Hot stuff

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially […]

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, News, opinion, tips, vulnerability management /

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams 2024-06-18 at 08:01 By Help Net Security Cybersecurity isn’t just about firewalls and antivirus. It’s about understanding how your defenses, people, and processes work together. Just like Google Maps revolutionized navigation, process mapping can revolutionize how you understand and manage your security

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy /

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

Enhancing security through collaboration with the open-source community Read More »

Preparing for a post-quantum future

authentication, automation, certificates, cybersecurity, Don't miss, Encryption, Hot stuff, identity, Privacy, quantum computing, Venafi, Video /

Preparing for a post-quantum future 2024-06-18 at 06:31 By Help Net Security Post-quantum cryptography (PQC) is a hot topic. A recent paper from Tsinghua University raised doubts about lattice-based cryptography for PQC, though an error was found. This has sparked questions about the strength of soon-to-be-standardized PQC algorithms. In this Help Net Security video, Kevin

Preparing for a post-quantum future Read More »

Malware peddlers love this one social engineering trick!

consumer, cybercrime, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, scams, social engineering /

Malware peddlers love this one social engineering trick! 2024-06-17 at 16:16 By Zeljka Zorz Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to install malware

Malware peddlers love this one social engineering trick! Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

Low code, high stakes: Addressing SQL injection Read More »

The rise of SaaS security teams

Artificial Intelligence, authentication, Cloud Security Alliance, cybersecurity, data breach, Don't miss, Features, Hot stuff, Incident Response, machine learning, News, opinion, SaaS, skill development, strategy /

The rise of SaaS security teams 2024-06-17 at 07:31 By Mirko Zorz In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms. What motivated the recent surge in

The rise of SaaS security teams Read More »

Ghidra: Open-source software reverse engineering framework

cybersecurity, Don't miss, GitHub, Government, Hot stuff, News, NSA, open source, software /

Ghidra: Open-source software reverse engineering framework 2024-06-17 at 07:01 By Help Net Security Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate. The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux. Ghidra’s

Ghidra: Open-source software reverse engineering framework Read More »

Microsoft delays Windows Recall rollout, more security testing needed

data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft delays Windows Recall rollout, more security testing needed 2024-06-14 at 15:46 By Zeljka Zorz Microsoft is delaying the release of Recall, a controversial Windows 11 feature that will allow users to search their computer for specific content that has previously been viewed by them. A preview of Recall should have been broadly available on

Microsoft delays Windows Recall rollout, more security testing needed Read More »

YetiHunter: Open-source threat hunting tool for Snowflake environments

Don't miss, Hot stuff, Mandiant, News, open source, Permiso, Snowflake, threat detection, threat hunting /

YetiHunter: Open-source threat hunting tool for Snowflake environments 2024-06-14 at 13:31 By Zeljka Zorz Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage and

YetiHunter: Open-source threat hunting tool for Snowflake environments Read More »

Modern fraud detection need not rely on PII

cybercrime, cybersecurity, Darwinium, Don't miss, Expert analysis, fraud, Hot stuff, News, opinion, threats /

Modern fraud detection need not rely on PII 2024-06-14 at 07:32 By Help Net Security Trends in online fraud detection often act as the canary in the coal mine when it comes to understanding and combating the next generation of online scams, fraud and cybersecurity threats. These days, security and fraud experts worry that insufficient

Modern fraud detection need not rely on PII Read More »

Solving the systemic problem of recurring vulnerabilities

AttackForge, collaboration, cybersecurity, Don't miss, Hot stuff, patching, penetration testing, sandbox, SecDim, Video, vulnerability management /

Solving the systemic problem of recurring vulnerabilities 2024-06-14 at 06:31 By Help Net Security In this Help Net Security video, Dr. Pedram Hayati, CEO at SecDim, and Fil Filiposki, founder of AttackForge, discuss how the two companies have formed a strategic collaboration to tackle the major challenge of resurfacing vulnerabilities. By integrating SecDim’s AppSec Learning

