New infosec products of the week: July 14, 2023 14/07/2023 at 07:09 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Fidelis Cybersecurity, Hubble, NETSCOUT, Regula, and WatchGuard. WatchGuard expands identity protection capabilities with AuthPoint Total Identity Security AuthPoint Total Identity Security enables MSPs to […]
New infosec products of the week: July 14, 2023 Read More »
Facebook and Microsoft remain prime targets for spoofing 14/07/2023 at 06:36 By Help Net Security While trends in phishing frequently evolve, Facebook and Microsoft’s collective dominance as the most spoofed brands continues, according to Vade. Facebook and Microsoft’s collective dominance as the most spoofed brands continued into H1 2023, with the former accounting for 18%
Facebook and Microsoft remain prime targets for spoofing Read More »
Top priorities for chief audit executives in 2023 14/07/2023 at 06:10 By Help Net Security The top focus areas for chief audit executives (CAEs) in 2023 are advancing data analytics, assuring proliferating digital risks, and talent management, according to Gartner. “In 2023 most CAEs are focusing on organizational and departmental digital transformation initiatives and improving
Top priorities for chief audit executives in 2023 Read More »
Unnamed APT eyes vulnerabilities in Rockwell Automation industrial contollers (CVE-2023-3595 CVE-2023-3596) 13/07/2023 at 15:46 By Zeljka Zorz Rockwell Automation has fixed two vulnerabilities (CVE-2023-3595, CVE-2023-3596) in the communication modules of its ControlLogix industrial programmable logic controllers (PLCs), ahead of expected (and likely) in-the-wild exploitation. “An unreleased exploit capability leveraging these vulnerabilities is associated with an
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities 13/07/2023 at 14:32 By Help Net Security FIRST has unveiled the latest version of its Common Vulnerability Scoring System (CVSS 4.0). Critical in the interface between supplier and consumer, CVSS provides a way to capture the principal characteristics of a security vulnerability and
CVSS 4.0 released, to help assess real-time threat and impact of vulnerabilities Read More »
20% of malware attacks bypass antivirus protection 13/07/2023 at 07:02 By Help Net Security Security leaders are concerned about attacks that leverage malware-exfiltrated authentication data, with 53% expressing extreme concern and less than 1% admitting they weren’t concerned at all, according to SpyCloud. However, many still lack the necessary tools to investigate the security and
20% of malware attacks bypass antivirus protection Read More »
Infrastructure upgrades alone won’t guarantee strong security 13/07/2023 at 06:31 By Help Net Security While 75% of organizations have made significant strides to upgrade their infrastructure in the past year, including the adoption of public cloud hosting and containerization, and 78% have increased their security budgets, only 2% of industry experts are confident in their
Infrastructure upgrades alone won’t guarantee strong security Read More »
Only 45% of cloud data is currently encrypted 13/07/2023 at 06:01 By Help Net Security 39% of businesses have experienced a data breach in their cloud environment last year, an increase on the 35% reported in 2022, according to Thales. In addition, human error was reported as the leading cause of cloud data breaches by
Only 45% of cloud data is currently encrypted Read More »
Same code, different ransomware? Leaks kick-start myriad of new variants 12/07/2023 at 14:54 By Help Net Security Threat landscape trends demonstrate the impressive flexibility of cybercriminals as they continually seek out fresh methods of attack, including exploiting vulnerabilities, gaining unauthorized access, compromising sensitive information, and defrauding individuals, according to the H1 2023 ESET Threat Report.
Same code, different ransomware? Leaks kick-start myriad of new variants Read More »
Chinese hackers forged authentication tokens to breach government emails 12/07/2023 at 13:17 By Zeljka Zorz Sophisticated hackers have accessed email accounts of organizations and government agencies via authentication tokens they forged by using an acquired Microsoft account (MSA) consumer signing key, the company has revealed on Tuesday. “The threat actor Microsoft links to this incident
Chinese hackers forged authentication tokens to breach government emails Read More »
How Google Cloud’s AML AI redefines the fight against money laundering 12/07/2023 at 07:02 By Mirko Zorz Google Cloud’s AML AI represents an advancement in the fight against money laundering. By replacing outdated transaction monitoring systems and embracing AI technology, financial institutions can now stay ahead of evolving financial crime risks, improve operational efficiency, ensure
How Google Cloud’s AML AI redefines the fight against money laundering Read More »
CIOs prioritize innovation over tech stack optimization 12/07/2023 at 06:33 By Help Net Security Despite economic obstacles and constraints on IT budgets, global CIOs maintain a positive outlook on the potential of technology to provide significant benefits for their organizations, according to Lenovo. Despite their optimism, the risks are real, as 83% are concerned that
CIOs prioritize innovation over tech stack optimization Read More »
Free entry-level cybersecurity training and certification exam 12/07/2023 at 05:48 By Help Net Security The Ultimate Guide to Certified in Cybersecurity (CC) covers everything you need to know about the entry-level credential recognized by organizations worldwide. Inside, learn how CC starts you on your path to advanced cybersecurity certification and how to access free Official
Free entry-level cybersecurity training and certification exam Read More »
The U.S. Used Potent Global Surveillance Power To Track Russians In $4 Billion Crypto Exchange Investigation 11/07/2023 at 23:03 By Thomas Brewster, Forbes Staff Four men accused of laundering funds from the epic Mt. Gox crypto hack of 2014 were watched for over a year in an unprecedented use of a U.S. surveillance power. This
Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884) 11/07/2023 at 22:31 By Zeljka Zorz For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) 11/07/2023 at 13:02 By Zeljka Zorz Apple has patched an actively exploited zero-day vulnerability (CVE-2023-37450) by releasing Rapid Security Response updates for iPhones, iPads and Macs running the latest versions of its operating systems. The vulnerability has also been fixed with a regular security update
Apple pushes out emergency fix for actively exploited zero-day (CVE-2023-37450) Read More »
European Commission adopts adequacy decision for safe EU-U.S. data flows 11/07/2023 at 12:09 By Help Net Security Today, the European Commission adopted its adequacy decision for the EU-U.S. Data Privacy Framework. The decision concludes that the United States ensures an adequate level of protection – comparable to that of the European Union – for personal
European Commission adopts adequacy decision for safe EU-U.S. data flows Read More »
Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,
Owncast, EaseProbe security vulnerabilities revealed Read More »
CISO perspective on why Boards don’t fully grasp cyber attack risks 11/07/2023 at 07:33 By Mirko Zorz Due to their distinct perspectives, Board members and CISOs often have differing views on cyber attack risks. The discrepancy arises when Boards need cybersecurity expertise, need help comprehending technical jargon, or when CISOs need to communicate in business
CISO perspective on why Boards don’t fully grasp cyber attack risks Read More »
Compliance seizes spotlight in the connected devices arena 11/07/2023 at 06:06 By Help Net Security Investment in connected device security has accelerated as upcoming legislation affecting the sector becomes more prominent, according to PSA Certified. This acceleration also highlights a noticeable difference from last year in the level of demand from industry customers and, more
Compliance seizes spotlight in the connected devices arena Read More »