News

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability /

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to […]

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

HHS pledges $50M for autonomous vulnerability management solution for hospitals

CISA, Don't miss, healthcare, Horizon3.ai, Hot stuff, News, patching, Ransomware, vulnerability management /

HHS pledges $50M for autonomous vulnerability management solution for hospitals 2024-05-23 at 10:18 By Zeljka Zorz As organizations in the healthcare sector continue to be a prime target for ransomware gangs and CISA warns about a vulnerability (CVE-2023-43208) in a healthcare-specific platform being leveraged by attackers, the Advanced Research Projects Agency for Health (ARPA-H) has

HHS pledges $50M for autonomous vulnerability management solution for hospitals Read More »

CISOs pursuing AI readiness should start by updating the org’s email security policy

Artificial Intelligence, CISO, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, generative AI, Hot stuff, Ironscales, News, opinion, policy /

CISOs pursuing AI readiness should start by updating the org’s email security policy 2024-05-23 at 08:03 By Anamarija Pogorelec Over the past few years, traditional phishing messages — with their pervasive linguistic errors, thinly-veiled malicious payloads, and often outlandish pretexts — have been on the decline. Easily detected by most of today’s standard email security

CISOs pursuing AI readiness should start by updating the org’s email security policy Read More »

Strategies for transitioning to a SASE architecture

Artificial Intelligence, Cloudbrink, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote access, remote working, SASE, security ROI /

Strategies for transitioning to a SASE architecture 2024-05-23 at 07:33 By Mirko Zorz In this Help Net Security, Prakash Mana, CEO at Cloudbrink, discusses the primary challenges companies face when transitioning to a SASE architecture and how to overcome them. What are companies’ primary challenges when transitioning to a SASE architecture, and how can they

Strategies for transitioning to a SASE architecture Read More »

Ransomware fallout: 94% experience downtime, 40% face work stoppage

Arctic Wolf Networks, cybersecurity, data breach, News, Ransomware, report, survey /

Ransomware fallout: 94% experience downtime, 40% face work stoppage 2024-05-23 at 07:01 By Help Net Security Within the last 12 months, 48% of organizations identified evidence of a successful breach within their environment, according to Arctic Wolf. To fully understand the gravity of this statistic, it is important to understand that, although 48% of these

Ransomware fallout: 94% experience downtime, 40% face work stoppage Read More »

Machine identities lack essential security controls, pose major threat

CyberArk, cybersecurity, identity, identity management, News, report, survey /

Machine identities lack essential security controls, pose major threat 2024-05-23 at 06:01 By Help Net Security Siloed approaches to securing human and machine identities are driving identity-based attacks across enterprises and their ecosystems, according to CyberArk. The CyberArk 2024 Identity Security Threat Landscape Report was conducted across private and public sector organizations of 500 employees

Machine identities lack essential security controls, pose major threat Read More »

Windows’ new Recall feature: A privacy and security nightmare?

data security, Don't miss, Hot stuff, Microsoft, News, Privacy, Windows /

Windows’ new Recall feature: A privacy and security nightmare? 2024-05-22 at 15:32 By Zeljka Zorz Microsoft has announced the Copilot+ line of Windows 11-powered PCs that, among other things, will have Recall, a feature that takes screenshots every few seconds, encrypts them, saves them, and leverages AI to allow users to search through them for

Windows’ new Recall feature: A privacy and security nightmare? Read More »

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

backup, Don't miss, enterprise, Hot stuff, News, Veeam Software, vulnerability /

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

Authelia: Open-source authentication and authorization server

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OpenSSF, software /

Authelia: Open-source authentication and authorization server 2024-05-22 at 07:33 By Mirko Zorz Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. It works alongside reverse proxies to permit, deny, or redirect requests. Authelia connects directly to the reverse proxy but never to the application backends.

