Hot stuff

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762)

Don't miss, Fortinet, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) 2024-02-12 at 21:01 By Zeljka Zorz Fortinet has patched critical remote code execution vulnerabilities in FortiOS (CVE-2024-21762, CVE-2024-23313), one of which is “potentially” being exploited in the wild. The exploitation-in-the-wild has been confirmed by CISA, by adding it to its Known Exploited Vulnerabilities (KEV) catalog, though […]

React to this headline:

Loading spinner

Critical Fortinet FortiOS flaw exploited in the wild (CVE-2024-21762) Read More »

Decryptor for Rhysida ransomware is available!

Check Point, CISA, decrypter, Don't miss, enterprise, Hot stuff, KISA, News, Ransomware /

Decryptor for Rhysida ransomware is available! 2024-02-12 at 13:46 By Zeljka Zorz Files encrypted by Rhysida ransomware can be successfully decrypted, due to a implementation vulnerability discovered by Korean researchers and leveraged to create a decryptor. About Rhysida Rhysida is a relatively new ransomware-as-a-service gang that engages in double extortion. First observed in May 2023,

React to this headline:

Loading spinner

Decryptor for Rhysida ransomware is available! Read More »

Integrating cybersecurity into vehicle design and manufacturing

automotive security, connected cars, cyberattacks, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, REE Automotive, risk assessment, software, standards, strategy, supply chain /

Integrating cybersecurity into vehicle design and manufacturing 2024-02-12 at 08:01 By Mirko Zorz In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological advancements and outlines strategies for automakers to address cyber

React to this headline:

Loading spinner

Integrating cybersecurity into vehicle design and manufacturing Read More »

Hacking the flow: The consequences of compromised water systems

critical infrastructure, CyberArk, cyberattacks, cybercriminals, cybersecurity, Don't miss, hacking, Hacktivism, Hot stuff, Ransomware, security controls, Video /

Hacking the flow: The consequences of compromised water systems 2024-02-12 at 07:31 By Help Net Security In this Help Net Security video, Andy Thompson, Offensive Cybersecurity Research Evangelist at CyberArk, discusses the dire consequences of hacking water systems and why their cybersecurity must be prioritized. From contaminating water supplies to disrupting essential services, the impact

React to this headline:

Loading spinner

Hacking the flow: The consequences of compromised water systems Read More »

SiCat: Open-source exploit finder

451 Research, Don't miss, exploit, GitHub, Hot stuff, News, open source, software /

SiCat: Open-source exploit finder 2024-02-12 at 06:31 By Mirko Zorz SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits. Akas Wisnu Aji,

React to this headline:

Loading spinner

SiCat: Open-source exploit finder Read More »

February 2024 Patch Tuesday forecast: Zero days are back and a new server too

ACROS Security, Adobe Acrobat, apple, Chrome, cybersecurity, Don't miss, Expert analysis, Expert corner, Firefox, Google, Hot stuff, Ivanti, Microsoft, Mozilla, News, patch, Patch Tuesday, security update /

February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new

React to this headline:

Loading spinner

February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »

Why we fall for fake news and how can we change that?

Artificial Intelligence, Don't miss, Fake News, Hot stuff, News, social media, tips /

Why we fall for fake news and how can we change that? 2024-02-09 at 08:32 By Helga Labus Have you ever been swept away by an enticing headline and didn’t bother to probe the news in-depth? You might have shared an eye-catching news story or engaged with a compelling post, only to realize later that

React to this headline:

Loading spinner

Why we fall for fake news and how can we change that? Read More »

Key strategies for ISO 27001 compliance adoption

auditing, certification, Compliance, cybersecurity, Don't miss, Features, Hot stuff, how-to, ISO 27001, Kiowa Security, News, opinion, regulation, risk assessment, standards, strategy, tips /

Key strategies for ISO 27001 compliance adoption 2024-02-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard. Long advises organizations to establish a detailed project roadmap and to book certification audits

React to this headline:

Loading spinner

Key strategies for ISO 27001 compliance adoption Read More »

How companies are misjudging their data privacy preparedness

BDO, cybersecurity, data, Data Protection, Don't miss, Hot stuff, policy, Privacy, regulation, Video /

