News

Preparing for Q-day: The essential role of cloud migration in securing enterprise data

Cloud, cybersecurity, data security, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, Lemongrass, News, opinion, quantum computing /

Preparing for Q-day: The essential role of cloud migration in securing enterprise data 2024-12-05 at 07:34 By Help Net Security As the era of quantum computing draws closer, businesses face a new and unprecedented threat to data security: “Q-day.” This looming turning point—when quantum machines can break traditional encryption with ease—has the potential to upend […]

Preparing for Q-day: The essential role of cloud migration in securing enterprise data Read More »

How the Shadowserver Foundation helps network defenders with free intelligence feeds

automation, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, network, News, opinion, Shadowserver, Threat Intelligence /

How the Shadowserver Foundation helps network defenders with free intelligence feeds 2024-12-05 at 07:01 By Mirko Zorz In this Help Net Security interview, Piotr Kijewski, CEO of The Shadowserver Foundation, discusses the organization’s mission to enhance internet security by exposing vulnerabilities, malicious activity, and emerging threats. Kijewski explains the foundation’s automated efforts to track and

How the Shadowserver Foundation helps network defenders with free intelligence feeds Read More »

How widespread is mercenary spyware? More than you think

Don't miss, government-backed attacks, Hot stuff, iVerify, News, nso group, smartphone hacking, spyware /

How widespread is mercenary spyware? More than you think 2024-12-04 at 16:18 By Zeljka Zorz A targeted hunt on 2,500 mobile devices for indicators of compromise associated with mercenary spyware has revealed that its use is not as rare as one would hope. The results of the hunt Earlier this year, iVerify added a threat

How widespread is mercenary spyware? More than you think Read More »

Product showcase: Securing Active Directory passwords with Specops Password Policy

Active Directory, Don't miss, Hot stuff, News, passwords, policy, Product showcase, Specops Software /

Product showcase: Securing Active Directory passwords with Specops Password Policy 2024-12-04 at 15:03 By Help Net Security Password policies are a cornerstone of cybersecurity for any organization. A good password policy ensures every end user has a strong and unique password, significantly reducing the risk of unauthorized access and data breaches. These policies not only

Product showcase: Securing Active Directory passwords with Specops Password Policy Read More »

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)

CVE, Don't miss, enterprise, exploit, Hot stuff, network monitoring, News, PoC, Progress, Tenable, vulnerability /

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) 2024-12-04 at 13:38 By Zeljka Zorz Researchers have published a proof-of-concept (PoC) exploit for CVE-2024-8785, a critical remote code execution vulnerability affecting Progress WhatsUp Gold, a popular network monitoring solution for enterprises. CVE-2024-8785 and the PoC exploit CVE-2024-8785 stems from the incorrect use of a

PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) Read More »

SafeLine: Open-source web application firewall (WAF)

Don't miss, firewall, GitHub, Hot stuff, News, open source, software, web application security /

SafeLine: Open-source web application firewall (WAF) 2024-12-04 at 07:38 By Mirko Zorz SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. “SafeLine WAF was created to protect web applications for small and medium-sized enterprises from cyber threats by monitoring and filtering HTTP/HTTPS traffic. More importantly, with the widespread

SafeLine: Open-source web application firewall (WAF) Read More »

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks

Artificial Intelligence, Compliance, cybersecurity, data, Don't miss, Features, Hot stuff, News, Noma Security, open source, opinion /

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks 2024-12-04 at 07:21 By Mirko Zorz In this Help Net Security interview, Niv Braun, CEO at Noma Security, discusses the difficulties security teams face due to the fragmented nature of AI processes, tools, and teams across the data and AI lifecycle. Braun also shares insights

Securing AI’s new frontier: Visibility, governance, and mitigating compliance risks Read More »

70% of open-source components are poorly or no longer maintained

code, cyber risk, cybersecurity, Lineaje, News, open source, report, software, survey /

70% of open-source components are poorly or no longer maintained 2024-12-04 at 06:35 By Help Net Security The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, according to Lineaje. Open-source code risks rise with anonymous contributions Microsoft estimates that its customers face 600 million cyberattacks

70% of open-source components are poorly or no longer maintained Read More »

65% of office workers bypass cybersecurity to boost productivity

cyber risk, CyberArk, cybersecurity, News, report, survey /

65% of office workers bypass cybersecurity to boost productivity 2024-12-04 at 06:04 By Help Net Security High-risk access exists throughout the workplace, in almost every job role, proving that the time has come for organizations to re-think the way they protect their workforce, according to CyberArk. CyberArk surveyed 14,003 employees in the UK, USA, France,

