News

Open-source and free Android password managers that prioritize your privacy

authentication, cybersecurity, Don't miss, GitHub, News, open source, password manager, passwords, software /

Open-source and free Android password managers that prioritize your privacy 2024-11-19 at 06:47 By Anamarija Pogorelec We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous accounts can be challenging. Password managers simplify this by securely storing all your passwords so […]

React to this headline:

Loading spinner

Open-source and free Android password managers that prioritize your privacy Read More »

Google report shows CISOs must embrace change to stay secure

CISO, cybersecurity, Don't miss, Google, Hot stuff, News, report, survey, tips /

Google report shows CISOs must embrace change to stay secure 2024-11-19 at 06:03 By Mirko Zorz Google’s latest report, conducted in partnership with Hypothesis Group, reveals a stark reality for organizations: incremental security measures are no longer sufficient. The study, involving over 2,000 decision-makers across the US, UK, India, and Brazil, paints a picture of

React to this headline:

Loading spinner

Google report shows CISOs must embrace change to stay secure Read More »

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services

Managed Security Services, News, Spotlights /

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services 2024-11-18 at 23:03 By Trustwave has been named a Leader in the IDC MarketScape: Asia/Pacific (APAC) Managed Security Services (MSS) 2024 Vendor Assessment (IDC #AP51571224, September 2024) and a Major Player in the IDC MarketScape: Asia/Pacific Professional Security Services 2024 Vendor Assessment (IDC #AP51571324, September 2024). This article

React to this headline:

Loading spinner

Trustwave Recognized in Two Asia Pacific IDC MarketScapes for Security Services Read More »

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474)

0-day, CVE, Don't miss, enterprise, firewall, Hot stuff, News, Palo Alto Networks /

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) 2024-11-18 at 17:33 By Zeljka Zorz Palo Alto Networks has released fixes for two vulnerabilities (CVE-2024-0012 and CVE-2024-9474) in its next-generation firewalls that have been exploited by attackers as zero-days. About the vulnerabilities (CVE-2024-0012, CVE-2024-9474) CVE-2024-0012 stems from missing authentication for a critical

React to this headline:

Loading spinner

Attackers are exploiting 2 zero-days in Palo Alto Networks firewalls (CVE-2024-0012, CVE-2024-9474) Read More »

Major security audit of critical FreeBSD components now available

FreeBSD Foundation, News, report /

Major security audit of critical FreeBSD components now available 2024-11-18 at 17:33 By Mirko Zorz The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve hypervisor and the Capsicum sandboxing framework. The audit, conducted by the offensive security firm Synacktiv,

React to this headline:

Loading spinner

Major security audit of critical FreeBSD components now available Read More »

Navigating the compliance labyrinth: A CSO’s guide to scaling security

automation, Compliance, CSO, cybersecurity, Descope, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion /

Navigating the compliance labyrinth: A CSO’s guide to scaling security 2024-11-18 at 07:48 By Help Net Security Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve either seen David Bowie’s iconic film or are very familiar with the real-world

React to this headline:

Loading spinner

Navigating the compliance labyrinth: A CSO’s guide to scaling security Read More »

Transforming code scanning and threat detection with GenAI

Application Security, Artificial Intelligence, code, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, Qwiet AI, scanning /

Transforming code scanning and threat detection with GenAI 2024-11-18 at 07:33 By Mirko Zorz In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes to proactive risk management. McClure also shares his perspective on the future of AI-driven code scanning,

React to this headline:

Loading spinner

Transforming code scanning and threat detection with GenAI Read More »

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

CISA, Don't miss, GitHub, Hot stuff, News, open source /

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps 2024-11-18 at 06:32 By Mirko Zorz ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear analyzes an organization’s M365 tenant configuration, offering actionable insights and recommendations to help

React to this headline:

Loading spinner

ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps Read More »

How and where to report cybercrime: What you need to know

cybercrime, cybersecurity, News, tips /

How and where to report cybercrime: What you need to know 2024-11-18 at 06:03 By Help Net Security Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including online fraud, identity theft, and other cyber-related offenses. Victims are usually instructed to complete an online form that

React to this headline:

Loading spinner

How and where to report cybercrime: What you need to know Read More »

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked

News, Week in review /

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked 2024-11-17 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) November 2024 Patch Tuesday is here, and Microsoft has dropped fixes for

React to this headline:

