News

RDRS: ICANN’s new service for easier access to nonpublic domain data

Assured Data Protection, ICANN, News, Privacy /

RDRS: ICANN’s new service for easier access to nonpublic domain data 04/12/2023 at 17:31 By Help Net Security The Internet Corporation for Assigned Names and Numbers (ICANN) has launched the Registration Data Request Service (RDRS). The RDRS is a new service that introduces a more consistent and standardized format to handle requests for access to […]

RDRS: ICANN’s new service for easier access to nonpublic domain data Read More »

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities

Check Point, CISA, critical infrastructure, Don't miss, Hot stuff, Israel, NCSC, News, PLC, USA /

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities 04/12/2023 at 16:48 By Helga Labus Iran-affiliated attackers CyberAv3ngers continue to exploit vulnerable Unitronics programmable logic controllers (PLCs), US and Israeli authorities have said in a joint cybersecurity advisory. CyberAv3ngers targeting Unitronics PLCs CISA has recently confirmed that Iran-affiliated attackers took over a Unitronics Vision Series

CyberAv3ngers hit Unitronics PLCs at multiple US-based water facilities Read More »

Put guardrails around AI use to protect your org, but be open to changes

Artificial Intelligence, ChatGPT, CISO, cybersecurity, Don't miss, Expert analysis, Expert corner, generative AI, Hot stuff, News, NS1, opinion, regulation /

Put guardrails around AI use to protect your org, but be open to changes 04/12/2023 at 08:31 By Help Net Security Artificial intelligence (AI) is a topic that’s currently on everyone’s minds. While in some industries there is concern it could replace workers, other industries have embraced it as a game-changer for streamlining processes, automating

Put guardrails around AI use to protect your org, but be open to changes Read More »

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations

Artificial Intelligence, cybercrime, cybersecurity, machine learning, News, report, survey, WatchGuard /

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations 04/12/2023 at 07:31 By Help Net Security In their 2024 cybersecurity outlook, WatchGuard researchers forecast headline-stealing hacks involving LLMs, AI-based voice chatbots, modern VR/MR headsets, and more in the coming year. Companies and individuals are experimenting with LLMs to increase operational efficiency.

2024 cybersecurity outlook: The rise of AI voice chatbots and prompt engineering innovations Read More »

Maximizing cybersecurity on a budget

Arctic Wolf Networks, cybersecurity, Don't miss, investment, News, SecureIQLab, Threater, Video /

Maximizing cybersecurity on a budget 04/12/2023 at 07:01 By Help Net Security A cybersecurity budget is an allocation of resources, both financial and otherwise, dedicated to protecting an organization’s digital assets from cyber threats. This includes funds for security software, hardware, training, and personnel. A well-structured cybersecurity budget ensures that an organization is adequately prepared

Maximizing cybersecurity on a budget Read More »

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens

News, Week in review /

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens 03/12/2023 at 12:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Vulnerability disclosure: Legal risks and ethical considerations for researchers In this Help Net Security interview, Eddie Zhang, Principal

Week in review: PoC for Splunk Enterprise RCE flaw released, scope of Okta breach widens Read More »

Qlik Sense flaws exploited in Cactus ransomware campaign

Arctic Wolf Networks, data analytics, Don't miss, exploit, Hot stuff, News, Ransomware, security update, vulnerability /

Qlik Sense flaws exploited in Cactus ransomware campaign 01/12/2023 at 15:18 By Helga Labus Attackers are exploiting three critical vulnerabilities in internet-facing Qlik Sense instances to deliver Cactus ransomware to target organizations, Arctic Wolf researchers have warned. The exploited vulnerabilities Qlik Sense is a business intelligence and data analytics solution popular with governmental organizations and

Qlik Sense flaws exploited in Cactus ransomware campaign Read More »

Critical Zyxel NAS vulnerabilities patched, update quickly!

Don't miss, Hot stuff, IBM X-Force, NAS, News, security update, vulnerability, Zyxel /

Critical Zyxel NAS vulnerabilities patched, update quickly! 01/12/2023 at 14:33 By Zeljka Zorz Zyxel has patched six vulnerabilities affecting its network attached storage (NAS) devices, including several (OS) command injection flaws that can be easily exploited by unauthenticated attackers. The vulnerabilities in Zyxel NAS devices One of the six plugged security holes is an improper

Critical Zyxel NAS vulnerabilities patched, update quickly! Read More »

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917)

0-day, apple, Don't miss, Hot stuff, iOS, iPad, macOS, News, security update /

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) 01/12/2023 at 12:33 By Zeljka Zorz With the latest round of security updates, Apple has fixed two zero-day WebKit vulnerabilities (CVE-2023-42916, CVE-2023-42917) that “may have been exploited against versions of iOS before iOS 16.7.1.” About the vulnerabilities (CVE-2023-42916, CVE-2023-42917) CVE-2023-42916 is a out-of-bounds read

Apple patches two zero-days used to target iOS users (CVE-2023-42916 CVE-2023-42917) Read More »

