News

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware

backdoor, Check Point, Don't miss, exploit, Hot stuff, Linux, Malware, News, vulnerability, Windows /

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware 2024-03-12 at 11:01 By Helga Labus A financially motivated threat actor is using known vulnerabilities to target public-facing services and deliver custom malware to unpatched Windows and Linux systems. Among the exploited vulnerabilities are also two recently discovered Ivanti Connect Secure VPN flaws that are widely […]

Hackers leverage 1-day vulnerabilities to deliver custom Linux malware Read More »

How advances in AI are impacting business cybersecurity

access control, Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Forcepoint, Hot stuff, News, opinion, policy, risk /

How advances in AI are impacting business cybersecurity 2024-03-12 at 07:52 By Help Net Security While ChatGPT and Bard have proven to be valuable tools for developers, marketers, and consumers, they also carry the risk of unintentionally exposing sensitive and confidential data. From a security point of view, it always pays to think one step

How advances in AI are impacting business cybersecurity Read More »

Cybersecurity jobs available right now: March 12, 2024

cybersecurity jobs, Don't miss, Hot stuff, News /

Cybersecurity jobs available right now: March 12, 2024 2024-03-12 at 07:52 By Mirko Zorz CISO / Head of Enterprise IT Stitch Fix | USA | Remote – View job details Reporting directly to the Chief Product and Technology Officer, you will oversee all aspects of information security, including cloud security, DevSecOps, security operations, and security

Cybersecurity jobs available right now: March 12, 2024 Read More »

Tax-related scams escalate as filing deadline approaches

Cisco, Don't miss, fraud, Hot stuff, identity theft, IRS, Malwarebytes, News, scams, tax e-filing, trends, USA, Webroot /

Tax-related scams escalate as filing deadline approaches 2024-03-12 at 07:18 By Helga Labus As the April 15, 2024 tax filing deadline approaches in the US, some old and some new tax-related scams targeting both taxpayers and tax professionals. Tax-related scams targeting taxpayers With taxpayers rushing to file their personal federal income tax return, scammers are

Tax-related scams escalate as filing deadline approaches Read More »

Image-based phishing tactics evolve

cybercrime, cybersecurity, email security, Ironscales, News, Osterman Research, phishing, QR codes, report, survey /

Image-based phishing tactics evolve 2024-03-12 at 06:00 By Help Net Security While 70% of organizations feel their current security stacks are effective against image-based and QR code phishing attacks, 76% were still compromised in the last 12 months, according to IRONSCALES and Osterman Research. IT pros are highly aware of emerging types of phishing attacks

Image-based phishing tactics evolve Read More »

Transitioning to memory-safe languages: Challenges and considerations

code, cybersecurity, Don't miss, education, Features, Hot stuff, News, OpenSSF, opinion, programming, regulation, software development /

Transitioning to memory-safe languages: Challenges and considerations 2024-03-11 at 09:07 By Mirko Zorz In this Help Net Security interview, Omkhar Arasaratnam, General Manager at the Open Source Security Foundation (OpenSSF), discusses the evolution of memory-safe programming languages and their emergence in response to the limitations of languages like C and C++. Memory safety concerns, prevailing

Transitioning to memory-safe languages: Challenges and considerations Read More »

10 free cybersecurity guides you might have missed

CISA, CISO, critical infrastructure, cyber resilience, Department of Defense, Don't miss, Government, guide, Hot stuff, how-to, News, phishing, Ransomware, skill development, SMBs, strategy, tips, USA /

10 free cybersecurity guides you might have missed 2024-03-11 at 09:07 By Help Net Security This collection of free cybersecurity guides covers a broad range of topics, from resources for developing cybersecurity programs to specific guides for various sectors and organizations. Whether you work for a small business, a large corporation, or a specific industry,

10 free cybersecurity guides you might have missed Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software /

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

Advanced AI, analytics, and automation are vital to tackle tech stack complexity

Artificial Intelligence, automation, Cloud, data analytics, Dynatrace, News, report, strategy /

Advanced AI, analytics, and automation are vital to tackle tech stack complexity 2024-03-11 at 06:32 By Help Net Security 97% of technology leaders find traditional AIOps models are unable to tackle the data overload, according to Dynatrace. Organizations are drowning in data The research reveals that organizations are continuing to embrace multi-cloud environments and cloud-native

