Please turn on your JavaScript for this page to function normally.
dark web
FIN7 sells improved EDR killer tool

The cybercrime-focused enterprise known as FIN7 (aka the Carbanak group) has come up with yet another trick to assure the effectiveness of its “EDR killer” tool, …

Cisco
Cisco fixes critical flaws in Secure Email Gateway and SSM On-Prem (CVE-2024-20401, CVE-2024-20419)

Cisco has fixed two critical vulnerabilities that may allow attackers to overwrite files on its Secure Email Gateways (CVE-2024-20401) and change the password of any user on …

digital identity
Fighting AI-powered synthetic ID fraud with AI

Aided by the emergence of generative artificial intelligence models, synthetic identity fraud has skyrocketed, and now accounts for a staggering 85% of all identity fraud …

Curtis Arnold
Laying the groundwork for zero trust in the military

In this Help Net Security interview, Curtis Arnold, VP and Chief Scientist at Core4ce, discusses the starting points for military training in zero trust principles, …

Grype
Grype: Open-source vulnerability scanner for container images, filesystems

Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) …

Ankita Gupta
Overlooked essentials: API security best practices

In this Help Net Security interview, Ankita Gupta, CEO at Akto, discusses API security best practices, advocating for authentication protocols like OAuth 2.0 and OpenID …

SubSnipe
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover

SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than …

cybersecurity jobs
Cybersecurity jobs available right now: July 17, 2024

Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. Adversary Emulation Team Member Australian Federal …

GitHub
Most GitHub Actions workflows are insecure in some way

Most GitHub Actions are susceptible to exploitation; they are overly privileged or have risky dependencies, according to Legit Security. GitHub Actions security flaws pose …

Microsoft
Void Banshee APT exploited “lingering Windows relic” in zero-day attacks

The zero-day exploit used to leverage CVE-2024-38112, a recently patched Windows MSHTML vulnerability, was wielded by an APT group dubbed Void Banshee to deliver malware to …

info-stealer
SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts

Malicious Google ads are a well known threat, but malvertising can also be found on other popular online destinations such as Facebook, LinkedIn, and YouTube. Case in point: …

ChatGPT
ChatGPTriage: How can CISOs see and control employees’ AI use?

It’s been less than 18 months since the public introduction of ChatGPT, which gained 100 million users in less than two months. Given the hype, you would expect enterprise …

Don't miss

Cybersecurity news