News

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)

1Password, CVE, Don't miss, Hot stuff, macOS, News, password manager, passwords, security assessment, vulnerability /

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) 2024-08-09 at 15:31 By Zeljka Zorz Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confirmed. Discovered by the […]

Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218) Read More »

August 2024 Patch Tuesday forecast: Looking for a calm August release

Adobe, apple, Expert analysis, Google, Microsoft, Mozilla, News, opinion, Patch Tuesday, predictions, security update /

August 2024 Patch Tuesday forecast: Looking for a calm August release 2024-08-09 at 13:01 By Help Net Security July ended up being more ‘exciting’ than many of us wanted; we’re supposed to be in the height of summer vacation season. First, we had a large set of updates on Patch Tuesday, then we had to

August 2024 Patch Tuesday forecast: Looking for a calm August release Read More »

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox

0-day, Chrome, Don't miss, Firefox, Hot stuff, Linux, macOS, News, Oligo Security, Safari, vulnerability /

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox 2024-08-09 at 13:01 By Zeljka Zorz A “0.0.0.0-Day” vulnerability affecting Chrome, Safari and Firefox can be – and has been – exploited by attackers to gain access to services on internal networks, Oligo Security researchers have revealed. The vulnerability stems from how those popular browsers handle network requests

“0.0.0.0-Day” vulnerability affects Chrome, Safari and Firefox Read More »

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise?

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Innovation, News, opinion, Palo Alto Networks, regulation, security standard, threat detection /

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? 2024-08-09 at 08:02 By Help Net Security The Network and Information Security (NIS) 2 Directive is possibly one of the most significant pieces of cybersecurity regulation to ever hit Europe. The 27 EU Member States have until 17 October 2024 to adopt and publish

NIS2: A catalyst for cybersecurity innovation or just another box-ticking exercise? Read More »

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals

cybercriminals, cybersecurity, Darktrace, News, phishing, Ransomware, report, threat /

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals 2024-08-09 at 07:32 By Help Net Security The sophistication of cyber threats has escalated dramatically, with malicious actors’ deploying advanced tactics, techniques, and procedures (TTPs) to exploit vulnerabilities and evade detection, according to Darktrace. Subscription-based tools such as Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) have also lowered the barrier-to-entry

Malware-as-a-Service and Ransomware-as-a-Service lower barriers for cybercriminals Read More »

Shorter TLS certificate lifespans expected to complicate management efforts

certificate authority, certificates, cybersecurity, News, quantum computing, report, Venafi /

Shorter TLS certificate lifespans expected to complicate management efforts 2024-08-09 at 07:01 By Help Net Security 76% of security leaders recognize the pressing need to move to shorter certificate lifespans to improve security, according to Venafi. However, many feel unprepared to take action, with 77% saying the shift to 90-day certificates will mean more outages

Shorter TLS certificate lifespans expected to complicate management efforts Read More »

Where internal audit teams are spending most of their time

AuditBoard, auditing, Compliance, News, report, Risk Management, strategy /

Where internal audit teams are spending most of their time 2024-08-09 at 06:30 By Help Net Security Over half of key stakeholders including audit committees, company boards, and chief financial officers are looking to internal audit teams to take on more risk-related work, according to AuditBoard. The study revealed that these expanding expectations are coming

Where internal audit teams are spending most of their time Read More »

New infosec products of the week: August 9, 2024

AppOmni, ArmorCode, Cequence Security, Contrast Security, Elastic, Endor Labs, News, Rapid7, Veza /

New infosec products of the week: August 9, 2024 2024-08-09 at 06:01 By Anamarija Pogorelec Here’s a look at the most interesting products from the past week, featuring releases from: Rapid7, AppOmni, Contrast Security, Elastic, Cequence Security, Veza, ArmorCode, and EndorLabs. Rapid7 releases Command Platform, unified attack defense and response Rapid7 launched its Command Platform,

New infosec products of the week: August 9, 2024 Read More »

Microsoft 365 anti-phishing alert “erased” with one simple trick

Certitude, Don't miss, email security, Microsoft 365, News, Outlook, phishing /

Microsoft 365 anti-phishing alert “erased” with one simple trick 2024-08-08 at 16:01 By Zeljka Zorz Attackers looking for a way into organizations using Microsoft 365 can make an alert identifying unsolicited (and thus potential phishing) emails “disappear”. “When an Outlook user receives an e-mail from an address they don’t typically communicate with, Outlook shows an

Microsoft 365 anti-phishing alert “erased” with one simple trick Read More »

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days

0-day, attack, Don't miss, Hot stuff, News, research, SafeBreach, vulnerability, Windows, Windows Server /

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s

“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »

Photos: Black Hat USA 2024 Startup City

BackBox, HackNotice, Heeler Security, Nagomi Security, News, Ox Security, Plainsea, Scribe Security, Spyderbat /

