Hot stuff

Finding software flaws early in the development process provides ROI

cybersecurity, Don't miss, Hot stuff, News, Probely, security assessment, security testing, software, software development /

Finding software flaws early in the development process provides ROI 2024-03-29 at 06:31 By Help Net Security Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States reached $2.41 trillion in […]

React to this headline:

Loading spinner

Finding software flaws early in the development process provides ROI Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

NHS Scotland confirms ransomware attackers leaked patients’ data

Data leak, Don't miss, extortion, healthcare, Hot stuff, News, Ransomware, UK /

NHS Scotland confirms ransomware attackers leaked patients’ data 2024-03-28 at 14:31 By Zeljka Zorz NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of patients.”

React to this headline:

Loading spinner

NHS Scotland confirms ransomware attackers leaked patients’ data Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

Debunking compliance myths in the digital era

auditing, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, MJD Advisors, News, opinion, security testing /

Debunking compliance myths in the digital era 2024-03-28 at 08:02 By Help Net Security Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software

React to this headline:

Loading spinner

Debunking compliance myths in the digital era Read More »

How CISOs tackle business payment fraud

Artificial Intelligence, BEC scams, CISO, cybersecurity, Don't miss, Email, fraud, Hot stuff, supply chain, Trustmi, Video /

How CISOs tackle business payment fraud 2024-03-28 at 07:01 By Help Net Security In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These are

React to this headline:

Loading spinner

How CISOs tackle business payment fraud Read More »

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)

Anyscale, authentication, Bishop Fox, Don't miss, enterprise, Hot stuff, machine learning, News, Oligo Security, vulnerability /

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo

React to this headline:

Loading spinner

AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) Read More »

Attackers leverage weaponized iMessages, new phishing-as-a-service platform

Android, Don't miss, Hot stuff, iOS, macOS, Netcraft, News, phishing /

Attackers leverage weaponized iMessages, new phishing-as-a-service platform 2024-03-27 at 12:31 By Zeljka Zorz Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial institutions, government

React to this headline:

Loading spinner

Attackers leverage weaponized iMessages, new phishing-as-a-service platform Read More »

How security leaders can ease healthcare workers’ EHR-related burnout

access management, authentication, burnout, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, healthcare, Hot stuff, Hypori, News, opinion /

How security leaders can ease healthcare workers’ EHR-related burnout 2024-03-27 at 08:05 By Help Net Security Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality

React to this headline:

Loading spinner

How security leaders can ease healthcare workers’ EHR-related burnout Read More »

Cybersecurity jobs available right now: March 27, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: March 27, 2024 2024-03-27 at 07:31 By Mirko Zorz Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with the

React to this headline:

Loading spinner

Cybersecurity jobs available right now: March 27, 2024 Read More »

Essential elements of a strong data protection strategy

backup, Cloud, cyber resilience, cybersecurity, Data Protection, Don't miss, Features, Hot stuff, News, opinion, strategy, Veritas Technologies /

Essential elements of a strong data protection strategy 2024-03-27 at 07:01 By Mirko Zorz In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery protocols

React to this headline:

Loading spinner

Essential elements of a strong data protection strategy Read More »

Drozer: Open-source Android security assessment framework

Android, Application Security, Don't miss, GitHub, Hot stuff, mobile security, News, open source, penetration testing, software, WithSecure /

Drozer: Open-source Android security assessment framework 2024-03-27 at 06:32 By Mirko Zorz Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of

React to this headline:

Loading spinner

Drozer: Open-source Android security assessment framework Read More »

Cybersecurity essentials during M&A surge

communication, cybersecurity, Don't miss, Gathid, Hot stuff, risk, Video /

Cybersecurity essentials during M&A surge 2024-03-27 at 06:01 By Help Net Security The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering the rise in

React to this headline:

Loading spinner

Cybersecurity essentials during M&A surge Read More »

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns

BSI, Don't miss, enterprise, Germany, Hot stuff, Microsoft Exchange, News, Shadowserver, vulnerability /

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office

React to this headline:

Loading spinner

17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »

Apps secretly turning devices into proxy network nodes removed from Google Play

consumer, Don't miss, enterprise, Hot stuff, HUMAN Security, mobile apps, News, Orange Cyberdefense, Proxy, research, Sekoia.io /

Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that

React to this headline:

Loading spinner

Apps secretly turning devices into proxy network nodes removed from Google Play Read More »

Reinforcement learning is the path forward for AI integration into cybersecurity

Artificial Intelligence, CISO, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Groupe SEB, Hot stuff, machine learning, News, opinion, predictions, SOC /

Reinforcement learning is the path forward for AI integration into cybersecurity 2024-03-26 at 08:01 By Help Net Security AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify

React to this headline:

Loading spinner

Reinforcement learning is the path forward for AI integration into cybersecurity Read More »

Strengthening critical infrastructure cybersecurity is a balancing act

access control, attacks, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, information sharing, News, opinion, regulation, resilience, strategy, zero trust /

Strengthening critical infrastructure cybersecurity is a balancing act 2024-03-26 at 07:31 By Mirko Zorz In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’ unique

React to this headline:

Loading spinner

Strengthening critical infrastructure cybersecurity is a balancing act Read More »

How threat intelligence data maximizes business operations

cybersecurity, data, Don't miss, Hot stuff, Intel 471, Threat Intelligence, Video /

How threat intelligence data maximizes business operations 2024-03-26 at 07:02 By Help Net Security Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a new

React to this headline:

Loading spinner

How threat intelligence data maximizes business operations Read More »

Scammers steal millions from FTX, BlockFi claimants

Cryptocurrency, Cryptocurrency Exchange, Don't miss, Hot stuff, News, phishing, scams /

Scammers steal millions from FTX, BlockFi claimants 2024-03-25 at 14:56 By Zeljka Zorz Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for the scam

React to this headline:

Loading spinner

Scammers steal millions from FTX, BlockFi claimants Read More »

APT29 hit German political parties with bogus invites and malware

Don't miss, Germany, Hot stuff, Malware, Mandiant, News, phishing, Russian Federation, Zscaler /

APT29 hit German political parties with bogus invites and malware 2024-03-25 at 11:46 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations

React to this headline:

Loading spinner

APT29 hit German political parties with bogus invites and malware Read More »

Scroll to Top