Patch actively exploited Microsoft SharePoint bug, CISA orders federal agencies (CVE-2023-24955) 2024-03-28 at 12:32 By Zeljka Zorz The Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-24955 – a code injection vulnerability that allows authenticated attackers to execute code remotely on a vulnerable Microsoft SharePoint Server – to its KEV catalog and is demanding that […]
Debunking compliance myths in the digital era 2024-03-28 at 08:02 By Help Net Security Despite recent economic fluctuations, the software-as-a-service (SaaS) market isn’t letting up. The industry is set to grow annually by over 18% and be valued at $908.21 billion by 2030. It’s evident the industry is fueled by an increasing reliance on software
Debunking compliance myths in the digital era Read More »
How CISOs tackle business payment fraud 2024-03-28 at 07:01 By Help Net Security In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These are
How CISOs tackle business payment fraud Read More »
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022) 2024-03-27 at 13:16 By Zeljka Zorz Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi Lumelsky, a researcher at Oligo
Attackers leverage weaponized iMessages, new phishing-as-a-service platform 2024-03-27 at 12:31 By Zeljka Zorz Scammers are leveraging the Darcula phishing-as-a-service platform, iMessages and Google Messages to great effect. The platform allows them to impersonate a variety of brands based in over 100 different countries: postal services, public and private utilities, packet delivery services, financial institutions, government
Attackers leverage weaponized iMessages, new phishing-as-a-service platform Read More »
How security leaders can ease healthcare workers’ EHR-related burnout 2024-03-27 at 08:05 By Help Net Security Staff experiencing burnout in healthcare settings is not something that security leaders typically worry about – unless, maybe, it is the security team itself that is suffering from it. Healthcare CISOs and privacy officers worry more about the confidentiality
How security leaders can ease healthcare workers’ EHR-related burnout Read More »
Cybersecurity jobs available right now: March 27, 2024 2024-03-27 at 07:31 By Mirko Zorz Cyber Product Owner UBS | Israel | On-site – View job details Your primary responsibilities will include owning and managing application security testing products, collaborating with the cyber hygiene operational team, and understanding their needs. You will also engage with the
Cybersecurity jobs available right now: March 27, 2024 Read More »
Essential elements of a strong data protection strategy 2024-03-27 at 07:01 By Mirko Zorz In this Help Net Security interview, Matt Waxman, SVP and GM for data protection at Veritas Technologies, discusses the components of a robust data protection strategy, emphasizing the escalating threat of ransomware. He highlights the importance of backup and recovery protocols
Essential elements of a strong data protection strategy Read More »
Drozer: Open-source Android security assessment framework 2024-03-27 at 06:32 By Mirko Zorz Drozer is an open-source security testing framework for Android, whose primary purpose is to make the life of mobile application security testers easier. Drozer features The solution enables the identification of security vulnerabilities in applications and devices by taking on the role of
Drozer: Open-source Android security assessment framework Read More »
Cybersecurity essentials during M&A surge 2024-03-27 at 06:01 By Help Net Security The volume of mergers and acquisitions has surged significantly this quarter. Data from Dealogic shows a 130% increase in US M&A activity, totaling $288 billion. Worldwide M&A has also seen a substantial uptick, rising by 56% to $453 billion. Considering the rise in
Cybersecurity essentials during M&A surge Read More »
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns 2024-03-26 at 15:31 By Zeljka Zorz Around 12% of the 45,000 or so Microsoft Exchange servers in Germany that can be accessed from the Internet without restrictions “are so outdated that security updates are no longer offered for them,” the German Federal Office
17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns Read More »
Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that
Apps secretly turning devices into proxy network nodes removed from Google Play Read More »
Reinforcement learning is the path forward for AI integration into cybersecurity 2024-03-26 at 08:01 By Help Net Security AI’s algorithms and machine learning can cull through immense volumes of data efficiently and in a relatively short amount of time. This is instrumental to helping network defenders sift through a never-ending supply of alerts and identify
Reinforcement learning is the path forward for AI integration into cybersecurity Read More »
Strengthening critical infrastructure cybersecurity is a balancing act 2024-03-26 at 07:31 By Mirko Zorz In this Help Net Security interview, Aaron Crow, Senior Director at MorganFranklin Consulting, discusses critical infrastructure cybersecurity strategies, barriers to threat information sharing, and innovative technologies enhancing resilience against cyberattacks. How do current cybersecurity strategies address the critical infrastructure sectors’ unique
Strengthening critical infrastructure cybersecurity is a balancing act Read More »
How threat intelligence data maximizes business operations 2024-03-26 at 07:02 By Help Net Security Threat intelligence is no longer a ‘nice to have’ for organizations but a ‘must,’ as it provides leaders with critical insight into their business. If leveraged correctly, threat intelligence is not just a cybersecurity asset but also gives organizations a new
How threat intelligence data maximizes business operations Read More »
Scammers steal millions from FTX, BlockFi claimants 2024-03-25 at 14:56 By Zeljka Zorz Customers of bankrupt crypto platform BlockFi have been targeted with a very convincing phishing email impersonating the platform, asking them to connect their wallet to complete the withdrawal of remaining funds. Judging by this Reddit thread, many have fallen for the scam
Scammers steal millions from FTX, BlockFi claimants Read More »
APT29 hit German political parties with bogus invites and malware 2024-03-25 at 11:46 By Zeljka Zorz APT29 (aka Cozy Bear, aka Midnight Blizzard) has been spotted targeting German political parties for the first time, Mandiant researchers have shared. Phishing leading to malware The attack started in late February 2024, with phishing emails containing bogus invitations
APT29 hit German political parties with bogus invites and malware Read More »
20 essential open-source cybersecurity tools that save you time 2024-03-25 at 08:01 By Mirko Zorz Open-source software’s adaptive nature ensures its durability, relevance, and compatibility with new technologies. When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of
20 essential open-source cybersecurity tools that save you time Read More »
How immersive AI transforms skill development 2024-03-25 at 07:01 By Help Net Security Organizations are becoming more laser-focused on extracting the value of AI, moving from the experimentation phase toward adoption. While the potential for AI is limitless, AI expertise sadly is not. In this Help Net Security video, David Harris, Principal Generative AI Author
How immersive AI transforms skill development Read More »
US organizations targeted with emails delivering NetSupport RAT 2024-03-22 at 15:08 By Helga Labus Employees at US-based organizations are being targeted with emails delivering NetSupport RAT malware via “nuanced” exploitation and by using an advanced detection evasion method. The malware campaign The campaign, dubbed PhantomBlu, takes the form of email messages purportedly coming from a
US organizations targeted with emails delivering NetSupport RAT Read More »