Help Net Security
Ukrainian cyberwar experience becomes blueprint for TRYZUB cyber training service
The Computer Emergency Response Team of Ukraine (CERT-UA), part of the State Service of Special Communications and Information Protection (SSSCIP), has joined forces with the …
Product showcase: Augmenting penetration testing with Plainsea
Human-led penetration testing is an essential practice for any organization seeking to proactively address potential attack vectors. However, this indispensable pentesting …
CWE top 25 most dangerous software weaknesses
The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these …
Preventing credential theft in the age of AI
In this Help Net Security video, Dr. Tina Srivastava, PhD, MIT Lecturer and CEO of Badge, discusses a 20-year cryptography problem – using biometrics for authentication …
Full recovery from breaches takes longer than expected
In 2024, businesses reported taking an average of 7.3 months to recover from cybersecurity breaches – 25% longer than expected and over a month past the anticipated …
Oracle Linux 9 Update 5 brings security updates, OpenJDK 17, .NET 9.0
Oracle Linux offers a secure, streamlined platform for deploying and managing applications across on-premises, cloud, and edge environments. Designed for demanding workloads, …
Five backup lessons learned from the UnitedHealth ransomware attack
The ransomware attack on UnitedHealth earlier this year is quickly becoming the healthcare industry’s version of Colonial Pipeline, prompting congressional testimony, lawmaker …
Safeguarding the DNS through registries
The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like …
Overreliance on GenAI to develop software compromises security
GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and …
Cross-IdP impersonation bypasses SSO protections
Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service …
Phobos ransomware administrator faces US cybercrime charges
The Justice Department unsealed criminal charges against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos …
AlmaLinux 9.5 released: Security updates, new packages, and more!
AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to …