How to make developers love security 07/06/2023 at 08:01 By Help Net Security In my last post I discussed how developers can be your security secret weapon… but how to help them love doing security work? That’s a whole other challenge! Stories of the tension between developers and security teams are a longstanding feature of […]
React to this headline:
How to make developers love security Read More »
Embracing realistic simulations in cybersecurity training programs 07/06/2023 at 07:09 By Help Net Security In this Help Net Security video, Ed Adams, CEO of Security Innovation, discusses the shifts in cybersecurity training. 60% of companies now include realistic simulations in their cybersecurity training programs compared to 36% in 2020. According to Security Innovation research, organizations
React to this headline:
Embracing realistic simulations in cybersecurity training programs Read More »
Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element 06/06/2023 at 16:01 By Help Net Security Verizon Business today released the results of its 16th annual Data Breach Investigations Report (2023 DBIR), which analyzed 16,312 security incidents and 5,199 breaches. Chief among its findings is the soaring cost of ransomware – malicious
React to this headline:
Verizon 2023 Data Breach Investigations Report: 74% of breaches involve human element Read More »
Zoom announces privacy enhancements and tools 06/06/2023 at 15:17 By Helga Labus Zoom has introduced a new range of privacy enhancements and tools to make sure users have control over their data and their privacy preferences. These enhancements not only cater to global customers but also include features specifically designed for users in the European
React to this headline:
Zoom announces privacy enhancements and tools Read More »
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims 06/06/2023 at 13:50 By Zeljka Zorz The fallout of the MOVEit Transfer hack via CVE-2023-34362 by the Cl0p gang is expanding, as several UK-based companies have now confirmed that some of their data has been stolen. Victimized organizations The confirmed victims so far are
React to this headline:
MOVEit Transfer hack fallout: BBC, Aer Lingus, Boots among the victims Read More »
Leveraging large language models (LLMs) for corporate security and privacy 06/06/2023 at 07:33 By Help Net Security “Once a new technology rolls over you, if you’re not part of the steamroller, you’re part of the road.” – Stewart Brand The digital world is vast and ever-evolving, and central to this evolution are large language models
React to this headline:
Leveraging large language models (LLMs) for corporate security and privacy Read More »
Generative AI’s influence on data governance and compliance 06/06/2023 at 07:02 By Help Net Security In this Help Net Security video, Michael Rinehart, VP of Artificial Intelligence at Securiti.ai, discusses a dark side to generative AI that isn’t talked about enough. Organizations must remember that anything that goes into the learning process can never be
React to this headline:
Generative AI’s influence on data governance and compliance Read More »
Google extends passkeys to Google Workspace accounts 05/06/2023 at 17:56 By Helga Labus After making passkeys available for consumers in early May, Google is now rolling them out for Google Workspace and Google Cloud accounts. This feature will soon be available (in open beta) for more than 9 million organizations and aims to provide users
React to this headline:
Google extends passkeys to Google Workspace accounts Read More »
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) 05/06/2023 at 15:10 By Zeljka Zorz The zero-day vulnerability attackers have exploited to compromise vulnerable Progress Software’s MOVEit Transfer installations finally has an identification number: CVE-2023-34362. Based on information shared by Mandiant, Rapid7 and other security researchers, the attackers seem to have opportunistically targeted as many
React to this headline:
MOVEit Transfer zero-day was exploited by Cl0p gang (CVE-2023-34362) Read More »
Surveilling your employees? You could be putting your company at risk of attack 05/06/2023 at 08:13 By Help Net Security Are you watching your employees? Though the question may incite thoughts of “Big Brother” and an all-seeing or all-knowing entity, it isn’t quite as ominous as you might think. Employee productivity surveillance technology, or EPST,
React to this headline:
Surveilling your employees? You could be putting your company at risk of attack Read More »
9 free cybersecurity whitepapers you should read 05/06/2023 at 07:30 By Helga Labus In today’s rapidly evolving digital landscape, organizations face constant cyber threats that can compromise their sensitive data, disrupt operations, and damage their reputation. Staying informed about the latest cyberattacks and understanding effective protection methods is crucial. This list of free cybersecurity whitepapers
React to this headline:
9 free cybersecurity whitepapers you should read Read More »
How fraudsters undermine text passcodes 05/06/2023 at 07:17 By Help Net Security Malicious bots are taking new forms – a burst of spam and scam text messages led to 18,000+ consumer complaints at the FCC last year. One of the newest scams – artificial inflation of traffic (AIT) – targets the SMS authentication codes sent
React to this headline:
How fraudsters undermine text passcodes Read More »
Google triples reward for Chrome full chain exploits 02/06/2023 at 15:57 By Helga Labus Google has tripled the full reward amount for the first security bug report that includes a functional full chain exploit of its popular Chrome browser. Six months of higher rewards for a Chrome full chain exploit The Chrome Vulnerability Rewards Program,
React to this headline:
Google triples reward for Chrome full chain exploits Read More »
MOVEit Transfer zero-day attacks: The latest info 02/06/2023 at 12:41 By Zeljka Zorz There’s new information about the zero-day vulnerability in Progress Software’s MOVEit Transfer solution exploited by attackers and – more importantly – patches and helpful instructions for customers. The MOVEit Transfer zero-day and updated mitigation and remediation advice Progress Software has updated the
React to this headline:
MOVEit Transfer zero-day attacks: The latest info Read More »
Qakbot: The trojan that just won’t go away 02/06/2023 at 11:33 By Helga Labus Qakbot (aka Qbot) – banking malware-turned-malware/ransomware distribution network – has been first observed in 2007 and is active to this day. The neverending adaptability of this threat is key to its long-term survival and success. “Qakbot operators tend to reduce or
React to this headline:
Qakbot: The trojan that just won’t go away Read More »
Introducing the book: Cybersecurity First Principles 02/06/2023 at 07:42 By Mirko Zorz In this Help Net Security video interview, Rick Howard, CSO of N2K, Chief Analyst, and Senior Fellow at the Cyberwire, discusses his book – Cybersecurity First Principles: A Reboot of Strategy and Tactics. In the book, Howard challenges the conventional wisdom of current
React to this headline:
Introducing the book: Cybersecurity First Principles Read More »
Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! 01/06/2023 at 18:18 By Zeljka Zorz A critical zero-day vulnerability in Progress Software’s enterprise managed file transfer solution MOVEit Transfer is being exploited by attackers to grab corporate data. “[The vulnerability] could lead to escalated privileges and potential unauthorized access to the environment,” the company warned
React to this headline:
Critical zero-day vulnerability in MOVEit Transfer exploited by attackers! Read More »
Threat actors can exfiltrate data from Google Drive without leaving a trace 01/06/2023 at 15:43 By Zeljka Zorz Google Workspace (formerly G Suite) has a weak spot that can prevent the discovery of data exfiltration from Google Drive by a malicious outsider or insider, Mitiga researchers say. A problem for digital forensic analysts and incident
React to this headline:
Threat actors can exfiltrate data from Google Drive without leaving a trace Read More »
Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS
React to this headline:
Zyxel firewalls under attack by Mirai-like botnet Read More »
Navigating cybersecurity in the age of remote work 01/06/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on
React to this headline:
Navigating cybersecurity in the age of remote work Read More »