Helga Labus, Author at Help Net Security

Helga Labus

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

August 25, 2023

North Korean state-sponsored hackers Lazarus Group have been exploiting a ManageEngine ServiceDesk vulnerability (CVE-2022-47966) to target internet backbone infrastructure …

Cloud hosting firms hit by devastating ransomware attack

August 24, 2023

Danish cloud hosting firms CloudNordic and Azero – both owned by Certiqa Holding – have suffered a ransomware attack that resulted in most customer data being …

Bitwarden launches E2EE Secrets Manager

August 24, 2023

Bitwarden, a popular open-source password management service, has released Bitwarden Secrets Manager, an open-source, end-to-end encrypted solution that helps development, IT …

Surge in identity crime victims reporting suicidal thoughts

August 23, 2023

Identity theft can have great financial impact on the victims, but the experienced emotional, physical and psychological impact can be even more devastating, according to the …

Bogus OfficeNote app delivers XLoader macOS malware

August 23, 2023

A new macOS-specific variant of the well known XLoader malware is being delivered disguised as the “OfficeNote” app. “Multiple submissions of this sample …

Open redirect flaws increasingly exploited by phishers

August 23, 2023

Phishing attacks using open redirect flaws are on the rise again, according to Kroll’s Cyber Threat Intelligence (CTI) team, which means organizations should consider …

Seiko joins growing list of ALPHV/BlackCat ransomware victims

August 22, 2023

Japanese watchmaker Seiko has been added to ALPHV (BlackCat) ransomware group’s victim list, following a data breach occurring in early August. The Seiko data breach The …

Juniper Networks fixes flaws leading to RCE in firewalls and switches

August 22, 2023

Juniper Networks has fixed four vulnerabilities (CVE-2023-36844, CVE-2023-36845, CVE-2023-36846, CVE-2023-36847) in Junos OS that, if chained together, could allow attackers …

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

August 21, 2023

RARLAB has fixed a high-severity RCE vulnerability (CVE-2023-40477) in the popular file archiver tool WinRAR. About CVE-2023-40477 A widely used Windows-only utility, WinRAR …

Chrome will tell users when extensions they use are removed from Chrome Web Store

August 21, 2023

Google will be extending the Safety check feature within the Chrome browser to alert users when a previously installed extension is no longer available in the Chrome Web …

Phishers use QR codes to target companies in various industries

August 17, 2023

A phishing campaign using QR codes has been detected targeting various industries, with the aim to acquire Microsoft credentials. “The most notable target, a major …

LinkedIn users targeted in account hijacking campaign

August 16, 2023

LinkedIn users are being targeted in an ongoing account hijacking campaign, getting locked out of their accounts; the hacked accounts are held for ransom. Users discussing …

Helga Labus

Lazarus Group exploited ManageEngine vulnerability to target critical infrastructure

Cloud hosting firms hit by devastating ransomware attack

Bitwarden launches E2EE Secrets Manager

Surge in identity crime victims reporting suicidal thoughts

Bogus OfficeNote app delivers XLoader macOS malware

Open redirect flaws increasingly exploited by phishers

Seiko joins growing list of ALPHV/BlackCat ransomware victims

Juniper Networks fixes flaws leading to RCE in firewalls and switches

WinRAR vulnerable to remote code execution, patch now! (CVE-2023-40477)

Chrome will tell users when extensions they use are removed from Chrome Web Store

Phishers use QR codes to target companies in various industries

LinkedIn users targeted in account hijacking campaign

Don't miss

Malicious ads creep into Bing Chat responses

How should organizations navigate the risks and opportunities of AI?

Why California’s Delete Act matters for the whole country

Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)

How to avoid the 4 main pitfalls of cloud identity management