News

86% of cyberattacks are delivered over encrypted channels

cybercrime, cybersecurity, Encryption, Malware, News, report, survey, Zscaler /

86% of cyberattacks are delivered over encrypted channels 21/12/2023 at 07:00 By Help Net Security Threats over HTTPS grew by 24% from 2022, underscoring the sophisticated nature of cybercriminal tactics that target encrypted channels, according to Zscaler. For the second year in a row, manufacturing was the industry most commonly targeted, with education and government […]

86% of cyberattacks are delivered over encrypted channels Read More »

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers

cryptojacking, Don't miss, exploit, Hot stuff, Imperva, Malware, News, Oracle WebLogic, research, vulnerability /

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers 20/12/2023 at 16:02 By Helga Labus The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners

8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers Read More »

Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers

Citrix, Comcast, cyberattack, data breach, data theft, Don't miss, hacking, Hot stuff, News, telecommunications, USA, vulnerability, Xfinity /

Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers 20/12/2023 at 13:32 By Helga Labus Telecommunications company Comcast has confirmed a breach that exposed personal information of more than 35.8 million of Xfinity customers. Exploiting Citrix Bleed to breach Xfinity CVE-2023-4966 (aka Citrix Bleed) – an information disclosure vulnerability in Citrix NetScaler

Citrix Bleed leveraged to steal data of 35+ million Comcast Xfinity customers Read More »

AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime

Artificial Intelligence, cybercrime, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, regulation, Stellar Cyber /

AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime 20/12/2023 at 09:47 By Help Net Security Bringing artificial intelligence into the cybersecurity field has created a vicious cycle. Cyber professionals now employ AI to enhance their tools and boost their detection and protection capabilities, but cybercriminals are also harnessing AI for their attacks. Security

AI’s efficacy is constrained in cybersecurity, but limitless in cybercrime Read More »

Product showcase: ImmuniWeb AI Platform

Artificial Intelligence, cybersecurity, ImmuniWeb, News, penetration testing, Product showcase, software /

Product showcase: ImmuniWeb AI Platform 20/12/2023 at 08:31 By Help Net Security ImmuniWeb is a global application security company that currently serves over 1,000 customers from more than 50 countries. ImmuniWeb AI Platform has received numerous prestigious awards and industry recognitions for intelligent automation and acceleration of application security testing, which delivers better quality of

Product showcase: ImmuniWeb AI Platform Read More »

Balancing AI’s promise with privacy and intellectual property concerns

Artificial Intelligence, automation, Cisco, Cybersixgill, Devo Technology, Don't miss, Enea, Entrust, GitLab, Immuta, News, NTT, Osterman Research, Perception Point, report, Snow Software, survey, Wallaroo.AI, WorkFusion /

Balancing AI’s promise with privacy and intellectual property concerns 20/12/2023 at 07:31 By Help Net Security Organizations increasingly integrate AI technologies into their cybersecurity architectures to enhance detection, response, and mitigation capabilities. One of the key strengths of AI in cybersecurity lies in its ability to predict and prevent attacks before they occur. Powered by

Balancing AI’s promise with privacy and intellectual property concerns Read More »

Subdominator: Open-source tool for detecting subdomain takeovers

cybersecurity, Don't miss, GitHub, News, open source, software, Stratus /

Subdominator: Open-source tool for detecting subdomain takeovers 20/12/2023 at 07:01 By Mirko Zorz Subdominator is a dependable and fast open-source command-line interface tool to identify subdomain takeovers. It boasts superior accuracy and reliability, offering improvements compared to other tools. “Initially, Subdominator was created internally because all the current subdomain takeover tools had gaps in their

Subdominator: Open-source tool for detecting subdomain takeovers Read More »

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims

decrypter, Don't miss, Europol, extortion, FBI, Hot stuff, law enforcement, News, Ransomware, USA /

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims 19/12/2023 at 19:04 By Zeljka Zorz The US Justice Department announced today a disruption campaign against the Blackcat/ALPHV ransomware group and let victims know that there is a decryptor they can use. FBI develops ALPHV/Blackcat decryptor Over the past 18 months, ALPHV/Blackcat has emerged as the

Law enforcement seizes ALPHV/Blackcat sites, offers decryptor to victims Read More »

Mr. Cooper breach exposes sensitive info of over 14 million customers

cyberattack, data breach, data theft, Don't miss, financial industry, hacking, Hot stuff, News, USA /

Mr. Cooper breach exposes sensitive info of over 14 million customers 19/12/2023 at 13:47 By Helga Labus Mortgage company Mr. Cooper has confirmed that personal information of over 14.6 million customers has been exposed in its October 2023 data breach. The breach “On October 31, 2023, Mr. Cooper detected suspicious activity in certain network systems,”

Mr. Cooper breach exposes sensitive info of over 14 million customers Read More »

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795)

cryptographic attack, Don't miss, Hot stuff, News, OpenSSH, research, SSH, SUSE, vulnerability /

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) 19/12/2023 at 13:18 By Zeljka Zorz Security researchers have discovered a vulnerability (CVE-2023-48795) in the SSH cryptographic network protocol that could allow an attacker to downgrade the connection’s security by truncating the extension negotiation message. The Terrapin attack Terrapin is a prefix truncation attack targeting the SSH protocol.

