News

What flying a plane can teach you about cybersecurity

CISO, cybersecurity, News, podcast, strategy, tips, travel industry /

What flying a plane can teach you about cybersecurity 22/05/2023 at 06:12 By Help Net Security Before taking on the role as GM of IAI’s cyber division, Esti Peshin was a member of Israel’s parliament, wielding both legislation and regulation to strengthen the country’s renowned high-tech ecosystem. Despite her commitments, Esti shared with the Left […]

React to this headline:

Loading spinner

What flying a plane can teach you about cybersecurity Read More »

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days

News, Week in review /

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days 21/05/2023 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering

React to this headline:

Loading spinner

Week in review: KeePass vulnerability, Apple fixes exploited WebKit 0-days Read More »

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) 19/05/2023 at 14:19 By Zeljka Zorz Apple has released security updates for iOS and iPadOS, macOS, tvOS and watchOS, delivering fixes for many vulnerabilities but, most importantly, for CVE-2023-32409, a WebKit 0-day that “may have been actively exploited.” The notes accompanying the updates also revealed that

React to this headline:

Loading spinner

Apple fixes WebKit 0-days under attack (CVE-2023-28204, CVE-2023-32373, CVE-2023-32409) Read More »

DarkBERT could help automate dark web mining for cyber threat intelligence

Artificial Intelligence, dark web, Don't miss, Hot stuff, News, research, Threat Intelligence /

DarkBERT could help automate dark web mining for cyber threat intelligence 19/05/2023 at 13:05 By Helga Labus Researchers have developed DarkBERT, a language model pretrained on dark web data, to help cybersecurity pros extract cyber threat intelligence (CTI) from the Internet’s virtual underbelly. DarkBERT pretraining process and evaluated use case scenarios (Source: KAIST/S2W) DarkBERT: A

React to this headline:

Loading spinner

DarkBERT could help automate dark web mining for cyber threat intelligence Read More »

New infosec products of the week: May 19, 2023

Bitwarden, Cloudflare, ComplyAdvantage, Enzoic, Neurotechnology, News, Nozomi Networks, Satori /

New infosec products of the week: May 19, 2023 19/05/2023 at 07:30 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Bitwarden, Cloudflare, ComplyAdvantage, Enzoic, Neurotechnology, Nozomi Networks, and Satori. ComplyAdvantage Fraud Detection identifies and prevents transaction fraud Fraud Detection uses AI and machine learning

React to this headline:

Loading spinner

New infosec products of the week: May 19, 2023 Read More »

Inadequate tools leave AppSec fighting an uphill battle for cloud security

Application Security, Backslash Security, cloud security, cybersecurity, News, report, vulnerability management /

Inadequate tools leave AppSec fighting an uphill battle for cloud security 19/05/2023 at 06:32 By Help Net Security AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Costly ‘defensive tax’

React to this headline:

Loading spinner

Inadequate tools leave AppSec fighting an uphill battle for cloud security Read More »

Europe: The DDoS battlefield

Arelion, attacks, cybercriminals, DDoS, News, report /

Europe: The DDoS battlefield 19/05/2023 at 06:07 By Help Net Security DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution

React to this headline:

Loading spinner

Europe: The DDoS battlefield Read More »

Cisco fixes critical flaws in Small Business Series Switches

Cisco, Don't miss, network, News, PoC, SMBs, vulnerability /

Cisco fixes critical flaws in Small Business Series Switches 18/05/2023 at 12:50 By Helga Labus Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the

React to this headline:

Loading spinner

Cisco fixes critical flaws in Small Business Series Switches Read More »

Enhancing open source security: Insights from the OpenSSF on addressing key challenges

CISO, Don't miss, Features, Hot stuff, News, open source, OpenSSF, opinion, software, strategy, The Linux Foundation, tips /

Enhancing open source security: Insights from the OpenSSF on addressing key challenges 18/05/2023 at 08:00 By Mirko Zorz In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World

React to this headline:

Loading spinner

Enhancing open source security: Insights from the OpenSSF on addressing key challenges Read More »

Identity crimes: Too many victims, limited resources

data, identity, identity theft, Identity Theft Resource Center, News, report, social engineering /

Identity crimes: Too many victims, limited resources 18/05/2023 at 08:00 By Help Net Security The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by criminals to convince people to willingly share protected information. The number of reported identity

React to this headline:

Loading spinner

Identity crimes: Too many victims, limited resources Read More »

Organizations’ cyber resilience efforts fail to keep up with evolving threats

CISO, cyber resilience, cyber risk, cyberattacks, cybersecurity, Immersive Labs, News, report, Risk Management /

Organizations’ cyber resilience efforts fail to keep up with evolving threats 18/05/2023 at 08:00 By Help Net Security A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber

React to this headline:

Loading spinner

Organizations’ cyber resilience efforts fail to keep up with evolving threats Read More »

TP-Link routers implanted with malicious firmware in state-sponsored attacks

backdoor, Check Point, Don't miss, Hot stuff, Malware, News, router, TP-LINK /

TP-Link routers implanted with malicious firmware in state-sponsored attacks 17/05/2023 at 16:44 By Helga Labus A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link

React to this headline:

Loading spinner

TP-Link routers implanted with malicious firmware in state-sponsored attacks Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

Don't miss, KeePass, News, open source, passwords, PoC, vulnerability /

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

Loading spinner

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Inactive Google accounts will be deleted

Don't miss, Google, Hot stuff, News, policy /

Inactive Google accounts will be deleted 17/05/2023 at 14:17 By Helga Labus A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but that it will

React to this headline:

Loading spinner

Inactive Google accounts will be deleted Read More »

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store

apple, Artificial Intelligence, ChatGPT, cybersecurity, Don't miss, Google Play, Hot stuff, News, scams, software, threats /

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store 17/05/2023 at 14:17 By Help Net Security Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and

React to this headline:

Loading spinner

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store Read More »

Infamous cybercrime marketplace offers pre-order service for stolen credentials

cybercrime, cybercriminals, cybersecurity, Malware, News, SecureWorks /

Infamous cybercrime marketplace offers pre-order service for stolen credentials 17/05/2023 at 09:42 By Help Net Security Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale

React to this headline:

Loading spinner

Infamous cybercrime marketplace offers pre-order service for stolen credentials Read More »

The CIS Benchmarks Community consensus process

Center for Internet Security, News /

The CIS Benchmarks Community consensus process 17/05/2023 at 09:42 By Help Net Security The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across 25+ product

React to this headline:

Loading spinner

The CIS Benchmarks Community consensus process Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Armorblox, Don't miss, enterprise, fraud, News, security awareness, SMBs /

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Attack automation becomes a prevalent threat against APIs

API security, attacks, Cequence Security, CISO, News, report /

Attack automation becomes a prevalent threat against APIs 16/05/2023 at 16:09 By Help Net Security The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a primary attack vector, posing a new and significant threat to organizations’ security posture, according to

React to this headline:

Loading spinner

Attack automation becomes a prevalent threat against APIs Read More »

Lacroix manufacturing facilities shut down following cyberattack

cyberattack, disruption, Don't miss, France, Hot stuff, manufacturing sector, News, Ransomware /

Lacroix manufacturing facilities shut down following cyberattack 16/05/2023 at 14:08 By Helga Labus French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on Monday. Lacroix designs and produces electronic equipment for the automotive, home automation, aerospace, industrial and health sectors, as well

React to this headline:

Loading spinner

Lacroix manufacturing facilities shut down following cyberattack Read More »

Scroll to Top