Encrypted traffic: A double-edged sword for network defenders 2024-07-15 at 06:31 By Help Net Security Organizations are ramping up their use of encrypted traffic to lock down data. Could they be making it easier to hide threats in the process? On one hand, encryption means enhanced privacy, but it can also make the job of […]
Encrypted traffic: A double-edged sword for network defenders Read More »
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers 2024-07-12 at 15:31 By Zeljka Zorz Hackers leveraging stolen Snowflake account credentials have stolen records of calls and texts made by “nearly all” of AT&T’s cellular customers from May to October 2022, the company has confirmed. “The data does not contain the content
Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Read More »
Info of 2,3+ million individuals stolen in Advance Auto Parts data breach 2024-07-12 at 14:46 By Zeljka Zorz Personal information of over 2,3 million individuals has been stolen by attackers as part of the massive data grab via compromised Snowflake accounts without MFA protection, Advance Auto Parts has confirmed by filing notices with the attorney
Info of 2,3+ million individuals stolen in Advance Auto Parts data breach Read More »
How to design a third-party risk management framework 2024-07-12 at 07:31 By Help Net Security Most organizations focus on securing routers, servers, firewalls, and other endpoints, but threats can also arise from unfamiliar sources such as third-party networks, which can be used by hackers to attack an organization. Through a strong TPRM framework, companies gain
How to design a third-party risk management framework Read More »
Managing cyberattack fallout: Financial and operational damage 2024-07-12 at 07:01 By Mirko Zorz In this Help Net Security, Ashley Harrington, Director of Cybersecurity at Aspida, discusses the impact of cyberattack on business operations and financial health. Beyond immediate disruptions and financial burdens, cyber incident can severely damage a company’s reputation among customers and partners. Can
Managing cyberattack fallout: Financial and operational damage Read More »
Using Authy? Beware of impending phishing attempts 2024-07-11 at 15:46 By Zeljka Zorz Do you use Authy for your multi-factor authentication needs? If you do, you should keep an eye out for phishing attempts, as well as implement defenses against SIM swapping attacks. What happened? On July 1, Twilio – the company that develops the
Using Authy? Beware of impending phishing attempts Read More »
How AI helps decode cybercriminal strategies 2024-07-11 at 07:32 By Help Net Security With terms like “AI washing” making their way into mainstream business consciousness, the hype surrounding AI is making it harder to differentiate between the true applications and empty promises of the technology. The quest for tangible business benefits is in full swing,
How AI helps decode cybercriminal strategies Read More »
Strengthening cybersecurity preparedness with defense in depth 2024-07-11 at 07:01 By Mirko Zorz In this Help Net Security interview, Chaim Mazal, Chief Security Officer at Gigamon, discusses cybersecurity preparedness measures for businesses, the impact of international inconsistencies on global operations, and the board’s role in cybersecurity. What are the top cybersecurity preparedness measures that businesses
Strengthening cybersecurity preparedness with defense in depth Read More »
Travel scams exposed: How to recognize and avoid them 2024-07-11 at 06:31 By Help Net Security In this Help Net Security video, Aaron Walton, Threat Intel Analyst at Expel, discusses travel scams. For the past 18 months, the Expel SOC team has observed a campaign targeting administrative credentials for Booking.com. The attackers create phishing emails
Travel scams exposed: How to recognize and avoid them Read More »
Valuable insights for making the right cybersecurity decisions 2024-07-11 at 06:01 By Help Net Security This article compiles excerpts from various reports, presenting statistics and insights that could be helpful for CISOs. CISOs becoming more comfortable with risk levels Netskope | The Modern CISO: Bringing Balance | June 2024 Contradicting legacy stereotypes of the CISO
Valuable insights for making the right cybersecurity decisions Read More »
How AI-powered software spreads Russian disinformation on X 2024-07-10 at 18:16 By Zeljka Zorz The US Justice Department (DoJ) has seized two US-based domains used by Russian threat actors to create fake profiles on X (formerly Twitter) that would spread disinformation in the United States and abroad. This bot farm was created and operated via
How AI-powered software spreads Russian disinformation on X Read More »
Zero-day patched by Microsoft has been exploited by attackers for over a year (CVE-2024-38112) 2024-07-10 at 15:46 By Zeljka Zorz CVE-2024-38112, a spoofing vulnerability in Windows MSHTML Platform for which Microsoft has released a fix on Tuesday, has likely been exploited by attackers in the wild for over a year, Check Point researcher Haifei Li
Google removes enrollment barrier for prospective Advanced Protection Program users 2024-07-10 at 14:01 By Zeljka Zorz Google has removed a potential obstacle for high-risk users who want to enroll in the company’s Advanced Protection Program (APP): they can now do it just by setting a passkey. Users already enrolled in APP have been provided the
Google removes enrollment barrier for prospective Advanced Protection Program users Read More »
Diversifying cyber teams to tackle complex threats 2024-07-10 at 08:01 By Help Net Security Technologies such as GenAI, ML and IoT are giving threat actors new tools that make it easier to target consumers and organizations. From Savvy Seahorse which lures victims into investment scams, to a self-replicating AI worm that uses the likes of
Diversifying cyber teams to tackle complex threats Read More »
How companies increase risk exposure with rushed LLM deployments 2024-07-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Jake King, Head of Threat & Security Intelligence at Elastic, discusses companies’ exposure to new security risks and vulnerabilities as they rush to deploy LLMs. King explains how LLMs pose significant risks to data
How companies increase risk exposure with rushed LLM deployments Read More »
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »
Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda
Chinese APT40 group swifly leverages public PoC exploits Read More »
Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella 2024-07-09 at 07:31 By Help Net Security Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with
Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella Read More »
Exploring the root causes of the cybersecurity skills gap 2024-07-09 at 07:01 By Mirko Zorz In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy
Exploring the root causes of the cybersecurity skills gap Read More »