News

Windows 365 Link: Connect securely to Windows 365

Cloud, hardware, Microsoft, News /

Windows 365 Link: Connect securely to Windows 365 2024-11-19 at 18:55 By Mirko Zorz Microsoft unveiled Windows 365 Link, their first purpose-built Cloud PC device for instant, secure connection to Windows 365. Sign-in screen with USB security key option (Source: Microsoft) Windows 365 Link prioritizes security “We have heard concerns from IT pros about the […]

React to this headline:

Loading spinner

Windows 365 Link: Connect securely to Windows 365 Read More »

Cross-IdP impersonation bypasses SSO protections

Don't miss, identity, News, Push Security, SaaS, SSO /

Cross-IdP impersonation bypasses SSO protections 2024-11-19 at 18:22 By Help Net Security Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service (SaaS) applications without compromising a company’s primary identity provider (IdP) – is expected to gain popularity with attackers, according to Push

React to this headline:

Loading spinner

Cross-IdP impersonation bypasses SSO protections Read More »

Space tech giant Maxar confirms attackers accessed employee data

data breach, News, Privacy /

Space tech giant Maxar confirms attackers accessed employee data 2024-11-19 at 13:19 By Mirko Zorz Satellite and space technology leader Maxar Space Systems has suffered a data breach. “Our information security team discovered that a hacker using a Hong Kong-based IP address targeted and accessed a Maxar system containing certain files with employee personal data,”

React to this headline:

Loading spinner

Space tech giant Maxar confirms attackers accessed employee data Read More »

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287)

CrowdStrike, Don't miss, enterprise, Hot stuff, News, Oracle, product development, Tenable /

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) 2024-11-19 at 12:48 By Zeljka Zorz Oracle has released a security patch for CVE-2024-21287, a remotely exploitable vulnerability in the Oracle Agile PLM Framework that is, according to Tenable researchers, being actively exploited by attackers. About CVE-2024-21287 Oracle Agile PLM Framework is an enterprise product lifecycle management solution

React to this headline:

Loading spinner

Oracle patches exploited Agile PLM vulnerability (CVE-2024-21287) Read More »

Phobos ransomware administrator faces US cybercrime charges

cybercrime, FBI, News, Ransomware, USA /

Phobos ransomware administrator faces US cybercrime charges 2024-11-19 at 12:33 By Help Net Security The Justice Department unsealed criminal charges against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos ransomware. Ptitsyn made his initial appearance in the US District Court for the District of Maryland on Nov.

React to this headline:

Loading spinner

Phobos ransomware administrator faces US cybercrime charges Read More »

AlmaLinux 9.5 released: Security updates, new packages, and more!

AlmaLinux OS Foundation, Linux, News, open source /

AlmaLinux 9.5 released: Security updates, new packages, and more! 2024-11-19 at 11:01 By Help Net Security AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to Red Hat Enterprise Linux. AlmaLinux 9.5, codenamed Teal Serval, is now available. Security updates: The OpenSSL

React to this headline:

Loading spinner

AlmaLinux 9.5 released: Security updates, new packages, and more! Read More »

Dev + Sec: A collaborative approach to cybersecurity

collaboration, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, YL Ventures /

Dev + Sec: A collaborative approach to cybersecurity 2024-11-19 at 07:31 By Help Net Security The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver features and products quickly with a fast-paced, iterative development cycle and move on efficiently. On

React to this headline:

Loading spinner

Dev + Sec: A collaborative approach to cybersecurity Read More »

Why AI alone can’t protect you from sophisticated email threats

Artificial Intelligence, Barracuda Networks, CISO, cybersecurity, Don't miss, email security, Features, Hot stuff, News, opinion, social engineering /

Why AI alone can’t protect you from sophisticated email threats 2024-11-19 at 07:03 By Mirko Zorz In this Help Net Security interview, Riaz Lakhani, CISO at Barracuda Networks, discusses the effectiveness of AI-based behavioural analysis in combating sophisticated email threats like BEC and VEC. Lakhani also explains how AI tools help detect malicious email activity

React to this headline:

Loading spinner

Why AI alone can’t protect you from sophisticated email threats Read More »