New infosec products of the week: December 1, 2023

Amazon, Datadog, Entrust, Fortanix, GitHub, News, Nitrokey, Paladin Cloud /

New infosec products of the week: December 1, 2023 01/12/2023 at 08:47 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Amazon, Datadog, Entrust, Fortanix, GitHub, Nitrokey, and Paladin Cloud. Amazon One Enterprise palm-based identity service improves security of physical spaces, digital assets Amazon One

New infosec products of the week: December 1, 2023 Read More »

Bridging the gap between cloud vs on-premise security

Cato Networks, Cloud, cloud security, cybersecurity, Don't miss, Expert analysis, Expert corner, firewall, Hot stuff, News, opinion, policy /

Bridging the gap between cloud vs on-premise security 01/12/2023 at 08:03 By Help Net Security With the proliferation of SaaS applications, remote work and shadow IT, organizations feel obliged to embrace cloud-based cybersecurity. And rightly so, because the corporate resources, traffic, and threats are no longer confined within the office premises. Cloud-based security initiatives, such

Bridging the gap between cloud vs on-premise security Read More »

Unhappy network professionals juggling more with less

CIO, cybersecurity, News, Opengear, report, survey, threat /

Unhappy network professionals juggling more with less 01/12/2023 at 07:04 By Help Net Security 97% of US-based CIOs expressed serious concerns about at least one cybersecurity threat, according to Opengear. Failing to have the correct human oversight over the network can open up opportunities for cybercriminals to find vulnerabilities in underserved setups. It’s perhaps this

Unhappy network professionals juggling more with less Read More »

CISA urges water facilities to secure their Unitronics PLCs

critical infrastructure, Don't miss, Hot stuff, News, PLC, Ransomware, tips, USA /

CISA urges water facilities to secure their Unitronics PLCs 30/11/2023 at 18:02 By Zeljka Zorz News that Iran-affiliated attackers have taken over a programmable logic controller (PLC) at a water system facility in Pennsylvania has been followed by a public alert urging other water authorities to immediately secure their own PLCs. “The cyber threat actors

CISA urges water facilities to secure their Unitronics PLCs Read More »

Nitrokey releases NetHSM, a fully open-source hardware security module

Encryption, Industry news, News, Nitrokey, open source, public-key cryptography /

Nitrokey releases NetHSM, a fully open-source hardware security module 30/11/2023 at 16:32 By Help Net Security German company Nitrokey has released NetHSM 1.0, an open-source hardware security module (HSM). Nitrokey NetHSM 1.0 features The module can be used for storing and managing a variety of cryptographic keys (e.g., keys to enable HTTPS, DNSSEC, secure blockchain

Nitrokey releases NetHSM, a fully open-source hardware security module Read More »

Mosint: Open-source automated email OSINT tool

Don't miss, Email, GitHub, Hot stuff, News, open source, OSINT /

Mosint: Open-source automated email OSINT tool 30/11/2023 at 08:31 By Mirko Zorz Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information. “In my previous job, I actively worked

Mosint: Open-source automated email OSINT tool Read More »

Bridging the risk exposure gap with strategies for internal auditors

AuditBoard, auditing, Compliance, cybersecurity, data security, Don't miss, Features, Hot stuff, News, opinion, Risk Management, strategy, tips /

Bridging the risk exposure gap with strategies for internal auditors 30/11/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk management in helping organizations bridge the gap in risk exposure. He talks about how

Bridging the risk exposure gap with strategies for internal auditors Read More »

Organizations can’t ignore the surge in malicious web links

attacks, cybercriminals, cybersecurity, Email, Hornetsecurity, News, phishing, Ransomware, report /

Organizations can’t ignore the surge in malicious web links 30/11/2023 at 07:02 By Help Net Security Despite the rising adoption of collaboration and instant messaging software, email remains a significant area of concern regarding cyber attacks, particularly the increasing threat of cybercriminals employing harmful web links in emails, according to Hornetsecurity. Attack techniques used in

Organizations can’t ignore the surge in malicious web links Read More »

Infosec products of the month: November 2023

Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, Ironscales, Kasada, Lacework, Malwarebytes, News, OneSpan, Paladin Cloud, Snappt, ThreatModeler, Varonis /

Infosec products of the month: November 2023 30/11/2023 at 06:46 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, Enzoic, Fortanix, GitHub, Illumio, Immuta, IRONSCALES, Kasada, Lacework, Malwarebytes, OneSpan, Paladin Cloud, Snappt, ThreatModeler, and Varonis.

Infosec products of the month: November 2023 Read More »

PoCs for critical Arcserve UDP vulnerabilities released

Arcserve, Data Protection, disaster recovery, Don't miss, enterprise, News, PoC, Tenable, vulnerability /

PoCs for critical Arcserve UDP vulnerabilities released 29/11/2023 at 17:46 By Zeljka Zorz Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been published by Tenable researchers on Monday. The vulnerabilities Arcserve UDP is a popular enterprise data protection, backup and disaster recovery solution

PoCs for critical Arcserve UDP vulnerabilities released Read More »

Scroll to Top