News

Microsoft Defender can automatically contain compromised user accounts

automation, BEC scams, Don't miss, Endpoint Security, enterprise, Hot stuff, Microsoft, Microsoft Defender, MITM, News, privileged accounts, Ransomware, XDR /

Microsoft Defender can automatically contain compromised user accounts 12/10/2023 at 15:32 By Helga Labus The “contain user” feature select Microsoft Defender for Endpoint customers have been trying out since November 2022 is now available to a wider pool of organizations, Microsoft has announced. The feature aims to help organizations disrupt human-operated attacks like ransomware, business […]

Microsoft Defender can automatically contain compromised user accounts Read More »

Sic Permission Slip on data brokers that use your data

Android, app, CCPA, consumer, Don't miss, Hot stuff, iPhone, News, Privacy, regulation, USA, user data /

Sic Permission Slip on data brokers that use your data 12/10/2023 at 08:31 By Helga Labus Permission Slip, an iPhone and Android app developed by Consumer Reports, helps users ask companies and data brokers to stop sharing their personal data and/or delete it. The Permission Slip app (Source: Consumer Reports) US consumer data privacy laws

Sic Permission Slip on data brokers that use your data Read More »

Keeping up with the demands of the cyber insurance market

cyber insurance, cybersecurity, data security, Delinea, Don't miss, Expert analysis, Expert corner, Hot stuff, market, MFA, News, opinion, Ransomware, remediation, standards, strategy, threats /

Keeping up with the demands of the cyber insurance market 12/10/2023 at 08:01 By Help Net Security Cyber insurance has been around longer than most of us think. When American International Group (AIG) launched the first cyber insurance policy in 1997, it stepped into completely unknown territory to gain market share. Now, 26 years later,

Keeping up with the demands of the cyber insurance market Read More »

Unmasking the limitations of yearly penetration tests

Ambionics, communication, Compliance, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, PCI DSS, penetration testing, risk assessment, shadow IT, Threat Intelligence, threats, vulnerability, web application /

Unmasking the limitations of yearly penetration tests 12/10/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Charles d’Hondt, Head of Operations, Ambionics Security, talks about the necessity of implementing continuous penetration testing because yearly ones are not enough. They leave blind spots and cannot match the security needs of regular releases and

Unmasking the limitations of yearly penetration tests Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

Yeti: Open, distributed, threat intelligence repository Read More »

As biohacking evolves, how vulnerable are we to cyber threats?

chip, cybercrime, cybercriminals, cybersecurity, ENISA, Entelgy, hacking, implantable devices, Malware, News, report, RFID, survey /

As biohacking evolves, how vulnerable are we to cyber threats? 12/10/2023 at 07:01 By Help Net Security Can our bodies be hacked? The answer may be yes, in that anyone can implant a chip under the skin and these devices do not usually use secure technologies, according to Entelgy. However, despite more than a decade

As biohacking evolves, how vulnerable are we to cyber threats? Read More »

Cybersecurity should be a business priority for CEOs

Accenture, Accenture Security, CEO, cyber resilience, cybersecurity, investment, News, report, strategy, survey /

Cybersecurity should be a business priority for CEOs 12/10/2023 at 06:02 By Help Net Security 74% of CEOs are concerned about their organizations’ ability to avert or minimize damage to the business from a cyberattack – even though 96% of CEOs said that cybersecurity is critical to organizational growth and stability, according to Accenture. CEOs

Cybersecurity should be a business priority for CEOs Read More »

Israel Hospital Uses Facial Recognition To Identify Dead And Wounded From Hamas War

Breaking, breaking-news, cybersecurity, Editors' Pick, Innovation, News, premium, Technology /

Israel Hospital Uses Facial Recognition To Identify Dead And Wounded From Hamas War 11/10/2023 at 19:18 By Thomas Brewster, Forbes Staff When family members send in photos of their missing loved ones, Corsight AI’s technology checks for matches against images of patients. This article is an excerpt from Forbes – Cybersecurity View Original Source

Israel Hospital Uses Facial Recognition To Identify Dead And Wounded From Hamas War Read More »

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor

Atlassian, Atlassian Confluence, Don't miss, exploit, GreyNoise, Hot stuff, Microsoft, News, Rapid7, vulnerability /

