SiCat: Open-source exploit finder 2024-02-12 at 06:31 By Mirko Zorz SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits. Akas Wisnu Aji, […]
SiCat: Open-source exploit finder Read More »
Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast 2024-02-11 at 11:06 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How CISOs navigate policies and access across enterprises In this Help Net Security interview, Marco Eggerling, Global CISO at Check Point,
Week in review: 10 must-read cybersecurity books, AnyDesk hack, Patch Tuesday forecast Read More »
AI-generated voices in robocalls now illegal 2024-02-09 at 14:32 By Help Net Security The FCC has revealed the unanimous adoption of a Declaratory Ruling that recognizes calls made with AI-generated voices are “artificial” under the Telephone Consumer Protection Act (TCPA). The ruling, which takes effect immediately, makes voice cloning technology used in common robocall scams
AI-generated voices in robocalls now illegal Read More »
February 2024 Patch Tuesday forecast: Zero days are back and a new server too 2024-02-09 at 08:32 By Mirko Zorz January 2024 Patch Tuesday is behind us. A relatively light release from Microsoft with 39 CVEs addressed in Windows 10, 35 in Windows 11, and surprisingly no zero-day vulnerabilities from Microsoft to start the new
February 2024 Patch Tuesday forecast: Zero days are back and a new server too Read More »
Why we fall for fake news and how can we change that? 2024-02-09 at 08:32 By Helga Labus Have you ever been swept away by an enticing headline and didn’t bother to probe the news in-depth? You might have shared an eye-catching news story or engaged with a compelling post, only to realize later that
Why we fall for fake news and how can we change that? Read More »
New infosec products of the week: February 9, 2024 2024-02-09 at 08:01 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Cisco, Metomic, OPSWAT, Qualys, and Varonis. Varonis MDDR helps organizations prevent data breaches Varonis introduced Varonis Managed Data Detection and Response (MDDR), a managed
New infosec products of the week: February 9, 2024 Read More »
Key strategies for ISO 27001 compliance adoption 2024-02-09 at 07:32 By Mirko Zorz In this Help Net Security interview, Robin Long, founder of Kiowa Security, shares insights on how best to approach the implementation of the ISO/IEC 27001 information security standard. Long advises organizations to establish a detailed project roadmap and to book certification audits
Key strategies for ISO 27001 compliance adoption Read More »
Cybersecurity teams recognized as key enablers of business goals 2024-02-09 at 07:01 By Help Net Security 97% of office workers across the UK and US trust their cybersecurity team’s ability to prevent or minimize damage from cyberattacks, according to CybSafe. The study examining attitudes towards cybersecurity teams within organizations has uncovered that despite minor issues
Cybersecurity teams recognized as key enablers of business goals Read More »
How AI is revolutionizing identity fraud 2024-02-09 at 06:02 By Help Net Security Nearly half of businesses reported a growth in synthetic identity fraud, while biometric spoofs and counterfeit ID fraud attempts also increased, according to AuthenticID. Consumers and businesses alike are facing new challenges in today’s digital existence, from considering the ramifications of digital
How AI is revolutionizing identity fraud Read More »
LassPass is not LastPass: Fraudulent app on Apple App Store 2024-02-08 at 17:02 By Zeljka Zorz A fraudulent app named “LassPass Password Manager” that mimics the legitimate LastPass mobile app can currently be found on Apple’s App Store, the password manager maker is warning. The fraudulent app on Apple’s App Store “The app in question
LassPass is not LastPass: Fraudulent app on Apple App Store Read More »
Akira, LockBit actively searching for vulnerable Cisco ASA devices 2024-02-08 at 14:31 By Zeljka Zorz Akira and Lockbit ransomware groups are trying to breach Cisco ASA SSL VPN devices by exploiting several older vulnerabilities, security researcher Kevin Beaumont is warning. They are targeting vulnerabilities for which patches have been made available in 2020 and 2023.
Akira, LockBit actively searching for vulnerable Cisco ASA devices Read More »
10 tips for creating your security hackathon playbook 2024-02-08 at 08:01 By Help Net Security For more than 12 years, I’ve been organizing and running hackathons with the goal of finding security vulnerabilities and fixing them before a product hits the market. These events can play a pivotal role in the product development lifecycle, increasing
10 tips for creating your security hackathon playbook Read More »
Choosing the right partner when outsourcing cybersecurity 2024-02-08 at 07:31 By Mirko Zorz In this Help Net Security interview, Anya Shpilman, Senior Executive, Cyber Security Services at WDigital, discusses the benefits and potential risks of outsourcing cybersecurity services. She compares the cost-effectiveness of outsourcing to maintaining an in-house team, noting the challenges of recruitment, training,
Choosing the right partner when outsourcing cybersecurity Read More »
SOAPHound: Open-source tool to collect Active Directory data via ADWS 2024-02-08 at 07:02 By Mirko Zorz SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from
SOAPHound: Open-source tool to collect Active Directory data via ADWS Read More »
As-a-Service tools empower criminals with limited tech skills 2024-02-08 at 06:01 By Help Net Security As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service (MaaS) and Ransomware-as-a-Service (RaaS) tools making up the majority of malicious tools in use by attackers, according to Darktrace. Cybercriminals exploit as-a-Service tools As-a-Service tools can provide attackers with everything
As-a-Service tools empower criminals with limited tech skills Read More »
Chinese hackers breached Dutch Ministry of Defense 2024-02-07 at 16:46 By Helga Labus Chinese state-sponsored hackers have breached the Dutch Ministry of Defense (MOD) last year and deployed a new remote access trojan (RAT) malware to serve as a backdoor. “The effects of the intrusion were limited because the victim network was segmented from the
Chinese hackers breached Dutch Ministry of Defense Read More »
The fight against commercial spyware misuse is heating up 2024-02-07 at 14:46 By Zeljka Zorz Though there are organizations out there investigating how commercial spyware is misused to target journalists, human rights defenders and dissidents, the growing market related to the development and sale of this type of software and the exploits used to deploy
The fight against commercial spyware misuse is heating up Read More »
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) 2024-02-07 at 12:31 By Helga Labus JetBrains has patched a critical authentication bypass vulnerability (CVE-2024-23917) affecting TeamCity On-Premises continuous integration and deployment servers. About CVE-2024-23917 CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative
On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917) Read More »
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) 2024-02-07 at 12:16 By Zeljka Zorz CVE-2024-21893, a server-side request forgery (SSRF) vulnerability affecting Ivanti Connect Secure VPN gateways and Policy Secure (a network access control solution), is being exploited by attackers. About CVE-2024-21893 CVE-2024-21893 allows a attackers to bypass authentication requirements and access certain restricted
Ivanti Connect Secure flaw massively exploited by attackers (CVE-2024-21893) Read More »
Common cloud security mistakes and how to avoid them 2024-02-07 at 08:01 By Helga Labus According to recent surveys, 98% of organizations keep their financial, business, customer and/or employee information in the cloud but, at the same time, 95% of cloud security professionals are not sure their security protections and their team would manage to
Common cloud security mistakes and how to avoid them Read More »