Hot stuff

CIS SecureSuite membership: Leverage best practices to improve cybersecurity

CIS SecureSuite membership: Leverage best practices to improve cybersecurity 12/09/2023 at 05:45 By Help Net Security Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to […]

React to this headline:

Loading spinner

CIS SecureSuite membership: Leverage best practices to improve cybersecurity Read More »

Microsoft Teams users targeted in phishing attack delivering DarkGate malware

Microsoft Teams users targeted in phishing attack delivering DarkGate malware 11/09/2023 at 13:31 By Helga Labus A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts

React to this headline:

Loading spinner

Microsoft Teams users targeted in phishing attack delivering DarkGate malware Read More »

The blueprint for a highly effective EASM solution

The blueprint for a highly effective EASM solution 11/09/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering hidden

React to this headline:

Loading spinner

The blueprint for a highly effective EASM solution Read More »

Empowering consumer privacy with network security

Empowering consumer privacy with network security 11/09/2023 at 07:38 By Help Net Security Every online interaction hinges on the bedrock of network security. With cyber threats and data breaches making headlines daily, businesses must understand how network security safeguards consumer privacy. In this Help Net Security video, Shawn Edwards, CSO at Zayo Group, discusses how

React to this headline:

Loading spinner

Empowering consumer privacy with network security Read More »

Understanding the dangers of social engineering

Understanding the dangers of social engineering 11/09/2023 at 06:09 By Help Net Security Social engineering is a manipulative technique used by individuals or groups to deceive or manipulate others into divulging confidential or sensitive information, performing actions, or making decisions that are not in their best interest. It often involves exploiting human psychology and trust

React to this headline:

Loading spinner

Understanding the dangers of social engineering Read More »

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269)

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) 08/09/2023 at 14:02 By Zeljka Zorz A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support case,”

React to this headline:

Loading spinner

Unpatched Cisco ASA flaw exploited by attackers (CVE-2023-20269) Read More »

North Korean hackers target security researchers with zero-day exploit

North Korean hackers target security researchers with zero-day exploit 08/09/2023 at 12:32 By Helga Labus North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.

React to this headline:

Loading spinner

North Korean hackers target security researchers with zero-day exploit Read More »

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061)

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) 08/09/2023 at 11:46 By Zeljka Zorz Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The exploit

React to this headline:

Loading spinner

Apple patches two zero-days under attack (CVE-2023-41064, CVE-2023-41061) Read More »

September 2023 Patch Tuesday forecast: Important Federal government news

September 2023 Patch Tuesday forecast: Important Federal government news 08/09/2023 at 08:17 By Help Net Security Microsoft addressed 33 CVEs in Windows 10 and 11 last month after nearly 3x that number in July. But despite the lull in CVEs, they did provide new security updates for Microsoft Exchange Server, .NET Framework, and even SQL

React to this headline:

Loading spinner

September 2023 Patch Tuesday forecast: Important Federal government news Read More »

Best practices for implementing a proper backup strategy

Best practices for implementing a proper backup strategy 08/09/2023 at 07:01 By Help Net Security Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity. In this Help Net Security video, David Boland,

React to this headline:

Loading spinner

Best practices for implementing a proper backup strategy Read More »

How Chinese hackers got their hands on Microsoft’s token signing key

How Chinese hackers got their hands on Microsoft’s token signing key 07/09/2023 at 17:00 By Zeljka Zorz The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere

React to this headline:

Loading spinner

How Chinese hackers got their hands on Microsoft’s token signing key Read More »

MacOS malware has a new trick up its sleeve

MacOS malware has a new trick up its sleeve 07/09/2023 at 15:02 By Helga Labus A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April

React to this headline:

Loading spinner

MacOS malware has a new trick up its sleeve Read More »

LibreOffice: Stability, security, and continued development

LibreOffice: Stability, security, and continued development 07/09/2023 at 08:31 By Zeljka Zorz LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it’s free. The suite includes Writer (word processor), Calc (a spreadsheet app), Impress

React to this headline:

Loading spinner

LibreOffice: Stability, security, and continued development Read More »

3 ways to strike the right balance with generative AI

3 ways to strike the right balance with generative AI 07/09/2023 at 08:02 By Help Net Security To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user

React to this headline:

Loading spinner

3 ways to strike the right balance with generative AI Read More »

How cybercriminals use look-alike domains to impersonate brands

How cybercriminals use look-alike domains to impersonate brands 07/09/2023 at 07:32 By Help Net Security Cybercriminals create hundreds of thousands of counterfeit domains that mimic well-known brands for financial gain. These fake domains serve multiple malicious purposes, such as sending phishing emails, hosting fraudulent websites, rerouting web traffic, and distributing malware. In this Help Net

React to this headline:

Loading spinner

How cybercriminals use look-alike domains to impersonate brands Read More »

Shifting left and right, innovating product security

Shifting left and right, innovating product security 07/09/2023 at 07:03 By Mirko Zorz In this Help Net Security interview, Slava Bronfman, CEO at Cybellum, discusses approaches for achieving product security throughout a device’s entire lifecycle, fostering collaboration across business units and product lines, ensuring transparency and security in the supply chain, and meeting regulatory requirements

React to this headline:

Loading spinner

Shifting left and right, innovating product security Read More »

Old vulnerabilities are still a big problem

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

React to this headline:

Loading spinner

Old vulnerabilities are still a big problem Read More »

Cybercriminals target MS SQL servers to deliver ransomware

Cybercriminals target MS SQL servers to deliver ransomware 06/09/2023 at 16:02 By Helga Labus A cyberattack campaign is targeting exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads. The attack campaign The attackers target exposed MS SQL servers by brute-forcing access credentials. After having successfully authenticated, they start enumerating the

React to this headline:

Loading spinner

Cybercriminals target MS SQL servers to deliver ransomware Read More »

Emerging threat: AI-powered social engineering

Emerging threat: AI-powered social engineering 06/09/2023 at 07:32 By Help Net Security Social engineering is a sophisticated form of manipulation but, thanks to AI advancements, malicious groups have gained access to highly sophisticated tools, suggesting that we might be facing more elaborate social engineering attacks in the future. It is becoming increasingly evident that the

React to this headline:

Loading spinner

Emerging threat: AI-powered social engineering Read More »

Cyber talent gap solutions you need to know

Cyber talent gap solutions you need to know 06/09/2023 at 07:03 By Help Net Security 90% of consumers across the US and UK are concerned about cybersecurity’s future if students aren’t exposed to the field at an earlier age, according to ThreatX. 88% are worried that today’s talent shortage will negatively impact protection of their

React to this headline:

Loading spinner

Cyber talent gap solutions you need to know Read More »

Scroll to Top