News

Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released

News, Week in review /

Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released 10/12/2023 at 12:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Advanced ransomware campaigns expose need for AI-powered cyber defense In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses […]

React to this headline:

Loading spinner

Week in review: Booking.com hotel booking scam, Kali Linux 2023.4 released Read More »

Meta introduces default end-to-end encryption for Messenger and Facebook

Don't miss, Encryption, Facebook, Facebook Messenger, Hot stuff, Instagram, messaging, Meta, News /

Meta introduces default end-to-end encryption for Messenger and Facebook 08/12/2023 at 15:01 By Helga Labus Meta is introducing default end-to-end encryption (E2EE) for chats and calls across Messenger and Facebook, the company revealed on Wednesday. Rolling out E2EE for Messenger and Facebook E2EE ensures that messages content is only visible to the person sending the

React to this headline:

Loading spinner

Meta introduces default end-to-end encryption for Messenger and Facebook Read More »

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164)

Apache Struts, Don't miss, Hot stuff, News, security update, vulnerability, web application security /

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) 08/12/2023 at 15:01 By Zeljka Zorz The Apache Struts project has released updates for the popular open-source web application framework, with fixes for a critical vulnerability that could lead to remote code execution (CVE-2023-50164). About CVE-2023-50164 CVE-2023-50164 may allow an attacker to manipulate file

React to this headline:

Loading spinner

New RCE vulnerability in Apache Struts 2 fixed, upgrade ASAP (CVE-2023-50164) Read More »

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance

apple, CISA, cybersecurity, Don't miss, Expert analysis, Expert corner, Google, Hot stuff, Microsoft, Mozilla, News, Patch Tuesday /

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance 08/12/2023 at 09:02 By Mirko Zorz The final Patch Tuesday of the year is almost upon us! This is the time of year when we want to relax and enjoy the holidays, but we need to be extra vigilant to detect and respond to suspicious

React to this headline:

Loading spinner

December 2023 Patch Tuesday forecast: ‘Tis the season for vigilance Read More »

New infosec products of the week: December 8, 2023

Atsign, Daon, Global Integrity, Living Security, News, Panther Labs, Searchlight Cyber, Varonis /

New infosec products of the week: December 8, 2023 08/12/2023 at 08:47 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Atsign, Daon, Global Integrity, Living Security, Panther Labs, Searchlight Cyber, and Varonis. Varonis enhances DSPM capabilities with Azure and AWS support Varonis Systems has

React to this headline:

Loading spinner

New infosec products of the week: December 8, 2023 Read More »

Aim for a modern data security approach

ALTR, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, risk /

Aim for a modern data security approach 08/12/2023 at 08:32 By Help Net Security Risk, compliance, governance, and security professionals are finally realizing the importance of subjecting sensitive workloads to robust data governance and protection the moment the data begins traversing the data pipeline. Many organizations no longer feel it’s adequate to secure data only

React to this headline:

Loading spinner

Aim for a modern data security approach Read More »

Alert fatigue puts pressure on security and development teams

Application Security, CISO, cybersecurity, Cycode, News, report, supply chain, survey /

Alert fatigue puts pressure on security and development teams 08/12/2023 at 08:02 By Help Net Security Security practitioners are under a tremendous amount of pressure to secure today’s applications, according to Cycode. The research found that AppSec chaos reigns, with 78% of CISOs responding that today’s AppSec attack surfaces are unmanageable and 90% of responders

React to this headline:

Loading spinner

Alert fatigue puts pressure on security and development teams Read More »

AI literacy gap extends beyond technical skills

Artificial Intelligence, cybersecurity, News, Pluralsight, report, skill development /

AI literacy gap extends beyond technical skills 08/12/2023 at 07:32 By Help Net Security Even as organizations accelerate AI adoption, the majority don’t understand the AI skills their employees possess, if any, or have an upskilling strategy to develop them, according to Pluralsight. “AI is transforming the way that business is done, but many companies

React to this headline:

Loading spinner

AI literacy gap extends beyond technical skills Read More »

