News

What you need to know to select the right GRC framework, North American Edition

ISC2, News, Whitepapers and webinars /

What you need to know to select the right GRC framework, North American Edition 2024-10-11 at 05:46 By Help Net Security Governance, risk, and compliance (GRC) frameworks help professionals assess an organization’s risk posture, align technological initiatives with business goals, and ensure regulatory compliance. However, choosing the appropriate framework can be a complex and challenging […]

React to this headline:

Loading spinner

What you need to know to select the right GRC framework, North American Edition Read More »

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680)

CVE, Don't miss, ESET, Firefox, Hot stuff, News, security update, Tor, vulnerability /

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) 2024-10-10 at 15:31 By Zeljka Zorz Mozilla has pushed out an emergency update for its Firefox and Firefox ESR browsers to fix a vulnerability (CVE-2024-9680) that is being exploited in the wild. About CVE-2024-9680 Reported by ESET malware researcher Damien Schaeffer, CVE-2024-9680 is a use-after-free vulnerability in

React to this headline:

Loading spinner

Actively exploited Firefox zero-day fixed, update ASAP! (CVE-2024-9680) Read More »

Internet Archive data breach, defacement, and DDoS: Users’ data compromised

data breach, Data leak, DDoS, Don't miss, HIBP, Hot stuff, Internet Archive, News /

Internet Archive data breach, defacement, and DDoS: Users’ data compromised 2024-10-10 at 12:46 By Zeljka Zorz The Internet Archive has suffered a data breach, leading to the compromise of email addresses, screen names and bcrypt password hashes of some 31 million users. The compromise was revealed on Wednesday afternoon, when the digital library’s website began

React to this headline:

Loading spinner

Internet Archive data breach, defacement, and DDoS: Users’ data compromised Read More »

Widening talent pool in cyber with on-demand contractors

CAPSLOCK, certification, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, professional, skill development /

Widening talent pool in cyber with on-demand contractors 2024-10-10 at 08:01 By Help Net Security Filling roles within the cyber sector is an ongoing battle. The shortfall of workers risks creating a vicious cycle within existing cyber teams: With fewer team members to spread the workload on, you risk burning out security professionals. Many make

React to this headline:

Loading spinner

Widening talent pool in cyber with on-demand contractors Read More »

Investing in Privacy by Design for long-term compliance

awareness, cybersecurity, Don't miss, Features, framework, Hot stuff, Microblink, News, opinion, Privacy, regulation /

Investing in Privacy by Design for long-term compliance 2024-10-10 at 07:31 By Mirko Zorz In this Help Net Security interview, Bojan Belušić, Head of Information Security & IT Operations at Microblink, discusses the relationship between Privacy by Design and regulatory frameworks like GDPR. Integrating privacy principles from the outset of product and process development ensures

React to this headline:

Loading spinner

Investing in Privacy by Design for long-term compliance Read More »

Balancing legal frameworks and enterprise security governance

boardroom, Coalfire, Compliance, cybersecurity, Don't miss, Features, framework, Hot stuff, Incident Response, News, opinion, regulation /

Balancing legal frameworks and enterprise security governance 2024-10-10 at 07:01 By Mirko Zorz In this Help Net Security interview, Tom McAndrew, CEO at Coalfire, discusses the balance organizations must strike between legal compliance and effective enterprise security governance in the context of evolving regulatory frameworks. McAndrew also addresses the need for clear governance structures and

React to this headline:

Loading spinner

Balancing legal frameworks and enterprise security governance Read More »

Consumers have trust issues regarding how AI collects their data

Artificial Intelligence, Cohesity, cybersecurity, data, Data Protection, News, report, survey /

Consumers have trust issues regarding how AI collects their data 2024-10-10 at 06:31 By Help Net Security Consumers worldwide are highly concerned about the information companies collect from them – especially when it’s used for AI, according to Cohesity. The majority of respondents (73% in the UK, 81% in the US and 82% in Australia)

React to this headline:

Loading spinner

Consumers have trust issues regarding how AI collects their data Read More »

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)

authentication, Don't miss, exploit, GitLab, Hot stuff, News, PoC, ProjectDiscovery, security update, Synactiv, vulnerability /

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) 2024-10-09 at 15:49 By Zeljka Zorz If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security researchers have published an analysis of CVE-2024-45409 and an exploit script that may help attackers gain

React to this headline:

Loading spinner

Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) Read More »

Guide for selecting the right GRC framework, EU edition

Don't miss, ISC2, News, Whitepapers and webinars /

Guide for selecting the right GRC framework, EU edition 2024-10-09 at 10:46 By Help Net Security Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and strategic objectives with technology, and meet compliance responsibilities. However, selecting the right framework can be challenging. Inside this

React to this headline:

Loading spinner

Guide for selecting the right GRC framework, EU edition Read More »

YARA: Open-source tool for malware research

cybersecurity, Don't miss, GitHub, Hot stuff, malware analysis, News, open source, software /

YARA: Open-source tool for malware research 2024-10-09 at 08:01 By Help Net Security YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables users to create detailed descriptions, or “rules,” for malware families or any other target based on textual

React to this headline:

Loading spinner

YARA: Open-source tool for malware research Read More »

Cultivating a security-first mindset: Key leadership actions

cybersecurity, Don't miss, Features, Hot stuff, human error, News, opinion, Optiv Security, security awareness, strategy /

Cultivating a security-first mindset: Key leadership actions 2024-10-09 at 07:31 By Mirko Zorz In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations. Wienhold also discusses strategies for maintaining ongoing cybersecurity awareness and making security protocols accessible to non-technical staff.

React to this headline:

Loading spinner

Cultivating a security-first mindset: Key leadership actions Read More »

GoldenJackal APT group breaches air-gapped systems in Europe

APT, cyber espionage, cybercrime, cybersecurity, ESET, EU, News /

GoldenJackal APT group breaches air-gapped systems in Europe 2024-10-09 at 07:01 By Help Net Security ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped systems, in a governmental organization of a European Union country. Cyberespionage

React to this headline:

Loading spinner

GoldenJackal APT group breaches air-gapped systems in Europe Read More »

30% of customer-facing APIs are completely unprotected

API security, cybersecurity, F5 Networks, News, report, survey /

30% of customer-facing APIs are completely unprotected 2024-10-09 at 06:34 By Help Net Security 70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web pages that are now accessed via HTTPS, following the push for secure

React to this headline:

Loading spinner

30% of customer-facing APIs are completely unprotected Read More »

Cybersecurity jobs available right now: October 9, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: October 9, 2024 2024-10-09 at 06:02 By Anamarija Pogorelec Cloud Cybersecurity Analyst III Texas Health and Human Services | USA | Hybrid – View job details As a Cloud CSAIII, you will be responsible for designing, implementing, and managing security solutions for cloud environments. You will ensure that cloud infrastructures

React to this headline:

Loading spinner

Cybersecurity jobs available right now: October 9, 2024 Read More »

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)

0-day, CVE, Don't miss, Hot stuff, Microsoft, NetSPI, News, Patch Tuesday, security update, Tenable, Trend Micro, vulnerability, Windows /

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) 2024-10-08 at 22:49 By Zeljka Zorz For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug affecting the Windows MSHTML Platform, and CVE-2024-43572, a remote code execution flaw in the Microsoft Management Console

React to this headline:

Loading spinner

Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) Read More »

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)

Don't miss, News /

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) 2024-10-08 at 21:17 By Zeljka Zorz Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company accidentally fixed in September. The fixed zero-days “We are aware of a

React to this headline:

Loading spinner

Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381) Read More »

OpenBSD 7.6 released: security improvements, new hardware support, and more!

News, operating system, software, Unix /

OpenBSD 7.6 released: security improvements, new hardware support, and more! 2024-10-08 at 21:01 By Help Net Security OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system. The 57th release, OpenBSD 7.6, comes with new features, various improvements, bug fixes, and tweaks. Security improvements Added -fret-clean option to the compiler, defaulting to off. This new option

React to this headline:

Loading spinner

OpenBSD 7.6 released: security improvements, new hardware support, and more! Read More »

Qualcomm zero-day under targeted exploitation (CVE-2024-43047)

chip, CVE, Don't miss, Google, Hot stuff, News, Qualcomm, vulnerability /

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) 2024-10-08 at 15:31 By Zeljka Zorz An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About CVE-2024-43047 On Monday, Qualcomm has confirmed patches for 20 vulnerabilities affecting both proprietary and open source software running on its various chipsets. Among

React to this headline:

Loading spinner

Qualcomm zero-day under targeted exploitation (CVE-2024-43047) Read More »

American Water shuts down systems after cyberattack

critical infrastructure, cyberattack, disruption, Don't miss, Hot stuff, News, SonicWall, USA /

American Water shuts down systems after cyberattack 2024-10-08 at 13:16 By Zeljka Zorz American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affected by the

React to this headline:

Loading spinner

American Water shuts down systems after cyberattack Read More »

The role of self-sovereign identity in enterprises

1Kosmos, authentication, credentials, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, identity, identity management, News, opinion, regulation /

The role of self-sovereign identity in enterprises 2024-10-08 at 07:31 By Help Net Security As personal data becomes increasingly commodified and centralized, the need for individuals to reclaim control over their identities has never been more urgent. Meanwhile, traditional identity systems used by enterprises often expose sensitive information to unnecessary risk, leaving both users and

React to this headline:

Loading spinner

The role of self-sovereign identity in enterprises Read More »

Scroll to Top