The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert and added two new vulnerabilities related to Palo Alto Networks to its Known Exploited Vulnerabilities Catalog. These vulnerabilities, CVE-2024-9463 and CVE-2024-9465, are reportedly actively exploited by malicious cyber…
Category: EN
4M+ WordPress Websites to Attacks, Following Plugin Vulnerability
A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks,…
High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables
Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979, carries a CVSS…
New Report Details Cyber Security Scams For Retailers At Christmas: Cyber Security Today for Friday, November 15, 2024
Holiday Cyber Threats, Secret Service Surveillance & AI Safety with DOE In today’s episode of Cybersecurity Today, host Jim Love covers essential cybersecurity topics heating up this holiday season. A new report from B4AI unveils sophisticated scams targeting online shoppers,…
Top industries facing cyber threats
While consumers are no strangers to phishing emails, fraudulent SMS messages, and social media scams, the scale and complexity of cyberattacks aimed at critical sectors go far beyond these relatively simple threats. Entire industries and governmental bodies face increasingly sophisticated…
Bitsight acquires Cybersixgill for $115 Million
In a significant move to bolster its cybersecurity portfolio, Bitsight, a leading cybersecurity startup based in Massachusetts, has officially announced its acquisition of Cybersixgill, an Israeli-based dark web security specialist, for $115 million. This deal marks a key step in…
The invisible cyber shield that combats morphing threats
Cyber threats are evolving at an alarming rate. AI-powered malware, advanced phishing techniques, and adaptive attacks can by-pass traditional security measures, leaving today’s defences inadequate in isolation. Businesses need a new, invisible shield for comprehensive protection. This year’s (2024) Verizon…
Microsoft Power Pages misconfigurations exposing sensitive data
NHS supplier that leaked employee info fell victim to fiddly access controls that can leave databases dangling online Private businesses and public-sector organizations are unwittingly exposing millions of people’s sensitive information to the public internet because they misconfigure Microsoft’s Power…
CISA Flags Two Actively Exploited Palo Alto Flaws; New RCE Attack Confirmed
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited…
Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday. Lichtenstein was charged for his involvement in a money laundering…
For Today’s Enterprise, Modern IGA Helps Control Your Acceleration
When you’re trying to get somewhere fast, you need to know that your car has good brakes. In this instance, you’re not always trying to stop the car but to maintain control as you move forward. Would you want to…
Enhancing security posture through advanced offensive security testing
New survey provides insight into the source of breaches and how to react As cyberthreats evolve, so must the strategies used to protect against them. For companies, staying ahead of these threats requires not only security technologies and processes but…
ESET APT Activity Report Q2 2024–Q3 2024: Key findings
ESET Chief Security Evangelist Tony Anscombe highlights some of the most intriguing insights revealed in the latest ESET APT Activity Report This article has been indexed from WeLiveSecurity Read the original article: ESET APT Activity Report Q2 2024–Q3 2024: Key…
AI’s impact on the future of web application security
In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed by APIs, and strategies for securing web applications. Perez also addresses how AI-driven threats are…
CISA Flags Critical Palo Alto Network Flaws Actively Exploited in the Wild
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday warned that two more flaws impacting the Palo Alto Networks Expedition have come under active exploitation in the wild. To that, it has added the vulnerabilities to its Known Exploited…
An Interview With the Target & Home Depot Hacker
In December 2023, KrebsOnSecurity revealed the real-life identity of Rescator, the nickname used by a Russian cybercriminal who sold more than 100 million payment cards stolen from Target and Home Depot between 2013 and 2014. Moscow resident Mikhail Shefel, who…
Critical vulnerabilities persist in high-risk sectors
Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The report, which analyzes data from over 200,000 dynamic application security testing (DAST) scans conducted by…
Using AI to drive cybersecurity risk scoring systems
In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for cybersecurity threats, and how AI is revolutionizing risk assessment and management in cybersecurity. The post Using…
NIST report on hardware security risks reveals 98 failure scenarios
NIST’s latest report, “Hardware Security Failure Scenarios: Potential Hardware Weaknesses” (NIST IR 8517), explores the hidden vulnerabilities in computer hardware, a domain often considered more secure than software. The report highlights how hardware flaws embedded in chip designs can lead…
New infosec products of the week: November 15, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Absolute Security, BlackFog, Eurotech, Nirmata, Rakuten Viber, Syteca, and Vectra. Eurotech ReliaGATE 15A-14 enables organizations to meet regulatory standards The ReliaGATE 15A-14 combines flexible feature…