News

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418)

access point, Cisco, CVE, Don't miss, energy sector, Hot stuff, manufacturing sector, maritime industry, News, vulnerability /

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) 2024-11-07 at 11:33 By Zeljka Zorz Cisco has fixed a critical command injection vulnerability (CVE-2024-20418) affecting its Ultra-Reliable Wireless Backhaul (URWB) Access Points that can be exploited via a HTTP requests and allows complete compromise of the devices. There are no workarounds to address this […]

Critical vulnerability in Cisco industrial wireless access points fixed (CVE-2024-20418) Read More »

How AI will shape the next generation of cyber threats

API security, Artificial Intelligence, attacks, Compliance, cybercriminals, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Prismatic, regulation, strategy /

How AI will shape the next generation of cyber threats 2024-11-07 at 08:08 By Mirko Zorz In this Help Net Security interview, Buzz Hillestad, CISO at Prismatic, discusses how AI’s advancement reshapes cybercriminal skillsets and lowers entry barriers for potential attackers. Hillestad highlights that, as AI tools become more accessible, organizations must adapt their defenses

How AI will shape the next generation of cyber threats Read More »

AWS security essentials for managing compliance, data protection, and threat detection

AWS, cloud security, Don't miss, Hot stuff, monitoring, News, strategy, threat monitoring, tips /

AWS security essentials for managing compliance, data protection, and threat detection 2024-11-07 at 07:03 By Help Net Security AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool

AWS security essentials for managing compliance, data protection, and threat detection Read More »

Consumer privacy risks of data aggregation: What should organizations do?

cybersecurity, Data Protection, Don't miss, Expert analysis, Expert corner, Hot stuff, LOKKER, News, opinion, Privacy, regulation, risk /

Consumer privacy risks of data aggregation: What should organizations do? 2024-11-07 at 06:48 By Help Net Security In September 2024, the Federal Trade Commission (FTC) released an eye-opening report that digs into the data habits of nine major tech giants, including Amazon (Twitch), ByteDance (TikTok), Discord, Facebook, Reddit, Snap, Twitter, WhatsApp, and YouTube. The findings

Consumer privacy risks of data aggregation: What should organizations do? Read More »

GoZone ransomware accuses and threatens victims

Don't miss, Elastio, Hot stuff, News, Ransomware, SonicWall, Windows /

GoZone ransomware accuses and threatens victims 2024-11-06 at 13:06 By Zeljka Zorz A new ransomware dubbed GoZone is being leveraged by attackers that don’t seem to be very greedy: they are asking the victims to pay just $1,000 in Bitcoin if they want their files decrypted. The GoZone HTML ransom note (Source: SonicWall) The ransom

GoZone ransomware accuses and threatens victims Read More »

The cybersecurity gender gap: How diverse teams improve threat response

cybersecurity, Don't miss, education, Features, Hot stuff, LinkedIn, News, opinion, skill development, training /

The cybersecurity gender gap: How diverse teams improve threat response 2024-11-06 at 07:33 By Mirko Zorz In this Help Net Security interview, Julie Madhusoodanan, Head of CyberSecurity at LinkedIn, discusses how closing the gender gap could enhance cybersecurity’s effectiveness in combating emerging threats. With women still underrepresented in cybersecurity roles, she emphasizes how diverse teams

The cybersecurity gender gap: How diverse teams improve threat response Read More »

Osmedeus: Open-source workflow engine for offensive security

Don't miss, GitHub, Hot stuff, News, open source, software /

Osmedeus: Open-source workflow engine for offensive security 2024-11-06 at 07:03 By Help Net Security Osmedeus is an open-source workflow engine designed for offensive security. It serves as a versatile foundation, enabling users to easily create customized reconnaissance systems and scale them across extensive target lists. Osmedeus key features Speed up your recon process Organize your

Osmedeus: Open-source workflow engine for offensive security Read More »

Identity-related data breaches cost more than average incidents

cybersecurity, data breach, identity, News, report, RSA, survey /

Identity-related data breaches cost more than average incidents 2024-11-06 at 06:01 By Help Net Security Identity-related data breaches are more severe and costly than run-of-the-mill incidents, according to RSA. 40% of respondents reported an identity-related security breach. Of those, 66% reported it as a severe event that affected their organization. 44% estimated that the total

Identity-related data breaches cost more than average incidents Read More »

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC

Managed Detection and Response, Microsoft Security, News /

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC 2024-11-06 at 00:03 By Trustwave has further solidified its partnership with Microsoft by achieving Microsoft FastTrack Ready partner status for Microsoft 365 and being named a Microsoft Verified Managed Extended Detection and Response (MXDR) solution provider for the Asia Pacific (APAC) region. This article is an excerpt

Trustwave Strengthens Partnership with Microsoft to Enhance Cybersecurity in APAC Read More »

Beware of phishing emails delivering backdoored Linux VMs!

backdoor, Don't miss, Hot stuff, Linux, News, phishing, Securonix, virtualization /

