Malware peddlers experimenting with BPL sideloading and masking malicious payloads as PGP keys
A newly spotted campaign is leveraging BPL sideloading and other uncommon tricks to deliver the IDAT Loader (aka HijackLoader) malware and prevent its detection. The campaign …
Developer errors lead to long-term exposure of sensitive data in Git repos
Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s …
Compromised plugins found on WordPress.org
An unknown threat actor has compromised five (and possibly more) WordPress plugins and injected them with code that creates a new admin account, effectively allowing them …
Cybersecurity jobs available right now: June 26, 2024
Some of the jobs listed here are no longer accepting applications. For a fresh list of open cybersecurity jobs, go here. CISO Influx | Indonesia | Remote – No longer …
Future trends in cyber warfare: Predictions for AI integration and space-based operations
In this Help Net Security interview, Morgan Wright, Chief Security Advisor at SentinelOne, discusses how AI is utilized in modern cyber warfare by state and non-state actors. …
B+ security rating masks healthcare supply chain risks
While the healthcare sector gets a “B+” security rating for the first half of 2024, it faces a critical vulnerability: supply chain cyber risk, according to SecurityScorecard. …
Progress quietly fixes MOVEit auth bypass flaws (CVE-2024-5805, CVE-2024-5806)
Progress Software has patched one critical (CVE-2024-5805) and one high-risk (CVE-2024-5806) vulnerability in MOVEit, its widely used managed file transfer (MFT) software …
Ransomware disrupts Indonesia’s national data centre, LockBit gang claims US Federal Reserve breach
Ransomware attackers wielding a LockBit variant dubbed Brain Cipher have disrupted a temporary national data center facility which supports the operations of 200+ Indonesian …
New security loophole allows spying on internet users’ online activity
Researchers at Graz University of Technology were able to spy on users’ online activities simply by monitoring fluctuations in the speed of their internet connection. …
Zeek: Open-source network traffic analysis, security monitoring
Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a …
CISOs’ new ally: Qualys CyberSecurity Asset Management 3.0
In this Help Net Security interview, Kunal Modasiya, VP of Product Management and Growth at Qualys, explores the key features, significant advantages, and innovative …
Breaking down the numbers: Q2 2024 cybersecurity funding activity recap
We present a list of selected cybersecurity companies that received funding during the second quarter of 2024 (Q2 2024). Alethea April | $20 million Alethea closed a $20 …