Read More »

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793)

continuous integration, Don't miss, Hot stuff, JetBrains, News, Rapid7, software delivery, software development, vulnerability /

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) 26/09/2023 at 18:01 By Zeljka Zorz Software development firm JetBrains has fixed a critical vulnerability (CVE-2023-42793) in its TeamCity continuous integration and continuous delivery (CI/CD) solution, which may allow authenticated attackers to achieve remote code execution and gain control of the server.

React to this headline:

Loading spinner

Critical JetBrains TeamCity vulnerability could be exploited to launch supply chain attacks (CVE-2023-42793) Read More »

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations

data breach, Data leak, Don't miss, Emsisoft, extortion, Hot stuff, KonBriefing Research, News, Progress /

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations 26/09/2023 at 15:01 By Helga Labus The number of victim organizations hit by Cl0p via vulnerable MOVEit installations has surpassed 2,000, and the number of affected individuals is now over 60 million. The victim organizations are overwhelmingly based in the US. “The most heavily impacted sectors are

React to this headline:

Loading spinner

Cl0p’s MOVEit attack tally surpasses 2,000 victim organizations Read More »

Has Sony been hacked again?

Barrier Networks, cybercrime, data breach, Don't miss, Hot stuff, My1Login, News, Sony /

Has Sony been hacked again? 26/09/2023 at 13:19 By Zeljka Zorz Ransomed.vc, a relatively new ransomware / cyber extortion group, claims to have hacked Sony and made off with valuable data. Sony allegedly hacked and its data held for ransom “We have successfully compromissed all of sony systems. We wont ransom them! we will sell

React to this headline:

Loading spinner

Has Sony been hacked again? Read More »

Are developers giving enough thought to prompt injection threats when building code?

Artificial Intelligence, code, cybercrime, data analysis, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, Immersive Labs, News, opinion, policy, programming, software development, strategy /

Are developers giving enough thought to prompt injection threats when building code? 26/09/2023 at 08:32 By Help Net Security With National Coding Week behind us, the development community has had its annual moment of collective reflection and focus on emerging technologies that are shaping the industry. Among these, large language models (LLMs) and “generative AI”

React to this headline:

Loading spinner

Are developers giving enough thought to prompt injection threats when building code? Read More »

Scroll to Top