News

Public anxiety mounts over critical infrastructure resilience to cyber attacks

critical infrastructure, cybersecurity, Government, MITRE, News, report, risk, survey, The Harris Poll /

Public anxiety mounts over critical infrastructure resilience to cyber attacks 2024-03-18 at 12:01 By Help Net Security With temporary failures of critical infrastructure on the rise in the recent years, 81% of US residents are worried about how secure critical infrastructure may be, according to MITRE and The Harris Poll. Public views cyberattacks as greatest […]

Public anxiety mounts over critical infrastructure resilience to cyber attacks Read More »

Quicmap: Fast, open-source QUIC protocol scanner

Don't miss, GitHub, networking, News, open source, penetration testing, scanning, software /

Quicmap: Fast, open-source QUIC protocol scanner 2024-03-18 at 12:01 By Mirko Zorz Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my favorite scanner had

Quicmap: Fast, open-source QUIC protocol scanner Read More »

43 million workers potentially affected in France Travail data breach

data breach, data theft, Don't miss, EU, France, Government, Hot stuff, News /

43 million workers potentially affected in France Travail data breach 2024-03-18 at 10:29 By Helga Labus French national unemployment agency France Travail (formerly Pôle emploi) and Cap emploi, a government employment service for people with disabilities, have suffered a data breach that might have exposed personal data of 43 million people. The breach The agencies

43 million workers potentially affected in France Travail data breach Read More »

Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware

News, Week in review /

Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware 2024-03-17 at 11:00 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Transitioning to memory-safe languages: Challenges and considerations In this Help Net Security interview, Omkhar Arasaratnam, General Manager at

Week in review: Cybersecurity job openings, hackers use 1-day flaws to drop custom Linux malware Read More »

Key MITRE ATT&CK techniques used by cyber attackers

attacks, Cloud, credentials, cybersecurity, Email, identity, News, Ransomware, Red Canary, report /

Key MITRE ATT&CK techniques used by cyber attackers 2024-03-15 at 11:01 By Help Net Security While the threat landscape continues to shift and evolve, attackers’ motivations do not, according to a Red Canary report. The classic tools and techniques adversaries deploy remain consistent–with some notable exceptions. The report tracked MITRE ATT&CK techniques that adversaries abuse

Key MITRE ATT&CK techniques used by cyber attackers Read More »

90% of exposed secrets on GitHub remain active for at least five days

cybersecurity, Data leak, GitGuardian, GitHub, News, report, survey /

90% of exposed secrets on GitHub remain active for at least five days 2024-03-15 at 07:30 By Help Net Security 12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

90% of exposed secrets on GitHub remain active for at least five days Read More »

Human risk factors remain outside of cybersecurity pros’ control

Artificial Intelligence, cybercrime, cybersecurity, Mimecast, News, report, survey /

Human risk factors remain outside of cybersecurity pros’ control 2024-03-15 at 07:00 By Help Net Security Cyber threats are growing at an unprecedented pace, and the year ahead is fraught with cybercrime and incidents anticipated ahead of the busy election year where over 50 countries head to the polls, according to Mimecast. With new threats

Human risk factors remain outside of cybersecurity pros’ control Read More »

New infosec products of the week: March 15, 2024

AuditBoard, Cynerio, DataDome, News, Regula, Tenable /

New infosec products of the week: March 15, 2024 2024-03-15 at 06:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from AuditBoard, Cynerio, DataDome, Regula, and Tenable. AuditBoard unveils AI, analytics, and annotation capabilities to deliver more timely insights AuditBoard revealed new AI, analytics, and

New infosec products of the week: March 15, 2024 Read More »

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Don't miss, endpoint management, Fortinet, Horizon3.ai, Hot stuff, News, PoC, SANS ISC, vulnerability /

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) 2024-03-14 at 16:36 By Zeljka Zorz A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a proof-of-concept exploit for it next week, and

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788) Read More »

Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations

News, Perception Point /

Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations 2024-03-14 at 16:36 By Industry News Perception Point launched its latest innovation, GPThreat Hunter, an addition to the company’s comprehensive security stack. Leveraging the capabilities of OpenAI’s GPT-4 model, GPThreat Hunterre presents a significant leap forward in Perception Point’s ability to autonomously resolve

Perception Point GPThreat Hunter allows cybersecurity experts to focus on in-depth investigations Read More »

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve, backup, disaster recovery, Don't miss, enterprise, exploit, Hot stuff, News, PoC, SMBs, Tenable /

