News

Qakbot botnet disrupted, malware removed from 700,000+ victim computers

botnet, Don't miss, Europe, Government, Hot stuff, Justice Department, Malware, News, USA /

Qakbot botnet disrupted, malware removed from 700,000+ victim computers 29/08/2023 at 21:19 By Zeljka Zorz The Qakbot botnet has been crippled by the US Department of Justice (DOJ): 52 of its servers have been seized and the popular malware loader has been removed from over 700,000 victim computers around the world. “To disrupt the botnet, […]

React to this headline:

Loading spinner

Qakbot botnet disrupted, malware removed from 700,000+ victim computers Read More »

Okta for Global 2000 gives CEOs flexibility to centralize or decentralize their business strategy

Industry news, News, Okta /

Okta for Global 2000 gives CEOs flexibility to centralize or decentralize their business strategy 29/08/2023 at 18:05 By Industry News Okta announced Okta for Global 2000, a solution designed to give the world’s largest organizations choice in how they run their technology infrastructure with flexible and automated identity management. Okta for Global 2000 enables the

React to this headline:

Loading spinner

Okta for Global 2000 gives CEOs flexibility to centralize or decentralize their business strategy Read More »

Ransomware group exploits Citrix NetScaler systems for initial access

Citrix, Don't miss, exploit, Hot stuff, News, Ransomware, Sophos, vulnerability /

Ransomware group exploits Citrix NetScaler systems for initial access 29/08/2023 at 14:50 By Helga Labus A known threat actor specializing in ransomware attacks is believed to be behind a recent campaign that targeted unpatched internet-facing Citrix NetScaler systems to serve as an initial foothold into enterprise networks. “Our data indicates strong similarity between attacks using

React to this headline:

Loading spinner

Ransomware group exploits Citrix NetScaler systems for initial access Read More »

Easy-to-exploit Skype vulnerability reveals users’ IP address

consumer, deanonymization, Don't miss, Hot stuff, Microsoft, mobile apps, News, Privacy, Skype, vulnerability /

Easy-to-exploit Skype vulnerability reveals users’ IP address 29/08/2023 at 13:32 By Zeljka Zorz A vulnerability in Skype mobile apps can be exploited by attackers to discover a user’s IP address – a piece of information that may endanger individuals whose physical security depends on their general location remaining secret. The vulnerability The security vulnerability has

React to this headline:

Loading spinner

Easy-to-exploit Skype vulnerability reveals users’ IP address Read More »

What makes a good ASM solution stand out

CISO, Cloud, Cloudflare, cybersecurity, Don't miss, Features, Hot stuff, network, News, ONYPHE, opinion, red team, strategy, Threat Intelligence, tips /

What makes a good ASM solution stand out 29/08/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Patrice Auffret, CTO at Onyphe, explains how the traditional perimeter-based security view is becoming obsolete. He suggests that organizations should redefine their attack surface concept and discusses proactive measures they can take to strengthen their

React to this headline:

Loading spinner

What makes a good ASM solution stand out Read More »

Is the cybersecurity community’s obsession with compliance counter-productive?

CISO, Compliance, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, Hot stuff, News, opinion, phishing, trackd, vulnerability /

Is the cybersecurity community’s obsession with compliance counter-productive? 29/08/2023 at 07:01 By Help Net Security Does anyone think the chances of surviving a plane crash increase if our tray tables are locked and our carry-on bags are completely stowed under our seats? That we’ll be OK if the plane hits a mountain if we have

React to this headline:

Loading spinner

Is the cybersecurity community’s obsession with compliance counter-productive? Read More »

11 search engines for cybersecurity research you can use right now

cybersecurity, dark web, Don't miss, FullHunt, GreyNoise, Hot stuff, Intelligence X, Netlas, News, OffSec, ONYPHE, penetration testing, Shodan /

11 search engines for cybersecurity research you can use right now 29/08/2023 at 06:32 By Help Net Security Staying ahead in cybersecurity requires constant learning and adaptation. If you’re interested in cybersecurity research, explore the resources outlined below. DNSdumpster DNSdumpster is a free domain research tool that can discover hosts related to a domain. Finding

React to this headline:

Loading spinner

11 search engines for cybersecurity research you can use right now Read More »

IT leaders alarmed by generative AI’s SaaS security implications

Artificial Intelligence, CIO, cybersecurity, generative AI, News, Privacy, regulation, report, SaaS, Snow Software /

IT leaders alarmed by generative AI’s SaaS security implications 29/08/2023 at 06:03 By Help Net Security IT leaders are grappling with anxiety over the risks of generative AI despite continued confidence in their software-as-a-service (SaaS) security posture, according to Snow Software. 96% of respondents indicated they were still ‘confident or very confident’ in their organization’s

React to this headline:

Loading spinner

IT leaders alarmed by generative AI’s SaaS security implications Read More »

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed

Cryptocurrency, data breach, Don't miss, Hot stuff, Kroll, News, phishing, T-Mobile /

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed 28/08/2023 at 14:48 By Helga Labus Financial and risk advisory firm Kroll has suffered a SIM-swapping attack that allowed a threat actor to access files containing personal information of clients of bankrupt cryptocurrency platforms FTX, BlockFi and Genesis. The Kroll SIM-swapping attack On Saturday, August

React to this headline:

Loading spinner

Kroll SIM-swap attack: FTX, BlockFi and Genesis clients’ info exposed Read More »

PoC for no-auth RCE on Juniper firewalls released

Don't miss, exploit, Hot stuff, Juniper Networks, Junos OS, News, PoC, security update, vulnerability, WatchTowr /