Solving the systemic problem of recurring vulnerabilities Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

Urgently needed: AI governance in cyber warfare

Artificial Intelligence, cybersecurity, Cyberwarfare, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, risk /

Urgently needed: AI governance in cyber warfare 2024-06-13 at 12:31 By Help Net Security Artificial intelligence is quickly becoming central to societal growth. AI has great power to improve daily life, from education to healthcare, from sustainability to defense. AI also brings to the forefront a number of risks that cut across the core values

Urgently needed: AI governance in cyber warfare Read More »

How businesses can integrate token technology into existing payment systems

Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, identity verification, mobile payment, News, opinion, regulation, strategy, tokenization, Visa /

How businesses can integrate token technology into existing payment systems 2024-06-13 at 07:02 By Mirko Zorz In this Help Net Security interview, Mark Nelsen, SVP and Global Head of Consumer Product at Visa, discusses the integration of token technology into existing payment systems. How do businesses integrate tokenization into their existing payment systems, and what

How businesses can integrate token technology into existing payment systems Read More »

Maximizing productivity with Copilot for Microsoft 365: A security perspective

access control, Artificial Intelligence, cybersecurity, Don't miss, generative AI, Hot stuff, Microsoft 365, risk, Varonis, Video /

Maximizing productivity with Copilot for Microsoft 365: A security perspective 2024-06-13 at 06:31 By Help Net Security In this Help Net Security video, Brian Vecci, Field CTO at Varonis, talks about maximizing the potential of Microsoft Copilot for 365. He highlights its productivity benefits and addresses critical security challenges, providing actionable steps to ensure safe

Maximizing productivity with Copilot for Microsoft 365: A security perspective Read More »

AWS unveils new and improved security features

access management, Amazon Web Services, cloud security, Compliance, Hot stuff, malware detection, MFA, News, security /

AWS unveils new and improved security features 2024-06-12 at 18:31 By Zeljka Zorz At its annual re:Inforce conference, Amazon Web Services (AWS) has announced new and enhanced security features and tools. Additional multi-factor authentication option To facilitate the concerted push to get customers to secure their accounts with multiple authentication factors, AWS has added support

AWS unveils new and improved security features Read More »

20,000 FortiGate appliances compromised by Chinese hackers

attacks, China, Don't miss, enterprise, Fortinet, Government, government-backed attacks, hardware, Hot stuff, Malware, News, Remote Access Trojan /

20,000 FortiGate appliances compromised by Chinese hackers 2024-06-12 at 14:16 By Zeljka Zorz Coathanger – a piece of malware specifically built to persist on Fortinet’s FortiGate appliances – may still be lurking on too many devices deployed worldwide. How Coathanger persists on FortiGate devices In February 2024, the Dutch Military Intelligence and Security Service (MIVD)

20,000 FortiGate appliances compromised by Chinese hackers Read More »

Open-source security in AI

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, open source, Open Source Technology Improvement Fund, opinion /

Open-source security in AI 2024-06-12 at 07:31 By Help Net Security New AI products are coming onto the market faster than we have seen in any previous technology revolution. Companies’ free access and right to use open source in AI software models has allowed them to prototype an AI product to market cheaper than ever

Open-source security in AI Read More »

Security and privacy strategies for CISOs in a mobile-first world

BYOD, CISO, Cloud, Compliance, cybersecurity, data security, Don't miss, Features, Hot stuff, human error, hybrid workforce, Lookout, mobile devices, News, opinion, strategy, threat /

Security and privacy strategies for CISOs in a mobile-first world 2024-06-12 at 07:01 By Mirko Zorz In this Help Net Security interview, Jim Dolce, CEO at Lookout, discusses securing mobile devices to mitigate escalating cloud threats. He emphasizes that organizations must shift their approach to data security, acknowledging the complexities introduced by mobile access to

Security and privacy strategies for CISOs in a mobile-first world Read More »

Scroll to Top