Hot stuff

NVD: NIST is working on longer-term solutions

CVE, Don't miss, Hot stuff, News, NIST, vulnerability management /

NVD: NIST is working on longer-term solutions 2024-04-03 at 13:17 By Zeljka Zorz The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards and Technology […]

React to this headline:

Loading spinner

NVD: NIST is working on longer-term solutions Read More »

How Google plans to make stolen session cookies worthless for attackers

authentication, Chrome, cookies, Don't miss, Hot stuff, Malware, MFA, News, Privacy, public-key cryptography /

How Google plans to make stolen session cookies worthless for attackers 2024-04-03 at 08:31 By Zeljka Zorz Google is working on a new security feature for Chrome called Device Bound Session Credentials (DBSC), meant to prevent attackers from using stolen session cookies to gain access user accounts. Session (i.e., authentication) cookies are stored by browsers

React to this headline:

Loading spinner

How Google plans to make stolen session cookies worthless for attackers Read More »

Location tracking and the battle for digital privacy

cybersecurity, data, Don't miss, Expert analysis, Expert corner, GPS, Hot stuff, location tracking, LOKKER, News, opinion, Privacy, regulation /

Location tracking and the battle for digital privacy 2024-04-03 at 08:01 By Help Net Security While some online privacy issues can be subtle and difficult to understand, location tracking is very simple – and very scary. Perhaps nothing reveals more about who we are and what we do than a detailed map of all the

React to this headline:

Loading spinner

Location tracking and the battle for digital privacy Read More »

Cybersecurity jobs available right now: April 3, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: April 3, 2024 2024-04-03 at 07:31 By Mirko Zorz Cyber Security Manager Charterhouse Middle East | UAE | On-site – View job details The Cyber Security Manager will identify and address potential security issues, define access privileges, implement control structures, and conduct periodic audits. In addition, you’ll also contribute to

React to this headline:

Loading spinner

Cybersecurity jobs available right now: April 3, 2024 Read More »

Cyber attacks on critical infrastructure show advanced tactics and new capabilities

CISO, critical infrastructure, cyberattacks, cybersecurity, Don't miss, Features, Government, Hot stuff, News, opinion, Ransomware, strategy, Tenable, tips /

Cyber attacks on critical infrastructure show advanced tactics and new capabilities 2024-04-03 at 07:01 By Mirko Zorz In this Help Net Security interview, Marty Edwards, Deputy CTO OT/IoT at Tenable, discusses the impact of geopolitical tensions on cyber attacks targeting critical infrastructure. Edwards highlights the need for collaborative efforts between policymakers, government agencies, and the

React to this headline:

Loading spinner

Cyber attacks on critical infrastructure show advanced tactics and new capabilities Read More »

Human risk is the top cyber threat for IT teams

Artificial Intelligence, cybercrime, cybersecurity, deepfakes, Don't miss, Hot stuff, Mimecast, Video /

Human risk is the top cyber threat for IT teams 2024-04-03 at 06:32 By Help Net Security After another year rife with cybercrime, IT and cyber leaders are confronted with a new reality. AI and deepfakes can trick even the most well-trained employee, and executing a strong cyber defense is more important than ever. In

React to this headline:

Loading spinner

Human risk is the top cyber threat for IT teams Read More »

AT&T data leaked: 73 million customers affected

AT&T, Data leak, Don't miss, Hot stuff, News, USA /

AT&T data leaked: 73 million customers affected 2024-04-02 at 15:31 By Zeljka Zorz AT&T has confirmed that the data set leaked on the dark web some two weeks ago does, indeed, contain “AT&T data-specific fields”. The company is reaching out to affected customers and offering credit monitoring services. What type of data has been leaked?

React to this headline:

Loading spinner

AT&T data leaked: 73 million customers affected Read More »

What the ID of tomorrow may look like

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity verification, News, opinion, QR codes, Regula /

What the ID of tomorrow may look like 2024-04-02 at 08:01 By Help Net Security Few joys remain untouched by the necessity of identity verification. With its ubiquitous presence, the call for heightened security, improved accessibility, and seamless authentication resonates loudly for businesses and individuals alike. In response, a tool, or perhaps a reinvented vision

React to this headline:

Loading spinner

What the ID of tomorrow may look like Read More »

Cloud Active Defense: Open-source cloud protection

cloud security, Don't miss, GitHub, Hot stuff, News, open source, software /

Cloud Active Defense: Open-source cloud protection 2024-04-02 at 07:31 By Mirko Zorz Cloud Active Defense is an open-source solution that integrates decoys into cloud infrastructure. It creates a dilemma for attackers: risk attacking and being detected immediately, or avoid the traps and reduce their effectiveness. Anyone, including small companies, can use it at no cost

React to this headline:

Loading spinner

Cloud Active Defense: Open-source cloud protection Read More »

