News

Faction: Open-source pentesting report generation and collaboration framework

Don't miss, GitHub, News, open source, penetration testing, report, software /

Faction: Open-source pentesting report generation and collaboration framework 2024-01-30 at 07:31 By Mirko Zorz Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the process of writing reports, preferring to focus on uncovering bugs. A key frustration for him was the redundant […]

Faction: Open-source pentesting report generation and collaboration framework Read More »

Unlocking sustainable security practices with secure coding education

Application Security, code, cybersecurity, education, News, patching, report, Security Journey, survey, training /

Unlocking sustainable security practices with secure coding education 2024-01-30 at 06:31 By Help Net Security Despite stringent regulations and calls for ‘security by design’, organizations are still failing to equip teams with the knowledge to secure code, according to Security Journey. In fact, only 20% of respondents were confident in their ability to detect a

Unlocking sustainable security practices with secure coding education Read More »

Balancing AI benefits with security and privacy risks in healthcare

Artificial Intelligence, Compliance, cybersecurity, generative AI, healthcare, Kodiak, News, report, risk assessment, survey /

Balancing AI benefits with security and privacy risks in healthcare 2024-01-30 at 06:01 By Help Net Security To manage an environment of increasing risks and limited resources, healthcare internal audit and compliance departments must align their risk assessments and audit work plans to areas most vital to achieving the strategic goals and business objectives of

Balancing AI benefits with security and privacy risks in healthcare Read More »

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Don't miss, exploit, Hot stuff, Jenkins, News, open source, PoC, security update, SonarSource, vulnerability /

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) 2024-01-29 at 13:31 By Helga Labus Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins has been made public and there’s evidence of exploitation in the wild. About CVE-2024-23897 Jenkins is a widely used Java-based open-source automation server that helps

Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897) Read More »

Third-party risk management best practices and why they matter

cyber resilience, cyber risk, Don't miss, Hot stuff, News, Risk Management, third party compromise, tips /

Third-party risk management best practices and why they matter 2024-01-29 at 08:01 By Helga Labus With organizations increasingly relying on third-party vendors, upping the third-party risk management (TPRM) game has become imperative to prevent the fallout of third-party compromises. Third-party risks SecurityScorecard recently found that 98% of organizations are connected with at least one third-party

Third-party risk management best practices and why they matter Read More »

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity

access control, CISO, cybercrime, cybersecurity, Don't miss, Features, Hot stuff, Hudson Rock, News, opinion, risk assessment, strategy, Threat Intelligence, tips /

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity 2024-01-29 at 07:32 By Mirko Zorz In this Help Net Security interview, Alon Gal, CTO at Hudson Rock, discusses integrating cybercrime intelligence into existing security infrastructures. Our discussion will cover a range of essential aspects, from the importance of continuous adaptation in cybersecurity strategies to practical advice

Prioritizing cybercrime intelligence for effective decision-making in cybersecurity Read More »

Global critical infrastructure faces relentless cyber activity

critical infrastructure, cybercrime, cybersecurity, Forescout, News, report, survey /

Global critical infrastructure faces relentless cyber activity 2024-01-29 at 07:01 By Help Net Security In the last year, the world’s critical infrastructure – the medical, power, communications, waste, manufacturing, and transportation equipment that connects people and machines – has been under near-constant attack, according to Forescout. Despite the formidable challenges posed by the ongoing surge

Global critical infrastructure faces relentless cyber activity Read More »

Cybercriminals embrace smarter strategies, less effort

cybercriminals, cybersecurity, data breach, Experian, hacker, News, report, supply chain attacks, third party compromise, threats /

Cybercriminals embrace smarter strategies, less effort 2024-01-29 at 06:33 By Help Net Security 2024 is shaping up to be a record-breaking year for data breaches, according to Experian. Despite 2023 being labeled as a ‘successful’ year for malicious actors, the upcoming months may bring forth developments that could further disrupt the cybersecurity landscape. Supply chain

Cybercriminals embrace smarter strategies, less effort Read More »

Week in review: 15 million Trello users’ scraped data on sale, attackers can steal NTLM hashes

News, Week in review /

Week in review: 15 million Trello users’ scraped data on sale, attackers can steal NTLM hashes 2024-01-28 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The reality of hacking threats in connected car systems In this Help Net Security interview, Ivan Reedman,

Week in review: 15 million Trello users’ scraped data on sale, attackers can steal NTLM hashes Read More »

What makes ransomware victims less likely to pay up?

backup, cyber insurance, data theft, Don't miss, Hot stuff, Incident Response, News, Ransomware, research /

What makes ransomware victims less likely to pay up? 2024-01-26 at 08:34 By Zeljka Zorz There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom

What makes ransomware victims less likely to pay up? Read More »

Longer passwords aren’t safe from intensive cracking efforts

cybercrime, cybersecurity, data breach, News, passwords, report, Specops Software, survey /

Longer passwords aren’t safe from intensive cracking efforts 2024-01-26 at 08:02 By Help Net Security 88% of organizations still use passwords as their primary method of authentication, according to Specops Software. The report found that 31.1 million breached passwords had over 16 characters, showing longer passwords aren’t safe from being cracked. 40,000 admin portal accounts

