News

75% of education sector attacks linked to compromised accounts

cybersecurity, data security, education, Netwrix, News, phishing, Ransomware, report, survey /

75% of education sector attacks linked to compromised accounts 08/09/2023 at 06:31 By Help Net Security 69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. Phishing and account compromise threaten the education sector Phishing and user account compromise were the most common attack paths for these […]

75% of education sector attacks linked to compromised accounts Read More »

Unimplemented controls could derail your ESG compliance efforts

AuditBoard, Compliance, ESG, investment, News, regulation, report, Risk Management /

Unimplemented controls could derail your ESG compliance efforts 08/09/2023 at 06:01 By Help Net Security Two-thirds of organizations have not implemented environmental, social and governance (ESG) controls, and 60% do not currently perform internal ESG audits, according to a report by AuditBoard. Lack of ESG program readiness This lack of ESG program readiness raises the

Unimplemented controls could derail your ESG compliance efforts Read More »

How Chinese hackers got their hands on Microsoft’s token signing key

cloud security, cyber espionage, data theft, Don't miss, enterprise, Europe, Government, Hot stuff, Microsoft, Microsoft 365, News, USA, Wiz /

How Chinese hackers got their hands on Microsoft’s token signing key 07/09/2023 at 17:00 By Zeljka Zorz The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere

How Chinese hackers got their hands on Microsoft’s token signing key Read More »

MacOS malware has a new trick up its sleeve

Don't miss, Google, Hot stuff, macOS, malvertising, Malware, News, phishing /

MacOS malware has a new trick up its sleeve 07/09/2023 at 15:02 By Helga Labus A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April

MacOS malware has a new trick up its sleeve Read More »

LibreOffice: Stability, security, and continued development

cyber resilience, Don't miss, EU, Features, Hot stuff, legislation, LibreOffice, News, open source, product development, vulnerability management /

LibreOffice: Stability, security, and continued development 07/09/2023 at 08:31 By Zeljka Zorz LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it’s free. The suite includes Writer (word processor), Calc (a spreadsheet app), Impress

LibreOffice: Stability, security, and continued development Read More »

3 ways to strike the right balance with generative AI

access control, Artificial Intelligence, cybersecurity, data breach, Descope, Don't miss, Expert analysis, Expert corner, exploit, generative AI, Hot stuff, News, opinion, threats, training /

3 ways to strike the right balance with generative AI 07/09/2023 at 08:02 By Help Net Security To find the sweet spot where innovation doesn’t mean sacrificing your security posture, organizations should consider the following three best practices when leveraging AI. Implement role-based access control In the context of generative AI, having properly defined user

3 ways to strike the right balance with generative AI Read More »

Shifting left and right, innovating product security

CISO, collaboration, Compliance, Cybellum, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, policy, regulation, software, standards, strategy /

Shifting left and right, innovating product security 07/09/2023 at 07:03 By Mirko Zorz In this Help Net Security interview, Slava Bronfman, CEO at Cybellum, discusses approaches for achieving product security throughout a device’s entire lifecycle, fostering collaboration across business units and product lines, ensuring transparency and security in the supply chain, and meeting regulatory requirements

Shifting left and right, innovating product security Read More »

Cybersecurity pros battle discontent amid skills shortage

cybersecurity, Don't miss, ESG, ISSA, News, report, Skillsoft, survey /

Cybersecurity pros battle discontent amid skills shortage 07/09/2023 at 06:32 By Help Net Security The cybersecurity skills crisis continues in a multi-year freefall that has impacted 71% of organizations and left two-thirds of cybersecurity professionals stating that the job has become more difficult over the past two years—while 60% of organizations continue to deflect responsibility,

Cybersecurity pros battle discontent amid skills shortage Read More »

Baseline standards for BYOD access requirements

Application Security, BYOD, Compliance, cyber hygiene, cybersecurity, data, Europe, Jamf, mobile devices, News, operating system, patching, policy, Privacy, remote access, shadow IT, standards, survey /

Baseline standards for BYOD access requirements 07/09/2023 at 06:02 By Help Net Security 49% of enterprises across Europe currently have no formal Bring-Your-Own-Device (BYOD) policy in place, meaning they have no visibility into or control over if and how employees are connecting personal devices to corporate resources, according to a Jamf survey. With the summer

Baseline standards for BYOD access requirements Read More »

Old vulnerabilities are still a big problem

cybercrime, Don't miss, exploit, Fortinet, Hot stuff, Malware, News, patching, Qualys, Ransomware, vulnerability /

Old vulnerabilities are still a big problem 06/09/2023 at 17:01 By Zeljka Zorz A recently flagged phishing campaign aimed at delivering the Agent Tesla RAT to unsuspecting users takes advantage of old vulnerabilities in Microsoft Office that allow remote code execution. “Despite fixes for CVE-2017-11882/CVE-2018-0802 being released by Microsoft in November, 2017 and January, 2018,

Old vulnerabilities are still a big problem Read More »

