News

IntelOwl: Open-source threat intelligence management

Don't miss, GitHub, Hot stuff, News, open source, software, Threat Intelligence /

IntelOwl: Open-source threat intelligence management 2024-08-14 at 07:31 By Mirko Zorz IntelOwl is an open-source solution designed for large-scale threat intelligence management. It integrates numerous online analyzers and advanced malware analysis tools, providing comprehensive insights in one platform. “In late 2019, I faced a significant challenge while working as a cybersecurity analyst in a Security […]

IntelOwl: Open-source threat intelligence management Read More »

Cybersecurity jobs available right now: August 14, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: August 14, 2024 2024-08-14 at 07:01 By Anamarija Pogorelec Cloud Security Specialist EPAM Systems | Chile | Remote – View job details As a Cloud Security Specialist, you will be responsible for creating and maintaining security policies and assisting in the implementation and automation of security solutions within cloud environments.

Cybersecurity jobs available right now: August 14, 2024 Read More »

Current attacks, targets, and other threat landscape trends

Cisco, cybersecurity, Don't miss, Hot stuff, Incident Response, News, report, threats, Video /

Current attacks, targets, and other threat landscape trends 2024-08-14 at 06:31 By Help Net Security In this Help Net Security video, Kendall McKay, Strategic Lead, Cyber Threat Intelligence at Cisco Talos, discusses the trends that Cisco Talos incident response observed in incident response engagements from Q2 2024, which covers April to June. While the attacks

Current attacks, targets, and other threat landscape trends Read More »

NIST releases finalized post-quantum encryption standards

DigiCert, Encryption, Government, News, NIST, quantum computing, standards, USA /

NIST releases finalized post-quantum encryption standards 2024-08-14 at 06:01 By Help Net Security NIST has finalized its principal set of encryption algorithms designed to withstand cyberattacks from a quantum computer. The announced algorithms are specified in the first completed standards from NIST’s post-quantum cryptography (PQC) standardization project and are ready for immediate use. “The transition

NIST releases finalized post-quantum encryption standards Read More »

Microsoft fixes 6 zero-days under active attack

0-day, CVE, Don't miss, Hot stuff, Immersive Labs, Microsoft, Microsoft Edge, MS Office, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

Microsoft fixes 6 zero-days under active attack 2024-08-13 at 23:16 By Zeljka Zorz August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory Corruption Vulnerability

Microsoft fixes 6 zero-days under active attack Read More »

Suspected head of Reveton, Ransom Cartel RaaS groups arrested

arrest, cybercriminals, exploit kit, Hot stuff, law enforcement, National Crime Agency, News, Ransomware, scareware /

Suspected head of Reveton, Ransom Cartel RaaS groups arrested 2024-08-13 at 17:16 By Help Net Security An international operation coordinated by the UK National Crime Agency (NCA) has resulted in the arrest and extradition of a man believed to be one of the world’s most prolific Russian-speaking cybercrime actors. The arrest The NCA has been

Suspected head of Reveton, Ransom Cartel RaaS groups arrested Read More »

Scammers dupe chemical company into wiring $60 million

BEC scams, Don't miss, Europe, fraud, Hot stuff, manufacturing sector, News, USA /

Scammers dupe chemical company into wiring $60 million 2024-08-13 at 16:46 By Zeljka Zorz Orion S.A., a global chemical company with headquarters in Luxembourg, has become a victim of fraud: it lost approximately $60 million through “multiple fraudulently induced outbound wire transfers to accounts controlled by unknown third parties.” The scammers targeted an employee Orion

Scammers dupe chemical company into wiring $60 million Read More »

Australian gold mining company hit with ransomware

Australia, Don't miss, enterprise, Hot stuff, News, Ransomware /

Australian gold mining company hit with ransomware 2024-08-13 at 14:17 By Zeljka Zorz Australian gold mining firm Evolution Mining has announced on Monday that it became aware on 8 August 2024 of a ransomware attack impacting its IT systems, and has been working with its external cyber forensic experts to investigate the incident. “Based on

Australian gold mining company hit with ransomware Read More »

International investigation shuts down Radar/Dispossessor ransomware group

cybersecurity, FBI, Government, law enforcement, News, Ransomware /

International investigation shuts down Radar/Dispossessor ransomware group 2024-08-13 at 12:01 By Help Net Security FBI Cleveland announced the disruption of “Radar/Dispossessor”—the criminal ransomware group led by the online moniker “Brain”—and the dismantling of three U.S. servers, three United Kingdom servers, 18 German servers, eight U.S.-based criminal domains, and one German-based criminal domain. Since its inception

International investigation shuts down Radar/Dispossessor ransomware group Read More »

Browser backdoors: Securing the new frontline of shadow IT

browser, cybersecurity, Don't miss, Expert analysis, Expert corner, extension, Hexnode, Hot stuff, News, opinion, shadow IT /

