Photos: GISEC Global 2024 2024-04-24 at 12:31 By Help Net Security GISEC Global is taking place from April 23 to April 25, 2024, at the Dubai World Trade Centre. Here are a few photos from the event, featured vendors include: Waterfall Security Solutions, Netskope, Google Cloud, Huawei, NetSPI, SecureLink, Cloudflare, IT Max Global, Deloitte, Pulsec, […]
Photos: GISEC Global 2024 Read More »
GenAI can enhance security awareness training 2024-04-24 at 07:31 By Help Net Security One of the biggest concerns over generative AI is its ability to manipulate us, which makes it ideal for orchestrating social engineering attacks. From mining someone’s digital footprint to crafting highly convincing spear phishing emails, to voice capture enabling vishing and deep
GenAI can enhance security awareness training Read More »
AI set to play key role in future phishing attacks 2024-04-24 at 07:01 By Help Net Security A staggering increase in QR code phishing (quishing) attacks during 2023 saw them skyrocket up the list of concerns for cyber teams globally, according to Egress. Attacks were both prolific and highly successful, demonstrating how cybercriminals effectively combine
AI set to play key role in future phishing attacks Read More »
Cybersecurity jobs available right now: April 24, 2024 2024-04-24 at 06:31 By Anamarija Pogorelec Blockchain Security Researcher StarkWare | Israel | On-site – View job details The Security Researcher will be responsible for conducting in-depth research and analysis on the security of blockchain systems, protocols and the infrastructure that enables it. CISO Rajah & Tann
Cybersecurity jobs available right now: April 24, 2024 Read More »
eBook: Cloud security skills 2024-04-24 at 05:46 By Help Net Security Demonstrating a sound understanding of cloud security key principles and practices opens various professional opportunities. But first, you need the right mix of technical and soft skills to emerge as a leader. Inside this eBook: Why a career in cloud security? Career pathways The
eBook: Cloud security skills Read More »
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a
Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »
Trustwave, Telarus Announce Strategic Global Partnership 2024-04-23 at 16:06 By Trustwave is partnering with Telarus, a leading technology services distributor (TSD), which will allow it to leverage Trustwave’s comprehensive offensive and defensive cybersecurity portfolio and give Trustwave a direct line to Telarus’ vast network of technology advisors. This article is an excerpt from Trustwave Blog View Original
Trustwave, Telarus Announce Strategic Global Partnership Read More »
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if
CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »
The rising influence of AI on the 2024 US election 2024-04-23 at 08:01 By Help Net Security We stand at a crossroads for election misinformation: on one side our election apparatus has reached a higher level of security and is better defended from malicious attackers than ever before. On the other side, the rise of
The rising influence of AI on the 2024 US election Read More »
10 colleges and universities shaping the future of cybersecurity education 2024-04-23 at 07:01 By Help Net Security Institutions featured on this list often provide undergraduate and graduate degrees, courses, as well as certificate programs tailored to meet the growing demand for cybersecurity professionals in various industries. Some notable colleges and universities renowned for their cybersecurity
10 colleges and universities shaping the future of cybersecurity education Read More »
People doubt their own ability to spot AI-generated deepfakes 2024-04-23 at 07:01 By Help Net Security 23% of Americans said they recently came across a political deepfake they later discovered to be fake, according to McAfee. The actual number of people exposed to political and other deepfakes is expected to be much higher given many
People doubt their own ability to spot AI-generated deepfakes Read More »
Behavioral patterns of ransomware groups are changing 2024-04-23 at 06:01 By Help Net Security Q1 saw substantial shifts in activity from some of the most prolific Ransomware-as-a-Service (RaaS) groups, according to GuidePoint Security. RaaS groups attempt to recruit disaffected or displaced affiliates In addition to revealing a nearly 20% year-over-year increase in the number of
Behavioral patterns of ransomware groups are changing Read More »
MITRE breached by nation-state threat actor via Ivanti zero-days 2024-04-22 at 15:16 By Zeljka Zorz MITRE has been breached by attackers via two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti’s Connect Secure VPN devices. The attackers have also managed to move laterally and compromise the company network’s VMware infrastructure, MITRE confirmed late last week. What is
MITRE breached by nation-state threat actor via Ivanti zero-days Read More »
The first steps of establishing your cloud security strategy 2024-04-22 at 10:02 By Help Net Security In this article, we’ll identify some first steps you can take to establish your cloud security strategy. We’ll do so by discussing the cloud security impact of individual, concrete actions featured within the CIS Critical Security Controls (CIS Controls)
The first steps of establishing your cloud security strategy Read More »
How to optimize your bug bounty programs 2024-04-22 at 08:02 By Mirko Zorz In this Help Net Security interview, Roy Davis, Manager – Vulnerability Management & Bug Bounty at Zoom, discusses the role bug bounty programs play in identifying security vulnerabilities and facilitating collaboration with researchers. He offers advice to organizations, stressing the importance of
How to optimize your bug bounty programs Read More »
Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity 2024-04-22 at 07:32 By Mirko Zorz Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. “Infrastructure as code has replaced a
Uncertainty is the most common driver of noncompliance 2024-04-22 at 06:31 By Help Net Security Most compliance leaders tend to focus on building an ethical culture in their organizations to improve employee behavior, but it has a limited impact on addressing uncertainty about how to be compliant, according to a survey by Gartner. Three primary
Uncertainty is the most common driver of noncompliance Read More »
Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack 2024-04-21 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation While it initially seemed that protecting Palo Alto Network
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! 2024-04-19 at 15:46 By Zeljka Zorz More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched a new record low of 28%,” ransomware incident
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! Read More »
LastPass users targeted by vishing attackers 2024-04-19 at 13:01 By Zeljka Zorz The CryptoChameleon phishing kit is being leveraged by vishing attackers looking to trick LastPass users into sharing their master password. “Initially, we learned of a new parked domain (help-lastpass[.]com) and immediately marked the website for monitoring should it go live and start serving
LastPass users targeted by vishing attackers Read More »