Web scraping is not just a security or fraud problem 2024-06-28 at 06:31 By Help Net Security Bots compose 42% of overall web traffic, and 65% of these bots are malicious, according to Akamai. Negative effects of scraper bots on business operations Web scraping is not just a fraud or security problem, it is also […]
Web scraping is not just a security or fraud problem Read More »
New infosec products of the week: June 28, 2024 2024-06-28 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ARMO, Cofense, Datadog, and eSentire. Datadog LLM Observability secures generative AI applications Datadog’s LLM Observability offers prompt and response clustering, seamless integration with Datadog
New infosec products of the week: June 28, 2024 Read More »
Largest Croatian hospital under cyberattack 2024-06-27 at 14:31 By Zeljka Zorz The University Hospital Centre Zagreb (KBC Zagreb) is under cyberattack that started on Wednesday night, the Croatian Radiotelevision has reported. Because of the attack, the hospital has shut down its information system and will be switching parts of it online once they are sure
Largest Croatian hospital under cyberattack Read More »
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) 2024-06-27 at 12:31 By Zeljka Zorz A critical SQL injection vulnerability in Fortra FileCatalyst Workflow (CVE-2024-5276) has been patched; a PoC exploit is already available online. While there’s currently no reports of in-the-wild exploitation, enterprise admins are advised to patch their installations as soon as possible.
PoC exploit for critical Fortra FileCatalyst flaw published (CVE-2024-5276) Read More »
US offers $10 million for information on indicted WhisperGate malware suspect 2024-06-27 at 10:36 By Help Net Security A federal grand jury in Maryland returned an indictment charging a Russian citizen with conspiracy to hack into and destroy computer systems and data. If convicted, he faces a maximum penalty of five years in prison. The
US offers $10 million for information on indicted WhisperGate malware suspect Read More »
Gitleaks: Open-source solution for detecting secrets in your code 2024-06-27 at 07:37 By Mirko Zorz Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly
Gitleaks: Open-source solution for detecting secrets in your code Read More »
New ransomware, infostealers pose growing risk in 2024 2024-06-27 at 07:01 By Help Net Security BlackBerry detected and stopped 3.1 million cyberattacks (37,000 per day) in the first quarter of 2024. Between January and March 2024, BlackBerry detected 630,000 malicious hashes, representing a 40% increase from its previous reporting period. 60% of attacks targeting industry
New ransomware, infostealers pose growing risk in 2024 Read More »
75% of new vulnerabilities exploited within 19 days 2024-06-27 at 06:31 By Help Net Security Last year alone, over 30,000 new vulnerabilities were published, with a new vulnerability emerging approximately every 17 minutes — averaging 600 new vulnerabilities per week, according to Skybox Security. The report highlights a critical gap in remediation efforts, with the
75% of new vulnerabilities exploited within 19 days Read More »
Enterprises increasingly turn to cloud and AI for database management 2024-06-27 at 06:01 By Help Net Security Across various tasks, from predictive analytics to code generation, organizations in all sectors are exploring how AI can add value and increase efficiency. In this Help Net Security video, Ryan Booz, PostgreSQL Advocate at Redgate, discusses the key
Enterprises increasingly turn to cloud and AI for database management Read More »
Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys 2024-06-26 at 15:46 By Zeljka Zorz A newly spotted campaign is leveraging BPL sideloading and other uncommon tricks to deliver the IDAT Loader (aka HijackLoader) malware and prevent its detection. The campaign Spotted by Kroll’s incident responders and analyzed by the company’s
Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,
Developer errors lead to long-term exposure of sensitive data in Git repos Read More »
Compromised plugins found on WordPress.org 2024-06-26 at 11:46 By Zeljka Zorz An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them complete control over WordPress installations / websites. “In addition, it appears the threat actor also injected malicious JavaScript
Compromised plugins found on WordPress.org Read More »
Cybersecurity jobs available right now: June 26, 2024 2024-06-26 at 07:01 By Anamarija Pogorelec CISO Influx | Indonesia | Remote – View job details As a CISO, you will be responsible for protecting Influx from information security risks through the development, implementation, and maintenance of our security program (policies, procedures, and standards). Cloud Security Engineer
Cybersecurity jobs available right now: June 26, 2024 Read More »
Future trends in cyber warfare: Predictions for AI integration and space-based operations 2024-06-26 at 06:36 By Mirko Zorz In this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors. AI enhances decision-making speed and precision for state actors, facilitating
B+ security rating masks healthcare supply chain risks 2024-06-26 at 06:01 By Help Net Security While the healthcare sector gets a “B+” security rating for the first half of 2024, it faces a critical vulnerability: supply chain cyber risk, according to SecurityScorecard. The US healthcare industry’s security ratings were better than expected, with an average
B+ security rating masks healthcare supply chain risks Read More »
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) 2024-06-25 at 21:16 By Zeljka Zorz Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software product. According to WatchTowr Labs researchers, the company has been privately instructing users to implement the hotfixes before
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Read More »
Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach 2024-06-25 at 14:46 By Zeljka Zorz Ransomware attackers wielding a LockBit variant dubbed Brain Cipher have disrupted a temporary national data center facility which supports the operations of 200+ Indonesian government agencies and public services. The attackers are asking for a $8
New security loophole allows spying on internet users’ online activity 2024-06-25 at 13:16 By Help Net Security Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and
New security loophole allows spying on internet users’ online activity Read More »
Zeek: Open-source network traffic analysis, security monitoring 2024-06-25 at 07:01 By Mirko Zorz Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform. This flexibility allows Zeek to quietly monitor network traffic, interpret
Zeek: Open-source network traffic analysis, security monitoring Read More »
CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 2024-06-25 at 06:31 By Mirko Zorz In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative technologies behind Qualys CyberSecurity Asset Management 3.0. Can you explain the key features of Qualys CyberSecurity Asset
CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0 Read More »