News

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was […]

Protobom: Open-source software supply chain tool Read More »

51% of enterprises experienced a breach despite large security stacks

CISO, cyber risk, cybersecurity, News, penetration testing, Pentera, report, survey /

51% of enterprises experienced a breach despite large security stacks 2024-04-19 at 06:31 By Help Net Security Threat actors are continuing to successfully breach across the entire attack surface and the stakes are only getting higher: 93% of enterprises who admitted a breach reported unplanned downtime, data exposure, or financial loss as a result, according

51% of enterprises experienced a breach despite large security stacks Read More »

New infosec products of the week: April 19, 2024

IDnow, Immuta, News, Privacera, Redgate, ShadowDragon, Tanium /

New infosec products of the week: April 19, 2024 2024-04-19 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from IDnow, Immuta, Privacera, Redgate, ShadowDragon, and Tanium. ShadowDragon Horizon enhancements help users conduct investigations from any device Horizon is accessible with any internet connection

New infosec products of the week: April 19, 2024 Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Authorities take down LabHost, phishing-as-a-service platform

attacks, cybercrime, cybercriminals, Europol, law enforcement, News, phishing /

Authorities take down LabHost, phishing-as-a-service platform 2024-04-18 at 12:01 By Help Net Security Law enforcement from 19 countries severely disrupted one of the world’s largest phishing-as-a-service platform, known as LabHost. This year-long operation, coordinated at the international level by Europol, resulted in the compromise of LabHost’s infrastructure. International investigation disrupts phishing-as-a-service platform LabHost Between Sunday

Authorities take down LabHost, phishing-as-a-service platform Read More »

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate

cybercrime, dark web, Don't miss, Malware, News, Ransomware, Sophos, threat /

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate 2024-04-18 at 08:01 By Help Net Security Since June 2023, Sophos X-Ops has discovered 19 junk gun ransomware variants — cheap, independently produced, and crudely constructed — on the dark web. The developers of these junk gun variants are attempting to

Cheap ransomware for sale on dark web marketplaces is changing the way hackers operate Read More »

Who owns customer identity?

access control, authentication, Compliance, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, MFA, News, opinion /

Who owns customer identity? 2024-04-18 at 07:31 By Help Net Security When I’m talking with prospective clients, I like to ask: which department owns customer identity? Everyone immediately looks towards a different team. While every team touches customer identity at some point, the teams that own it differ from organization to organization. From my experience,

Who owns customer identity? Read More »

92% of enterprises unprepared for AI security challenges

Absolute, Artificial Intelligence, CISO, cyber resilience, cybersecurity, News, report, survey /

92% of enterprises unprepared for AI security challenges 2024-04-18 at 07:02 By Help Net Security Most industries continue to run almost two or more months behind in patching software vulnerabilities, endpoints remain vulnerable to threats, and most enterprise PCs must be replaced to support AI-based technologies, according to the Absolute Security Cyber Resilience Risk Index

92% of enterprises unprepared for AI security challenges Read More »

Bots dominate internet activity, account for nearly half of all traffic

bot, cybersecurity, Imperva, News, report, survey, Thales /

Bots dominate internet activity, account for nearly half of all traffic 2024-04-18 at 06:01 By Help Net Security 49.6% of all internet traffic came from bots in 2023, a 2% increase over the previous year, and the highest level Imperva has reported since it began monitoring automated traffic in 2013. For the fifth consecutive year,

Bots dominate internet activity, account for nearly half of all traffic Read More »

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

Don't miss, enterprise, exploit, firewall, GreyNoise, Hot stuff, News, Palo Alto Networks, PoC, security update, TrustedSec, Volexity, vulnerability, WatchTowr /

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation 2024-04-17 at 12:31 By Zeljka Zorz While it initially seemed that protecting Palo Alto Network firewalls from attacks leveraging CVE-2024-3400 would be as easy a disabling the devices’ telemetry, it has now been comfirmed that this mitigation is ineffectual. “Device telemetry does not need to be

Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation Read More »

Thinking outside the code: How the hacker mindset drives innovation

bug bounty, cybersecurity, Don't miss, education, Features, hacker, hacking, Hot stuff, Innovation, News, opinion, skill development, strategy, tips /

