WhatsApp allows users to lock sensitive chats 16/05/2023 at 11:53 By Helga Labus Meta has unveiled Chat Lock within WhatsApp, a feature that allows users to keep sensitive and intimate conversations safe from prying eyes. WhatsApp Chat Lock (Source: WhatsApp) Enabling Chat Lock By tapping on a one-to-one or group conversation, users can easily enable […]
React to this headline:
WhatsApp allows users to lock sensitive chats Read More »
Advantech’s industrial serial device servers open to attack 15/05/2023 at 17:48 By Zeljka Zorz Three vulnerabilities in Advantech’s EKI series of serial device servers could be exploited to execute arbitrary commands on the OS level. Source: CyberDanube The vulnerabilities Serial device servers are networking devices that “network-enable” serial devices (e.g., printer, climate control system, etc.)
React to this headline:
Advantech’s industrial serial device servers open to attack Read More »
SquareX’s vision: A future where internet security is a non-issue 15/05/2023 at 12:11 By Mirko Zorz With an ever-evolving landscape of cyber threats, the necessity for innovative, effective, and user-friendly security products has never been more apparent. Current security solutions, however, seem to lag behind, struggling to adequately address the challenges posed by increasingly sophisticated
React to this headline:
SquareX’s vision: A future where internet security is a non-issue Read More »
Bad bots are coming for APIs 15/05/2023 at 06:16 By Help Net Security In 2022, 47.4% of all internet traffic came from bots, a 5.1% increase over the previous year, according to Imperva. The proportion of human traffic (52.6%) decreased to its lowest level in eight years. Bad bot traffic For the fourth consecutive year,
React to this headline:
Bad bots are coming for APIs Read More »
Week in review: Microsoft fixes two actively exploited bugs, MSI private code signing keys leaked 14/05/2023 at 15:13 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Dragos blocks ransomware attack, brushes aside extortion attempt A ransomware group has tried and failed to extort money
React to this headline:
Greatness phishing-as-a-service threatens Microsoft 365 users 12/05/2023 at 13:20 By Helga Labus Manufacturing businesses, healthcare organizations, and tech companies in English-speaking countries are the most targeted by phishers leveraging a relatively new phishing-as-a-service (PaaS) tool called Greatness, created to phish Microsoft 365 users. According to Cisco researcher, this tool has been utilized in numerous phishing
React to this headline:
Greatness phishing-as-a-service threatens Microsoft 365 users Read More »
New infosec products of the week: May 12, 2023 12/05/2023 at 07:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Aqua Security, Feedzai, Nebulon, OpenVPN, Trua, and Zscaler. Aqua Security strengthens software supply chain security with pipeline integrity scanning Powered by eBPF technology, Aqua’s
React to this headline:
New infosec products of the week: May 12, 2023 Read More »
Fraud victims risk more than money 12/05/2023 at 06:30 By Help Net Security Digital fraud has significant financial and psychological repercussions on victims, according to Telesign. Businesses may find a new reason to fear digital fraud as the negative impacts of digital fraud on companies’ brand perception and the bottom line. Trust in digital world
React to this headline:
Fraud victims risk more than money Read More »
CISOs’ confidence in post-pandemic security landscape fades 12/05/2023 at 06:00 By Help Net Security Most CISOs have returned to the elevated concerns they experienced early in the pandemic, according to Proofpoint. Elevated concerns among CISOs Globally, 68% of surveyed CISOs feel at risk of a material cyber attack, compared to 48% the year before, when
React to this headline:
CISOs’ confidence in post-pandemic security landscape fades Read More »
Dragos blocks ransomware attack, brushes aside extortion attempt 11/05/2023 at 15:46 By Zeljka Zorz A ransomware group has tried and failed to extort money from Dragos, the industrial cybersecurity firm has confirmed on Wednesday, and reassured that none of its systems or its Dragos Platform had been breached. What happened? “The criminal group gained access
React to this headline:
Dragos blocks ransomware attack, brushes aside extortion attempt Read More »