65% of office workers bypass cybersecurity to boost productivity Read More »

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)

backup, CVE, Don't miss, enterprise, Hot stuff, MSP, News, Veeam Software, vulnerability /

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) 2024-12-03 at 19:48 By Zeljka Zorz Veeam has fixed two vulnerabilities in Veeam Service Provider Console (VSPC), one of which (CVE-2024-42448) may allow remote attackers to achieve code exection on the VSPC server machine. The vulnerabilities Veeam Service Provider Console is a cloud-enabled platform that

Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449) Read More »

Police takes down Matrix encrypted chat service used by criminals

arrest, crime, Encryption, Europe, Europol, France, Hot stuff, law enforcement, News, secure communications /

Police takes down Matrix encrypted chat service used by criminals 2024-12-03 at 17:18 By Zeljka Zorz A joint investigation team involving French and Dutch authorities has taken down Matrix, yet another end-to-end encrypted chat service created by criminals. Matrix (Source: Dutch Police) The Matrix encrypted chat service Matrix – also know as Mactrix, Totalsec, X-quantum,

Police takes down Matrix encrypted chat service used by criminals Read More »

Whitepaper: 9 traits of effective security leaders of tomorrow

Don't miss, ISC2, News, whitepapper /

Whitepaper: 9 traits of effective security leaders of tomorrow 2024-12-03 at 16:15 By Help Net Security The cyber world needs your expertise. But the security leaders of tomorrow require a broad set of skills that job experience alone does not arm you with. What do today’s organizations demand? And how can you acquire the technical

Whitepaper: 9 traits of effective security leaders of tomorrow Read More »

Phishers send corrupted documents to bypass email security

Any.Run, Don't miss, email security, Hot stuff, MS Office, News, phishing /

Phishers send corrupted documents to bypass email security 2024-12-03 at 14:18 By Zeljka Zorz Phishers have come up with a new trick for bypassing email security systems: corrupted MS Office documents. The spam campaign Malware hunting service Any.Run has warned last week about email campaigns luring users with promises of payments, benefits and end-of-the-year bonuses.

Phishers send corrupted documents to bypass email security Read More »

US government, energy sector contractor hit by ransomware

energy sector, Government, Hot stuff, News, Ransomware, USA /

US government, energy sector contractor hit by ransomware 2024-12-03 at 12:15 By Zeljka Zorz ENGlobal, a Texas-based engineering and automation contractor for companies in the energy sector, has had its data encrypted by attackers. “On November 25, 2024, ENGlobal Corporation (the “Company”) became aware of a cybersecurity incident. The preliminary investigation has revealed that a

US government, energy sector contractor hit by ransomware Read More »

Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams

Microsoft Teams, News, open source, software /

Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams 2024-12-03 at 11:18 By Mirko Zorz Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives companies complete control over their data. Nextcloud Talk collaboration software delivers highly secure, GDPR-compliant communication while providing all the essential

Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams Read More »

Treat AI like a human: Redefining cybersecurity

Appfire, Artificial Intelligence, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, risk assessment, security controls /

Treat AI like a human: Redefining cybersecurity 2024-12-03 at 07:31 By Mirko Zorz In this Help Net Security interview, Doug Kersten, CISO of Appfire, explains how treating AI like a human can change the way cybersecurity professionals use AI tools. He discusses how this shift encourages a more collaborative approach while acknowledging AI’s limitations. Kersten

Treat AI like a human: Redefining cybersecurity Read More »

Cybersecurity jobs available right now: December 3, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: December 3, 2024 2024-12-03 at 06:39 By Anamarija Pogorelec Application Security Engineer TE Connectivity | USA | Remote – View job details As an Application Security Engineer, you will design, develop, and implement a robust Application Security program. Create and maintain application security policies, standards, and procedures. Participate in the

Cybersecurity jobs available right now: December 3, 2024 Read More »

The shocking speed of AWS key exploitation

automation, AWS, Clutch Security, credentials, Don't miss, GitHub, Hot stuff, News, security practices /

The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just

The shocking speed of AWS key exploitation Read More »

AWS offers incident response service

AWS, enterprise, Hot stuff, Incident Response, News /

AWS offers incident response service 2024-12-02 at 14:15 By Zeljka Zorz Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident Response explained “Security events

AWS offers incident response service Read More »

Scroll to Top