Help Net Security newsletters: Daily and weekly news, cybersecurity jobs, open source – subscribe here!

Please turn on your JavaScript for this page to function normally.
CISO
How to choose secure, verifiable technologies?

The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) has published a guidance document titled Choosing Secure and Verifiable Technologies, …

ScubaGear
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps

ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for …

Palo Alto Networks
Palo Alto Networks firewalls, Expedition under attack (CVE-2024-9463, CVE-2024-9465)

Attackers have been spotted exploiting two additional vulnerabilities (CVE-2024-9463, CVE-2024-9465) in Palo Alto Networks’ Expedition firewall configuration migration …

USA
FBI confirms China-linked cyber espionage involving breached telecom providers

After months of news reports that Chinese threat actors have breached the networks of US telecommunications and internet service providers, the FBI and the Cybersecurity and …

vulnerabilities
Zero-days dominate top frequently exploited vulnerabilities

A joint report by leading cybersecurity agencies from the U.S., UK, Canada, Australia, and New Zealand has identified the most commonly exploited vulnerabilities of 2023. …

attacks
Exploited: Cisco, SharePoint, Chrome vulnerabilities

Threat actors have been leveraging zero and n-day vulnerabilities in Cisco security appliances (CVE-2024-20481), Microsoft Sharepoint (CVE-2024-38094), and Google’s …

Ivanti
Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and …

SonicWall
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)

The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …

Russian flag
Exposed: Russian military Unit 29155 does digital sabotage, espionage

The US Department of Justice has named five Russian computer hackers as members of Unit 29155 – i.e., the 161st Specialist Training Center of the Russian General Staff …

ransomware
How RansomHub went from zero to 210 victims in six months

RansomHub, a ransomware-as-a-service (RaaS) outfit that “popped up” earlier this year, has already amassed at least 210 victims (that we know of). Its affiliates …

cyber threat
Pioneer Kitten: Iranian hackers partnering with ransomware affiliates

A group of Iranian hackers – dubbed Pioneer Kitten by cybersecurity researchers – is straddling the line between state-contracted cyber espionage group and initial …

China
Chinese APT40 group swifly leverages public PoC exploits

Chinese state-sponsored cyber group APT40 is amazingly fast at adapting public proof-of-concept (PoC) exploits for vulnerabilities in widely used software, an advisory …

Don't miss

Cybersecurity news