News

Cybersecurity jobs available right now: June 19, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: June 19, 2024 2024-06-19 at 07:03 By Anamarija Pogorelec Application Penetration Tester ShiftCode Analytics | USA | On-site – View job details As an Application Penetration Tester, you will perform Ethical Application Penetration Testing (EAPT) on web applications and APIs. Provide the vulnerability information in the predefined report format after […]

Cybersecurity jobs available right now: June 19, 2024 Read More »

Find out which cybersecurity threats organizations fear the most

Check Point, Code42, ConnectWise, cyber risk, CyberArk, cybersecurity, Don't miss, Entrust, Hot stuff, Jumio, McAfee, Mimecast, News, Ping Identity, Proofpoint, report, survey, Trellix, Veeam Software /

Find out which cybersecurity threats organizations fear the most 2024-06-19 at 06:31 By Help Net Security This article compiles excerpts from various reports, presenting statistics and insights on cybersecurity threats faced by businesses and individuals alike. Cyber insurance isn’t the answer for ransom payments Veeam | 2024 Ransomware Trends Report | June 2024 Ransomware remains

Find out which cybersecurity threats organizations fear the most Read More »

Rising exploitation in enterprise software: Key trends for CISOs

Action1, cybersecurity, News, report, survey, vulnerability /

Rising exploitation in enterprise software: Key trends for CISOs 2024-06-19 at 06:01 By Help Net Security Action1 researchers found an alarming increase in the total number of vulnerabilities across all enterprise software categories. “With the NVD’s delay in associating Common Vulnerabilities and Exposures (CVE) identifiers with CPE (Common Platform Enumeration) data, our report comes at

Rising exploitation in enterprise software: Key trends for CISOs Read More »

Medibank breach: Security failures revealed (lack of MFA among them)

Australia, credentials, data breach, Don't miss, extortion, Hot stuff, Medibank, MFA, News /

Medibank breach: Security failures revealed (lack of MFA among them) 2024-06-18 at 17:31 By Zeljka Zorz The 2022 Medibank data breach / extortion attack perpetrated by the REvil ransomware group started by the attackers leveraging login credentials stolen from a private computer of an employee of a Medibank’s IT contractor. According to a statement by

Medibank breach: Security failures revealed (lack of MFA among them) Read More »

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

eBook: The Art & Science of Secure Software Development

Don't miss, ISC2, News, Whitepapers and webinars /

eBook: The Art & Science of Secure Software Development 2024-06-18 at 11:46 By Help Net Security Software security requires a creative and disciplined approach. It involves having the vision to develop secure strategy, tactics, and execution. Excelling in the discipline demands thinking through the entire software lifecycle and enforcing security as a first-thought process. The

eBook: The Art & Science of Secure Software Development Read More »

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Gutsy, Hot stuff, News, opinion, tips, vulnerability management /

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams 2024-06-18 at 08:01 By Help Net Security Cybersecurity isn’t just about firewalls and antivirus. It’s about understanding how your defenses, people, and processes work together. Just like Google Maps revolutionized navigation, process mapping can revolutionize how you understand and manage your security

How to create your cybersecurity “Google Maps”: A step-by-step guide for security teams Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy /

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

Enhancing security through collaboration with the open-source community Read More »

Mass exploitation is the new primary attack vector for ransomware

CVE, cybersecurity, exploit, News, report, survey, WithSecure /

Mass exploitation is the new primary attack vector for ransomware 2024-06-18 at 07:01 By Help Net Security The cyber threat landscape in 2023 and 2024 has been dominated by mass exploitation, according to WithSecure. Edge service KEV vulnerability trends 64% of all edge service and infrastructure Common Vulnerabilities and Exposures (CVEs) in the Known Exploited

Mass exploitation is the new primary attack vector for ransomware Read More »

42% plan to use API security for AI data protection

Artificial Intelligence, automation, cybersecurity, data, F5 Networks, generative AI, News, report, survey /

42% plan to use API security for AI data protection 2024-06-18 at 06:01 By Help Net Security While 75% of enterprises are implementing AI, 72% report significant data quality issues and an inability to scale data practices, according to F5. Data and the systems companies put in place to obtain, store, and secure it are

42% plan to use API security for AI data protection Read More »

Malware peddlers love this one social engineering trick!