Thinking outside the code: How the hacker mindset drives innovation 2024-04-17 at 08:01 By Mirko Zorz Keren Elazari is an internationally recognized security analyst, author, and researcher. Since 2000, Keren has worked with leading Israeli security firms, government organizations, innovative start-ups, and Fortune 500 companies. She is the founder of BSidesTLV and Leading Cyber Ladies

Thinking outside the code: How the hacker mindset drives innovation Read More »

Cybersecurity jobs available right now: April 17, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: April 17, 2024 2024-04-17 at 07:31 By Mirko Zorz Client Security Officer Unisys | USA | Remote – View job details The Client Security Officer (CSO) is part of Unisys account management team servicing its clients as cybersecurity representative alongside the Client Executive and the Client Delivery Executive. Cybersecurity Engineer

Cybersecurity jobs available right now: April 17, 2024 Read More »

Damn Vulnerable RESTaurant: Open-source API service designed for learning

API security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, skill development /

Damn Vulnerable RESTaurant: Open-source API service designed for learning 2024-04-17 at 07:01 By Mirko Zorz Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where

Damn Vulnerable RESTaurant: Open-source API service designed for learning Read More »

IT and security professionals demand more workplace flexibility

hybrid workforce, Ivanti, News, report, survey /

IT and security professionals demand more workplace flexibility 2024-04-17 at 06:01 By Help Net Security The concept of Everywhere Work is now much broader, encompassing where, when, and how professionals get their work done — and flexibility has become a key workplace priority, according to Ivanti. Ivanti surveyed over 7,700 executive leaders, IT and cybersecurity

IT and security professionals demand more workplace flexibility Read More »

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497)

Don't miss, Hot stuff, News, public-key cryptography, SSH, vulnerability /

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) 2024-04-16 at 19:46 By Zeljka Zorz A vulnerability (CVE-2024-31497) in PuTTY, a popular SSH and Telnet client, could allow attackers to recover NIST P-521 client keys due to the “heavily biased” ECDSA nonces (random values used once), researchers have discovered. “To be more precise, the

PuTTY vulnerability can be exploited to recover private keys (CVE-2024-31497) Read More »

Cisco Duo provider breached, SMS MFA logs compromised

Cisco, Don't miss, Duo Security, Hot stuff, MFA, MSP, News, social engineering, third party compromise /

Cisco Duo provider breached, SMS MFA logs compromised 2024-04-16 at 18:31 By Zeljka Zorz Hackers have managed to compromise a telephony provider for Duo, the Cisco-owned company providing secure access solutions, and steal MFA (multi-factor authentication) SMS message logs of Duo customers. About the attack The unnamed provider – one of two that Duo uses

Cisco Duo provider breached, SMS MFA logs compromised Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

New open-source project takeover attacks spotted, stymied Read More »

5 free red teaming resources to get you started

cybersecurity, Don't miss, GitHub, Hot stuff, how-to, News, red team, strategy, tips /

5 free red teaming resources to get you started 2024-04-16 at 07:32 By Help Net Security Red teaming is evaluating the effectiveness of your cybersecurity by eliminating defender bias and adopting an adversarial perspective within your organization. Tactics may include anything from social engineering to physical security breaches to simulate a real-world advanced persistent threat.

5 free red teaming resources to get you started Read More »

AI set to enhance cybersecurity roles, not replace them

access control, Artificial Intelligence, Cloud Security Alliance, Compliance, cybersecurity, Don't miss, Features, generative AI, Hot stuff, News, opinion, regulation, risk, training /

AI set to enhance cybersecurity roles, not replace them 2024-04-16 at 07:02 By Mirko Zorz In this Help Net Security interview, Caleb Sima, Chair of CSA AI Security Alliance, discusses how AI empowers security pros, emphasizing its role in enhancing skills and productivity rather than replacing staff. AI is seen as empowering rather than replacing

AI set to enhance cybersecurity roles, not replace them Read More »

31% of women in tech consider switching roles over the next year

cybersecurity, News, report, skill development, Skillsoft, survey /

31% of women in tech consider switching roles over the next year 2024-04-16 at 06:02 By Help Net Security 31% of women in tech are considering leaving their organization over the next 12 months due foremost to poor management, followed by a lack of training and a desire for better compensation, according to Skillsoft. The

31% of women in tech consider switching roles over the next year Read More »

Scroll to Top