News

New method to safeguard against mobile account takeovers

apple, attacks, cybersecurity, Don't miss, Hot stuff, iPhone, mobile apps, mobile devices, mobile security, News, Samsung, Xiaomi /

New method to safeguard against mobile account takeovers 2024-01-22 at 13:01 By Help Net Security Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Most mobiles are now home to a complex ecosystem of interconnected […]

New method to safeguard against mobile account takeovers Read More »

Without clear guidance, SEC’s new rule on incident reporting may be detrimental

Axonius, Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, regulation, Risk Management, strategy /

Without clear guidance, SEC’s new rule on incident reporting may be detrimental 2024-01-22 at 08:01 By Help Net Security The SEC has instituted a set of guidelines “requiring registrants to disclose material cybersecurity incidents they experience and to disclose on an annual basis material information regarding their cybersecurity risk management, strategy, and governance.” These new

Without clear guidance, SEC’s new rule on incident reporting may be detrimental Read More »

The reality of hacking threats in connected car systems

automotive security, car hacking, Compliance, connected cars, cyber risk, cybersecurity, data theft, Don't miss, Features, Hot stuff, IOActive, News, opinion, regulation, standards, supply chain /

The reality of hacking threats in connected car systems 2024-01-22 at 07:31 By Mirko Zorz With the integration of sophisticated technologies like over-the-air updates and increased data connectivity, cars are no longer just modes of transportation but also hubs of personal and operational data. This shift brings forth unique cybersecurity challenges, ranging from hacking and

The reality of hacking threats in connected car systems Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software /

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

CloudFoxable: Open-source AWS penetration testing playground Read More »

Global cyber inequity skyrockets

Artificial Intelligence, cyber resilience, cybersecurity, generative AI, News, report, Risk Management, third party compromise, threats, World Economic Forum /

Global cyber inequity skyrockets 2024-01-22 at 06:31 By Help Net Security There has been a sharp increase in cyber inequity globally, with 90% of executives warning that urgent action is needed to address it, according to the World Economic Forum. While increased geopolitical tensions and economic instability continue to concern industry experts, the report spotlights

Global cyber inequity skyrockets Read More »

Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed

News, Week in review /

Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed 2024-01-21 at 11:03 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key elements for a successful cyber risk management strategy In this Help Net Security interview, Yoav Nathaniel, CEO at

Week in review: 10 cybersecurity frameworks you need to know, exploited Chrome zero-day fixed Read More »

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082)

CISA, Don't miss, endpoint management, exploit, GreyNoise, Ivanti, News, Rapid7, vulnerability /

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) 2024-01-19 at 19:49 By Zeljka Zorz A previously patched critical vulnerability (CVE-2023-35082) affecting Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core is being actively exploited, the Cybersecurity and Infrastructure Security Agency (CISA) has confirmed by adding the vulnerability to its Known Exploited Vulnerabilities

Ivanti EPMM and MobileIron Core vulnerability is actively exploited, CISA confirms (CVE-2023-35082) Read More »

Out with the old and in with the improved: MFA needs a revamp

Acronis, authentication, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, human error, MFA, News, opinion, phishing, zero trust /

Out with the old and in with the improved: MFA needs a revamp 2024-01-19 at 08:02 By Help Net Security From AI to ZTA (zero-trust architecture), the technology responsible for protecting your company’s data has evolved immensely. Despite the advances, cybercriminals repeatedly find new and creative ways to gain access to sensitive information. This can

Out with the old and in with the improved: MFA needs a revamp Read More »

New infosec products of the week: January 19, 2024

Living Security, News, Skopenow, Skyhigh Security, Wing Security /

New infosec products of the week: January 19, 2024 2024-01-19 at 07:31 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Living Security, Skopenow, Skyhigh Security, and Wing Security. Skyhigh Security’s AI-driven DLP Assistant prevents critical data loss Skyhigh Security’s AI-driven DLP Assistant, which supports

New infosec products of the week: January 19, 2024 Read More »

Digital nomads amplify identity fraud risks

authentication, cybersecurity, fraud, identity verification, News, Regula, report, survey /

Digital nomads amplify identity fraud risks 2024-01-19 at 06:31 By Help Net Security The number of foreign document verification cases in all parts of the world has grown by an average of 21% since the summer of 2021, according to Regula. It’s even higher in the US and UAE: these countries are experiencing a 25%

Digital nomads amplify identity fraud risks Read More »

Unlocking GenAI’s full potential through work reinvention

Accenture, Artificial Intelligence, digital transformation, generative AI, News, report, skill development, survey /

Unlocking GenAI’s full potential through work reinvention 2024-01-19 at 06:03 By Help Net Security To achieve the full potential of AI, organizations must reinvent work, reshape the workforce and prepare workers, according to Accenture. A new report from Accenture reveals an urgent need for business leaders to look beyond how generative AI affects specific tasks

