Infosec products of the month: November 2023
Here’s a look at the most interesting products from the past month, featuring releases from: Action1, Amazon, Aqua Security, ARMO, Datadog, Devo Technology, Druva, Entrust, …
PoCs for critical Arcserve UDP vulnerabilities released
Arcserve has fixed critical security vulnerabilities (CVE-2023-41998, CVE-2023-41999, CVE-2023-42000) in its Unified Data Protection (UDP) solution, PoCs for which have been …
Google fixes Chrome zero day exploited in the wild (CVE-2023-6345)
Google has released an urgent security update to fix a number of vulnerabilities in Chrome browser, including a zero-day vulnerability (CVE-2023-6345) that is being actively …
Okta breach: Hackers stole info on ALL customer support users
The scope of the recent breach of the Okta customer support system is much wider than initially established, the company has admitted on Tuesday: the attackers downloaded a …
Tails 5.2.0 comes with several improvements, updated Tor Browser
Tails is a portable operating system that protects against surveillance and censorship. Tails can be installed on any USB stick with a minimum of 8 GB. Tails works on most …
Strategies for cultivating a supportive culture in zero-trust adoption
In this Help Net Security interview, Wolfgang Goerlich, Advisory CISO at Cisco, discusses the benefits of implementing a mature zero-trust model for both security and business …
Vigil: Open-source LLM security scanner
Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models (LLMs). Prompt injection arises when …
Design flaw leaves Google Workspace vulnerable for takeover
A design flaw in Google Workspace’s domain-wide delegation feature, discovered by Hunters’ Team Axon, can allow attackers to misuse existing delegations, enabling privilege …
Slovenian power company hit by ransomware
Slovenian power generation company Holding Slovenske Elektrarne (HSE) has been hit by ransomware and has had some of its data encrypted. The attack HSE is a state-owned …
Critical ownCloud flaw under attack (CVE-2023-49103)
Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in …
Ukrainian ransomware gang behind high-profile attacks dismantled
Law enforcement and judicial authorities from seven countries have joined forces with Europol and Eurojust to dismantle and apprehend in Ukraine key figures behind significant …
SMBs face surge in “malware free” attacks
“Malware free” attacks, attackers’ increased reliance on legitimate tools and scripting frameworks, and BEC scams were the most prominent threats small and …
Featured news
Sponsored
Don't miss
- Overlooked essentials: API security best practices
- SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
- Void Banshee APT exploited “lingering Windows relic” in zero-day attacks
- SYS01 info-stealer pushed via Facebook ads, LinkedIn and YouTube posts
- ChatGPTriage: How can CISOs see and control employees’ AI use?