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) 2024-03-14 at 13:00 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files to the underlying Windows system. Tenable researchers have published a PoC exploit script demonstrating the attack, as

PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800) Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software /

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

MobSF: Open-source security research platform for mobile apps Read More »

Only 13% of medical devices support endpoint protection agents

Claroty, cybersecurity, healthcare, News, report, survey, threats /

Only 13% of medical devices support endpoint protection agents 2024-03-14 at 07:00 By Help Net Security 63% of CISA-tracked Known Exploited Vulnerabilities (KEVs) can be found on healthcare networks, while 23% of medical devices—including imaging devices, clinical IoT devices, and surgery devices—have at least one known exploited vulnerability, according to Claroty. Traditionally, medical devices have

Only 13% of medical devices support endpoint protection agents Read More »

IT leaders think immutable data storage is an insurance policy against ransomware

cybersecurity, data security, News, report, Scality, strategy, survey /

IT leaders think immutable data storage is an insurance policy against ransomware 2024-03-14 at 06:00 By Help Net Security IT leaders consider immutable storage as a must-have in the fight against cyberattacks, according to Scality. Ransomware threats are now understood by organizations to be inevitable. Reports show 1 in 4 organizations that pay a ransom

IT leaders think immutable data storage is an insurance policy against ransomware Read More »

The effects of law enforcement takedowns on the ransomware landscape

botnet, Don't miss, Hot stuff, law enforcement, News, Ransomware, RedSense, Symantec, trends /

The effects of law enforcement takedowns on the ransomware landscape 2024-03-13 at 17:03 By Zeljka Zorz While the results of law enforcement action against ransomware-as-a-service operators Alphv/BlackCat and LockBit are yet to be fully realized, the August 2023 disruption of the Qakbot botnet has had one notable effect: ransomware affiliates have switched to vulnerability exploitation

The effects of law enforcement takedowns on the ransomware landscape Read More »

BSAM: Open-source methodology for Bluetooth security assessment

Bluetooth, Bluetooth Low Energy, consumer, Don't miss, enterprise, Hot stuff, News, security auditing, SMBs, Tarlogic, vulnerability, wireless /

BSAM: Open-source methodology for Bluetooth security assessment 2024-03-13 at 08:39 By Zeljka Zorz Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. “Many of the examples presented during the conference were real tests

BSAM: Open-source methodology for Bluetooth security assessment Read More »

LastPass’ CIO vision for driving business strategy, innovation

Artificial Intelligence, CIO, cybersecurity, data management, digital transformation, Don't miss, Features, Hot stuff, LastPass, News, opinion, Privacy, regulation, strategy, tips /

LastPass’ CIO vision for driving business strategy, innovation 2024-03-13 at 08:39 By Mirko Zorz Recently, LastPass appointed Asad Siddiqui as its CIO. He brings over two decades of experience leading startups and large technology organizations. It was the perfect time for Help Net Security to find out what’s next for Siddiqui in his new role

LastPass’ CIO vision for driving business strategy, innovation Read More »

Product showcase: How to track SaaS security best practices with Nudge Security

access management, News, Nudge Security, OAuth, Product showcase, SaaS, SSO /

Product showcase: How to track SaaS security best practices with Nudge Security 2024-03-13 at 06:37 By Help Net Security As technology adoption has shifted to be employee-led, IT and security teams are contending with an ever-expanding SaaS attack surface. At the same time, they are often spread thin, meaning they need ways to quickly identify

Product showcase: How to track SaaS security best practices with Nudge Security Read More »

Keyloggers, spyware, and stealers dominate SMB malware detections

cybercrime, cybersecurity, data theft, Malware, malware detection, News, report, Sophos, survey /

Keyloggers, spyware, and stealers dominate SMB malware detections 2024-03-13 at 06:06 By Help Net Security In 2023, 50% of malware detections for SMBs were keyloggers, spyware and stealers, malware that attackers use to steal data and credentials, according to Sophos. Attackers subsequently use this stolen information to gain unauthorized remote access, extort victims, deploy ransomware,

Keyloggers, spyware, and stealers dominate SMB malware detections Read More »

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V

Automox, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Tenable, Trend Micro, Windows /

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V 2024-03-12 at 22:11 By Zeljka Zorz On this March 2024 Patch Tuesday, Microsoft has released fixes for 59 CVE-numbered vulnerabilities, but – welcome news! – none of them are currently publicly known or actively exploited. Last month, though, several days after Patch Tuesday, the

March 2024 Patch Tuesday: Microsoft fixes critical bugs in Windows Hyper-V Read More »

Scroll to Top