News

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime

collaboration, cybercrime, Don't miss, Features, Hot stuff, information sharing, News, World Economic Forum /

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime 2024-04-10 at 07:31 By Zeljka Zorz In early 2023, the World Economic Forum (WEF) launched Cybercrime Atlas, with the intent to map the cybercriminal ecosystem by facilitating collaboration between private and public organizations. What does this collaboration look like in practice? We’ve asked Sean […]

WEF Cybercrime Atlas: Researchers are creating new insights to fight cybercrime Read More »

Cybersecurity jobs available right now: April 10, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: April 10, 2024 2024-04-10 at 06:32 By Mirko Zorz Application Security Engineer HCLTech | Mexico | Remote – View job details As an Application Security Engineer, you will work on the security engineering team and collaborate with other IT professionals to ensure that user data is protected. Cybersecurity Incident Response

Cybersecurity jobs available right now: April 10, 2024 Read More »

GSMA releases Mobile Threat Intelligence Framework

framework, GSMA, MITRE, News /

GSMA releases Mobile Threat Intelligence Framework 2024-04-10 at 06:01 By Help Net Security GSM Association’s Fraud and Security Group (FASG) has published the first version of a framework for describing, in a structured way, how adversaries attack and use mobile networks, based on the tactics, techniques and procedures (TTPs) that they use. The Mobile Threat

GSMA releases Mobile Threat Intelligence Framework Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

LG smart TVs may be taken over by remote attackers

Bitdefender, Don't miss, Hot stuff, Internet of Things, LG, News, security update, smart tv, vulnerability /

LG smart TVs may be taken over by remote attackers 2024-04-09 at 21:02 By Zeljka Zorz Bitdefender researchers have uncovered four vulnerabilities in webOS, the operating system running on LG smart TVs, which may offer attackers unrestricted (root) access to the devices. “Although the vulnerable service is intended for LAN access only, Shodan, the search

LG smart TVs may be taken over by remote attackers Read More »

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them

Don't miss, Hot stuff, News /

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them 2024-04-09 at 17:31 By Zeljka Zorz Google is rolling out multi-party approvals for Google Workspace customers with multiple super admin accounts, the company has announced. What does the feature do? Google Workspace (formerly G Suite) is a cloud-based set of productivity

New Google Workspace feature prevents sensitive security changes if two admins don’t approve them Read More »

New Latrodectus loader steps in for Qbot

Don't miss, Hot stuff, initial access broker, Malware, News, Proofpoint, Team Cymru /

New Latrodectus loader steps in for Qbot 2024-04-09 at 14:02 By Zeljka Zorz New (down)loader malware called Latrodectus is being leveraged by initial access brokers and it looks like it might have been written by the same developers who created the IcedID loader. Malware delivery campaigns “[Latrodectus] was first observed being distributed by TA577, an

New Latrodectus loader steps in for Qbot Read More »

How exposure management elevates cyber resilience

cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Features, News, opinion, risk, security controls, shadow IT, WithSecure /

How exposure management elevates cyber resilience 2024-04-09 at 07:46 By Help Net Security Attackers are adept at identifying and exploiting the most cost-effective methods of compromise, highlighting the critical need for organizations to implement asset identification and understand their assets’ security posture in relation to the whole estate. Instead of asking, “Are we exposed?” organizations

How exposure management elevates cyber resilience Read More »

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA)

authentication, certificate authority, Don't miss, GitHub, Hot stuff, News, open source, PKI, software /

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) 2024-04-09 at 07:32 By Mirko Zorz EJBCA is open-source PKI and CA software. It can handle almost anything, and someone once called it the kitchen sink of PKI. With its extensive history as one of the longest-standing CA software projects, EJBCA offers proven robustness, reliability, and

EJBCA: Open-source public key infrastructure (PKI), certificate authority (CA) Read More »

Strategies for secure identity management in hybrid environments

access management, authentication, critical infrastructure, cyber hygiene, Don't miss, Features, Hot stuff, identity, identity management, News, Okta, password management, passwordless, strategy /

Strategies for secure identity management in hybrid environments 2024-04-09 at 07:02 By Mirko Zorz In this Help Net Security interview, Charlotte Wylie, SVP and Deputy CSO at Okta, discusses the challenges of managing user identities across hybrid IT environments. She emphasizes balancing and adopting comprehensive security controls, including cloud SSO and MFA technologies, to unify

Strategies for secure identity management in hybrid environments Read More »

Veriato introduces AI-driven predictive behavior analytics platform

News, Veriato /

Veriato introduces AI-driven predictive behavior analytics platform 2024-04-08 at 16:31 By Industry News Veriato released their next generation Insider Risk Management (IRM) solution. With organizations of all sizes facing a more complex cybersecurity environment, Veriato IRM delivers flexibility and scalability using the power of GenAI. Veriato’s IRM solution offers technology for companies looking to improve

