Why it’s the perfect time to reflect on your software update policy
The threat landscape is evolving by the minute, with both malicious actors and well-intentioned researchers constantly on the hunt for new attack vectors that bypass…
Category: HelpnetSecurity
Vulnerability disclosure: Legal risks and ethical considerations for researchers
In this Help Net Security interview, Eddie Zhang, Principal Consultant at Project Black, explores the complex and often controversial world of vulnerability disclosure in cybersecurity.…
Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: PolarDNS: Open-source DNS server tailored for security evaluationsPolarDNS is a…
NIS2 and its global ramifications
The Network and Information Systems Directive (NIS2), due to come into effect in October 2024, seeks to improve cyber resilience in the European Union (EU).…
Network security tops infrastructure investments
Network security is both the top challenge and the top investment priority for enterprise IT leaders, according to ISG. Network security challenges 60% of respondents…
AI and contextual threat intelligence reshape defense strategies
AI continues to evolve to improve both cyber defense and cyber criminal activities, while regulatory pressures, continued consolidation, and geopolitical concerns will drive more proactive…
Cybercriminals turn to ready-made bots for quick attacks
Bots and human fraud farms were responsible for billions of attacks in the H1 of 2023 and into Q3, according to Arkose Labs. These attacks…
Online stores may not be as secure as you think
Credit card skimming is on the rise for the holiday shopping season, according to Malwarebytes. Online stores are not always as secure as you might…
How LockBit used Citrix Bleed to breach Boeing and other targets
CVE-2023-4966, aka “Citrix Bleed”, has been exploited by LockBit 3.0 affiliates to breach Boeing’s parts and distribution business, and “other trusted third parties have observed…
CyberArk unveils passwordless authentication options to reduce credential theft
CyberArk has expanded passwordless authentication capabilities with new passkeys support. Now, CyberArk Identity customers can accelerate passwordless adoption and reduce cybersecurity risk by enabling the…
Microsoft announces Defender bug bounty program
Microsoft has announced a new bug bounty program aimed at unearthing vulnerabilities in Defender-related products and services, and is offering participants the possibility to earn…
CISA offers cybersecurity services to non-federal orgs in critical infrastructure sector
The Cybersecurity and Infrastructure Security Agency (CISA) has announced a pilot program that aims to offer cybersecurity services to critical infrastructure entities as they have…