News

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware

Don't miss, exploit, Hot stuff, JetBrains, Malware, News, Ransomware, Remote Access Trojan, Trend Micro, vulnerability /

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware 2024-03-21 at 12:01 By Helga Labus Attackers are exploiting the recently patched JetBrains TeamCity auth bypass vulnerability (CVE-2024-27198) to deliver ransomware, cryptominers and remote access trojans (RATs), according to Trend Micro researchers. The CVE-2024-27198 timeline CVE-2024-27198, an authentication bypass vulnerability affecting the TeamCity […]

Attackers are exploiting JetBrains TeamCity flaw to deliver a variety of malware Read More »

Fake data breaches: Countering the damage

Cato Networks, CISO, cybersecurity, data breach, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, threats /

Fake data breaches: Countering the damage 2024-03-21 at 08:01 By Help Net Security Amid the constant drumbeat of successful cyberattacks, some fake data breaches have also cropped up to make sensational headlines. Unfortunately, even fake data breaches can have real repercussions. Earlier this year, a hacker on a criminal forum claimed to have stolen data

Fake data breaches: Countering the damage Read More »

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs 2024-03-21 at 07:31 By Mirko Zorz WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process, specifically

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs Read More »

Secrets sprawl: Protecting your critical secrets

Don't miss, GitGuardian, Hot stuff, News /

Secrets sprawl: Protecting your critical secrets 2024-03-21 at 06:31 By Help Net Security Leaked secrets, a phenomenon known as ‘secrets sprawl,’ is a pervasive vulnerability that plagues nearly every organization. It refers to the unintentional exposure of sensitive credentials hardcoded in plaintext within source code, messaging systems, internal documentation, or ticketing systems. As the undisputed

Secrets sprawl: Protecting your critical secrets Read More »

Malware stands out as the fastest-growing threat of 2024

Compliance, cybersecurity, data security, News, report, survey, Thales, threats /

Malware stands out as the fastest-growing threat of 2024 2024-03-21 at 06:01 By Help Net Security 93% of IT professionals believe security threats are increasing in volume or severity, a significant rise from 47% last year, according to Thales. The number of enterprises experiencing ransomware attacks surged by over 27% in the past year. Despite

Malware stands out as the fastest-growing threat of 2024 Read More »

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724)

Don't miss, enterprise, Hot stuff, Ivanti, NATO, News, security update, vulnerability /

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) 2024-03-20 at 21:01 By Zeljka Zorz Ivanti has fixed a critical RCE vulnerability (CVE-2023-41724) in Ivanti Standalone Sentry that has been reported by researchers with the NATO Cyber Security Centre. Though the company is not aware of customers being compromised via the flaw, it “strongly

Ivanti fixes RCE vulnerability reported by NATO cybersecurity researchers (CVE-2023-41724) Read More »

RaaS groups increasing efforts to recruit affiliates

cybercrime, cybercriminals, dark web, Don't miss, GuidePoint Security, Hot stuff, News, Ransomware, research /

RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the

RaaS groups increasing efforts to recruit affiliates Read More »

Growing AceCryptor attacks in Europe

cybercrime, cybersecurity, Email, ESET, EU, Europe, Malware, News, Remote Access Trojan /

Growing AceCryptor attacks in Europe 2024-03-20 at 13:01 By Help Net Security ESET Research has recorded a considerable increase in AceCryptor attacks, with detections tripling between the first and second halves of 2023. In recent months, researchers registered a significant change in how AceCryptor is used, namely that the attackers spreading Rescoms (also known as

Growing AceCryptor attacks in Europe Read More »

The most prevalent malware behaviors and techniques

Don't miss, Elastic, malware analysis, malware detection, News, research, tips /

The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered

The most prevalent malware behaviors and techniques Read More »

Red teaming in the AI era

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Lakera, News, opinion, red team, software /

Red teaming in the AI era 2024-03-20 at 07:31 By Help Net Security As AI gets baked into enterprise tech stacks, AI applications are becoming prime targets for cyber attacks. In response, many cybersecurity teams are adapting existing cybersecurity practices to mitigate these new threats. One such practice measure is red teaming: the effort to

Red teaming in the AI era Read More »

1% of users are responsible for 88% of data loss events

cybersecurity, data, data loss prevention, News, Proofpoint, report, survey /

1% of users are responsible for 88% of data loss events 2024-03-20 at 07:01 By Help Net Security Data loss is a problem stemming from the interaction between humans and machines, and ‘careless users’ are much more likely to cause those incidents than compromised or misconfigured systems, according to Proofpoint. While organizations are investing in

