Six months of SEC’s cyber disclosure rules 2024-06-12 at 06:02 By Help Net Security In this Help Net Security video, Mark Millender, Senior Advisor of Global Executive Engagement at Tanium, discusses the overall sentiment from CISOs of large, public companies on the effectiveness and understanding of SEC’s cyber disclosure rules and common misconceptions and gray […]
Six months of SEC’s cyber disclosure rules Read More »
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) 2024-06-11 at 23:01 By Zeljka Zorz June 2024 Patch Tuesday is here and Microsoft has delivered fixes for a critical MSMQ flaw (CVE-2024-30080) and a RCE vulnerability in Microsoft Outlook (CVE-2024-30103). 49 CVE-numbered vulnerabilities have been fixed in total, none of which have been exploited in
Microsoft fixes RCE vulnerabilities in MSMQ, Outlook (CVE-2024-30080, CVE-2024-30103) Read More »
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the
Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »
Cloud migration expands the CISO role yet again 2024-06-11 at 07:31 By Help Net Security The CISO role used to be focused primarily on information security — creating and implementing policies to safeguard an organization’s data and IT infrastructure from cybersecurity threats. However, as organizations rapidly migrate to cloud environments, the responsibilities and challenges for
Cloud migration expands the CISO role yet again Read More »
Preparing for a career in cybersecurity? Check out these statistics 2024-06-11 at 07:01 By Help Net Security This article includes excerpts from various reports that provide statistics and insights on cybersecurity jobs, skills shortages, and workforce dynamics. Lack of skills and budget slow zero-trust implementation Entrust | 2024 State of Zero Trust & Encryption Study
Preparing for a career in cybersecurity? Check out these statistics Read More »
GDPR turns six: Expert discusses AI impact 2024-06-11 at 06:31 By Help Net Security The European Union’s GDPR policy came into effect six years ago. Since then, it has become widely regarded as the standard for data sharing, but the rise of new technology has questioned its suitability and relevance. In this Help Net Security
GDPR turns six: Expert discusses AI impact Read More »
The number of known Snowflake customer data breaches is rising 2024-06-10 at 15:46 By Zeljka Zorz LendingTree subsidiary QuoteWizard and automotive parts provider Advance Auto Parts have been revealed as victims of attackers who are trying to sell data stolen from Snowflake-hosted cloud databases. Snowflake says that their investigation is still ongoing, but continues to
The number of known Snowflake customer data breaches is rising Read More »
AI’s role in accelerating vulnerability management 2024-06-10 at 08:01 By Help Net Security With its capability to analyze, predict, and automate, AI stands to reshape many corners of business, most notably cybersecurity. In the field of vulnerability management specifically, AI is poised to have a profound impact, enhancing two key areas: Providing quicker analysis and
AI’s role in accelerating vulnerability management Read More »
Radare: Open-source reverse engineering framework 2024-06-10 at 07:32 By Mirko Zorz Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. It can be scripted, modified, and used for batch analysis. “I started the project in 2006 when I was working as a forensic analyst, and I wrote a simple command-line hexadecimal editor to
Radare: Open-source reverse engineering framework Read More »
Windows Recall will be opt-in and the data more secure, Microsoft says 2024-06-07 at 22:02 By Zeljka Zorz The insistent public complaints and proof-of-concept tools have have borne fruit: Microsoft has realized that the security of its recently previewed Windows Recall feature leaves much to be desired, and has announced important changes. About Windows Recall
Windows Recall will be opt-in and the data more secure, Microsoft says Read More »
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that
SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »
June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft 2024-06-07 at 08:16 By Help Net Security May 2024 Patch Tuesday was unusual because we had security updates from Adobe, Apple, Google, Mozilla, and Microsoft on the same day. While individually from each vendor, the updates weren’t that large, managing them together was more challenging. On
June 2024 Patch Tuesday forecast: Multiple announcements from Microsoft Read More »
Unpacking CISA’s AI guidelines 2024-06-07 at 07:01 By Help Net Security CISA’s late April AI and infrastructure guidelines address 16 sectors along with their cybersecurity needs and operations concerning the growth of AI as a tool to build both federal and vendor cybersecurity infrastructure in the federal marketplace. In this Help Net Security video, Tom
Unpacking CISA’s AI guidelines Read More »
Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow
Zyxel patches critical flaws in EOL NAS devices Read More »
Sniffnet: Free, open-source network monitoring 2024-06-06 at 07:01 By Mirko Zorz Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. What sets it apart is its strong focus on user experience. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone, regardless of technical expertise.
Sniffnet: Free, open-source network monitoring Read More »
90% of threats are social engineering 2024-06-06 at 06:32 By Help Net Security In this Help Net Security video, Jakub Kroustek, Malware Research Director at Gen, discusses the Avast Q1 2024 Threat Report. The report highlights significant trends and incidents in cybersecurity. Key findings include: Surge in social engineering attacks: Nearly 90% of threats blocked
90% of threats are social engineering Read More »
Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex
Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »
Kali Linux 2024.2 released: 18 new tools, countless updates 2024-06-05 at 21:31 By Help Net Security Kali Linux 2024.2 is now available. It includes future package compatibility for 32-bit platforms, improvements to GNOME 46 and Xfce, and 18 new tools. Desktop changes Kali 2024.2 introduces GNOME 46, offering a refined experience that builds on the
Kali Linux 2024.2 released: 18 new tools, countless updates Read More »
TotalRecall shows how easily data collected by Windows Recall can be stolen 2024-06-05 at 13:16 By Zeljka Zorz Ethical hacker Alexander Hagenah has created TotalRecall, a tool that demonstrates how malicious individuals could abuse Windows’ newly announced Recall feature to steal sensitive information. TotalRecall results (Source: Alexander Hagenah) Copilot+ Recall and its security pitfalls On
TotalRecall shows how easily data collected by Windows Recall can be stolen Read More »
No summer break for cybercrime: Why educational institutions need better cyber resilience 2024-06-05 at 07:31 By Help Net Security The education system isn’t equipped to handle today’s cyberthreats. I’m not just talking about cybersecurity education in schools shaping the technical workforce of the future – America’s schools themselves are prime targets for cybercrime today. In