NIS2 Directive raises stakes for security leaders
In this Help Net Security interview, Roland Palmer, VP Global Operations Center at Sumo Logic, discusses key challenges and innovations of the NIS2 Directive, aiming to …
DDoS attack power skyrockets to 1.6 Tbps
DDoS attack trends for the second half of 2023 reveal alarming developments in their scale and sophistication, according to Gcore. The maximum attack power rose from 800 Gbps …
Crowdsourced security is not just for tech companies anymore
There is a misconception that only software and technology companies leverage crowdsourced security. However, data contradicts this belief. Companies across various sectors …
EU adopts first cybersecurity certification scheme for safer tech
The European Commission adopted the implementing regulation concerning the EU cybersecurity certification scheme on Common Criteria (EUCC). The outcome aligns with the …
Malicious logins from suspicious infrastructure fuel identity-based incidents
69% of identity-based incidents involved malicious logins from suspicious infrastructure, which are hosting providers or proxies that aren’t expected for a user or …
FritzFrog botnet exploits Log4Shell, PwnKit vulnerabilities
The FritzFrog cryptomining botnet has new potential for growth: a recently analyzed variant of the bot is exploiting the Log4Shell (CVE-2021-44228) and PwnKit (CVE-2021-4034) …
FBI disrupts Chinese botnet used for targeting US critical infrastructure
The FBI has disrupted the KV botnet, used by People’s Republic of China (PRC) state-sponsored hackers (aka “Volt Typhoon”) to target US-based critical …
Threat actor used Vimeo, Ars Technica to serve second-stage malware
A financially motivated threat actor tracked as UNC4990 is using booby-trapped USB storage devices and malicious payloads hosted on popular websites such as Ars Technica, …
Zero trust implementation: Plan, then execute, one step at a time
82% of cybersecurity professionals have been working on implementing zero trust last year, and 16% should be on it by the end of this year. The challenges of zero trust …
Custom rules in security tools can be a game changer for vulnerability detection
In this Help Net interview, Isaac Evans, CEO at Semgrep, discusses the balance between speed and thoroughness in CI/CD pipeline security scanning. Stressing the need to avoid …
CVEMap: Open-source tool to query, browse and search CVEs
CVEMap is an open-source command-line interface (CLI) tool that allows you to explore Common Vulnerabilities and Exposures (CVEs). It’s designed to offer a streamlined …
Payment fraud is hitting organizations harder than ever before
96% of US companies were targeted with at least one fraud attempt in the past year, according to Trustpair. 83% of US companies saw an increase in cyber fraud attempts on …