SSH vulnerability exploitable in Terrapin attacks (CVE-2023-48795) Read More »

The impact of prompt injection in LLM agents

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk, WithSecure /

The impact of prompt injection in LLM agents 19/12/2023 at 08:31 By Help Net Security Prompt injection is, thus far, an unresolved challenge that poses a significant threat to Language Model (LLM) integrity. This risk is particularly alarming when LLMs are turned into agents that interact directly with the external world, utilizing tools to fetch

The impact of prompt injection in LLM agents Read More »

EMBA: Open-source security analyzer for embedded devices

cybersecurity, Don't miss, embedded systems, GitHub, News, open source, penetration testing, software /

EMBA: Open-source security analyzer for embedded devices 19/12/2023 at 08:02 By Mirko Zorz The EMBA open-source security analyzer is tailored as the central firmware analysis tool for penetration testers and product security groups. It assists throughout the security evaluation procedure, extracting firmware, conducting static and dynamic analysis through emulation, and creating a web-based report. EMBA

EMBA: Open-source security analyzer for embedded devices Read More »

Ransomware trends and recovery strategies companies should know

Akamai, BigID, Coalition, Corvus Insurance, cybersecurity, Don't miss, ESG, Fortinet, GuidePoint Security, Hornetsecurity, Ivanti, Keepit, News, Object First, Ransomware, report, SecureWorks, Sophos, survey, Trend Micro, Zerto, Zscaler /

Ransomware trends and recovery strategies companies should know 19/12/2023 at 07:34 By Help Net Security Ransomware attacks can have severe consequences, causing financial losses, reputational damage, and operational disruptions. The methods used to deliver ransomware vary, including phishing emails, malicious websites, and exploiting vulnerabilities in software or operating systems. Cybercriminals often target organizations with weak

Ransomware trends and recovery strategies companies should know Read More »

Most cloud transformations are stuck in the middle

Cloud, digital transformation, HFS, IBM, investment, News, report, survey /

Most cloud transformations are stuck in the middle 19/12/2023 at 07:01 By Help Net Security The landscape of enterprise technology continues to evolve rapidly, with cloud transformation as a primary investment, according to HFS and IBM Consulting. Yet, most organizations have not yet experienced tangible business value from these efforts. Findings show that despite cloud

Most cloud transformations are stuck in the middle Read More »

Microsoft is working on a more secure print system for Windows

Don't miss, drivers, Hot stuff, Microsoft, News, software protection, Windows /

Microsoft is working on a more secure print system for Windows 18/12/2023 at 17:01 By Helga Labus After announcing a gradual elimination of third-party printer drivers on Windows earlier this year, Microsoft has now unveiled its plan for enhancing security by introducting Windows Protected Print Mode (WPP). The problem with the current Windows print system

Microsoft is working on a more secure print system for Windows Read More »

Qakbot returns in fresh assault on hospitality sector

botnet, Don't miss, hospitality industry, Hot stuff, Malware, Microsoft, News, phishing /

Qakbot returns in fresh assault on hospitality sector 18/12/2023 at 15:47 By Helga Labus The Qakbot botnet has been disrupted this summer, but cybercriminals are not ready to give up on the malware: Microsoft’s threat analysts have spotted a new phishing campaign attempting to deliver it to targets in the hospitality industry. Qakbot and its

Qakbot returns in fresh assault on hospitality sector Read More »

MongoDB corporate systems breached, customer data exposed

cyberattack, data breach, Don't miss, hacking, Hot stuff, MongoDB, News /

MongoDB corporate systems breached, customer data exposed 18/12/2023 at 13:31 By Helga Labus Database management company MongoDB has suffered a breach: attackers have gained access to some of its corporate systems and customer data and metadata. The MongoDB breach “We detected suspicious activity on Wednesday (Dec. 13th, 2023) evening US Eastern Standard Time, immediately activated

MongoDB corporate systems breached, customer data exposed Read More »

Correct bad network behavior to bolster application experience

cybersecurity, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, monitoring, network, News, opinion, Progress, software /

Correct bad network behavior to bolster application experience 18/12/2023 at 08:31 By Help Net Security Legacy hardware-based applications existed happily in isolation, untethered from a network. The thing that really mattered was the speed of the hard drive and having enough memory. Today, even the software running from personal hard drives relies on other applications

Correct bad network behavior to bolster application experience Read More »

Creating a formula for effective vulnerability prioritization

Compliance, CVE, CVSS, cybersecurity, Don't miss, Features, framework, Hot stuff, Morphisec, News, opinion, vulnerability management /

Creating a formula for effective vulnerability prioritization 18/12/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. Gorelik discusses challenges posed by regulatory frameworks, incomplete asset inventories, and manual methods, while also exploring the role

Creating a formula for effective vulnerability prioritization Read More »

Information-blocking rule in 21st Century Cures Act redefines data exchange in healthcare

cybersecurity, data, data management, healthcare, News, standards, survey, Verato /

Information-blocking rule in 21st Century Cures Act redefines data exchange in healthcare 18/12/2023 at 07:31 By Help Net Security A Verato survey offers perspectives on the data management strategies of healthcare executives, highlighting the crucial role of Healthcare Master Data Management (hMDM) in addressing key gaps, facilitating seamless data exchange, and aligning with the mandates

Information-blocking rule in 21st Century Cures Act redefines data exchange in healthcare Read More »

Scroll to Top