News

BadRAM: $10 hack unlocks AMD encrypted memory

Amd, chip, CVE, Don't miss, hardware, News, Raspberry Pi, research, vulnerability /

BadRAM: $10 hack unlocks AMD encrypted memory 2024-12-11 at 13:16 By Mirko Zorz Cybersecurity researchers have identified a vulnerability (CVE-2024-21944, aka BadRAM) affecting ADM processors that can be triggered by rogue memory modules to unlock the chips’ encrypted memory. The SPD chip can be modified using an off-the-shelf microcontroller. The researchers used a Raspberry Pi

React to this headline:

Loading spinner

BadRAM: $10 hack unlocks AMD encrypted memory Read More »

Open source malware up 200% since 2023

Don't miss, Hot stuff, Malware, News, open source, report, software, Sonatype /

Open source malware up 200% since 2023 2024-12-11 at 07:32 By Help Net Security Sonatype’s 2024 Open Source Malware Threat Report reveals that the number of malicious packages has surpassed 778,500 since tracking began in 2019. In 2024, researchers examined how threat actors leverage malicious open-source packages to target developers, particularly as enterprises increasingly adopt

React to this headline:

Loading spinner

Open source malware up 200% since 2023 Read More »

Why crisis simulations fail and how to fix them

crisis management, Cyberbit, cybersecurity, Don't miss, Features, Hot stuff, News, opinion, strategy /

Why crisis simulations fail and how to fix them 2024-12-11 at 07:03 By Mirko Zorz In this Help Net Security interview, Allison Ritter, Head of Cyber Experiential Exercising at Cyberbit, shares her insights on the key differences between in-person and virtual cyber crisis simulations and what makes each approach effective. Ritter highlights the need for

React to this headline:

Loading spinner

Why crisis simulations fail and how to fix them Read More »

Containers have 600+ vulnerabilities on average

containers, cybersecurity, NetRise, News, report, software, supply chain, survey /

Containers have 600+ vulnerabilities on average 2024-12-11 at 06:31 By Help Net Security Containers are the fastest growing – and weakest cybersecurity link – in software supply chains, according to NetRise. Companies are struggling to get container security right. Issues from misconfigured clouds, containers, and networks to uncertainty over who owns container security throughout the

React to this headline:

Loading spinner

Containers have 600+ vulnerabilities on average Read More »

Microsoft fixes exploited zero-day (CVE-2024-49138)

0-day, CVE, Don't miss, enterprise, Hot stuff, Immersive Labs, Microsoft, News, Patch Tuesday, Tenable, Windows, Windows Server /

Microsoft fixes exploited zero-day (CVE-2024-49138) 2024-12-10 at 23:04 By Zeljka Zorz On December 2024 Patch Tuesday, Microsoft resolved 71 vulnerabilities in a variety of its products, including a zero-day (CVE-2024-49138) that’s been exploited by attackers in the wild to execute code with higher privileges. CVE-2024-49138 exploited by attackers CVE-2024-49138 stems from a heap-based buffer overflow

React to this headline:

Loading spinner

Microsoft fixes exploited zero-day (CVE-2024-49138) Read More »

US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks

China, cybercrime, News /

US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks 2024-12-10 at 22:48 By Help Net Security The Department of the Treasury is sanctioning Chinese cybersecurity company Sichuan Silence, and one of its employees, Guan Tianfeng, for their roles in the April 2020 compromise of tens of thousands of firewalls worldwide. Many of the victims

React to this headline:

Loading spinner

US sanctions Chinese cybersecurity company for firewall compromise, ransomware attacks Read More »

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623)

Cleo, CVE, Don't miss, file-sharing, Hot stuff, Huntress, News, vulnerability /

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) 2024-12-10 at 15:35 By Zeljka Zorz Attackers are exploiting a vulnerability (CVE-2024-50623) in file transfer software by Cleo – LexiCo, VLTransfer, and Harmony – to gain access to organizations’ systems, Huntress researchers warned on Monday. “We’ve discovered at least 10 businesses whose Cleo servers were

React to this headline:

Loading spinner

Attackers actively exploiting flaw(s) in Cleo file transfer software (CVE-2024-50623) Read More »

21 years since its inception, GNU Shepherd 1.0.0 is released

News, open source, software /

21 years since its inception, GNU Shepherd 1.0.0 is released 2024-12-10 at 13:03 By Help Net Security GNU Shepherd is a service manager designed to oversee the system’s daemons. It functions both as an “init” system (PID 1) and as a tool for unprivileged users to manage per-user daemons. GNU Shepherd GNU Shepherd supports various

React to this headline:

Loading spinner

21 years since its inception, GNU Shepherd 1.0.0 is released Read More »

Preventing data leakage in low-node/no-code environments

Compliance, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nokod Security, opinion, risk, security controls /

Preventing data leakage in low-node/no-code environments 2024-12-10 at 07:34 By Help Net Security Low-code/no-code (LCNC) platforms enable application development by citizen developers, often generating “shadow engineering” projects that evade security oversight. While LCNC solutions like Power BI reports and automated workflows foster agility and innovation, they also introduce significant risks, including data leakage. Data leakage

React to this headline:

Loading spinner

Preventing data leakage in low-node/no-code environments Read More »

Strengthening security posture with comprehensive cybersecurity assessments

Compliance, cybersecurity, Don't miss, Features, HGS Digital, Hot stuff, News, opinion, regulation, Risk Management, security assessment, security controls, threat detection /

