Major security audit of critical FreeBSD components now available
The FreeBSD Foundation, in partnership with the Alpha-Omega Project, has released the results of an extensive security audit of two critical FreeBSD components: the bhyve…
Category: HelpnetSecurity
How and where to report cybercrime: What you need to know
Cybercrime reporting mechanisms vary across the globe, with each country offering different methods for citizens to report cybercrime, including online fraud, identity theft, and other…
Transforming code scanning and threat detection with GenAI
In this Help Net Security interview, Stuart McClure, CEO of Qwiet AI, discusses the evolution of code scanning practices, highlighting the shift from reactive fixes…
Navigating the compliance labyrinth: A CSO’s guide to scaling security
Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve…
Evaluating GRC tools – Help Net Security
According to Gartner, the broad range of pricing for government, risk, and compliance (GRC) tools requires enterprise risk management (ERM) leaders to be well-versed in…
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps
ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for potential security gaps. ScubaGear…
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039)November 2024 Patch Tuesday…
Cybercriminals hijack DNS to build stealth attack networks
Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, and…
Cyber crooks push Android malware via letter
Cyber crooks are trying out an interesting new approach for getting information-stealing malware installed on Android users’ smartphones: a physical letter impersonating MeteoSwiss (i.e., Switzerland’s…
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)
Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration tool, CISA has confirmed on Thursday. About…
AI’s impact on the future of web application security
In this Help Net Security interview, Tony Perez, CEO at NOC.org, discusses the role of continuous monitoring for real-time threat detection, the unique risks posed…
Critical vulnerabilities persist in high-risk sectors
Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest vulnerabilities The…