PoC for no-auth RCE on Juniper firewalls released 28/08/2023 at 13:32 By Zeljka Zorz Researchers have released additional details about the recently patched four vulnerabilities affecting Juniper Networks’ SRX firewalls and EX switches that could allow remote code execution (RCE), as well as a proof-of-concept (PoC) exploit. Junos OS vulnerabilities and fixes Earlier this month,

React to this headline:

Loading spinner

PoC for no-auth RCE on Juniper firewalls released Read More »

Uncovering a privacy-preserving approach to machine learning

Artificial Intelligence, cybersecurity, Don't miss, Encryption, Enveil, Expert analysis, Expert corner, Hot stuff, machine learning, News, opinion, Privacy, regulation, vulnerability /

Uncovering a privacy-preserving approach to machine learning 28/08/2023 at 08:01 By Help Net Security In the era of data-driven decision making, businesses are harnessing the power of machine learning (ML) to unlock valuable insights, gain operational efficiencies, and solidify competitive advantage. Although recent developments in generative artificial intelligence (AI) have raised unprecedented awareness around the

React to this headline:

Loading spinner

Uncovering a privacy-preserving approach to machine learning Read More »

Adapting authentication to a cloud-centric landscape

access control, authentication, biometrics, CISO, Compliance, credentials, cybersecurity, Don't miss, Features, Hot stuff, MFA, News, opinion, passwordless, policy, regulation, SSO, zero trust, ZITADEL /

Adapting authentication to a cloud-centric landscape 28/08/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Florian Forster, CEO at Zitadel, discusses the challenges CISOs face in managing authentication across increasingly distributed and remote workforces, the negative consequences of ineffective authorization, and how the shift toward cloud transformation affects authentication strategies. What are

React to this headline:

Loading spinner

Adapting authentication to a cloud-centric landscape Read More »

Experts demand clarity as they struggle with cloud security prioritization

Cloud, Cloud Security Alliance, cybersecurity, DevOps, DevSecOps, Incident Response, misconfiguration, News, report, zero trust /

Experts demand clarity as they struggle with cloud security prioritization 28/08/2023 at 06:32 By Help Net Security Cloud Native Application Protection Platforms (CNAPPs) have emerged as a critical category of security tooling in recent years due to the complexity of comprehensively securing multi-cloud environments, according to Cloud Security Alliance. Secure cloud computing environment Much of

React to this headline:

Loading spinner

Experts demand clarity as they struggle with cloud security prioritization Read More »

Customizing LLMs for domain-specific tasks

Artificial Intelligence, cybersecurity, enterprise, generative AI, News, open source, Predibase, Privacy, report /

Customizing LLMs for domain-specific tasks 28/08/2023 at 06:02 By Help Net Security The expansion of large language models (LLMs) in recent times has brought about a revolutionary change in machine learning processes and has introduced fresh perspectives on the potential of AI, according to Predibase. Based on survey data from organizations experimenting with LLMs, researchers

React to this headline:

Loading spinner

Customizing LLMs for domain-specific tasks Read More »

Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE

News, Week in review /

Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE 27/08/2023 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Network detection and response in the modern era In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on

React to this headline:

Loading spinner

Week in review: Security Onion 2.4 released, WinRAR vulnerable to RCE Read More »

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cisco, critical infrastructure, Don't miss, Europe, healthcare, Hot stuff, Malware, ManageEngine, News, North Korea, trojan, USA, vulnerability /

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure 25/08/2023 at 15:36 By Helga Labus North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure and healthcare institutions in Europe and the US. The group leveraged the vulnerability to deploy QuiteRAT, downloaded from an IP address

React to this headline:

Loading spinner

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure Read More »

Google Workspace: New account security, DLP capabilities announced

access control, data loss prevention, Don't miss, enterprise, Google Workspace, Hot stuff, News, security controls, SMBs /

Google Workspace: New account security, DLP capabilities announced 25/08/2023 at 07:47 By Zeljka Zorz New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of sensitive data more difficult. Some of these options are already available in preview and others will

React to this headline:

Loading spinner

Google Workspace: New account security, DLP capabilities announced Read More »

New infosec products of the week: August 25, 2023

Bitwarden, ImmuniWeb, Kingston Digital, LOKKER, News, OffSec /

New infosec products of the week: August 25, 2023 25/08/2023 at 07:47 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Security Onion, OffSec, ImmuniWeb, LOKKER, Kingston Digital and Bitwarden. Security Onion 2.4: Free, open platform for defenders gets huge update Security Onion is a

React to this headline:

Loading spinner

New infosec products of the week: August 25, 2023 Read More »

IEEE 802.11az provides security enhancements, solves longstanding problems

access point, attack, Bandwidth, cybersecurity, Data Protection, Don't miss, Features, framework, Hot stuff, IEEE, IoT, network, News, opinion, standards, wireless, WLAN /

IEEE 802.11az provides security enhancements, solves longstanding problems 25/08/2023 at 07:04 By Mirko Zorz In this Help Net Security interview, Jonathan Segev, IEEE 802.11 Task Group (TG) Chair of next-generation positioning (TGaz) at IEEE, discusses IEEE 802.11az. The new standard will enable accuracy to less than 0.1 meters, which is a significant improvement from the

React to this headline:

Loading spinner

IEEE 802.11az provides security enhancements, solves longstanding problems Read More »

Ransomware dwell time hits new low

Active Directory, attack, cybercrime, cybersecurity, Incident Response, Malware, News, Ransomware, report, Sophos, threats /

Ransomware dwell time hits new low 25/08/2023 at 06:34 By Help Net Security Median attacker dwell time—the time from when an attack starts to when it’s detected—shrunk from 10 to eight days for all attacks, and to five days for ransomware attacks during the first half of 2023, according to Sophos. In 2022, the median

React to this headline:

Loading spinner

Ransomware dwell time hits new low Read More »

Scroll to Top