News

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities

CVSS, Don't miss, FIRST, News /

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities 13/07/2023 at 14:32 By Help Net Security FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and […]

React to this headline:

Loading spinner

CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities Read More »

20% of malware attacks bypass antivirus protection

attacks, cybercrime, cybersecurity, Malware, News, report, SpyCloud, survey /

20% of malware attacks bypass antivirus protection 13/07/2023 at 07:02 By Help Net Security Security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren’t concerned at all, according to SpyCloud. However, many still lack the necessary tools to investigate the security and

React to this headline:

Loading spinner

20% of malware attacks bypass antivirus protection Read More »

Infrastructure upgrades alone won’t guarantee strong security

Application Security, Cloud, cybersecurity, Malware, News, OPSWAT, report, survey /

Infrastructure upgrades alone won’t guarantee strong security 13/07/2023 at 06:31 By Help Net Security While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their

React to this headline:

Loading spinner

Infrastructure upgrades alone won’t guarantee strong security Read More »

Only 45% of cloud data is currently encrypted

Cloud, cloud security, cybersecurity, data, data breach, Don't miss, News, Thales /

Only 45% of cloud data is currently encrypted 13/07/2023 at 06:01 By Help Net Security 39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error was reported as the leading cause of cloud data breaches by

React to this headline:

Loading spinner

Only 45% of cloud data is currently encrypted Read More »

Same code, different ransomware? Leaks kick-start myriad of new variants

Cryptocurrency, cybercriminals, Email, ESET, News, Ransomware, report, sextortion, threats, vulnerability /

Same code, different ransomware? Leaks kick-start myriad of new variants 12/07/2023 at 14:54 By Help Net Security Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals, according to the H1 2023 ESET Threat Report.

React to this headline:

Loading spinner

Same code, different ransomware? Leaks kick-start myriad of new variants Read More »

Chinese hackers forged authentication tokens to breach government emails

cloud security, cyber espionage, data theft, Don't miss, Europe, Government, Hot stuff, Microsoft, News, Outlook, USA, vulnerability /

Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident

React to this headline:

Loading spinner

Chinese hackers forged authentication tokens to breach government emails Read More »

How Google Cloud’s AML AI redefines the fight against money laundering

Artificial Intelligence, Compliance, Don't miss, Features, financial industry, Google, Google Cloud, Hot stuff, News, opinion /

How Google Cloud’s AML AI redefines the fight against money laundering 12/07/2023 at 07:02 By Mirko Zorz Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, financial institutions can now stay ahead of evolving financial crime risks, improve operational efficiency, ensure

React to this headline:

Loading spinner

How Google Cloud’s AML AI redefines the fight against money laundering Read More »

CIOs prioritize innovation over tech stack optimization

Artificial Intelligence, CIO, Innovation, investment, Lenovo, machine learning, News, report /

CIOs prioritize innovation over tech stack optimization 12/07/2023 at 06:33 By Help Net Security Despite economic obstacles and constraints on IT budgets, global CIOs maintain a positive outlook on the potential of technology to provide significant benefits for their organizations, according to Lenovo. Despite their optimism, the risks are real, as 83% are concerned that

React to this headline:

Loading spinner

CIOs prioritize innovation over tech stack optimization Read More »

Free entry-level cybersecurity training and certification exam

ISC2, News, Whitepapers and webinars /

Free entry-level cybersecurity training and certification exam 12/07/2023 at 05:48 By Help Net Security The Ultimate Guide to Certified in Cybersecurity (CC) covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn how CC starts you on your path to advanced cybersecurity certification and how to access free Official

React to this headline:

Loading spinner

Free entry-level cybersecurity training and certification exam Read More »

The U.S. Used Potent Global Surveillance Power To Track Russians In $4 Billion Crypto Exchange Investigation

cybersecurity, Editors' Pick, Innovation, News, premium, Technology /

The U.S. Used Potent Global Surveillance Power To Track Russians In $4 Billion Crypto Exchange Investigation 11/07/2023 at 23:03 By Thomas Brewster, Forbes Staff Four men accused of laundering funds from the epic Mt. Gox crypto hack of 2014 were watched for over a year in an unprecedented use of a U.S. surveillance power. This

React to this headline:

Loading spinner

The U.S. Used Potent Global Surveillance Power To Track Russians In $4 Billion Crypto Exchange Investigation Read More »

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)

