Hot stuff

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web […]

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

React to this headline:

Loading spinner

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

15 free Microsoft 365 security training modules worth your time

Don't miss, Hot stuff, how-to, Microsoft, Microsoft 365, News, skill development, strategy, tips /

15 free Microsoft 365 security training modules worth your time 11/10/2023 at 07:32 By Help Net Security Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Microsoft 365 can be difficult for

React to this headline:

Loading spinner

15 free Microsoft 365 security training modules worth your time Read More »

How cyber fusion is helping enterprises modernize security operations

Cloud, collaboration, cybersecurity, Cyware, Don't miss, Hot stuff, orchestration, security operations, SOC, threat hunting, Video /

How cyber fusion is helping enterprises modernize security operations 11/10/2023 at 07:02 By Help Net Security In this Help Net Security video, Anuj Goel, CEO at Cyware, explains how cyber fusion is helping enterprises modernize their security operations and turn their SOC from reactive to proactive. The post How cyber fusion is helping enterprises modernize

React to this headline:

Loading spinner

How cyber fusion is helping enterprises modernize security operations Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

React to this headline:

Loading spinner

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Why zero trust delivers even more resilience than you think

access management, attack, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetScaler, News, opinion, policy, remediation, zero trust /

Why zero trust delivers even more resilience than you think 10/10/2023 at 08:04 By Help Net Security Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

React to this headline:

Loading spinner

Why zero trust delivers even more resilience than you think Read More »

Turning military veterans into cybersecurity experts

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, TechVets, Threat Intelligence, threats, training /

Turning military veterans into cybersecurity experts 10/10/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in

React to this headline:

Loading spinner

Turning military veterans into cybersecurity experts Read More »

Why security is the bedrock of success for mainframe projects

Cloud, cybersecurity, Don't miss, Hot stuff, Kyndryl, mainframe security, skill development, strategy, training, Video /

Why security is the bedrock of success for mainframe projects 10/10/2023 at 07:02 By Help Net Security Enterprises looking to update their mission-critical operations are approaching modernization in three ways – modernizing on the mainframe, integrating with the hyperscalers, or moving off to the cloud, according to a recent Kyndryl report. Almost all respondents use

React to this headline:

Loading spinner

Why security is the bedrock of success for mainframe projects Read More »

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC

DMARC, Don't miss, Email, enterprise, Hot stuff, Microsoft, Microsoft 365, News, spam /

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC 09/10/2023 at 13:32 By Helga Labus In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication methods. “These Domain Name Service (DNS) email authentication records verify that

React to this headline:

Loading spinner

Microsoft 365 email senders urged to implement SPF, DKIM and DMARC Read More »

Selective disclosure in the identity wallet: How users share the data that is really needed

authentication, cyberattack, cybersecurity, data, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, IDnow, News, opinion, Privacy /

Selective disclosure in the identity wallet: How users share the data that is really needed 09/10/2023 at 07:46 By Help Net Security Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals for digital services. Although companies

React to this headline:

Loading spinner

Selective disclosure in the identity wallet: How users share the data that is really needed Read More »

Automotive cybersecurity: A decade of progress and challenges

attacks, automotive security, connected cars, cybersecurity, Don't miss, Hot stuff, IOActive, threats, Video, vulnerability /

Automotive cybersecurity: A decade of progress and challenges 09/10/2023 at 07:31 By Help Net Security As connected cars become a standard feature in the market, the significance of automotive cybersecurity rises, playing an essential role in ensuring the safety of road users. In this Help Net Security video, Samantha Beaumont, Principal Security Consultant at IOActive,

React to this headline:

Loading spinner

Automotive cybersecurity: A decade of progress and challenges Read More »

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty

0-day, apple, Chrome, CVE, Don't miss, Expert analysis, Google, Hot stuff, Ivanti, Microsoft, Mozilla, Patch Tuesday, predictions /

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty 06/10/2023 at 07:47 By Help Net Security September has been a packed month of continuous updates. New operating systems were released from Apple and Microsoft, and several vulnerabilities exploited in web services resulted in a domino effect of zero-day releases for many vendors. If

React to this headline:

Loading spinner

October 2023 Patch Tuesday forecast: Operating system updates and zero-days aplenty Read More »

Are executives adequately guarding their gadgets?

Agency, attacks, backdoor, BYOD, CISO, cyberattack, cybersecurity, Don't miss, Hot stuff, MFA, Privacy, Video /

Are executives adequately guarding their gadgets? 06/10/2023 at 07:02 By Help Net Security Today, individual citizens, rather than businesses or governmental bodies, are the main entry points for cyberattacks. However, security solutions haven’t evolved sufficiently to guard public figures and leaders as they do for large corporate entities. In this Help Net Security video, Amir

React to this headline:

Loading spinner

Are executives adequately guarding their gadgets? Read More »

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911)

Debian, Don't miss, Fedora, Hot stuff, Linux, News, PoC, Qualys, Red Hat, security update, Ubuntu, vulnerability /

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) 05/10/2023 at 16:17 By Zeljka Zorz A vulnerability (CVE-2023-4911) in the GNU C Library (aka “glibc”) can be exploited by attackers to gain root privileges on many popular Linux distributions, according to Qualys researchers. About CVE-2023-4911 Dubbed “Looney Tunables”, CVE-2023-4911 is a buffer overflow vulnerability

React to this headline:

Loading spinner

“Looney Tunables” bug allows root access on Linux distros (CVE-2023-4911) Read More »

Apple patches another iOS zero-day under attack (CVE-2023-42824)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, News, security update, vulnerability /

Apple patches another iOS zero-day under attack (CVE-2023-42824) 05/10/2023 at 13:47 By Helga Labus Apple has released a security update for iOS and iPadOS to fix another zero-day vulnerability (CVE-2023-42824) exploited in the wild. About the vulnerability (CVE-2023-42824) CVE-2023-42824 is a kernel vulnerability that could allow a local threat actor to elevate its privileges on

React to this headline:

Loading spinner

Apple patches another iOS zero-day under attack (CVE-2023-42824) Read More »

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515)

0-day, Atlassian, Atlassian Confluence, Don't miss, Hot stuff, News, Rapid7, security update, vulnerability /

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) 05/10/2023 at 13:02 By Helga Labus Atlassian has fixed a critical zero-day vulnerability (CVE-2023-22515) in Confluence Data Center and Server that is being exploited in the wild. “Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited

React to this headline:

Loading spinner

Critical Atlassian Confluence zero-day exploited by attackers (CVE-2023-22515) Read More »

Eyes everywhere: How to safely navigate the IoT video revolution

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Internet of Things, IoT, Nabto, News, opinion, passwords, Privacy, software /

Eyes everywhere: How to safely navigate the IoT video revolution 05/10/2023 at 12:31 By Help Net Security Cameras are coming to a connected device near you. Cheap image sensors from old mobile phones are flooding the market and bringing video to the Internet of Things (IoT). Vacuum cleaners, bird feeders, connected cars and even smart

React to this headline:

Loading spinner

Eyes everywhere: How to safely navigate the IoT video revolution Read More »

Scroll to Top