News

Google fixes actively exploited Chrome zero-day (CVE-2024-0519)

0-day, Chrome, Don't miss, Hot stuff, Microsoft Edge, News, security update /

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) 2024-01-17 at 12:01 By Zeljka Zorz In the new stable release of the Chrome browser, Google has fixed three security vulnerabilities affecting the V8 engine, including one zero-day (CVE-2024-0519) with an existing exploit. About CVE-2024-0519 V8 is an open-source JavaScript and WebAssembly engine developed by the Chromium Project […]

Google fixes actively exploited Chrome zero-day (CVE-2024-0519) Read More »

Security considerations during layoffs: Advice from an MSSP

access management, authentication, cybersecurity, data security, DirectDefense, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, tips /

Security considerations during layoffs: Advice from an MSSP 2024-01-17 at 08:01 By Help Net Security Navigating layoffs is complex and difficult for many reasons. Not only do human resources and direct managers bear the onus of responsibility when conducting exit conversations, but security teams should also make the necessary preparations for monitoring anomalies in employee

Security considerations during layoffs: Advice from an MSSP Read More »

The right strategy for effective cybersecurity awareness

cyber resilience, cybersecurity, Don't miss, education, Hot stuff, News, phishing, security awareness, skill development /

The right strategy for effective cybersecurity awareness 2024-01-17 at 07:31 By Helga Labus Employees play a significant role in safeguarding organizational assets. With a constantly evolving threat landscape, cybersecurity awareness training is an essential component in creating a good security culture. Why cybersecurity awareness training? 81% of organizations were hit by malware, phishing, and password

The right strategy for effective cybersecurity awareness Read More »

CISOs’ crucial role in aligning security goals with enterprise expectations

access management, CISO, cybersecurity, Don't miss, Features, Gartner, generative AI, Hot stuff, identity management, News, opinion, Privacy, strategy, tips /

CISOs’ crucial role in aligning security goals with enterprise expectations 2024-01-17 at 07:01 By Mirko Zorz In this Help Net Security interview, Chris Mixter, Vice President, Analyst at Gartner, discusses the dynamic world of CISOs and how their roles have evolved significantly over the years. He outlines the critical skills for CISOs in 2024, addresses

CISOs’ crucial role in aligning security goals with enterprise expectations Read More »

IT teams unable to deliver data fast enough to match the speed of business

CData Software, data, data collection, News, report, survey /

IT teams unable to deliver data fast enough to match the speed of business 2024-01-17 at 06:01 By Help Net Security Increasing data requests overwhelm IT teams, but security concerns hinder their ability to provide employees with access to timely data, according to CData Software. The majority of Ops professionals feel that they are prohibited

IT teams unable to deliver data fast enough to match the speed of business Read More »

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527)

Atlassian, Atlassian Confluence, CVE, Don't miss, enterprise, Hot stuff, News, security update, vulnerability /

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) 2024-01-16 at 19:46 By Zeljka Zorz Atlassian has patched a critical vulnerability (CVE-2023-22527) in Confluence Data Center and Confluence Server that could lead to remote code execution. The good news is that the flaw was fixed in early December 2023 with the release of versions

Atlassian reveals critical Confluence RCE flaw, urges “immediate action” (CVE-2023-22527) Read More »

1,700 Ivanti VPN devices compromised. Are yours among them?

0-day, APT, Don't miss, enterprise, Hot stuff, Ivanti, Mandiant, News, SMBs, threat hunting, Volexity, VPN, web shell /

1,700 Ivanti VPN devices compromised. Are yours among them? 2024-01-16 at 17:16 By Zeljka Zorz Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional threat actors beyond UTA0178 appear to now have access to the exploit and are actively trying to exploit

1,700 Ivanti VPN devices compromised. Are yours among them? Read More »

3 ways to combat rising OAuth SaaS attacks

access control, Adaptive Shield, attacks, authentication, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, monitoring, News, OAuth, opinion, SaaS /

