Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409)
If you run a self-managed GitLab installation with configured SAML-based authentication and you haven’t upgraded it since mid-September, do it now, because security …
Guide for selecting the right GRC framework, EU edition
Governance, risk, and compliance frameworks are critical. They enable cybersecurity professionals to accurately identify an organization’s risk posture, align business and …
YARA: Open-source tool for malware research
YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables …
Cultivating a security-first mindset: Key leadership actions
In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their …
GoldenJackal APT group breaches air-gapped systems in Europe
ESET researchers have discovered a series of attacks that took place in Europe from May 2022 to March 2024, where the attackers used a toolset capable of targeting air-gapped …
30% of customer-facing APIs are completely unprotected
70% of customer-facing APIs are secured using HTTPS, leaving nearly one-third of these APIs completely unprotected, according to F5. This is a stark contrast to the 90% of web …
Cybersecurity jobs available right now: October 9, 2024
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Cloud Cybersecurity Analyst III Texas Health and Human …
Microsoft patches two zero-days exploited in the wild (CVE-2024-43573, CVE-2024-43572)
For October 2024 Patch Tuesday, Microsoft has released fixes for 117 security vulnerabilities, including two under active exploitation: CVE-2024-43573, a spoofing bug …
Ivanti fixes three CSA zero-days exploited in the wild (CVE-2024-9379, CVE-2024-9380, CVE-2024-9381)
Ivanti has patched three additional Cloud Service Appliance (CSA) zero-day flaws, which have been exploited by attackers in conjuction with a zero-day bug the company …
OpenBSD 7.6 released: security improvements, new hardware support, and more!
OpenBSD is a free, multi-platform 4.4BSD-based UNIX-like operating system. The 57th release, OpenBSD 7.6, comes with new features, various improvements, bug fixes, and tweaks. …
Qualcomm zero-day under targeted exploitation (CVE-2024-43047)
An actively exploited zero-day vulnerability (CVE-2024-43047) affecting dozens of Qualcomm’s chipsets has been patched by the American semiconductor giant. About …
American Water shuts down systems after cyberattack
American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of …