Category: Help Net Security

A vulnerability (CVE-2023-20269) in Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) firewalls is being exploited by attackers to gain access to vulnerable internet-exposed devices. “This vulnerability was found during the resolution of a Cisco TAC support…

Read more →

Apple has patched two zero-day vulnerabilities (CVE-2023-41064, CVE-2023-41061) exploited to deliver NSO Group’s Pegasus spyware. “The exploit chain was capable of compromising iPhones running the latest version of iOS (16.6) without any interaction from the victim,” Citizen Lab shared. “The…

Read more →

North Korean threat actors are once again attempting to compromise security researchers’ machines by employing a zero-day exploit. The warning comes from Google’s own security researchers Clement Lecigne and Maddie Stone, who detailed the latest campaign mounted by government-backed attackers.…

Read more →

Here’s a look at the most interesting products from the past week, featuring releases from CyberSaint, Ghost Security, Hornetsecurity, NTT Security Holdings, and TXOne Networks. Reaper: Open-source reconnaissance and attack proxy workflow automation Reaper is an open-source reconnaissance and attack…

Read more →

Microsoft addressed 33 CVEs in Windows 10 and 11 last month after nearly 3x that number in July. But despite the lull in CVEs, they did provide new security updates for Microsoft Exchange Server, .NET Framework, and even SQL Server,…

Read more →

Digital information exchange can be safer, cheaper and more environmentally friendly with the help of a new type of random number generator for encryption developed at Linköping University. Experimental setup of the quantum random number generator. The yellow squares on…

Read more →

Two-thirds of organizations have not implemented environmental, social and governance (ESG) controls, and 60% do not currently perform internal ESG audits, according to a report by AuditBoard. Lack of ESG program readiness This lack of ESG program readiness raises the…

Read more →

69% of organizations in the education sector suffered a cyberattack within the last 12 months, according to Netwrix. Phishing and account compromise threaten the education sector Phishing and user account compromise were the most common attack paths for these organizations,…

Read more →

Implementing a robust backup strategy for safeguarding crucial business data is more essential than ever. Without such a plan, organizations risk paying ransoms and incurring expenses related to investigations and lost productivity. In this Help Net Security video, David Boland,…

Read more →

Perception Point unveiled new solution to address the escalating threat of QR code phishing, commonly referred to as “quishing”. With the recent influx in quishing campaigns, the need for a definitive solution has never been more pressing. The re-emergence of…

Read more →

OPSWAT has announced a collaboration with BlackBerry, that will see the company’s MetaDefender platform integrated with BlackBerry’s Cylance AI to deliver prevention-first, predictive security to combat the most advanced cyberattacks. Having recently announced an update to its patented AI engine…

Read more →

Cloudflare announced Cloudflare One Data Protection Suite, a unified set of advanced security solutions designed to protect data across every environment – web, SaaS, and private applications. Powered by Cloudflare’s Security Service Edge (SSE), customers can streamline compliance in the…

Read more →

Druva released its cyber resiliency offerings for Managed Service Providers (MSPs) globally. The Security Posture and Observability (SP&O) and Accelerated Ransomware Recovery (ARR) solutions enable Druva MSP partners to harness ransomware response and recovery capabilities to fortify their clients’ data…

Read more →

Sprinklr has unveiled the integration of the Sprinklr AI+ platform with Google Cloud’s Vertex AI for unified customer experience management. Sprinklr AI+ gives brands unified generative AI capabilities for customer service, insights, social media management, and marketing that is built…

Read more →

AUCloud has deployed SentinelOne’s Singularity Platform to keep its business operations and the critical digital infrastructure it supplies to some of the nation’s most trusted government agencies and enterprises safe. “As a growing cloud provider trusted by government agencies and…

Read more →

Accenture and Workday are expanding their partnership to help organizations reinvent their finance functions to be more agile, data-driven and customer-centric. The companies are collaborating to develop a suite of data-led, composable finance solutions that can be configured and reconfigured…

Read more →

The mystery of how Chinese hackers managed to steal a crucial signing key that allowed them to breach Microsoft 365’s email service and access accounts of employees of 25 government agencies has been explained: they found it somewhere where it…

Read more →

Pynt released its autopilot platform for API security used by developers and security experts, as well as $6 million in Seed funding led by Joule Ventures with the participation of Dallas VC and Honeystone VC. The use of APIs is…

Read more →

A newer version of the Atomic Stealer macOS malware has a new trick that allows it to bypass the operating system’s Gatekeeper, Malwarebytes researchers have discovered. Mac malware delivered through Google ads The malware, which was first advertised in April…

Read more →

Tenable Holdings has signed a definitive agreement to acquire Ermetic. Tenable intends to integrate Ermetic’s capabilities into its Tenable One Exposure Management Platform to deliver contextual risk visibility, prioritization, and remediation across infrastructure and identities, both on-premise and in the…

Read more →