Why AI forensics matters now

Artificial Intelligence, automation, Credo, cybersecurity, data, Don't miss, generative AI, Hot stuff, investment, Qualcomm, regulation, Video /

Why AI forensics matters now 2024-04-02 at 07:01 By Help Net Security In this Help Net Security video, Sylvia Acevedo, who serves on the Boards of Qualcomm and Credo, discusses why companies should invest in forensic capabilities and why forensics will be such an important topic as AI continues to be integrated into infrastructures and

React to this headline:

Loading spinner

Why AI forensics matters now Read More »

6 keys to navigating security and app development team tensions

Application Security, cybersecurity, data security, DevSecOps, Don't miss, Hot stuff, News, Probely, tips /

6 keys to navigating security and app development team tensions 2024-04-02 at 06:01 By Help Net Security There will always be a natural tension between cybersecurity teams and developers. After all, it’s the developer’s role to “develop.” They want and are paid to create and ship new applications and features that help move the organization

React to this headline:

Loading spinner

6 keys to navigating security and app development team tensions Read More »

How to design and deliver an effective cybersecurity exercise

cyberattacks, cybersecurity, digital transformation, Don't miss, Expert analysis, Expert corner, Hot stuff, Incident Response, Information Security Forum, News, opinion, penetration testing, red team /

How to design and deliver an effective cybersecurity exercise 2024-04-01 at 07:04 By Help Net Security Armed forces have always utilized war-gaming exercises for battlefield training to prepare for times of conflict. With today’s digital transformation, the same concept is being applied in the form of cybersecurity exercises – tests and simulations based on plausible

React to this headline:

Loading spinner

How to design and deliver an effective cybersecurity exercise Read More »

XZ Utils backdoor update: Which Linux distros are affected and what can you do?

Alpine, backdoor, Debian, Don't miss, Fedora, Hot stuff, Kali Linux, Linux, Linux Mint, News, open source, Orca Security, Red Hat, supply chain attacks, Ubuntu, vulnerability /

XZ Utils backdoor update: Which Linux distros are affected and what can you do? 2024-03-31 at 21:01 By Zeljka Zorz The news that XZ Utils, a compression utility present in most Linux distributions, has been backdoored by a supposedly trusted maintainer has rattled the open-source software community on Friday, mere hours until the beginning of

React to this headline:

Loading spinner

XZ Utils backdoor update: Which Linux distros are affected and what can you do? Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

How much does cloud-based identity expand your attack surface?

access management, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, IS Decisions, News, opinion, Risk Management /

How much does cloud-based identity expand your attack surface? 2024-03-29 at 08:01 By Help Net Security We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and

React to this headline:

Loading spinner

How much does cloud-based identity expand your attack surface? Read More »

Finding software flaws early in the development process provides ROI

cybersecurity, Don't miss, Hot stuff, News, Probely, security assessment, security testing, software, software development /

Finding software flaws early in the development process provides ROI 2024-03-29 at 06:31 By Help Net Security Enterprises spend enormous effort fixing software vulnerabilities that make their way into their publicly-facing applications. The Consortium for Information and Software Quality estimates that the cost of poor software quality in the United States reached $2.41 trillion in

React to this headline:

Loading spinner

Finding software flaws early in the development process provides ROI Read More »

Zero-day exploitation surged in 2023, Google finds

0-day, APT, cybercrime, Don't miss, exploit, Google, Hot stuff, Mandiant, News, spyware /

Zero-day exploitation surged in 2023, Google finds 2024-03-28 at 17:17 By Zeljka Zorz 2023 saw attackers increasingly focusing on the discovery and exploitation of zero-day vulnerabilities in third-party libraries (libvpx, ImagelO) and drivers (Mali GPU, Qualcomm Adreno GPU), as they can affect multiple products and effectively offer more possibilities for attack. Another interesting conclusion from

React to this headline:

Loading spinner

Zero-day exploitation surged in 2023, Google finds Read More »

NHS Scotland confirms ransomware attackers leaked patients’ data

Data leak, Don't miss, extortion, healthcare, Hot stuff, News, Ransomware, UK /

NHS Scotland confirms ransomware attackers leaked patients’ data 2024-03-28 at 14:31 By Zeljka Zorz NHS Dumfries and Galloway (part of NHS Scotland) has confirmed that a “recognised ransomware group” was able to “access a significant amount of data including patient and staff-identifiable information,” and has published “clinical data relating to a small number of patients.”

React to this headline:

Loading spinner

NHS Scotland confirms ransomware attackers leaked patients’ data Read More »

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955)

CISA, Don't miss, enterprise, Government, Hot stuff, News, Synopsys, vulnerability /

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that

React to this headline:

Loading spinner

Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) Read More »

Debunking compliance myths in the digital era

auditing, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, MJD Advisors, News, opinion, security testing /

Debunking compliance myths in the digital era 2024-03-28 at 08:02 By Help Net Security Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software

React to this headline:

Loading spinner

Debunking compliance myths in the digital era Read More »

Scroll to Top