News

MSSqlPwner: Open-source tool for pentesting MSSQL servers

database security, Don't miss, GitHub, News, open source, penetration testing, software /

MSSqlPwner: Open-source tool for pentesting MSSQL servers 2025-01-17 at 07:48 By Help Net Security MSSqlPwner is an open-source pentesting tool tailored to interact with and exploit MSSQL servers. Built on Impacket, it enables users to authenticate with databases using various credentials, including clear-text passwords, NTLM hashes, and Kerberos tickets. The tool offers multiple methods for […]

React to this headline:

Loading spinner

MSSqlPwner: Open-source tool for pentesting MSSQL servers Read More »

Homeowners are clueless about how smart devices collect their data

Copeland, data security, Internet of Things, News, Privacy, report, smart home, survey /

Homeowners are clueless about how smart devices collect their data 2025-01-17 at 07:00 By Help Net Security Homeowners are increasingly concerned about data privacy in smart home products, according to Copeland. Homeowners see smart devices as boosting home security Homeowners are still generally comfortable in using new technology, but this year smart thermostat non-owners are

React to this headline:

Loading spinner

Homeowners are clueless about how smart devices collect their data Read More »

EU takes decisive action on healthcare cybersecurity

cyber resilience, cybersecurity, Data Protection, EU, European Commission, framework, Government, healthcare, News /

EU takes decisive action on healthcare cybersecurity 2025-01-17 at 06:39 By Help Net Security The Commission has presented an EU action plan aimed at strengthening the cybersecurity of hospitals and healthcare providers. The initiative is an essential step in shielding the healthcare sector from cyber threats. Digitalization is revolutionizing healthcare, enabling better patient services through

React to this headline:

Loading spinner

EU takes decisive action on healthcare cybersecurity Read More »

New infosec products of the week: January 17, 2025

Atsign, Cisco, Commvault, IT-Harvest, News /

New infosec products of the week: January 17, 2025 2025-01-17 at 06:04 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Cisco, Commvault, and IT-Harvest. Cisco AI Defense safeguards against the misuse of AI tools Cisco AI Defense is purpose-built for enterprises to develop,

React to this headline:

Loading spinner

New infosec products of the week: January 17, 2025 Read More »

Critical SimpleHelp vulnerabilities fixed, update your server instances!

Don't miss, enterprise, Horizon3.ai, Hot stuff, News, remote access, SimpleHelp, SMBs, software, tech support, vulnerability /

Critical SimpleHelp vulnerabilities fixed, update your server instances! 2025-01-16 at 17:04 By Zeljka Zorz If you’re an organization using SimpleHelp for your remote IT support/access needs, you should update or patch your server installation without delay, to fix security vulnerabilities that may be exploited by remote attackers to execute code on the underlying host. About

React to this headline:

Loading spinner

Critical SimpleHelp vulnerabilities fixed, update your server instances! Read More »

Upcoming Trustwave SpiderLabs Report Investigates Threats Against the Energy and Utilities Sector

News, Reports, Threat Intelligence /

Upcoming Trustwave SpiderLabs Report Investigates Threats Against the Energy and Utilities Sector 2025-01-16 at 16:03 By Trustwave SpiderLabs is continuing its multi-year research effort delving into the unique cybersecurity challenges that face different vertical sectors with a new report launching on January 22. This article is an excerpt from Trustwave Blog View Original Source React

React to this headline:

Loading spinner

Upcoming Trustwave SpiderLabs Report Investigates Threats Against the Energy and Utilities Sector Read More »

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them?

CloudSEK, cybercriminals, Data leak, Don't miss, enterprise, firewall, Fortinet, Germany, healthcare, Hot stuff, News, USA /

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? 2025-01-16 at 13:03 By Zeljka Zorz A threat actor has leaked configuration files (aka configs) for over 15,000 Fortinet Fortigate firewalls and associated admin and user credentials. The collection has been leaked on Monday and publicized on an underground forum by the threat actor

React to this headline:

Loading spinner

Configuration files for 15,000 Fortinet firewalls leaked. Are yours among them? Read More »

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)

CVE, Don't miss, ESET, Microsoft, News, research, vulnerability /

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) 2025-01-16 at 12:03 By Help Net Security ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a UEFI application signed with Microsoft’s “Microsoft Corporation UEFI CA 2011” third-party certificate. Exploiting this vulnerability

React to this headline:

Loading spinner

New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344) Read More »

Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence

Don't miss, News, Stellar Cyber, Whitepapers and webinars /

Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence 2025-01-16 at 10:18 By Help Net Security Join cybersecurity leader Erwin Eimers from Sumitomo Chemicals Americas to explore how AI-driven Network Detection and Response (NDR) enhances SIEM capabilities, bridging critical visibility gaps in converged IT/OT environments. Learn how NDR provides enriched telemetry, real-time insights, and faster

React to this headline:

Loading spinner

Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence Read More »

How CISOs can elevate cybersecurity in boardroom discussions

boardroom, CISO, Compliance, cybersecurity, Don't miss, Features, Hot stuff, investment, News, opinion, strategy, Team8, tips /

