What bots mean for businesses and consumers 2024-10-02 at 06:31 By Help Net Security Simple bots have existed since the early to mid-2000s when organizations had no means to protect themselves or their website’s users from them. Yet today, despite having tools to protect against these simple bots, two in three organizations have made no […]
React to this headline:
What bots mean for businesses and consumers Read More »
Open source maintainers: Key to software health and security 2024-09-30 at 07:01 By Help Net Security Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer,
React to this headline:
Open source maintainers: Key to software health and security Read More »
New MIT protocol protects sensitive data during cloud-based computation 2024-09-26 at 12:02 By Help Net Security Deep-learning models have found applications across various industries, from healthcare diagnostics to financial forecasting. However, their high computational demands often require powerful cloud-based servers. This dependency on cloud computing raises notable security concerns, particularly in sensitive sectors like healthcare.
React to this headline:
New MIT protocol protects sensitive data during cloud-based computation Read More »
Rethinking privacy: A tech expert’s perspective 2024-09-26 at 06:33 By Help Net Security Data privacy has become one of the most pressing challenges of our time, but it didn’t happen overnight. The proliferation of data collection, coupled with the rise of advanced technologies like artificial intelligence and machine learning, has made it easier to piece
React to this headline:
Rethinking privacy: A tech expert’s perspective Read More »
Vulnerability allows Yubico security keys to be cloned 2024-09-04 at 13:31 By Zeljka Zorz Researchers have unearthed a cryptographic vulnerability in popular Yubico (FIDO) hardware security keys and modules that may allow attackers to clone the devices. But the news is not as catastrophic as it may seem at first glance. “The attacker would need
React to this headline:
Vulnerability allows Yubico security keys to be cloned Read More »
Stolen, locked payment cards can be used with digital wallet apps 2024-08-19 at 21:32 By Zeljka Zorz Fraudsters can add stolen payment cards to digital wallet apps and continue making online purchases even after victims’ report the card stolen and the bank blocks it, computer engineers with University of Massachusetts Amherst and Pennsylvania State University
React to this headline:
Stolen, locked payment cards can be used with digital wallet apps Read More »
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days 2024-08-08 at 13:01 By Zeljka Zorz A researcher has developed a downgrade attack that can make Windows machines covertly, persistently and irreversibly vulnerable, even if they were fully patched before that. A downgrade attack exploiting the Windows Update process The direction of SafeBreach researcher Alon Leviev’s
React to this headline:
“Perfect” Windows downgrade attack turns fixed vulnerabilities into zero-days Read More »
Innovative approach promises faster bug fixes 2024-07-31 at 12:02 By Help Net Security Modern software applications usually consist of numerous files and several million lines of code. Due to the sheer quantity, finding and correcting faults, known as debugging, is difficult. In many software companies, developers still search for faults manually, which takes up a
React to this headline:
Innovative approach promises faster bug fixes Read More »
New security loophole allows spying on internet users’ online activity 2024-06-25 at 13:16 By Help Net Security Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. This vulnerability, known as SnailLoad, does not require malicious code to exploit, and
React to this headline:
New security loophole allows spying on internet users’ online activity Read More »
Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex
React to this headline:
Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »
Financial system ‘outdated’ but crypto is no fix either: US swing voters 2024-05-08 at 09:01 By Cointelegraph by Brayden Lindrea In a survey by the Digital Currency Group, 70% of swing state voters agreed the current financial system is “outdated” and in need of an overhaul, but most didn’t think crypto was the answer either.
React to this headline:
Financial system ‘outdated’ but crypto is no fix either: US swing voters Read More »
Apps secretly turning devices into proxy network nodes removed from Google Play 2024-03-26 at 12:16 By Zeljka Zorz Your smartphone might be part of a proxy network, and you might not even know it: all it takes is for you to download apps whose developers have included the functionality and didn’t mention it. If that
React to this headline:
Apps secretly turning devices into proxy network nodes removed from Google Play Read More »
RaaS groups increasing efforts to recruit affiliates 2024-03-20 at 16:46 By Zeljka Zorz Smaller RaaS groups are trying to recruit new and “displaced” LockBit and Alphv/BlackCat affiliates by foregoing deposits and paid subscriptions, offering better payout splits, 24/7 support, and other “perks”. Cybercriminals wanted RaaS operations usually consist of a core group that develops the
React to this headline:
RaaS groups increasing efforts to recruit affiliates Read More »
The most prevalent malware behaviors and techniques 2024-03-20 at 12:46 By Zeljka Zorz An analysis of 100,000+ Windows malware samples has revealed the most prevalent techniques used by malware developers to successfully evade defenses, escalate privileges, execute the malware, and assure its persistence. Malware tactics and techniques The analyzed malware samples were most often delivered
React to this headline:
The most prevalent malware behaviors and techniques Read More »
Web-based PLC malware: A new potential threat to critical infrastructure 2024-03-07 at 13:47 By Zeljka Zorz A group of researchers from Georgia Tech’s College of Engineering have developed web-based programmable logic controller (PLC) malware able to target most PLCs produced by major manufacturers. “Our Web-Based (WB) PLC malware resides in PLC memory, but ultimately gets
React to this headline:
Web-based PLC malware: A new potential threat to critical infrastructure Read More »
What makes ransomware victims less likely to pay up? 2024-01-26 at 08:34 By Zeljka Zorz There’s a good reason why ransomware gangs started exfiltrating victims’ data instead of just encrypting it: those organizations pay more. University of Twente researcher Tom Meurs and his colleagues wanted to know which factors influence victims to pay the ransom
React to this headline:
What makes ransomware victims less likely to pay up? Read More »
CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes
React to this headline:
CloudFoxable: Open-source AWS penetration testing playground Read More »
Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production 2024-01-09 at 17:46 By Zeljka Zorz Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that could be exploited to make the devices inoperable or their output unreliable. “Depending on a manufacturer’s use
React to this headline:
Securing AI systems against evasion, poisoning, and abuse 2024-01-09 at 06:32 By Mirko Zorz Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible defense against this. In their latest publication, NIST researchers and their partners highlight these AI and machine learning vulnerabilities. Taxonomy of
React to this headline:
Securing AI systems against evasion, poisoning, and abuse Read More »
8220 gang exploits old Oracle WebLogic vulnerability to deliver infostealers, cryptominers 20/12/2023 at 16:02 By Helga Labus The 8220 gang has been leveraging an old Oracle WebLogic Server vulnerability (CVE-2020-14883) to distribute malware, the Imperva Threat Research team has found. About 8220 Active since 2017, the 8220 gang has been known for deploying cryptocurrency miners
React to this headline: