News

Organizations’ cyber resilience efforts fail to keep up with evolving threats

Organizations’ cyber resilience efforts fail to keep up with evolving threats 18/05/2023 at 08:00 By Help Net Security A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber […]

React to this headline:

Loading spinner

Organizations’ cyber resilience efforts fail to keep up with evolving threats Read More »

TP-Link routers implanted with malicious firmware in state-sponsored attacks

TP-Link routers implanted with malicious firmware in state-sponsored attacks 17/05/2023 at 16:44 By Helga Labus A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link

React to this headline:

Loading spinner

TP-Link routers implanted with malicious firmware in state-sponsored attacks Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

Loading spinner

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Inactive Google accounts will be deleted

Inactive Google accounts will be deleted 17/05/2023 at 14:17 By Helga Labus A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but that it will

React to this headline:

Loading spinner

Inactive Google accounts will be deleted Read More »

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store 17/05/2023 at 14:17 By Help Net Security Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and

React to this headline:

Loading spinner

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store Read More »

Infamous cybercrime marketplace offers pre-order service for stolen credentials

Infamous cybercrime marketplace offers pre-order service for stolen credentials 17/05/2023 at 09:42 By Help Net Security Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale

React to this headline:

Loading spinner

Infamous cybercrime marketplace offers pre-order service for stolen credentials Read More »

The CIS Benchmarks Community consensus process

The CIS Benchmarks Community consensus process 17/05/2023 at 09:42 By Help Net Security The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across 25+ product

React to this headline:

Loading spinner

The CIS Benchmarks Community consensus process Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Attack automation becomes a prevalent threat against APIs

Attack automation becomes a prevalent threat against APIs 16/05/2023 at 16:09 By Help Net Security The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a primary attack vector, posing a new and significant threat to organizations’ security posture, according to

React to this headline:

Loading spinner

Attack automation becomes a prevalent threat against APIs Read More »

Lacroix manufacturing facilities shut down following cyberattack

Lacroix manufacturing facilities shut down following cyberattack 16/05/2023 at 14:08 By Helga Labus French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on Monday. Lacroix designs and produces electronic equipment for the automotive, home automation, aerospace, industrial and health sectors, as well

React to this headline:

Loading spinner

Lacroix manufacturing facilities shut down following cyberattack Read More »

Google Cloud CISO on why the Google Cybersecurity Certificate matters

Google Cloud CISO on why the Google Cybersecurity Certificate matters 16/05/2023 at 11:53 By Mirko Zorz As part of Google’s commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career in cybersecurity. In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds

React to this headline:

Loading spinner

Google Cloud CISO on why the Google Cybersecurity Certificate matters Read More »

WhatsApp allows users to lock sensitive chats

WhatsApp allows users to lock sensitive chats 16/05/2023 at 11:53 By Helga Labus Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: WhatsApp) Enabling Chat Lock By tapping on a one-to-one or group conversation, users can easily enable

React to this headline:

Loading spinner

WhatsApp allows users to lock sensitive chats Read More »

Advantech’s industrial serial device servers open to attack

Advantech’s industrial serial device servers open to attack 15/05/2023 at 17:48 By Zeljka Zorz Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-enable” serial devices (e.g., printer, climate control system, etc.)

React to this headline:

Loading spinner

Advantech’s industrial serial device servers open to attack Read More »

SquareX’s vision: A future where internet security is a non-issue

SquareX’s vision: A future where internet security is a non-issue 15/05/2023 at 12:11 By Mirko Zorz With an ever-evolving landscape of cyber threats, the necessity for innovative, effective, and user-friendly security products has never been more apparent. Current security solutions, however, seem to lag behind, struggling to adequately address the challenges posed by increasingly sophisticated

React to this headline:

Loading spinner

SquareX’s vision: A future where internet security is a non-issue Read More »

Bad bots are coming for APIs

Bad bots are coming for APIs 15/05/2023 at 06:16 By Help Net Security In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its lowest level in eight years. Bad bot traffic For the fourth consecutive year,

React to this headline:

Loading spinner

Bad bots are coming for APIs Read More »

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked 14/05/2023 at 15:13 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Dragos blocks ransomware attack, brushes aside extortion attempt A ransomware group has tried and failed to extort money

React to this headline:

Loading spinner

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked Read More »

Greatness phishing-as-a-service threatens Microsoft 365 users

Greatness phishing-as-a-service threatens Microsoft 365 users 12/05/2023 at 13:20 By Helga Labus Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing

React to this headline:

Loading spinner

Greatness phishing-as-a-service threatens Microsoft 365 users Read More »

New infosec products of the week: May 12, 2023

New infosec products of the week: May 12, 2023 12/05/2023 at 07:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, Feedzai, Nebulon, OpenVPN, Trua, and Zscaler. Aqua Security strengthens software supply chain security with pipeline integrity scanning Powered by eBPF technology, Aqua’s

React to this headline:

Loading spinner

New infosec products of the week: May 12, 2023 Read More »

Fraud victims risk more than money

Fraud victims risk more than money 12/05/2023 at 06:30 By Help Net Security Digital fraud has significant financial and psychological repercussions on victims, according to Telesign. Businesses may find a new reason to fear digital fraud as the negative impacts of digital fraud on companies’ brand perception and the bottom line. Trust in digital world

React to this headline:

Loading spinner

Fraud victims risk more than money Read More »

CISOs’ confidence in post-pandemic security landscape fades

CISOs’ confidence in post-pandemic security landscape fades 12/05/2023 at 06:00 By Help Net Security Most CISOs have returned to the elevated concerns they experienced early in the pandemic, according to Proofpoint. Elevated concerns among CISOs Globally, 68% of surveyed CISOs feel at risk of a material cyber attack, compared to 48% the year before, when

React to this headline:

Loading spinner

CISOs’ confidence in post-pandemic security landscape fades Read More »

Scroll to Top