How CISOs can elevate cybersecurity in boardroom discussions 2025-01-16 at 07:01 By Mirko Zorz Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity professionals can tailor their presentations to the board, aligning security strategies

React to this headline:

Loading spinner

How CISOs can elevate cybersecurity in boardroom discussions Read More »

A humble proposal: The InfoSec CIA triad should be expanded

Compliance, cybersecurity, Don't miss, Expert analysis, Expert corner, Foresight Cyber, framework, Government, Hot stuff, News, opinion, standards /

A humble proposal: The InfoSec CIA triad should be expanded 2025-01-16 at 06:35 By Help Net Security The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may elevate the costs of incidents. In this article, I will analyze the CIA triad, point

React to this headline:

Loading spinner

A humble proposal: The InfoSec CIA triad should be expanded Read More »

Critical vulnerabilities remain unresolved due to prioritization gaps

cybersecurity, News, report, survey, Swimlane, vulnerability management /

Critical vulnerabilities remain unresolved due to prioritization gaps 2025-01-16 at 06:19 By Help Net Security Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures and costly penalties, according to Swimlane. The relentless surge of vulnerabilities is pushing security teams to their limits, forcing

React to this headline:

Loading spinner

Critical vulnerabilities remain unresolved due to prioritization gaps Read More »

Rsync vulnerabilities allow remote code execution on servers, patch quickly!

Debian, Don't miss, Hot stuff, Linux, News, Ubuntu, vulnerability /

Rsync vulnerabilities allow remote code execution on servers, patch quickly! 2025-01-15 at 16:46 By Zeljka Zorz Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a machine with a running Rsync server. “The client requires only

React to this headline:

Loading spinner

Rsync vulnerabilities allow remote code execution on servers, patch quickly! Read More »

FBI removed PlugX malware from U.S. computers

FBI, Hot stuff, Malware, News, Sekoia.io, US DoJ, USA /

FBI removed PlugX malware from U.S. computers 2025-01-15 at 14:24 By Help Net Security The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. As described in court documents unsealed in the Eastern District of Pennsylvania, a group of hackers sponsored by the People’s

React to this headline:

Loading spinner

FBI removed PlugX malware from U.S. computers Read More »

Contextal Platform: Open-source threat detection and intelligence

Don't miss, GitHub, Hot stuff, News, open source, software /

Contextal Platform: Open-source threat detection and intelligence 2025-01-15 at 07:34 By Mirko Zorz Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced features such as contextual threat analysis, custom detection scenarios through the ContexQL language, and AI-powered data processing—all operating locally

React to this headline:

Loading spinner

Contextal Platform: Open-source threat detection and intelligence Read More »

Using cognitive diversity for stronger, smarter cyber defense

attacks, Corpora.ai, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, resilience, training /

Using cognitive diversity for stronger, smarter cyber defense 2025-01-15 at 07:03 By Mirko Zorz In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents. Morris shares insights on the challenges of designing user-friendly cybersecurity tools that consider human cognitive processes. How do cognitive biases impact

React to this headline:

Loading spinner

Using cognitive diversity for stronger, smarter cyber defense Read More »

Cybersecurity is stepping into a new era of complexity

Artificial Intelligence, cybersecurity, News, report, survey, threats, World Economic Forum /

Cybersecurity is stepping into a new era of complexity 2025-01-15 at 06:01 By Help Net Security Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report. Growing complexity intensifies cyber inequity This complexity arises from the rapid growth of emerging technologies, prevailing geopolitical uncertainty, the evolution

React to this headline:

Loading spinner

Cybersecurity is stepping into a new era of complexity Read More »

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws

0-day, Action1, Don't miss, Hot stuff, Immersive Labs, Microsoft, MS Office, News, Tenable, Trend Micro, Unpatched.ai, virtualization, vulnerability, Windows, Windows Server /

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws 2025-01-14 at 23:03 By Zeljka Zorz Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) are being actively exploited. The exploited Hyper-V vulnerabilities The exploited zero-days are CVE-2025-21333

React to this headline:

Loading spinner

Microsoft fixes actively exploited Windows Hyper-V zero-day flaws Read More »

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)

0-day, Arctic Wolf Networks, Don't miss, enterprise, firewall, Fortinet, Hot stuff, News /

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) 2025-01-14 at 19:21 By Zeljka Zorz Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that’s being exploited by attackers to compromise publicly-exposed FortiGate firewalls. While Fortinet acknowledged in-the-wild exploitation in the accompanying security advisory, they did share

React to this headline:

Loading spinner

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) Read More »

Malicious actors’ GenAI use has yet to match the hype

Artificial Intelligence, bot, Cyber Threat Alliance, deepfakes, disinformation, Don't miss, Hot stuff, News, phishing, report, scams, social engineering, threat response, tips /

Malicious actors’ GenAI use has yet to match the hype 2025-01-14 at 17:08 By Zeljka Zorz Generative AI has helped lower the barrier for entry for malicious actors and has made them more efficient, i.e., quicker at creating convincing deepfakes, mounting phishing campaigns and investment scams, the most recent report by the Cyber Threat Alliance

React to this headline:

Loading spinner

Malicious actors’ GenAI use has yet to match the hype Read More »

Scroll to Top