Help Net Security
Safeguarding the DNS through registries
The integrity of our online ecosystem heavily relies on domain registries, which serve as the foundation for secure and trusted digital experiences. However, threats like …
Overreliance on GenAI to develop software compromises security
GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and …
Cross-IdP impersonation bypasses SSO protections
Cross-IdP impersonation – a technique that enables attackers to hijack the single sign-on (SSO) process to gain unauthorized access to downstream software-as-a-service …
Phobos ransomware administrator faces US cybercrime charges
The Justice Department unsealed criminal charges against Evgenii Ptitsyn, 42, a Russian national, for allegedly administering the sale, distribution, and operation of Phobos …
AlmaLinux 9.5 released: Security updates, new packages, and more!
AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to …
Dev + Sec: A collaborative approach to cybersecurity
The age-old tension between development and security teams has long been a source of friction in organizations. Developers prioritize speed and efficiency, aiming to deliver …
Navigating the compliance labyrinth: A CSO’s guide to scaling security
Imagine navigating a labyrinth where the walls constantly shift, and the path ahead is obscured by fog. If this brings up a visceral image, you’ve either seen David Bowie’s …
Evaluating GRC tools
According to Gartner, the broad range of pricing for government, risk, and compliance (GRC) tools requires enterprise risk management (ERM) leaders to be well-versed in …
Week in review: Microsoft patches actively exploited 0-days, Amazon and HSBC employee data leaked
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Microsoft fixes actively exploited zero-days (CVE-2024-43451, CVE-2024-49039) …
Cybercriminals hijack DNS to build stealth attack networks
Hijacking domains using a ‘Sitting Ducks attack’ remains an underrecognized topic in the cybersecurity community. Few threat researchers are familiar with this attack vector, …
Using AI to drive cybersecurity risk scoring systems
In this Help Net Security video, Venkat Gopalakrishnan, Principal Data Science Manager at Microsoft, discusses the development of AI-driven risk scoring models tailored for …
Critical vulnerabilities persist in high-risk sectors
Finance and insurance sectors found to have the highest number of critical vulnerabilities, according to Black Duck. Finance and insurance industry faces highest …
Featured news
Resources
Don't miss
- Former ransomware negotiators allegedly targeted US firms with ALPHV/BlackCat ransomware
- How nations build and defend their cyberspace capabilities
- Uncovering the risks of unmanaged identities
- Deepfakes, fraud, and the fight for trust online
- Product showcase: Cogent Community democratizes vulnerability intelligence with agentic AI