Veriato introduces AI-driven predictive behavior analytics platform Read More »

XZ Utils backdoor: Detection tools, scripts, rules

backdoor, Binarly, Bitdefender, Don't miss, Elastic, GitHub, Hot stuff, Linux, News, open source, supply chain compromise /

XZ Utils backdoor: Detection tools, scripts, rules 2024-04-08 at 16:31 By Zeljka Zorz As the analysis of the backdoor in XZ Utils continues, several security companies have provided tools and advice on how to detect its presence on Linux systems. What happened? The open-source XZ Utils compression utility has been backdoored by a skilled threat

XZ Utils backdoor: Detection tools, scripts, rules Read More »

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273)

D-Link, Don't miss, Hot stuff, NAS, News, vulnerability /

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) 2024-04-08 at 12:01 By Zeljka Zorz A vulnerability (CVE-2024-3273) in four old D-Link NAS models could be exploited to compromise internet-facing devices, a threat researcher has found. The existence of the flaw was confirmed by D-Link last week, and an exploit for opening an interactive

92,000+ internet-facing D-Link NAS devices accessible via “backdoor” account (CVE-2024-3273) Read More »

April 2024 Patch Tuesday forecast: New and old from Microsoft

Adobe, apple, Don't miss, Expert analysis, Google, Hot stuff, Microsoft, Mozilla, News, opinion, Patch Tuesday, Windows /

April 2024 Patch Tuesday forecast: New and old from Microsoft 2024-04-08 at 08:31 By Help Net Security This month, we have a new product preview from Microsoft, and some older products are being prepared for end-of-support. But before we go there, March 2024 Patch Tuesday was pretty mild, with 60 unique vulnerabilities addressed. We saw

April 2024 Patch Tuesday forecast: New and old from Microsoft Read More »

How can the energy sector bolster its resilience to ransomware attacks?

access management, cybercriminals, cybersecurity, Delinea, Don't miss, energy sector, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, penetration testing, Ransomware, strategy /

How can the energy sector bolster its resilience to ransomware attacks? 2024-04-08 at 08:01 By Help Net Security Since it plays a vital role in every functioning society, the energy sector has always been a prime target for state-backed cybercriminals. The cyber threats targeting this industry have grown significantly in recent years, as geopolitical tensions

How can the energy sector bolster its resilience to ransomware attacks? Read More »

WiCyS: A champion for a more diverse cybersecurity workforce

cybersecurity talent, Don't miss, education, Features, Hot stuff, News, skill development, WiCyS /

WiCyS: A champion for a more diverse cybersecurity workforce 2024-04-08 at 07:31 By Zeljka Zorz In this Help Net Security interview, Lynn Dohm, Executive Director at Women in CyberSecurity (WiCyS), talks about how the organization supports its members across different stages of their cybersecurity journey. WiCyS (pronounced Wee-Sis) is an organization dedicated to advancing the

WiCyS: A champion for a more diverse cybersecurity workforce Read More »

Industrial sectors embrace zero trust for enhanced security

cybersecurity, digital transformation, News, report, survey, Xage Security, zero trust /

Industrial sectors embrace zero trust for enhanced security 2024-04-08 at 06:32 By Help Net Security Organizations are leveraging zero trust to enhance the safety, security, and reliability of their enterprise across IT and OT environments, according to Xage Security. Zero trust security implementation in industrial sectors The report analyzes the current status and trajectory of

Industrial sectors embrace zero trust for enhanced security Read More »

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise

News, Week in review /

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise 2024-04-07 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cyber attacks on critical infrastructure show advanced tactics and new capabilities In this Help Net Security

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise Read More »

Cybercriminal adoption of browser fingerprinting

bot, browser, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Fortra, Hot stuff, News, opinion, phishing, PhishLabs /

Cybercriminal adoption of browser fingerprinting 2024-04-05 at 08:01 By Help Net Security Browser fingerprinting is one of many tactics phishing site authors use to evade security checks and lengthen the lifespan of malicious campaigns. While browser fingerprinting has been used by legitimate organizations to uniquely identify web browsers for nearly 15 years, it is now

Cybercriminal adoption of browser fingerprinting Read More »

Security pros are cautiously optimistic about AI

Artificial Intelligence, Cloud Security Alliance, cybersecurity, generative AI, Google Cloud, News, report, survey /

Security pros are cautiously optimistic about AI 2024-04-05 at 07:32 By Help Net Security 55% of organizations plan to adopt GenAI solutions within this year, signaling a substantial surge in GenAI integration, according to a Cloud Security Alliance and Google Cloud survey. The survey received 2,486 responses from IT and security professionals. The report indicates

Security pros are cautiously optimistic about AI Read More »

Scroll to Top