News

Ransomware statistics that reveal alarming rate of cyber extortion

Arctic Wolf Networks, Cohesity, Corvus Insurance, Delinea, Don't miss, Group-IB, GuidePoint Security, Hot stuff, IBM, Malwarebytes, News, NTT Security, Ransomware, report, Rubrik, Sophos, survey, Veeam Software /

Ransomware statistics that reveal alarming rate of cyber extortion 2024-05-15 at 07:01 By Help Net Security In this article, you will find excerpts from various reports that offer statistics and insights about the current ransomware landscape. Global ransomware crisis worsens NTT Security Holdings | 2024 Global Threat Intelligence Report | May 2024 Ransomware and extortion […]

Ransomware statistics that reveal alarming rate of cyber extortion Read More »

Cybersecurity analysis exposes high-risk assets in power and healthcare sectors

Claroty, cybersecurity, News, report, survey, vulnerability management /

Cybersecurity analysis exposes high-risk assets in power and healthcare sectors 2024-05-15 at 06:01 By Help Net Security Traditional approaches to vulnerability management result in a narrow focus of the enterprise attack surface area that overlooks a considerable amount of risk, according to Claroty. Organizations must take a holistic approach to exposure management To understand the

Cybersecurity analysis exposes high-risk assets in power and healthcare sectors Read More »

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040)

0-day, Don't miss, Hot stuff, Kaspersky, Mandiant, Microsoft, News, Patch Tuesday, security update, SharePoint, Trend Micro, vulnerability /

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) 2024-05-14 at 22:02 By Zeljka Zorz For May 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, including two zero-days (CVE-2024-30051, CVE-2024-30040) actively exploited by attackers. CVE-2024-30051 and CVE-2024-30040 CVE-2024-30051 is a heap-based buffer overflow vulnerability affecting the Windows DWM Core Library that

May 2024 Patch Tuesday: Microsoft fixes exploited zero-days (CVE-2024-30051, CVE-2024-30040) Read More »

Apple backports iOS zero-day patch, adds Bluetooth tracker alert

apple, Don't miss, Google, Hot stuff, iOS, iPad, macOS, Mysk, News, Privacy, security update, trackers, vulnerability /

Apple backports iOS zero-day patch, adds Bluetooth tracker alert 2024-05-14 at 16:32 By Zeljka Zorz Apple has backported the patch for CVE-2024-23296 to the iOS 16 branch and has fixed a bug (CVE-2024-27852) in MarketplaceKit that may allow maliciously crafted webpages to distribute a script that tracks iOS users on other webpages. The company has

Apple backports iOS zero-day patch, adds Bluetooth tracker alert Read More »

How a GRC consultant passed the CISSP exam in six weeks

certification, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Infoedge, ISC2, News, skill development, strategy, tips /

How a GRC consultant passed the CISSP exam in six weeks 2024-05-14 at 08:01 By Help Net Security Ask any IT security professional which certification they would consider to be the “gold standard” in terms of prestige, credibility, or difficulty, and almost invariably they will answer: the CISSP. If an organization is seeking some peace

How a GRC consultant passed the CISSP exam in six weeks Read More »

BLint: Open-source tool to check the security properties of your executables

Android, AppThreat, Don't miss, GitHub, Linux, mobile apps, News, open source, programming, software, Windows /

BLint: Open-source tool to check the security properties of your executables 2024-05-14 at 07:31 By Mirko Zorz BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis

BLint: Open-source tool to check the security properties of your executables Read More »

Tailoring responsible AI: Defining ethical guidelines for industry-specific use

Artificial Intelligence, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, regulation, Smartsheet, standards, strategy, threats /

Tailoring responsible AI: Defining ethical guidelines for industry-specific use 2024-05-14 at 07:01 By Mirko Zorz In this Help Net Security interview, Chris Peake, CISO & SVP at Smartsheet, explains how responsible AI should be defined by each organization to guide their AI development and usage. Peake emphasizes that implementing responsible AI requires balancing ethical considerations,

Tailoring responsible AI: Defining ethical guidelines for industry-specific use Read More »

Log4J shows no sign of fading, spotted in 30% of CVE exploits

Cato Networks, cybersecurity, network, News, report, survey /

Log4J shows no sign of fading, spotted in 30% of CVE exploits 2024-05-14 at 06:01 By Help Net Security Organizations continue to run insecure protocols across their wide access networks (WAN), making it easier for cybercriminals to move across networks, according to a Cato Networks survey. Enterprises are too trusting within their networks The Cato

Log4J shows no sign of fading, spotted in 30% of CVE exploits Read More »

Black Basta target orgs with new social engineering campaign

CISA, Don't miss, Hot stuff, News, Ransomware, Rapid7, remote management, social engineering, vishing /

Black Basta target orgs with new social engineering campaign 2024-05-13 at 15:46 By Zeljka Zorz Black Basta, one of the most prolific ransomware-as-a-service operators, is trying out a combination of email DDoS and vishing to get employees to download remote access tools. Black Basta TTPs and newest initial access attempts According to a cybersecurity advisory

