News

Telecom firms hit with novel backdoors disguised as security software

Cisco, Don't miss, Hot stuff, Malware, News, telecommunications /

Telecom firms hit with novel backdoors disguised as security software 21/09/2023 at 15:31 By Zeljka Zorz Researchers have unearthed new backdoors leveraged to maintain long-term access in the networks of telecom firms in the Middle East. HTTPSnoop and PipeSnoop – as the two implants have been dubbed by Cisco Talos researchers – have been disguised […]

Telecom firms hit with novel backdoors disguised as security software Read More »

Fake WinRAR PoC spread VenomRAT malware

Don't miss, Hot stuff, Malware, News, Palo Alto Networks, PoC, vulnerability, WinRAR /

Fake WinRAR PoC spread VenomRAT malware 21/09/2023 at 13:01 By Helga Labus An unknown threat actor has released a fake proof of concept (PoC) exploit for CVE-2023-4047, a recently fixed remote code execution (RCE) vulnerability in WinRAR, to spread the VenomRAT malware. The fake WinRAR PoC On August 17, 2023, Trend Micro’s Zero Day Initiative

Fake WinRAR PoC spread VenomRAT malware Read More »

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179)

Don't miss, Endpoint Security, enterprise, Hot stuff, News, patch, security update, Trend Micro, vulnerability /

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) 21/09/2023 at 11:46 By Zeljka Zorz Trend Micro has fixed a critical zero-day vulnerability (CVE-2023-41179) in several of its endpoint security products for enterprises that has been spotted being exploited in the wild. About CVE-2023-41179 The nature of the flaw hasn’t been revealed, but we know

Critical Trend Micro vulnerability exploited in the wild (CVE-2023-41179) Read More »

How companies can take control of their cybersecurity

Compliance, cybersecurity, Don't miss, Features, GDPR, Hot stuff, News, opinion, Reciproc-IT, regulation, skill development, standards, strategy /

How companies can take control of their cybersecurity 21/09/2023 at 07:17 By Mirko Zorz In this Help Net Security interview, Baya Lonqueux, CEO at Reciproc-IT, discusses the evolving cybersecurity landscape and the essential skillsets needed for teams working in this field. The interview highlights the shift from technical expertise to a focus on organizational and

How companies can take control of their cybersecurity Read More »

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers

Compliance, critical infrastructure, Cybellum, cybersecurity, News, regulation, report, supply chain, survey, threats /

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers 21/09/2023 at 07:02 By Help Net Security 50% of companies lack a dedicated security function for control systems and devices within their organizational structure, according to Cybellum. Security incidents involving industrial organizations have seen a sharp rise in recent years, with notable cases highlighting the vulnerabilities in

Regulatory pressure complicates cybersecurity for industrial equipment manufacturers Read More »

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet

attacks, critical infrastructure, cyber espionage, cyber resilience, cybersecurity, ENISA, EU, law, News, regulation, report /

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet 21/09/2023 at 06:32 By Help Net Security More than 97% of the world’s internet traffic passes through subsea cables at some point, according to ENISA. Subsea cables are a vital component of the global internet infrastructure, and it is critical to protect them

Hidden dangers loom for subsea cables, the invisible infrastructure of the internet Read More »

Building GenAI competence for business growth

Compliance, cybersecurity, framework, generative AI, IDC, News, policy, regulation, report, skill development, strategy, training /

Building GenAI competence for business growth 21/09/2023 at 06:02 By Help Net Security To embark on the GenAI technology adoption journey for business success, organizations require foundational activities related to GenAI investment, guidance in prioritizing use cases, and identification of key stakeholders essential for building and implementing successful initiatives, according to IDC. Essential key activities

Building GenAI competence for business growth Read More »

Shadow IT: Security policies may be a problem

Don't miss, enterprise, Hot stuff, Kolide, News, policy, shadow IT, survey, training /

Shadow IT: Security policies may be a problem 20/09/2023 at 08:23 By Zeljka Zorz 3 out of 4 workers use personal (and often unmanaged) phones and laptops for work and nearly half of companies let unmanaged devices access protected resources, a recent report by Kolide and Dimensional Research has revealed. When asked why they use

Shadow IT: Security policies may be a problem Read More »

What AppSec and developers working in cloud-native environments need to know

Application Security, Backslash Security, cloud computing, containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IaaS, microservices, News, opinion, serverless, software /

What AppSec and developers working in cloud-native environments need to know 20/09/2023 at 08:05 By Help Net Security All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, making them creators and distributors

What AppSec and developers working in cloud-native environments need to know Read More »

18 free Microsoft Azure cybersecurity resources you should check out

Azure, cloud security, Don't miss, Hot stuff, how-to, Microsoft, Microsoft Azure, News, skill development, strategy, tips, training /

18 free Microsoft Azure cybersecurity resources you should check out 20/09/2023 at 07:33 By Help Net Security Far exceeding a traditional public cloud platform, Azure is a comprehensive suite of over 200 products and cloud services engineered to solve current challenges and pave the way for the future. Whether you’re looking to build, run, or

18 free Microsoft Azure cybersecurity resources you should check out Read More »