Google notifies users about dark web exposure 11/05/2023 at 15:46 By Helga Labus Google has announced new tools, features and updates to improve users’ online safety, help them evaluate content found online, and alert them if their Gmail identity appears on the dark web. New tools and options for users A new tool called About
React to this headline:
Google notifies users about dark web exposure Read More »
Refined methodologies of ransomware attacks 11/05/2023 at 06:34 By Help Net Security Adversaries were able to encrypt data in 76% of the ransomware attacks that were conducted against surveyed organizations, according to Sophos. The survey also shows that when organizations paid a ransom to get their data decrypted, they ended up additionally doubling their recovery
React to this headline:
Refined methodologies of ransomware attacks Read More »
Automotive industry employees unaware of data security risks 11/05/2023 at 06:30 By Help Net Security 30% of automotive employees don’t check security protocols before trying a new tool, according to Salesforce. This could put their company and customer data at risk. Alarming rise in automotive API attacks Cybersecurity is a growing concern in the automotive
React to this headline:
Automotive industry employees unaware of data security risks Read More »
Never leak secrets to your GitHub repositories again 10/05/2023 at 14:47 By Helga Labus GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public repositories. Previously, the feature was available only for private repositories with a GitHub Advanced Security
React to this headline:
Never leak secrets to your GitHub repositories again Read More »
Turla’s Snake malware network disrupted by Five Eyes’ agencies 10/05/2023 at 14:47 By Help Net Security The US Justice Department announced the completion of court-authorized operation MEDUSA, to disrupt a global peer-to-peer network of computers compromised by sophisticated malware, called “Snake” (aka “Uroburous”), that the US Government attributes to a unit within Center 16 of
React to this headline:
Turla’s Snake malware network disrupted by Five Eyes’ agencies Read More »
Kubernetes Bill of Materials (KBOM) open-source tool enhances cloud security response to CVEs 10/05/2023 at 09:26 By Help Net Security Kubernetes Security Operations Center (KSOC) released the first-ever Kubernetes Bill of Materials (KBOM) standard. Available in an open-source CLI tool, this KBOM enables cloud security teams to understand the scope of third-party tooling in their
React to this headline:
56,000+ cloud-based apps at risk of malware exfiltration 10/05/2023 at 06:30 By Help Net Security The technology sector had the highest number of malware-infected employees, most exposed corporate credentials and the majority of all stolen cookies, according to SpyCloud. Drawing on SpyCloud’s database of 400+ billion recaptured assets from the criminal underground, researchers analyzed 2.27
React to this headline:
56,000+ cloud-based apps at risk of malware exfiltration Read More »
Company executives can’t afford to ignore cybersecurity anymore 10/05/2023 at 06:00 By Help Net Security Asked about the Board and C-Suite‘s understanding of cybersecurity across the organisation, only 39% of respondents think their company’s leadership has a sound understanding of cybersecurity’s role as a business enabler, according to Delinea. The high cost of ignoring security
React to this headline:
Company executives can’t afford to ignore cybersecurity anymore Read More »
Microsoft fixes two actively exploited bugs, one used by BlackLotus bootkit (CVE-2023-29336, CVE-2023-24932) 09/05/2023 at 22:15 By Zeljka Zorz For May 2023 Patch Tuesday, Microsoft has delivered fixes for 38 CVE-numbered vulnerabilities, including a patch for a Windows bug (CVE-2023-29336) and a Secure Boot bypass flaw (CVE-2023-24932) exploited by attackers in the wild. The two
React to this headline:
Microsoft Authenticator push notifications get number matching 09/05/2023 at 15:31 By Helga Labus Microsoft has enabled number matching for Microsoft Authenticator push notifications to improve user sign-in security. Authenticator MFA number matching in action (Source: Microsoft) “If the user has a different default authentication method, there’s no change to their default sign-in. If the default
React to this headline:
Microsoft Authenticator push notifications get number matching Read More »