Black Basta target orgs with new social engineering campaign Read More »

Red teaming: The key ingredient for responsible AI

Artificial Intelligence, bug bounty, cybersecurity, Don't miss, Expert analysis, Expert corner, hacker, HackerOne, Hot stuff, News, opinion, red team, regulation /

Red teaming: The key ingredient for responsible AI 2024-05-13 at 08:31 By Help Net Security Developing responsible AI isn’t a straightforward proposition. On one side, organizations are striving to stay at the forefront of technological advancement. On the other hand, they must ensure strict compliance with ethical standards and regulatory requirements. Organizations attempting to balance

Red teaming: The key ingredient for responsible AI Read More »

Establishing a security baseline for open source projects

automation, cybersecurity, Don't miss, education, Features, Hot stuff, News, open source, OpenSSF, opinion, patching, penetration testing, policy, software development, standards /

Establishing a security baseline for open source projects 2024-05-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects, aiming

Establishing a security baseline for open source projects Read More »

AI’s rapid growth puts pressure on CISOs to adapt to new security risks

Artificial Intelligence, CISO, cyberattacks, cybersecurity, generative AI, News, report, risk, Trellix /

AI’s rapid growth puts pressure on CISOs to adapt to new security risks 2024-05-13 at 07:31 By Help Net Security The increased use of AI further complicates CISO role as industries begin to realize the full potential of GenAI and its impact on cybersecurity, according to Trellix. GenAI’s impact on CISO responsibility GenAI has rolled

AI’s rapid growth puts pressure on CISOs to adapt to new security risks Read More »

Critical vulnerabilities take 4.5 months on average to remediate

BitSight, CISA, cybersecurity, News, report, survey, vulnerability management /

Critical vulnerabilities take 4.5 months on average to remediate 2024-05-13 at 06:31 By Help Net Security Over a third of organizations had at least one known vulnerability in 2023, with nearly a quarter of those facing five or more, and 60% of vulnerabilities remained unaddressed past CISA’s deadlines, according to Bitsight. Organizations struggle to remediate

Critical vulnerabilities take 4.5 months on average to remediate Read More »

Download: The Ultimate Guide to the CISSP

Don't miss, ISC2, News, Whitepapers and webinars /

Download: The Ultimate Guide to the CISSP 2024-05-13 at 05:31 By Help Net Security The Ultimate Guide to the CISSP covers everything you need about the world’s premier cybersecurity leadership certification. Learn how CISSP and ISC2 will help you navigate your training path, succeed in certification, and advance your career so you’re ready to rise

Download: The Ultimate Guide to the CISSP Read More »

Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast

News, Week in review /

Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast 2024-05-12 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service

Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

0-day, Chrome, CVE, Don't miss, exploit, Google, Hot stuff, News /

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »

May 2024 Patch Tuesday forecast: A reminder of recent threats and impact

Adobe, apple, Chrome, Don't miss, Expert analysis, Hot stuff, Ivanti, Microsoft, Mozilla, News, Office, patch, Patch Tuesday, security update /

May 2024 Patch Tuesday forecast: A reminder of recent threats and impact 2024-05-10 at 08:46 By Help Net Security The thunderstorms of April patches have passed, and it has been pretty calm leading up to May 2024 Patch Tuesday. April 2024 Patch Tuesday turned out to be a busy one with 150 new CVEs addressed

May 2024 Patch Tuesday forecast: A reminder of recent threats and impact Read More »

How secure is the “Password Protection” on your files and drives?

authentication, cybersecurity, Data Protection, Don't miss, Encryption, Expert analysis, Expert corner, hardware, Hot stuff, Kingston Digital, News, opinion, passwords /

How secure is the “Password Protection” on your files and drives? 2024-05-10 at 08:31 By Help Net Security People in certain professions, such as healthcare, law, and corporations, often rely on password protection when sending files via email, believing it provides adequate security against prying eyes. However, simple password protection on a PDF or Excel

How secure is the “Password Protection” on your files and drives? Read More »

Cybercriminals are getting faster at exploiting vulnerabilities

cybercrime, cybersecurity, Fortinet, News, report, survey /

Cybercriminals are getting faster at exploiting vulnerabilities 2024-05-10 at 08:01 By Help Net Security Cybercriminals are targeting the ever-increasing number of new vulnerabilities resulting from the exponential growth in the number and variety of connected devices and an explosion in new applications and online services, according to Fortinet. It’s only natural that attacks looking to

Cybercriminals are getting faster at exploiting vulnerabilities Read More »

Nmap 7.95 released: New OS and service detection signatures

Linux, News, open source, penetration testing, scanning, software /

Nmap 7.95 released: New OS and service detection signatures 2024-05-10 at 07:31 By Help Net Security Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network,

Nmap 7.95 released: New OS and service detection signatures Read More »

Scroll to Top