News

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach

News, Week in review /

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach 29/10/2023 at 12:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: GOAD: Vulnerable Active Directory environment for practicing attack techniques Game of Active Directory (GOAD) is a free pentesting lab. It provides […]

React to this headline:

Loading spinner

Week in review: VMware patches critical vulnerability, 1Password affected by Okta breach Read More »

Apple news: iLeakage attack, MAC address leakage bug

apple, attack, data theft, Don't miss, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, research, vulnerability /

Apple news: iLeakage attack, MAC address leakage bug 27/10/2023 at 12:31 By Zeljka Zorz On Wednesday, Apple released security updates for all supported branches of iOS and iPadOS, macOS, tvOS, watchOS and Safari. This time around, the updates did not garner as much attention as when they deliver a zero-day fix, though it has to

React to this headline:

Loading spinner

Apple news: iLeakage attack, MAC address leakage bug Read More »

Raven: Open-source CI/CD pipeline security scanner

cybersecurity, Cycode, Don't miss, GitHub, News, open source, scanning /

Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed

React to this headline:

Loading spinner

Raven: Open-source CI/CD pipeline security scanner Read More »

New infosec products of the week: October 27, 2023

Darktrace, Data Theorem, Jumio, Malwarebytes, News, Progress, Wazuh /

New infosec products of the week: October 27, 2023 27/10/2023 at 08:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Darktrace, Data Theorem, Jumio, Malwarebytes, Progress, and Wazuh. Progress Flowmon ADS 12.2 AI offers advanced security event monitoring Flowmon ADS 12.2 harnesses the power

React to this headline:

Loading spinner

New infosec products of the week: October 27, 2023 Read More »

IoT security threats highlight the need for zero trust principles

critical infrastructure, cybercrime, cybercriminals, data, DDoS, IoT, Malware, News, report, survey, zero trust, Zscaler /

IoT security threats highlight the need for zero trust principles 27/10/2023 at 07:31 By Help Net Security The high number of attacks on IoT devices represents a 400% increase in malware compared to the previous year, according to Zscaler. The increasing frequency of malware attacks targeting IoT devices is a significant concern for OT security,

React to this headline:

Loading spinner

IoT security threats highlight the need for zero trust principles Read More »

SMBs at risk as AI misconceptions lead to overconfidence

Artificial Intelligence, cybercriminals, cybersecurity, Devolutions, Malware, News, Ransomware, report, SMBs, survey, training /

SMBs at risk as AI misconceptions lead to overconfidence 27/10/2023 at 07:03 By Help Net Security Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions. Ransomware payments and IoT malware incidents soar Spikes in incidents such as ransomware payments and IoT malware attacks indicate that this year

React to this headline:

Loading spinner

SMBs at risk as AI misconceptions lead to overconfidence Read More »

AI strengthens banking’s defense against fraud

Artificial Intelligence, biometrics, cybersecurity, Entrust, fraud, identity, identity verification, News, online banking, online payment, report, survey /

AI strengthens banking’s defense against fraud 27/10/2023 at 06:32 By Help Net Security Consumers are ready for the next wave of payment technology, including deployment of AI-driven biometrics to verify identity in digital-first account opening processes, according to Entrust. The key to future payment solutions 63% of respondents indicated that they are comfortable with AI

React to this headline:

Loading spinner

AI strengthens banking’s defense against fraud Read More »

AI-related security fears drive 2024 IT spending

Artificial Intelligence, CIO, Cloud, cybersecurity, Gartner, generative AI, investment, News, report, security spending, survey /

AI-related security fears drive 2024 IT spending 27/10/2023 at 06:02 By Help Net Security Worldwide IT spending is projected to total $5.1 trillion in 2024, an increase of 8% from 2023, according to Gartner. 2024 set to see strong public cloud spending growth While generative AI has not yet had a material impact on IT

React to this headline:

Loading spinner

AI-related security fears drive 2024 IT spending Read More »

Humans are still better than AI at crafting phishing emails, but for how long?