Advanced AI, analytics, and automation are vital to tackle tech stack complexity Read More »

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast

News, Week in review /

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast 2024-03-10 at 11:10 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: What organizations need to know about the Digital Operational Resilience Act (DORA) In this Help Net Security interview, Kris

Week in review: Attackers use phishing emails to steal NTLM hashes, Patch Tuesday forecast Read More »

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337)

access point, Cisco, Don't miss, enterprise, Hot stuff, News, security update, SMBs, VPN, vulnerability /

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) 2024-03-08 at 13:03 By Zeljka Zorz Cisco has fixed two high-severity vulnerabilities affecting its Cisco Secure Client enterprise VPN and endpoint security solution, one of which (CVE-2024-20337) could be exploited by unauthenticated, remote attackers to grab users’ valid SAML authentication token. “The attacker

Cisco patches Secure Client VPN flaw that could reveal authentication tokens (CVE-2024-20337) Read More »

March 2024 Patch Tuesday forecast: A popular framework updated

Adobe, apple, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Ivanti, Microsoft, News, patch, Patch Tuesday, security update /

March 2024 Patch Tuesday forecast: A popular framework updated 2024-03-08 at 08:47 By Help Net Security We’re almost at our third Patch Tuesday and wrapping up the first quarter 2024. Time flies by! Microsoft is starting to push users to update their operating systems as their active version is approaching end-of-support. The February 2024 Patch

March 2024 Patch Tuesday forecast: A popular framework updated Read More »

Immediate AI risks and tomorrow’s dangers

Artificial Intelligence, BSidesZG, ChatGPT, cyber risk, cyberattack, Don't miss, generative AI, GitGuardian, Hot stuff, LLMs, News, threat /

Immediate AI risks and tomorrow’s dangers 2024-03-08 at 08:37 By Helga Labus “At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impact of fishing, smishing and vishing attacks since

Immediate AI risks and tomorrow’s dangers Read More »

How new and old security threats keep persisting

cybersecurity, Cymulate, data, News, report, survey, threats, vulnerability management /

How new and old security threats keep persisting 2024-03-08 at 08:00 By Help Net Security Security leaders recognize that the pattern of buying new tech and the frantic state of find-fix vulnerability management is not working, according to Cymulate. Security leaders take proactive approach to cybersecurity Rather than waiting for the next big cyberattack and

How new and old security threats keep persisting Read More »

Leveraging AI and automation for enhanced cloud communication security

Artificial Intelligence, authentication, automation, Cloud, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, machine learning, News, opinion, threat detection, Vonage /

Leveraging AI and automation for enhanced cloud communication security 2024-03-08 at 07:32 By Mirko Zorz In this Help Net Security interview, Sanjay Macwan, CIO and CISO at Vonage, addresses emerging threats to cloud communications and the role of AI and automation in cybersecurity. What emerging threats to cloud communications are you most concerned about, and

Leveraging AI and automation for enhanced cloud communication security Read More »

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)

GitHub, MITRE, News, open source, software /

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »

New infosec products of the week: March 8, 2024

Check Point, Delinea, GitHub, News, Pentera, Sentra /

New infosec products of the week: March 8, 2024 2024-03-08 at 06:07 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra. Delinea Privilege Control for Servers enforces least privilege principles on critical systems In Privilege Control for Servers, session

New infosec products of the week: March 8, 2024 Read More »

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation

Don't miss, Hot stuff, News, sandbox, security update, VMWare, vulnerability /

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation 2024-03-07 at 15:07 By Helga Labus VMware has fixed four vulnerabilities (CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, CVE-2024-22255) in ESXi, Workstation, Fusion and Cloud Foundation, some of which could allow attackers to escape the sandbox and execute code on the host machine. About the vulnerabilities VMware ESXi

VMware patches critical flaws in ESXi, Workstation, Fusion and Cloud Foundation Read More »

Web-based PLC malware: A new potential threat to critical infrastructure

Don't miss, Hot stuff, ICS/SCADA, Malware, News, PLC, research, web application security /

Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets

Web-based PLC malware: A new potential threat to critical infrastructure Read More »

Scroll to Top