Attackers can steal NTLM password hashes via calendar invites
A recently patched vulnerability in Microsoft Outlook (CVE-2023-35636) that can be used by attackers to steal users’ NTLM v2 hashes can be exploited by adding two …
1,700 Ivanti VPN devices compromised. Are yours among them?
Over 1,700 Ivanti Connect Secure VPN devices worldwide have been compromised by attackers exploiting two zero-days with no patches currently available. “Additional …
“Security researcher” offers to delete data stolen by ransomware attackers
When organizations get hit by ransomware and pay the crooks to decrypt the encrypted data and delete the stolen data, they can never be entirely sure the criminals will do as …
EOL Sophos firewalls get hotfix for old but still exploited vulnerability (CVE-2022-3236)
Over a year has passed since Sophos delivered patches for a vulnerability affecting Sophos Firewalls (CVE-2022-3236) that was being actively exploited by attackers, and now …
SMBs face surge in “malware free” attacks
“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and …
SMBs at risk as AI misconceptions lead to overconfidence
Despite advancements in IT security measures, SMBs remain firmly in the crosshairs of cybercriminals, according to Devolutions. Ransomware payments and IoT malware incidents …
Google ads for KeePass, Notepad++ lead to malware
Users using Google to search for and download the KeePass password manager and the Notepad++ text editor may have inadvertently gotten saddled with malware, says Jérôme …
SMBs seek help as cyber threats reach an all-time high
Understanding the evolving threat landscape is the biggest cybersecurity challenge facing SMBs, including non-for-profit organizations – and more than half are calling for …
The pitfalls of neglecting security ownership at the design stage
For companies to avoid bleeding millions through cyber threats, they must build adaptability into their security strategy from the start while considering a range of inputs …
How should SMBs navigate the phishing minefield?
In this Help Net Security interview, Pete Hoff, CISO at Wursta, offers advice to SMB security leaders and professionals on how to minimize the threat phishing presents to …
Cisco VPNs with no MFA enabled hit by ransomware groups
Since March 2023 (and possibly even earlier), affiliates of the Akira and LockBit ransomware operators have been breaching organizations via Cisco ASA SSL VPN appliances. …
Google Workspace: New account security, DLP capabilities announced
New capabilities in Google Workspace will help enterprises improve account and data security, by making unauthorized takeover of admin and user accounts and exfiltration of …
Featured news
Sponsored
Don't miss
- ChatGPTriage: How can CISOs see and control employees’ AI use?
- Managing exam pressure: Tips for certification preparation
- Firmware update hides Bluetooth fingerprints
- Critical Exim vulnerability facilitates malware delivery (CVE-2024-39929)
- Risk related to non-human identities: Believe the hype, reject the FUD