Okta breach: Hackers stole info on ALL customer support users 29/11/2023 at 14:16 By Zeljka Zorz The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a report that contained the names and email addresses of all Okta […]
Okta breach: Hackers stole info on ALL customer support users Read More »
Tails 5.2.0 comes with several improvements, updated Tor Browser 29/11/2023 at 13:33 By Help Net Security Tails is a portable operating system that protects against surveillance and censorship. Tails can be installed on any USB stick with a minimum of 8 GB. Tails works on most computers under ten years old. You can start again
Tails 5.2.0 comes with several improvements, updated Tor Browser Read More »
Strategies for cultivating a supportive culture in zero-trust adoption 29/11/2023 at 08:01 By Mirko Zorz In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business outcomes, revealing a decrease in reported security incidents and enhanced adaptability. Goerlich emphasizes the
Strategies for cultivating a supportive culture in zero-trust adoption Read More »
Vigil: Open-source LLM security scanner 29/11/2023 at 07:01 By Mirko Zorz Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when an attacker successfully influences an LLM using specially designed inputs. This leads to the LLM unintentionally carrying out the objectives
Vigil: Open-source LLM security scanner Read More »
Design flaw leaves Google Workspace vulnerable for takeover 28/11/2023 at 18:31 By Help Net Security A design flaw in Google Workspace’s domain-wide delegation feature, discovered by Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege escalation and unauthorized access to Workspace APIs without Super Admin privileges. Such exploitation could result in the
Design flaw leaves Google Workspace vulnerable for takeover Read More »
Slovenian power company hit by ransomware 28/11/2023 at 18:17 By Helga Labus Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted. The attack HSE is a state-owned company that controls numerous hydroelectric, thermal and coal-fired power plants. The company has declined to share
Slovenian power company hit by ransomware Read More »
Critical ownCloud flaw under attack (CVE-2023-49103) 28/11/2023 at 14:17 By Zeljka Zorz Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over the weekend, though Dr. Johannes Ullrich, Dean of
Critical ownCloud flaw under attack (CVE-2023-49103) Read More »
Ukrainian ransomware gang behind high-profile attacks dismantled 28/11/2023 at 13:46 By Help Net Security Law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant ransomware operations. On 21 November, 30 properties were searched in the regions of Kyiv, Cherkasy, Rivne
Ukrainian ransomware gang behind high-profile attacks dismantled Read More »
SMBs face surge in “malware free” attacks 28/11/2023 at 12:51 By Helga Labus “Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and medium businesses (SMBs) faced in Q3 2023, says the inaugural SMB Threat Report by Huntress, a company that provides a
SMBs face surge in “malware free” attacks Read More »
How passkeys are reshaping user security and convenience 28/11/2023 at 08:34 By Mirko Zorz In this Help Net Security interview, Anna Pobletts, Head of Passwordless at 1Password, talks about passkey adoption and its acceleration in 2024. This trend is particularly notable among highly-regulated services like fintech and banking, where users seek a sign-in experience that
How passkeys are reshaping user security and convenience Read More »
Product showcase: New ESET Home Security 28/11/2023 at 07:32 By Help Net Security ESET is thrilled to announce our new cutting-edge consumer solutions. Our consumer offering is more than just security – it is a comprehensive portfolio designed to keep our customers safe in today’s digital landscape. We are dedicated to advancing technology without compromising
Product showcase: New ESET Home Security Read More »
Generative AI security: Preventing Microsoft Copilot data exposure 28/11/2023 at 07:01 By Help Net Security Microsoft Copilot has been called one of the most powerful productivity tools on the planet. Copilot is an AI assistant that lives inside each of your Microsoft 365 apps — Word, Excel, PowerPoint, Teams, Outlook, and so on. Microsoft’s dream
Generative AI security: Preventing Microsoft Copilot data exposure Read More »
Report: The state of authentication security 2023 28/11/2023 at 06:48 By Help Net Security This survey set out to explore these challenges, to identify common practices, and to provide insight into how organizations can bolster their defenses. Key findings from the survey include: Current authentication practices Authentication-related cyberattacks Security incidents and impact Password management Security
Report: The state of authentication security 2023 Read More »
Fortanix Key Insight discovers and remediates data security risks in hybrid multicloud environments 27/11/2023 at 19:02 By Industry News Fortanix announced Key Insight, a new capability in the Fortanix Data Security Manager TM (DSM) platform designed to help enterprises discover, assess, and remediate risk and compliance gaps across hybrid multicloud environments. Data breaches lead to
Released: AI security guidelines backed by 18 countries 27/11/2023 at 17:32 By Zeljka Zorz The UK National Cyber Security Centre (NCSC) has published new guidelines that can help developers and providers of AI-powered systems “build AI systems that function as intended, are available when needed, and work without revealing sensitive data to unauthorised parties.” How
Released: AI security guidelines backed by 18 countries Read More »
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) 27/11/2023 at 13:47 By Zeljka Zorz A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a solution
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214) Read More »
OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more! 27/11/2023 at 10:32 By Help Net Security OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL 3.2.0 This release incorporates the following potentially significant or incompatible changes:
AWS Kill Switch: Open-source incident response tool 27/11/2023 at 09:01 By Mirko Zorz AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda function and proof of concept client. You can either adopt this client or build your
AWS Kill Switch: Open-source incident response tool Read More »
Why it’s the perfect time to reflect on your software update policy 27/11/2023 at 08:04 By Help Net Security The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact,
Why it’s the perfect time to reflect on your software update policy Read More »
Vulnerability disclosure: Legal risks and ethical considerations for researchers 27/11/2023 at 07:32 By Mirko Zorz In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. Zhang explores the intricate balancing act that researchers must perform when navigating the interests of
Vulnerability disclosure: Legal risks and ethical considerations for researchers Read More »