News

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400)

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) 2024-04-12 at 10:46 By Zeljka Zorz Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo Alto Networks’ firewalls, the company has warned, and urged customers to implement temporary mitigations and get in touch to check whether their devices have been compromised. “Palo Alto Networks is …

Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Read More »

React to this headline:

Loading spinner

Strategies to cultivate collaboration between NetOps and SecOps

Strategies to cultivate collaboration between NetOps and SecOps 2024-04-12 at 07:31 By Mirko Zorz In this Help Net Security interview, Debby Briggs, CISO at Netscout, discusses breaking down silos between NetOps and SecOps. Practical steps include scheduling strategy meetings, understanding communication preferences, and fostering team collaboration. With evolving cloud models, collaboration and clear role assignments …

Strategies to cultivate collaboration between NetOps and SecOps Read More »

React to this headline:

Loading spinner

Why women struggle in the cybersecurity industry

Why women struggle in the cybersecurity industry 2024-04-12 at 06:31 By Help Net Security The workplace experiences of women in cybersecurity are dramatically worse than men across virtually every category, according to a WiCyS and Aleria survey. Previous studies have illustrated that the representation of women in cybersecurity is much lower than it should be, …

Why women struggle in the cybersecurity industry Read More »

React to this headline:

Loading spinner

CISA warns about Sisense data breach

CISA warns about Sisense data breach 2024-04-11 at 17:31 By Zeljka Zorz Business intelligence / data analytics software vendor Sisense has apparently suffered a data breach that spurred the company and the US Cybersecurity and Infrastructure Security Agency to push the company’s customers to “reset credentials and secrets potentially exposed to, or used to access, …

CISA warns about Sisense data breach Read More »

React to this headline:

Loading spinner

Ransomware group maturity should influence ransom payment decision

Ransomware group maturity should influence ransom payment decision 2024-04-11 at 16:16 By Zeljka Zorz Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from attackers’ servers, and/or not leaked online. The decision will depend on …

Ransomware group maturity should influence ransom payment decision Read More »

React to this headline:

Loading spinner

How Google’s 90-day TLS certificate validity proposal will affect enterprises

How Google’s 90-day TLS certificate validity proposal will affect enterprises 2024-04-11 at 08:01 By Help Net Security Announced last year, Google’s proposal to reduce the lifespan of TLS (transport layer security) certificates from 13 months to 90 days could be implemented in the near future. It will certainly improve security and shrink the window of …

How Google’s 90-day TLS certificate validity proposal will affect enterprises Read More »

React to this headline:

Loading spinner

Leveraging AI for enhanced compliance and governance

Leveraging AI for enhanced compliance and governance 2024-04-11 at 07:31 By Mirko Zorz In this Help Net Security interview, Dr. Joseph Sweeney, Advisor at IBRS, discusses the risks of integrating AI into information management systems. He talks about emerging trends such as content cognition. He predicts advancements in AI-driven information management tools, as well as …

Leveraging AI for enhanced compliance and governance Read More »

React to this headline:

Loading spinner

Graylog: Open-source log management

Graylog: Open-source log management 2024-04-11 at 07:01 By Mirko Zorz Graylog is an open-source solution with centralized log management capabilities. It enables teams to collect, store, and analyze data to get answers to security, application, and IT infrastructure questions. Graylog key features It is easy to install with a standard tech stack, combined with support …

Graylog: Open-source log management Read More »

React to this headline:

Loading spinner

37% of publicly shared files expose personal information

37% of publicly shared files expose personal information 2024-04-11 at 06:31 By Help Net Security Many sensitive documents stored on platforms such as Google Drive, Slack, and other collaborative work applications have been left unattended for several months or even years. This has led to data sprawl challenges for companies and significant data security threats …

37% of publicly shared files expose personal information Read More »

React to this headline:

Loading spinner

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order 2024-04-10 at 21:01 By New Mexico Governor Michelle Lujan Grisham issued an Executive Order to shore up the state’s cybersecurity readiness and better safeguard sensitive data by conducting a state-wide security assessment and adopting National Institute of Standards and Technology (NIST) standards by Nov. …

Trustwave Government Solutions (TGS) Salutes New Mexico’s New Cybersecurity Executive Order Read More »

React to this headline:

Loading spinner

New covert SharePoint data exfiltration techniques revealed

New covert SharePoint data exfiltration techniques revealed 2024-04-10 at 18:10 By Zeljka Zorz Varonis Threat Labs researchers have uncovered two techniques attackers can use can use for covert data and file exfiltration from companies’ SharePoint server. “These techniques can bypass the detection and enforcement policies of traditional tools, such as cloud access security brokers, data …

New covert SharePoint data exfiltration techniques revealed Read More »

React to this headline:

Loading spinner

IT pros targeted with malicious Google ads for PuTTY, FileZilla

IT pros targeted with malicious Google ads for PuTTY, FileZilla 2024-04-10 at 14:48 By Zeljka Zorz An ongoing malvertising campaign is targeting IT administrators looking to download system utilities such as PuTTY (a free SSH and Telnet client) and FileZilla (a free cross-platform FTP application). “We have reported this campaign to Google but no action …

IT pros targeted with malicious Google ads for PuTTY, FileZilla Read More »

React to this headline:

Loading spinner

Why are many businesses turning to third-party security partners?

Why are many businesses turning to third-party security partners? 2024-04-10 at 08:03 By Help Net Security In 2023, 71% of organizations across various industries reported that their business feels the impact of the ongoing cybersecurity skills shortage. Many companies have been forced to scale back their cybersecurity programs as they struggle to find experienced candidates …

Why are many businesses turning to third-party security partners? Read More »

React to this headline:

Loading spinner

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime 2024-04-10 at 07:31 By Zeljka Zorz In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean …

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime Read More »

React to this headline:

Loading spinner

Cybersecurity jobs available right now: April 10, 2024

Cybersecurity jobs available right now: April 10, 2024 2024-04-10 at 06:32 By Mirko Zorz Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident Response …

Cybersecurity jobs available right now: April 10, 2024 Read More »

React to this headline:

Loading spinner

GSMA releases Mobile Threat Intelligence Framework

GSMA releases Mobile Threat Intelligence Framework 2024-04-10 at 06:01 By Help Net Security GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The Mobile Threat …

GSMA releases Mobile Threat Intelligence Framework Read More »

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being …

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

React to this headline:

Loading spinner

LG smart TVs may be taken over by remote attackers

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search …

LG smart TVs may be taken over by remote attackers Read More »

React to this headline:

Loading spinner

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them 2024-04-09 at 17:31 By Zeljka Zorz Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced. What does the feature do? Google Workspace (formerly G Suite) is a cloud-based set of productivity …

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them Read More »

React to this headline:

Loading spinner

New Latrodectus loader steps in for Qbot

New Latrodectus loader steps in for Qbot 2024-04-09 at 14:02 By Zeljka Zorz New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observed being distributed by TA577, an …

New Latrodectus loader steps in for Qbot Read More »

React to this headline:

Loading spinner
Scroll to Top