News

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)

CVE, Don't miss, enterprise, GitHub, Hot stuff, News, security update, software development, vulnerability /

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) 2024-08-22 at 15:31 By Zeljka Zorz A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty program, has been addressed and administrators are […]

Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800) Read More »

Android malware uses NFC to steal money at ATMs

Android, Banks, cybercrime, Don't miss, EU, Europe, Hot stuff, Malware, News, scams /

Android malware uses NFC to steal money at ATMs 2024-08-22 at 12:01 By Help Net Security ESET researchers uncovered NGate malware, which can relay data from victims’ payment cards via a malicious app installed on their Android devices to the attacker’s rooted Android phone. Attack overview (Source: ESET) Unauthorized ATM withdrawals The campaign’s primary goal

Android malware uses NFC to steal money at ATMs Read More »

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)

0-day, Chrome, CVE, Don't miss, Google, Hot stuff, Microsoft, Microsoft Edge, News /

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) 2024-08-22 at 12:01 By Zeljka Zorz A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript and WebAssembly engine developed by Google

New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971) Read More »

A survival guide for data privacy in the age of federal inaction

cybersecurity, Data Protection, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Osano, Privacy, regulation, strategy /

A survival guide for data privacy in the age of federal inaction 2024-08-22 at 07:31 By Help Net Security Things change fast in the world of data privacy. Just earlier this year, the question I was being asked most frequently was, “How similar will the proposed federal privacy law (APRA) be to the EU’s GDPR?”

A survival guide for data privacy in the age of federal inaction Read More »

Most ransomware attacks occur between 1 a.m. and 5 a.m.

attacks, CISO, cyberattacks, cybercrime, Don't miss, Malwarebytes, News, Ransomware, report, survey /

Most ransomware attacks occur between 1 a.m. and 5 a.m. 2024-08-22 at 07:02 By Help Net Security There’s been an alarming increase in ransomware attacks over the past year, alongside significant shifts in the tactics and strategies employed by cybercriminals that underscore the necessity for organizations to implement around-the-clock monitoring and investigation of suspicious behaviors,

Most ransomware attacks occur between 1 a.m. and 5 a.m. Read More »

Why C-suite leaders are prime cyber targets

CISO, cybersecurity, GetApp, News, report, strategy, survey, USA /

Why C-suite leaders are prime cyber targets 2024-08-22 at 06:32 By Help Net Security Senior executives are prime targets for cybercriminals, with 72% of surveyed cybersecurity professionals in the US reporting that cyberattacks have targeted this group in the past 18 months. This trend, highlighted in GetApp’s 2024 Executive Cybersecurity Report, underscores the growing sophistication

Why C-suite leaders are prime cyber targets Read More »

GenAI models are easily compromised

Artificial Intelligence, cybersecurity, generative AI, Lakera, News, report, survey /

GenAI models are easily compromised 2024-08-22 at 06:01 By Help Net Security 95% of cybersecurity experts express low confidence in GenAI security measures while red team data shows anyone can easily hack GenAI models, according to Lakera. Attack methods specific to GenAI, or prompt attacks, are easily used by anyone to manipulate the applications, gain

GenAI models are easily compromised Read More »

PostgreSQL databases under attack

Aqua Security, brute-force, Cloud, cryptojacking, Don't miss, Hot stuff, Linux, Malware, News, PostgreSQL, tips /

PostgreSQL databases under attack 2024-08-21 at 16:16 By Zeljka Zorz Poorly protected PostgreSQL databases running on Linux machines are being compromised by cryptojacking attackers. The attack – observed by Aqua Security researchers on a honeypot system – starts with the threat actors brute-forcing access credentials. Once access is achieved, the threat actor: Creates a new

PostgreSQL databases under attack Read More »

Microchip Technology manufacturing facilities impacted by cyberattack

cyberattack, disruption, Don't miss, Hot stuff, Microchip Technology, News, Semiconductors, USA /

Microchip Technology manufacturing facilities impacted by cyberattack 2024-08-21 at 12:46 By Zeljka Zorz American semiconductor manufacturer Microchip Technology Incorporated has had some of its business operations disrupted by a cyberattack. “As a result of the incident, certain of the Company’s manufacturing facilities are operating at less than normal levels, and the Company’s ability to fulfill

Microchip Technology manufacturing facilities impacted by cyberattack Read More »

OpenCTI: Open-source cyber threat intelligence platform

Don't miss, Filigran, GitHub, Hot stuff, News, open source, software, Threat Intelligence /