Longer passwords aren’t safe from intensive cracking efforts Read More »

New infosec products of the week: January 26, 2024

1Kosmos, Atakama, News, Onfido, Regula, Searchlight Cyber, Seceon, Veriti /

New infosec products of the week: January 26, 2024 2024-01-26 at 07:32 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from 1Kosmos, Atakama, Onfido, Regula, Searchlight Cyber, Seceon, and Veriti. Onfido Compliance Suite simplifies local and global identity verification Onfido’s Compliance Suite introduces Qualified Electronic

New infosec products of the week: January 26, 2024 Read More »

Emerging trends and strategies in digital forensics

Artificial Intelligence, Compliance, cybersecurity, data analysis, digital forensics, Don't miss, Features, Hot stuff, News, opinion, Paraben, Privacy /

Emerging trends and strategies in digital forensics 2024-01-26 at 07:01 By Mirko Zorz In this Help Net Security interview, Amber Schroader, CEO at Paraben Corporation, discusses the challenges posed by the complexity of modern computer systems and networks on digital evidence collection. Schroader talks about the impact of exponential data growth on forensic practices, the

Emerging trends and strategies in digital forensics Read More »

Essential questions for developing effective human rights policies

Gartner, News, Privacy, regulation, report, survey /

Essential questions for developing effective human rights policies 2024-01-26 at 06:31 By Help Net Security Growing environmental, social, and governance (ESG) expectations and expanding global regulation are propelling organizations to consider implementing a stand-alone human rights policy, according to Gartner. Public focus on human rights Shareholder proposals and media reports continue to put human rights

Essential questions for developing effective human rights policies Read More »

Budget cuts loom for data privacy initiatives

data, Data Protection, ISACA, News, Privacy, regulation, report, survey /

Budget cuts loom for data privacy initiatives 2024-01-26 at 06:01 By Help Net Security The past year saw developments and updates to privacy regulations across the globe—from India’s Personal Data Protection Bill to Brazil’s General Data Protection Law, according to ISACA. However, only 34% of organizations say they find it easy to understand their privacy

Budget cuts loom for data privacy initiatives Read More »

Russian hackers breached Microsoft, HPE corporate maliboxes

APT, cyber espionage, data breach, Don't miss, Hot stuff, HPE, Microsoft, News /

Russian hackers breached Microsoft, HPE corporate maliboxes 2024-01-25 at 15:31 By Helga Labus Cozy Bear (aka Midnight Blizzard, aka APT29) has been busy hacking and spying on big tech companies: both Microsoft and Hewlett Packard Enterprise (HPE) have recently disclosed successful attack campaigns by the Russia-affiliated APT group. The Microsoft breach Last Friday, Microsoft revealed

Russian hackers breached Microsoft, HPE corporate maliboxes Read More »

Blackwood APT delivers malware by hijacking legitimate software update requests

backdoor, China, cyber espionage, Don't miss, ESET, hijacking, Japan, Malware, MITM, News, UK /

Blackwood APT delivers malware by hijacking legitimate software update requests 2024-01-25 at 13:32 By Help Net Security ESET researchers have discovered NSPX30, a sophisticated implant used by a new China-aligned APT group, which they dubbed Blackwood. Blackwood has carried out cyberespionage operations against individuals and companies from China, Japan, and the United Kingdom. It leverages

Blackwood APT delivers malware by hijacking legitimate software update requests Read More »

AI expected to increase volume, impact of cyberattacks

Artificial Intelligence, cyberattacks, Don't miss, GCHQ, Hot stuff, Malware, NCSC, News, Ransomware, social engineering /

AI expected to increase volume, impact of cyberattacks 2024-01-25 at 12:16 By Helga Labus All types of cyber threat actor are already using artificial intelligence (AI) to varying degrees, UK National Cyber Security Centre’s analysts say, and predict that AI “will almost certainly increase the volume and heighten the impact of cyberattacks over the next

AI expected to increase volume, impact of cyberattacks Read More »

Fighting insider threats is tricky but essential work

cyber risk, Don't miss, enterprise, Hot stuff, human error, Insider Threat, News /

Fighting insider threats is tricky but essential work 2024-01-25 at 08:01 By Helga Labus Business executives are worried about accidental internal staff error (71%) almost as much as they are worried about external threats (75%). But which of the two is a bigger threat to a company? External vs insider threats External threats can cause

Fighting insider threats is tricky but essential work Read More »

Automated Emulation: Open-source breach and attack simulation lab

cybersecurity, Don't miss, GitHub, News, open source, software, Terraform /

Automated Emulation: Open-source breach and attack simulation lab 2024-01-25 at 07:31 By Mirko Zorz Automated Emulation is an open-source Terraform template designed to create a customizable, automated breach and attack simulation lab. The solution automatically constructs the following resources hosted on AWS: One Linux server deploying Caldera, Prelude Operator Headless, and VECTR One Windows Client

Automated Emulation: Open-source breach and attack simulation lab Read More »

Scroll to Top