News

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Don't miss, enterprise, firewall, Hot stuff, Juniper Networks, News, security update, vulnerability /

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) 2024-01-15 at 11:16 By Helga Labus Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and EX switches. About CVE-2024-21591 CVE-2024-21591 is an out-of-bounds write vulnerability that could allow an unauthenticated, network-based threat […]

React to this headline:

Loading spinner

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591) Read More »

Flipping the BEC funnel: Phishing in the age of GenAI

Artificial Intelligence, BEC scams, CISO, cybersecurity, Don't miss, email security, Expert analysis, Expert corner, generative AI, Hot stuff, Ironscales, News, opinion, phishing, SOC /

Flipping the BEC funnel: Phishing in the age of GenAI 2024-01-15 at 08:02 By Help Net Security For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written) email and fire it out to thousands of recipients in the hope that a few might take the

React to this headline:

Loading spinner

Flipping the BEC funnel: Phishing in the age of GenAI Read More »

Adalanche: Open-source Active Directory ACL visualizer, explorer

Active Directory, cybersecurity, GitHub, News, open source, software /

Adalanche: Open-source Active Directory ACL visualizer, explorer 2024-01-15 at 07:01 By Mirko Zorz Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool for visualizing and investigating potential account, machine, or domain takeovers. Additionally, it helps identify and display any misconfigurations. What unique features make

React to this headline:

Loading spinner

Adalanche: Open-source Active Directory ACL visualizer, explorer Read More »

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

News, Week in review /

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days 2024-01-14 at 09:33 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks for real-world intrusions In this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer

React to this headline:

Loading spinner

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days Read More »

Akira ransomware attackers are wiping NAS and tape backups

backup, Cisco, Don't miss, EU, exploit, Hot stuff, NAS, News, Ransomware, vulnerability /

Akira ransomware attackers are wiping NAS and tape backups 2024-01-12 at 16:17 By Helga Labus “The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end of the year,” the Finnish National Cybersecurity Center (NCSC-FI) has shared on Wednesday. NCSC-FI has received 12 reports of Akira

React to this headline:

Loading spinner

Akira ransomware attackers are wiping NAS and tape backups Read More »

Cloud security predictions for 2024

access management, Cado Security, cloud security, cybersecurity, cybersecurity talent, data, Don't miss, Expert analysis, Expert corner, Hot stuff, identity management, News, opinion, serverless /

Cloud security predictions for 2024 2024-01-12 at 07:31 By Help Net Security As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp of a paradigm shift in cloud security. Businesses and cybersecurity professionals must stay abreast of these changes, adapting their strategies to ensure a

React to this headline:

Loading spinner

Cloud security predictions for 2024 Read More »

New infosec products of the week: January 12, 2024

Critical Start, Dasera, ID R&D, News, SpecterOps /

New infosec products of the week: January 12, 2024 2024-01-12 at 07:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Critical Start, Dasera, ID R&D, and SpecterOps. SpecterOps adds new Attack Paths to BloodHound Enterprise SpecterOps announced updates to BloodHound Enterprise (BHE) that add

React to this headline:

Loading spinner

New infosec products of the week: January 12, 2024 Read More »

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272)

Cisco, Don't miss, Hot stuff, News, security update, vulnerability /

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) 2024-01-11 at 14:02 By Helga Labus Cisco has fixed a critical vulnerability (CVE-2024-20272) in Cisco Unity Connection that could allow an unauthenticated attacker to upload arbitrary files and gain root privilege on the affected system. Cisco Unity Connection is a unified messaging and

React to this headline:

Loading spinner

Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) Read More »

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887)

0-day, APT, backdoor, Don't miss, enterprise, Hot stuff, Ivanti, News, Volexity, VPN, web shell /

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) 2024-01-11 at 13:46 By Zeljka Zorz Two zero-day vulnerabilities (CVE-2023-46805, CVE-2024-21887) in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered. Patches for these flaws are currently unavailable, but the risk of exploitation can be mitigated by importing mitigation.release.20240107.1.xml

React to this headline:

Loading spinner

Ivanti Connect Secure zero-days exploited by attackers (CVE-2023-46805, CVE-2024-21887) Read More »

Purple teaming and the role of threat categorization

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, penetration testing, red team, SpecterOps, threats /

Purple teaming and the role of threat categorization 2024-01-11 at 07:31 By Help Net Security Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we detect the threats we’re supposed to be able to detect?” Red team assessment, penetration testing, and even purple team assessments

React to this headline:

Loading spinner

Purple teaming and the role of threat categorization Read More »

APIs are increasingly becoming attractive targets

API security, Cloudflare, cybercrime, cybersecurity, News, report, survey /

APIs are increasingly becoming attractive targets 2024-01-11 at 06:01 By Help Net Security APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening the door to more online threats than seen before, according to Cloudflare. APIs power the digital world—our phones, smartwatches, banking systems and

React to this headline:

Loading spinner

APIs are increasingly becoming attractive targets Read More »

Hackers are targeting exposed MS SQL servers with Mimic ransomware

brute-force, Don't miss, Hot stuff, MS SQL Server, News, Ransomware, Securonix, Trend Micro /

Hackers are targeting exposed MS SQL servers with Mimic ransomware 2024-01-10 at 17:01 By Helga Labus Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. About Mimic ransomware Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.

React to this headline:

Loading spinner

Hackers are targeting exposed MS SQL servers with Mimic ransomware Read More »

Comparably Honors Trustwave with a Trio of Awards for Best CEO, Best Company Culture, and Best Company for Diversity

News /

Comparably Honors Trustwave with a Trio of Awards for Best CEO, Best Company Culture, and Best Company for Diversity 2024-01-10 at 16:02 By Comparably, a leading workplace culture and compensation monitoring employee review platform, has awarded Trustwave three new accolades: “Best CEO,” “Best Company Culture,” and “Best Company for Diversity.” This article is an excerpt

React to this headline:

Loading spinner

Comparably Honors Trustwave with a Trio of Awards for Best CEO, Best Company Culture, and Best Company for Diversity Read More »

Top LLM vulnerabilities and how to mitigate the associated risk

API security, Artificial Intelligence, cybersecurity, Data leak, Don't miss, Expert analysis, Expert corner, Hot stuff, Lakera, News, opinion, risk, strategy /

Top LLM vulnerabilities and how to mitigate the associated risk 2024-01-10 at 07:31 By Help Net Security As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this uncertainty doesn’t mean progress should grind to a halt: Exploring AI is essential to staying competitive, meaning CISOs

React to this headline:

Loading spinner

Top LLM vulnerabilities and how to mitigate the associated risk Read More »

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals

cybersecurity, Don't miss, GitHub, hardware, Hot stuff, News, open source, Raspberry Pi, reconnaissance, software /

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals 2024-01-10 at 07:02 By Mirko Zorz Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz frequency. Angelina Tsuboi, the developer of Fly Catcher, is an enthusiastic pilot, cybersecurity researcher, and tinkerer. She was driven

React to this headline:

Loading spinner

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals Read More »

Researchers develop technique to prevent software bugs

Artificial Intelligence, code, Google, human error, News, software /

Researchers develop technique to prevent software bugs 2024-01-10 at 06:01 By Help Net Security A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating whole proofs that can be used to prevent software bugs and verify that the underlying code is correct. This new method,

React to this headline:

Loading spinner

Researchers develop technique to prevent software bugs Read More »

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

Don't miss, Hot stuff, Microsoft, MS Office, News, Patch Tuesday, security update, SharePoint, Tenable, Trend Micro /

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) 2024-01-09 at 22:02 By Zeljka Zorz For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and CVE-2024-20700. None of the vulnerabilities fixed this time aroundare under active exploitation or have been previously publicly disclosed. The

React to this headline:

Loading spinner

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700) Read More »

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

automotive security, Don't miss, Hot stuff, manufacturing sector, News, Nozomi Networks, Ransomware, research, vulnerability /

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production 2024-01-09 at 17:46 By Zeljka Zorz Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use

React to this headline:

Loading spinner

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production Read More »

Scroll to Top