OpenCTI: Open-source cyber threat intelligence platform 2024-08-21 at 07:31 By Help Net Security OpenCTI is an open-source platform designed to help organizations manage their cyber threat intelligence (CTI) data and observables. The platform structures its data using a knowledge schema built on the STIX2 standards. It features a modern web application architecture with a GraphQL

OpenCTI: Open-source cyber threat intelligence platform Read More »

Cybersecurity jobs available right now: August 21, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: August 21, 2024 2024-08-21 at 07:01 By Help Net Security Associate Cybersecurity Operations Officer UNICC | USA | On-site – View job details The Center aims to provide trusted ICT services and digital business solutions. You will work under the direct supervision and guidance of the Head of Cybersecurity Operations

Cybersecurity jobs available right now: August 21, 2024 Read More »

Food security: Accelerating national protections around critical infrastructure

CISO, critical infrastructure, cybersecurity, Hot stuff, News, strategy, tips, USA, Video /

Food security: Accelerating national protections around critical infrastructure 2024-08-21 at 06:31 By Help Net Security In this Help Net Security video, Mike Lexa, CISO and Global VP of IT Infrastructure and Operations at CNH, discusses how the federal government is taking food security more seriously and what steps must be taken to prioritize security measures.

Food security: Accelerating national protections around critical infrastructure Read More »

New phishing method targets Android and iPhone users

Android, cybercrime, cybersecurity, ESET, Google Play, iOS, iPhone, News, phishing /

New phishing method targets Android and iPhone users 2024-08-20 at 17:33 By Help Net Security ESET researchers discovered an uncommon type of phishing campaign targeting Android and iPhone users. They analyzed a case observed in the wild that targeted clients of a prominent Czech bank. PWA phishing flow (Source: ESET) This technique is noteworthy because

New phishing method targets Android and iPhone users Read More »

Trustwave Government Solutions Attains StateRAMP Authorization Status

Government, Managed Detection and Response, News, SIEM/SOC, Spotlights /

Trustwave Government Solutions Attains StateRAMP Authorization Status 2024-08-20 at 16:01 By Trustwave Government Solutions (TGS) has attained authorized status by the State Risk and Authorization Management Program (StateRAMP) for its Government Fusion platform. This article is an excerpt from Trustwave Blog View Original Source

Trustwave Government Solutions Attains StateRAMP Authorization Status Read More »

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193)

0-day, APT, Don't miss, drivers, Hot stuff, News, North Korea, rootkits, vulnerability /

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) 2024-08-20 at 16:01 By Zeljka Zorz CVE-2024-38193, an actively exploited zero-day that Microsoft patched earlier this month, has been leveraged by North Korean hackers to install a rootkit on targets’ computers, Gen Digital researchers have revealed. About CVE-2024-38193 CVE-2024-38193 is a use-after-free

0-day in Windows driver exploited by North Korean hackers to deliver rootkit (CVE-2024-38193) Read More »

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera

apple, Cisco, Don't miss, Hot stuff, Microsoft, Microsoft Teams, News, vulnerability /

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera 2024-08-20 at 13:46 By Zeljka Zorz Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft

Vulnerabilities in Microsoft macOS apps may give attackers access to microphone, camera Read More »

Strategies for security leaders: Building a positive cybersecurity culture

CISO, communication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Information Security Forum, News, opinion, security culture, strategy /

Strategies for security leaders: Building a positive cybersecurity culture 2024-08-20 at 07:32 By Help Net Security Culture is a catalyst for security success. It can significantly reduce cybersecurity risks and boost cybersecurity resilience of any organization. Culture can also greatly enhance the perceived value, relevance and reputation of the cybersecurity function. So how can security

Strategies for security leaders: Building a positive cybersecurity culture Read More »

AI for application security: Balancing automation with human oversight

AlgoSec, Application Security, CISO, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy, tips /

AI for application security: Balancing automation with human oversight 2024-08-20 at 07:01 By Mirko Zorz In this Help Net Security interview, Kyle Wickert, Worldwide Strategic Architect at AlgoSec, discusses the role of AI in application security, exploring how it’s transforming threat detection and response. Wickert talks about integrating security testing throughout the development lifecycle, the

AI for application security: Balancing automation with human oversight Read More »

Organizations turn to biometrics to counter deepfakes

biometrics, cybercrime, deepfakes, iProov, News, report, survey, threat /

Organizations turn to biometrics to counter deepfakes 2024-08-20 at 06:31 By Help Net Security The risk of deepfakes is rising with 47% of organizations having encountered a deepfake and 70% of them believing deepfake attacks which are created using generative AI tools, will have a high impact on their organizations, according to iProov. Perceptions of

Organizations turn to biometrics to counter deepfakes Read More »

Scroll to Top