Scammers target Airbnb and Booking.com users 2024-10-11 at 07:01 By Help Net Security ESET researchers discovered that the organized scammer network Telekopye has expanded its operations to target users of popular accommodation booking platforms like Booking.com and Airbnb. They have also increased the sophistication of their victim selection and of targeting the two booking sites, […]
Scammers target Airbnb and Booking.com users Read More »
New infosec products of the week: October 11, 2024 2024-10-11 at 06:31 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Action1, BreachLock, Commvault, Dashlane, Data Theorem, Edgio, Frontegg, and Qualys. Qualys Enterprise TruRisk Management unifies asset inventory and risk factors Qualys launched the Risk
New infosec products of the week: October 11, 2024 Read More »
How to setup passkeys in Apple Passwords app 2024-10-11 at 06:01 By Anamarija Pogorelec Beginning with iOS 18, iPadOS 18, macOS Sequoia, and visionOS 2, the Passwords app allows you to manage your passwords, passkeys, and verification codes. Passwords app interface Creating passkeys Passkeys are a password alternative designed to offer a more convenient and
How to setup passkeys in Apple Passwords app Read More »
What you need to know to select the right GRC framework, North American Edition 2024-10-11 at 05:46 By Help Net Security Governance, risk, and compliance (GRC) frameworks help professionals assess an organization’s risk posture, align technological initiatives with business goals, and ensure regulatory compliance. However, choosing the appropriate framework can be a complex and challenging
What you need to know to select the right GRC framework, North American Edition Read More »
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in
Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »
Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began
Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »
Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make
Widening talent pool in cyber with on-demand contractors Read More »
Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures
Investing in Privacy by Design for long-term compliance Read More »
Balancing legal frameworks and enterprise security governance 2024-10-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance structures and
Balancing legal frameworks and enterprise security governance Read More »
Consumers have trust issues regarding how AI collects their data 2024-10-10 at 06:31 By Help Net Security Consumers worldwide are highly concerned about the information companies collect from them – especially when it’s used for AI, according to Cohesity. The majority of respondents (73% in the UK, 81% in the US and 82% in Australia)
Consumers have trust issues regarding how AI collects their data Read More »
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain
Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »
Guide for selecting the right GRC framework, EU edition 2024-10-09 at 10:46 By Help Net Security Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and strategic objectives with technology, and meet compliance responsibilities. However, selecting the right framework can be challenging. Inside this
Guide for selecting the right GRC framework, EU edition Read More »
YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual
YARA: Open-source tool for malware research Read More »
Cultivating a security-first mindset: Key leadership actions 2024-10-09 at 07:31 By Mirko Zorz In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations. Wienhold also discusses strategies for maintaining ongoing cybersecurity awareness and making security protocols accessible to non-technical staff.
Cultivating a security-first mindset: Key leadership actions Read More »
GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage
GoldenJackal APT group breaches air-gapped systems in Europe Read More »
30% of customer-facing APIs are completely unprotected 2024-10-09 at 06:34 By Help Net Security 70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now accessed via HTTPS, following the push for secure
30% of customer-facing APIs are completely unprotected Read More »
Cybersecurity jobs available right now: October 9, 2024 2024-10-09 at 06:02 By Anamarija Pogorelec Cloud Cybersecurity Analyst III Texas Health and Human Services | USA | Hybrid – View job details As a Cloud CSAIII, you will be responsible for designing, implementing, and managing security solutions for cloud environments. You will ensure that cloud infrastructures
Cybersecurity jobs available right now: October 9, 2024 Read More »
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) 2024-10-08 at 21:17 By Zeljka Zorz Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. The fixed zero-days “We are aware of a
OpenBSD 7.6 released: security improvements, new hardware support, and more! 2024-10-08 at 21:01 By Help Net Security OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system. The 57th release, OpenBSD 7.6, comes with new features, various improvements, bug fixes, and tweaks. Security improvements Added -fret-clean option to the compiler, defaulting to off. This new option
OpenBSD 7.6 released: security improvements, new hardware support, and more! Read More »