News

Cybercriminals capitalize on travel industry’s peak season

API security, attacks, Cequence Security, CISO, Compliance, cybersecurity, News, report, survey /

Cybercriminals capitalize on travel industry’s peak season 2024-08-28 at 06:31 By Help Net Security Cybercriminals are capitalizing on the travel and hospitality industry’s peak season, using increased traffic as cover for their attacks, according to Cequence Security. Researchers investigated the top 10 travel and hospitality sites to identify externally visible edge, cloud infrastructure, application stack, […]

Cybercriminals capitalize on travel industry’s peak season Read More »

Old methods, new technologies drive fraud losses

cybercrime, cybersecurity, Experian, fraud, generative AI, News, report, survey /

Old methods, new technologies drive fraud losses 2024-08-28 at 06:01 By Help Net Security GenAI, deepfakes and cybercrime are critical threats putting intensifying pressures on businesses, according to Experian. Top online security concerns for consumers According to the FTC, consumers reported losing more than $10 billion to fraud in 2023 alone, representing a 14% increase

Old methods, new technologies drive fraud losses Read More »

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717)

0-day, APT, Don't miss, Hot stuff, ISP, Lumen, Malware, misconfiguration, MSP, News, USA, Versa Networks, web shell /

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) 2024-08-27 at 19:01 By Zeljka Zorz Advanced, persistent attackers have exploited a zero-day vulnerability (CVE-2024-39717) in Versa Director to compromise US-based managed service providers with a custom-made web shell dubbed VersaMem by the researchers. The malware harvests credentials enabling the attackers to access the providers’ downstream

Versa Director zero-day exploited to compromise ISPs, MSPs (CVE-2024-39717) Read More »

How to prioritize data privacy in core customer-facing systems

cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, MetaRouter, News, opinion, Privacy, strategy /

How to prioritize data privacy in core customer-facing systems 2024-08-27 at 07:45 By Help Net Security Evolving global data privacy regulations are keeping marketers on their toes. In April 2024, the American Privacy Rights Act (APRA) was introduced in the Senate. The proposed bill would create a federal consumer privacy framework akin to the GDPR,

How to prioritize data privacy in core customer-facing systems Read More »

Behind the scenes of Serious Cryptography

books, cybersecurity, Don't miss, Encryption, Features, Hot stuff, how-to, News, No Starch Press, opinion, tips /

Behind the scenes of Serious Cryptography 2024-08-27 at 07:45 By Mirko Zorz In this Help Net Security interview, Jean-Philippe Aumasson, discusses the writing and research process for Serious Cryptography, his latest book. With a career steeped in research and practical cryptography, Aumasson offers a rare glimpse into the efforts required to distill complex concepts into

Behind the scenes of Serious Cryptography Read More »

Half of enterprises suffer breaches despite heavy security investments

Arctic Wolf Networks, CISO, Commvault, cybersecurity, data breach, Gigamon, IBM, News, Pentera, report, SecurityScorecard, survey, Thales, Verizon /

Half of enterprises suffer breaches despite heavy security investments 2024-08-27 at 06:32 By Help Net Security Data breaches have become an increasingly severe threat, with recent reports highlighting a surge in their frequency and cost. Understanding the latest trends and statistics surrounding data breaches is essential for developing effective strategies to safeguard sensitive information. This

Half of enterprises suffer breaches despite heavy security investments Read More »

Lateral movement: Clearest sign of unfolding ransomware attack

Barracuda Networks, cybercrime, News, Ransomware, report, survey /

Lateral movement: Clearest sign of unfolding ransomware attack 2024-08-27 at 06:01 By Help Net Security 44% of unfolding ransomware attacks were spotted during lateral movement, according to Barracuda Networks. 25% of incidents were detected when the attackers started writing or editing files, and 14% were unmasked by behavior that didn’t fit with known activity patterns.

Lateral movement: Clearest sign of unfolding ransomware attack Read More »

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)

access control, CVE, Don't miss, firewall, Hot stuff, News, security update, SonicWall, vulnerability /

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) 2024-08-26 at 21:32 By Zeljka Zorz SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific conditions, to crash the appliances. About CVE-2024-40766 CVE-2024-40766 is an improper access control vulnerability in the “SonicWall SonicOS

SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766) Read More »

Two strategies to protect your business from the next large-scale tech failure

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, InkBridge Networks, News, opinion, software, strategy /

Two strategies to protect your business from the next large-scale tech failure 2024-08-26 at 06:47 By Help Net Security The CrowdStrike event in July clearly demonstrated the risks of allowing a software vendor deep access to network infrastructure. It also raised concerns about the concentration of digital services in the hands of a few companies.

Two strategies to protect your business from the next large-scale tech failure Read More »

Nuclei: Open-source vulnerability scanner

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software, vulnerability assessment /

Nuclei: Open-source vulnerability scanner 2024-08-26 at 06:31 By Help Net Security Nuclei is a fast and customizable open-source vulnerability scanner powered by YAML-based templates. With its flexible templating system, Nuclei can be adapted to perform various security checks. It can send requests to multiple targets using customizable templates, ensuring zero false positives and enabling rapid

Nuclei: Open-source vulnerability scanner Read More »

Rebrand, regroup, ransomware, repeat

cybercrime, Don't miss, HackerOne, Hot stuff, News, Ransomware, Video /

Rebrand, regroup, ransomware, repeat 2024-08-26 at 06:01 By Help Net Security Changes witnessed over the last few years have led to larger ransomware groups breaking into smaller units, posing more considerable challenges for law enforcement. Ransomware actors are evading arrest more easily and adapting methods with innovative technologies. In this Help Net Security video, Shobhit

Rebrand, regroup, ransomware, repeat Read More »

Adversaries love bots, short-lived IP addresses, out-of-band domains

cybersecurity, Fastly, News, report, survey /

Adversaries love bots, short-lived IP addresses, out-of-band domains 2024-08-26 at 05:32 By Help Net Security Fastly found 91% of cyberattacks – up from 69% in 2023 – targeted multiple customers using mass scanning techniques to uncover and exploit software vulnerabilities, revealing an alarming trend in attacks spreading across a broader target base. Industries ranked by

Adversaries love bots, short-lived IP addresses, out-of-band domains Read More »

GenAI buzz fading among senior executives

data, Deloitte, generative AI, News, report, survey /

GenAI buzz fading among senior executives 2024-08-26 at 05:01 By Help Net Security GenAI adoption has reached a critical phase, with 67% of respondents reporting their organization is increasing its investment in GenAI due to strong value to date, according to Deloitte. “The State of Generative AI in the Enterprise: Now decides Next,” is based

GenAI buzz fading among senior executives Read More »

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited

News, Week in review /

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited 2024-08-25 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PostgreSQL databases under attack Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. Vulnerabilities in Microsoft

Week in review: PostgreSQL databases under attack, new Chrome zero-day actively exploited Read More »

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)

CVE, Don't miss, enterprise, Hot stuff, MSP, News, SMBs, SolarWinds, vulnerability /

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) 2024-08-23 at 13:31 By Zeljka Zorz A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out. CVE-2024-28987 CVE-2024-28987 stems from

Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987) Read More »

Vulnerability prioritization is only the beginning

cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, News, opinion, strategy, vulnerability management /

Vulnerability prioritization is only the beginning 2024-08-23 at 07:30 By Help Net Security To date, most technology solutions focused on vulnerability management have focused on the prioritization of risks. That usually took the shape of some risk-ranking structure displayed in a table with links out to the CVEs and other advisory or threat intelligence information.

Vulnerability prioritization is only the beginning Read More »

The changing dynamics of ransomware as law enforcement strikes

cybercrime, Don't miss, News, Ransomware, report, survey, WithSecure /

The changing dynamics of ransomware as law enforcement strikes 2024-08-23 at 06:31 By Help Net Security After peaking in late 2023, the ransomware industry is beginning to stabilize in productivity, with notable developments in ransomware targets, and industry dynamics, according to WithSecure. Sectors impacted by ransomware (Source: WithSecure) While ransomware productivity has shown signs of

The changing dynamics of ransomware as law enforcement strikes Read More »

New infosec products of the week: August 23, 2024

Entrust, Fortanix, McAfee, News, Own, RightCrowd, Wallarm /

New infosec products of the week: August 23, 2024 2024-08-23 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Entrust, Fortanix, McAfee, Own, RightCrowd, and Wallarm. Own proactively detects and stores data changes in Salesforce Continuous Data Protection from Own pushes data changes

New infosec products of the week: August 23, 2024 Read More »

Anomali announces expanded capabilities for Copilot

Anomali, Industry news, News /

Anomali announces expanded capabilities for Copilot 2024-08-22 at 16:32 By Industry News Anomali announced new capabilities for Anomali Copilot to help security, and now also IT departments, use the latest innovations in AI to successfully defend, protect, and propel their organizations forward. Anomali Copilot empowers security or IT analysts at any skill level to search

Anomali announces expanded capabilities for Copilot Read More »

Scroll to Top