Category: HelpnetSecurity

3 ways to combat rising OAuth SaaS attacks
16
Jan
2024

3 ways to combat rising OAuth SaaS attacks

OAuth attacks are on the rise. In December, the Microsoft Threat Intelligence team observed threat actors misusing OAuth apps to…

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations
16
Jan
2024

Tsurugi Linux: Tailoring user experience for digital forensics and OSINT investigations

Tsurugi Linux is a heavily customized open-source distribution focused on supporting DFIR investigations. The project focuses mainly on live forensics…

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)
15
Jan
2024

Windows SmartScreen bug exploited to deliver powerful info-stealer (CVE-2023-36025)

A vulnerability (CVE-2023-36025) that Microsoft fixed in November 2023 continues to be exploited by malware peddlers: this time around, the…

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)
15
Jan
2024

Juniper fixes critical RCE in its SRX firewalls and EX switches (CVE-2024-21591)

Juniper Networks has fixed a critical pre-authentication remote code execution (RCE) vulnerability (CVE-2024-21591) in Junos OS on SRX firewalls and…

Flipping the BEC funnel: Phishing in the age of GenAI
15
Jan
2024

Flipping the BEC funnel: Phishing in the age of GenAI

For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic (and usually poorly-written)…

Adalanche: Open-source Active Directory ACL visualizer, explorer
15
Jan
2024

Adalanche: Open-source Active Directory ACL visualizer, explorer

Adalanche provides immediate insights into the permissions of users and groups within an Active Directory. It’s an effective open-source tool…

Key elements for a successful cyber risk management strategy
15
Jan
2024

Key elements for a successful cyber risk management strategy

In this Help Net Security interview, Yoav Nathaniel, CEO at Silk Security, discusses the evolution of cyber risk management strategies…

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days
14
Jan
2024

Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective tricks…

Akira ransomware attackers are wiping NAS and tape backups
12
Jan
2024

Akira ransomware attackers are wiping NAS and tape backups

“The Akira ransomware malware, which was first detected in Finland in June 2023, has been particularly active at the end…

Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)
12
Jan
2024

Critical GitLab flaw allows account takeover without user interaction, patch quickly! (CVE-2023-7028)

A critical vulnerability in GitLab CE/EE (CVE-2023-7028) can be easily exploited by attackers to reset GitLab user account passwords. While…

LLM hype fades as enterprises embrace targeted AI models
12
Jan
2024

LLM hype fades as enterprises embrace targeted AI models

2023 was the year of AI enterprise adoption, with 55% of organizations adopting AI into their workflows, according to a…

Cloud security predictions for 2024
12
Jan
2024

Cloud security predictions for 2024

As we reflect on the cybersecurity landscape and the trajectories of threat vectors, it’s evident that we’re on the cusp…