News

CISOs’ role in identifying tech components and managing supply chains

Artificial Intelligence, CISO, cybersecurity, Don't miss, Eclypsium, Features, hardware, Hot stuff, News, opinion, regulation, software, strategy, supply chain /

CISOs’ role in identifying tech components and managing supply chains 2024-01-25 at 07:01 By Mirko Zorz In this Help Net Security interview, Nate Warfield, Director of Threat Research and Intelligence at Eclypsium, outlines the crucial tasks for CISOs in protecting supply chains and achieving comprehensive visibility. Warfield also discusses the vital collaboration between security and […]

CISOs’ role in identifying tech components and managing supply chains Read More »

45% of critical CVEs left unpatched in 2023

Armis, attacks, CVE, cybercrime, cybersecurity, News, report, survey /

45% of critical CVEs left unpatched in 2023 2024-01-25 at 06:01 By Help Net Security Global attack attempts more than doubled in 2023, increasing 104%, according to Armis. Blind spots and critical vulnerabilities are worsening, with 45% of critical CVEs remaining unpatched. Utilities (over 200% increase) and manufacturing (165% increase) were the most at risk

45% of critical CVEs left unpatched in 2023 Read More »

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204)

Don't miss, enterprise, file-sharing, Fortra, Horizon3.ai, Hot stuff, News, PoC, Shodan, SMBs, Tenable, vulnerability /

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) 2024-01-24 at 15:32 By Zeljka Zorz Proof-of-concept (PoC) exploit code for a critical vulnerability (CVE-2024-0204) in Fortra’s GoAnywhere MFT solution has been made public, sparking fears that attackers may soon take advantage of it. Fortra’s GoAnywhere MFT is a web-based managed file transfer solution

PoC exploit for easily exploitable Fortra GoAnywhere MFT vulnerability released (CVE-2024-0204) Read More »

The effect of omission bias on vulnerability management

cyber resilience, cybersecurity, data, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, patching, remediation, trackd, vulnerability management /

The effect of omission bias on vulnerability management 2024-01-24 at 08:31 By Help Net Security Whether we’d like to admit it to ourselves or not, all humans harbor subconscious biases that powerfully influence our behavior. One of these is the omission bias, which has interesting ramifications in the world of cyber security, specifically vulnerability management.

The effect of omission bias on vulnerability management Read More »

10 USA cybersecurity conferences you should visit in 2024

conferences, Don't miss, Hot stuff, News, USA /

10 USA cybersecurity conferences you should visit in 2024 2024-01-24 at 08:01 By Help Net Security Security BSides Security BSides offers attendees an opportunity to engage and present their ideas actively. Characterized by its intensity, these events are filled with discussions, demonstrations, and interactive participation. BSides are happening all over the USA. To find an

10 USA cybersecurity conferences you should visit in 2024 Read More »

Prioritizing CIS Controls for effective cybersecurity across organizations

Center for Internet Security, CISO, cybersecurity, Don't miss, Features, framework, GRC, Hot stuff, News, opinion, standards, strategy, tips, Virginia Tech /

Prioritizing CIS Controls for effective cybersecurity across organizations 2024-01-24 at 07:32 By Mirko Zorz In this Help Net Security interview, Randy Marchany, CISO at Virginia Tech, discusses the challenges and strategies associated with implementing CIS Controls in organizations of varying sizes. Marchany explores the importance of securing top-level management support, breaking down data silos, and

Prioritizing CIS Controls for effective cybersecurity across organizations Read More »

Organizations invest more in data protection but recover less

cyberattacks, cybersecurity, Data Protection, News, Ransomware, report, survey, Veeam Software /

Organizations invest more in data protection but recover less 2024-01-24 at 06:32 By Help Net Security 92% of organizations will increase 2024 data protection spend, to achieve cyber resilience amidst continued threats of ransomware and cyberattacks, according to Veeam Software. Respondents shared that cyberattacks remain the top cause of outages and that while organizations are

Organizations invest more in data protection but recover less Read More »

Software supply chain attacks are getting easier

cybercrime, cybersecurity, Don't miss, News, open source, report, ReversingLabs, software, supply chain attacks, survey /

Software supply chain attacks are getting easier 2024-01-24 at 06:03 By Help Net Security ReversingLabs identified close to 11,200 unique malicious packages across three major open-source software platforms in 2023: npm, PyPI, and RubyGems. These findings mark an astounding 1,300% increase in malicious packages from 2020 and an increase of 28% over 2022 when a

Software supply chain attacks are getting easier Read More »

Whitepaper: MFA misconceptions

Don't miss, Enzoic, News, Whitepapers and webinars /

Whitepaper: MFA misconceptions 2024-01-24 at 05:48 By Help Net Security While a valuable tool in the cybersecurity toolkit, MFA is not immune to weaknesses. Read the “MFA Misconceptions” whitepaper to understand its limitations and how integrating it with other robust security measures is crucial for building a resilient defense mechanism. Download – Whitepaper: MFA misconceptions

Whitepaper: MFA misconceptions Read More »

Fake Biden Robocall Demonstrates the Need for Artificial Intelligence Governance Regulation

