Hot stuff

5 ways in which FHE can solve blockchain’s privacy problems

blockchain, cybersecurity, data security, Don't miss, Encryption, Expert analysis, Expert corner, framework, Hot stuff, News, opinion, Privacy, supply chain, Zama /

5 ways in which FHE can solve blockchain’s privacy problems 04/09/2023 at 08:02 By Help Net Security Blockchain technology has gained significant traction due to its decentralized nature and immutability, providing transparency and security for various applications, especially in finance. Having gained notoriety during the 2010s with the boom of cryptocurrencies such as Bitcoin, skilled […]

React to this headline:

Loading spinner

5 ways in which FHE can solve blockchain’s privacy problems Read More »

Cisco VPNs with no MFA enabled hit by ransomware groups

Arctic Wolf Networks, brute-force, Cisco, Don't miss, enterprise, Hot stuff, MFA, News, Ransomware, Rapid7, SMBs, VPN /

Cisco VPNs with no MFA enabled hit by ransomware groups 31/08/2023 at 14:46 By Zeljka Zorz Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default

React to this headline:

Loading spinner

Cisco VPNs with no MFA enabled hit by ransomware groups Read More »

Apple offers security researchers specialized iPhones to tinker with

apple, bug bounty, bug hunting, Don't miss, Hot stuff, iOS, News, research /

Apple offers security researchers specialized iPhones to tinker with 31/08/2023 at 13:05 By Helga Labus Apple is inviting security researchers to apply for the Apple Security Research Device Program (SRDP) again, to discover vulnerabilities and earn bug bounties. Apple started the Apple SRDP in 2019. In the intervening years, participating researchers have identified 130 security-critical

React to this headline:

Loading spinner

Apple offers security researchers specialized iPhones to tinker with Read More »

The power of passive OS fingerprinting for accurate IoT device identification

access control, Cato Networks, cybersecurity, DDoS, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, monitoring, network, News, operating system, opinion, policy, SASE, software, TCP/IP /

The power of passive OS fingerprinting for accurate IoT device identification 31/08/2023 at 07:31 By Help Net Security The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create

React to this headline:

Loading spinner

The power of passive OS fingerprinting for accurate IoT device identification Read More »

What does optimal software security analysis look like?

Artificial Intelligence, code analysis, Codean, cybersecurity, Don't miss, Features, fuzzing, Hot stuff, machine learning, News, opinion, software /

What does optimal software security analysis look like? 31/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need

React to this headline:

Loading spinner

What does optimal software security analysis look like? Read More »

ChatGPT on the chopping block as organizations reevaluate AI usage

ChatGPT, CISO, cybersecurity, Don't miss, generative AI, Hot stuff, opinion, strategy, tips, Video /

ChatGPT on the chopping block as organizations reevaluate AI usage 31/08/2023 at 06:31 By Help Net Security ChatGPT has attracted hundreds of millions of users and was initially praised for its transformative potential. However, concerns for safety controls and unpredictability have landed it on IT leaders’ list of apps to ban in the workplace. In

React to this headline:

Loading spinner

ChatGPT on the chopping block as organizations reevaluate AI usage Read More »

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) 30/08/2023 at 14:01 By Helga Labus VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a

React to this headline:

Loading spinner

VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) Read More »

Google launches tool to identify AI-generated images

Artificial Intelligence, Don't miss, Google, Hot stuff, metadata, News /

Google launches tool to identify AI-generated images 30/08/2023 at 12:46 By Helga Labus Google is launching a beta version of SynthID, a tool that identifies and watermarks AI-generated images. The tool will initially be available to a limited number of customers that use Imagen, Google’s cloud-based AI model for generating images from text. Google SynthID

React to this headline:

Loading spinner

Google launches tool to identify AI-generated images Read More »

Is the new OWASP API Top 10 helpful to defenders?

API security, attacks, authentication, automation, bot, Cequence Security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, OWASP, SSO /

Is the new OWASP API Top 10 helpful to defenders? 30/08/2023 at 07:32 By Help Net Security The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated

React to this headline:

Loading spinner

Is the new OWASP API Top 10 helpful to defenders? Read More »

A closer look at the RFI on open-source software security

cybersecurity, Don't miss, Government, Hot stuff, open source, regulation, software, strategy, Tidelift, Video /

A closer look at the RFI on open-source software security 30/08/2023 at 07:02 By Help Net Security The U.S. Office of the National Cyber Director (ONCD) released a request for information (RFI) entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government’s effort to invest in open-source software and

React to this headline:

Loading spinner

A closer look at the RFI on open-source software security Read More »

Qakbot botnet disrupted, malware removed from 700,000+ victim computers

botnet, Don't miss, Europe, Government, Hot stuff, Justice Department, Malware, News, USA /

Qakbot botnet disrupted, malware removed from 700,000+ victim computers 29/08/2023 at 21:19 By Zeljka Zorz The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet,

React to this headline:

Loading spinner

Qakbot botnet disrupted, malware removed from 700,000+ victim computers Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Citrix, Don't miss, exploit, Hot stuff, News, Ransomware, Sophos, vulnerability /

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

React to this headline:

Loading spinner

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

Easy-to-exploit Skype vulnerability reveals users’ IP address

consumer, deanonymization, Don't miss, Hot stuff, Microsoft, mobile apps, News, Privacy, Skype, vulnerability /

Easy-to-exploit Skype vulnerability reveals users’ IP address 29/08/2023 at 13:32 By Zeljka Zorz A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security vulnerability has

React to this headline:

Loading spinner

Easy-to-exploit Skype vulnerability reveals users’ IP address Read More »

What makes a good ASM solution stand out

CISO, Cloud, Cloudflare, cybersecurity, Don't miss, Features, Hot stuff, network, News, ONYPHE, opinion, red team, strategy, Threat Intelligence, tips /

What makes a good ASM solution stand out 29/08/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete. He suggests that organizations should redefine their attack surface concept and discusses proactive measures they can take to strengthen their

React to this headline:

Loading spinner

What makes a good ASM solution stand out Read More »

Is the cybersecurity community’s obsession with compliance counter-productive?

CISO, Compliance, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, phishing, trackd, vulnerability /

Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have

React to this headline:

Loading spinner

Is the cybersecurity community’s obsession with compliance counter-productive? Read More »

11 search engines for cybersecurity research you can use right now

cybersecurity, dark web, Don't miss, FullHunt, GreyNoise, Hot stuff, Intelligence X, Netlas, News, OffSec, ONYPHE, penetration testing, Shodan /

11 search engines for cybersecurity research you can use right now 29/08/2023 at 06:32 By Help Net Security Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding

React to this headline:

Loading spinner

11 search engines for cybersecurity research you can use right now Read More »

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed

Cryptocurrency, data breach, Don't miss, Hot stuff, Kroll, News, phishing, T-Mobile /

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed 28/08/2023 at 14:48 By Helga Labus Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August

React to this headline:

Loading spinner

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

Scroll to Top