consumer, cybercrime, Don't miss, enterprise, Hot stuff, Malware, News, Proofpoint, scams, social engineering /

Malware peddlers love this one social engineering trick! 2024-06-17 at 16:16 By Zeljka Zorz Attackers are increasingly using a clever social engineering technique to get users to install malware, Proofpoint researchers are warning. The message warns of a problem but also offers a way to fix it (Source: Proofpoint) Social engineering users to install malware

Malware peddlers love this one social engineering trick! Read More »

Low code, high stakes: Addressing SQL injection

Application Security, attacks, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, News, Nokod Security, opinion, software development, SQL injection /

Low code, high stakes: Addressing SQL injection 2024-06-17 at 08:01 By Help Net Security Like a bad movie that seems to go on forever, SQL injection (SQLi) attacks have lingered since the late 1990s. Due to various factors, they remain the third most common source of web application vulnerabilities. Reasons include human error, new technologies

Low code, high stakes: Addressing SQL injection Read More »

The rise of SaaS security teams

Artificial Intelligence, authentication, Cloud Security Alliance, cybersecurity, data breach, Don't miss, Features, Hot stuff, Incident Response, machine learning, News, opinion, SaaS, skill development, strategy /

The rise of SaaS security teams 2024-06-17 at 07:31 By Mirko Zorz In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms. What motivated the recent surge in

The rise of SaaS security teams Read More »

Ghidra: Open-source software reverse engineering framework

cybersecurity, Don't miss, GitHub, Government, Hot stuff, News, NSA, open source, software /

Ghidra: Open-source software reverse engineering framework 2024-06-17 at 07:01 By Help Net Security Ghidra, a cutting-edge open-source software reverse engineering (SRE) framework, is a product of the National Security Agency (NSA) Research Directorate. The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux. Ghidra’s

Ghidra: Open-source software reverse engineering framework Read More »

Malicious emails trick consumers into false election contributions

cybercrime, cybersecurity, News, Ransomware, report, survey, Trellix /

Malicious emails trick consumers into false election contributions 2024-06-17 at 06:32 By Help Net Security Major regional and global events – such as military exercises, political or economic summits, political conventions, and elections – drove cyber threat activities, according to Trellix. “The last six months have been unprecedented – a state of polycrisis remains and

Malicious emails trick consumers into false election contributions Read More »

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised

News, Week in review /

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised 2024-06-16 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised Read More »

Microsoft delays Windows Recall rollout, more security testing needed

data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Microsoft delays Windows Recall rollout, more security testing needed 2024-06-14 at 15:46 By Zeljka Zorz Microsoft is delaying the release of Recall, a controversial Windows 11 feature that will allow users to search their computer for specific content that has previously been viewed by them. A preview of Recall should have been broadly available on

Microsoft delays Windows Recall rollout, more security testing needed Read More »

YetiHunter: Open-source threat hunting tool for Snowflake environments

Don't miss, Hot stuff, Mandiant, News, open source, Permiso, Snowflake, threat detection, threat hunting /

YetiHunter: Open-source threat hunting tool for Snowflake environments 2024-06-14 at 13:31 By Zeljka Zorz Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. YetiHunter executing queries (Source: Permiso Security) Recent attacks against Snowflake customers Cloud-based data storage and

YetiHunter: Open-source threat hunting tool for Snowflake environments Read More »

Modern fraud detection need not rely on PII

cybercrime, cybersecurity, Darwinium, Don't miss, Expert analysis, fraud, Hot stuff, News, opinion, threats /

Modern fraud detection need not rely on PII 2024-06-14 at 07:32 By Help Net Security Trends in online fraud detection often act as the canary in the coal mine when it comes to understanding and combating the next generation of online scams, fraud and cybersecurity threats. These days, security and fraud experts worry that insufficient

Modern fraud detection need not rely on PII Read More »

The biggest downsides of digital ID adoption

Forrester Consulting, identity verification, News, Regula, report, survey /

The biggest downsides of digital ID adoption 2024-06-14 at 07:01 By Help Net Security As innovative digital verification methods continue to emerge, the debate around their reliability and effectiveness is heating up, according to Regula. Companies employ various methods for identity verification Despite digital advances, many organizations worldwide still depend on physical documents for verification.

The biggest downsides of digital ID adoption Read More »

Scroll to Top