Global events fuel DDoS attack campaigns 02/10/2023 at 06:32 By Help Net Security Cybercriminals launched approximately 7.9 million DDoS attacks in 1H 2023, representing a 31% year-over-year increase, according to NETSCOUT. Global events like the Russia-Ukraine war and NATO bids have driven recent DDoS attack growth. Finland was targeted by pro-Russian hacktivists in 2022 during […]
Global events fuel DDoS attack campaigns Read More »
Infosec products of the month: September 2023 02/10/2023 at 05:32 By Help Net Security Here’s a look at the most interesting products from the past month, featuring releases from: 1Password, Armis, AlphaSOC, Baffle, Ciphertex Data Security, Cisco, ComplyCube, CTERA, CyberSaint, Dig Security, Fortinet, Ghost Security, Hornetsecurity, Immersive Labs, Kingston, Laiyer.ai, MixMode, NTT Security Holdings, OneTrust,
Infosec products of the month: September 2023 Read More »
Week in review: Chrome zero-day is actually in libwebp, Sony hacking rumours 01/10/2023 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How global enterprises navigate the complex world of data privacy In this Help Net Security interview, Evelyn de Souza, Head of
Week in review: Chrome zero-day is actually in libwebp, Sony hacking rumours Read More »
Malicious ads creep into Bing Chat responses 29/09/2023 at 16:46 By Helga Labus Users of Bing Chat, the GPT-4-powered search engine Microsoft introduced earlier this year, are being targeted with ads leading to malware. According to Malwarebytes researchers, searching for Advanced IP Scanner (network-scanning software) or MyCase (legal case management software) may result in an
Malicious ads creep into Bing Chat responses Read More »
New infosec products of the week: September 29, 2023 29/09/2023 at 08:00 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from AlphaSOC, Baffle, Immersive Labs, OneTrust, Panzura, runZero, and SeeMetrics. Immersive Labs Workforce Exercising allows cyber leaders to identify and fill skills gaps Immersive Labs
New infosec products of the week: September 29, 2023 Read More »
VMware users anxious about costs and ransomware threats 29/09/2023 at 07:31 By Help Net Security VMware customers have growing concerns about the state of the virtualization software and the company behind it – ranging from rising licensing costs, ransomware vulnerabilities and a diminishing quality of support, according to VergeIO. 84% of respondents indicated that they
VMware users anxious about costs and ransomware threats Read More »
Financial crime compliance costs exceed $206 billion 29/09/2023 at 07:02 By Help Net Security The growing complexity of compliance regulations and ever-evolving criminal methodologies are a major difficulty for financial institutions, according to LexisNexis Risk Solutions. Global financial crime compliance costs for financial institutions exceed $206 billion. This cost is comparable to more than 12%
Financial crime compliance costs exceed $206 billion Read More »
Cybersecurity budgets show moderate growth 29/09/2023 at 06:01 By Help Net Security Despite the economic uncertainty and inflation, security budgets generally continued to rise but at a lower rate than prior years, according to new research from IANS and Artico Search. Security budgets increase by 6% in 2023 Respondents reported an average security budget increase
Cybersecurity budgets show moderate growth Read More »
Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) 28/09/2023 at 14:47 By Helga Labus Google has fixed another critical zero-day vulnerability (CVE-2023-5217) in Chrome that is being exploited in the wild. About CVE-2023-5217 The vulnerability is caused by a heap buffer overflow in vp8 encoding in libvpx – a video codec library from Google
Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217) Read More »
How to avoid the 4 main pitfalls of cloud identity management 28/09/2023 at 08:02 By Help Net Security Securing cloud identities isn’t easy. Organizations need to complete a laundry list of actions to confirm proper configuration, ensure clear visibility into identities, determine and understand who can take what actions, and on top of it all
How to avoid the 4 main pitfalls of cloud identity management Read More »
The hidden costs of neglecting cybersecurity for small businesses 28/09/2023 at 07:31 By Mirko Zorz In this Help Net Security interview, Raffaele Mautone, CEO of Judy Security, talks about the cybersecurity problems that small businesses face and the need for prioritization to save businesses from potential fines and damage to their brand reputation. He also
The hidden costs of neglecting cybersecurity for small businesses Read More »
The clock is ticking for businesses to prepare for mandated certificate automation 28/09/2023 at 06:36 By Help Net Security Many organizations are unprepared for sweeping industry changes that call for mandated certificate automation, according to GMO GlobalSign. There could be significant changes within the Public Key Infrastructure (PKI) marketplace, the most pressing matter being Google’s
The clock is ticking for businesses to prepare for mandated certificate automation Read More »
Ransomware groups are shifting their focus away from larger targets 28/09/2023 at 06:02 By Help Net Security One in every six ransomware attacks targeting US government offices was traced back to the LockBit ransomware group, according to Trend Micro. Overall ransomware attack victim numbers increased by 47% from H2 2022. “We’ve observed a significant increase
Ransomware groups are shifting their focus away from larger targets Read More »
New twist on ZeroFont phishing technique spotted in the wild 27/09/2023 at 15:47 By Helga Labus Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack Documented and named by Avanan in 2018, the ZeroFont technique involves using text written in
New twist on ZeroFont phishing technique spotted in the wild Read More »
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) 27/09/2023 at 14:46 By Zeljka Zorz The Chrome zero-day exploited in the wild and patched by Google a few weeks ago has a new ID (CVE-2023-5129) and a description that tells the whole story: the vulnerability is not in Chrome, but the libwebp library,
Google “confirms” that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129) Read More »
Fake Bitwarden installation packages delivered RAT to Windows users 27/09/2023 at 11:47 By Helga Labus Windows users looking to install the Bitwarden password manager may have inadvertently installed a remote access trojan (RAT). The ZenRAT malware A malicious website spoofing Bitwarden’s legitimate one (located at bitwariden[.]com) has been offering fake installation packages containing the ZenRAT
Fake Bitwarden installation packages delivered RAT to Windows users Read More »
High number of security flaws found in EMEA-developed apps 27/09/2023 at 07:47 By Help Net Security Applications developed by organizations in Europe, Middle East and Africa tend to contain more security flaws than those created by their US counterparts, according to Veracode. Across all regions analysed, EMEA also has the highest percentage of ‘high severity’
High number of security flaws found in EMEA-developed apps Read More »
The pitfalls of neglecting security ownership at the design stage 27/09/2023 at 07:01 By Mirko Zorz For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs that go beyond the IT and network access aspects. In this Help Net
The pitfalls of neglecting security ownership at the design stage Read More »
Network Flight Simulator: Open-source adversary simulation tool 27/09/2023 at 06:31 By Mirko Zorz Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic
Network Flight Simulator: Open-source adversary simulation tool Read More »
Cloud service inefficiencies drain IT budgets 27/09/2023 at 06:01 By Help Net Security 71% of IT professionals stated that cloud-related costs make up 30% or more of their total IT spend, according to Aptum. In the current demanding economic environment, organizations are becoming increasingly aware of the financial implications of their business operations. While the
Cloud service inefficiencies drain IT budgets Read More »