Humans are still better than AI at crafting phishing emails, but for how long? 26/10/2023 at 15:17 By Helga Labus Humans are still better at crafting phishing emails compared to AI, but not by far and likely not for long, according to research conducted by IBM X-Force Red. Creating phishing emails: Humans vs. AI The […]
Humans are still better than AI at crafting phishing emails, but for how long? Read More »
Quishing: Tricks to look out for 26/10/2023 at 11:01 By Zeljka Zorz QR code phishing – aka “quishing” – is on the rise, according to HP, Darktrace, Malwarebytes, AusCERT, and many others. What are QR codes? QR codes are two-dimensional matrix barcodes used for tracking products, identifying items, simplifying actions such as connecting to a
Quishing: Tricks to look out for Read More »
OT cyber attacks proliferating despite growing cybersecurity spend 26/10/2023 at 07:32 By Help Net Security The sharp increase in attacks on operational technology (OT) systems can be primarily attributed to two key factors: the escalating global threats posed by nation-state actors and the active involvement of profit-driven cybercriminals (often sponsored by the former). The lack
OT cyber attacks proliferating despite growing cybersecurity spend Read More »
GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our
GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »
Ransomware groups continue to increase their operational tempo 26/10/2023 at 06:31 By Help Net Security Q3 of 2023 continued an ongoing surge in ransomware activity, according to GuidePoint Security. GuidePoint Research and Intelligence Team (GRIT) observed a nearly 15% increase in ransomware activity since Q2 due to an increased number of ransomware groups, including 10
Ransomware groups continue to increase their operational tempo Read More »
CISOs struggling to understand value of security controls data 26/10/2023 at 06:02 By Help Net Security Many CISOs are grappling with the conundrum of the purpose and value of security controls data in supporting critical business decisions, according to Panaseer. The biggest concern when taking on a new CISO role is receiving an inaccurate audit
CISOs struggling to understand value of security controls data Read More »
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) 25/10/2023 at 13:47 By Helga Labus VMware has fixed a critical out-of-bounds write vulnerability (CVE-2023-34048) and a moderate-severity information disclosure flaw (CVE-2023-34056) in vCenter Server, its popular server management software. About CVE-2023-34048 and CVE-2023-34056 CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual
VMware patches critical vulnerability in vCenter Server (CVE-2023-34048) Read More »
What is operational risk and why should you care? Assessing SEC rule readiness for OT and IoT 25/10/2023 at 07:31 By Help Net Security The newly released Security and Exchange Commission (SEC) cyber incident disclosure rules have been met with mixed reviews. Of particular concern is whether public companies who own and operate industrial control
Consumers are taking action to protect their privacy 25/10/2023 at 06:01 By Help Net Security Younger consumers are taking deliberate action to protect their privacy, as 42% of consumers aged 18-24 exercise their Data Subject Access Rights, compared with just 6% for consumers 75 and older, according to Cisco. Consumers express willingness to share their
Consumers are taking action to protect their privacy Read More »
1Password also affected by Okta Support System breach 24/10/2023 at 13:50 By Zeljka Zorz Following in the footsteps of BeyondTrust and CloudFlare, 1Password has revealed that it has been affected by the Okta Support System breach. “On September 29, we detected suspicious activity on our Okta instance that we use to manage our employee-facing apps,”
1Password also affected by Okta Support System breach Read More »
Bracing for AI-enabled ransomware and cyber extortion attacks 24/10/2023 at 07:37 By Help Net Security AI has been the shiniest thing in tech since at least November 2022, when ChatGPT was made available to the masses and unveiled the transformative potential of large language models for all the world to see. As businesses scramble to
Bracing for AI-enabled ransomware and cyber extortion attacks Read More »
Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and
Wazuh: Free and open-source XDR and SIEM Read More »
The primary pain points for SOC teams 24/10/2023 at 06:42 By Help Net Security Security professionals want to pursue high-impact work, but they’re being held back by growing workloads, shrinking budgets, and a worsening skills shortage, according to Tines. Nine out of 10 security teams are automating at least some of their work, and 93%
The primary pain points for SOC teams Read More »
Today’s CIO has ambitions well beyond IT delivery 24/10/2023 at 06:05 By Help Net Security 45% of CIOs are beginning to work with their CxO peers to bring IT and business area staff together to co-lead digital delivery on an enterprise-wide scale, according to Gartner. CIOs face a paradigm shift, sharing leadership responsibilities with CxOs
Today’s CIO has ambitions well beyond IT delivery Read More »
Microsoft announces wider availability of AI-powered Security Copilot 23/10/2023 at 15:04 By Helga Labus Microsoft Security Copilot has been made available to a larger number of enterprise customers, via an invitation-only Early Access Program. What is Microsoft Security Copilot? “Security Copilot is an AI assistant for security teams that builds on the latest in large
Microsoft announces wider availability of AI-powered Security Copilot Read More »
“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day 23/10/2023 at 13:04 By Zeljka Zorz Cisco has released the first fixes for the IOS XE zero-day (CVE-2023-20198) exploited by attackers to ultimately deliver a malicious implant. The fixes were made available on Sunday, but a curious thing happened the day before: several
“Disappearing” implants, followed by first fixes for exploited Cisco IOS XE zero-day Read More »
How passkeys are changing the face of authentication 23/10/2023 at 08:05 By Help Net Security As passwordless identity becomes mainstream, the term “passkey” is quickly becoming a new buzzword in cybersecurity. But what exactly is a passkey and why do we need them? A passkey is a digital credential that can only be used by
How passkeys are changing the face of authentication Read More »
Scaling rapidly? Your application security strategies need to keep up 23/10/2023 at 07:01 By Help Net Security Modern application security strategies must support and enable modern software development, even as it rapidly scales, according to Mend.io. Just 52% of companies can effectively remediate critical vulnerabilities and only 41% are confident they can manage the security
Scaling rapidly? Your application security strategies need to keep up Read More »
Only a fraction of risk leaders are prepared for GenAI threats 23/10/2023 at 06:31 By Help Net Security While 93% of companies recognize the risks associated with using generative AI inside the enterprise, only 9% say they’re prepared to manage the threat, according to Riskonnect. The research reveals a profound AI risk management gap: To
Only a fraction of risk leaders are prepared for GenAI threats Read More »