News

Enhancing open source security: Insights from the OpenSSF on addressing key challenges

CISO, Don't miss, Features, Hot stuff, News, open source, OpenSSF, opinion, software, strategy, The Linux Foundation, tips /

Enhancing open source security: Insights from the OpenSSF on addressing key challenges 18/05/2023 at 08:00 By Mirko Zorz In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World […]

React to this headline:

Loading spinner

Enhancing open source security: Insights from the OpenSSF on addressing key challenges Read More »

Organizations’ cyber resilience efforts fail to keep up with evolving threats

CISO, cyber resilience, cyber risk, cyberattacks, cybersecurity, Immersive Labs, News, report, Risk Management /

Organizations’ cyber resilience efforts fail to keep up with evolving threats 18/05/2023 at 08:00 By Help Net Security A steady increase in cyberattacks and evolving threat landscape are resulting in more organizations turning their attention to building long-term cyber resilience; however, many of these programs are falling short and fail to prove teams’ real-world cyber

React to this headline:

Loading spinner

Organizations’ cyber resilience efforts fail to keep up with evolving threats Read More »

Identity crimes: Too many victims, limited resources

data, identity, identity theft, Identity Theft Resource Center, News, report, social engineering /

Identity crimes: Too many victims, limited resources 18/05/2023 at 08:00 By Help Net Security The Identity Theft Resource Center (ITRC) has documented incidents of identity theft reported during 2022 and the first quarter of 2023, highlighting the use of strategies by criminals to convince people to willingly share protected information. The number of reported identity

React to this headline:

Loading spinner

Identity crimes: Too many victims, limited resources Read More »

TP-Link routers implanted with malicious firmware in state-sponsored attacks

backdoor, Check Point, Don't miss, Hot stuff, Malware, News, router, TP-LINK /

TP-Link routers implanted with malicious firmware in state-sponsored attacks 17/05/2023 at 16:44 By Helga Labus A Chinese state-sponsored APT group implanted malicious firmware into TP-Link routers as part of attack campaigns aimed at European foreign affairs entities, say Check Point researchers. Custom malicious firmware for TP-Link routers The malicious firmware was exclusively created for TP-Link

React to this headline:

Loading spinner

TP-Link routers implanted with malicious firmware in state-sponsored attacks Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

Don't miss, KeePass, News, open source, passwords, PoC, vulnerability /

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

Loading spinner

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Inactive Google accounts will be deleted

Don't miss, Google, Hot stuff, News, policy /

Inactive Google accounts will be deleted 17/05/2023 at 14:17 By Helga Labus A week after Twitter announced it will be removing idle accounts after 30 days of inaction, Google has updated its account inactivity policy. Updates to the Google account inactivity policy Google says that the updated policy is effective immediately, but that it will

React to this headline:

Loading spinner

Inactive Google accounts will be deleted Read More »

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store

apple, Artificial Intelligence, ChatGPT, cybersecurity, Don't miss, Google Play, Hot stuff, News, scams, software, threats /

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store 17/05/2023 at 14:17 By Help Net Security Sophos researchers uncovered multiple apps masquerading as legitimate, ChatGPT-based chatbots to overcharge users. These apps have popped up in the Google Play and Apple App Store. Because the free versions have near-zero functionality and

React to this headline:

Loading spinner

Scammers exploit AI trend with fake ChatGPT apps on Google Play, Apple App Store Read More »

Infamous cybercrime marketplace offers pre-order service for stolen credentials

cybercrime, cybercriminals, cybersecurity, Malware, News, SecureWorks /

Infamous cybercrime marketplace offers pre-order service for stolen credentials 17/05/2023 at 09:42 By Help Net Security Infostealer malware, which consist of code that infects devices without the user’s knowledge and steals data, remains widely available to buy through underground forums and marketplaces, with the volume of logs, or collections of stolen data, available for sale

React to this headline:

Loading spinner

Infamous cybercrime marketplace offers pre-order service for stolen credentials Read More »

The CIS Benchmarks Community consensus process

Center for Internet Security, News /

The CIS Benchmarks Community consensus process 17/05/2023 at 09:42 By Help Net Security The Center for Internet Security (CIS) recently celebrated 20 years of bringing confidence to the connected world with consensus-based security guidance. The first CIS Benchmark was released in 2000. Today, there are more than 100 CIS Benchmarks configuration guidelines across 25+ product

React to this headline:

Loading spinner

The CIS Benchmarks Community consensus process Read More »

Fraudsters send fake invoice, follow up with fake exec confirmation

Armorblox, Don't miss, enterprise, fraud, News, security awareness, SMBs /

Fraudsters send fake invoice, follow up with fake exec confirmation 16/05/2023 at 16:10 By Zeljka Zorz Fraudsters are trying out a new approach to convince companies to pay bogus invoices: instead of hijacking existing email threads, they are creating convincing ones themselves. A clever payment request fraud The fraud attempt begins with an email containing

