Hot stuff

Authentik: Open-source identity provider

authentication, Don't miss, GitHub, Hot stuff, News, open source, software /

Authentik: Open-source identity provider 2024-08-16 at 07:01 By Mirko Zorz Authentik is an open-source identity provider designed for maximum flexibility and adaptability. It easily integrates into existing environments and supports new protocols. It’s a comprehensive solution for implementing features like sign-up, account recovery, and more in your application, eliminating the need to manage these tasks […]

Authentik: Open-source identity provider Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

AWS, cloud security, credentials, data theft, Don't miss, extortion, Hot stuff, misconfiguration, News, Palo Alto Networks /

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)

CVE, Don't miss, enterprise, Hot stuff, Java, MSP, News, SMBs, vulnerability /

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) 2024-08-15 at 14:45 By Zeljka Zorz SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce

Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) Read More »

How passkeys eliminate password management headaches

authentication, cybersecurity, Don't miss, Features, Hot stuff, Industry news, opinion, passwords, rf IDEAS, SSO, standards /

How passkeys eliminate password management headaches 2024-08-15 at 07:01 By Mirko Zorz In this Help Net Security interview, David Cottingham, President at rf IDEAS, discusses the key benefits organizations can expect when implementing passkeys. Cottingham addresses the misconceptions surrounding the adoption of passkeys, particularly in the B2B landscape. What are the key benefits that organizations

How passkeys eliminate password management headaches Read More »

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they?

Axio, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, law, lawsuit, News, opinion, risk, threats /

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? 2024-08-14 at 08:01 By Help Net Security In a potentially groundbreaking dispute, Delta Air Lines is threatening to sue CrowdStrike, a leading cybersecurity firm, for alleged negligence and breach of contract. This case brings to the forefront critical questions about the duties

Delta vs. CrowdStrike: The duties vendors owe to customers – or do they? Read More »

IntelOwl: Open-source threat intelligence management

Don't miss, GitHub, Hot stuff, News, open source, software, Threat Intelligence /

IntelOwl: Open-source threat intelligence management 2024-08-14 at 07:31 By Mirko Zorz IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform. “In late 2019, I faced a significant challenge while working as a cybersecurity analyst in a Security

IntelOwl: Open-source threat intelligence management Read More »

Current attacks, targets, and other threat landscape trends

Cisco, cybersecurity, Don't miss, Hot stuff, Incident Response, News, report, threats, Video /

Current attacks, targets, and other threat landscape trends 2024-08-14 at 06:31 By Help Net Security In this Help Net Security video, Kendall McKay, Strategic Lead, Cyber Threat Intelligence at Cisco Talos, discusses the trends that Cisco Talos incident response observed in incident response engagements from Q2 2024, which covers April to June. While the attacks

Current attacks, targets, and other threat landscape trends Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

Microsoft fixes 6 zero-days under active attack Read More »

Suspected head of Reveton, Ransom Cartel RaaS groups arrested

arrest, cybercriminals, exploit kit, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, scareware /

Suspected head of Reveton, Ransom Cartel RaaS groups arrested 2024-08-13 at 17:16 By Help Net Security An international operation coordinated by the UK National Crime Agency (NCA) has resulted in the arrest and extradition of a man believed to be one of the world’s most prolific Russian-speaking cybercrime actors. The arrest The NCA has been

Suspected head of Reveton, Ransom Cartel RaaS groups arrested Read More »

Scammers dupe chemical company into wiring $60 million

BEC scams, Don't miss, Europe, fraud, Hot stuff, manufacturing sector, News, USA /

Scammers dupe chemical company into wiring $60 million 2024-08-13 at 16:46 By Zeljka Zorz Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.” The scammers targeted an employee Orion

Scammers dupe chemical company into wiring $60 million Read More »

Australian gold mining company hit with ransomware

Australia, Don't miss, enterprise, Hot stuff, News, Ransomware /

Australian gold mining company hit with ransomware 2024-08-13 at 14:17 By Zeljka Zorz Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been working with its external cyber forensic experts to investigate the incident. “Based on

Australian gold mining company hit with ransomware Read More »

Browser backdoors: Securing the new frontline of shadow IT

browser, cybersecurity, Don't miss, Expert analysis, Expert corner, extension, Hexnode, Hot stuff, News, opinion, shadow IT /

Browser backdoors: Securing the new frontline of shadow IT 2024-08-13 at 07:31 By Help Net Security Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces. Research shows that

Browser backdoors: Securing the new frontline of shadow IT Read More »

Key metrics for monitoring and improving ZTNA implementations

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, policy, strategy, supply chain attacks, Wilson Perumal & Company, zero trust /

Key metrics for monitoring and improving ZTNA implementations 2024-08-13 at 07:01 By Mirko Zorz In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders,

Key metrics for monitoring and improving ZTNA implementations Read More »

Chrome, Edge users beset by malicious extensions that can’t be easily removed

add-ons, adware, Chrome, cybercrime, Don't miss, extension, Hot stuff, Malware, Microsoft Edge, News, Reason Labs /

Chrome, Edge users beset by malicious extensions that can’t be easily removed 2024-08-12 at 16:31 By Zeljka Zorz A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches

Chrome, Edge users beset by malicious extensions that can’t be easily removed Read More »

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

0-day, authentication, Don't miss, Hot stuff, Microsoft 365, MS Office, News, PrivSec /

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) 2024-08-12 at 13:31 By Zeljka Zorz A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interaction to be

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) Read More »

Scout Suite: Open-source cloud security auditing tool

Alibaba Cloud, auditing, AWS, Azure, cloud security, Don't miss, GitHub, Google Cloud, Hot stuff, NCC Group, News, open source, software /

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

Scout Suite: Open-source cloud security auditing tool Read More »

Steps to improve quality engineering and system robustness

cybersecurity, Don't miss, Hot stuff, News, Roq, Video /

Steps to improve quality engineering and system robustness 2024-08-12 at 06:31 By Help Net Security Major tech outages have recently impacted customers and operations at McDonald’s, Greggs, Deliveroo, Tesco, and Barclays. In this Help Net Security video, Stephen Johnson, CEO of Roq, says it is now imperative for companies and organizations to invest significantly more

Steps to improve quality engineering and system robustness Read More »

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Innovation, News, opinion, Palo Alto Networks, regulation, security standard, threat detection /

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? 2024-08-09 at 08:02 By Help Net Security The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? Read More »

Scroll to Top