Browser backdoors: Securing the new frontline of shadow IT 2024-08-13 at 07:31 By Help Net Security Browser extensions are a prime target for cybercriminals. And this isn’t just a consumer problem – it’s a new frontier in enterprises’ battle against shadow IT. Ultimately, more extension permissions result in potentially bigger attack surfaces. Research shows that

Browser backdoors: Securing the new frontline of shadow IT Read More »

Key metrics for monitoring and improving ZTNA implementations

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, policy, strategy, supply chain attacks, Wilson Perumal & Company, zero trust /

Key metrics for monitoring and improving ZTNA implementations 2024-08-13 at 07:01 By Mirko Zorz In this Help Net Security interview, Dean Hamilton, CTO at Wilson Perumal & Company, discusses the complexities of zero trust network access (ZTNA) implementation, focusing on balancing security with operational efficiency. Hamilton highlights strategic planning, collaboration between IT and business leaders,

Key metrics for monitoring and improving ZTNA implementations Read More »

How CIOs, CTOs, and CISOs view cyber risks differently

Artificial Intelligence, CIO, CISO, cybersecurity, LevelBlue, News, report, strategy /

How CIOs, CTOs, and CISOs view cyber risks differently 2024-08-13 at 06:31 By Help Net Security C-suite executives face a unique challenge: aligning their priorities between driving technological innovation and ensuring business resilience while managing ever-evolving cyber threats from criminals adept at exploiting the latest technologies, according to LevelBlue. This balancing act highlights the complexity

How CIOs, CTOs, and CISOs view cyber risks differently Read More »

35% of exposed API keys still active, posing major security risks

API security, cybersecurity, News, Nightfall AI, passwords, report, risk, SaaS /

35% of exposed API keys still active, posing major security risks 2024-08-13 at 06:01 By Help Net Security Nightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 100 employees every year. Hidden risks of secret sprawl in cloud and SaaS

35% of exposed API keys still active, posing major security risks Read More »

Chrome, Edge users beset by malicious extensions that can’t be easily removed

add-ons, adware, Chrome, cybercrime, Don't miss, extension, Hot stuff, Malware, Microsoft Edge, News, Reason Labs /

Chrome, Edge users beset by malicious extensions that can’t be easily removed 2024-08-12 at 16:31 By Zeljka Zorz A widespread campaign featuring a malicious installer that saddles users with difficult-to-remove malicious Chrome and Edge browser extensions has been spotted by researchers. “The trojan malware contains different deliverables ranging from simple adware extensions that hijack searches

Chrome, Edge users beset by malicious extensions that can’t be easily removed Read More »

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200)

0-day, authentication, Don't miss, Hot stuff, Microsoft 365, MS Office, News, PrivSec /

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) 2024-08-12 at 13:31 By Zeljka Zorz A new MS Office zero-day vulnerability (CVE-2024-38200) can be exploited by attackers to grab users’ NTLM hashes, Microsoft has shared late last week. The vulnerability is exploitable remotely and requires no special privileges or user interaction to be

Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) Read More »

Scout Suite: Open-source cloud security auditing tool

Alibaba Cloud, auditing, AWS, Azure, cloud security, Don't miss, GitHub, Google Cloud, Hot stuff, NCC Group, News, open source, software /

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

Scout Suite: Open-source cloud security auditing tool Read More »

74% of ransomware victims were attacked multiple times in a year

attacks, cyber resilience, cybersecurity, identity protection, News, Ransomware, regulation, report, Semperis, strategy /

74% of ransomware victims were attacked multiple times in a year 2024-08-12 at 07:01 By Help Net Security An alarming trend toward multiple, sometimes simultaneous cyber attacks forces business leaders to re-evaluate their cyber resilience strategies to address common points of failure, including inadequate identity system backup and recovery practices, according to Semperis. Survey of

74% of ransomware victims were attacked multiple times in a year Read More »

Steps to improve quality engineering and system robustness

cybersecurity, Don't miss, Hot stuff, News, Roq, Video /

Steps to improve quality engineering and system robustness 2024-08-12 at 06:31 By Help Net Security Major tech outages have recently impacted customers and operations at McDonald’s, Greggs, Deliveroo, Tesco, and Barclays. In this Help Net Security video, Stephen Johnson, CEO of Roq, says it is now imperative for companies and organizations to invest significantly more

Steps to improve quality engineering and system robustness Read More »

Misconfigurations and IAM weaknesses top cloud security concerns

access management, cloud computing, cloud security, Cloud Security Alliance, CSP, cybersecurity, News, report, supply chain /

Misconfigurations and IAM weaknesses top cloud security concerns 2024-08-12 at 06:02 By Help Net Security Traditional cloud security issues often associated with cloud service providers (CSPs) are continuing to decrease in importance, according to the Top Threats to Cloud Computing 2024 report by the Cloud Security Alliance. Misconfigurations, IAM weaknesses, and API risks remain critical

Misconfigurations and IAM weaknesses top cloud security concerns Read More »

Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast

News, Week in review /

Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast 2024-08-11 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many

Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast Read More »

Scroll to Top