What makes a good ASM solution stand out 29/08/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete. He suggests that organizations should redefine their attack surface concept and discusses proactive measures they can take to strengthen their […]
React to this headline:
What makes a good ASM solution stand out Read More »
Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have
React to this headline:
Is the cybersecurity community’s obsession with compliance counter-productive? Read More »
11 search engines for cybersecurity research you can use right now 29/08/2023 at 06:32 By Help Net Security Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding
React to this headline:
11 search engines for cybersecurity research you can use right now Read More »
Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed 28/08/2023 at 14:48 By Helga Labus Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August
React to this headline:
Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed Read More »
PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,
React to this headline:
PoC for no-auth RCE on Juniper firewalls released Read More »
Uncovering a privacy-preserving approach to machine learning 28/08/2023 at 08:01 By Help Net Security In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around the
React to this headline:
Uncovering a privacy-preserving approach to machine learning Read More »
Adapting authentication to a cloud-centric landscape 28/08/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What are
React to this headline:
Adapting authentication to a cloud-centric landscape Read More »
What true diversity in the cybersecurity industry looks like 28/08/2023 at 07:01 By Help Net Security In this Help Net Security video, Larry Whiteside, Jr., CISO at RegScale and President of Cyversity, discusses how, now more than ever, the cybersecurity industry needs the diversity of thought to address the increasingly complex and technology-driven challenges organizations
React to this headline:
What true diversity in the cybersecurity industry looks like Read More »
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address
React to this headline:
Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »
Cybersecurity insurance is missing the risk 25/08/2023 at 08:04 By Help Net Security Cybersecurity insurance is a rapidly growing market, swelling from approximately $13B in 2022 to an estimated $84B in 2030 (26% CAGR), but insurers are struggling with quantifying the potential risks of offering this type of insurance. The traditional actuary models do not
React to this headline:
Cybersecurity insurance is missing the risk Read More »
Google Workspace: New account security, DLP capabilities announced 25/08/2023 at 07:47 By Zeljka Zorz New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of sensitive data more difficult. Some of these options are already available in preview and others will
React to this headline:
Google Workspace: New account security, DLP capabilities announced Read More »
IEEE 802.11az provides security enhancements, solves longstanding problems 25/08/2023 at 07:04 By Mirko Zorz In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improvement from the
React to this headline:
IEEE 802.11az provides security enhancements, solves longstanding problems Read More »
Cloud hosting firms hit by devastating ransomware attack 24/08/2023 at 16:18 By Helga Labus Danish cloud hosting firms CloudNordic and Azero – both owned by Certiqa Holding – have suffered a ransomware attack that resulted in most customer data being stolen and systems and servers rendered inaccessible. The CloudNordic and Azero ransomware attack In the
React to this headline:
Cloud hosting firms hit by devastating ransomware attack Read More »
Bitwarden launches E2EE Secrets Manager 24/08/2023 at 13:24 By Helga Labus Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT and DevOps teams store, manage, automate, and share secrets. About Bitwarden Secrets Manager Bitwarden Secrets Manager stores unlimited secrets – database passwords, API
React to this headline:
Bitwarden launches E2EE Secrets Manager Read More »
Kali Linux 2023.3 released: Kali NetHunter app redesign, 9 new tools, and more! 24/08/2023 at 09:32 By Help Net Security Offensive Security has released Kali Linux 2023.3, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.3 Besides updates to current tools, new versions of Kali typically introduce
React to this headline:
Kali Linux 2023.3 released: Kali NetHunter app redesign, 9 new tools, and more! Read More »
Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many
React to this headline:
Does a secure coding training platform really work? Read More »
How digital identity protects connected cars 24/08/2023 at 06:35 By Help Net Security In this Help Net Security video, Eve Maler, CTO at ForgeRock, discusses how digital identity can help create a more secure connected car experience and what car manufacturers should consider regarding data privacy regulation. The post How digital identity protects connected cars
React to this headline:
How digital identity protects connected cars Read More »
Attackers exploited WinRAR zero-day for months to steal money from brokers (CVE-2023-38831) 23/08/2023 at 18:46 By Zeljka Zorz Financially-motivated attackers have exploited a zero-day vulnerability in WinRAR (CVE-2023-38831) to trick traders into installing malware that would allow them to steal money from broker accounts. “This vulnerability has been exploited since April 2023,” says Group-IB malware
React to this headline:
Surge in identity crime victims reporting suicidal thoughts 23/08/2023 at 15:02 By Helga Labus Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the 2023 Consumer Impact Report from the Identity Theft Resource Center (ITRC) and Experian. The report
React to this headline:
Surge in identity crime victims reporting suicidal thoughts Read More »
Bogus OfficeNote app delivers XLoader macOS malware 23/08/2023 at 14:33 By Helga Labus A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample have appeared on VirusTotal throughout July, indicating that the malware has been widely distributed in the wild,” SentinelOne researchers
React to this headline:
Bogus OfficeNote app delivers XLoader macOS malware Read More »