Dangerous vulnerability can be exploited to carry out massive DDoS attacks (CVE-2023-44487)
Cloudflare, Google, and Amazon AWS revealed that a zero-day vulnerability in the HTTP/2 protocol has been used to mount massive, high-volume DDoS attacks, which they dubbed …
GNOME users at risk of RCE attack (CVE-2023-43641)
If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption …
Be prepared to patch high-severity vulnerability in curl and libcurl
UPDATE (October 11, 2023, 07:15 a.m. ET): Curl v8.4.0 is out and fixes both CVE-2023-38545, a SOCKS5 heap buffer overflow vulnerability and CVE-2023-38546, a cookie injection …
Why zero trust delivers even more resilience than you think
Ten years ago, zero trust was an exciting, innovative perspective shift that security experts were excited to explore; today, it’s more likely to be framed as an inevitable …
Turning military veterans into cybersecurity experts
In this Help Net Security interview, James Murphy, the Director of the TechVets Programme at the Forces Employment Charity and member of Fortinet’s Veterans Program …
Cybersecurity pros predict rise of malicious AI
76% of cybersecurity professionals believe the world is very close to encountering malicious AI that can bypass most known cybersecurity measures, according to Enea. 26% see …
Cybercriminals can go from click to compromise in less than a day
The median dwell time in ransomware engagements dropped to just under 24 hours from 4.5 days in the previous year and 5.5 days in the year before that, according to …
eBook: Cybersecurity career hacks for newcomers
Are you excited to pursue a cybersecurity career but unsure where to begin? Whether you’re a student, an incoming professional, or ready to work in a different field, the …
$2.7 billion lost to social media scams since 2021
Scams originating on social media have accounted for $2.7 billion in reported losses since 2021, more than any other contact method, according to the Federal Trade Commission. …
Microsoft 365 email senders urged to implement SPF, DKIM and DMARC
In the wake of Google’s announcement of new rules for bulk senders, Microsoft is urging Microsoft 365 email senders to implement SPF, DKIM and DMARC email authentication …
Exploit writers invited to probe Chrome’s V8 engine, Google Cloud’s KVM
Google is asking bug hunters and exploit writers to develop 0-day and n-day exploits in Chrome’s V8 JavaScript engine and Google Cloud’s Kernel-based Virtual …
Selective disclosure in the identity wallet: How users share the data that is really needed
Name, date of birth, address, email address, passwords, tax records, or payroll – all this sensitive user data is stored by companies in huge databases to identify individuals …