React to this headline:

Loading spinner

Fraudsters send fake invoice, follow up with fake exec confirmation Read More »

Attack automation becomes a prevalent threat against APIs

API security, attacks, Cequence Security, CISO, News, report /

Attack automation becomes a prevalent threat against APIs 16/05/2023 at 16:09 By Help Net Security The second half of 2022 marked a significant turning point in the security landscape. In several high-profile incidents, application programming interfaces (APIs) emerged as a primary attack vector, posing a new and significant threat to organizations’ security posture, according to

React to this headline:

Loading spinner

Attack automation becomes a prevalent threat against APIs Read More »

Lacroix manufacturing facilities shut down following cyberattack

cyberattack, disruption, Don't miss, France, Hot stuff, manufacturing sector, News, Ransomware /

Lacroix manufacturing facilities shut down following cyberattack 16/05/2023 at 14:08 By Helga Labus French electronics manufacturer Lacroix closed three factories as a result of a cyberattack they “intercepted” over the weekend, the company has announced on Monday. Lacroix designs and produces electronic equipment for the automotive, home automation, aerospace, industrial and health sectors, as well

React to this headline:

Loading spinner

Lacroix manufacturing facilities shut down following cyberattack Read More »

Google Cloud CISO on why the Google Cybersecurity Certificate matters

certification, cybersecurity, Features, Google Cloud, News, opinion, SANS, skill development /

Google Cloud CISO on why the Google Cybersecurity Certificate matters 16/05/2023 at 11:53 By Mirko Zorz As part of Google’s commitment to building a strong cybersecurity workforce, the Google Cybersecurity Certificate offers an affordable and accessible pathway to a career in cybersecurity. In this Help Net Security interview, Phil Venables, CISO at Google Cloud, sheds

React to this headline:

Loading spinner

Google Cloud CISO on why the Google Cybersecurity Certificate matters Read More »

WhatsApp allows users to lock sensitive chats

authentication, Don't miss, Hot stuff, Meta, News, Privacy, WhatsApp /

WhatsApp allows users to lock sensitive chats 16/05/2023 at 11:53 By Helga Labus Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: WhatsApp) Enabling Chat Lock By tapping on a one-to-one or group conversation, users can easily enable

React to this headline:

Loading spinner

WhatsApp allows users to lock sensitive chats Read More »

Advantech’s industrial serial device servers open to attack

Advantech, CyberDanube, Don't miss, IIoT, network, News, PoC, vulnerability /

Advantech’s industrial serial device servers open to attack 15/05/2023 at 17:48 By Zeljka Zorz Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-enable” serial devices (e.g., printer, climate control system, etc.)

React to this headline:

Loading spinner

Advantech’s industrial serial device servers open to attack Read More »

SquareX’s vision: A future where internet security is a non-issue

CISO, cybersecurity, Don't miss, Features, Hot stuff, News, SquareX, strategy /

SquareX’s vision: A future where internet security is a non-issue 15/05/2023 at 12:11 By Mirko Zorz With an ever-evolving landscape of cyber threats, the necessity for innovative, effective, and user-friendly security products has never been more apparent. Current security solutions, however, seem to lag behind, struggling to adequately address the challenges posed by increasingly sophisticated

React to this headline:

Loading spinner

SquareX’s vision: A future where internet security is a non-issue Read More »

Bad bots are coming for APIs

Artificial Intelligence, attacks, automation, bot, credentials, cybercriminals, data theft, Imperva, News, report, spam /

Bad bots are coming for APIs 15/05/2023 at 06:16 By Help Net Security In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its lowest level in eight years. Bad bot traffic For the fourth consecutive year,

React to this headline:

Loading spinner

Bad bots are coming for APIs Read More »

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked

News, Week in review /

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked 14/05/2023 at 15:13 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Dragos blocks ransomware attack, brushes aside extortion attempt A ransomware group has tried and failed to extort money

React to this headline:

Loading spinner

Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked Read More »

Greatness phishing-as-a-service threatens Microsoft 365 users

Cisco, Don't miss, Hot stuff, MFA, Microsoft 365, News, phishing /

Greatness phishing-as-a-service threatens Microsoft 365 users 12/05/2023 at 13:20 By Helga Labus Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing

React to this headline:

Loading spinner

Greatness phishing-as-a-service threatens Microsoft 365 users Read More »

New infosec products of the week: May 12, 2023

Aqua Security, Feedzai, Nebulon, News, OpenVPN, Trua, Zscaler /

New infosec products of the week: May 12, 2023 12/05/2023 at 07:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, Feedzai, Nebulon, OpenVPN, Trua, and Zscaler. Aqua Security strengthens software supply chain security with pipeline integrity scanning Powered by eBPF technology, Aqua’s

React to this headline:

Loading spinner

New infosec products of the week: May 12, 2023 Read More »

Scroll to Top