Russian APT phished government employees via Microsoft Teams
An APT group linked to Russia’s Foreign Intelligence Service has hit employees of several dozen global organizations with phishing attacks via Microsoft Teams, says Microsoft.…
Category: HelpnetSecurity
Ivanti discloses another vulnerability in MobileIron Core (CVE-2023-35082)
Ivanti has disclosed a critical vulnerability (CVE-2023-35082) affecting old, out-of-support versions of MobileIron Core, an enterprise device solution that has since been rebranded to Ivanti…
Assess multi-cloud security with the open-source CNAPPgoat project
Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are…
SCARF cipher sets new standards in protecting sensitive data
A group of international researchers has achieved a breakthrough in computer security by developing a new and highly efficient cipher for cache randomization. The innovative…
Traceable AI combats API abuse with digital fraud prevention capabilities
Traceable AI introduced digital fraud prevention capabilities, to deliver protection against fraudulent activities across APIs and digital interfaces. This innovation is crucial, especially in the…
Salesforce and Meta suffer phishing campaign that evades typical detection methods
The Guardio research team discovered an email phishing campaign exploiting a zero-day vulnerability in Salesforce’s legitimate email services and SMTP servers. Phishing email sample as…
Attackers can turn AWS SSM agents into remote access trojans
Mitiga researchers have documented a new post-exploitation technique attackers can use to gain persistent remote access to AWS Elastic Compute Cloud (EC2) instances (virtual servers),…
Delivering privacy in a world of pervasive digital surveillance: Tor Project’s Executive Director speaks out
The overarching mission of the US-based non-profit organization the Tor Project is to advance human rights and make open-source, privacy preserving software available to people…
From tech expertise to leadership: Unpacking the role of a CISO
In this Help Net Security interview, Attila Török, CISO at GoTo, discusses how to balance technical expertise and leadership and how he navigates the rapidly…
Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD)…
Forescout Risk and Exposure Management offers quantitative approach to risk prioritization
Forescout unveiled Risk and Exposure Management, its cloud-native product designed to collate all data sources associated with an enterprise’s connected assets and calculate a unique…
Synopsys Software Risk Manager simplifies application security testing
Synopsys launched Synopsys Software Risk Manager, a new application security posture management (ASPM) solution. Software Risk Manager enables security and development teams to simplify, align…