Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source projects, breaking news – subscribe here!

Please turn on your JavaScript for this page to function normally.
Adobe Flash
Adobe patches newly exploited Flash zero-day

Adobe has released an out-of-band security update for Flash Player that fixes two vulnerabilities, one of which is a zero-day (CVE-2018-15982) that has been spotted being …

Circle eye
Post-exploitation scanning tool scavenges for useful information

Philip Pieterse, Principal Consultant for Trustwave’s SpiderLabs, has demonstrated at Black Hat Arsenal Europe 2018 a new tool for penetration testers called Scavenger. …

Google Chrome
Chrome 71 is out, with several security changes

Google has released Chrome 71 for Windows, Mac, Linux and Android. The newest version of the popular browser comes with 43 security fixes and many new features, including …

Critical Kubernetes privilege escalation flaw patched, update ASAP!

A critical privilege escalation vulnerability affecting the popular open source cluster management and container orchestration software Kubernetes has been patched on Monday. …

Quora
Quora data breach: 100 million users affected

Question-and-answer website Quora has suffered a data breach that may have affected approximately 100 million of its users. About Quora Quora was founded in June 2009 by …

Awake Security
Detecting malicious behavior blended with business-justified activity

With organizations moving to the cloud and remote workers becoming the rule rather than the exception, the definition of the network is changing. Add to this the increasing …

Adobe Flash
Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as …

Coins
Make-A-Wish website compromised to serve cryptojacking script

Visitors of the international website of the US-based non-profit Make-A-Wish Foundation have had their computing power misused to covertly mine cryptocurrency, Trustwave …

TP-Link TL-R600VPN
“Classic” bugs open TP-Link’s SafeStream Gigabit Broadband VPN Router to attack

Cisco Talos researchers have flagged four serious vulnerabilities in TP-Link’s SafeStream Gigabit Broadband VPN Router (TL-R600VPN). All four affect the device’s …

AWS
New security feature to prevent Amazon S3 bucket misconfiguration and data leaks

Hardly a week goes by that we don’t hear about an organization leaving sensitive data exposed on the Internet because they failed to properly configure their Amazon S3 …

code
Helping researchers with IoT firmware vulnerability discovery

John Toterhi, a security researcher with IoT security company Finite State, believes that many of the security problems plaguing IoT devices are solvable problems through …

patch
November 2018 Patch Tuesday: Microsoft fixes 63 flaws, one actively exploited zero-day

As part of the November 2018 Patch Tuesday, Microsoft has released 62 security patches and several advisories. There are 12 critical vulnerabilities among those patched this …

Don't miss

Cybersecurity news
Daily newsletter sent Monday-Friday
Weekly newsletter sent on Mondays
Editor's choice newsletter sent twice a month
Periodical newsletter released when there is breaking news
Weekly newsletter listing new cybersecurity job positions
Monthly newsletter focusing on open source cybersecurity tools