Artificial Intelligence, ChatGPT, Don't miss, Hot stuff, IBM, IBM X-Force Red, News, phishing /

Humans are still better than AI at crafting phishing emails, but for how long? 26/10/2023 at 15:17 By Helga Labus Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI The

React to this headline:

Loading spinner

Humans are still better than AI at crafting phishing emails, but for how long? Read More »

Quishing: Tricks to look out for

consumer, Darktrace, Don't miss, enterprise, Hot stuff, Hoxhunt, Kaspersky, Malwarebytes, News, phishing, QR codes, tips /

Quishing: Tricks to look out for 26/10/2023 at 11:01 By Zeljka Zorz QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as connecting to a

React to this headline:

Loading spinner

Quishing: Tricks to look out for Read More »

OT cyber attacks proliferating despite growing cybersecurity spend

CISO, cyber resilience, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IIoT, IoT, NanoLock Security, News, opinion, zero trust /

OT cyber attacks proliferating despite growing cybersecurity spend 26/10/2023 at 07:32 By Help Net Security The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack

React to this headline:

Loading spinner

OT cyber attacks proliferating despite growing cybersecurity spend Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

React to this headline:

Loading spinner

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

Ransomware groups continue to increase their operational tempo

cybercrime, cybercriminals, cybersecurity, GuidePoint Security, News, Ransomware, report, survey /

Ransomware groups continue to increase their operational tempo 26/10/2023 at 06:31 By Help Net Security Q3 of 2023 continued an ongoing surge in ransomware activity, according to GuidePoint Security. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10

React to this headline:

Loading spinner

Ransomware groups continue to increase their operational tempo Read More »

CISOs struggling to understand value of security controls data

Artificial Intelligence, CISO, cybersecurity, data security, News, Panaseer, report, security controls /

CISOs struggling to understand value of security controls data 26/10/2023 at 06:02 By Help Net Security Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. The biggest concern when taking on a new CISO role is receiving an inaccurate audit

React to this headline:

Loading spinner

CISOs struggling to understand value of security controls data Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

React to this headline:

Loading spinner

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)

Don't miss, Hot stuff, News, security update, VMWare, vulnerability /

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual

React to this headline:

Loading spinner

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT

cybersecurity, DHS, Don't miss, Expert analysis, Expert corner, framework, Hot stuff, IoT, News, Nozomi Networks, opinion, policy, resilience, security controls, standards /

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT 25/10/2023 at 07:31 By Help Net Security The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control

React to this headline:

Loading spinner

What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT Read More »

Consumers are taking action to protect their privacy

Artificial Intelligence, Cisco, cybersecurity, data, Data Protection, generative AI, News, Privacy, report, survey /

Consumers are taking action to protect their privacy 25/10/2023 at 06:01 By Help Net Security Younger consumers are taking deliberate action to protect their privacy, as 42% of consumers aged 18-24 exercise their Data Subject Access Rights, compared with just 6% for consumers 75 and older, according to Cisco. Consumers express willingness to share their

React to this headline:

Loading spinner

Consumers are taking action to protect their privacy Read More »

1Password also affected by Okta Support System breach

1Password, authentication, BeyondTrust, CISO, Cloudflare, cybersecurity, Don't miss, Hot stuff, identity protection, News, Okta, privileged identity /

1Password also affected by Okta Support System breach 24/10/2023 at 13:50 By Zeljka Zorz Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,”

React to this headline:

Loading spinner

1Password also affected by Okta Support System breach Read More »

Bracing for AI-enabled ransomware and cyber extortion attacks

APT, Artificial Intelligence, attacks, cybercriminals, cybersecurity, Don't miss, education, Email, Expert analysis, Expert corner, extortion, Hot stuff, Malware, News, opinion, phishing, Ransomware, spear-phishing, Zscaler /

Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to

React to this headline:

Loading spinner

Bracing for AI-enabled ransomware and cyber extortion attacks Read More »

Scroll to Top