Hackers breaching construction firms via specialized accounting software
Firms in the construction industry are getting breached by hackers via internet-exposed servers running Foundation accounting software, Huntress researchers are warning. …
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …
vCISO services thrive, but challenges persist
While 75% of service providers report high customer demand for vCISO functionality, a new Cynomi report reveals that only 21% are actively offering it—opening a window onto a …
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …
Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While …
78% of SMBs fear cyberattacks could shut down their business
94% of SMBs have experienced at least one cyberattack, a dramatic rise from 64% in 2019, according to ConnectWise. This increase in cyberattacks is exacerbated by the fact …
Why SMBs are facing significant security, business risks
In this Help Net Security video, Alex Cox, Director of Threat Intelligence at LastPass, discusses how human factors are getting in the way while SMB leaders report investing …
New SOHO router malware aims for cloud accounts, internal company resources
Cuttlefish, a new malware family that targets enterprise-grade small office/home office (SOHO) routers, is used by criminals to steal account credentials / secrets for AWS, …
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn’t pay to pay up: “In Q1 2024, the proportion of victims that chose to pay touched …
Ransomware group maturity should influence ransom payment decision
Your organization has been hit by ransomware and a decision has to be made on whether or not to make the ransom payment to get your data decrypted, deleted from …
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files …
Featured news
Resources
Don't miss
- Critical Firefox, Tor Browser sandbox escape flaw fixed (CVE-2025-2857)
- Android financial threats: What businesses need to know to protect themselves and their customers
- Post-quantum cryptography and the future of online safety
- How to manage and protect your biometric data
- UK NCSC offers security guidance for domain and DNS registrars