News

Active network of North Korean IT front companies exposed

China, Don't miss, Hot stuff, Insider Threat, News, North Korea, Palo Alto Networks, SentinelOne, software development, tips, USA /

Active network of North Korean IT front companies exposed 2024-11-21 at 16:18 By Zeljka Zorz An analysis of the websites belonging to companies that served as a front for getting North Korean IT workers remote jobs with businesses worldwide has revealed an active network of such companies originating in China. Unearthing North Korean IT front […]

React to this headline:

Loading spinner

Active network of North Korean IT front companies exposed Read More »

2,000 Palo Alto Networks devices compromised in latest attacks

CVE, Don't miss, enterprise, firewall, Hot stuff, India, News, Palo Alto Networks, Shadowserver, USA /

2,000 Palo Alto Networks devices compromised in latest attacks 2024-11-21 at 13:27 By Zeljka Zorz Attackers have compromised around 2,000 Palo Alto Networks firewalls by leveraging the two recently patched zero-days (CVE-2024-0012 and CVE-2024-9474), Shadowserver Foundation’s internet-wide scanning has revealed. Compromised devices are predominantly located in the US and India, the nonprofit says. Manual and

React to this headline:

Loading spinner

2,000 Palo Alto Networks devices compromised in latest attacks Read More »

Researchers unearth two previously unknown Linux backdoors

APT, backdoor, cybersecurity, Don't miss, ESET, Hot stuff, Linux, Malware, News, threat, VirusTotal /

Researchers unearth two previously unknown Linux backdoors 2024-11-21 at 12:12 By Help Net Security ESET researchers have identified multiple samples of two previously unknown Linux backdoors: WolfsBane and FireWood. The goal of the backdoors and tools discovered is cyberespionage that targets sensitive data such as system information, user credentials, and specific files and directories. These

React to this headline:

Loading spinner

Researchers unearth two previously unknown Linux backdoors Read More »

Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service

CERT, CERT-UA, News, skill development, Ukraine /

Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service 2024-11-21 at 10:58 By Help Net Security The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the simulation training platform Cyber Ranges to unveil TRYZUB, a cyber resilience training and

React to this headline:

Loading spinner

Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service Read More »

AxoSyslog: Open-source scalable security data processor

cybersecurity, Don't miss, GitHub, News, open source, software /

AxoSyslog: Open-source scalable security data processor 2024-11-21 at 08:52 By Mirko Zorz AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more cloud-ready: we packaged syslog-ng in a container, added helm charts, and made it more suitable for use

React to this headline:

Loading spinner

AxoSyslog: Open-source scalable security data processor Read More »

Product showcase: Augmenting penetration testing with Plainsea

cybersecurity, Don't miss, Hot stuff, News, penetration testing, Plainsea, Product showcase /

Product showcase: Augmenting penetration testing with Plainsea 2024-11-21 at 08:03 By Help Net Security Human-led penetration testing is an essential practice for any organization seeking to proactively address potential attack vectors. However, this indispensable pentesting method is often limited by several factors: high resource demands, project time constraints, dispersed communication, and lack of continuous visibility

React to this headline:

Loading spinner

Product showcase: Augmenting penetration testing with Plainsea Read More »

CWE top 25 most dangerous software weaknesses

CVE, cybersecurity, Don't miss, Hot stuff, News, vulnerability /

CWE top 25 most dangerous software weaknesses 2024-11-21 at 07:33 By Help Net Security The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence. The CWE

React to this headline:

Loading spinner

CWE top 25 most dangerous software weaknesses Read More »

Enhancing visibility for better security in multi-cloud and hybrid environments

cloud security, Compliance, cybersecurity, data loss prevention, Don't miss, Features, Hot stuff, News, opinion, RAD Security, standards, strategy, threats /

Enhancing visibility for better security in multi-cloud and hybrid environments 2024-11-21 at 07:03 By Mirko Zorz In this Help Net Security interview, Brooke Motta, CEO of RAD Security, talks about how cloud-specific threats have evolved and what companies should be watching out for. She discusses the growing complexity of cloud environments and the importance of

React to this headline:

Loading spinner

Enhancing visibility for better security in multi-cloud and hybrid environments Read More »

Full recovery from breaches takes longer than expected

cybersecurity, disaster recovery, Fastly, News, report, software, survey /

Full recovery from breaches takes longer than expected 2024-11-21 at 06:03 By Help Net Security In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches – 25% longer than expected and over a month past the anticipated timeline of 5.9 months, according to Fastly. Cybersecurity leaders feel unprepared for future

React to this headline:

Loading spinner

Full recovery from breaches takes longer than expected Read More »

GitHub Secure Open Source Fund: Project maintainers, apply now!

Don't miss, education, GitHub, Hot stuff, News, open source, software development /

GitHub Secure Open Source Fund: Project maintainers, apply now! 2024-11-20 at 15:42 By Zeljka Zorz GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and sustainability of their software. The program is funded by companies (AmEx

React to this headline:

Loading spinner

GitHub Secure Open Source Fund: Project maintainers, apply now! Read More »

Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0

Linux, News, Oracle /

Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 2024-11-20 at 15:42 By Help Net Security Oracle Linux offers a secure, streamlined platform for deploying and managing applications across on-premises, cloud, and edge environments. Designed for demanding workloads, it includes tools for automation, virtualization, high availability, cloud-native development, Kubernetes, and more. Oracle

React to this headline:

Loading spinner

Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0 Read More »

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308)

0-day, apple, Don't miss, Google, Hot stuff, iOS, iPad, macOS, News /

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) 2024-11-20 at 12:50 By Zeljka Zorz Apple has released emergency security updates for macOS Sequoia that fix two zero-day vulnerabilities (CVE-2024-44309, CVE-2024-44308) that “may have been actively exploited on Intel-based Mac systems”. About CVE-2024-44309 and CVE-2024-44308 CVE-2024-44309 affects WebKit, the browser engine used in

React to this headline:

Loading spinner

Apple fixes 2 zero-days exploited to breach macOS systems (CVE-2024-44309, CVE-2024-44308) Read More »

Five backup lessons learned from the UnitedHealth ransomware attack

backup, Continuity, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, strategy, tips /

Five backup lessons learned from the UnitedHealth ransomware attack 2024-11-20 at 08:19 By Help Net Security The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker scrutiny and potential legislation.  Over the past few months, there have been two congressional hearings on the attack

React to this headline:

Loading spinner

Five backup lessons learned from the UnitedHealth ransomware attack Read More »

Debunking myths about open-source security

Artificial Intelligence, Canonical, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, open source, opinion /

Debunking myths about open-source security 2024-11-20 at 07:31 By Mirko Zorz In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel them. She explains how open-source solutions, contrary to myths, offer enterprise-grade maturity, reliability, and transparency. Domas also shares key

React to this headline:

Loading spinner

Debunking myths about open-source security Read More »

Cybersecurity jobs available right now: November 20, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: November 20, 2024 2024-11-20 at 06:37 By Anamarija Pogorelec Application Security Engineer ENOC | UAE | On-site – View job details As an Application Security Engineer, you will establish and maintain DLP policies to prevent unauthorized access, transmission, or disclosure of sensitive data, focusing on both on-premises and cloud environments.

React to this headline:

Loading spinner

Cybersecurity jobs available right now: November 20, 2024 Read More »

Overreliance on GenAI to develop software compromises security

automation, generative AI, Legit Security, News, report, software development, survey /

Overreliance on GenAI to develop software compromises security 2024-11-20 at 06:07 By Help Net Security GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and productivity, according to Legit Security. “As GenAI transforms software development and becomes increasingly embedded in the

React to this headline:

Loading spinner

Overreliance on GenAI to develop software compromises security Read More »

Microsoft announces Zero Day Quest hacking event with big rewards

bug bounty, bug hunting, Don't miss, Microsoft, News /

Microsoft announces Zero Day Quest hacking event with big rewards 2024-11-19 at 21:19 By Mirko Zorz Microsoft is enhancing its bug bounty initiatives with the launch of the Zero Day Quest hacking event. With $4 million in potential rewards, it focuses on driving research in critical areas such as cloud computing and AI. Event focus

React to this headline:

Loading spinner

Microsoft announces Zero Day Quest hacking event with big rewards Read More »

Microsoft announces new and improved Windows 11 security features

Application Security, Data Protection, Don't miss, Hot stuff, Microsoft, News, privileged accounts, Windows /

Microsoft announces new and improved Windows 11 security features 2024-11-19 at 21:04 By Zeljka Zorz Microsoft has implemented some and is working on delivering several other security-related features and improvements for Windows 11. Administrator protection will allow users to make system changes on their PCs without having administrator rights (that can be abused by attackers

React to this headline:

Loading spinner

Microsoft announces new and improved Windows 11 security features Read More »

Microsoft plans to boot security vendors out of the Windows kernel

antivirus, cyber resilience, Don't miss, Hot stuff, News, security testing, Windows /

Microsoft plans to boot security vendors out of the Windows kernel 2024-11-19 at 20:48 By Zeljka Zorz Microsoft has announced the Windows Resiliency Initiative, aimed at avoiding a repeat of the prolonged worldwide IT outage caused by a buggy CrowdStrike update that took down millions of Windows machines and rendered them remotely unfixable. As part

React to this headline:

Loading spinner

Microsoft plans to boot security vendors out of the Windows kernel Read More »

Windows 365 Link: Connect securely to Windows 365

Cloud, hardware, Microsoft, News /

Windows 365 Link: Connect securely to Windows 365 2024-11-19 at 18:55 By Mirko Zorz Microsoft unveiled Windows 365 Link, their first purpose-built Cloud PC device for instant, secure connection to Windows 365. Sign-in screen with USB security key option (Source: Microsoft) Windows 365 Link prioritizes security “We have heard concerns from IT pros about the

React to this headline:

Loading spinner

Windows 365 Link: Connect securely to Windows 365 Read More »

Scroll to Top