Strengthening security posture with comprehensive cybersecurity assessments 2024-12-10 at 07:04 By Mirko Zorz In this Help Net Security interview, Phani Dasari, CISO at HGS, discusses key aspects of cybersecurity assessments, including effective tools and methodologies, the role of AI and automation, and strategies for aligning assessments with organizational needs. The post Strengthening security posture with

React to this headline:

Loading spinner

Strengthening security posture with comprehensive cybersecurity assessments Read More »

Neosync: Open-source data anonymization, synthetic data orchestration

anonymity, Don't miss, GitHub, News, open source, Privacy, software /

Neosync: Open-source data anonymization, synthetic data orchestration 2024-12-10 at 06:37 By Help Net Security Neosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging. What you can do with Neosync Safely test code with production data: Anonymize sensitive production data to safely use it

React to this headline:

Loading spinner

Neosync: Open-source data anonymization, synthetic data orchestration Read More »

Cybersecurity jobs available right now: December 10, 2024

cybersecurity jobs, News /

Cybersecurity jobs available right now: December 10, 2024 2024-12-10 at 06:06 By Anamarija Pogorelec Cloud Security Engineer Sendbird | USA | Hybrid – View job details As a Cloud Security Engineer, you will work with engineering teams to build secure infrastructure at scale, secure multi-account and multi-cloud infrastructure for Sendbird, own CSPM and cloud security

React to this headline:

Loading spinner

Cybersecurity jobs available right now: December 10, 2024 Read More »

Update your OpenWrt router! Security issue made supply chain attack possible

Don't miss, embedded systems, Hot stuff, Linux, networking, News, open source, OpenWRT, router, security update, vulnerability /

Update your OpenWrt router! Security issue made supply chain attack possible 2024-12-09 at 20:51 By Zeljka Zorz A security issue that could have allowed attackers to serve malicious firmware images to users has been fixed by OpenWrt Project, the organization that helms the development of the popular Linux distribution for embedded devices. About OpenWrt OpenWrt

React to this headline:

Loading spinner

Update your OpenWrt router! Security issue made supply chain attack possible Read More »

Microsoft: “Hack” this LLM-powered service and get paid

Don't miss, hacking contest, Hot stuff, LLMs, Microsoft, News, prompt injection /

Microsoft: “Hack” this LLM-powered service and get paid 2024-12-09 at 18:04 By Zeljka Zorz Microsoft, in collaboration with the Institute of Science and Technology Australia and ETH Zurich, has announced the LLMail-Inject Challenge, a competition to test and improve defenses against prompt injection attacks. The setup and the challenge LLMail is a simulated email client

React to this headline:

Loading spinner

Microsoft: “Hack” this LLM-powered service and get paid Read More »

8Base hacked port operating company Luka Rijeka

data theft, Don't miss, EU, Europe, extortion, Hot stuff, maritime industry, News, Ransomware /

8Base hacked port operating company Luka Rijeka 2024-12-09 at 14:48 By Zeljka Zorz Luka Rijeka, a company that offers maritime transport, port, storage of goods and forwarding services in Rijeka, Croatia, has been hacked by the 8Base ransomware group. The group claimed the attack on their dark web data leak site and professed that they’ve

React to this headline:

Loading spinner

8Base hacked port operating company Luka Rijeka Read More »

TPM 2.0: The new standard for secure firmware

News, security standard, standards, Trusted Computing Group /

TPM 2.0: The new standard for secure firmware 2024-12-09 at 09:48 By Help Net Security Connected devices are better protected from cyberattacks and less likely to be compromised by errors thanks to the new TPM 2.0 specification from the Trusted Computing Group (TCG). Manufacturers attach a Trusted Platform Module (TPM) to a device to help

React to this headline:

Loading spinner

TPM 2.0: The new standard for secure firmware Read More »

Who handles what? Common misconceptions about SaaS security responsibilities

Cloud, cybersecurity, Don't miss, Features, Guidewire, Hot stuff, identity management, Incident Response, News, opinion, SaaS /

Who handles what? Common misconceptions about SaaS security responsibilities 2024-12-09 at 07:33 By Mirko Zorz In this Help Net Security interview, James Dolph, CISO at Guidewire, addresses common misconceptions about security responsibilities in cloud environments, particularly in SaaS, and how these misunderstandings can lead to security risks. What common misconceptions do you encounter about the

React to this headline:

Loading spinner

Who handles what? Common misconceptions about SaaS security responsibilities Read More »

Top cybersecurity books for your holiday gift list

books, cybersecurity, News /

Top cybersecurity books for your holiday gift list 2024-12-09 at 06:48 By Help Net Security The holiday season is approaching, and with it, the tradition of gift-giving. For professionals and enthusiasts alike, a well-chosen book can provide both knowledge and inspiration. To help with ideas on what to give, we’ve compiled a list of cybersecurity

React to this headline:

Loading spinner

Top cybersecurity books for your holiday gift list Read More »

Businesses plagued by constant stream of malicious emails

cybercrime, cybersecurity, email security, Hornetsecurity, News, phishing, report, survey /

Businesses plagued by constant stream of malicious emails 2024-12-09 at 06:03 By Help Net Security 36.9% of all emails received by businesses (20.5 billion) in 2024 were unwanted, according to Hornetsecurity’s analysis of 55.6+ billion emails processed through their security services between November 1, 2023 and October 31, 2024 – and 2.3% of those contained

React to this headline:

Loading spinner

Businesses plagued by constant stream of malicious emails Read More »

Scroll to Top