CyFox disclose Stremio vulnerability, developers don’t agree on findings
UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …
The gap in users’ identity security knowledge gives cybercriminals an opening
With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming …
EU’s financial institutions face cyber resilience crisis
78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and …
Infosec products of the month: July 2023
Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis …
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …
Web browsing is the primary entry vector for ransomware infections
The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found. In 2021, it was email attachments …
New persistent backdoor used in attacks on Barracuda ESG appliances
The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection …
Data privacy vault: Securing sensitive data while navigating regulatory demands
In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive …
Relying on CVSS alone is risky for vulnerability management
A vulnerability management strategy that relies solely on CVSS for vulnerability prioritization is proving to be insufficient at best, according to Rezilion. In fact, relying …
The race against time in ransomware attacks
Most organizations lack strong cyber resilience strategies or data security capabilities to address threats and maintain business continuity, according to BigID. Despite both …
Week in review: Ivanti zero-day exploited, MikroTik vulnerability could compromise 900,000 routers
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Key factors for effective security automation In this Help Net Security …
New infosec products of the week: July 28, 2023
Here’s a look at the most interesting products from the past week, featuring releases from BreachRx, Darktrace, Dig Security, Panorays, and SeeMetrics. Panorays unveils …
Featured news
Sponsored
Don't miss
- Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)
- Fighting AI-powered synthetic ID fraud with AI
- Laying the groundwork for zero trust in the military
- Grype: Open-source vulnerability scanner for container images, filesystems
- Signatures should become cloud security history