0-day, BlackBerry, Cisco, cyber espionage, cybercrime, Don't miss, drivers, Google, Hot stuff, Microsoft, MS Office, News, Ransomware, rootkits, security update, Tenable, Trend Micro, Volexity, vulnerability, Windows /

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks

React to this headline:

Loading spinner

Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) Read More »

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) 11/07/2023 at 13:02 By Zeljka Zorz Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update

React to this headline:

Loading spinner

Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) Read More »

European Commission adopts adequacy decision for safe EU-U.S. data flows

cybersecurity, Data Protection, EU, European Commission, framework, News /

European Commission adopts adequacy decision for safe EU-U.S. data flows 11/07/2023 at 12:09 By Help Net Security Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal

React to this headline:

Loading spinner

European Commission adopts adequacy decision for safe EU-U.S. data flows Read More »

Owncast, EaseProbe security vulnerabilities revealed

CVE, News, open source, Oxeye, software, vulnerability, vulnerability disclosure /

Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,

React to this headline:

Loading spinner

Owncast, EaseProbe security vulnerabilities revealed Read More »

CISO perspective on why Boards don’t fully grasp cyber attack risks

attacks, CISO, cyber risk, cybersecurity, Don't miss, Features, Hot stuff, investment, News, opinion, PlanSource, strategy /

CISO perspective on why Boards don’t fully grasp cyber attack risks 11/07/2023 at 07:33 By Mirko Zorz Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when Boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business

React to this headline:

Loading spinner

CISO perspective on why Boards don’t fully grasp cyber attack risks Read More »

Compliance seizes spotlight in the connected devices arena

Compliance, cybersecurity, GDPR, investment, legislation, News, PSA Certified, regulation, report /

Compliance seizes spotlight in the connected devices arena 11/07/2023 at 06:06 By Help Net Security Investment in connected device security has accelerated as upcoming legislation affecting the sector becomes more prominent, according to PSA Certified. This acceleration also highlights a noticeable difference from last year in the level of demand from industry customers and, more

React to this headline:

Loading spinner

Compliance seizes spotlight in the connected devices arena Read More »

Flaw in Revolut payment systems exploited to steal $20 million

Don't miss, financial industry, Hot stuff, News, Picus Security, Revolut /

Flaw in Revolut payment systems exploited to steal $20 million 10/07/2023 at 17:05 By Zeljka Zorz Organized criminal groups exploited a flaw in Revolut’s payment systems and made off with $20+ million of the company’s money, the Financial Times reported on Sunday, citing people with knowledge of the situation. Revolut’s cybersecurity troubles Revolut is a

React to this headline:

Loading spinner

Flaw in Revolut payment systems exploited to steal $20 million Read More »

Malware delivery to Microsoft Teams users made easy

collaboration, Don't miss, enterprise, Hot stuff, Malware, Microsoft 365, Microsoft Teams, News, red team, SMBs, vulnerability /

Malware delivery to Microsoft Teams users made easy 10/07/2023 at 14:33 By Zeljka Zorz A tool that automates the delivery of malware from external attackers to target employees’ Microsoft Teams inbox has been released. TeamsPhisher (Source: Alex Reid) About the exploited vulnerability As noted by Jumpsec researchers Max Corbridge and Tom Ellson, Microsoft Teams’ default

React to this headline:

Loading spinner

Malware delivery to Microsoft Teams users made easy Read More »

Law firms under cyberattack

cyberattack, data breach, Don't miss, eSentire, Hot stuff, law firms, NCSC, News, Ransomware, Trend Micro, Waratah /

Law firms under cyberattack 10/07/2023 at 07:31 By Helga Labus In April 2023, Australian law firm HWL Ebsworth was hit by a cyberattack that possibly resulted in data of hundreds of its clients and dozens of government agencies being compromised. The attack was claimed by the Russian-linked ALPHV/Blackcat ransomware group “Earlier this month, the group

React to this headline:

Loading spinner

Law firms under cyberattack Read More »

Overcoming user resistance to passwordless authentication

1Kosmos, authentication, Compliance, Don't miss, Expert analysis, Hot stuff, identity, News, opinion, passwordless, Privacy, zero trust /

Overcoming user resistance to passwordless authentication 10/07/2023 at 07:14 By Help Net Security Many organizations agree in theory that passwordless authentication is the future, but getting there represents a significant change management challenge. The migration to passwordless requires forethought and planning. For example, an organization needs to establish strategic imperatives around security, the user experience,

React to this headline:

Loading spinner

Overcoming user resistance to passwordless authentication Read More »

Scroll to Top