Beware of phishing emails delivering backdoored Linux VMs! 2024-11-05 at 16:05 By Zeljka Zorz Unknown attackers are trying to trick Windows users into spinning up a custom Linux virtual machine (VM) with a pre-configured backdoor, Securonix researchers have discovered. The campaign The attack began with a phishing email, they believe, but they weren’t able to

Beware of phishing emails delivering backdoored Linux VMs! Read More »

Google patches actively exploited Android vulnerability (CVE-2024-43093)

Android, CVE, Don't miss, Hot stuff, News, Samsung, security update, smartphones, vulnerability /

Google patches actively exploited Android vulnerability (CVE-2024-43093) 2024-11-05 at 13:34 By Zeljka Zorz Google has delivered fixes for two vulnerabilities endangering Android users that “may be under limited, targeted exploitation”: CVE-2024-43047, a flaw affecting Qualcomm chipsets, and CVE-2024-43093, a vulnerability in the Google Play framework. The exploited vulnerabilities (CVE-2024-43047, CVE-2024-43093) Qualcomm patched CVE-2024-43047 – a

Google patches actively exploited Android vulnerability (CVE-2024-43093) Read More »

Report: Voice of Practitioners 2024 – The True State of Secrets Security

CyberArk, GitGuardian, News, Whitepapers and webinars /

Report: Voice of Practitioners 2024 – The True State of Secrets Security 2024-11-05 at 12:33 By Help Net Security In this study, GitGuardian and CyberArk reveal the stark reality of secrets management across 1,000 organizations. With 79% experiencing secrets leaks and an average remediation time of 27 days, the findings expose critical gaps between security

Report: Voice of Practitioners 2024 – The True State of Secrets Security Read More »

Open-source software: A first attempt at organization after CRA

cybersecurity, Don't miss, EU, Expert analysis, Expert corner, Hot stuff, News, open source, opinion, regulation, The Document Foundation /

Open-source software: A first attempt at organization after CRA 2024-11-05 at 08:03 By Help Net Security The open-source software (OSS) industry is developing the core software for the global infrastructure, to the point that even some proprietary software giants adopt Linux servers for their cloud services. Still, it has never been able to get organized

Open-source software: A first attempt at organization after CRA Read More »

Maximizing security visibility on a budget

Artificial Intelligence, Cloud, Compliance, cybersecurity, Don't miss, Features, Forescout, Hot stuff, IoT, IT assets, network, News, opinion, security controls, zero trust /

Maximizing security visibility on a budget 2024-11-05 at 07:03 By Mirko Zorz In this Help Net Security interview, Barry Mainz, CEO at Forescout, discusses the obstacles organizations encounter in attaining security visibility, particularly within cloud and hybrid environments. He explains why asset intelligence—going beyond basic visibility to understand device behavior and risk—is essential. Mainz also

Maximizing security visibility on a budget Read More »

Cybersecurity jobs available right now: November 5, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: November 5, 2024 2024-11-05 at 06:38 By Anamarija Pogorelec Application Security Engineer MassMutual | USA | Hybrid – View job details As an Application Security Engineer, you will conduct in-depth security assessments, including vulnerability scanning, and code reviews. Ensure secure coding practices are followed, and security controls are incorporated into

Cybersecurity jobs available right now: November 5, 2024 Read More »

AI learning mechanisms may lead to increase in codebase leaks

Application Security, code, CyberArk, cybersecurity, digital transformation, GitGuardian, News, report, survey /

AI learning mechanisms may lead to increase in codebase leaks 2024-11-05 at 06:03 By Help Net Security The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500

AI learning mechanisms may lead to increase in codebase leaks Read More »

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443)

CVE, Don't miss, Hot stuff, Midnight Blue, NAS, News, security update, Synology, vulnerability /

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) 2024-11-04 at 16:04 By Zeljka Zorz Synology has released fixes for an unauthenticated “zero-click” remote code execution flaw (CVE-2024-10443, aka RISK:STATION) affecting its popular DiskStation and BeeStation network attached storage (NAS) devices. About CVE-2024-10443 CVE-2024-10443 was discovered by Rick de Jager, a security researcher at

Millions of Synology NAS devices vulnerable to zero-click attacks (CVE-2024-10443) Read More »

Hiring guide: Key skills for cybersecurity researchers

cybersecurity, cybersecurity jobs, Don't miss, Features, Hot stuff, News, professional, skill development, strategy, tips /

Hiring guide: Key skills for cybersecurity researchers 2024-11-04 at 07:33 By Mirko Zorz In this Help Net Security interview, Rachel Barouch, an Organizational Coach for VCs and startups and a former VP HR in both a VC and a Cybersecurity startup, discusses the dynamics of cybersecurity researchers and team-building strategies. She highlights that these researchers,

Hiring guide: Key skills for cybersecurity researchers Read More »

Whispr: Open-source multi-vault secret injection tool

AWS, Azure, Don't miss, GitHub, Hot stuff, News, open source, software /

Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe

Whispr: Open-source multi-vault secret injection tool Read More »

Scroll to Top