Bridging the risk exposure gap with strategies for internal auditors
In this Help Net Security interview, Richard Chambers, Senior Internal Audit Advisor at AuditBoard, discusses the transformational role of the internal audit function and risk …
Organizations can’t ignore the surge in malicious web links
Despite the rising adoption of collaboration and instant messaging software, email remains a significant area of concern regarding cyber attacks, particularly the increasing …
Infosec products of the month: November 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, …
PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been …
Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively …
Okta breach: Hackers stole info on ALL customer support users
The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a …
Tails 5.2.0 comes with several improvements, updated Tor Browser
Tails is a portable operating system that protects against surveillance and censorship. Tails can be installed on any USB stick with a minimum of 8 GB. Tails works on most …
Strategies for cultivating a supportive culture in zero-trust adoption
In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business …
Vigil: Open-source LLM security scanner
Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when …
Design flaw leaves Google Workspace vulnerable for takeover
A design flaw in Google Workspace’s domain-wide delegation feature, discovered by Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege …
Slovenian power company hit by ransomware
Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted. The attack HSE is a state-owned …
Critical ownCloud flaw under attack (CVE-2023-49103)
Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in …