News

Inadequate tools leave AppSec fighting an uphill battle for cloud security

Application Security, Backslash Security, cloud security, cybersecurity, News, report, vulnerability management /

Inadequate tools leave AppSec fighting an uphill battle for cloud security 19/05/2023 at 06:32 By Help Net Security AppSec teams are stuck in a catch-up cycle, unable to keep up with the increasingly rapid, agile dev pace, and playing security defense via an endless and unproductive vulnerability chase, according to Backslash Security. Costly ‘defensive tax’ […]

React to this headline:

Loading spinner

Inadequate tools leave AppSec fighting an uphill battle for cloud security Read More »

Europe: The DDoS battlefield

Arelion, attacks, cybercriminals, DDoS, News, report /

Europe: The DDoS battlefield 19/05/2023 at 06:07 By Help Net Security DDoS attacks appear to reflect major geo-political challenges and social tensions and have become an increasingly significant part in the hybrid warfare arsenal, according to Arelion. As the Ukrainian authorities sought a safe harbour for digital state registries and databases, Arelion saw the distribution

React to this headline:

Loading spinner

Europe: The DDoS battlefield Read More »

Cisco fixes critical flaws in Small Business Series Switches

Cisco, Don't miss, network, News, PoC, SMBs, vulnerability /

Cisco fixes critical flaws in Small Business Series Switches 18/05/2023 at 12:50 By Helga Labus Nine vulnerabilities – 4 of them critical – have been found in a variety of Cisco Small Business Series Switches. PoC exploit code is available (but not public), and there is no indication that they are being exploited in the

React to this headline:

Loading spinner

Cisco fixes critical flaws in Small Business Series Switches Read More »

Enhancing open source security: Insights from the OpenSSF on addressing key challenges

CISO, Don't miss, Features, Hot stuff, News, open source, OpenSSF, opinion, software, strategy, The Linux Foundation, tips /

Enhancing open source security: Insights from the OpenSSF on addressing key challenges 18/05/2023 at 08:00 By Mirko Zorz In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World

React to this headline:

Loading spinner

Enhancing open source security: Insights from the OpenSSF on addressing key challenges Read More »

Identity crimes: Too many victims, limited resources

data, identity, identity theft, Identity Theft Resource Center, News, report, social engineering /

Identity crimes: Too many victims, limited resources 18/05/2023 at 08:00 By Help Net Security The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by criminals to convince people to willingly share protected information. The number of reported identity

React to this headline:

Loading spinner

Identity crimes: Too many victims, limited resources Read More »

Organizations’ cyber resilience efforts fail to keep up with evolving threats

CISO, cyber resilience, cyber risk, cyberattacks, cybersecurity, Immersive Labs, News, report, Risk Management /

Organizations’ cyber resilience efforts fail to keep up with evolving threats 18/05/2023 at 08:00 By Help Net Security A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber

React to this headline:

Loading spinner

Organizations’ cyber resilience efforts fail to keep up with evolving threats Read More »

TP-Link routers implanted with malicious firmware in state-sponsored attacks

backdoor, Check Point, Don't miss, Hot stuff, Malware, News, router, TP-LINK /

TP-Link routers implanted with malicious firmware in state-sponsored attacks 17/05/2023 at 16:44 By Helga Labus A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link

React to this headline:

Loading spinner

TP-Link routers implanted with malicious firmware in state-sponsored attacks Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

Don't miss, KeePass, News, open source, passwords, PoC, vulnerability /

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

Loading spinner

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Inactive Google accounts will be deleted

Don't miss, Google, Hot stuff, News, policy /

Inactive Google accounts will be deleted 17/05/2023 at 14:17 By Helga Labus A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but that it will

React to this headline:

Loading spinner

Inactive Google accounts will be deleted Read More »

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store

apple, Artificial Intelligence, ChatGPT, cybersecurity, Don't miss, Google Play, Hot stuff, News, scams, software, threats /

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store 17/05/2023 at 14:17 By Help Net Security Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and