Open-source and free Android password managers that prioritize your privacy

authentication, cybersecurity, Don't miss, GitHub, News, open source, password manager, passwords, software /

Open-source and free Android password managers that prioritize your privacy 2024-11-19 at 06:47 By Anamarija Pogorelec We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so

React to this headline:

Loading spinner

Open-source and free Android password managers that prioritize your privacy Read More »

Google report shows CISOs must embrace change to stay secure

CISO, cybersecurity, Don't miss, Google, Hot stuff, News, report, survey, tips /

Google report shows CISOs must embrace change to stay secure 2024-11-19 at 06:03 By Mirko Zorz Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of

React to this headline:

Loading spinner

Google report shows CISOs must embrace change to stay secure Read More »

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services

Managed Security Services, News, Spotlights /

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services 2024-11-18 at 23:03 By Trustwave has been named a Leader in the IDC MarketScape: Asia/Pacific (APAC) Managed Security Services (MSS) 2024 Vendor Assessment (IDC #AP51571224, September 2024) and a Major Player in the IDC MarketScape: Asia/Pacific Professional Security Services 2024 Vendor Assessment (IDC #AP51571324, September 2024). This article

React to this headline:

Loading spinner

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services Read More »

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

0-day, CVE, Don't miss, enterprise, firewall, Hot stuff, News, Palo Alto Networks /

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) 2024-11-18 at 17:33 By Zeljka Zorz Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days. About the vulnerabilities (CVE-2024-0012, CVE-2024-9474) CVE-2024-0012 stems from missing authentication for a critical

React to this headline:

Loading spinner

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) Read More »

Major security audit of critical FreeBSD components now available

FreeBSD Foundation, News, report /

Major security audit of critical FreeBSD components now available 2024-11-18 at 17:33 By Mirko Zorz The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the Capsicum sandboxing framework. The audit, conducted by the offensive security firm Synacktiv,

React to this headline:

Loading spinner

Major security audit of critical FreeBSD components now available Read More »

Navigating the compliance labyrinth: A CSO’s guide to scaling security

automation, Compliance, CSO, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion /

Navigating the compliance labyrinth: A CSO’s guide to scaling security 2024-11-18 at 07:48 By Help Net Security Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve either seen David Bowie’s iconic film or are very familiar with the real-world

React to this headline:

Loading spinner

Navigating the compliance labyrinth: A CSO’s guide to scaling security Read More »

Transforming code scanning and threat detection with GenAI

Application Security, Artificial Intelligence, code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Qwiet AI, scanning /

Transforming code scanning and threat detection with GenAI 2024-11-18 at 07:33 By Mirko Zorz In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management. McClure also shares his perspective on the future of AI-driven code scanning,

React to this headline:

Loading spinner

Transforming code scanning and threat detection with GenAI Read More »

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

CISA, Don't miss, GitHub, Hot stuff, News, open source /

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help

React to this headline:

Loading spinner

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »

How and where to report cybercrime: What you need to know

cybercrime, cybersecurity, News, tips /

How and where to report cybercrime: What you need to know 2024-11-18 at 06:03 By Help Net Security Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including online fraud, identity theft, and other cyber-related offenses. Victims are usually instructed to complete an online form that

React to this headline:

Loading spinner

How and where to report cybercrime: What you need to know Read More »

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked

News, Week in review /

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked 2024-11-17 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for

React to this headline:

Loading spinner

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked Read More »

Cybercriminals hijack DNS to build stealth attack networks

attacks, cybercrime, DNS, hijacking, Infoblox, News, report /

Cybercriminals hijack DNS to build stealth attack networks 2024-11-15 at 16:05 By Help Net Security Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are

React to this headline:

Loading spinner

Cybercriminals hijack DNS to build stealth attack networks Read More »

Cyber crooks push Android malware via letter

Android, Don't miss, Europe, Hot stuff, Malware, mobile security, News, QR codes, Switzerland /

Cyber crooks push Android malware via letter 2024-11-15 at 15:33 By Zeljka Zorz Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating MeteoSwiss (i.e., Switzerland’s Federal Office of Meteorology and Climatology). “The letter asks the recipients to install a new severe weather

React to this headline:

Loading spinner

Cyber crooks push Android malware via letter Read More »

Scroll to Top