Loading spinner

Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked Read More »

Cybercriminals hijack DNS to build stealth attack networks

attacks, cybercrime, DNS, hijacking, Infoblox, News, report /

Cybercriminals hijack DNS to build stealth attack networks 2024-11-15 at 16:05 By Help Net Security Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and knowledge is scarce. However, the prevalence of these attacks and the risk to organizations are

React to this headline:

Loading spinner

Cybercriminals hijack DNS to build stealth attack networks Read More »

Cyber crooks push Android malware via letter

Android, Don't miss, Europe, Hot stuff, Malware, mobile security, News, QR codes, Switzerland /

Cyber crooks push Android malware via letter 2024-11-15 at 15:33 By Zeljka Zorz Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating MeteoSwiss (i.e., Switzerland’s Federal Office of Meteorology and Climatology). “The letter asks the recipients to install a new severe weather

React to this headline:

Loading spinner

Cyber crooks push Android malware via letter Read More »

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)

Censys, CISA, configuration management, Don't miss, enterprise, firewall, Horizon3.ai, Hot stuff, News, Palo Alto Networks /

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) 2024-11-15 at 13:16 By Zeljka Zorz Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About the vulnerabilities (CVE-2024-9463, CVE-2024-9465) CVE-2024-9463 allows unauthenticated attackers to run arbitrary OS commands as root

React to this headline:

Loading spinner

Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465) Read More »

AI’s impact on the future of web application security

API security, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, monitoring, News, opinion, web application security /

AI’s impact on the future of web application security 2024-11-15 at 07:33 By Mirko Zorz In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are

React to this headline:

Loading spinner

AI’s impact on the future of web application security Read More »

Critical vulnerabilities persist in high-risk sectors

Application Security, Black Duck, News, report, software, survey, vulnerability assessment /

Critical vulnerabilities persist in high-risk sectors 2024-11-15 at 06:38 By Help Net Security Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by Black Duck

React to this headline:

Loading spinner

Critical vulnerabilities persist in high-risk sectors Read More »

New infosec products of the week: November 15, 2024

Absolute, BlackFog, Eurotech, News, Nirmata, Rakuten Viber, Syteca, Vectra /

New infosec products of the week: November 15, 2024 2024-11-15 at 06:04 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, BlackFog, Eurotech, Nirmata, Rakuten Viber, Syteca, and Vectra. Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards The ReliaGATE 15A-14 combines flexible

React to this headline:

Loading spinner

New infosec products of the week: November 15, 2024 Read More »

NIST report on hardware security risks reveals 98 failure scenarios

News, NIST, report /

NIST report on hardware security risks reveals 98 failure scenarios 2024-11-15 at 05:33 By Mirko Zorz NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report highlights how hardware flaws embedded in chip designs can

React to this headline:

Loading spinner

NIST report on hardware security risks reveals 98 failure scenarios Read More »

NIST is chipping away at NVD backlog

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST is chipping away at NVD backlog 2024-11-14 at 16:33 By Zeljka Zorz The National Institute of Standards and Technology (NIST) is clearing the backlog of unprocessed CVE-numbered vulnerabilities in the National Vulnerability Database (NVD), but has admitted that their initial estimate of when they would finish the job was “optimistic”. About the NVD The

React to this headline:

Loading spinner

NIST is chipping away at NVD backlog Read More »

Google launches on-device AI to alert Android users of scam calls in real-time

Android, Application Security, Artificial Intelligence, cybersecurity, Google, News, scams, threat detection /

Google launches on-device AI to alert Android users of scam calls in real-time 2024-11-14 at 15:04 By Anamarija Pogorelec Google has announced new security features for Android that provide real-time protection against scams and harmful apps. These features, powered by advanced on-device AI, enhance user safety without compromising privacy. These new security features are available

React to this headline:

Loading spinner

Google launches on-device AI to alert Android users of scam calls in real-time Read More »

FBI confirms China-linked cyber espionage involving breached telecom providers

APT, China, CISA, cyber espionage, data breach, Don't miss, FBI, Hot stuff, News, telecommunications, USA /

FBI confirms China-linked cyber espionage involving breached telecom providers 2024-11-14 at 14:16 By Zeljka Zorz After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed the success of the attacks, which were part

React to this headline:

Loading spinner

FBI confirms China-linked cyber espionage involving breached telecom providers Read More »

Scroll to Top