React to this headline:

Loading spinner

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store Read More »

Infamous cybercrime marketplace offers pre-order service for stolen credentials

cybercrime, cybercriminals, cybersecurity, Malware, News, SecureWorks /

Infamous cybercrime marketplace offers pre-order service for stolen credentials 17/05/2023 at 09:42 By Help Net Security Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale

React to this headline:

Loading spinner

Infamous cybercrime marketplace offers pre-order service for stolen credentials Read More »

The CIS Benchmarks Community consensus process

Center for Internet Security, News /

The CIS Benchmarks Community consensus process 17/05/2023 at 09:42 By Help Net Security The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across 25+ product

React to this headline:

Loading spinner

The CIS Benchmarks Community consensus process Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Armorblox, Don't miss, enterprise, fraud, News, security awareness, SMBs /

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Attack automation becomes a prevalent threat against APIs

API security, attacks, Cequence Security, CISO, News, report /

Attack automation becomes a prevalent threat against APIs 16/05/2023 at 16:09 By Help Net Security The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a primary attack vector, posing a new and significant threat to organizations’ security posture, according to

React to this headline:

Loading spinner

Attack automation becomes a prevalent threat against APIs Read More »

Lacroix manufacturing facilities shut down following cyberattack

cyberattack, disruption, Don't miss, France, Hot stuff, manufacturing sector, News, Ransomware /

Lacroix manufacturing facilities shut down following cyberattack 16/05/2023 at 14:08 By Helga Labus French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on Monday. Lacroix designs and produces electronic equipment for the automotive, home automation, aerospace, industrial and health sectors, as well

React to this headline:

Loading spinner

Lacroix manufacturing facilities shut down following cyberattack Read More »

Google Cloud CISO on why the Google Cybersecurity Certificate matters

certification, cybersecurity, Features, Google Cloud, News, opinion, SANS, skill development /

Google Cloud CISO on why the Google Cybersecurity Certificate matters 16/05/2023 at 11:53 By Mirko Zorz As part of Google’s commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career in cybersecurity. In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds

React to this headline:

Loading spinner

Google Cloud CISO on why the Google Cybersecurity Certificate matters Read More »

WhatsApp allows users to lock sensitive chats

authentication, Don't miss, Hot stuff, Meta, News, Privacy, WhatsApp /

WhatsApp allows users to lock sensitive chats 16/05/2023 at 11:53 By Helga Labus Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: WhatsApp) Enabling Chat Lock By tapping on a one-to-one or group conversation, users can easily enable

React to this headline:

Loading spinner

WhatsApp allows users to lock sensitive chats Read More »

Advantech’s industrial serial device servers open to attack

Advantech, CyberDanube, Don't miss, IIoT, network, News, PoC, vulnerability /

Advantech’s industrial serial device servers open to attack 15/05/2023 at 17:48 By Zeljka Zorz Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-enable” serial devices (e.g., printer, climate control system, etc.)

React to this headline:

Loading spinner

Advantech’s industrial serial device servers open to attack Read More »

SquareX’s vision: A future where internet security is a non-issue

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, SquareX, strategy /

SquareX’s vision: A future where internet security is a non-issue 15/05/2023 at 12:11 By Mirko Zorz With an ever-evolving landscape of cyber threats, the necessity for innovative, effective, and user-friendly security products has never been more apparent. Current security solutions, however, seem to lag behind, struggling to adequately address the challenges posed by increasingly sophisticated

React to this headline:

Loading spinner

SquareX’s vision: A future where internet security is a non-issue Read More »

Bad bots are coming for APIs

Artificial Intelligence, attacks, automation, bot, credentials, cybercriminals, data theft, Imperva, News, report, spam /

Bad bots are coming for APIs 15/05/2023 at 06:16 By Help Net Security In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its lowest level in eight years. Bad bot traffic For the fourth consecutive year,

React to this headline:

Loading spinner

Bad bots are coming for APIs Read More »

Scroll to Top