Week in review: 11 search engines for cybersecurity research, PoC for RCE in Juniper firewall released 03/09/2023 at 11:05 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Adapting authentication to a cloud-centric landscape In this Help Net Security interview, Florian Forster, CEO at Zitadel, […]
React to this headline:
How Ducktail capitalizes on compromised business, ad accounts 01/09/2023 at 12:04 By Helga Labus Quite some money can be made from selling compromised business and ad accounts on social media platforms, and the Ducktail threat actor has specialized in just that. “We observed that an account deemed ‘low-grade’ sells for around 350,000 Vietnamese dong (~$15
React to this headline:
How Ducktail capitalizes on compromised business, ad accounts Read More »
New infosec products of the week: September 1, 2023 01/09/2023 at 07:32 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Ciphertex Data Security, ComplyCube, Fortinet, and MixMode. Ciphertex strengthens data security with SecureNAS CX-160KSSD-X The SecureNAS CX-160KSSD-X storage unit is powered by an Intel
React to this headline:
New infosec products of the week: September 1, 2023 Read More »
Cybercriminals use research contests to create new attack methods 01/09/2023 at 07:17 By Help Net Security Adversary-sponsored research contests on cybercriminal forums focus on new methods of attack and evasion, according to Sophos. The contests mirror legitimate security conference ‘Call For Papers’ and provide the winners considerable financial rewards and recognition from peers and also
React to this headline:
Cybercriminals use research contests to create new attack methods Read More »
Understand the fine print of your cyber insurance policies 01/09/2023 at 06:32 By Help Net Security A significant gap is emerging between insurance providers, as organizations skip the fine print and seek affordable and comprehensive coverage, potentially putting them in a tough place when they need to use this safety net, according to a Delinea
React to this headline:
Understand the fine print of your cyber insurance policies Read More »
Exploring the traits of effective chief audit executives 01/09/2023 at 06:03 By Help Net Security Chief audit executives (CAEs) have identified risk orientation, stakeholder management, and team leadership as the top three characteristics of the most effective individuals, according to Gartner. In April 2023, Gartner surveyed 114 CAEs across 180 areas to identify the most
React to this headline:
Exploring the traits of effective chief audit executives Read More »
Cisco VPNs with no MFA enabled hit by ransomware groups 31/08/2023 at 14:46 By Zeljka Zorz Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. “In some cases, adversaries have conducted credential stuffing attacks that leveraged weak or default
React to this headline:
Cisco VPNs with no MFA enabled hit by ransomware groups Read More »
Apple offers security researchers specialized iPhones to tinker with 31/08/2023 at 13:05 By Helga Labus Apple is inviting security researchers to apply for the Apple Security Research Device Program (SRDP) again, to discover vulnerabilities and earn bug bounties. Apple started the Apple SRDP in 2019. In the intervening years, participating researchers have identified 130 security-critical
React to this headline:
Apple offers security researchers specialized iPhones to tinker with Read More »
Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store 31/08/2023 at 12:18 By Help Net Security ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since
React to this headline:
Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store Read More »
The power of passive OS fingerprinting for accurate IoT device identification 31/08/2023 at 07:31 By Help Net Security The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create
React to this headline:
The power of passive OS fingerprinting for accurate IoT device identification Read More »
What does optimal software security analysis look like? 31/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need
React to this headline:
What does optimal software security analysis look like? Read More »
The secret habits of top-performing CISOs 31/08/2023 at 06:02 By Help Net Security 69% of top-performing CISOs dedicate recurring time on their calendars for personal professional development, according to Gartner. This is compared with just 36% of bottom-performing CISOs who do so. “As the CISO role continues to rapidly evolve, it becomes even more critical
React to this headline:
The secret habits of top-performing CISOs Read More »
A Fake Signal App Was Planted On Google Play By China-Linked Hackers 30/08/2023 at 17:02 By Thomas Brewster, Forbes Staff Hackers who previously targeted Uyghurs evaded Google Play security checks to push a fake Signal app for Android. It uses a never previously-documented method to spy on the encrypted comms tool. This article is an
React to this headline:
A Fake Signal App Was Planted On Google Play By China-Linked Hackers Read More »
The removal of Qakbot from infected computers is just the first step 30/08/2023 at 14:46 By Zeljka Zorz The Qakbot botnet has been disrupted by an international law enforcement operation that culminated last weekend, when infected computers started getting untethered from it by specially crafted FBI software. Arranging a widespread Qakbot removal The Qakbot administrators
React to this headline:
The removal of Qakbot from infected computers is just the first step Read More »
VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) 30/08/2023 at 14:01 By Helga Labus VMware has patched one critical (CVE-2023-34039) and one high-severity vulnerability (CVE-2023-20890) in Aria Operations for Networks, its popular enterprise network monitoring tool. About the vulnerabilities (CVE-2023-34039, CVE-2023-20890) CVE-2023-34039 is a network bypass vulnerability arising as a result of a
React to this headline:
VMware fixes critical vulnerability in Aria Operations for Networks (CVE-2023-34039) Read More »
Meter collaborates with Cloudflare to launch DNS Security 30/08/2023 at 13:02 By Industry News Meter announced DNS Security, built in partnership with Cloudflare. Meter DNS Security is now widely available for all Meter Network customers, expanding Meter’s existing NaaS offering and saving teams both time and money, while also improving overall network performance and security,
React to this headline:
Meter collaborates with Cloudflare to launch DNS Security Read More »
Google launches tool to identify AI-generated images 30/08/2023 at 12:46 By Helga Labus Google is launching a beta version of SynthID, a tool that identifies and watermarks AI-generated images. The tool will initially be available to a limited number of customers that use Imagen, Google’s cloud-based AI model for generating images from text. Google SynthID
React to this headline:
Google launches tool to identify AI-generated images Read More »
Is the new OWASP API Top 10 helpful to defenders? 30/08/2023 at 07:32 By Help Net Security The OWASP Foundation’s Top Ten lists have helped defenders focus their efforts with respect to specific technologies and the OWASP API (Application Programming Interface) Security Top 10 2023 is no exception. First drafted five years ago and updated
React to this headline:
Is the new OWASP API Top 10 helpful to defenders? Read More »
Velociraptor: Open-source digital forensics and incident response 30/08/2023 at 06:32 By Help Net Security Velociraptor is a sophisticated digital forensics and incident response tool designed to improve your insight into endpoint activities. Velociraptor enables you to conduct precise and rapid collection of digital forensic data across multiple endpoints simultaneously. Persistently gather events from endpoints, including
React to this headline:
Velociraptor: Open-source digital forensics and incident response Read More »
Rising cyber incidents challenge healthcare organizations 30/08/2023 at 06:01 By Help Net Security Healthcare organizations are facing many cybersecurity challenges that require them to increasingly prioritize cybersecurity and compliance, according to Claroty. Threat actors are not only targeting IT systems, but have now set their sights on cyber-physical systems – from IoMT devices, to building
React to this headline:
Rising cyber incidents challenge healthcare organizations Read More »