News

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) 2024-08-07 at 12:01 By Zeljka Zorz Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Roundcube is an open-source webmail software solution popular with European […]

React to this headline:

Loading spinner

Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008) Read More »

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware 2024-08-07 at 09:16 By Help Net Security Forescout has published a new report examining the current state of the software supply chain in OT/IoT routers. The study uncovered that OT and IoT cellular routers and those used in small offices and homes contain outdated software components

React to this headline:

Loading spinner

OpenWrt dominates, but vulnerabilities persist in OT/IoT router firmware Read More »

Sports venues must vet their vendors to maintain security

Sports venues must vet their vendors to maintain security 2024-08-07 at 07:31 By Help Net Security Sporting events generate a lot of consumer activity, from hotels and restaurants to retail. Large sporting events are held together by webs of connectivity that include vendors, sponsors, employees, and consumers. These networks connect ticketing, merchandising, venue access, live

React to this headline:

Loading spinner

Sports venues must vet their vendors to maintain security Read More »

RustScan: Open-source port scanner

RustScan: Open-source port scanner 2024-08-07 at 07:01 By Help Net Security RustScan is an open-source port scanner designed for speed and versatility. It combines a sleek interface with the power to adapt and improve over time. With RustScan’s Adaptive Learning, the tool continually optimizes its performance, making it the most efficient port scanner available. Discover

React to this headline:

Loading spinner

RustScan: Open-source port scanner Read More »

Breaking down FCC’s proposal to strengthen BGP security

Breaking down FCC’s proposal to strengthen BGP security 2024-08-07 at 06:31 By Mirko Zorz In this Help Net Security interview, Doug Madory, Director of Internet Analysis at Kentik, discusses the FCC’s proposal requiring major U.S. ISPs to implement RPKI Route Origin Validation (ROV), and addresses concerns about the impact on smaller ISPs and the global

React to this headline:

Loading spinner

Breaking down FCC’s proposal to strengthen BGP security Read More »

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise 2024-08-07 at 06:01 By Help Net Security Outages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps teams have to face every few days, according to GitProtect.io. DevSecOps The possibility to integrate security

React to this headline:

Loading spinner

Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise Read More »

Ransomware gang targets IT workers with new RAT maquerading as IP scanner

Ransomware gang targets IT workers with new RAT maquerading as IP scanner 2024-08-06 at 16:31 By Zeljka Zorz Ransomware-as-a-service outfit Hunters International is wielding a new remote access trojan (RAT). “The malware, named SharpRhino due to its use of the C# programming language, is delivered through a typosquatting domain impersonating the legitimate tool Angry IP

React to this headline:

Loading spinner

Ransomware gang targets IT workers with new RAT maquerading as IP scanner Read More »

Researchers unearth MotW bypass technique used by threat actors for years

Researchers unearth MotW bypass technique used by threat actors for years 2024-08-06 at 14:31 By Zeljka Zorz Threat actors have been abusing a bug in how Windows handles LNK files with non-standard target paths and internal structures to prevent in-built protections from stopping malicious payloads and trick users into running them. “We identified multiple samples

React to this headline:

Loading spinner

Researchers unearth MotW bypass technique used by threat actors for years Read More »

ITSM concerns when integrating new AI services

ITSM concerns when integrating new AI services 2024-08-06 at 07:31 By Help Net Security Let’s talk about a couple of recent horror stories. Late last year, a Chevrolet dealership deployed a chatbot powered by a large language model (LLM) on their homepage. This LLM, trained with detailed specifications of Chevrolet vehicles, was intended to respond

React to this headline:

Loading spinner

ITSM concerns when integrating new AI services Read More »

Scaling data security solutions: What you need to know

Scaling data security solutions: What you need to know 2024-08-06 at 07:01 By Mirko Zorz In this Help Net Security interview, Bruno Kurtic, President and CEO at Bedrock Security, discusses the role of data visibility in enhancing cybersecurity. He explains that effective data visibility involves discovering, classifying, and contextualizing data, which helps organizations understand and

React to this headline:

Loading spinner

Scaling data security solutions: What you need to know Read More »

Email attacks skyrocket 293%

Email attacks skyrocket 293% 2024-08-06 at 06:31 By Help Net Security Email attacks have surged by 293% in the first half of 2024 compared to the same period in 2023, according to Acronis. The number of ransomware detections was also on the rise, increasing 32% from Q4 2023 to Q1 2024. Ransomware remains a top

React to this headline:

Loading spinner

Email attacks skyrocket 293% Read More »

AI-fueled phishing scams raise alarm ahead of U.S. presidential election

AI-fueled phishing scams raise alarm ahead of U.S. presidential election 2024-08-06 at 06:01 By Help Net Security Highlighting growth of phishing and digital scams targeting United States citizens, Bolster released a research that identified 24 separate nation-state threat actor groups attempting to exploit rising political tensions across the US to interfere with the 2024 presidential

React to this headline:

Loading spinner

AI-fueled phishing scams raise alarm ahead of U.S. presidential election Read More »

Whitepaper: Tools to tackle the multicloud environment

Whitepaper: Tools to tackle the multicloud environment 2024-08-06 at 05:46 By Help Net Security Implementing multicloud solutions is becoming increasingly paramount for organizations seeking to drive their business forward in the coming years. As a result, the role of cloud security is evolving. Cloud providers often use different security models with varying responsibilities and compliance

React to this headline:

Loading spinner

Whitepaper: Tools to tackle the multicloud environment Read More »

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) 2024-08-05 at 16:47 By Zeljka Zorz CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource

React to this headline:

Loading spinner

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) Read More »

Chinese hackers compromised an ISP to deliver malicious software updates

Chinese hackers compromised an ISP to deliver malicious software updates 2024-08-05 at 13:46 By Zeljka Zorz APT StormBamboo compromised a undisclosed internet service provider (ISP) to poison DNS queries and thus deliver malware to target organizations, Volexity researchers have shared. Malware delivery via automatic software updates StormBamboo (aka Evasive Panda, aka StormCloud), a Chinese-speaking threat

React to this headline:

Loading spinner

Chinese hackers compromised an ISP to deliver malicious software updates Read More »

The role of AI in cybersecurity operations

The role of AI in cybersecurity operations 2024-08-05 at 08:01 By Help Net Security Security operation centers (SOCs) need to be better equipped to manage the sheer scale of data to monitor and the increasing sophistication of threats. SOC analysts face a daunting task: sifting through thousands of alerts every day – most of which

React to this headline:

Loading spinner

The role of AI in cybersecurity operations Read More »

How to start your cybersecurity career: Expert tips and guidance

How to start your cybersecurity career: Expert tips and guidance 2024-08-05 at 07:31 By Mirko Zorz As businesses strive to protect their data and privacy, the demand for skilled cybersecurity professionals continues to grow. This article provides expert advice to help you navigate the early stages of your cybersecurity career, offering practical tips and insights.

React to this headline:

Loading spinner

How to start your cybersecurity career: Expert tips and guidance Read More »

MISP: Open-source threat intelligence and sharing platform

MISP: Open-source threat intelligence and sharing platform 2024-08-05 at 07:01 By Help Net Security MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis. MISP is designed by and for cybersecurity, ICT professionals, and malware reversers to support their daily

React to this headline:

Loading spinner

MISP: Open-source threat intelligence and sharing platform Read More »

AI expected to improve IT/OT network management

AI expected to improve IT/OT network management 2024-08-05 at 06:01 By Help Net Security Once a peripheral concern, OT security has become a mandatory focus for organizations worldwide, according to Cisco’s report. The report provides a comprehensive look at the challenges and opportunities as organizations strive to build a secure and efficient industrial networking foundation.

React to this headline:

Loading spinner

AI expected to improve IT/OT network management Read More »

Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users

Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users 2024-08-04 at 10:31 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Why a strong patch management strategy is essential for reducing business risk In this Help Net Security interview, Eran Livne,

React to this headline:

Loading spinner

Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users Read More »

Scroll to Top