News /

Fake Biden Robocall Demonstrates the Need for Artificial Intelligence Governance Regulation 2024-01-23 at 20:46 By The proliferation of artificial intelligence tools worldwide has generated concern among governments, organizations, and privacy advocates over the general lack of regulations or guidelines designed to protect against misusing or overusing this new technology. This article is an excerpt from

Fake Biden Robocall Demonstrates the Need for Artificial Intelligence Governance Regulation Read More »

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) 2024-01-23 at 13:46 By Helga Labus Apple has fixed an actively exploited zero-day vulnerability (CVE-2024-23222) that affects Macs, iPhones, iPads and AppleTVs. About CVE-2024-23222 CVE-2024-23222 is a type confusion issue that affects WebKit – Apple’s browser engine used in the Safari web browser and all iOS and iPadOS

Apple fixes actively exploited WebKit zero-day (CVE-2024-23222) Read More »

Data of 15 million Trello users scraped and offered for sale

data breach, Data leak, Don't miss, Hot stuff, News, Trello, web application /

Data of 15 million Trello users scraped and offered for sale 2024-01-23 at 13:16 By Zeljka Zorz Someone is selling scraped data of millions of users of Trello, a popular a web-based list-making application and project management platform, on a dark web hacker forum. The database dump “contains emails, usernames, full names and other account

Data of 15 million Trello users scraped and offered for sale Read More »

Why cyberattacks mustn’t be kept secret

cyberattacks, cybersecurity, Don't miss, Expert analysis, Expert corner, Government, HackerOne, Hot stuff, News, opinion, regulation /

Why cyberattacks mustn’t be kept secret 2024-01-23 at 08:01 By Help Net Security No company is immune to cyberattacks, but when the inevitable happens, too many companies still try to maintain a wall of silence. In fact, over half of security professionals admit their organizations maintain a culture of security through obscurity, with over one-third

Why cyberattacks mustn’t be kept secret Read More »

Beyond blockchain: Strategies for seamless digital asset integration

access management, blockchain, Cryptocurrency, cybersecurity, digital wallet, Don't miss, Features, financial industry, Hot stuff, identity management, Innovation, key management, News, opinion, regulation, Taurus, threats, tokenization /

Beyond blockchain: Strategies for seamless digital asset integration 2024-01-23 at 07:31 By Mirko Zorz In this Help Net Security interview, Jean-Philippe Aumasson, CSO at Taurus, emphasizes the often-overlooked complexities of key generation, storage, and distribution, underlining the necessity for a high level of security maturity in handling digital assets. Looking ahead, Aumasson predicts that the

Beyond blockchain: Strategies for seamless digital asset integration Read More »

2024 brings new risks, with cyber incidents in the spotlight

Allianz, cyber risk, cybersecurity, data breach, News, report, survey /

2024 brings new risks, with cyber incidents in the spotlight 2024-01-23 at 06:31 By Help Net Security Cyber incidents such as ransomware attacks, data breaches, and IT disruptions are the biggest worry for companies globally in 2024, according to Allianz. The closely interlinked peril of business interruption ranks second. Natural catastrophes (up from #6 to

2024 brings new risks, with cyber incidents in the spotlight Read More »

Organizations need to switch gears in their approach to email security

cybersecurity, Egress, Email, email security, News, phishing, report, survey /

Organizations need to switch gears in their approach to email security 2024-01-23 at 06:02 By Help Net Security Email security risks remain high with 94% of organizations experiencing incidents in the past 12 months, according to Egress. Inbound email incidents primarily took the form of malicious URLs, attacks sent from a compromised account, and malware

Organizations need to switch gears in their approach to email security Read More »

Cognyte adds GenAI capabilities into its LUMINAR offering

Cognyte, News /

Cognyte adds GenAI capabilities into its LUMINAR offering 2024-01-22 at 16:02 By Industry News Cognyte announced the release of a significant update to its LUMINAR external threat intelligence solution to incorporate GenAI capabilities, including a new AI-driven dashboard. LUMINAR is already integrated with Cognyte’s investigative analytics software and other leading solutions, and this release brings

Cognyte adds GenAI capabilities into its LUMINAR offering Read More »

Attackers can steal NTLM password hashes via calendar invites

authentication, Don't miss, enterprise, Hot stuff, News, Outlook, passwords, SMBs, Varonis, vulnerability, Windows /

Attackers can steal NTLM password hashes via calendar invites 2024-01-22 at 15:46 By Zeljka Zorz A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two headers to an email carrying a specially crafted file, security researcher Dolev Taler has

Attackers can steal NTLM password hashes via calendar invites Read More »

Tietoevry ransomware attack halts Swedish organizations

cyberattack, Don't miss, EU, Hot stuff, News, Ransomware /

Tietoevry ransomware attack halts Swedish organizations 2024-01-22 at 13:16 By Helga Labus Finnish IT software and service company Tietoevry has suffered a ransomware attack that affected several customers of one of its datacenters in Sweden. The attack The ransomware attack took place during the night of January 19-20. “The attack was limited to one part

Tietoevry ransomware attack halts Swedish organizations Read More »

Scroll to Top