Cybercriminals target MS SQL servers to deliver ransomware

brute-force, Don't miss, Hot stuff, Microsoft, MS SQL Server, News, Ransomware /

Cybercriminals target MS SQL servers to deliver ransomware 06/09/2023 at 16:02 By Helga Labus A cyberattack campaign is targeting exposed Microsoft SQL (MS SQL) databases, aiming to deliver ransomware and Cobalt Strike payloads. The attack campaign The attackers target exposed MS SQL servers by brute-forcing access credentials. After having successfully authenticated, they start enumerating the

Cybercriminals target MS SQL servers to deliver ransomware Read More »

MITRE Caldera for OT now available as extension to open-source platform

CISA, critical infrastructure, DHS, GitHub, HSSEDI, MITRE, News, open source, USA /

MITRE Caldera for OT now available as extension to open-source platform 06/09/2023 at 09:32 By Help Net Security MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first

MITRE Caldera for OT now available as extension to open-source platform Read More »

Emerging threat: AI-powered social engineering

Artificial Intelligence, cybercrime, cybersecurity, deepfakes, Don't miss, Email, Europe, Expert analysis, Expert corner, extortion, Hot stuff, law, News, phishing, social engineering, WithSecure /

Emerging threat: AI-powered social engineering 06/09/2023 at 07:32 By Help Net Security Social engineering is a sophisticated form of manipulation but, thanks to AI advancements, malicious groups have gained access to highly sophisticated tools, suggesting that we might be facing more elaborate social engineering attacks in the future. It is becoming increasingly evident that the

Emerging threat: AI-powered social engineering Read More »

Compliance budgets under strain as inflation and workload grow

automation, Compliance, cybersecurity, Gartner, investment, News, report /

Compliance budgets under strain as inflation and workload grow 06/09/2023 at 06:33 By Help Net Security Compliance leaders are facing pressure to make the most of existing resources despite economic challenges and increased workload volume and complexity, according to Gartner. To face these challenges, leaders must address three crucial compliance function trends this year: tighter

Compliance budgets under strain as inflation and workload grow Read More »

Avoidable digital certificate issues fuel data breaches

access management, AppViewX, authentication, certificates, cybersecurity, data breach, Forrester Consulting, identity management, News, report, survey, zero trust /

Avoidable digital certificate issues fuel data breaches 06/09/2023 at 06:02 By Help Net Security Among organizations that have suffered data breaches 58% were caused by issues related to digital certificates, according to a report by AppViewX and Forrester Consulting. As a result of service outages, 57% said their organizations have incurred costs upwards of $100,000

Avoidable digital certificate issues fuel data breaches Read More »

CIS Benchmarks Communities: Where configurations meet consensus

Center for Internet Security, News /

CIS Benchmarks Communities: Where configurations meet consensus 06/09/2023 at 05:47 By Help Net Security Have you ever wondered how technology hardening guidelines are developed? Some are determined by a particular vendor or driven by a bottom-line perspective. That’s not the case with the CIS Benchmarks. They’re the only consensus-developed security configuration recommendations both created and

CIS Benchmarks Communities: Where configurations meet consensus Read More »

Atlas VPN zero-day allows sites to discover users’ IP address

0-day, Don't miss, exploit, Hot stuff, Linux, News, VPN, vulnerability /

Atlas VPN zero-day allows sites to discover users’ IP address 05/09/2023 at 20:47 By Zeljka Zorz Atlas VPN has confirmed the existence of a zero-day vulnerability that may allow website owners to discover Linux users’ real IP address. Details about this zero-day vulnerability as well as exploit code have been publicly released on Reddit several

Atlas VPN zero-day allows sites to discover users’ IP address Read More »

LockBit leaks sensitive data from maximum security fence manufacturer

critical infrastructure, data breach, Data leak, Don't miss, Hot stuff, legacy technology, News, UK, Windows /

LockBit leaks sensitive data from maximum security fence manufacturer 05/09/2023 at 17:32 By Helga Labus The LockBit ransomware group has breached Zaun, a UK-based manufacturer of fencing systems for military sites and critical utilities, by compromising a legacy computer running Windows 7 and using it as an initial point of access to the wider company

LockBit leaks sensitive data from maximum security fence manufacturer Read More »

Connected cars and cybercrime: A primer

attacks, connected cars, cybercrime, cybercriminals, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, identity theft, Keylogger, Malware, News, opinion, phishing, VicOne /

Connected cars and cybercrime: A primer 05/09/2023 at 08:02 By Help Net Security Original equipment suppliers (OEMs) and their suppliers who are weighing how to invest their budgets might be inclined to slow pedal investment in addressing cyberthreats. To date, the attacks that they have encountered have remained relatively unsophisticated and not especially harmful. Analysis

Connected cars and cybercrime: A primer Read More »

The misconceptions preventing wider adoption of digital signatures

certification, Compliance, cybersecurity, digital signature, Don't miss, Features, fidentity, Government, healthcare, Hot stuff, identity, identity verification, News, PDF, regulation, security ROI /

The misconceptions preventing wider adoption of digital signatures 05/09/2023 at 07:33 By Mirko Zorz In this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified digital signatures, demonstrating their equivalence to handwritten signatures when backed by robust identity verification. Opting for certified providers that adhere to standards like eIDAS

The misconceptions preventing wider adoption of digital signatures Read More »

Scroll to Top