Tag: Help Net Security

A proof-of-concept (PoC) exploit for a high-severity flaw in Splunk Enterprise (CVE-2023-46214) that can lead to remote code execution has been made public. Users are advised to implement the provided patches or workarounds quickly. About CVE-2023-46214 Splunk Enterprise is a…

Read more →

OpenSSL is a full-featured toolkit for general-purpose cryptography and secure communication. The final version of OpenSSL 3.2.0 is now available. Major changes in OpenSSL 3.2.0 This release incorporates the following potentially significant or incompatible changes: The default SSL/TLS security level…

Read more →

AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. The solution includes a Lambda function and proof of concept client. You can either adopt this client or…

Read more →

The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass security controls and gain control of systems and applications. In fact, thousands of new vulnerabilities…

Read more →

Companies need help to get visibility into the operations of their AI programs, potentially reducing productivity while creating significant risks around governance, data security, and more. In this Help Net Security video, Neil Cohen, Head of Go-To-Market at Portal26, discusses…

Read more →

In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity. Zhang explores the intricate balancing act that researchers must perform when navigating the interests of…

Read more →

Cyber resilience is the capacity of an organization to maintain its core functions and swiftly adapt to, respond to, and recover from cyber threats. A cyber-resilient organization recognizes that cyber threats are inevitable and constantly evolves its strategies to address…

Read more →

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PolarDNS: Open-source DNS server tailored for security evaluations PolarDNS is a specialized authoritative DNS server that allows the operator to produce custom DNS responses suitable…

Read more →

The Network and Information Systems Directive (NIS2), due to come into effect in October 2024, seeks to improve cyber resilience in the European Union (EU). Its effects are likely to be wider reaching, though, bringing in more stringent processes and…

Read more →

In this Help Net Security video, Tanneasha Gordon, Deloitte Risk & Financial Advisory’s data & privacy leader, discusses how many executives realize that trust is crucial to driving brand value and earning sustained customer loyalty. Privacy programs, data protection safeguards,…

Read more →

Network security is both the top challenge and the top investment priority for enterprise IT leaders, according to ISG. Network security challenges 60% of respondents to the ISG survey on network modernization ranked network security among their top five challenges,…

Read more →

AI continues to evolve to improve both cyber defense and cyber criminal activities, while regulatory pressures, continued consolidation, and geopolitical concerns will drive more proactive cybersecurity efforts with contextual threat intelligence, according to Cybersixgill. As organizations increasingly adopt Threat Exposure…

Read more →

Cybellum announced that its Product Security Platform has been formally designated as “CWE-Compatible” by the MITRE Corporation’s Common Weakness Enumeration (CWE) Compatibility and Effectiveness Program. The designation means that Chief Product Security Officers (CPSOs) and their teams are able to…

Read more →

Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These attacks comprised 73% of all website and app traffic measured. In other words, almost three-quarters of…

Read more →

2023 proved to be another challenging year for companies combating supply chain security and breaches. The 2024 outlook could be worse as attacks become increasingly sophisticated. In this Help Net Security video, Fei Huang, VP of Security Strategy at SUSE,…

Read more →

The vast majority of consumers are concerned that cyberattacks will increase or remain consistent over the coming year (97%) and become more sophisticated (69%), outpacing the ability of cyber defenses to protect against these threats, according to ThreatX. In fact,…

Read more →

Credit card skimming is on the rise for the holiday shopping season, according to Malwarebytes. Online stores are not always as secure as you might think they are, and yet you need to hand over your valuable credit card information…

Read more →

Broadcom has announced it has cleared all regulatory hurdles and plans to complete its $69 billion acquisition of VMware. The company announced it planned to move ahead with the deal after China joined the list of countries that had given…

Read more →

CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed similar activity impacting their organization,” cybersecurity and law enforcement officials have confirmed on Tuesday. In…

Read more →

Canonical announced chiselled Ubuntu containers which come with Canonical’s security maintenance and support commitment. Chiselled Ubuntu containers are ultra-small OCI images that deliver only the application and its runtime dependencies, and no other operating system-level packages, utilities, or libraries. This…

Read more →