News

Zyxel firewalls under attack by Mirai-like botnet

botnet, Censys, Don't miss, Europe, exploit, firewall, Hot stuff, News, PoC, Rapid7, Shadowserver, vulnerability, Zyxel /

Zyxel firewalls under attack by Mirai-like botnet 01/06/2023 at 11:52 By Zeljka Zorz CVE-2023-28771, the critical command injection vulnerability affecting many Zyxel firewalls, is being actively exploited by a Mirai-like botnet, and has been added to CISA’s Known Exploited Vulnerabilities (KEV) catalog. About CVE-2023-28771 CVE-2023-28771 is a vulnerability that allows unauthenticated attackers to execute OS […]

React to this headline:

Loading spinner

Zyxel firewalls under attack by Mirai-like botnet Read More »

Why organizations should adopt a cloud cybersecurity framework

Cloud, Don't miss, Expert analysis, Expert corner, framework, Information Security Forum, News, opinion, Risk Management /

Why organizations should adopt a cloud cybersecurity framework 01/06/2023 at 08:16 By Help Net Security The cloud is the future of enterprise architecture. It’s economical (to a degree), it’s scalable, it’s flexible and – best of all – it’s someone else’s responsibility. Again, to a point. That’s because the cloud comes with its own set

React to this headline:

Loading spinner

Why organizations should adopt a cloud cybersecurity framework Read More »

Navigating cybersecurity in the age of remote work

BYOD, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, VPN, zero trust, Zscaler /

Navigating cybersecurity in the age of remote work 01/06/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, Jay Chaudhry, CEO at Zscaler, talks about connecting and securing remote employees and their devices to access organizational resources from any location. He discusses the potential risks of remote VPN access, the increasing reliance on

React to this headline:

Loading spinner

Navigating cybersecurity in the age of remote work Read More »

Phishing campaigns thrive as evasive tactics outsmart conventional detection

cybercrime, cybercriminals, data, Email, Group-IB, News, phishing, report, scams /

Phishing campaigns thrive as evasive tactics outsmart conventional detection 01/06/2023 at 06:21 By Help Net Security A 25% increase in the use of phishing kits has been recorded in 2022, according to Group-IB. The key phishing trends observed are the increasing use of access control and advanced detection evasion techniques. The rise in evasive tactics,

React to this headline:

Loading spinner

Phishing campaigns thrive as evasive tactics outsmart conventional detection Read More »

Infosec products of the month: May 2023

Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, Delinea, Enzoic, Feedzai, Immersive Labs, Intruder, Nebulon, Netscout, Neurotechnology, News, Nozomi Networks, OpenVPN, Private AI, Radware, Satori, Trua, Vanta, Veriff, Veza /

Infosec products of the month: May 2023 01/06/2023 at 05:32 By Industry News Here’s a look at the most interesting products from the past month, featuring releases from: Aqua Security, Axiado, Bitwarden, Cloudflare, ComplyAdvantage, Dashlane, Delinea, Enzoic, Feedzai, Immersive Labs, Intruder, Nebulon, NETSCOUT, Neurotechnology, Nozomi Networks, OpenVPN, Private AI, Radware, Satori, Trua, Vanta, Veriff, and

React to this headline:

Loading spinner

Infosec products of the month: May 2023 Read More »

Someone is roping Apache NiFi servers into a cryptomining botnet

Apache Nifi, cryptojacking, Don't miss, Hot stuff, News, SANS ISC /

Someone is roping Apache NiFi servers into a cryptomining botnet 31/05/2023 at 16:51 By Zeljka Zorz If you’re running an Apache NiFi instance exposed on the internet and you have not secured access to it, the underlying host may already be covertly cryptomining on someone else’s behalf. The attack Indicators of the ongoing campaign were

React to this headline:

Loading spinner

Someone is roping Apache NiFi servers into a cryptomining botnet Read More »

Zyxel patches vulnerability in NAS devices (CVE-2023-27988)

Don't miss, Hot stuff, NAS, News, security update, vulnerability, Zyxel /

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) 31/05/2023 at 14:51 By Helga Labus Zyxel has patched a high-severity authenticated command injection vulnerability (CVE-2023-27988) in some of its network attached storage (NAS) devices aimed at home users. About the vulnerability (CVE-2023-27988) The vulnerability was discovered in the devices’ web management interface. “An authenticated attacker with administrator

React to this headline:

Loading spinner

Zyxel patches vulnerability in NAS devices (CVE-2023-27988) Read More »

How APTs target SMBs

APT, Don't miss, Hot stuff, MSP, News, phishing, Proofpoint, SMBs, supply chain attacks, trends /

How APTs target SMBs 31/05/2023 at 13:47 By Helga Labus Small and medium businesses (SMBs) are not exempt from being targeted by advanced persistent threat (APT) actors, according to Proofpoint researchers. By analyzing a year’s worth of APT campaign data they collected from the 200,000+ SMBs that have their security solution deployed, they pinpointed three

React to this headline:

Loading spinner

How APTs target SMBs Read More »

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, Offensive Security, open source, penetration testing /

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! 31/05/2023 at 10:29 By Zeljka Zorz Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new

React to this headline:

Loading spinner

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! Read More »

The strategic importance of digital trust for modern businesses

certificates, cybersecurity, DigiCert, Don't miss, Features, Hot stuff, News, opinion /

The strategic importance of digital trust for modern businesses 31/05/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Deepika Chauhan, CPO at DigiCert, talks about the importance of maintaining high trust assurance levels for businesses in today’s digital landscape. How does DigiCert define “digital trust,” and why is it essential for businesses

