News

Large-scale breaches overshadow decline in number of healthcare data incidents

Critical Insight, cybersecurity, data breach, hacker, healthcare, News, NIST, report, risk assessment, strategy, USA /

Large-scale breaches overshadow decline in number of healthcare data incidents 23/08/2023 at 06:04 By Help Net Security While H1 2023 saw an encouraging decrease in the overall number of data breaches impacting healthcare organizations, it was overshadowed by large-scale breaches resulting in a significant increase in the number of individuals affected, which reached record levels, […]

Large-scale breaches overshadow decline in number of healthcare data incidents Read More »

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035)

0-day, enterprise, gateway, Ivanti, Mnemonic, News, security update /

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035) 22/08/2023 at 13:48 By Zeljka Zorz Ivanti is urging administrators of Ivanti Sentry (formerly MobileIron Sentry) gateways to patch a newly discovered vulnerability (CVE-2023-38035) that could be exploited to change configuration, run system commands, or write files onto the vulnerable system. “As of now, we are only

Ivanti Sentry zero-day vulnerability fixed, patch ASAP! (CVE-2023-38035) Read More »

Seiko joins growing list of ALPHV/BlackCat ransomware victims

data breach, Don't miss, Hot stuff, News, Ransomware /

Seiko joins growing list of ALPHV/BlackCat ransomware victims 22/08/2023 at 12:03 By Helga Labus Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The company published a data breach and response notice on August 10, 2023, stating that an

Seiko joins growing list of ALPHV/BlackCat ransomware victims Read More »

Juniper Networks fixes flaws leading to RCE in firewalls and switches

Don't miss, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper Networks fixes flaws leading to RCE in firewalls and switches 22/08/2023 at 11:46 By Helga Labus Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers to achieve remote code execution (RCE) on the company’s SRX firewalls and EX switches. The fixed Junos OS

Juniper Networks fixes flaws leading to RCE in firewalls and switches Read More »

Maintaining consistent security in diverse cloud infrastructures

CISO, Cloud, cloud computing, cloud security, cyber resilience, cybersecurity, DevOps, Don't miss, Features, Hot stuff, misconfiguration, Mitigant, monitoring, News, opinion, training /

Maintaining consistent security in diverse cloud infrastructures 22/08/2023 at 07:01 By Mirko Zorz As cloud infrastructures become increasingly API-driven and dynamically spread across expansive attack surfaces, achieving clarity proves difficult. Compounding this challenge is the integration of DevOps practices, microservices, and container technologies, which, while fostering agility and scalability, introduce additional layers of complexity and

Maintaining consistent security in diverse cloud infrastructures Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software /

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

8 open-source OSINT tools you should try Read More »

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Don't miss, Hot stuff, News, security update, Trend Micro, vulnerability, Windows, WinRAR /

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) 21/08/2023 at 14:47 By Helga Labus RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR can create and extract file archives in various compression formats (RAR, ZIP, CAB, ARJ, LZH, TAR, GZip,

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477) Read More »

Chrome will tell users when extensions they use are removed from Chrome Web Store

browser, Chrome, Chrome Web Store, Don't miss, extension, Google, Hot stuff, News /

Chrome will tell users when extensions they use are removed from Chrome Web Store 21/08/2023 at 13:33 By Helga Labus Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web Store. A safety check for Chrome extensions

Chrome will tell users when extensions they use are removed from Chrome Web Store Read More »

Network detection and response in the modern era

BYOD, CISO, Compliance, cybersecurity, Don't miss, Exeon, Features, Hot stuff, IoT, machine learning, News, opinion, Ransomware, regulation, shadow IT, strategy, zero trust /

Network detection and response in the modern era 21/08/2023 at 07:04 By Mirko Zorz In this Help Net Security interview, David Gugelmann, CEO at Exeon, sheds light on the current cyber threats and their challenges for network security. He discusses the role of Network Detection and Response (NDR) solutions that leverage machine learning algorithms to

Network detection and response in the modern era Read More »

Organizations invest in AI tools to elevate email security

Artificial Intelligence, cybersecurity, Email, email security, Ironscales, News, Osterman Research, report, social engineering /

Organizations invest in AI tools to elevate email security 21/08/2023 at 06:39 By Help Net Security To counteract new and emerging threat methods enhanced by artificial intelligence, specialized email security vendors are leveraging a synergy of AI and human insights to enhance email security, according to IRONSCALES and Osterman Research. Cybercriminals are already using AI

Organizations invest in AI tools to elevate email security Read More »

Week in review: VPNs vulnerable to TunnelCrack attacks, Cybertech Africa 2023

News, Week in review /

Week in review: VPNs vulnerable to TunnelCrack attacks, Cybertech Africa 2023 20/08/2023 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Deception technology and breach anticipation strategies In this Help Net Security interview, Xavier Bellekens, CEO of Lupovis, explains how the implementation of