3 ways to combat rising OAuth SaaS attacks 2024-01-16 at 07:31 By Help Net Security OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to take over a cloud server and mine cryptocurrency, establish persistence following business email compromise and launch spam activity using the

3 ways to combat rising OAuth SaaS attacks Read More »

10 cybersecurity frameworks you need to know about

CISO, cybersecurity, Don't miss, framework, Hot stuff, ISO 27001, News, security standard, standards, strategy, tips /

10 cybersecurity frameworks you need to know about 2024-01-16 at 07:01 By Help Net Security As cyber threats grow more sophisticated, understanding and implementing robust cybersecurity frameworks is crucial for organizations of all sizes. This article lists the most essential cybersecurity frameworks developed to guide businesses and governments in safeguarding their digital assets. From the

10 cybersecurity frameworks you need to know about Read More »

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

cybersecurity, DFIR, Linux, News, open source, software /

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations 2024-01-16 at 06:31 By Mirko Zorz Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics analysis, post-mortem analysis, and digital evidence acquisition. Users can also perform malware analysis, OSINT and computer vision activities.

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations Read More »

Geopolitical tensions combined with technology will drive new security risks

Artificial Intelligence, Fake News, News, report, risk, survey, Tenable, World Economic Forum /

Geopolitical tensions combined with technology will drive new security risks 2024-01-16 at 06:02 By Help Net Security Misinformation and disinformation are biggest short-term risks, while extreme weather and critical change to Earth systems are greatest long-term concern, according to the Global Risks 2024 Report from the World Economic Forum. Against a backdrop of systemic shifts

Geopolitical tensions combined with technology will drive new security risks Read More »

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

Don't miss, Hot stuff, Malware, News, Trend Micro, Windows /

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) 2024-01-15 at 15:31 By Zeljka Zorz A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the delivered threat is a variant of the Phemedrone Stealer. About the malware Phemedrone Stealer is a piece of malware written

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025) Read More »

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Don't miss, enterprise, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Flipping the BEC funnel: Phishing in the age of GenAI

Artificial Intelligence, BEC scams, CISO, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, generative AI, Hot stuff, Ironscales, News, opinion, phishing, SOC /

Flipping the BEC funnel: Phishing in the age of GenAI 2024-01-15 at 08:02 By Help Net Security For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the

Flipping the BEC funnel: Phishing in the age of GenAI Read More »

Adalanche: Open-source Active Directory ACL visualizer, explorer

Active Directory, cybersecurity, GitHub, News, open source, software /

Adalanche: Open-source Active Directory ACL visualizer, explorer 2024-01-15 at 07:01 By Mirko Zorz Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and investigating potential account, machine, or domain takeovers. Additionally, it helps identify and display any misconfigurations. What unique features make

Adalanche: Open-source Active Directory ACL visualizer, explorer Read More »

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

News, Week in review /

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days 2024-01-14 at 09:33 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world intrusions In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days Read More »

Akira ransomware attackers are wiping NAS and tape backups

backup, Cisco, Don't miss, EU, exploit, Hot stuff, NAS, News, Ransomware, vulnerability /

Akira ransomware attackers are wiping NAS and tape backups 2024-01-12 at 16:17 By Helga Labus “The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira

Akira ransomware attackers are wiping NAS and tape backups Read More »

Cloud security predictions for 2024

access management, Cado Security, cloud security, cybersecurity, cybersecurity talent, data, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, serverless /

Cloud security predictions for 2024 2024-01-12 at 07:31 By Help Net Security As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. Businesses and cybersecurity professionals must stay abreast of these changes, adapting their strategies to ensure a

Cloud security predictions for 2024 Read More »

New infosec products of the week: January 12, 2024

Critical Start, Dasera, ID R&D, News, SpecterOps /

New infosec products of the week: January 12, 2024 2024-01-12 at 07:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps. SpecterOps adds new Attack Paths to BloodHound Enterprise SpecterOps announced updates to BloodHound Enterprise (BHE) that add

New infosec products of the week: January 12, 2024 Read More »

Scroll to Top