News

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)

Don't miss, enterprise, firewall, Hot stuff, News, patch, SMBs, Sophos, VulnCheck /

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) 13/12/2023 at 14:17 By Zeljka Zorz Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now they have pushed additional ones to protect vulnerable EOL devices. “In December

React to this headline:

Loading spinner

EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236) Read More »

Which cybersecurity controls are organizations struggling with?

BitSight, cyber risk, cybersecurity, Google, News, report, security controls, trends /

Which cybersecurity controls are organizations struggling with? 13/12/2023 at 13:02 By Help Net Security How are organizations performing across cybersecurity controls in the Minimum Viable Secure Product (MVSP) framework? A recent analysis by Bitsight and Google reveals some good and some bad results – and room for improvement. What is MVSP? Minimum Viable Secure Product

React to this headline:

Loading spinner

Which cybersecurity controls are organizations struggling with? Read More »

Shifting data protection regulations show why businesses must put privacy at their core

Compliance, cybersecurity, data, Don't miss, EU, Expert analysis, Expert corner, framework, Hot stuff, InfoSum, News, opinion, Privacy, USA /

Shifting data protection regulations show why businesses must put privacy at their core 13/12/2023 at 08:31 By Help Net Security Like it or not, data protection will be one of the biggest issues organizations face in 2024. Knowing where to focus compliance efforts will be tricky, with more and more state-level privacy laws becoming effective

React to this headline:

Loading spinner

Shifting data protection regulations show why businesses must put privacy at their core Read More »

ThreatNG open-source datasets aim to improve cybersecurity practices

GitHub, News, open source, ThreatNG /

ThreatNG open-source datasets aim to improve cybersecurity practices 13/12/2023 at 07:32 By Mirko Zorz The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally. Datasets for organizational insight The open-source datasets offered by ThreatNG provide an understanding of

React to this headline:

Loading spinner

ThreatNG open-source datasets aim to improve cybersecurity practices Read More »

Industry regulations and standards are driving OT security priorities

Claroty, cybersecurity, News, Ransomware, report, survey /

Industry regulations and standards are driving OT security priorities 13/12/2023 at 07:02 By Help Net Security When it comes to ransomware attacks, the impact on OT environments is catching up to the impact on IT environments, according to Claroty. In Claroty’s previous survey conducted in 2021, 32% of ransomware attacks impacted IT only, while 27%

React to this headline:

Loading spinner

Industry regulations and standards are driving OT security priorities Read More »

Guide: Application security posture management deep dive

Apiiro, News, Whitepapers and webinars /

Guide: Application security posture management deep dive 13/12/2023 at 06:47 By Help Net Security Distinguishing real, business-critical application risks is more challenging than ever. A siloed, ad hoc approach to AppSec generates noisy false positives that overwhelm under-resourced security teams. You need a multidimensional approach that leverages deep context to continuously map, programmatically prioritize, effectively

React to this headline:

Loading spinner

Guide: Application security posture management deep dive Read More »

December 2023 Patch Tuesday: 33 fixes to wind the year down

CVE, Don't miss, Hot stuff, Microsoft, News, Outlook, Patch Tuesday, security update, Tenable, Trend Micro /

December 2023 Patch Tuesday: 33 fixes to wind the year down 12/12/2023 at 23:20 By Zeljka Zorz Microsoft’s December 2023 Patch Tuesday is a light one: 33 patches, only four of which are deemed critical. “This month, Microsoft did not patch any zero-day vulnerabilities, marking only the second time in 2023 that no zero-days were

React to this headline:

Loading spinner

December 2023 Patch Tuesday: 33 fixes to wind the year down Read More »

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware

Cisco, Don't miss, exploit, Hot stuff, Log4j, Malware, News, North Korea, vulnerability /

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware 12/12/2023 at 17:50 By Helga Labus North Korea-backed group Lazarus has been spotted exploiting the Log4Shell vulnerability (CVE-2021-44228) and novel malware written in DLang (i.e., the memory-safe D programming language). “This campaign consists of continued opportunistic targeting of enterprises globally that publicly host and expose their

React to this headline:

Loading spinner

Lazarus exploit Log4Shell vulnerability to deliver novel RAT malware Read More »

Recruiters, beware of cybercrooks posing as job applicants!

cybercrime, Don't miss, Email, Hot stuff, Malware, News, Proofpoint, spear-phishing /

Recruiters, beware of cybercrooks posing as job applicants! 12/12/2023 at 16:46 By Zeljka Zorz Recruiters are being targeted via spear-phishing emails sent by cybercrooks impersonating job applicants, Proofpoint researchers are warning. “The tone and content of the emails suggest to the recipient the actor is a legitimate candidate, and because the actor specifically targets people

React to this headline:

Loading spinner

Recruiters, beware of cybercrooks posing as job applicants! Read More »

“Pool Party” process injection techniques evade EDRs

CrowdStrike, Cybereason, Don't miss, Endpoint Security, Hot stuff, Microsoft, News, Palo Alto Networks, PoC, research, SafeBreach, SentinelOne, threat detection, XDR /

“Pool Party” process injection techniques evade EDRs 12/12/2023 at 14:01 By Zeljka Zorz SafeBreach researchers have discovered eight new process injection techniques that can be used to covertly execute malicious code on Windows systems. Dubbed “Pool Party” because they (ab)use Windows thread pools, these process injection techniques work across all processes and, according to the

React to this headline:

Loading spinner

“Pool Party” process injection techniques evade EDRs Read More »

