New UEFI Secure Boot bypass vulnerability discovered (CVE-2024-7344)
ESET researchers have identified a vulnerability (CVE-2024-7344) impacting most UEFI-based systems, which allows attackers to bypass UEFI Secure Boot. The issue was found in a …
Webinar: Amplifying SIEM with AI-driven NDR for IT/OT convergence
Join cybersecurity leader Erwin Eimers from Sumitomo Chemicals Americas to explore how AI-driven Network Detection and Response (NDR) enhances SIEM capabilities, bridging …
How CISOs can elevate cybersecurity in boardroom discussions
Ross Young is the CISO in residence at Team8 and the creator of the OWASP Threat and Safeguard Matrix (TaSM). In this interview, he shares his perspective on how cybersecurity …
A humble proposal: The InfoSec CIA triad should be expanded
The inconsistent and incomplete definitions of essential properties in information security create confusion within the InfoSec community, gaps in security controls, and may …
Critical vulnerabilities remain unresolved due to prioritization gaps
Fragmented data from multiple scanners, siloed risk scoring and poor cross-team collaboration are leaving organizations increasingly exposed to breaches, compliance failures …
Rsync vulnerabilities allow remote code execution on servers, patch quickly!
Six vulnerabilities have been fixed in the newest versions of Rsync (v3.4.0), two of which could be exploited by a malicious client to achieve arbitrary code execution on a …
FBI removed PlugX malware from U.S. computers
The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted “PlugX” malware from thousands of infected computers worldwide. …
Contextal Platform: Open-source threat detection and intelligence
Contextal Platform is an open-source cybersecurity solution for contextual threat detection and intelligence. Developed by the original authors of ClamAV, it offers advanced …
Using cognitive diversity for stronger, smarter cyber defense
In this Help Net Security interview, Mel Morris, CEO of Corpora.ai, discusses how cognitive biases affect decision-making during cybersecurity incidents. Morris shares …
Cybersecurity is stepping into a new era of complexity
Cybersecurity is entering a new era of complexity, according to the World Economic Forum’s Global Cybersecurity Outlook 2025 report. Growing complexity intensifies cyber …
Microsoft fixes actively exploited Windows Hyper-V zero-day flaws
Microsoft has marked January 2025 Patch Tuesday with a hefty load of patches: 157 CVE-numbered security issues have been fixed in various products, three of which (in Hyper-V) …
Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591)
Fortinet has patched an authentication bypass vulnerability (CVE-2024-55591) affecting its FortiOS firewalls and FortiProxy web gateways that has been exploited as a zero-day …