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor 11/10/2023 at 14:18 By Helga Labus A critical flaw in Atlassian Confluence Data Center and Server (CVE-2023-22515) has been exploited by a state-backed threat actor, Microsoft’s threat analysts have pinpointed. About the vulnerability CVE-2023-22515 was initially classified as a critical privilege escalation vulnerability affecting Confluence Data

Critical Atlassian Confluence vulnerability exploited by state-backed threat actor Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

15 free Microsoft 365 security training modules worth your time

Don't miss, Hot stuff, how-to, Microsoft, Microsoft 365, News, skill development, strategy, tips /

15 free Microsoft 365 security training modules worth your time 11/10/2023 at 07:32 By Help Net Security Microsoft 365 is a cloud-based productivity suite. Beyond just tools like Word and Excel, it integrates productivity applications with cloud functionalities, device administration, and enhanced security, all within a unified experience. Managing Microsoft 365 can be difficult for

15 free Microsoft 365 security training modules worth your time Read More »

Endpoint malware attacks decline as campaigns spread wider

attacks, cybersecurity, Encryption, Endpoint Security, extortion, Malware, News, Ransomware, report, SSL/TLS, threats, WatchGuard /

Endpoint malware attacks decline as campaigns spread wider 11/10/2023 at 06:31 By Help Net Security In Q2 2023, 95% of malware now arrives over encrypted connections, endpoint malware volumes are decreasing despite campaigns growing more widespread, ransomware detections are declining amid a rise in double-extortion attacks, and older software vulnerabilities persist as popular targets for

Endpoint malware attacks decline as campaigns spread wider Read More »

Cloud security and functionality: Don’t settle for just one

Center for Internet Security, Don't miss, News /

Cloud security and functionality: Don’t settle for just one 11/10/2023 at 06:02 By Help Net Security Cloud security is important to you, but that doesn’t mean you’re willing to trade security for functionality. You need security to work for you. Whatever cloud security resources you’re using must be compatible with the services you use to

Cloud security and functionality: Don’t settle for just one Read More »

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763)

DDoS, Don't miss, Hot stuff, Microsoft, Microsoft Exchange, News, Patch Tuesday, security update, Trend Micro, Windows /

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) 10/10/2023 at 22:01 By Zeljka Zorz On this October 2023 Patch Tuesday, Microsoft has released 103 patches and has fixed three actively exploited vulnerabilities (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487). The exploited zero-days (CVE-2023-36563, CVE-2023-41763, CVE-2023-44487) CVE-2023-36563, discovered by Microsoft Threat Intelligence, is a WordPad vulnerability that could

Microsoft plugs exploited WordPad, Skype for Business zero-days (CVE-2023-36563, CVE-2023-41763) Read More »

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)

attack, attacks, AWS, Cloudflare, CVE, cybersecurity, DDoS, Google, News, threat, vulnerability /

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) 10/10/2023 at 16:21 By Help Net Security Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed HTTP/2 Rapid Reset. Decoding HTTP/2 Rapid Reset (CVE-2023-44487) In late

Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Why zero trust delivers even more resilience than you think

access management, attack, cyber resilience, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, NetScaler, News, opinion, policy, remediation, zero trust /

Why zero trust delivers even more resilience than you think 10/10/2023 at 08:04 By Help Net Security Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable trend than as a mere option on the security menu.

Why zero trust delivers even more resilience than you think Read More »

Turning military veterans into cybersecurity experts

cybersecurity, Don't miss, Features, Hot stuff, News, opinion, skill development, TechVets, Threat Intelligence, threats, training /

Turning military veterans into cybersecurity experts 10/10/2023 at 07:34 By Mirko Zorz In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity, discusses the challenges that military veterans face when transitioning from military to civilian life. One significant hurdle is the difficulty they often encounter in

Turning military veterans into cybersecurity experts Read More »

Cybersecurity pros predict rise of malicious AI

Artificial Intelligence, awareness, cybersecurity, Enea, Malware, News, phishing, report, social engineering, strategy, survey /

Cybersecurity pros predict rise of malicious AI 10/10/2023 at 06:35 By Help Net Security 76% of cybersecurity professionals believe the world is very close to encountering malicious AI that can bypass most known cybersecurity measures, according to Enea. 26% see this happening within the next year, and 50% in the next 5 years. Worries about

Cybersecurity pros predict rise of malicious AI Read More »

Scroll to Top