Category: HelpnetSecurity

Purple teaming and the role of threat categorization
11
Jan
2024

Purple teaming and the role of threat categorization

Organizations constantly work to ensure optimal threat detection and prevention across their systems. One question gets asked repeatedly: “Can we…

APIs are increasingly becoming attractive targets
11
Jan
2024

APIs are increasingly becoming attractive targets

APIs, a technology that underpins today’s most used sites and apps, are being leveraged by businesses more than ever—ultimately opening…

Hackers are targeting exposed MS SQL servers with Mimic ransomware
10
Jan
2024

Hackers are targeting exposed MS SQL servers with Mimic ransomware

Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. About Mimic ransomware Mimic…

Top LLM vulnerabilities and how to mitigate the associated risk
10
Jan
2024

Top LLM vulnerabilities and how to mitigate the associated risk

As large language models (LLMs) become more prevalent, a comprehensive understanding of the LLM threat landscape remains elusive. But this…

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals
10
Jan
2024

Fly Catcher: Detect aircraft spoofing by monitoring for malicious signals

Fly Catcher is an open-source device that can detect aircraft spoofing by monitoring for malicious ADS-B signals in the 1090MHz…

Researchers develop technique to prevent software bugs
10
Jan
2024

Researchers develop technique to prevent software bugs

A team of computer scientists led by the University of Massachusetts Amherst recently announced a new method for automatically generating…

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)
09
Jan
2024

Microsoft fixes critical flaws in Windows Kerberos, Hyper-V (CVE-2024-20674, CVE-2024-20700)

For January 2024 Patch Tuesday, Microsoft has released fixes for 49 CVE-numbered vulnerabilities, two of which are critical: CVE-2024-20674 and…

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production
09
Jan
2024

Attackers could use vulnerabilities in Bosch Rexroth nutrunners to disrupt automotive production

Researchers have discovered over two dozen vulnerabilities in “smart” cordless nutrunners (i.e., pneumatic torque wrenches) manufactured by Bosch Rexroth that…

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)
09
Jan
2024

SQLi vulnerability in Cacti could lead to RCE (CVE-2023-51448)

A blind SQL injection vulnerability (CVE-2023-51448) in Cacti, a widely-used network monitoring, performance and fault management framework, could lead to…

If you prepare, a data security incident will not cause an existential crisis
09
Jan
2024

If you prepare, a data security incident will not cause an existential crisis

Why is it that when a company becomes aware of a potential data security incident, the team working on it…

Understanding zero-trust design philosophy and principles
09
Jan
2024

Understanding zero-trust design philosophy and principles

In this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses…

Securing AI systems against evasion, poisoning, and abuse
09
Jan
2024

Securing AI systems against evasion, poisoning, and abuse

Adversaries can intentionally mislead or “poison” AI systems, causing them to malfunction, and developers have yet to find an infallible…