How companies are misjudging their data privacy preparedness 2024-02-09 at 06:31 By Help Net Security In this Help Net Security video, Karen Schuler, Global Privacy & Data Protection Chair at BDO, discusses overconfidence in data privacy and data protection practices. There is an apparent disconnect between tech CFOs’ confidence and consumer perceptions. BDO’s 2024 Technology

React to this headline:

Loading spinner

How companies are misjudging their data privacy preparedness Read More »

LassPass is not LastPass: Fraudulent app on Apple App Store

Don't miss, Hot stuff, LastPass, LogMeIn, mobile apps, News, password manager /

LassPass is not LastPass: Fraudulent app on Apple App Store 2024-02-08 at 17:02 By Zeljka Zorz A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in question

React to this headline:

Loading spinner

LassPass is not LastPass: Fraudulent app on Apple App Store Read More »

Akira, LockBit actively searching for vulnerable Cisco ASA devices

Cisco, Don't miss, enterprise, exploit, GreyNoise, Hot stuff, News, Ransomware, Truesec, vulnerability /

Akira, LockBit actively searching for vulnerable Cisco ASA devices 2024-02-08 at 14:31 By Zeljka Zorz Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023.

React to this headline:

Loading spinner

Akira, LockBit actively searching for vulnerable Cisco ASA devices Read More »

10 tips for creating your security hackathon playbook

cybersecurity, Don't miss, Expert analysis, Expert corner, hacking contest, Hot stuff, Intel, News, opinion, product testing, security testing, tips /

10 tips for creating your security hackathon playbook 2024-02-08 at 08:01 By Help Net Security For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing

React to this headline:

Loading spinner

10 tips for creating your security hackathon playbook Read More »

Choosing the right partner when outsourcing cybersecurity

automation, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, regulation, risk, WDigital /

Choosing the right partner when outsourcing cybersecurity 2024-02-08 at 07:31 By Mirko Zorz In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. She compares the cost-effectiveness of outsourcing to maintaining an in-house team, noting the challenges of recruitment, training,

React to this headline:

Loading spinner

Choosing the right partner when outsourcing cybersecurity Read More »

SOAPHound: Open-source tool to collect Active Directory data via ADWS

Active Directory, Don't miss, GitHub, Hot stuff, News, open source, software /

SOAPHound: Open-source tool to collect Active Directory data via ADWS 2024-02-08 at 07:02 By Mirko Zorz SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from

React to this headline:

Loading spinner

SOAPHound: Open-source tool to collect Active Directory data via ADWS Read More »

How threat actors abuse OAuth apps

access control, access management, Application Security, Astrix Security, attacks, cybersecurity, Don't miss, Hot stuff, OAuth, Video /

How threat actors abuse OAuth apps 2024-02-08 at 06:31 By Help Net Security OAuth apps have become prominent in several attack groups’ TTPs in recent years. OAuth apps are used for every part of the attack process. In this Help Net Security video, Tal Skverer, Research Team Lead at Astrix Security, shares insights on how

React to this headline:

Loading spinner

How threat actors abuse OAuth apps Read More »

Chinese hackers breached Dutch Ministry of Defense

Don't miss, EU, Fortinet, Government, government-backed attacks, Hot stuff, Malware, News, Remote Access Trojan, vulnerability /

Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the

React to this headline:

Loading spinner

Chinese hackers breached Dutch Ministry of Defense Read More »

The fight against commercial spyware misuse is heating up

Don't miss, Google, Government, Hot stuff, News, policy, report, spyware, USA /

The fight against commercial spyware misuse is heating up 2024-02-07 at 14:46 By Zeljka Zorz Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy

React to this headline:

Loading spinner

The fight against commercial spyware misuse is heating up Read More »

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)

continuous integration, Don't miss, Hot stuff, JetBrains, News, security update, vulnerability /

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) 2024-02-07 at 12:31 By Helga Labus JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative

React to this headline:

Loading spinner

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) Read More »

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893)

Don't miss, exploit, Hot stuff, Ivanti, News, Shadowserver, vulnerability /

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted

React to this headline:

Loading spinner

Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »

Common cloud security mistakes and how to avoid them

cloud security, cyber risk, Data Protection, Don't miss, Hot stuff, misconfiguration, News, strategy, threats, tips /

Common cloud security mistakes and how to avoid them 2024-02-07 at 08:01 By Helga Labus According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to

React to this headline:

Loading spinner

Common cloud security mistakes and how to avoid them Read More »

Scroll to Top