React to this headline:

Loading spinner

The strategic importance of digital trust for modern businesses Read More »

Organizations are placing OT cybersecurity responsibility on CISOs

CISO, critical infrastructure, cybersecurity, Fortinet, News, report /

Organizations are placing OT cybersecurity responsibility on CISOs 31/05/2023 at 06:35 By Help Net Security Protecting operational technology (OT) systems is now more critical than ever as more organizations connect their OT environments to the internet, according to Fortinet. Although IT/OT convergence has many benefits, it is being hampered and handicapped by advanced and destructive

React to this headline:

Loading spinner

Organizations are placing OT cybersecurity responsibility on CISOs Read More »

Attackers leave organizations with no recovery option

backup, cyber insurance, cybercriminals, cybersecurity, News, Ransomware, Veeam Software /

Attackers leave organizations with no recovery option 31/05/2023 at 06:13 By Help Net Security Organizations of all sizes are increasingly falling victim to ransomware attacks and inadequately protecting against this rising cyberthreat, according to Veeam. One in seven organizations will see almost all (>80%) data affected as a result of a ransomware attack – pointing

React to this headline:

Loading spinner

Attackers leave organizations with no recovery option Read More »

Attackers hacked Barracuda ESG appliances via zero-day since October 2022

backdoor, Barracuda Networks, data theft, Don't miss, exploit, Hot stuff, Malware, Mandiant, News, vulnerability /

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 30/05/2023 at 20:10 By Zeljka Zorz Barracuda says that the recently discovered compromise of some of it clients’ ESG appliances via a zero-day vulnerability (CVE-2023-2868) resulted in the deployment of three types of malware and data exfiltration. The company did not say how many organizations

React to this headline:

Loading spinner

Attackers hacked Barracuda ESG appliances via zero-day since October 2022 Read More »

Penetration tester develops AWS-based automated cracking rig

AWS, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, passwords, penetration testing, software, tips /

Penetration tester develops AWS-based automated cracking rig 30/05/2023 at 07:40 By Mirko Zorz Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to

React to this headline:

Loading spinner

Penetration tester develops AWS-based automated cracking rig Read More »

Generative AI: The new attack vector for trust and safety

ActiveFence, Artificial Intelligence, dark web, deepfake, exploit, News, report /

Generative AI: The new attack vector for trust and safety 30/05/2023 at 06:46 By Help Net Security Threat actors are abusing generative AI to carry out child sex abuse material (CSAM), disinformation, fraud and extremism, according to ActiveFence. “The explosion of generative AI has far-reaching implications for all corners of the internet,” said Noam Schwartz,

React to this headline:

Loading spinner

Generative AI: The new attack vector for trust and safety Read More »

Organizations spend 100 hours battling post-delivery email threats

attacks, Barracuda Networks, cyberattack, cybercrime, cybercriminals, email security, News, spear-phishing /

Organizations spend 100 hours battling post-delivery email threats 30/05/2023 at 06:11 By Help Net Security Nearly every victim of a spear-phishing attack in the last 12 months saw impacts on their organization, including malware infections, stolen data, and reputational damage, according to Barracuda Networks. Barracuda Networks research finds 24% of organizations studied had at least

React to this headline:

Loading spinner

Organizations spend 100 hours battling post-delivery email threats Read More »

Top public cloud security concerns for the media and entertainment industry

Cloud, cloud storage, cybersecurity, data security, News, Wasabi /

Top public cloud security concerns for the media and entertainment industry 29/05/2023 at 08:48 By Help Net Security Media and entertainment (M&E) companies are rapidly turning to cloud storage in efforts to upgrade their security measures, according Wasabi. Survey findings highlighted that, while M&E organizations are still relatively new to cloud storage (69% of respondents

React to this headline:

Loading spinner

Top public cloud security concerns for the media and entertainment industry Read More »

Company size doesn’t matter when it comes to cyberattacks

attacks, Cloud, cyberattack, cybercriminals, cybersecurity, Malware, Netwrix, News, phishing, Ransomware, SMBs /

Company size doesn’t matter when it comes to cyberattacks 29/05/2023 at 06:34 By Help Net Security 65% of organizations in the enterprise sector suffered a cyberattack within the last 12 months, which is similar to the results among companies of all sizes (68%), according to Netwrix. Larger organizations are a more frequent target for cyberattacks

React to this headline:

Loading spinner

Company size doesn’t matter when it comes to cyberattacks Read More »

Digital nomads drive changes in identity verification

identity verification, News, Regula, remote working, survey /

Digital nomads drive changes in identity verification 29/05/2023 at 06:34 By Help Net Security Over the past year, 4 in 5 financial companies had experienced an increase in the number of verification cases involving foreign documents, according to Regula. The post Digital nomads drive changes in identity verification appeared first on Help Net Security. This

React to this headline:

Loading spinner

Digital nomads drive changes in identity verification Read More »

Week in review: Zyxel firewalls vulnerability, phishing campaign targets ChatGPT users

News, Week in review /

Week in review: Zyxel firewalls vulnerability, phishing campaign targets ChatGPT users 28/05/2023 at 12:23 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Wireless Broadband Alliance CEO on key drivers for Wi-Fi adoption in enterprise networks This Help Net Security interview with Tiago Rodrigues, CEO

React to this headline:

Loading spinner

Week in review: Zyxel firewalls vulnerability, phishing campaign targets ChatGPT users Read More »

Scroll to Top