Week in review: VPNs vulnerable to TunnelCrack attacks, Cybertech Africa 2023 Read More »

Zimbra users in Europe, Latin America face phishing threat

credentials, Don't miss, ESET, Europe, Government, Hot stuff, News, phishing, SMBs, social engineering /

Zimbra users in Europe, Latin America face phishing threat 18/08/2023 at 11:04 By Help Net Security ESET researchers have uncovered a mass-spreading phishing campaign aimed at collecting Zimbra account users’ credentials. Zimbra Collaboration is an open-core collaborative software platform, a popular alternative to enterprise email solutions. About the Zimbra phishing campaign The campaign has been

Zimbra users in Europe, Latin America face phishing threat Read More »

Reinventing OT security for dynamic landscapes

asvin, authentication, CISO, critical infrastructure, cybersecurity, Don't miss, Features, Hot stuff, how-to, News, opinion, regulation, Risk Management, strategy, tips, zero trust /

Reinventing OT security for dynamic landscapes 18/08/2023 at 07:05 By Mirko Zorz From understanding the challenges of disparate OT protocols and the increasing convergence with IT to grappling with the monumental role of human error, our latest interview with Rohit Bohara, CTO at asvin, delves deep into the landscape of OT security. As cloud solutions

Reinventing OT security for dynamic landscapes Read More »

New infosec products of the week: August 18, 2023

Action1, Bitdefender, MongoDB, Netskope, News, SentinelOne /

New infosec products of the week: August 18, 2023 18/08/2023 at 06:36 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Action1, MongoDB, Bitdefender, SentinelOne and Netskope. Action1 platform update bridges the gap between vulnerability discovery and remediation Action1 Corporation has released a new version

New infosec products of the week: August 18, 2023 Read More »

30% of phishing threats involve newly registered domains

BEC scams, Cloudflare, Email, human error, identity, News, phishing, report, zero trust /

30% of phishing threats involve newly registered domains 18/08/2023 at 05:31 By Help Net Security Phishing remains the most dominant and fastest growing internet crime, largely due to the ubiquity of email and the ceaseless issue of human error that is preyed upon by today’s threat actors, according to Cloudflare. While business email compromise (BEC)

30% of phishing threats involve newly registered domains Read More »

Federal agencies gear up for zero trust executive order deadline

automation, cybersecurity, Government, News, report, SOAR, Swimlane, USA, zero trust /

Federal agencies gear up for zero trust executive order deadline 18/08/2023 at 05:04 By Help Net Security Federal agencies are prepared to meet the zero trust executive order requirements from the Biden Administration with just over a year until the deadline, according to Swimlane. The research investigated the confidence level of these agencies in meeting

Federal agencies gear up for zero trust executive order deadline Read More »

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489)

Citrix, Citrix ShareFile, Don't miss, enterprise, file-sharing, Hot stuff, News, PoC, security update, vulnerability /

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) 17/08/2023 at 14:16 By Zeljka Zorz CVE-2023-24489, a critical Citrix ShareFile vulnerability that the company has fixed in June 2023, is being exploited by attackers. GreyNoise has flagged on Tuesday a sudden spike in IP addresses from which exploitation attempts are coming, and the Cybersecurity and Infrastructure Agency (CISA)

Citrix ShareFile vulnerability actively exploited (CVE-2023-24489) Read More »

Phishers use QR codes to target companies in various industries

Cofense, Don't miss, Hot stuff, Microsoft, News, phishing, QR codes /

Phishers use QR codes to target companies in various industries 17/08/2023 at 13:01 By Helga Labus A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major Energy company based in the US, saw about 29% of the over 1000 emails

Phishers use QR codes to target companies in various industries Read More »

The road ahead for ecommerce fraud prevention

ClearSale, cybersecurity, Don't miss, e-commerce, Features, fraud, Hot stuff, identity, machine learning, News, online payment, opinion, strategy, tips /

The road ahead for ecommerce fraud prevention 17/08/2023 at 07:36 By Mirko Zorz Ecommerce platforms are incorporating sophisticated fraud detection measures, but fraudsters, too, are refining their strategies. In this Help Net Security interview, Eduardo Mônaco, CEO at ClearSale, explains the complexities of ecommerce fraud, discussing the evolution of fraudster tactics, the effectiveness of social

The road ahead for ecommerce fraud prevention Read More »

Heavy workloads driving IT professionals to resign

Artificial Intelligence, automation, burnout, hybrid workforce, Ivanti, machine learning, monitoring, News, professional, remote working, report /

Heavy workloads driving IT professionals to resign 17/08/2023 at 06:32 By Help Net Security A quarter of IT professionals are seriously contemplating leaving their current jobs within the next six months, potentially costing US companies upwards of 145 billion dollars, according to Ivanti. These statistics highlight the pressing need for organizations to relieve the burden

Heavy workloads driving IT professionals to resign Read More »

Scroll to Top