1% of users are responsible for 88% of data loss events Read More »

API environments becoming hotspots for exploitation

Akamai, API security, cybersecurity, News, report, survey /

API environments becoming hotspots for exploitation 2024-03-20 at 06:01 By Help Net Security A total of 29% of web attacks targeted APIs over 12 months (January through December 2023), indicating that APIs are a focus area for cybercriminals, according to Akamai. API integration amplifies risk exposure for enterprises APIs are at the heart of digital

API environments becoming hotspots for exploitation Read More »

NIST’s NVD has encountered a problem

Chainguard, Don't miss, enterprise, Hot stuff, News, NIST, Qualys, Rapid7, vulnerability, vulnerability management /

NIST’s NVD has encountered a problem 2024-03-19 at 15:47 By Zeljka Zorz Whether the cause is insurmountable technical debt, lack of funds, a third reason or all of them, NIST’s National Vulnerability Database (NVD) is struggling, and it’s affecting vulnerability management efforts. What happened? Anyone who regularly uses the NVD as a source of information

NIST’s NVD has encountered a problem Read More »

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Don't miss, exploit, Fortra, Hot stuff, News, PoC, security update, vulnerability /

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) 2024-03-19 at 14:01 By Helga Labus Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra FileCatalyst is an enterprise managed file transfer (MFT) software solution that includes several components: FileCatalyst Direct, Workflow, and

PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153) Read More »

Surviving the “quantum apocalypse” with fully homomorphic encryption

cybersecurity, Don't miss, Encryption, Expert analysis, Expert corner, Hot stuff, News, opinion, Privacy, quantum computing, Zama /

Surviving the “quantum apocalypse” with fully homomorphic encryption 2024-03-19 at 10:04 By Help Net Security In the past few years, an increasing number of tech companies, organizations, and even governments have been working on one of the next big things in the tech world: successfully building quantum computers. These actors see a lot of potential

Surviving the “quantum apocalypse” with fully homomorphic encryption Read More »

Cybersecurity jobs available right now: March 19, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: March 19, 2024 2024-03-19 at 07:35 By Mirko Zorz Central Investigations & Cybersecurity Analyst Meta | USA | On-site – View job details The successful candidate will be able to assess and analyze large amounts of data to identify sources of potential threats and abuses, operate independently in a fast-paced

Cybersecurity jobs available right now: March 19, 2024 Read More »

Outsmarting cybercriminal innovation with strategies for enterprise resilience

Artificial Intelligence, cybercriminals, cybersecurity, Don't miss, Features, GISEC, Hot stuff, machine learning, News, Nokia, opinion, regulation, strategy, supply chain attacks, Threat Intelligence, threats, UAE /

Outsmarting cybercriminal innovation with strategies for enterprise resilience 2024-03-19 at 07:19 By Mirko Zorz In this Help Net Security interview, Pedro Cameirão, Head of Cyber Defense Center at Nokia, discusses emerging cybersecurity trends for 2024 and advises enterprises on preparation strategies. Cameirão will speak at GISEC Global 2024 in Dubai, a conference and exhibition bringing

Outsmarting cybercriminal innovation with strategies for enterprise resilience Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

Lynis: Open-source security auditing tool Read More »

Fujitsu finds malware on company systems, investigates possible data breach

cyberattack, data breach, data theft, Don't miss, Fujitsu, Hot stuff, Japan, Malware, News /

Fujitsu finds malware on company systems, investigates possible data breach 2024-03-18 at 22:27 By Helga Labus Fujitsu Limited, the largest Japanese IT services provider, has announced that several of the company’s computers have been compromised with malware, leading to a possible data breach. Known details about the Fujitsu data breach The company published the security

Fujitsu finds malware on company systems, investigates possible data breach Read More »

Nissan breach exposed data of 100,000 individuals

Australia, data breach, data theft, Don't miss, Hot stuff, manufacturing sector, News, Ransomware /

Nissan breach exposed data of 100,000 individuals 2024-03-18 at 13:46 By Helga Labus Nissan Oceania has confirmed that the data breach it suffered in December 2023 affected around 100,000 individuals and has begun notifying them. First response In early December 2023, the company – a regional Nissan division which includes Nissan Motor Corporation and Nissan

Nissan breach exposed data of 100,000 individuals Read More »

Scroll to Top