Photos: Black Hat USA 2024 Startup City 2024-08-08 at 09:33 By Help Net Security Here’s a look inside Startup City at Black Hat USA 2024. The featured vendors are: BackBox, Cybral, DryRun Security, HackNotice, Heeler Security, Hushmesh, MobileHop, Nagomi Security, Ox Security, Plainsea, Raven, Scribe Security, Spyderbat, and Xygeni. The post Photos: Black Hat USA

Photos: Black Hat USA 2024 Startup City Read More »

SSHamble: Open-source security testing of SSH services

Don't miss, GitHub, Hot stuff, News, open source, software, SSH /

SSHamble: Open-source security testing of SSH services 2024-08-08 at 09:33 By Help Net Security runZero published new research on Secure Shell (SSH) exposures and unveiled a corresponding open-source tool, SSHamble. This tool helps security teams validate SSH implementations by testing for uncommon but dangerous misconfigurations and software bugs. Discovered weaknesses During their presentation at Black

SSHamble: Open-source security testing of SSH services Read More »

Traceeshark: Open-source plugin for Wireshark

Aqua Security, cybersecurity, Don't miss, Hot stuff, network, News, software, Wireshark /

Traceeshark: Open-source plugin for Wireshark 2024-08-08 at 08:01 By Mirko Zorz Traceeshark is a plugin for Wireshark that enables security practitioners to quickly investigate security incidents. It enhances the capabilities of Aqua Tracee, an open-source runtime security and forensics tool, and allows users to analyze kernel-level event and behavioral detection alongside network traffic. With Traceeshark,

Traceeshark: Open-source plugin for Wireshark Read More »

How network segmentation can strengthen visibility in OT networks

communication, cybersecurity, DirectDefense, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, network, News, opinion, Risk Management, strategy, vulnerability management /

How network segmentation can strengthen visibility in OT networks 2024-08-08 at 07:31 By Help Net Security What role does the firewall play in the protection of operational technology (OT) networks and systems? Many would say that it’s the defensive mechanism to protect that environment from IT and the outside world. For the operators responsible for

How network segmentation can strengthen visibility in OT networks Read More »

AI security 2024: Key insights for staying ahead of threats

Artificial Intelligence, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, opinion, regulation, Risk Management, Robust Intelligence /

AI security 2024: Key insights for staying ahead of threats 2024-08-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Kojin Oshiba, co-founder of Robust Intelligence, discusses his journey from academic research to addressing AI security challenges in the industry. Oshiba highlights vulnerabilities in technology systems and the proactive measures needed to mitigate

AI security 2024: Key insights for staying ahead of threats Read More »

Securing against GenAI weaponization

CISO, cybersecurity, Don't miss, generative AI, Hot stuff, News, Opaque, strategy, tips, Video /

Securing against GenAI weaponization 2024-08-08 at 06:31 By Help Net Security In this Help Net Security video, Aaron Fulkerson, CEO of Opaque, discusses how the weaponization of generative AI (GenAI) has made existing data privacy practices (like masking, anonymization, tokenization, etc.) obsolete. Fulkerson provides recommendations for companies to realize they must proactively plan to mitigate

Securing against GenAI weaponization Read More »

Ransomware operators continue to innovate

News, Ransomware, Rapid7, report /

Ransomware operators continue to innovate 2024-08-08 at 06:01 By Help Net Security Ransomware groups continue to refine their craft, building and scaling business models that resemble legitimate corporate enterprises, according to Rapid7. They market their services to prospective buyers, offer company insiders commissions in exchange for access, and run formal bug bounty programs. In addition,

Ransomware operators continue to innovate Read More »

Download: CIS Critical Security Controls v8.1

Center for Internet Security, News, Whitepapers and webinars /

Download: CIS Critical Security Controls v8.1 2024-08-08 at 05:46 By Help Net Security Version 8.1 of the CIS Critical Security Controls (CIS Controls) is an iterative update to version 8.0. It offers prescriptive, prioritized, and simplified cybersecurity best practices that provide a clear path to improve your organization’s cyber defense program. CIS Controls v8.1 features

Download: CIS Critical Security Controls v8.1 Read More »

CrowdStrike engages external experts, details causes of massive outage

CrowdStrike, Don't miss, EFF, Endpoint Security, Hot stuff, Microsoft, News, product testing, security review /

CrowdStrike engages external experts, details causes of massive outage 2024-08-07 at 16:01 By Zeljka Zorz CrowdStrike has published a technical root cause analysis of what went wrong when a content update pushed to its Falcon sensors borked over 8.5 million Windows machines around the world on July 19, and has confirmed that it has hired

CrowdStrike engages external experts, details causes of massive outage Read More »

Scroll to Top