Unlocking GenAI’s full potential through work reinvention Read More »

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot

Border0, database security, Don't miss, extortion, Hot stuff, Intruder, MariaDB, MongoDB, MySQL, News, PostgreSQL /

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot 2024-01-18 at 17:03 By Zeljka Zorz Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. The attackers asks for a small sum to return / not publish the data, but

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot Read More »

Trustwave Government Solutions Achieves “FedRAMP In Process – PMO Review” Designation

News /

Trustwave Government Solutions Achieves “FedRAMP In Process – PMO Review” Designation 2024-01-18 at 16:02 By Trustwave Government Solutions (TGS) is proud to announce its designation as “In Process Program Management Office (PMO) Review” by the Federal Risk and Authorization Management Program (FedRAMP) for its Government Fusion platform. TGS expects to receive full authorization in early

Trustwave Government Solutions Achieves “FedRAMP In Process – PMO Review” Designation Read More »

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063)

Cloud, CSIRO, Don't miss, News, security update, VMWare, vulnerability /

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) 2024-01-18 at 12:16 By Zeljka Zorz A critical vulnerability (CVE-2023-34063) affecting VMware Aria Automation and VMware Cloud Foundation can be exploited by attackers to gain access to remote organizations and workflows, VMware has warned. The company is not aware of any “in the wild” exploitation of this

VMware: Plug critical Aria Automation hole immediately! (CVE-2023-34063) Read More »

Attribute-based encryption could spell the end of data compromise

cybersecurity, data, Don't miss, Encryption, Expert analysis, Expert corner, hacking contest, Hot stuff, News, NTT Research, opinion, Privacy, surveillance /

Attribute-based encryption could spell the end of data compromise 2024-01-18 at 08:02 By Help Net Security The future of data privacy is the end of compromise. With the world producing data at astounding rates, we need ways to put data to the best use while protecting against breaches and ensuring privacy, data protection and access

Attribute-based encryption could spell the end of data compromise Read More »

Skytrack: Open-source aircraft reconnaissance tool

Don't miss, GitHub, News, open source, OSINT, software /

Skytrack: Open-source aircraft reconnaissance tool 2024-01-18 at 07:31 By Mirko Zorz Skytrack is an open-source command-line tool for plane spotting and aircraft OSINT reconnaissance. The tool utilizes multiple data sources to collect information on aircraft, can produce a PDF report for a specific aircraft, and offers conversion between ICAO and Tail Number designations. Suitable for

Skytrack: Open-source aircraft reconnaissance tool Read More »

Ransomware negotiation: When cybersecurity meets crisis management

attacks, cyber insurance, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, Ransomware, regulation, strategy, Tanium /

Ransomware negotiation: When cybersecurity meets crisis management 2024-01-18 at 07:01 By Mirko Zorz In this Help Net Security interview, Tim Morris, Chief Security Advisor at Tanium, discusses ransomware negotiation, how it typically unfolds, and how organizations should have a playbook that clearly outlines what to do, when to do it, who is notified, who will

Ransomware negotiation: When cybersecurity meets crisis management Read More »

The power of AI in cybersecurity

Artificial Intelligence, cyber risk, cybersecurity, Don't miss, generative AI, Hot stuff, machine learning, News, threat detection /

The power of AI in cybersecurity 2024-01-18 at 06:31 By Helga Labus The widespread adoption of artificial intelligence (AI), particularly generative AI (GenAI), has revolutionized organizational landscapes and transformed both the cyber threat landscape and cybersecurity. AI as a powerful cybersecurity tool As organizations handle increasing amounts of data daily, AI offers advanced capabilities that

The power of AI in cybersecurity Read More »

Adversaries exploit trends, target popular GenAI apps

Artificial Intelligence, ChatGPT, cybercrime, cybersecurity, generative AI, Netskope, News, report, survey, threat /

Adversaries exploit trends, target popular GenAI apps 2024-01-18 at 06:01 By Help Net Security More than 10% of enterprise employees access at least one generative AI application every month, compared to just 2% a year ago, according to Netskope. In 2023, ChatGPT was the most popular generative AI application, accounting for 7% of enterprise usage.

Adversaries exploit trends, target popular GenAI apps Read More »

Kaspersky releases utility to detect iOS spyware infections

apple, Don't miss, Hot stuff, how-to, iOS, iPhone, Kaspersky, mobile devices, News, smartphones, spyware, threat detection, tips /

Kaspersky releases utility to detect iOS spyware infections 2024-01-17 at 13:46 By Help Net Security Kaspersky’s researchers have developed a lightweight method to detect indicators of infection from sophisticated iOS spyware such as NSO Group’s Pegasus, QuaDream’s Reign, and Intellexa’s Predator through analyzing a log file created on iOS devices. Analyzing the Shutdown.log The company’s

Kaspersky releases utility to detect iOS spyware infections Read More »

Scroll to Top