Authelia: Open-source authentication and authorization server Read More »

Cybersecurity jobs available right now: May 22, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: May 22, 2024 2024-05-22 at 07:01 By Mirko Zorz Associate Director, Cyber Security AstraZeneca | Sweden | On-site – View job details You will develop and implement security policies, procedures, and operating practices in this role. You will coordinate risk profile development and distribution to IT business-facing audiences and maintain

Cybersecurity jobs available right now: May 22, 2024 Read More »

CEOs accelerate GenAI adoption despite workforce resistance

CEO, cybersecurity, generative AI, IBM, News, report, survey /

CEOs accelerate GenAI adoption despite workforce resistance 2024-05-22 at 06:31 By Help Net Security CEOs are facing workforce, culture and governance challenges as they act quickly to implement and scale generative AI across their organizations, according to IBM. The annual global study of 3,000 CEOs from over 30 countries and 26 industries found that 64%

CEOs accelerate GenAI adoption despite workforce resistance Read More »

Technological complexity drives new wave of identity risks

ConductorOne, cyber risk, cybersecurity, data breach, identity, News, report, survey /

Technological complexity drives new wave of identity risks 2024-05-22 at 06:01 By Help Net Security Security leaders are facing increased technological and organizational complexity, which is creating a new wave of identity risks for their organizations, according to ConductorOne. Based on a survey of 523 US-based IT security leaders at companies with 250 to 10,000

Technological complexity drives new wave of identity risks Read More »

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Don't miss, Hot stuff, NAS, News, PoC, QNAP, security update, vulnerability, WatchTowr /

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) 2024-05-21 at 17:31 By Zeljka Zorz Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. The vulnerabilities and the CVE-2024-27130

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

AWS, Cisco, cloud computing, Don't miss, Google Cloud, Hot stuff, Intel, logging, News, open source, Sumo Logic, Tenable, Trend Micro, VMWare, vulnerability /

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

Strategies for combating AI-enhanced BEC attacks

access management, Artificial Intelligence, BEC scams, credentials, cybercrime, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, remote working, scams, strategy, TeamViewer /

Strategies for combating AI-enhanced BEC attacks 2024-05-21 at 07:31 By Mirko Zorz In this Help Net Security interview, Robert Haist, CISO at TeamViewer, discusses how AI is being leveraged by cybercriminals to enhance the effectiveness of BEC scams. How is AI being leveraged by cybercriminals to enhance the effectiveness of BEC scams? BEC attacks are

Strategies for combating AI-enhanced BEC attacks Read More »

Phishing statistics that will make you think twice before clicking

Cofense, cybercrime, Don't miss, Egress, Hot stuff, Ironscales, LastPass, News, Osterman Research, phishing, Proofpoint, report, survey, VIPRE Security, Zscaler /

Phishing statistics that will make you think twice before clicking 2024-05-21 at 07:01 By Help Net Security This article includes excerpts from various reports that offer statistics and insights into the current phishing landscape. AI-driven phishing attacks deceive even the most aware users Zscaler | Zscaler ThreatLabz 2024 Phishing Report | May 2024 In 2023,

Phishing statistics that will make you think twice before clicking Read More »

YouTube has become a significant channel for cybercrime

Avast, cybercrime, cybersecurity, deepfakes, News, report, scams, social engineering, survey /

YouTube has become a significant channel for cybercrime 2024-05-21 at 06:31 By Help Net Security Social engineering threats – those which rely on human manipulation – account for most cyberthreats faced by individuals in 2024, according to Avast. According to the latest quarterly Avast Threat Report, which looks at the threat landscape from January-March 2024,

YouTube has become a significant channel for cybercrime Read More »

eBook: 10 reasons why demand for cloud security is sky-high

Don't miss, Hot stuff, ISC2, News, Whitepapers and webinars /

eBook: 10 reasons why demand for cloud security is sky-high 2024-05-21 at 05:46 By Help Net Security Current demand for cloud security specialists far exceeds available talent. Especially for companies seeking protection in multicloud environments, professionals with vendor-neutral knowledge and skills to their hiring wish lists. Find out how cloud security is evolving and why

eBook: 10 reasons why demand for cloud security is sky-high Read More »

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, PoC, Redline Cyber Security, vulnerability /

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) 2024-05-20 at 14:02 By Zeljka Zorz Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) Read More »

SEC requires financial institutions to notify customers of breaches within 30 days

data, financial industry, News, regulation, USA /

SEC requires financial institutions to notify customers of breaches within 30 days 2024-05-20 at 13:01 By Help Net Security The Securities and Exchange Commission (SEC) announced the adoption of amendments to Regulation S-P to modernize and enhance the rules that govern the treatment of consumers’ nonpublic personal information by certain financial institutions. The amendments update

SEC requires financial institutions to notify customers of breaches within 30 days Read More »

Scroll to Top