Security concerns and outages elevate observability from IT niche to business essential

automation, cybersecurity, data, monitoring, News, remediation, report, SolarWinds, survey /

Security concerns and outages elevate observability from IT niche to business essential 20/09/2023 at 06:47 By Help Net Security Enterprises that leverage observability increase operational efficiency and grow revenue, according to SolarWinds. The report explores how enterprises can act proactively to maximise the advantages of their observability solutions, integrate best practices into implementations, and mitigate

Security concerns and outages elevate observability from IT niche to business essential Read More »

Strong compliance management is crucial for fintech-bank partnerships

Banks, Compliance, cybersecurity, financial industry, investment, Ncontracts, News, report, survey /

Strong compliance management is crucial for fintech-bank partnerships 20/09/2023 at 06:02 By Help Net Security 72% of banks and credit unions are prioritizing compliance when evaluating fintechs, citing it as their top criteria in the due diligence process, according to Ncontracts. As banks and credit unions evaluate fintech partnerships, cybersecurity (62%) is also a critical

Strong compliance management is crucial for fintech-bank partnerships Read More »

Never use your master password as a password on other accounts

authentication, credentials, Don't miss, Hot stuff, News, password manager, passwords, survey /

Never use your master password as a password on other accounts 19/09/2023 at 08:33 By Helga Labus One in three Americans now use password managers, up from one in five in 2022, according to an online poll by Security.org that quizzed 1,051 American adults on how they use passwords and password managers. How users choose

Never use your master password as a password on other accounts Read More »

An inside look at NetSPI’s impressive Breach and Attack Simulation platform

CISO, cybersecurity, Don't miss, Features, Hot stuff, NetSPI, News, opinion /

An inside look at NetSPI’s impressive Breach and Attack Simulation platform 19/09/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Scott Sutherland, VP of Research at NetSPI, delves into the intricacies of their Breach and Attack Simulation (BAS) platform and discusses how it offers unique features – from customizable procedures to advanced

An inside look at NetSPI’s impressive Breach and Attack Simulation platform Read More »

LLM Guard: Open-source toolkit for securing Large Language Models

Artificial Intelligence, ChatGPT, Don't miss, GitHub, News, open source /

LLM Guard: Open-source toolkit for securing Large Language Models 19/09/2023 at 07:34 By Mirko Zorz LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection

LLM Guard: Open-source toolkit for securing Large Language Models Read More »

Companies still don’t know how to handle generative AI risks

Artificial Intelligence, cybersecurity, generative AI, ISG, News, report, survey /

Companies still don’t know how to handle generative AI risks 19/09/2023 at 06:32 By Help Net Security Energized by the hype around generative AI, enterprises are aggressively pursuing practical applications of this new technology while remaining cautious about the risks, according to ISG. ISG research shows 85% of companies surveyed believe investments in generative AI

Companies still don’t know how to handle generative AI risks Read More »

Organizations are racing against time to meet the PCI DSS 4.0 deadline

Bluefin, Compliance, cybersecurity, data, data breach, data security, News, online payment, report, survey /

Organizations are racing against time to meet the PCI DSS 4.0 deadline 19/09/2023 at 06:02 By Help Net Security Payment data security concerns remain widespread as organizations undertake significant lift to meet the PCI DSS 4.0 deadline, according to Bluefin. 94% of survey respondents said they have significant or very significant concerns pertaining to payment

Organizations are racing against time to meet the PCI DSS 4.0 deadline Read More »

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676)

Akamai, Don't miss, Hot stuff, Kubernetes, News, security update, vulnerability, Windows /

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) 18/09/2023 at 14:32 By Helga Labus Three high-severity Kubernetes vulnerabilities (CVE-2023-3676, CVE-2023-3893, CVE-2023-3955) could allow attackers to execute code remotely and gain control over all Windows nodes in the Kubernetes cluster. About the vulnerabilities CVE-2023-3676, discovered by Akamai researcher Tomer Peled, is a command injection vulnerability that

Kubernetes vulnerabilities allows RCE on Windows endpoints (CVE-2023-3676) Read More »

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion

cybersecurity, Don't miss, Dragos, Features, Government, Hot stuff, investment, Malware, News, opinion, Threat Intelligence, threats /

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion 18/09/2023 at 12:32 By Mirko Zorz Today, Dragos revealed that it has secured a $74 million Series D extension funding round, spearheaded by the strategic operating and investment firm WestCap. The funding extension comes when global governments and infrastructure providers increasingly acknowledge

Industrial cybersecurity giant Dragos rakes in new funding, sets sights on global expansion Read More »

Regulatory activity forces compliance leaders to spend more on GRC tools

Compliance, cybersecurity, Gartner, Government, GRC, investment, monitoring, News, regulation, report, Risk Management, survey, training /

Regulatory activity forces compliance leaders to spend more on GRC tools 18/09/2023 at 07:48 By Help Net Security Legal and compliance department investment in GRC (governance, risk, and compliance) tools will increase 50% by 2026, according to Gartner. Assurance leaders are seeking out technology solutions to help them address increasing regulatory attention on executive risk

Regulatory activity forces compliance leaders to spend more on GRC tools Read More »

Scroll to Top