Zeljka Zorz
Phishers steal Office 365 users’ session cookies to bypass MFA, commit payment fraud
A massive phishing campaign has been targeting Office 365 (i.e., Microsoft 365) users in over 10,000 organizations since September 2021 and successfully bypassing multi-factor …
Who are the best fraud fighters?
Seasoned fraud expert PJ Rohall has recently become the new Head of Fraud Strategy & Education at SEON. In this Help Net Security interview, he talks about how he entered …
Microsoft fixes exploited zero-day in Windows CSRSS (CVE-2022-22047)
The July 2022 Patch Tuesday is upon us and has brought fixes for 84 CVEs in various Microsoft products, including an actively exploited zero-day: CVE-2022-22047, an elevation …
Researchers defeat facial recognition systems with universal face mask
Can attackers create a face mask that would defeat modern facial recognition (FR) systems? A group of researchers from from Ben-Gurion University of the Negev and Tel Aviv …
Linode + Kali Linux: Added security for cloud instances
Kali Linux, the popular open source Linux distribution specialized for penetration testing, ethical hacking and security auditing, can now be used by Linode customers. Getting …
Checkmate ransomware hits QNAP NAS devices
QNAP Systems is warning about Checkmate, a new piece of ransomware targeting users of its network-attached storage (NAS) appliances. “Preliminary investigation indicates …
Threat actors exchange beacons for badgers to evade endpoint security
Unidentified cyber threat actors have started using Brute Ratel C4 (BRc4), an adversary simulation tool similar to Cobalt Strike, to try to avoid detection by endpoint …
Healthcare organizations targeted with Maui ransomware
A less known ransomware threat dubbed Maui has been and is likely to continue hitting healthcare organizations, a new CISA alert warns. Maui is unusual in many ways: it does …
CISA and NPower offer free entry-level cybersecurity training
NPower, a US-based non-profit participating in a cybersecurity workforce development program started by the Cybersecurity and Infrastructure Agency (CISA), is looking for …
Attackers are using deepfakes to snag remote IT jobs
Malicious individuals are using stolen personally identifiable information (PII) and voice and video deepfakes to try to land remote IT, programming, database and …
OT security: Helping under-resourced critical infrastructure organizations
In this Help Net Security interview, Dawn Cappelli, Director of OT-CERT at the industrial cybersecurity company Dragos, talks about the OT security risks critical …
Attackers still exploit Log4Shell on VMware Horizon servers, CISA warns
If your organization is running VMware Horizon and Unified Access Gateway servers and you haven’t implemented the patches or workarounds to fix/mitigate the Log4Shell …
Featured news
Resources
Don't miss
- Hawk Eye: Open-source scanner uncovers secrets and PII across platforms
- The Zoom attack you didn’t see coming
- Sonicwall SMA100 vulnerability exploited by attackers (CVE-2021-20035)
- The UK’s phone theft crisis is a wake-up call for digital security
- Securing digital products under the Cyber Resilience Act