Cybersecurity jobs available right now: July 10, 2024 2024-07-10 at 06:31 By Anamarija Pogorelec CISO HoneyBook | Israel | On-site – View job details As a CISO, you will develop and implement a multi-year security strategy and roadmap to anticipate and address security challenges in alignment with company growth objectives. Ensure that HoneyBook adheres to […]
Cybersecurity jobs available right now: July 10, 2024 Read More »
73% of security pros use unauthorized SaaS applications 2024-07-10 at 06:01 By Help Net Security 73% of security professionals admit to using SaaS applications that had not been provided by their company’s IT team in the past year, according to Next DLP. Unauthorized tool use poses major risks for organizations This is despite the fact
73% of security pros use unauthorized SaaS applications Read More »
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) 2024-07-09 at 22:31 By Zeljka Zorz For July 2024 Patch Tuesday, Microsoft has released security updates and patches that fix 142 CVEs, including two exploited zero-days (CVE-2024-38080, CVE-2024-38112) in Windows Hyper-V and Windows MSHTML Platform (respectively). Zero-days exploited in the wild (CVE-2024-38080, CVE-2024-38112) CVE-2024-38080 is a
Microsoft fixes two zero-days exploited by attackers (CVE-2024-38080, CVE-2024-38112) Read More »
GuardZoo spyware used by Houthis to target military personnel 2024-07-09 at 15:16 By Help Net Security Lookout discovered GuardZoo, Android spyware targeting Middle Eastern military personnel. This campaign leverages malicious apps with military and religious themes to lure victims via social engineering on mobile devices. While researchers are still actively analyzing data, thus far, they
GuardZoo spyware used by Houthis to target military personnel Read More »
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack 2024-07-09 at 15:01 By Help Net Security A new critical security vulnerability in the RADIUS protocol, dubbed BlastRADIUS, leaves most networking equipment open to Man-in-the-Middle (MitM) attacks. While the vulnerability can be difficult to exploit, the possible impact of an exploit is substantial.
Critical vulnerability in the RADIUS protocol leaves networking equipment open to attack Read More »
Chinese APT40 group swifly leverages public PoC exploits 2024-07-09 at 14:46 By Zeljka Zorz Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory released by intelligence and cybersecurity agencies from eight countries warns. The group, which is also known as Kryptonite Panda
Chinese APT40 group swifly leverages public PoC exploits Read More »
Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella 2024-07-09 at 07:31 By Help Net Security Microsoft is suffering cybersecurity failures due to systemic problems with strategic leadership. The world is witnessing an alarming trend of cybersecurity issues with Microsoft products and services. Over the past several years, Microsoft has suffered several serious attacks with
Microsoft’s cybersecurity dilemma: An open letter to Satya Nadella Read More »
Exploring the root causes of the cybersecurity skills gap 2024-07-09 at 07:01 By Mirko Zorz In this Help Net Security interview, Koma Gandy, VP of Leadership and Business at Skillsoft, addresses the critical aspects of the cybersecurity skills gap, the need for diverse talent and continuous upskilling in areas like AI and cloud computing. Gandy
Exploring the root causes of the cybersecurity skills gap Read More »
Shadow engineering exposed: Addressing the risks of unauthorized engineering practices 2024-07-09 at 06:31 By Help Net Security Shadow engineering is present in many organizations, and it can lead to security, compliance, and risk challenges. In this Help Net Security video, Darren Meyer, Staff Research Engineer at Endor Labs, discusses why it causes issues and how
Shadow engineering exposed: Addressing the risks of unauthorized engineering practices Read More »
TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack 2024-07-08 at 20:31 By Zeljka Zorz TeamViewer, the company developing the popular remote access/control software with the same name, has finished the investigation into the breach it detected in late June 2024, and has confirmed that it was limited to their internal corporate IT environment. “Neither our separated
TeamViewer: Network segmentation hobbled Midnight Blizzard’s attack Read More »
Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released 2024-07-08 at 13:01 By Zeljka Zorz A cryptographic weakness in the DoNex ransomware and its previous incarnations – Muse, fake LockBit 3.0, and DarkRace – has allowed Avast researchers to create a decryptor for files encrypted by all those ransomware variants. DoNex ransom note (Source:
Decryptor for DoNex, Muse, DarkRace, (fake) LockBit 3.0 ransomware released Read More »
July 2024 Patch Tuesday forecast: The end of an AV giant in the US 2024-07-08 at 07:31 By Mirko Zorz The US celebrated Independence Day last week, providing many with a long weekend leading into patch week. With summer vacations underway, many developers must be out of the office because June was fairly quiet regarding
July 2024 Patch Tuesday forecast: The end of an AV giant in the US Read More »
How nation-state cyber attacks disrupt public services and undermine citizen trust 2024-07-08 at 07:01 By Mirko Zorz In this Help Net Security interview, Rob Greer, VP and GM of the Enterprise Security Group at Broadcom, discusses the impact of nation-state cyber attacks on public sector services and citizens, as well as the broader implications for
How nation-state cyber attacks disrupt public services and undermine citizen trust Read More »
Monocle: Open-source LLM for binary analysis search 2024-07-08 at 06:31 By Help Net Security Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile
Monocle: Open-source LLM for binary analysis search Read More »
Organizations change recruitment strategies to find cyber talent 2024-07-08 at 06:01 By Help Net Security An estimated 4 million professionals are needed to fill the growing cybersecurity workforce gap, according to Fortinet. At the same time, Fortinet’s 2024 Global Cybersecurity Skills Gap Report found that 70% of organizations indicated that the cybersecurity skills shortage creates
Organizations change recruitment strategies to find cyber talent Read More »
Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development 2024-07-07 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 4 key steps to building an incident response plan In this Help Net Security interview, Mike Toole,
Infostealing malware masquerading as generative AI tools 2024-07-05 at 08:01 By Help Net Security Over the past six months, there has been a notable surge in Android financial threats – malware targeting victims’ mobile banking funds, whether in the form of ‘traditional’ banking malware or, more recently, cryptostealers, according to ESET. Vidar infostealer targets Windows
Infostealing malware masquerading as generative AI tools Read More »
99% of IoT exploitation attempts rely on previously known CVEs 2024-07-05 at 07:31 By Help Net Security The explosion of Internet of Things (IoT) devices has brought about a wide range of security and privacy challenges, according to Bitdefender and NETGEAR. The report is based on global telemetry of 3.8 million homes and 50 million
99% of IoT exploitation attempts rely on previously known CVEs Read More »
47% of corporate data stored in the cloud is sensitive 2024-07-05 at 07:01 By Help Net Security As the use of the cloud continues to be strategically vital to many organizations, cloud resources have become the biggest targets for cyberattacks, with SaaS applications (31%), cloud storage (30%) and cloud management infrastructure (26%) cited as the
47% of corporate data stored in the cloud is sensitive Read More »
Organizations weigh the risks and rewards of using AI 2024-07-05 at 06:31 By Help Net Security 78% of organizations are tracking AI as an emerging risk while simultaneously adopting the technology themselves, according to AuditBoard. Organizations prioritize AI risk assessment The report, based on a survey of over 400 security professionals in the US involved
Organizations weigh the risks and rewards of using AI Read More »