Infosec products of the month: January 2024
Here’s a look at the most interesting products from the past month, featuring releases from: 1Kosmos, Atakama, Critical Start, Dasera, ID R&D, Living Security, Onfido, …
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs
A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …
Free ransomware recovery tool White Phoenix now has a web version
White Phoenix is a free ransomware recovery tool for situations where files are encrypted with intermittent encryption. It was tested on BlackCat/ALPHV Ransomware, Play …
Does CVSS 4.0 solve the exploitability problem?
The newest version of the vulnerability scoring system CVSS 4.0 is here! After a lengthy gap between version 3 (released in 2015), as of November 2023 version 4.0 is …
Proactive cybersecurity: A strategic approach to cost efficiency and crisis management
In this Help Net Security interview, Stephanie Hagopian, VP of Security at CDW, discusses offensive strategies in the face of complex cyberattacks and the role of the …
How to make developers accept DevSecOps
According to a recent Dynatrace report, only 50% of CISOs believe that development teams have thoroughly tested the software for vulnerabilities before deploying it into the …
Cybercriminals replace familiar tactics to exfiltrate sensitive data
Ransomware attacks are increasing again as cybercriminals’ motivation shifts to data exfiltration, according to Delinea. The familiar tactics of crippling a company and …
Database management enters a new era of complexity
Increasing complexity, the rapid adoption of emerging technologies and a growing skills gap are the biggest concerns facing IT leaders in 2024, according to Redgate. 30% of …
Self-managed GitLab installations should be patched again (CVE-2024-0402)
Less than two weeks after having plugged a security hole that allows account takeover without user interaction, GitLab Inc. has patched a critical vulnerability …
Hundreds of network operators’ credentials found circulating in Dark Web
After the recent incident involving Orange España and the leakage of credentials from the RIPE NCC portal, which led to a major outage, the cybersecurity community needs to …
Great security or great UX? Both, please
A new user is signing up for a SaaS application. On the one hand, UX teams want that user to get into the app as quickly as possible. On the other hand, security teams want …
Faction: Open-source pentesting report generation and collaboration framework
Faction is an open-source solution that enables pentesting report generation and assessment collaboration. Josh Summitt, the creator of Faction, has always disliked the …