vulnerability
New SolarWinds Serv-U vulnerability targeted in Log4j-related attacks
Attackers looking to exploit recently discovered Log4j vulnerabilities are also trying to take advantage of a previously undisclosed vulnerability in the SolarWinds Serv-U …
Software supply chain attacks jumped over 300% in 2021
Software supply chain attacks grew by more than 300% in 2021 compared to 2020, according to a study by Argon Security. According to the study, researchers discovered attackers …
Cultivating a security-first mindset for software developers
There is a “great cyber security awakening” happening across companies. Right now, we need a fundamental new approach to development, so we are not constantly firefighting. …
Manufacturers are starting to realize the importance of OT security
While rapid technology advances have improved manufacturing operations in recent years, combining new and legacy operational technology (OT) has created security gaps that …
When it comes to banking security, there’s no silver bullet
In this interview with Help Net Security, Ido Helshtock, Chief Product Officer at HUB Security, talks about banking security, the most common vulnerabilities, and what banks …
Delivering vulnerable signed kernel drivers remains popular among attackers
ESET researchers took an in-depth look into the abuse of vulnerable kernel drivers. Vulnerabilities in signed drivers are mostly utilized by game cheat developers to …
2022 promises to be a challenging year for cybersecurity professionals
I am very glad to turn the page on 2021, however, I am not optimistic that 2022 will be remarkably better. I am hopeful that President Biden’s Executive Order 14028 and the …
Small businesses are most vulnerable to growing cybersecurity threats
Many small and medium-sized businesses (SMBs) mistakenly assume (hope?) their size makes them a less appealing target to hackers, without realizing cyber criminals are eager …
The Log4j debacle showed again that public disclosure of 0-days only helps attackers
On December 9, 2021, a (now deleted) tweet linking to a 0-day proof of concept (PoC) exploit (also now deleted) for the Log4Shell vulnerability on GitHub set the internet on …
Experts uncover Elephant Beetle, an organized financial-theft operation
Sygnia announced that it has released its comprehensive report uncovering an organized financial-theft operation it has termed Elephant Beetle. For the past two years, the …
Insider threat does not have to be malicious, so how do you protect your organization?
In this interview with Help Net Security, Laura Hoffner, Chief of Staff at Concentric, talks about the causes of insider threat attacks and what companies can do to mitigate …
Why the UK’s energy sector is fragile and ripe to cyber attacks
For the first time in a generation, the UK is in the middle of an unprecedented supply chain crisis, and in recent weeks, we have seen very clearly the immediate and …
Featured news
Resources
Don't miss
- Critical Wing FTP Server vulnerability exploited in the wild (CVE-2025-47812)
- Where policy meets profit: Navigating the new frontier of defense tech startups
- Four arrested in connection with M&S, Co-op ransomware attacks
- Ruckus network management solutions riddled with unpatched vulnerabilities
- What EU’s PQC roadmap means on the ground