News

GenAI enables cybersecurity leaders to hire more entry-level talent

Artificial Intelligence, cybersecurity, generative AI, News, report, Splunk, survey /

GenAI enables cybersecurity leaders to hire more entry-level talent 2024-05-10 at 07:01 By Help Net Security 93% of security leaders said public GenAI was in use across their respective organizations, and 91% reported using GenAI specifically for cybersecurity operations, according to Splunk. A total of 1,650 security leaders participated in the global survey, with many […]

GenAI enables cybersecurity leaders to hire more entry-level talent Read More »

Selfie spoofing becomes popular identity document fraud technique

cybersecurity, fraud, identity verification, News, report, Socure, survey /

Selfie spoofing becomes popular identity document fraud technique 2024-05-10 at 06:31 By Help Net Security Document image-of-image was the most prevalent identity (ID) document fraud technique in 2023, occurring in 63% of all IDs that were rejected, according to Socure. Selfie spoofing and impersonations dominate document-related identity fraud Document image-of-image occurs when the user takes

Selfie spoofing becomes popular identity document fraud technique Read More »

New infosec products of the week: May 10, 2024

Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, News, SentinelOne, Splunk, Sumo Logic, Trellix /

New infosec products of the week: May 10, 2024 2024-05-10 at 06:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Abnormal Security, AuditBoard, Cranium, Datadog, Eclypsium, ExtraHop, Forcepoint, SentinelOne, Splunk, Sumo Logic, and Trellix. AuditBoard enhances InfoSec Solutions to reduce compliance fatigue across the

New infosec products of the week: May 10, 2024 Read More »

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)

CVE, Don't miss, Eclypsium, F5 Networks, Hot stuff, networking, News, traffic monitoring /

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) 2024-05-09 at 17:01 By Zeljka Zorz Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) Read More »

Zscaler swats claims of a significant breach

data breach, Don't miss, Hot stuff, initial access broker, News, Zscaler /

Zscaler swats claims of a significant breach 2024-05-09 at 16:31 By Zeljka Zorz On Wednesday, a threat actor named “InteIBroker” put up for sale “access to one of the largest cyber security companies” and immediately ignited speculation about which company it might be. InteIBroker claims to have access to “logs packed with credentials”, SSL passkeys

Zscaler swats claims of a significant breach Read More »

Trustwave Names Keith Ibarguen as Senior Vice President of Engineering

News /

Trustwave Names Keith Ibarguen as Senior Vice President of Engineering 2024-05-09 at 16:01 By Keith Ibarguen has been named Trustwave’s Senior Vice President of Engineering, from which he will leverage his extensive experience in software, cybersecurity, and leadership to lead Trustwave’s engineering product development and SpiderLabs security research. This article is an excerpt from Trustwave

Trustwave Names Keith Ibarguen as Senior Vice President of Engineering Read More »

CISA starts CVE “vulnrichment” program

CISA, CVE, Don't miss, Hot stuff, News, vulnerability assessment, vulnerability management /

CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities

CISA starts CVE “vulnrichment” program Read More »

Regulators are coming for IoT device security

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Memfault, monitoring, News, open source, opinion, regulation, software, update, vulnerability management /

Regulators are coming for IoT device security 2024-05-09 at 08:01 By Help Net Security Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their connected

Regulators are coming for IoT device security Read More »

Global ransomware crisis worsens

critical infrastructure, extortion, News, NTT Security, Ransomware, report, social media /

Global ransomware crisis worsens 2024-05-09 at 07:31 By Help Net Security Ransomware and extortion incidents surged by 67% in 2023, according to NTT Security Holdings’ 2024 Global Threat Intelligence Report. Global ransomware crisis After a down year in 2022, ransomware and extortion incidents increased in 2023. More than 5,000 ransomware victims were detected or posted

Global ransomware crisis worsens Read More »

Ransomware attacks impact 20% of sensitive data in healthcare orgs

cybersecurity, data, healthcare, News, Ransomware, report, Rubrik, survey /

Ransomware attacks impact 20% of sensitive data in healthcare orgs 2024-05-09 at 07:01 By Help Net Security Recent cyber incidents demonstrate the healthcare industry continues to be a prime target for ransomware hackers, according to Rubrik. New research by Rubrik Zero Labs reveals that ransomware attacks produce larger impacts against these healthcare targets. In fact,

Ransomware attacks impact 20% of sensitive data in healthcare orgs Read More »