Many popular websites still cling to password creation policies from 1985

authentication, Don't miss, Hot stuff, News, passwords, policy, research, trends /

Many popular websites still cling to password creation policies from 1985 12/12/2023 at 09:01 By Helga Labus A significant number of popular websites still allow users to choose weak or even single-character passwords, researchers at Georgia Institute of Technology have found. Websites’ lax creation policies for passwords The researchers used an automated account creation method

React to this headline:

Loading spinner

Many popular websites still cling to password creation policies from 1985 Read More »

eIDAS: EU’s internet reforms will undermine a decade of advances in online security

authentication, certificates, cybersecurity, Don't miss, EU, Expert analysis, Expert corner, framework, hide.me, Hot stuff, News, opinion, Privacy, regulation /

eIDAS: EU’s internet reforms will undermine a decade of advances in online security 12/12/2023 at 08:32 By Help Net Security The European Union’s attempt to reform its electronic identification and trust services – a package of laws better known as eIDAS 2.0 – contains legislation that poses a grave threat to online privacy and security.

React to this headline:

Loading spinner

eIDAS: EU’s internet reforms will undermine a decade of advances in online security Read More »

Balancing AI advantages and risks in cybersecurity strategies

Artificial Intelligence, cyberattacks, cybersecurity, Don't miss, Features, Field Effect, Hot stuff, News, opinion, strategy, threats /

Balancing AI advantages and risks in cybersecurity strategies 12/12/2023 at 08:04 By Mirko Zorz In this Help Net Security interview, Matt Holland, CEO of Field Effect, discusses achieving a balance for businesses between the advantages of using AI in their cybersecurity strategies and the risks posed by AI-enhanced cyber threats. Holland also explores how education,

React to this headline:

Loading spinner

Balancing AI advantages and risks in cybersecurity strategies Read More »

Nemesis: Open-source offensive data enrichment and analytic pipeline

cybersecurity, data, Don't miss, GitHub, Hot stuff, News, open source, scanning, software, SpecterOps /

Nemesis: Open-source offensive data enrichment and analytic pipeline 12/12/2023 at 07:32 By Mirko Zorz Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data (i.e., data collected during penetration tests and red team engagements).​​ Nemesis was created by Lee Chagolla-Christensen and Will Schroeder, both security researchers at

React to this headline:

Loading spinner

Nemesis: Open-source offensive data enrichment and analytic pipeline Read More »

WhatsApp, Slack, Teams, and other messaging platforms face constant security risks

Artificial Intelligence, BYOD, collaboration, communication, credentials, cybersecurity, News, report, SafeGuard Cyber /

WhatsApp, Slack, Teams, and other messaging platforms face constant security risks 12/12/2023 at 07:03 By Help Net Security 42% of businesses report employees with BYOD devices in business settings that use tools like WhatsApp have led to new security incidents, according to SafeGuard Cyber. Messaging platforms like WhatsApp, Telegram, Slack, and Teams face constant threats,

React to this headline:

Loading spinner

WhatsApp, Slack, Teams, and other messaging platforms face constant security risks Read More »

Why are IT professionals not automating?

automation, certificates, cybersecurity, Don't miss, Expert analysis, Expert corner, GlobalSign, Hot stuff, News, opinion, professional /

Why are IT professionals not automating? 11/12/2023 at 09:01 By Help Net Security As an IT professional, you understand the value of automation, and like many IT experts, you may approach it with a mix of excitement and apprehension. Automation is a powerful tool for streamlining processes, reducing manual tasks, and enhancing efficiency within an

React to this headline:

Loading spinner

Why are IT professionals not automating? Read More »

SCS 9001 2.0 reveals enhanced controls for global supply chains

critical infrastructure, cybersecurity, Don't miss, Features, Government, Hot stuff, legislation, News, opinion, regulation, software, standards, supply chain, TIA /

SCS 9001 2.0 reveals enhanced controls for global supply chains 11/12/2023 at 08:31 By Mirko Zorz In this Help Net Security interview, Mike Regan, VP of Business Performance at TIA, discusses SCS 9001 Release 2.0, a certifiable standard crafted to assist organizations in operationalizing the NIST and other government guidelines and frameworks. Enhancing its predecessor,

React to this headline:

Loading spinner

SCS 9001 2.0 reveals enhanced controls for global supply chains Read More »

Cybercriminals continue targeting open remote access products

cybercrime, cybersecurity, Malware, News, Ransomware, report, survey, WatchGuard /

Cybercriminals continue targeting open remote access products 11/12/2023 at 08:05 By Help Net Security Cybercriminals still prefer targeting open remote access products, or like to leverage legitimate remote access tools to hide their malicious actions, according to WatchGuard. “Threat actors continue using different tools and methods in their attack campaigns, making it critical for organizations

React to this headline:

Loading spinner

Cybercriminals continue targeting open remote access products Read More »

Security automation gains traction, prompting a “shift everywhere” philosophy

Artificial Intelligence, automation, cybersecurity, News, report, software development, survey, Synopsys /

Security automation gains traction, prompting a “shift everywhere” philosophy 11/12/2023 at 07:32 By Help Net Security The use of automated security technology is growing rapidly, which in turn is propagating the “shift everywhere” philosophy – performing security tests throughout the entire software development life cycle – across more organizations, according to Synopsys. This year’s findings

React to this headline:

Loading spinner

Security automation gains traction, prompting a “shift everywhere” philosophy Read More »

Scroll to Top