Open-source penetration testing tool BloodHound CE released
SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory …
1 in 100 emails is malicious
BEC and phishing attacks soar by 20% and 41% respectively in H1 2023, according to Perception Point. Cyber attackers have continued to refine their methods, adopting more …
Android n-day bugs pose zero-day threat
In the Android ecosystem, n-day vulnerabilities are almost as dangerous as zero-days, according to Google’s review of zero-days exploited in the wild in 2022. N-days …
US government outlines National Cyber Workforce and Education Strategy
After the release of a National Cybersecurity Strategy and its implementation plan, the Biden-Harris Administration has unveiled the National Cyber Workforce and Education …
CyFox disclose Stremio vulnerability, developers don’t agree on findings
UPDATE: August 2, 10:21 AM PT The Stremio team published a blog post saying that they’ve received a report from CyFox, but that they did not consider it valid, so they …
The gap in users’ identity security knowledge gives cybercriminals an opening
With exponential growth in the number of human and machine actors on the network and more sophisticated technology in more places, identity in this new era is rapidly becoming …
EU’s financial institutions face cyber resilience crisis
78% of Europe’s largest financial institutions experienced a third-party breach in the past year, according to SecurityScorecard. In the wake of attacks such as MOVEit and …
Infosec products of the month: July 2023
Here’s a look at the most interesting products from the past month, featuring releases from: BreachRx, Code42, ComplyAdvantage, Darktrace, Dig Security, Diligent, Fidelis …
Ivanti fixes second zero-day exploited by attackers (CVE-2023-35081)
Another actively exploited zero-day vulnerability (CVE-2023-35081) affecting Ivanti Endpoint Manager Mobile (EPMM) has been identified and fixed. The first zero-day spotted …
Web browsing is the primary entry vector for ransomware infections
The most widely used method for ransomware delivery in 2022 was via URL or web browsing (75.5%), Palo Alto Networks researchers have found. In 2021, it was email attachments …
New persistent backdoor used in attacks on Barracuda ESG appliances
The Cybersecurity and Infrastructure Agency (CISA) has published an analysis report on the backdoors dropped by attackers exploiting CVE-2023-2868, a remote command injection …
Data privacy vault: Securing sensitive data while navigating regulatory demands
In this Help Net Security interview, Jean-Charles Chemin, CEO of Legapass, provides insight into the correlation between maintaining customer trust and protecting sensitive …
Featured news
Sponsored
Don't miss
- Black Friday shoppers targeted with thousands of fraudulent online stores
- RomCom hackers chained Firefox and Windows zero-days to deliver backdoor
- How to recognize employment fraud before it becomes a security issue
- Practical strategies to build an inclusive culture in cybersecurity
- Domain security posture of Forbes Global 2000 companies