Guide to mitigating credential stuffing attacks 2024-06-25 at 05:46 By Help Net Security We have a collective unaddressed weakness when it comes to basic cybersecurity. Out of the many reports circulating in the news today, many statistics revolve around the number of detected breaches. Why are credentials so sought after? How can we communicate the […]
Guide to mitigating credential stuffing attacks Read More »
Open-source Rafel RAT steals info, locks Android devices, asks for ransom 2024-06-24 at 14:46 By Zeljka Zorz The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point
Open-source Rafel RAT steals info, locks Android devices, asks for ransom Read More »
Why are threat actors faking data breaches? 2024-06-24 at 07:16 By Help Net Security Earlier this year Europcar discovered a hacker selling info on its 50 million customers on the dark web. The European car rental company immediately launched an investigation, only to discover that the data being sold was completely doctored, possibly using generative
Why are threat actors faking data breaches? Read More »
1 out of 3 breaches go undetected 2024-06-24 at 06:31 By Help Net Security Organizations continue to struggle in detecting breaches as they become more targeted and sophisticated, with more than 1 out of 3 organizations citing their existing security tools were unable to detect breaches when they occur, according to Gigamon. As hybrid cloud
1 out of 3 breaches go undetected Read More »
Cracking down on cybercrime: Who you gonna call? 2024-06-24 at 06:01 By Help Net Security As cybercrime continues to grow, law enforcement agencies worldwide face increased challenges in safeguarding organizations and individuals. In this article, we highlight law enforcement agencies that have scored notable successes against cybercriminals in recent years. FBI: Cyber Division Headquarters: Washington,
Cracking down on cybercrime: Who you gonna call? Read More »
Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed 2024-06-23 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights
Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed Read More »
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) 2024-06-21 at 14:31 By Zeljka Zorz A vulnerability (CVE-2024-0762) in the Phoenix SecureCore UEFI, which runs on various Intel processors, could be exploited locally to escalate privileges and run arbitrary code within the firmware during runtime. “This type of low-level exploitation is typical of firmware backdoors (e.g.,
Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) Read More »
US bans Kaspersky antivirus software due to national security risks 2024-06-21 at 13:01 By Zeljka Zorz The US Department of Commerce has announced an upcoming US-wide ban of cybersecurity and antivirus software by Kaspersky, as its “ability to gather valuable US business information, including intellectual property, and to gather US persons’ sensitive data for malicious
US bans Kaspersky antivirus software due to national security risks Read More »
Cilium: Open-source eBPF-based networking, security, observability 2024-06-21 at 07:01 By Help Net Security Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. What is eBPF? eBPF is a technology originating from the Linux kernel that allows sandboxed programs to run in
Cilium: Open-source eBPF-based networking, security, observability Read More »
Pressure mounts on CISOs as SEC bares teeth with legal action 2024-06-21 at 06:31 By Help Net Security A Panaseer investigation into organizations’ annual 10-K filings reported to the SEC shows that from January-May 2024, at least 1,327 filings mentioned NIST – a key indicator that cybersecurity posture is present in a filing. This compares
Pressure mounts on CISOs as SEC bares teeth with legal action Read More »
New infosec products of the week: June 21, 2024 2024-06-21 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Datadog, Metomic, NinjaOne, Verimatrix, and Veritas Technologies. Datadog App Builder helps accelerate issue remediation Datadog App Builder enables the integration of customized, secure
New infosec products of the week: June 21, 2024 Read More »
Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks 2024-06-20 at 17:46 By Zeljka Zorz Ohio-based Crown Equipment, which is among the largest industrial and forklift truck manufacturers in the world, has become a victim of a cyberattack “by an international cybercriminal organization,” the company has finally confirmed to its employees on Tuesday. The confirmation came
Crown Equipment cyberattack confirmed, manufacturing disrupted for weeks Read More »
CDK Global cyberattack cripples 15,000 US auto dealerships 2024-06-20 at 13:46 By Zeljka Zorz CDK Global, a software-as-a-service (SaaS) provider for car dealers and auto equipment manufacturers, has suffered a cyberattack that has temporarily disrupted its customers’ operations. About CDK and its platform CDK’s platform is used by 15,000+ car dealerships across North America to
CDK Global cyberattack cripples 15,000 US auto dealerships Read More »
From passwords to passkeys: Enhancing security and user satisfaction 2024-06-20 at 07:01 By Mirko Zorz In this Help Net Security interview, Julianna Lamb, Stytch CTO, discusses the advantages of passwordless authentication. Eliminating passwords reduces data breaches and improves user experience by simplifying the login process. Lamb also addresses the technical challenges and economic implications of
From passwords to passkeys: Enhancing security and user satisfaction Read More »
Improving OT cybersecurity remains a work in progress 2024-06-20 at 06:31 By Help Net Security Organizations have made progress in the past 12 months related to advancing their OT security posture, but there are still critical areas for improvement as IT and OT network environments continue to converge, according to Fortinet. Cyberattacks that compromise OT
Improving OT cybersecurity remains a work in progress Read More »
Most cybersecurity pros took time off due to mental health issues 2024-06-20 at 06:01 By Help Net Security Cybersecurity and infosecurity professionals say that work-related stress, fatigue, and burnout are making them less productive, including taking extended sick leave – costing US enterprises almost $626 million in lost productivity every year, according to Hack The
Most cybersecurity pros took time off due to mental health issues Read More »
eBook: CISO guide to password security 2024-06-20 at 05:46 By Help Net Security Password security has seen dramatic shifts driven by the escalation of cyber threats and technological advancements. This eBook covers: Best practices for NIST-compliant password security Key benefits of automating password policies It is not just about creating barriers to unauthorized access but
eBook: CISO guide to password security Read More »
Clever macOS malware delivery campaign targets cryptocurrency users 2024-06-19 at 14:16 By Zeljka Zorz Cryptocurrency users are being targeted with legitimate-looking but fake apps that deliver information-stealing malware instead, Recorder Future’s researchers are warning. The threat actor behind this complex scheme is going after both Windows and Mac users, and leverages social media and messaging
Clever macOS malware delivery campaign targets cryptocurrency users Read More »
How can SLTTs defend against cyber threats? 2024-06-19 at 11:02 By Help Net Security Managing cybersecurity for any organization is no easy feat. Improving cybersecurity maturity is often even more difficult, made increasingly challenging by the eye-watering costs of cybersecurity products and solutions. And when you are responsible for securing citizens’ data as a U.S.
How can SLTTs defend against cyber threats? Read More »
SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting 2024-06-19 at 07:33 By Mirko Zorz SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. The project is developed and maintained by Stamus Networks. SELKS is an effective production-grade solution for many small
SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting Read More »