100+ domains seized to stymie Russian Star Blizzard hackers
Microsoft and the US Justice Department have seized over 100 domains used by Star Blizzard, a Russian nation-state threat actor. “Between January 2023 and August 2024, …
October 2024 Patch Tuesday forecast: Recall can be recalled
October 2024 Patch Tuesday is now live: Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572) October arrived, and Microsoft started the month …
Best practices for implementing threat exposure management, reducing cyber risk exposure
In this Help Net Security interview, Sanaz Yashar, CEO at Zafran, discusses the role of threat exposure management (TEM) in modern cybersecurity strategies. As traditional …
MaLDAPtive: Open-source framework for LDAP SearchFilter parsing, obfuscation, and more!
MaLDAPtive is an open-source framework for LDAP SearchFilter parsing, obfuscation, deobfuscation, and detection. At its core, the project features a custom-built C# LDAP …
Cybercriminals capitalize on poorly configured cloud environments
Off-the-shelf offensive security tools and poorly configured cloud environments create openings in the attack surface, according to Elastic. Adversaries are utilizing …
New infosec products of the week: October 4, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Balbix, Halcyon, Metomic, Red Sift, SAFE Security, Veeam Software, and Legit …
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …
CUPS vulnerabilities could be abused for DDoS attacks
While the Common UNIX Printing System (CUPS) vulnerabilities recently disclosed by researcher Simone “evilsocket” Margaritelli are not easily exploited for remote …
Private US companies targeted by Stonefly APT
Undeterred by the indictment issued against one of its alleged members, North Korean APT group Stonefly (aka APT45) continues to target companies in the US, Symantec threat …
Three hard truths hindering cloud-native detection and response
According to Gartner, the market for cloud computing services is expected to reach $675 billion in 2024. Companies are shifting from testing the waters of cloud computing to …
Spotting AI-generated scams: Red flags to watch for
In this Help Net Security interview, Andrius Popovas, Chief Risk Officer at Mano Bank, discusses the most prevalent AI-driven fraud schemes, such as phishing attacks and …
How to use the Apple Passwords app
The latest Apple OS updates (iOS 18, iPadOS 18, macOS Sequoia) have introduced a standalone Passwords app, to make users’ passwords, passkeys, Wi-Fi passwords, and …