3 CIS resources to help you drive your cloud cybersecurity

Center for Internet Security, Don't miss, Hot stuff, News /

3 CIS resources to help you drive your cloud cybersecurity 2024-05-09 at 06:01 By Help Net Security In the process of moving to the cloud, you need a security-first cloud migration strategy that considers both your security and compliance requirements upfront. In this article, we’ll discuss how you can use resources from the Center for

3 CIS resources to help you drive your cloud cybersecurity Read More »

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

consumer, CVE, Don't miss, enterprise, Hot stuff, Leviathan Security Group, News, Privacy, VPN /

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

Photos: RSA Conference 2024

Cisco, conferences, Delinea, Don't miss, Entrust, GitGuardian, IT-Harvest, NetSPI, News, Sophos, Splunk, Trellix /

Photos: RSA Conference 2024 2024-05-08 at 14:31 By Help Net Security RSA Conference 2024 is taking place at the Moscone Center in San Francisco. Help Net Security is on-site, and this gallery takes you inside the event. The featured vendors are: Sophos, NetSPI, IT-Harvest, Cisco, GitGuardian, Delinea, Splunk, Entrust, and Trellix. The post Photos: RSA

Photos: RSA Conference 2024 Read More »

MITRE breach details reveal attackers’ successes and failures

APT, backdoor, data breach, Don't miss, government-backed attacks, Hot stuff, Ivanti, Mandiant, MITRE, News, reconnaissance, Volexity, web shell /

MITRE breach details reveal attackers’ successes and failures 2024-05-08 at 14:16 By Zeljka Zorz MITRE has shared a timeline of the recent breach if fell victim to and has confirmed that it began earlier than previously thought: on December 31, 2023. On that day, the attackers deployed a web shell on an external-facing Ivanti Connect

MITRE breach details reveal attackers’ successes and failures Read More »

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

backup, CVE, Don't miss, Hot stuff, MSP, News, security update, Veeam Software /

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) 2024-05-08 at 12:16 By Zeljka Zorz Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Read More »

97% of organizations hit by ransomware turn to law enforcement

cybersecurity, Incident Response, law enforcement, News, Ransomware, report, Sophos /

97% of organizations hit by ransomware turn to law enforcement 2024-05-08 at 08:32 By Help Net Security Sophos has released additional findings from its annual “State of Ransomware 2024” survey. According to the report, among organizations surveyed, 97% of those hit by ransomware over the past year engaged with law enforcement and/or official government bodies

97% of organizations hit by ransomware turn to law enforcement Read More »

Security tools fail to translate risks for executives

Application Security, Artificial Intelligence, CISO, cybersecurity, Dynatrace, News, Next DLP, report, survey /

Security tools fail to translate risks for executives 2024-05-08 at 08:01 By Help Net Security Organizations are struggling with internal communication barriers, which hinder their ability to address cybersecurity threats, according to Dynatrace. The results indicate that CISOs encounter challenges in aligning security teams with the C-suite, resulting in organizational gaps in understanding cyber risk.

Security tools fail to translate risks for executives Read More »

Cybersecurity jobs available right now: May 8, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: May 8, 2024 2024-05-08 at 07:31 By Anamarija Pogorelec CISO Pinsent Masons | United Kingdom | Hybrid – View job details As a CISO, you will be responsible for the overall security posture of the organisation, ensuring the organisation’s information and technology assets are protected from internal and external threats.

Cybersecurity jobs available right now: May 8, 2024 Read More »

Pktstat: Open-source ethernet interface traffic monitor

GitHub, Linux, networking, News, open source, software /

Pktstat: Open-source ethernet interface traffic monitor 2024-05-08 at 07:01 By Mirko Zorz Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. Pktstat is a versatile tool that doesn’t rely on advanced or recent Linux kernel

Pktstat: Open-source ethernet interface traffic monitor Read More »

How workforce reductions affect cybersecurity postures

Artificial Intelligence, Cobalt, cybersecurity, News, penetration testing, report /

How workforce reductions affect cybersecurity postures 2024-05-08 at 06:01 By Help Net Security In its State of Pentesting Report, Cobalt reveals an industry struggling to balance the use of AI and protecting against it, while facing significant resource and staffing constraints. Pentesting plays a key role in addressing this challenge, equipping organizations with the ability

How workforce reductions affect cybersecurity postures Read More »

Scroll to Top