Week in review

Week in review: MS Office flaw may leak NTLM hashes, malicious Chrome, Edge browser extensions 2024-08-18 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Unpatched MS Office flaw may leak NTLM hashes to attackers (CVE-2024-38200) A new MS Office zero-day vulnerability (CVE-2024-38200) […]

React to this headline:

Week in review: Tips for starting your cybersecurity career, Patch Tuesday forecast 2024-08-11 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: August 2024 Patch Tuesday forecast: Looking for a calm August release August 2024 July ended up being more ‘exciting’ than many

React to this headline:

Week in review: VMware ESXi zero-day exploited, SMS Stealer malware targeting Android users 2024-08-04 at 10:31 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Why a strong patch management strategy is essential for reducing business risk In this Help Net Security interview, Eran Livne,

React to this headline:

Week in review: CrowdStrike-triggered outage insights, recovery, and measuring cybersecurity ROI 2024-07-28 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft releases tool to speed up recovery of systems borked by CrowdStrike update By now, most people are aware of – or

React to this headline:

Week in review: CrowdStrike update causes widespread IT outage, critical Splunk Enterprise flaw 2024-07-21 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Faulty CrowdStrike update takes out Windows machines worldwide Thousands and possibly millions of Windows computers and servers worldwide have been

React to this headline:

Week in review: RADIUS protocol critical vuln, Microsoft 0-day exploited for a year, AT&T breach 2024-07-14 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers stole call, text records of “nearly all” of AT&T’s cellular customers Hackers leveraging stolen Snowflake account credentials

React to this headline:

Week in review: A need for a DDoS response plan, human oversight in AI-enhanced software development 2024-07-07 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: 4 key steps to building an incident response plan In this Help Net Security interview, Mike Toole,

React to this headline:

Week in review: MOVEit auth bypass flaws quitely fixed, open-source Rafel RAT targets Androids 2024-06-30 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806) Progress Software has patched one critical (CVE-2024-5805) and one high-risk

React to this headline:

Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed 2024-06-23 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The rise of SaaS security teams In this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights

React to this headline:

Week in review: JetBrains GitHub plugin vulnerability, 20k FortiGate appliances compromised 2024-06-16 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose

React to this headline:

Week in review: Atlassian Confluence RCE PoC, new Kali Linux, Patch Tuesday forecast 2024-06-09 at 11:02 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you

React to this headline:

Week in review: Attackers trying to access Check Point VPNs, NIST CSF 2.0 security metrics evolution 2024-06-02 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: RansomLord: Open-source anti-ransomware exploit tool RansomLord is an open-source tool that automates the creation of PE files,

React to this headline:

Week in review: Google fixes yet another Chrome zero-day exploit, YouTube as a cybercrime channel 2024-05-26 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) For the eighth time this year, Google

React to this headline:

Week in review: New Black Basta’s social engineering campaign, passing the CISSP exam in 6 weeks 2024-05-19 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Black Basta target orgs with new social engineering campaign Black Basta, one of the most prolific ransomware-as-a-service

React to this headline:

Week in review: Veeam fixes RCE flaw in backup management platform, Patch Tuesday forecast 2024-05-12 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service

React to this headline:

Week in review: PoCs allow persistence on Palo Alto firewalls, Okta credential stuffing attacks 2024-05-05 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades There are proof-of-concept techniques allowing attackers to achieve

React to this headline:

Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024 2024-04-28 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) A state-sponsored threat actor has managed to compromise Cisco Adaptive

React to this headline:

Week in review: Palo Alto firewalls mitigation ineffective, PuTTY client vulnerable to key recovery attack 2024-04-21 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation While it initially seemed that protecting Palo Alto Network

React to this headline:

Week in review: Palo Alto Networks firewalls under attack, Microsoft patches two exploited zero-days 2024-04-14 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Palo Alto Networks firewalls under attack, hotfixes incoming! (CVE-2024-3400) Attackers are exploiting a command injection vulnerability (CVE-2024-3400) affecting Palo

React to this headline:

Week in review: 73M customers affected by AT&T data leak, errors led to US govt inboxes compromise 2024-04-07 at 11:01 By Help Net Security Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Cyber attacks on critical infrastructure show advanced tactics and new capabilities In this Help Net Security

React to this headline: