Category: Help Net Security

Google has rolled out a security update for a critical Chrome zero-day vulnerability (CVE-2023-4863) exploited in the wild. About the vulnerability (CVE-2023-4863) CVE-2023-4863 is a critical heap buffer overflow vulnerability in the component that handles WebP, a raster graphics file…

Read more →

More than 80% of organizations have experienced an identity-related breach that involved the use of compromised credentials, half of which happened in the past 12 months, according to Silverfort and Osterman Research. Lack of visibility into the identity attack surface…

Read more →

The same digital automation tools that have revolutionized workflows for developers are creating an uphill battle regarding security. From data breaches and cyberattacks to compliance concerns, the stakes have never been higher for enterprises to establish a robust and comprehensive…

Read more →

Amazon Web Services (AWS) is the most extensive and widely-used cloud platform in the world, providing more than 200 services through global data centers. It serves millions of clients, ranging from startups to major corporations and government organizations. AWS has…

Read more →

Whether you’re facing a security audit or interested in configuring systems securely, CIS SecureSuite Membership is here to help. CIS SecureSuite provides thousands of organizations with access to an effective and comprehensive set of cybersecurity resources and tools to implement…

Read more →

Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A…

Read more →

Over 70% of CISOs feel that the importance of information security is not recognised by senior leadership, according to BSS. The CISOs said their top four highest investment priorities in 2023 are change management (35%), information security resilience (34%), data…

Read more →

Fortinet and Wiz announced that Wiz has joined the Fortinet Fabric-Ready Technology Alliance Partner Program and Fortinet has joined the Wiz Integration (WIN) Program. The two companies have jointly developed an integrated solution to help enterprises protect their cloud workload…

Read more →

SecuX revealed its latest creation, the Shield BIO card-type hardware wallet. The Shield BIO combines biometric fingerprint authentication with the handy format of a credit card. At the heart of this wallet is the military-grade Secure Element chip, synonymous with…

Read more →

A new phishing campaign taking advantage of an easily exploitable issue in Microsoft Teams to deliver malware has been flagged by researchers. Delivering malware to Microsoft Teams users Late last month, Truesec researchers spotted two compromised Microsoft 365 accounts sending…

Read more →

In this Help Net Security interview, Adrien Petit, CEO at Uncovery, discusses the benefits that organizations can derive from implementing external attack surface management (EASM) solutions, the essential capabilities an EASM solution should possess, and how it deals with uncovering…

Read more →

73% of board members believe they face the risk of a major cyber attack in the next 12 months, a notable increase from 65% in 2022, according to Proofpoint. Likewise, 53% feel unprepared to cope with a targeted attack, up…

Read more →

While APIs are essential to many operations and used extensively, a lack of prioritization and understanding is leading us towards a growing API security crisis, according to a report by Traceable AI and Ponemon Institute. The urgency for API security…

Read more →

Sending an email with a forged address is easier than previously thought, due to flaws in the process that allows email forwarding, according to a research team led by computer scientists at the University of California San Diego. The issues…

Read more →

Every online interaction hinges on the bedrock of network security. With cyber threats and data breaches making headlines daily, businesses must understand how network security safeguards consumer privacy. In this Help Net Security video, Shawn Edwards, CSO at Zayo Group,…

Read more →

Social engineering is a manipulative technique used by individuals or groups to deceive or manipulate others into divulging confidential or sensitive information, performing actions, or making decisions that are not in their best interest. It often involves exploiting human psychology…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: The misconceptions preventing wider adoption of digital signatures In this Help Net Security interview, Thorsten Hau, CEO at fidentity, discusses the legal validity of qualified…

Read more →

PallyCon has introduced a new feature called PallyCon DRM License Cipher, designed to address vulnerabilities in software-level DRM solutions. In today’s digital era, the protection of digital content is more crucial than ever. Digital Rights Management (DRM) systems stand as…

Read more →

A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support…

Read more →

Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The…

Read more →