enterprise
Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including …
How to improve your SaaS security posture and reduce risk
In this Help Net Security interview, Maor Bin, CEO at Adaptive Shield, talks about the SaaS security space and how Adaptive Shield help security teams gain control over their …
Emotet stages a comeback via Trickbot and spam
Emotet is back – a number of researchers have confirmed. About Emotet Emotet is a modular banking trojan that also functions as a downloader of other trojans and …
The latest trends in online cybersecurity learning and training
In this interview with Help Net Security, Mike Hendrickson, VP of Technology & Developer Solutions at educational technology company Skillsoft, talks about the trends in …
Are you less capable of innovation or more vulnerable to threats than you thought?
A Syntax research shows a critical reality check on perception versus reality among IT and finance decision-makers when it comes to enterprise innovation, whether it is …
Tens of thousands unpatched GitLab servers under attack via CVE-2021-22205
Attackers are actively exploiting an “old” vulnerability (CVE-2021-22205) to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The …
Mapping ATT&CK techniques to CVEs should make risk assessment easier
Vulnerability reporters should start using MITRE ATT&CK technique references to describe what the attacker is trying to achieve by exploiting a given CVE-numbered …
Advice from a young, female CISO: Key lessons learned
Ellen Benaim, the newest CISO at Copenhagen-based SaaS provider Templafy, started her career at the company in June 2018 as technical support, but from the moment she sat down …
Top ten worldwide IT industry predictions for 2022 and beyond
IDC announced its worldwide IT industry predictions for 2022 and beyond. While the disruptive forces unleashed by the COVID-19 pandemic continue to shape the global business …
MVSP: A minimum cybersecurity baseline to simplify vendor security assessment
Any organization that’s actively working on managing its cybersecurity risk can’t ignore the risk that goes with third-party vendors having access to its critical …
The dangers behind wildcard certificates: What enterprises need to know
With the National Security Agency recently issuing guidance on the risks associated with wildcard TLS certificates and Application Layer Protocols Allowing Cross-Protocol …
Released: MITRE ATT&CK v10
MITRE Corporation has released the tenth version of ATT&CK, its globally accessible (and free!) knowledge base of cyber adversary tactics and techniques based on …
Featured news
Sponsored
Don't miss
- Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
- LastPass users targeted by vishing attackers
- Protobom: Open-source software supply chain tool
- The key pillars of domain security
- Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)