Love for sports could lead to poor password practices

awareness, Bitwarden, cybersecurity, News, passwords, report, survey /

Love for sports could lead to poor password practices 08/12/2023 at 07:01 By Help Net Security 33% of Americans have used a sports-related term in a password, according to Bitwarden. Those who have are twice as likely to have used one inspired by a professional sports team (46%) versus a college sports team (22%). 49%

React to this headline:

Loading spinner

Love for sports could lead to poor password practices Read More »

Short-term AWS access tokens allow attackers to linger for a longer while

access management, Amazon Web Services, authentication, cloud security, Don't miss, Hot stuff, News, Red Canary /

Short-term AWS access tokens allow attackers to linger for a longer while 07/12/2023 at 17:32 By Zeljka Zorz Attackers usually gain access to an organization’s cloud assets by leveraging compromised user access tokens obtained via phishing, by using malware, or by finding them in public code repositories. These are long-term access tokens associated with an

React to this headline:

Loading spinner

Short-term AWS access tokens allow attackers to linger for a longer while Read More »

Researchers automated jailbreaking of LLMs with other LLMs

Artificial Intelligence, attack, Don't miss, Hot stuff, machine learning, News, research, Robust Intelligence, Yale University /

Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used

React to this headline:

Loading spinner

Researchers automated jailbreaking of LLMs with other LLMs Read More »

Ransomware in 2024: Anticipated impact, targets, and landscape shift

Black Kite, cybersecurity, digital transformation, Don't miss, Expert analysis, Expert corner, Hot stuff, News, opinion, Ransomware, strategy /

Ransomware in 2024: Anticipated impact, targets, and landscape shift 07/12/2023 at 08:32 By Help Net Security As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a

React to this headline:

Loading spinner

Ransomware in 2024: Anticipated impact, targets, and landscape shift Read More »

OpenTofu: Open-source alternative to Terraform

GitHub, News, open source, The Linux Foundation /

OpenTofu: Open-source alternative to Terraform 07/12/2023 at 07:32 By Help Net Security OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1,

React to this headline:

Loading spinner

OpenTofu: Open-source alternative to Terraform Read More »

Third-party breaches shake the foundations of the energy sector

cybersecurity, data breach, energy sector, News, report, risk, SecurityScorecard, third party compromise /

Third-party breaches shake the foundations of the energy sector 07/12/2023 at 07:02 By Help Net Security 90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The

React to this headline:

Loading spinner

Third-party breaches shake the foundations of the energy sector Read More »

Atlassian fixes four critical RCE vulnerabilities, patch quickly!

Atlassian, Atlassian Confluence, BitBucket, Don't miss, Hot stuff, Jira Software, News, security update, vulnerability /

Atlassian fixes four critical RCE vulnerabilities, patch quickly! 06/12/2023 at 18:01 By Helga Labus Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can

React to this headline:

Loading spinner

Atlassian fixes four critical RCE vulnerabilities, patch quickly! Read More »

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)

Adobe ColdFusion, CISA, Don't miss, exploit, Government, Hot stuff, News, vulnerability /

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data

React to this headline:

Loading spinner

CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM

Apiiro, cybersecurity, Don't miss, News, Product showcase, software /

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM 06/12/2023 at 17:02 By Help Net Security With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed tools and ad hoc processes

React to this headline:

Loading spinner

Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM Read More »

Microsoft will offer extended security updates for Windows 10

consumer, Don't miss, end of support, enterprise, Hot stuff, News, security update, Windows /

Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay

React to this headline:

Loading spinner

Microsoft will offer extended security updates for Windows 10 Read More »

21 high-risk vulnerabilities in OT/IoT routers found

Don't miss, Forescout, Hot stuff, Internet of Things, News, open source, Sierra Wireless, software, vulnerability /

21 high-risk vulnerabilities in OT/IoT routers found 06/12/2023 at 12:53 By Help Net Security Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra

React to this headline:

Loading spinner

21 high-risk vulnerabilities in OT/IoT routers found Read More »

Three security data predictions for 2024

Comcast, Compliance, cybersecurity, data security, Don't miss, Expert analysis, Expert corner, GRC, Hot stuff, News, opinion, PCI DSS, regulation, SIEM /

Three security data predictions for 2024 06/12/2023 at 08:32 By Help Net Security How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber

React to this headline:

Loading spinner

Three security data predictions for 2024 Read More »

Scroll to Top